GHSA-HVHP-V2GC-268Q PraisonAI has an Arbitrary File Write in Python API

Bug Report: Arbitrary File Write in Python API Summary Hidden metadata in a webpage causes PraisonAI agents to write attacker-controlled content to arbitrary paths. writefile skips path validation when workspace=None always None in production. Affected PraisonAI outputfile: /tmp/flag.txt...

PT-2026-45056

Bug Report: Arbitrary File Write in Python API Summary Hidden metadata in a webpage causes PraisonAI agents to write attacker-controlled content to arbitrary paths. write file skips path validation when workspace=None always None in production. Affected PraisonAI output file: /tmp/flag.txt output...

K000159661: libxml2 vulnerabilities CVE-2025-32414 and CVE-2025-32415

Security Advisory Description CVE-2025-32414 In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between...

MiracleLinux 7 : libxml2-2.9.1-6.6.0.3.el7.AXS7 (AXSA:2025-9971:06)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9971:06 advisory. CVE-2025-32414: fix out-of-bounds memory access CVE-2025-32415: fix heap buffer overflow in xmlSchemaIDCFillNodeTables CVEs: CVE-2025-32414 In libxm...

Fedora 42 : brotli / perl-Alien-Brotli (2025-9e233a4e22)

The remote Fedora 42 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2025-9e233a4e22 advisory. Update brotli to 1.2.0. This update provides the necessary Python APIs in python3-brotli to fix denial-of-service security issues related to...

Advisory ROSA-SA-2025-3085

Software: libxml2 2.9.1 OS: rosa-server79 unaffected versions = libxml2-2.9.1-6.0.11.res7.6 affected versions libxml2-2.9.1-6.0.11.res7.6 CVE-ID: CVE-2025-6021 BDU-ID: 2025-07144 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlBuildQName function of the Libxml2 library is related to a...

EUVD-2014-2989

Malware in sbrugna...

EUVD-2024-15916

Malicious code in bioql PyPI...

EUVD-2025-10440

Malicious code in bioql PyPI...

EulerOS Virtualization 2.13.1 : libxml2 (EulerOS-SA-2025-2174)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap- based buffer under-read...

CentOS 9 : libxml2-2.9.13-12.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the libxml2-2.9.13-12.el9 build changelog. - In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap- based buffer under-read. To...

Advisory ROSA-SA-2025-2937

software: libxml2 2.9.14 OS: ROSA-CHROME unaffected versions = libxml2-2.9.14-9 affected versions libxml2-2.9.14-9 CVE-ID: CVE-2025-32414 BDU-ID: 2025-05199 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Python API component of the libxml2 library involves incorrect validation of the return val...

Azure Linux 3.0 Security Update: libxml2 (CVE-2025-32414)

The version of libxml2 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-32414 advisory. - In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API...

CBL Mariner 2.0 Security Update: libxml2 (CVE-2025-32414)

The version of libxml2 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-32414 advisory. - In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API...

EulerOS 2.0 SP10 : libxml2 (EulerOS-SA-2025-1783)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings because of an incorrec...

EulerOS 2.0 SP10 : libxml2 (EulerOS-SA-2025-1806)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings because of an incorrec...

CLSA-2025-1751889153 libxml2: Fix of CVE-2025-32414

CVE-2025-32414: fix out-of-bounds memory access in Python API...

Agent Zero 路径遍历漏洞

Agent Zero is an artificial intelligence framework by the individual developer Jan Tomášek. A path traversal vulnerability exists in Agent Zero version 0.8.4 and earlier, which stems from path traversal due to incorrect manipulation of the parameter path in the file /python/api/imageget.py...

CVE-2025-49142

Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot, a...

FreeBSD : libxml2 -- Out-of-bounds memory access (2926c487-3e53-11f0-95d4-00a098b42aeb)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2926c487-3e53-11f0-95d4-00a098b42aeb advisory. [email protected] reports: In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access c...