langgraph 代码问题漏洞

Langgraph is a large-scale model framework developed by LangChain. Versions of Langgraph 1.0.9 and earlier contained code vulnerabilities. These vulnerabilities stemmed from the possibility of re-creating Python objects during deserialization, which could lead to insecure object reconstruction...

EUVD-2016-0028

Malware in sbrugna...

EUVD-2022-0350

Malicious code in bioql PyPI...

Picklescan is missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcode

Summary Using idlelib.pyshell.ModifiedInterpreter.runcode function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to idlelib.pyshell.ModifiedInterpreter.runcod...

Exploit for CVE-2024-28397

CVE-2024-28397 - js2py Sandbox Escape Description The CV...

virt:kvm_utils1 security update

hivex 1.3.18-21 - Bounds check for block exceeding page length CVE-2021-3504 resolves: rhbz1950501 1.3.18 - Resolves: bz1810193 Upgrade components in virt:rhel module:stream for RHEL-8.3 release 1.3.18 - Resolves: bz1810193 Upgrade components in virt:rhel module:stream for RHEL-8.3 release 1.3.15...

GHSA-8MJR-6C96-39W8 pydash Command Injection vulnerability

This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke and pydash.collections.invokemap accept dotted paths Deep Path Strings to target a nested Python object, relative to the original source object. These paths can be used to target...

CVE-2023-26145

This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke and pydash.collections.invokemap accept dotted paths Deep Path Strings to target a nested Python object, relative to the original source object. These paths can be used to target...

SUSE CVE-2021-42771

Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files containing serialized Python objects via directory traversal, leading to code execution...

SUSE CVE-2023-23931

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects such as bytes to b...

CVE-2022-41607 ETIC Telecom Remote Access Server Path Traversal

All versions of ETIC Telecom Remote Access Server RAS 4.5.0 and prior’s application programmable interface API is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords,...

CVE-2022-41607 ETIC Telecom Remote Access Server Path Traversal

All versions of ETIC Telecom Remote Access Server RAS 4.5.0 and prior’s application programmable interface API is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords,...

CVE-2022-41607

All versions of ETIC Telecom Remote Access Server RAS 4.5.0 and prior’s application programmable interface API is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords,...

CVE-2022-31471

untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts XML external entity references. By exploiting this vulnerability, a remote unauthenticated attacker may read the contents of local files...

CVE-2022-33977

untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts recursive entity references in DTDs. By exploiting this vulnerability, a remote unauthenticated attacker may cause a denial-of-service DoS condition on the server where the...

CVE-2022-33977

untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts recursive entity references in DTDs. By exploiting this vulnerability, a remote unauthenticated attacker may cause a denial-of-service DoS condition on the server where the...

GHSA-87R7-Q54J-F9QG OpenStack Murano Code Execution

OpenStack Murano before 1.0.3 liberty and 2.x before 2.0.1 mitaka, Murano-dashboard before 1.0.3 liberty and 2.x before 2.0.1 mitaka, and python-muranoclient before 0.7.3 liberty and 0.8.x before 0.8.5 mitaka improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files,...

OpenStack Murano Code Execution

OpenStack Murano before 1.0.3 liberty and 2.x before 2.0.1 mitaka, Murano-dashboard before 1.0.3 liberty and 2.x before 2.0.1 mitaka, and python-muranoclient before 0.7.3 liberty and 0.8.x before 0.8.5 mitaka improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files,...

UBUNTU-CVE-2021-42771

Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files containing serialized Python objects via directory traversal, leading to code execution...

Raider - Web Authentication Testing Framework

This is a framework designed to test authentication for web applications. While web proxies like ZAProxy and Burpsuite allow authenticated tests, they don't provide features to test the authentication process itself, i.e. manipulating the relevant input fields to identify broken authentication...