13 matches found
Arbitrary Code Injection
Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Arbitrary Code Injection via the node-custom-function endpoint when user-supplied JavaScript is executed in a NodeVM sandbox without sufficient route-level authorization. A user can execute commands on the...
CVE-2026-42343
FastGPT is an AI Agent building platform. In versions 4.14.13 and prior, the code-sandbox component suffers from insufficient resource isolation and uncontrolled resource consumption. The service relies solely on an application-level soft limit a 500ms polling interval for memory management and...
PT-2026-6766
Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 2.1.2 Description Claude Code, an agentic coding tool, had a flaw in its bubblewrap sandboxing mechanism. The mechanism did not adequately protect the .claude/settings.json configuration file when it was absent at...
NewStart CGSL MAIN 7.02 : tracker-miners Multiple Vulnerabilities (NS-SA-2025-0139)
The remote NewStart CGSL host, running version MAIN 7.02, has tracker-miners packages installed that are affected by multiple vulnerabilities: - libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of...
GLSA-202505-10 : Tracker miners: Sandbox weakness
The remote host is affected by the vulnerability described in GLSA-202505-10 Tracker miners: Sandbox weakness A vulnerability has been discovered in Tracker minders. Please review the CVE identifier referenced below for details. Tenable has extracted the preceding description block directly from...
Rocky Linux 8 : tracker-miners (RLSA-2023:7732)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:7732 advisory. - A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the...
tracker-miners: sandbox escape
A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability...
RHEL 8 : tracker-miners (RHSA-2023:7739)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:7739 advisory. Tracker is a powerful desktop-neutral first class object database, tag/metadata database and search tool. This package contains various miners and...
Oracle Linux 9 : tracker-miners (ELSA-2023-7712)
The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2023-7712 advisory. 3.1.2-4 - Backport stricter seccomp jail Resolves: RHEL-12469 Tenable has extracted the preceding description block directly from the Oracle Linux security...
RHEL 8 : tracker-miners (RHSA-2023:7731)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:7731 advisory. Tracker is a powerful desktop-neutral first class object database, tag/metadata database and search tool. This package contains various miners and...
SUSE CVE-2023-5557
A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability...
CVE-2023-5557
A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability...
Code injection
A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability...