57351 matches found
CVE-2026-45134
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods pullprompt / pullpromptcommit in Python, pullPrompt / pullPromptCommit in JS/TS fetch and deserialize prompt manifests from...
CVE-2026-44888
Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile endpoint writes user-supplied numeric config values e.g., SMTPPORT directly into pialert.conf without validation. Since pialert.conf is loaded via Python's exec every 3–5 minutes...
EUVD-2026-32640
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods pullprompt / pullpromptcommit in Python, pullPrompt / pullPromptCommit in JS/TS fetch and deserialize prompt manifests from...
CVE-2026-45134
LangSmith CVE-2026-45134 affects LangSmith Client SDKs with prompt-pull methods that fetch/deserialize prompt manifests from LangSmith Hub. The issue allows manifest content to be influenced by external parties when pulling a public prompt (owner/name), because prior SDKs did not distinguish such...
CVE-2026-45134 LangSmith Client SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods pullprompt / pullpromptcommit in Python, pullPrompt / pullPromptCommit in JS/TS fetch and deserialize prompt manifests from...
CVE-2026-44887 Unauthenticated RCE via Python Config File Injection in SaveConfigFile() (Path)
Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configuration editor allows arbitrary Python code to be injected into pialert.conf. Since the background scan daemon loads this file via Python's exec, injected code executes as the...
EUVD-2026-32635
Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configuration editor allows arbitrary Python code to be injected into pialert.conf. Since the background scan daemon loads this file via Python's exec, injected code executes as the...
CVE-2026-44887
CVE-2026-44887 affects Pi.Alert, a WIFI/LAN intruder detector with a web service. The vulnerability arises from the web-based configuration editor allowing arbitrary Python code to be injected into pialert.conf; the background scan daemon loads this file with Python’s exec(), causing the injected...
CVE-2026-44887 Unauthenticated RCE via Python Config File Injection in SaveConfigFile() (Path)
Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configuration editor allows arbitrary Python code to be injected into pialert.conf. Since the background scan daemon loads this file via Python's exec, injected code executes as the...
CVE-2026-44888 Unauthenticated RCE via Python Config File Injection in SaveConfigFile() (Interger)
Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile endpoint writes user-supplied numeric config values e.g., SMTPPORT directly into pialert.conf without validation. Since pialert.conf is loaded via Python's exec every 3–5 minutes...
CVE-2026-44888
Pi.Alert vulnerability CVE-2026-44888: unauthenticated RCE via SaveConfigFile() config injection. Prior to 2026-05-07, numeric config values (e.g., SMTP_PORT) were written into pialert.conf without validation; pialert.conf is loaded with Python exec() every 3–5 minutes by a background cron, allow...
CVE-2026-44888
Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile endpoint writes user-supplied numeric config values e.g., SMTPPORT directly into pialert.conf without validation. Since pialert.conf is loaded via Python's exec every 3–5 minutes...
EUVD-2026-32634
Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile endpoint writes user-supplied numeric config values e.g., SMTPPORT directly into pialert.conf without validation. Since pialert.conf is loaded via Python's exec every 3–5 minutes...
CVE-2026-44971
GuardDog is a CLI tool to identify malicious PyPI packages. From 1.0.0 to 2.9.0, the programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replacement and then sends the caller's GitHub credentials with the resulting request. This allows an...
Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: libsolv: libsolv-0.7.38-2.hum1 aarch64, x8664 libsolv-demo-0.7.38-2.hum1 aarch64, x8664 libsolv-devel-0.7.38-2.hum1 aarch64, x8664 libsolv-tools-0.7.38-2.hum1 aarch64, x8664...
GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure
CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control C2 channels associated with GlassWorm, a persistent software chain campaign targeting software developers through malicious packages and extensions. "Since...
RHSA-2026:20810 Red Hat Security Advisory: python-tornado security update
Bulletin has no description...
Wazuh - Unsafe Deserialization Remote Code Execution
A critical Remote Code Execution RCE vulnerability exists in Wazuh server versions = 4.4.0 and = 4.4.0 and 4.9.1. The vulnerability occurs due to unsafe deserialization in the wazuh-manager package, specifically in the DistributedAPI where parameters are serialized as JSON and deserialized using...
vulnhunt-agent
Vulnerability Hunting Agent An LLM agent that reads code,...
Malicious code in quatres (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0d720315dd49970cfc00c39f4e377485b2746a4fc24f42dec7e79d0749ab9a7d During import, the hidden code downloads and executes the second-stage code. After performing anti-analysis checks, it downloads a malicious executable and...