Timing Side-channel Attacks

postquantumfeldmanvss is vulnerable to Timing side-channel attacks. The vulnerability is due to Python's non-constant-time execution model, which causes execution time variations in the findsecurepivot and securematrixsolve functions, allowing attackers to infer secret information through precise...

CVE-2025-29780

Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing VSS scheme. In versions 0.8.0b2 and prior, the feldmanvss library contains timing side-channel vulnerabilities in its matrix operations, specifically within the...

Mozilla 0Din Warns of ChatGPT Sandbox Flaws Enabling Python Execution

Mozilla's 0Din uncovers critical flaws in ChatGPT's sandbox, allowing Python code execution and access to internal configurations. OpenAI…...

CVE-2024-20284

A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of...

GHSA-GWQQ-6VQ7-5J86 langchain Code Injection vulnerability

An issue in Harrison Chase langchain allows an attacker to execute arbitrary code via the PALChain,frommathpromptllm.run in the python exec method...

PYSEC-2023-109

An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method...

GHSA-2QMJ-7962-CJQ8 langchain arbitrary code execution vulnerability

An issue in langchain allows an attacker to execute arbitrary code via the PALChain in the python exec method...

PYSEC-2023-98

An issue in langchain v.0.0.199 allows an attacker to execute arbitrary code via the PALChain in the python exec method...

pyLoad js2py Python Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/stopwatch' class MetasploitModule 'pyLoad js2py Python Execution', 'Description' = %q pyLoad versions prior to 0.5.0b3.dev31 are vulnerable to Python code...

SUSE CVE-2019-17019

When Python was installed on Windows, a python file being served with the MIME type of text/plain could be executed by Python instead of being opened as a text file when the Open option was selected upon download. Note: this issue only occurs on Windows. Other operating systems are unaffected...

Exploit for Deserialization of Untrusted Data in Microsoft

Proxylogon-exploi...

SmartFoxServer Code Injection Vulnerability

SmartFoxServer is a software development program for rapid development of multiplayer games and applications via Adobe Flash/Flex/Air, Unity, HTML5, iOS, Universal Windows Platform, Android, Java, C ++, etc. SmartFoxServer is a software development program from SmartFoxServer, USA. The software...

CVE-2014-6448

Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access...

UBUNTU-CVE-2019-17019

When Python was installed on Windows, a python file being served with the MIME type of text/plain could be executed by Python instead of being opened as a text file when the Open option was selected upon download. Note: this issue only occurs on Windows. Other operating systems are unaffected...

The vulnerability of the LibreLogo software module of the LibreOffice office software package allows a hacker to execute arbitrary code on the target system.

The vulnerability of the LibreLogo software module of the LibreOffice office suite exists due to the presence of mechanisms within LibreLogo that execute programming algorithms in Python when the cursor is placed over a malicious object. Exploiting this vulnerability allows a remote attacker to...

DEBIAN-CVE-2019-9850

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on...

DEBIAN-CVE-2019-9848

LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrar...

CVE-2019-9848

LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrar...

LogonTracer Code Injection Vulnerability

LogonTracer is a visual Windows log analysis tool that checks for malicious logins by analyzing Windows Active Directory event logs. A code injection vulnerability exists in LogonTracer version 1.2.0 and prior versions, which can be exploited by a remote attacker to execute arbitrary Python code ...

PYSEC-2017-22

An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file aka loadyaml or loadyamlf can execute arbitrary Python commands resulting in command execution because load is used where safeload should have been used. An...