1075 matches found
CVE-2026-31225
The superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The parseoppart function in query.py uses the unsafe eval function to dynamically evaluate user-supplied query operands without proper sanitization or restriction. Although...
CVE-2026-31220
PySyft Syft Datasite/Server versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions via @sy.syftfunction for remote execution on the server. While a...
CVE-2026-31220
PySyft Syft Datasite/Server versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions via @sy.syftfunction for remote execution on the server. While a...
CVE-2026-31225
The superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The parseoppart function in query.py uses the unsafe eval function to dynamically evaluate user-supplied query operands without proper sanitization or restriction. Although...
CVE-2026-31220
PySyft Syft Datasite/Server versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions via @sy.syftfunction for remote execution on the server. While a...
PT-2026-40059
Name of the Vulnerable Software and Affected Versions PySyft Syft Datasite/Server versions prior to 0.9.6 Description Insufficient validation and sandboxing of user-submitted code allow remote code execution. Low-privileged users can submit Python functions via @sy.syft function for remote...
PT-2026-40118
Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The endpoint is designed to execute arbitrary Python code provided by the user, but it does so using the unsafe exec function without any sandboxing, validation, or security...
CVE-2026-31231
Cognee through v0.4.0 suffers a critical remote code execution via the notebook cell execution API endpoint. The endpoint executes user-provided Python code with unsafe exec() and no sandboxing or validation, allowing an attacker to send a crafted POST containing malicious code to achieve arbitra...
CVE-2026-31220
CVE-2026-31220 affects PySyft (Syft Datasite/Server)
CVE-2026-41517
Emlog is an open source website building system. Prior to version 2.6.11, insecure plugin upload functionality allows attackers to upload and execute arbitrary PHP code, leading to complete server compromise and persistent backdoor installation. This issue has been patched in version 2.6.11...
CVE-2026-8208
Gibbon versions before v30.0.01 are affected by a local file inclusion vulnerability resulting in RCE by changing the report archive directory and forcing interpretation of a user provided .zip as PHP. Successful exploitation requires Teacher or higher privileges. Exploitation could result in...
CVE-2026-41517
Emlog is an open source website building system. Prior to version 2.6.11, insecure plugin upload functionality allows attackers to upload and execute arbitrary PHP code, leading to complete server compromise and persistent backdoor installation. This issue has been patched in version 2.6.11...
EUVD-2026-28830
Emlog is an open source website building system. Prior to version 2.6.11, insecure plugin upload functionality allows attackers to upload and execute arbitrary PHP code, leading to complete server compromise and persistent backdoor installation. This issue has been patched in version 2.6.11...
CVE-2026-41517 Emlog: Remote Code Execution via Malicious Plugin Upload
Emlog is an open source website building system. Prior to version 2.6.11, insecure plugin upload functionality allows attackers to upload and execute arbitrary PHP code, leading to complete server compromise and persistent backdoor installation. This issue has been patched in version 2.6.11...
CVE-2024-45257
A Command Injection issue in the payload build page in BYOB Build Your Own Botnet 2.0 allows attackers to execute arbitrary commands on the server via a crafted build parameter. This occurs in freeze in core/generators.py...
PT-2026-39198
Name of the Vulnerable Software and Affected Versions Emlog versions prior to 2.6.11 Description Insecure plugin upload functionality allows attackers to upload and execute arbitrary PHP code, which can lead to complete server compromise and the installation of a persistent backdoor...
Exploit for Path Traversal in Samsung Magicinfo_9_Server
Samsung MagicINFO 9 Server Exploit CVE-2025-4632 This repos...
CI4MS has Unrestricted PHP File Upload via Theme Installation that Leads to Authenticated Remote Code Execution
Summary A theme upload feature allows any authenticated backend user with theme-upload permission to achieve remote code execution RCE by uploading a crafted ZIP file. PHP files inside the ZIP are installed into the web-accessible public/ directory with no extension or content filtering, making...
CVE-2026-41269
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the Chatflow configuration file upload settings can be modified to allow the application/javascript MIME type. This lets an attacker upload .js files even though the frontend doesn’t normally...
CVE-2026-41264
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the CSVAgents class. The issue results from the lack of proper sandboxing when evaluating an LLM generated python script. An attacker can...