61 matches found
smolagents 代码注入漏洞
smolagents is a basic library for agents open-sourced by Hugging Face. A code injection vulnerability exists in smolagents that stems from an incomplete validation of the dunder attribute, which could lead to an escape from the Local Python execution environment sandbox...
CVE-2025-5874 Redash getattr python.py run_query sandbox
A vulnerability was found in Redash up to 10.1.0/25.1.0. It has been rated as problematic. This issue affects the function runquery of the file /queryrunner/python.py of the component getattr Handler. The manipulation leads to sandbox issue. The complexity of an attack is rather high. The...
CVE-2025-48950 MaxKB Python Sandbox Bypass in Function Library
MaxKB is an open-source AI assistant for enterprise. Prior to version 1.10.8-lts, Sandbox only restricts the execution permissions of binary files in common directories, such as /bin,/usr/bin, etc. Therefore, attackers can exploit some files with execution permissions in non blacklisted directori...
CVE-2024-6982
A remote code execution vulnerability exists in the Calculate function of parisneo/lollms version 9.8. The vulnerability arises from the use of Python's eval function to evaluate mathematical expressions within a Python sandbox that disables builtins and only allows functions from the math module...
GHSA-JCCX-M9V4-9HWH LoLLMS Code Injection vulnerability
A remote code execution vulnerability exists in the Calculate function of parisneo/lollms version 9.8. The vulnerability arises from the use of Python's eval function to evaluate mathematical expressions within a Python sandbox that disables builtins and only allows functions from the math module...
LoLLMS Code Injection vulnerability
A remote code execution vulnerability exists in the Calculate function of parisneo/lollms version 9.8. The vulnerability arises from the use of Python's eval function to evaluate mathematical expressions within a Python sandbox that disables builtins and only allows functions from the math module...
CVE-2024-6982
A remote code execution vulnerability exists in the Calculate function of parisneo/lollms version 9.8. The vulnerability arises from the use of Python's eval function to evaluate mathematical expressions within a Python sandbox that disables builtins and only allows functions from the math module...
CVE-2024-6982 Remote Code Execution in Calculate Function in parisneo/lollms
A remote code execution vulnerability exists in the Calculate function of parisneo/lollms version 9.8. The vulnerability arises from the use of Python's eval function to evaluate mathematical expressions within a Python sandbox that disables builtins and only allows functions from the math module...
CVE-2024-20284 Cisco NX-OS Software Python Parser Escape Vulnerability
A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of...
PT-2023-30004 · Pcrs · Pcrs
Name of the Vulnerable Software and Affected Versions: PCRS versions prior to 3.11 d0de1e Description: The issue allows for remote code execution RCE by escaping Python sandboxing on the "Questions" page and the "Code editor" page. Recommendations: For versions prior to 3.11 d0de1e, update to...
Digi TransPort LR54 Restricted Shell Escape
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2018-20162: Digi TransPort LR54 Restricted Shell Escape =========================================================== The Digi TransPort LR54 is a high speed LTE router commonly used by industry, infrastructure, retail and public transportation. I...
CVE-2017-12340
A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Cisco Nexus 7000 Series Switches, and Cisco Nexus 7700 Series Switches could allow an authenticated, local attacker to access the Bash shell of an affected device's operating system, even if the Bash...
CVE-2017-12301
A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient sanitization of...
Using the memory corruption vulnerability in the Python sandbox escape-vulnerability warning-the black bar safety net
Simply skip the text the author's README, we directly enter into the technical details. The Python environment using a custom whitelist/blacklist programs to prevent access to dangerous built-in functions, modules, functions, etc. Based on theoperating systemthe isolation provides some additional...
Escaping a Python sandbox with a memory corruption bug
A few weeks ago I decided to scratch an itch I’ve been having for a while — to participate in some bug bounty programs. Perhaps the most daunting task of the bug bounty game is to pick a program which yields the highest return on investment. Soon though, I stumbled upon a web application that...
CVE-2012-5493
gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors...
CVE-2012-5487
The sandbox whitelisting function allowmodule.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing...
Code injection
gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors...
PYSEC-2014-35
gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors...
PYSEC-2014-35
gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors...