PT-2024-6371 · Mindsdb +1 · Mindsdb +1

Name of the Vulnerable Software and Affected Versions: MindsDB versions 23.10.3.0 through 24.7.4.1 Description: An arbitrary code execution issue exists when the Weaviate integration is installed on the server. If a specially crafted SELECT WHERE clause containing Python code is run against a...

Researchers Identify Over 20 Supply Chain Vulnerabilities in MLOps Platforms

Cybersecurity researchers are warning about the security risks in the machine learning ML software supply chain following the discovery of more than 20 vulnerabilities that could be exploited to target MLOps platforms. These vulnerabilities, which are described as inherent- and implementation-bas...

CVE-2024-43404 Remote Code Execution Vulnerability in MEGABOT

MEGABOT is a fully customized Discord bot for learning and fun. The /math command and functionality of MEGABOT versions 1.5.0 contains a remote code execution vulnerability due to a Python eval. The vulnerability allows an attacker to inject Python code into the expression parameter when using...

MEGABOT Discord Bot 安全漏洞

MEGABOT Discord Bot is a fully customized Discord bot by Nic Jones personal developer. It is used for learning and entertainment. A security vulnerability exists in MEGABOT Discord Bot versions prior to 1.5.0, which stems from the presence of a remote code execution issue that allows an attacker ...

CVE-2024-6891

Attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow...

CVE-2024-6891

Attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow...

Open WebUI 0.1.105 File Upload / Path Traversal Vulnerabilities

Title: Open WebUI Arbitrary File Upload + Path Traversal Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-006.txt 1. Vulnerability Details Affected Vendor: Open WebUI Affected Product: Open WebUI Affected Version: 0.1.105 Platform: Debian 12 CWE Classification: CWE-22:...

CVE-2024-6891 Journyx Authenticated Remote Code Execution

Attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow...

PT-2024-37932 · Journyx · Journyx

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: Attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow. This issue allows for the...

Ongoing Cyberattack Targets Exposed Selenium Grid Services for Crypto Mining

Cybersecurity researchers are sounding the alarm over an ongoing campaign that's leveraging internet-exposed Selenium Grid services for illicit cryptocurrency mining. Cloud security firm Wiz is tracking the activity under the name SeleniumGreed. The campaign, which is targeting older versions of...

GHSA-CGCG-P68Q-3W7V langchain-experimental vulnerable to Arbitrary Code Execution

Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' on all values. An attacker can exploit this vulnerability and execute arbitrary python code if the...

langchain-experimental vulnerable to Arbitrary Code Execution

Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' on all values. An attacker can exploit this vulnerability and execute arbitrary python code if the...

CVE-2024-21513

langchain-experimental versions 0.0.15 and earlier than 0.0.21 are vulnerable to Arbitrary Code Execution via eval() on database-retrieved values when using VectorSQLDatabaseChain. The vulnerability requires an attacker to influence the input prompt and can enable Python code execution on the ser...

CVE-2024-21513

Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' on all values. An attacker can exploit this vulnerability and execute arbitrary python code if the...

Remote Code Execution

nltk is vulnerable to Remote Code Execution. The vulnerability is due to models containing pickled Python code, which could allow an attacker to execute arbitrary code. An attacker would need to preform a man-in-the-middle attack to modify the packaged pickles such as the averagedperceptrontagger...

GHSA-CGVX-9447-VCCH ntlk unsafe deserialization vulnerability

NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averagedperceptrontagger and punkt...

CVE-2024-39705

NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averagedperceptrontagger and punkt...

CVE-2024-39705

NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averagedperceptrontagger and punkt...

PYSEC-2024-167

NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averagedperceptrontagger and punkt...

CVE-2024-39705

NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averagedperceptrontagger and punkt...