Exploit for CVE-2024-28397

CVE-2024-28397 - Js2Py Sandbox Escape Payload Generator This...

CVE-2026-40602

The Home Assistant Command-line interface hass-cli is a command-line tool for Home Assistant. Up to 1.0.0 of home-assitant-cli an unrestricted environment was used to handle Jninja2 templates instead of a sandboxed one. The user-supplied input within Jinja2 templates was rendered locally with no...

CVE-2026-40602 hass-cli: Handling of user-supplied Jinja2 templates

The Home Assistant Command-line interface hass-cli is a command-line tool for Home Assistant. Up to 1.0.0 of home-assitant-cli an unrestricted environment was used to handle Jninja2 templates instead of a sandboxed one. The user-supplied input within Jinja2 templates was rendered locally with no...

CVE-2026-40602 hass-cli: Handling of user-supplied Jinja2 templates

The Home Assistant Command-line interface hass-cli is a command-line tool for Home Assistant. Up to 1.0.0 of home-assitant-cli an unrestricted environment was used to handle Jninja2 templates instead of a sandboxed one. The user-supplied input within Jinja2 templates was rendered locally with no...

📄 js2py 0.74 Automated Sandbox Escape / Code Execution

js2py version 0.74 automated sandbox escape and remote code execution exploit with a reverse shell. ============================================================================================================================================= | Title : js2py v0.74 Automated Sandbox Escape & Revers...

Template Injection

langchain-core is vulnerable to Template Injection. The vulnerability is due to the lack of validation in template strings, where attackers can access Python object internals through template syntax. This allows attackers to extract sensitive information from object internals and potentially...

CVE-2025-65106

LangChain is a framework for building agents and LLM-powered applications. From versions 0.3.79 and prior and 1.0.0 to 1.0.6, a template injection vulnerability exists in LangChain's prompt template system that allows attackers to access Python object internals through template syntax. This...

PT-2025-47809

LangChain is a framework for building agents and LLM-powered applications. From versions 0.3.79 and prior and 1.0.0 to 1.0.6, a template injection vulnerability exists in LangChain's prompt template system that allows attackers to access Python object internals through template syntax. This...

LangChain 安全漏洞

LangChain is a LangChain open source framework for developing applications powered by the Large Language Model LLM. A security vulnerability exists in LangChain versions 0.3.79 and earlier and versions 1.0.0 through 1.0.6, which stems from a template injection that could lead to accessing the...

Exploit for CVE-2024-28397

CVE-2024-28397-command-execution-poc This vulnerability arises...