Lucene search
K

105 matches found

NVD
NVD
added 6 days ago7 views

CVE-2026-55830

RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Prior to 8.3, checkfunctionargumentnames rejected protected guard hook names for regular, variadic, and keyword-only arguments but omitted...

8.3CVSS0.00226EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-55830 RestrictedPython guard hooks can be shadowed via positional-only arguments

RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Prior to 8.3, checkfunctionargumentnames rejected protected guard hook names for regular, variadic, and keyword-only arguments but omitted...

8.3CVSS0.00226EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-55830

RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Prior to 8.3, checkfunctionargumentnames rejected protected guard hook names for regular, variadic, and keyword-only arguments but omitted...

8.3CVSS5.9AI score0.00226EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/05 11:24 a.m.4 views

CVE-2023-54345

Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerability in RestrictedPython that allows authenticated users with System Manager role to execute arbitrary code by exploiting frame introspection. Attackers can create a server script via the /app/server-script endpoint and access the...

8.8CVSS6.2AI score0.00609EPSS
Exploits1References8Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/05 11:24 a.m.4 views

CVE-2023-54345 Frappe Framework ERPNext 13.4.0 Remote Code Execution

Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerability in RestrictedPython that allows authenticated users with System Manager role to execute arbitrary code by exploiting frame introspection. Attackers can create a server script via the /app/server-script endpoint and access the...

8.8CVSS6.2AI score0.00609EPSS
Exploits1References8
CVE
CVE
added 2026/05/05 11:24 a.m.29 views

CVE-2023-54345

The CVE-2023-54345 entry concerns Frappe Framework ERPNext 13.4.0. A sandbox-escape flaw in RestrictedPython allows authenticated users with the System Manager role to execute arbitrary code by exploiting frame introspection. Attackers can create a server script via /app/server-script and access ...

8.8CVSS6.2AI score0.00609EPSS
Exploits1References8Affected Software1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.9 views

ERPNext 代码注入漏洞

ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Version 13.4.0 of ERPNext contains a code injection vulnerability. This vulnerability stems from a sandbox escape vulnerability present in RestrictedPython. It allows authenticated user...

8.8CVSS6.2AI score0.00609EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.15 views

PT-2026-37000

Name of the Vulnerable Software and Affected Versions Frappe Framework ERPNext version 13.4.0 Description A sandbox escape in RestrictedPython allows authenticated users with the System Manager role to execute arbitrary code through frame introspection. An attacker can create a server script usin...

8.8CVSS6.2AI score0.00609EPSS
Exploits1References11
PyPA
PyPA
added 2026/02/26 2:16 a.m.14 views

PYSEC-2026-6

Agenta is an open-source LLMOps platform. In Agenta-API prior to version 0.48.1, a Python sandbox escape vulnerability existed in Agenta's custom code evaluator. Agenta used RestrictedPython as a sandboxing mechanism for user-supplied evaluator code, but incorrectly whitelisted the numpy package ...

9.9CVSS6.3AI score0.00497EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/02/26 2:16 a.m.7 views

CVE-2026-27952

Agenta is an open-source LLMOps platform. In Agenta-API prior to version 0.48.1, a Python sandbox escape vulnerability existed in Agenta's custom code evaluator. Agenta used RestrictedPython as a sandboxing mechanism for user-supplied evaluator code, but incorrectly whitelisted the numpy package ...

9.9CVSS0.00497EPSS
Exploits1References1
OSV
OSV
added 2026/02/26 2:16 a.m.9 views

PYSEC-2026-6

Agenta is an open-source LLMOps platform. In Agenta-API prior to version 0.48.1, a Python sandbox escape vulnerability existed in Agenta's custom code evaluator. Agenta used RestrictedPython as a sandboxing mechanism for user-supplied evaluator code, but incorrectly whitelisted the numpy package ...

9.9CVSS6.3AI score0.00497EPSS
Exploits1References1
CVE
CVE
added 2026/02/26 1:38 a.m.24 views

CVE-2026-27952

Summary of CVE-2026-27952 (Agenta) : The vulnerability affects the Agenta-API (self-hosted API server) prior to version 0.48.1. A Python sandbox escape in the custom code evaluator used RestrictedPython, but the sandbox allowlist erroneously included the numpy package. This allowed authenticated ...

9.9CVSS6.3AI score0.00497EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/02/26 1:38 a.m.7 views

EUVD-2026-8814

Agenta is an open-source LLMOps platform. In Agenta-API prior to version 0.48.1, a Python sandbox escape vulnerability existed in Agenta's custom code evaluator. Agenta used RestrictedPython as a sandboxing mechanism for user-supplied evaluator code, but incorrectly whitelisted the numpy package ...

8.8CVSS6.3AI score0.00497EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.13 views

EUVD-2023-0228

Malicious code in bioql PyPI...

9.9CVSS9.1AI score0.00847EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-0229

Malicious code in bioql PyPI...

8.3CVSS7.9AI score0.00637EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-0162

Malicious code in bioql PyPI...

7.9CVSS6.3AI score0.00388EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.16 views

EUVD-2025-6893

Malicious code in bioql PyPI...

8.1CVSS5.8AI score0.00702EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.1 views

Linux Distros Unpatched Vulnerability : CVE-2025-22153

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Via a type...

7.9CVSS6.1AI score0.00388EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/08/18 4:40 a.m.3 views

PgManage vulnerable to injection

Overview PgManage provided by Command Prompt, Inc. uses RestrictedPython module. The version of RestrictedPython module imported to PgManage contains vulnerabilities, which are inherited to PgManage CWE-477. Sho Nakatani of SecDevLab Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...

7.2AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/08/18 12:0 a.m.6 views

JVN#46919949: PgManage vulnerable to injection

PgManage provided by Command Prompt, Inc. uses RestrictedPython module. The version of RestrictedPython module imported to PgManage contains vulnerabilities, which are inherited to PgManage CWE-477. Impact A user of the affected product may escape a sandbox and execute arbitrary code. Solution...

7.6AI score
Exploits0
Rows per page
Query Builder