CVE-2022-26032

Uncontrolled search path element in the IntelR Distribution for Python programming language before version 2022.1 for IntelR oneAPI Toolkits may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2023-29521

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of...

CVE-2025-23320

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause the shared memory limit to be exceeded by sending a very large request. A successful exploit of this vulnerability might lead to information disclosure...

CVE-2025-23254

NVIDIA TensorRT-LLM for any platform contains a vulnerability in python executor where an attacker may cause a data validation issue by local access to the TRTLLM server. A successful exploit of this vulnerability may lead to code execution, information disclosure and data tampering...

CVE-2025-23298

NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability in a python dependency, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

CVE-2025-23295

NVIDIA Apex for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data...

CVE-2025-23318

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure...

CVE-2025-23329

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause memory corruption by identifying and accessing the shared memory region used by the Python backend. A successful exploit of this vulnerability might lead to denial of service...

CVE-2022-23594

Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow MLIR makes several assumptions about the incoming GraphDef before converting it to the MLIR-based dialect. If an attacker changes the SavedModel format on disk to invalidate these assumptions and the GraphDef i...

CVE-2022-42268

Omniverse Kit contains a vulnerability in the reference applications Create, Audio2Face, Isaac Sim, View, Code, and Machinima. These applications allow executable Python code to be embedded in Universal Scene Description USD files to customize all aspects of a scene. If a user opens a USD file th...

CVE-2022-35871

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 b2022030114. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authenticateAdSso method. The issue results from th...

CVE-2024-41148

A code injection vulnerability has been discovered in the Robot Operating System ROS 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'hz' verb, which reports the publishing rate of a topic and accepts a user-provided Python...

CVE-2024-39934

Robotmk before 2.0.1 allows a local user to escalate privileges e.g., to SYSTEM if automated Python environment setup is enabled, because the "shared holotree usage" feature allows any user to edit any Python environment...

(0Day) Langflow PythonFunction Code Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Attack vectors and exploitability will vary depending on the configuration of the product. The specific flaw exists within the handling of Python function components. Depending upon product...

(0Day) Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of evalcustomcomponentcode function. The issue results from the lack of prop...

OPENSUSE-SU-2026:10025-1 python311-aiohttp-3.13.3-1.1 on GA media

These are all security issues fixed in the python311-aiohttp-3.13.3-1.1 package on the GA media of openSUSE Tumbleweed...

Siemens Ruggedcom ROX Uncontrolled Resource Consumption (CVE-2024-7592)

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...

Siemens Ruggedcom ROX Code Injection (CVE-2024-6923)

There is a MEDIUM severity vulnerability affecting CPython. The email module didn't properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This plugin only works with Tenable.ot. Please visit...

Fedora 43 : python3.12 (2026-2c35952b90)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-2c35952b90 advisory. - Security fix for CVE-2025-12084 - Require at least the same expat version as used during the build time Tenable has extracted the preceding description blo...

Siemens Ruggedcom ROX Improper Validation of Specified Type of Input (CVE-2024-11168)

he urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser. This plugin only works with Tenable.ot...