OpenManus 命令注入漏洞

OpenManus is an application by the individual developer of mannaandpoem. A command injection vulnerability exists in OpenManus version 2025.3.13 and earlier, which stems from an os command injection in the app/tool/pythonexecute.py file, which may be attacked remotely...

CVE-2023-36095

An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include frommathprompt and fromcoloredobjectprompt...

CVE-2023-36188

An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method...

PT-2023-22231

Name of the Vulnerable Software and Affected Versions LangChain versions 0.0.0 through 0.0.131 Description The issue allows prompt injection attacks that can execute arbitrary code via the Python exec method. This is specifically related to the LLMMathChain chain in LangChain. Recommendations For...

DEBIAN-CVE-2022-22817

PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used...