UBUNTU-CVE-2026-42851

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal — a remote SSH peer, a downloaded file viewed with cat, a log line, an email body rendered in less, an issue body in a TUI, etc. — can cause kitty to execute...

CVE-2026-42851

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal — a remote SSH peer, a downloaded file viewed with cat, a log line, an email body rendered in less, an issue body in a TUI, etc. — can cause kitty to execute...

CVE-2026-42851

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal — a remote SSH peer, a downloaded file viewed with cat, a log line, an email body rendered in less, an issue body in a TUI, etc. — can cause kitty to execute...

UBUNTU-CVE-2026-52860

Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec as part of populating the completion dictionary. Python evaluates function default values, parameter...

CVE-2026-45136

claude-code-cache-fix is a cache optimization proxy for Claude Code. From 3.5.0 to before 3.5.2, tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of th...

CVE-2026-44888

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile endpoint writes user-supplied numeric config values e.g., SMTPPORT directly into pialert.conf without validation. Since pialert.conf is loaded via Python's exec every 3–5 minutes...

CVE-2026-44888

Pi.Alert vulnerability CVE-2026-44888: unauthenticated RCE via SaveConfigFile() config injection. Prior to 2026-05-07, numeric config values (e.g., SMTP_PORT) were written into pialert.conf without validation; pialert.conf is loaded with Python exec() every 3–5 minutes by a background cron, allow...

EUVD-2026-32634

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile endpoint writes user-supplied numeric config values e.g., SMTPPORT directly into pialert.conf without validation. Since pialert.conf is loaded via Python's exec every 3–5 minutes...

MAL-2026-3760 Malicious code in ethers-abstract-signer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e17d355d974f842bc8db3219ce3f1dc6e643f2a5e1ba8dd0b38a404a8f96e9a8 On npm install, the package's postinstall hook spawns a Node one-liner that uses childprocess.exec to curl/wget...

CVE-2026-31236

The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...

MAL-2026-3695 Malicious code in pirxcypackage (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5de481a31a831804a096bf6cf87157c0b0ee158aa7306c95080447764f9f7540 PirxcyPackage/init.py fetches https://pastebin.com/raw/91tFF63S and passes the response body to exec on every import. This is a textbook...

CVE-2026-31236

The CVE-2026-31236 issue affects the llm CLI tool up to version 0.27.1. The vulnerability arises from the --functions argument, which accepts user-provided Python definitions and is executed with unsafe exec() without sanitization or sandboxing, enabling arbitrary code execution on a victim’s sys...

cognee 安全漏洞

Cognee is an open-source tool developed by Topoteretes, designed to provide AI agents with shared memory and context management capabilities. Cognee versions prior to v0.4.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of the unsafe exec function in notebook cell...

CVE-2026-44336 PraisonAI MCP `tools/call` path-traversal and RCE via Python `.pth` injection

PraisonAI is a multi-agent teams system. Prior to version 4.6.34, PraisonAI's MCP Model Context Protocol server praisonai mcp serve registers four file-handling tools by default — praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and praisonai.workflow.show. Each accepts a pat...

EUVD-2026-28346

Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code and subsequently OS commands on the docker container via Server-Side Template Injection SSTI for user-created transformations...

CVE-2026-33587

Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code and subsequently OS commands on the docker container via Server-Side Template Injection SSTI for user-created transformations...

CVE-2026-41264

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the CSVAgents class. The issue results from the lack of proper sandboxing when evaluating an LLM generated python script. An attacker can...

PT-2026-33709

A vulnerability was determined in modelscope agentscope up to 1.0.18. Affected by this vulnerability is the function execute python code/execute shell command of the file src/AgentScope/tool/ coding/ python.py. This manipulation causes code injection. The attack is possible to be carried out...

CVE-2026-40288

PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the workflow engine is vulnerable to arbitrary command and code execution through untrusted YAML files. When praisonai workflow run loads a YAML file with type: job, the...

CVE-2026-40288

PraisonAI and praisonaiagents prior to versions 4.5.139 and 1.5.140 are exposed to a critical RCE via untrusted workflow YAML. When a YAML file for type: job is loaded, the JobWorkflowExecutor (job_workflow.py) processes steps allowing run (subprocess.run), script (inline Python via exec), and py...