CVE-2024-39289

A code execution vulnerability has been discovered in the Robot Operating System ROS 'rosparam' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability stems from the use of the eval function to process unsanitized, user-supplied parameter values via special converters fo...

UBUNTU-CVE-2024-39835

A code injection vulnerability has been identified in the Robot Operating System ROS 'roslaunch' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval method to process user-supplied, unsanitized parameter values within the...

CVE-2024-39289 Unsafe use of eval() method in rosparam tool

A code execution vulnerability has been discovered in the Robot Operating System ROS 'rosparam' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability stems from the use of the eval function to process unsanitized, user-supplied parameter values via special converters fo...

Robot Operating System 代码注入漏洞

Robot Operating System is a meta-operating system for ROS 2 open source robots. A security vulnerability exists in Robot Operating System that stems from the rosparam tool's use of the eval function to process uncleaned user input, which could lead to the execution of arbitrary Python code...

PT-2025-29950 · Unknown +1 · Robot Operating System +1

Name of the Vulnerable Software and Affected Versions: Robot Operating System ROS versions prior to Noetic Ninjemys Description: A code execution issue exists in the 'rosparam' tool due to the use of the eval function with unsanitized, user-supplied parameter values. This occurs when processing...

Robot Operating System 安全漏洞

Robot Operating System is a meta-operating system for ROS 2 open source robots. A security vulnerability exists in Robot Operating System that stems from the rosbag tool's use of the eval function to process uncleaned user input, which could lead to the execution of arbitrary Python code...

50M_CTF_Writeup

It is an offensive tool for CTF Capture The Flag challenges. The repository contains a writeup for a $50 million CTF challenge, which includes a binary image that needs to be decoded to reveal a hidden message. The binary image is encoded with a repeating sequence of binary digits, which can be...

NVIDIA Megatron-LM 代码注入漏洞

NVIDIA Megatron-LM is a PyTorch-based distributed training framework from NVIDIA that specializes in training large Transformer language models. NVIDIA Megatron-LM suffers from a code injection vulnerability that stems from a python component that could allow an attacker to perform code injection...

PT-2026-25992

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.0 Description Langflow is a visual framework used to build and deploy AI-powered agents and workflows. A critical issue exists in the 'POST /api/v1/build public tmp/flow id/flow' endpoint, which is designed to...

CVE-2024-42835

langflow v1.0.12 was discovered to contain a remote code execution RCE vulnerability via the PythonCodeTool component...

CVE-2021-39271

OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution RCE during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3...

CVE-2020-15348

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/deletecpesbyids?cpeids= for eval injection of Python code...

CVE-2019-17526

An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary commands on the underlying operating system, as demonstrated by an import'os'.popen'whoami'.read...

Exploit for Code Injection in Langflow

CVE-2025-3248 – Execute arbitrary Python code on vulnerable La...

Security Bulletin: Vulnerability in jinja2 affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)[CVE-2024-56201, CVE-2024-56326].

Summary The jinja2 package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE CVE-2024-56201, CVE-2024-56326. Vulnerability Details CVEID:CVE-2024-56201 DESCRIPTION: Jinja is an extensible templating engine. In versions on the 3.x bran...

CVE-2025-43948

Codemers KLIMS 1.6.DEV allows Python code injection. A user can provide Python code as an input value for a parameter or qualifier such as for sorting, which will get executed on the server side...

Case Study: Fine-Tuning Small Language Models for Accurate and Private CWE Detection in Python Code

Large Language Models LLMs have demonstrated significant capabilities in understanding and analyzing code for security vulnerabilities, such as Common Weakness Enumerations CWEs. However, their reliance on cloud infrastructure and substantial computational requirements pose challenges for analyzi...

CVE-2025-43948

Codemers KLIMS 1.6.DEV allows Python code injection. A user can provide Python code as an input value for a parameter or qualifier such as for sorting, which will get executed on the server side...

CVE-2025-43948

CVE-2025-43948 affects Codemers KLIMS 1.6.DEV, where an input value for parameters/qualifiers can carry Python code that is executed on the server side, enabling remote code execution. Documents confirm the issue is due to Python code injection in KLIMS 1.6.DEV and describe potential server-side ...

PT-2025-17580 · Codemers · Codemers Klims

Name of the Vulnerable Software and Affected Versions: Codemers KLIMS version 1.6.DEV Description: The issue allows Python code injection. A user can provide Python code as an input value for a parameter or qualifier, such as for sorting, which will get executed on the server side. Recommendation...