34 matches found
EUVD-2019-11022
Malware in sbrugna...
EUVD-2017-11475
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2019-20478
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In ruamel.yaml through 0.16.7, the load method allows remote code execution if the application calls this method with an untrusted argument. In other words, thi...
CVE-2025-50460
A remote code execution RCE vulnerability exists in the ms-swift project version 3.3.0 due to unsafe deserialization in tests/run.py using yaml.load from the PyYAML library versions = 5.3.1. If an attacker can control the content of the YAML configuration file passed to the --runconfig parameter,...
Exploit for CVE-2025-50460
CVE-2025-50460: Remote Code Execution in modelscope/ms-swift v...
Arbitrary Code Execution
llama-hub is vulnerable to Arbitrary Code Execution. The vulnerability is due to missing safeload configuration during YAML parsing. An attackers can execute arbitrary code by exploiting this vulnerability...
SUSE CVE-2019-20478
In ruamel.yaml through 0.16.7, the load method allows remote code execution if the application calls this method with an untrusted argument. In other words, this issue affects developers who are unaware of the need to use methods such as safeload in these use cases...
Remote code execution
A remote code execution RCE vulnerability in Optica allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Specially crafted JSON payloads may lead to RCE remote code execution on the attacked system running Optica. The vulnerability was patched in v...
GHSA-M87F-9FVV-2MGG Deserialization of Untrusted Data in parlai
Impact Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. Patches The issue can be patched by upgrading to v1.1.0 or later. It can also be patche...
OS Command Injection in jw.util
An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safeload is not used...
GHSA-H72C-W3Q3-55QQ OS Command Injection in jw.util
An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safeload is not used...
PYSEC-2021-60
Tenable for Jira Cloud is an open source project designed to pull Tenable.io vulnerability data, then generate Jira Tasks and sub-tasks based on the vulnerabilities' current state. It published in pypi as "tenable-jira-cloud". In tenable-jira-cloud before version 1.1.21, it is possible to run...
CVE-2021-27213
config.py in pystemon before 2021-02-13 allows code execution via YAML deserialization because SafeLoader and safeload are not used...
CVE-2021-27213
config.py in pystemon before 2021-02-13 allows code execution via YAML deserialization because SafeLoader and safeload are not used...
CVE-2020-13388
An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safeload is not used...
CVE-2020-13388
An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safeload is not used...
CVE-2019-20478
In ruamel.yaml through 0.16.7, the load method allows remote code execution if the application calls this method with an untrusted argument. In other words, this issue affects developers who are unaware of the need to use methods such as safeload in these use cases...
CVE-2019-20478
In ruamel.yaml through 0.16.7, the load method allows remote code execution if the application calls this method with an untrusted argument. In other words, this issue affects developers who are unaware of the need to use methods such as safeload in these use cases...
CVE-2019-20478
In ruamel.yaml through 0.16.7, the load method allows remote code execution if the application calls this method with an untrusted argument. In other words, this issue affects developers who are unaware of the need to use methods such as safeload in these use cases...
Remote code execution
In ruamel.yaml through 0.16.7, the load method allows remote code execution if the application calls this method with an untrusted argument. In other words, this issue affects developers who are unaware of the need to use methods such as safeload in these use cases...