978 matches found
CVE-2025-1497
A vulnerability, that could result in Remote Code Execution RCE, has been found in PlotAI. Lack of validation of LLM-generated output allows attacker to execute arbitrary Python code. Vendor commented out vulnerable line, further usage of the software requires uncommenting it and thus accepting t...
CVE-2025-1497
A vulnerability, that could result in Remote Code Execution RCE, has been found in PlotAI. Lack of validation of LLM-generated output allows attacker to execute arbitrary Python code. Vendor commented out vulnerable line, further usage of the software requires uncommenting it and thus accepting t...
CVE-2025-1497 Remote Code Execution in PlotAI
A vulnerability, that could result in Remote Code Execution RCE, has been found in PlotAI. Lack of validation of LLM-generated output allows attacker to execute arbitrary Python code. Vendor commented out vulnerable line, further usage of the software requires uncommenting it and thus accepting t...
PT-2025-10588
Name of the Vulnerable Software and Affected Versions PlotAI affected versions not specified Description A vulnerability has been found that could result in Remote Code Execution RCE. The issue is due to the lack of validation of LLM-generated output, which allows an attacker to execute arbitrary...
AZL-75804 CVE-2025-27516 affecting package nodejs24 for versions less than 24.13.0-1
Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the...
DEBIAN-CVE-2025-27516
Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the...
Linux Distros Unpatched Vulnerability : CVE-2024-39705
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used...
Jinja2 -- Sandbox breakout through attr filter selecting format method
[email protected] reports: Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the...
Linux Distros Unpatched Vulnerability : CVE-2012-5485
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an arbitrary Python code execution in Jinja [CVE-2024-56326]
Summary IBM Watson Speech Services Cartridge is vulnerable to an arbitrary Python code execution in Jinja , caused by a sandbox breakout flaw CVE-2024-56326. Jinja is used by our Speech Runtimes. This vulnerabilitiy has been addressed. Please read the details for remediation below. Vulnerability...
CVE-2025-0868 Remote Code Execution in DocsGPT
A vulnerability, that could result in Remote Code Execution RCE, has been found in DocsGPT. Due to improper parsing of JSON data using eval an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint.. This issue affects DocsGPT: from 0.8.1 through 0.12.0...
DocsGPT 安全漏洞
DocsGPT is a cutting edge open source solution from Arc53 Open Source. It simplifies the process of finding information in project documentation. A security vulnerability exists in DocsGPT versions 0.8.1 through 0.12.0 that stems from improper parsing of JSON data using the eval function. An...
CVE-2024-12366
PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution RCE instead of the intended explanation of the natural language processing by the LLM...
Prompt Injection
pandasai is vulnerable to Prompt Injection. The vulnerability is due to insufficient input validation in the interactive prompt function, allowing prompt injection to execute arbitrary Python code...
jinja2: Jinja has a sandbox breakout through malicious filenames
A flaw was found in the Jinja2 package. A bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of Jinja's sandbox being used. An attacker needs to be able to control both the filename and the contents o...
jinja2: Jinja has a sandbox breakout through malicious filenames
A flaw was found in the Jinja2 package. A bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of Jinja's sandbox being used. An attacker needs to be able to control both the filename and the contents o...
CVE-2024-12366 CVE-2024-12366
PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution RCE instead of the intended explanation of the natural language processing by the LLM...
CVE-2024-12366 CVE-2024-12366
PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution RCE instead of the intended explanation of the natural language processing by the LLM...
Astra Linux – Vulnerability in Jinja2
Jinja is an extensible templating engine. Prior to version 3.1.5, there was a flaw in how the Jinja sandbox environment detected calls to str.format, allowing an attacker who controls the content of a template to execute arbitrary Python code. To exploit this vulnerability, an attacker needed to...
CVE-2025-1077 Remote Code Execution vulnerability in IBL Software Engineering Visual Weather and derived products (NAMIS, Aero Weather, Satellite Weather)
A security vulnerability has been identified in the IBL Software Engineering Visual Weather and derived products NAMIS, Aero Weather, Satellite Weather. The vulnerability is present in the Product Delivery Service PDS component in specific server configurations where the PDS pipeline utilizes the...