GHSA-36M8-W8QF-G76P SGLang: Unauthenticated RCE via --enable-custom-logit-processor

SGLang's multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads will be deserialized without validation...

CVE-2025-64183 OpenEXR has use after free in PyObject_StealAttrString

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, there is a use-after-free in PyObjectStealAttrString of pyOpenEXRold.cpp...

EUVD-2019-0104

Malware in sbrugna...

Arbitrary code execution during YAML config parsing in Kubernetes materializer

Summary The Kubernetes materializer entry point feast/sdk/python/feast/infra/computeengines/kubernetes/main.py deserializes /var/feast/featurestore.yaml and /var/feast/materializationconfig.yaml using yaml.load..., Loader=yaml.Loader. Because yaml.Loader eagerly instantiates arbitrary Python...

Liberapay: Unsafe yaml load can lead to remote code execution

The YAML load function can lead to remote code execution vulnerability. The vulnerability allows the construction of arbitrary Python objects from untrusted YAML data, which can be exploited by an attacker...

pgAdmin 8.3 Remote Code Execution Exploit

pgAdmin versions 8.3 and below have a path traversal vulnerability within their session management logic that can allow a pickled file to be loaded from an arbitrary location. This can be used to load a malicious, serialized Python object to execute code within the context of the target...

PyYAML: Arbitrary Code Execution

Background PyYAML is a YAML parser and emitter for Python. Description A vulnerability has been discovered in PyYAML. Please review the CVE identifier referenced below for details. Impact A vulnerability was discovered in the PyYAML library, where it is susceptible to arbitrary code execution whe...

A vulnerability was discovered in the PyYAML library in versions before 5.3.1 where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor.

...

pydash Command Injection vulnerability

This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke and pydash.collections.invokemap accept dotted paths Deep Path Strings to target a nested Python object, relative to the original source object. These paths can be used to target...

CVE-2023-26145

This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke and pydash.collections.invokemap accept dotted paths Deep Path Strings to target a nested Python object, relative to the original source object. These paths can be used to target...

SUSE CVE-2020-15193

In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of dlpack.todlpack can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing ...

untangle 代码问题漏洞

untangle is a package from the individual developer Christian Stefanescu in Germany. It is used to convert XML to Python objects. A code issue vulnerability exists in untangle that stems from insufficient validation of user-supplied XML input...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service DoS. The vulnerability exists because the API can be made to deadlock when two tf.function functions are mutually recursive by using Lock Python object, allowing an attacker to crash the application by calling a recursive tf.function...

Ubuntu 20.04 LTS : PyYAML vulnerability (USN-4940-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4940-1 advisory. It was discovered that PyYAML incorrectly handled untrusted YAML files with the FullLoader loader. A remote attacker could possibly use this issue to execute...

Improper Input Validation in PyYAML

A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be...

GHSA-6757-JP84-GXFX Improper Input Validation in PyYAML

A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be...

Code Injection in prayag2/konsave

✍️ Description konsave is a CLI program that will let you save and apply your KDE Plasma customizations with just one command , which is vulnerable to YAML deserialization attack caused by unsafe loading leads to Arbitary Code Execution. 🕵️‍♂️ Proof of Concept Installation bash pip install konsave...

CVE-2020-14343

A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be...

AZL-31782 CVE-2020-14343 affecting package PyYAML for versions less than 5.4.1-1

A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be...

CVE-2020-14343

A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be...