Lucene search
K

1075 matches found

NVD
NVD
added 2026/05/12 4:16 p.m.11 views

CVE-2026-31225

The superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The parseoppart function in query.py uses the unsafe eval function to dynamically evaluate user-supplied query operands without proper sanitization or restriction. Although...

8.8CVSS0.00405EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 4:16 p.m.9 views

CVE-2026-31220

PySyft Syft Datasite/Server versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions via @sy.syftfunction for remote execution on the server. While a...

9.8CVSS0.00631EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/12 12:0 a.m.34 views

CVE-2026-31220

PySyft Syft Datasite/Server versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions via @sy.syftfunction for remote execution on the server. While a...

0.00631EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/12 12:0 a.m.34 views

CVE-2026-31225

The superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The parseoppart function in query.py uses the unsafe eval function to dynamically evaluate user-supplied query operands without proper sanitization or restriction. Although...

0.00405EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 12:0 a.m.8 views

CVE-2026-31220

PySyft Syft Datasite/Server versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions via @sy.syftfunction for remote execution on the server. While a...

6.7AI score0.00631EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.16 views

PT-2026-40059

Name of the Vulnerable Software and Affected Versions PySyft Syft Datasite/Server versions prior to 0.9.6 Description Insufficient validation and sandboxing of user-submitted code allow remote code execution. Low-privileged users can submit Python functions via @sy.syft function for remote...

9.8CVSS6.5AI score0.00631EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.18 views

PT-2026-40118

Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The endpoint is designed to execute arbitrary Python code provided by the user, but it does so using the unsafe exec function without any sandboxing, validation, or security...

6.7AI score0.00635EPSS
Exploits0References3
CVE
CVE
added 2026/05/12 12:0 a.m.18 views

CVE-2026-31231

Cognee through v0.4.0 suffers a critical remote code execution via the notebook cell execution API endpoint. The endpoint executes user-provided Python code with unsafe exec() and no sandboxing or validation, allowing an attacker to send a crafted POST containing malicious code to achieve arbitra...

9.8CVSS6.7AI score0.00635EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 12:0 a.m.28 views

CVE-2026-31220

CVE-2026-31220 affects PySyft (Syft Datasite/Server)

9.8CVSS6.7AI score0.00631EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/11 8:26 p.m.13 views

CVE-2026-41517

Emlog is an open source website building system. Prior to version 2.6.11, insecure plugin upload functionality allows attackers to upload and execute arbitrary PHP code, leading to complete server compromise and persistent backdoor installation. This issue has been patched in version 2.6.11...

6AI score0.00276EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/09 2:58 a.m.45 views

CVE-2026-8208

Gibbon versions before v30.0.01 are affected by a local file inclusion vulnerability resulting in RCE by changing the report archive directory and forcing interpretation of a user provided .zip as PHP. Successful exploitation requires Teacher or higher privileges. Exploitation could result in...

8.9CVSS0.0032EPSS
Exploits0References2
NVD
NVD
added 2026/05/08 10:16 p.m.23 views

CVE-2026-41517

Emlog is an open source website building system. Prior to version 2.6.11, insecure plugin upload functionality allows attackers to upload and execute arbitrary PHP code, leading to complete server compromise and persistent backdoor installation. This issue has been patched in version 2.6.11...

0.00276EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/08 9:50 p.m.11 views

EUVD-2026-28830

Emlog is an open source website building system. Prior to version 2.6.11, insecure plugin upload functionality allows attackers to upload and execute arbitrary PHP code, leading to complete server compromise and persistent backdoor installation. This issue has been patched in version 2.6.11...

6AI score0.00276EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/08 9:50 p.m.36 views

CVE-2026-41517 Emlog: Remote Code Execution via Malicious Plugin Upload

Emlog is an open source website building system. Prior to version 2.6.11, insecure plugin upload functionality allows attackers to upload and execute arbitrary PHP code, leading to complete server compromise and persistent backdoor installation. This issue has been patched in version 2.6.11...

0.00276EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/08 12:0 a.m.8 views

CVE-2024-45257

A Command Injection issue in the payload build page in BYOB Build Your Own Botnet 2.0 allows attackers to execute arbitrary commands on the server via a crafted build parameter. This occurs in freeze in core/generators.py...

7.6AI score0.03891EPSS
Exploits3References5
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.15 views

PT-2026-39198

Name of the Vulnerable Software and Affected Versions Emlog versions prior to 2.6.11 Description Insecure plugin upload functionality allows attackers to upload and execute arbitrary PHP code, which can lead to complete server compromise and the installation of a persistent backdoor...

6AI score0.00276EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/05/06 7:55 p.m.119 views

Exploit for Path Traversal in Samsung Magicinfo_9_Server

Samsung MagicINFO 9 Server Exploit CVE-2025-4632 This repos...

9.8CVSS7.7AI score0.23953EPSS
Exploits4
Github Security Blog
Github Security Blog
added 2026/04/29 8:42 p.m.9 views

CI4MS has Unrestricted PHP File Upload via Theme Installation that Leads to Authenticated Remote Code Execution

Summary A theme upload feature allows any authenticated backend user with theme-upload permission to achieve remote code execution RCE by uploading a crafted ZIP file. PHP files inside the ZIP are installed into the web-accessible public/ directory with no extension or content filtering, making...

8.6CVSS7.1AI score0.00501EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/24 7:23 p.m.6 views

CVE-2026-41269

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the Chatflow configuration file upload settings can be modified to allow the application/javascript MIME type. This lets an attacker upload .js files even though the frontend doesn’t normally...

8.8CVSS5.6AI score0.00472EPSS
Exploits1References1
NVD
NVD
added 2026/04/23 8:16 p.m.6 views

CVE-2026-41264

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the CSVAgents class. The issue results from the lack of proper sandboxing when evaluating an LLM generated python script. An attacker can...

9.8CVSS0.01028EPSS
Exploits3References1
Rows per page
Query Builder