Lucene search
+L

23 matches found

ossf
ossf
added 2026/06/11 1:2 p.m.14 views

Malicious code in self-certificate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab587fcd5a0b45e17454fc742007b8b597a0aec49b443d8a5a087ba910ea4a40 The package presents itself as a self-signed certificate generator, but its public generateCertificates API path loads sample/cert.pem, strips the...

5.9AI score
Exploits0References2
osv
osv
added 2026/05/11 1:58 p.m.7 views

GHSA-9MQQ-JQXF-GRVW PraisonAI MCP `tools/call` path-traversal => RCE via Python `.pth` injection

Summary PraisonAI's MCP Model Context Protocol server praisonai mcp serve registers four file-handling tools by default — praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and praisonai.workflow.show. Each accepts a path or filename string from MCP tools/call arguments and joi...

9.6CVSS6.3AI score0.00619EPSS
Exploits1References3
cvelist
cvelist
added 2026/04/14 3:11 p.m.31 views

CVE-2026-5713 Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target

The "profiling.sampling" module Python 3.15+ and "asyncio introspection capabilities" 3.14+, "python -m asyncio ps" and "python -m asyncio pstree" features could be used to read and write addresses in a privileged process if that process connected to a malicious or "infected" Python process via t...

5.3CVSS0.00132EPSS
Exploits0References5
redhat
redhat
added 2026/04/10 7:25 p.m.5 views

python: Python: Information disclosure and arbitrary code execution via remote debugging with a malicious process.

A flaw was found in Python. A malicious Python process could exploit the "profiling.sampling" module and "asyncio introspection capabilities" to read and write memory addresses within a privileged process. This vulnerability occurs when the privileged process connects to the malicious process via...

5.3CVSS6.4AI score0.00132EPSS
Exploits0References7
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-0090

Malicious code in bioql PyPI...

4.7CVSS4.6AI score0.00301EPSS
Exploits1References7
redhatcve
redhatcve
added 2025/05/23 8:44 a.m.7 views

CVE-2024-0115

NVIDIA CV-CUDA for Ubuntu 20.04, Ubuntu 22.04, and Jetpack contains a vulnerability in Python APIs where a user may cause an uncontrolled resource consumption issue by a long running CV-CUDA Python process. A successful exploit of this vulnerability may lead to denial of service and data loss...

6.1CVSS6.6AI score0.00228EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 9:53 p.m.11 views

CVE-2022-36027

TensorFlow is an open source platform for machine learning. When converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process. We have patched the issue in GitHub commit aa0b852a4588cea4d36b74feb05d93055540b450. The fix will be...

7.5CVSS6.8AI score0.00596EPSS
Exploits1References1
osv
osv
added 2025/05/10 3:30 p.m.8 views

GHSA-7C85-87CP-MR6G LlamaIndex Vulnerable to Denial of Service (DoS)

A Denial of Service DoS vulnerability has been identified in the KnowledgeBaseWebReader class of the run-llama/llamaindex project, affecting version latestv0.12.15. The vulnerability arises due to inappropriate secure coding measures, specifically the lack of proper implementation of the maxdepth...

7.5CVSS6.6AI score0.00438EPSS
Exploits1References4
github
github
added 2025/05/10 3:30 p.m.15 views

LlamaIndex Vulnerable to Denial of Service (DoS)

A Denial of Service DoS vulnerability has been identified in the KnowledgeBaseWebReader class of the run-llama/llamaindex project, affecting version latestv0.12.15. The vulnerability arises due to inappropriate secure coding measures, specifically the lack of proper implementation of the maxdepth...

7.5CVSS6.7AI score0.00438EPSS
Exploits1References4Affected Software1
nvd
nvd
added 2025/05/10 2:15 p.m.19 views

CVE-2025-1752

A Denial of Service DoS vulnerability has been identified in the KnowledgeBaseWebReader class of the run-llama/llamaindex project, affecting version latestv0.12.15. The vulnerability arises due to inappropriate secure coding measures, specifically the lack of proper implementation of the maxdepth...

7.5CVSS0.00438EPSS
Exploits1References2
osv
osv
added 2025/05/10 1:21 p.m.8 views

CVE-2025-1752 Denial of Service in run-llama/llama_index

A Denial of Service DoS vulnerability has been identified in the KnowledgeBaseWebReader class of the run-llama/llamaindex project, affecting version latestv0.12.15. The vulnerability arises due to inappropriate secure coding measures, specifically the lack of proper implementation of the maxdepth...

7.5CVSS6.6AI score0.00438EPSS
Exploits1References4
redhatcve
redhatcve
added 2025/03/16 1:15 p.m.11 views

CVE-2025-2000

A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats 13. A python process calling Qiskit 0.18.0 through 1.4.1's qiskit.qpy.load function could potentially execute any arbitrary Python code embedded...

9.8CVSS7.8AI score0.00741EPSS
Exploits0References1
cvelist
cvelist
added 2025/03/14 1:4 p.m.21 views

CVE-2025-2000 Qiskit SDK code execution

A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats 13. A python process calling Qiskit 0.18.0 through 1.4.1's qiskit.qpy.load function could potentially execute any arbitrary Python code embedded ...

9.8CVSS0.00741EPSS
Exploits0References1
osv
osv
added 2024/06/06 6:52 p.m.10 views

CVE-2024-2965 Denial-of-Service in LangChain SitemapLoader in langchain-ai/langchain

A Denial-of-Service DoS vulnerability exists in the SitemapLoader class of the langchain-ai/langchain repository, affecting all versions. The parsesitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the...

4.2CVSS5.9AI score0.00301EPSS
Exploits1References4
cve
cve
added 2024/06/06 6:52 p.m.83 views

CVE-2024-2965

CVE-2024-2965 affects the LangChain SitemapLoader in langchain-ai/langchain. The parse_sitemap function lacks a guard against self-referential sitemap recursion, enabling an infinite recursion loop that can exhaust server resources and crash the Python process. Multiple trusted sources (NVD, Red ...

4.7CVSS4.3AI score0.00301EPSS
Exploits1References2Affected Software1
nessus
nessus
added 2024/03/06 12:0 a.m.34 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-cryptography (SUSE-SU-2024:0763-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0763-1 advisory. - CVE-2024-26130: Fixed NULL pointer dereference in pkcs12.serializekeyandcertificates bsc1220210. Tenabl...

7.5CVSS6.9AI score0.00831EPSS
Exploits0References4
veracode
veracode
added 2024/02/22 7:33 a.m.34 views

Denial Of Service (DoS)

cryptography is vulnerable to Denial Of Service DoS. The vulnerability is caused when a certificate's public key and the provided private key do not match, and the hmachash method is called within the privateFormat.PKCS12.encryptionbuilder object. This vulnerability allows an attacker to crash th...

7.5CVSS6.9AI score0.00831EPSS
Exploits0References3Affected Software1
ubuntucve
ubuntucve
added 2024/02/21 5:15 p.m.57 views

CVE-2024-26130

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if pkcs12.serializekeyandcertificates is called with both a certificate whose public key did not match the provided private key and an...

7.5CVSS6.7AI score0.00831EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2024/02/21 4:28 p.m.22 views

CVE-2024-26130 cryptography NULL pointer deference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if pkcs12.serializekeyandcertificates is called with both a certificate whose public key did not match the provided private key and an...

7.5CVSS7.5AI score0.00831EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2022/09/16 10:50 p.m.7 views

CVE-2022-36027 Segfault TFLite converter on per-channel quantized transposed convolutions in TensorFlow

TensorFlow is an open source platform for machine learning. When converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process. We have patched the issue in GitHub commit aa0b852a4588cea4d36b74feb05d93055540b450. The fix will be...

5.9CVSS7.8AI score0.00596EPSS
Exploits1References3
Rows per page
Query Builder