Lucene search
+L

61 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.11 views

CVE-2026-44888

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile endpoint writes user-supplied numeric config values e.g., SMTPPORT directly into pialert.conf without validation. Since pialert.conf is loaded via Python's exec every 3–5 minutes...

9.8CVSS5.7AI score0.00314EPSS
Exploits0References1
OSV
OSV
added 2026/05/27 7:14 p.m.3 views

CVE-2026-44888 Unauthenticated RCE via Python Config File Injection in SaveConfigFile() (Interger)

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile endpoint writes user-supplied numeric config values e.g., SMTPPORT directly into pialert.conf without validation. Since pialert.conf is loaded via Python's exec every 3–5 minutes...

9.8CVSS6.1AI score0.00314EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/13 7:18 p.m.7 views

CVE-2026-26216

Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The import builtin was included in the allowed builtins, allowing unauthenticated remote...

10CVSS6.7AI score0.01589EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/12 3:31 p.m.2 views

CVE-2026-26216 Crawl4AI < 0.8.0 Docker API Unauthenticated Remote Code Execution via Hooks Parameter

Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The import builtin was included in the allowed builtins, allowing unauthenticated remote...

10CVSS6.7AI score0.01589EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2026/01/16 12:0 a.m.10 views

Crawl4AI is Vulnerable to Remote Code Execution in Docker API via Hooks Parameter

A critical remote code execution vulnerability exists in the Crawl4AI Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The import builtin was included in the allowed builtins, allowing attackers to import arbitrary modules an...

10CVSS6.7AI score0.01589EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/16 12:0 a.m.12 views

PT-2026-7855

Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.8.0 Description A remote code execution flaw exists in the Docker API deployment. The '/crawl' endpoint accepts a hooks parameter containing Python code that is processed using the exec function. Because the import...

10CVSS6.6AI score0.01589EPSS
Exploits0References19
GithubExploit
GithubExploit
added 2025/11/20 1:45 a.m.230 views

Exploit for Missing Authentication for Critical Function in Langflow

CVE-2025-3248: Langflow Unauthenticated RCE Vulnerability Scan...

9.8CVSS9.1AI score0.9999EPSS
Exploits33
OSV
OSV
added 2025/11/18 4:15 p.m.4 views

CVE-2025-63604

A code injection vulnerability exists in baryhuang/mcp-server-aws-resources-python 0.1.0 that allows remote code execution through insufficient input validation in the executequery method. The vulnerability stems from the exposure of dangerous Python built-in functions import, getattr, hasattr in...

6.5CVSS6.5AI score0.00342EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-0112

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.01062EPSS
Exploits1References12
GithubExploit
GithubExploit
added 2025/06/22 3:49 p.m.302 views

Exploit for Code Injection in Langflow

CVE-2025-3248 – Unauthenticated Remote Code Execution in Langf...

9.8CVSS10AI score0.9999EPSS
Exploits33
RedhatCVE
RedhatCVE
added 2025/05/23 4:0 a.m.10 views

CVE-2023-36095

An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include frommathprompt and fromcoloredobjectprompt...

9.8CVSS7.7AI score0.01062EPSS
Exploits1References1
Metasploit
Metasploit
added 2024/11/01 6:54 p.m.212 views

Python Exec, Python Execute Command

Execute a Python payload from a command. Execute an arbitrary OS command. Compatible with Python 2.7 and 3.4+. Module Options msf use payload/cmd/windows/python/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf...

7.2AI score
Exploits0
Github Security Blog
Github Security Blog
added 2023/08/05 3:30 a.m.106 views

langchain Code Injection vulnerability

An issue in Harrison Chase langchain allows an attacker to execute arbitrary code via the PALChain,frommathpromptllm.run in the python exec method...

9.8CVSS7.8AI score0.01062EPSS
Exploits1References11Affected Software1
NVD
NVD
added 2023/08/05 3:15 a.m.26 views

CVE-2023-36095

An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include frommathprompt and fromcoloredobjectprompt...

9.8CVSS9.7AI score0.01062EPSS
Exploits1References2
Prion
Prion
added 2023/08/05 3:15 a.m.22 views

Design/Logic Flaw

An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include frommathprompt and fromcoloredobjectprompt...

7.5CVSS9.7AI score0.01062EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/05 12:0 a.m.16 views

CVE-2023-36095

An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include frommathprompt and fromcoloredobjectprompt...

7.7AI score0.01062EPSS
Exploits1References2
OSV
OSV
added 2023/08/05 12:0 a.m.22 views

CVE-2023-36095

An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include frommathprompt and fromcoloredobjectprompt...

9.8CVSS8AI score0.01062EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/08/05 12:0 a.m.36 views

CVE-2023-36095

An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include frommathprompt and fromcoloredobjectprompt...

9.9AI score0.01062EPSS
Exploits1References2
CVE
CVE
added 2023/08/05 12:0 a.m.88 views

CVE-2023-36095

LangChain v0.0.194 is affected by a code-injection vulnerability (CVE-2023-36095) via the PALChain, enabling an attacker to execute arbitrary Python code through exec calls in from_math_prompt and from_colored_object_prompt. Reported impacts include high severity with potential full compromise; C...

9.8CVSS9.6AI score0.01062EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2023/07/06 3:30 p.m.52 views

GHSA-57FC-8Q82-GFP3 langchain vulnerable to arbitrary code execution

An issue in langchain allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method...

9.8CVSS7.6AI score0.0188EPSS
Exploits2References8
Rows per page
Query Builder