GHSA-89G2-XW5C-V95P PPTAgent: Arbitrary Code Execution via Python eval() of LLM-Generated Code with Builtins in Scope

Summary This vulnerability has been fixed in https://github.com/icip-cas/PPTAgent/commit/418491a9a1c02d9d93194b5973bb58df35cf9d00. CodeExecutor.executeactions pptagent/apis.py:126-205 processes LLM-generated slide editing actions using Python's eval: python pptagent/apis.py:184-186 partialfunc =...

RCE (Remote Code Execution) org.yaml:snakeyaml Dependency in Jira Software Data Center

This is a vulnerability in a non-Atlassian Jira dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity RCE Remote Code Execution vulnerability was introduced in versions 11.3.3 of Jira Software Data Center. This RCE Remote Code...

RCE (Remote Code Execution) org.yaml:snakeyaml Dependency in Jira Service Management Data Center

This is a vulnerability in a non-Atlassian Jira Service Management dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity RCE Remote Code Execution vulnerability was introduced in versions 11.3.3 of Jira Service Management Data...

Exploit for Deserialization of Untrusted Data in Snakeyaml_Project Snakeyaml

yaml-payload Exploit payload JAR for demonstrating CVE-2022-...

CVE-2026-1691

A vulnerability has been found in bolo-solo up to 2.6.4. This impacts the function importMarkdownsSync of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component SnakeYAML. Such manipulation leads to deserialization. The attack may be launched remotely. The exploit has...

EUVD-2026-5013

A vulnerability has been found in bolo-solo up to 2.6.4. This impacts the function importMarkdownsSync of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component SnakeYAML. Such manipulation leads to deserialization. The attack may be launched remotely. The exploit has...

Bolo-Solo code issue vulnerabilities

Bolo-Solo is a blog system developed under the open source Bolo-Blog project. Versions of Bolo-Solo 2.6.4 and earlier contained code vulnerabilities. These vulnerabilities stemmed from a deserialization issue in the importMarkdownsSync function within the SnakeYAML component’s...

Security Bulletin: IBM App Connect Enterprise is vulnerable to Denial of Service due to snake-yaml (CVE-2022-25857)

Summary IBM App Connect Enterprise Toolkit is vulnerable to Denial of Service due to snake-yaml. Vulnerability Details CVEID:CVE-2022-25857 DESCRIPTION: The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service DoS due missing to nested depth limitation for...

EUVD-2025-117195

Malicious code in occupational-turquoise-snake npm...

EUVD-2025-117097

Malicious code in shy-red-snake npm...

EUVD-2025-117019

Malicious code in tremendous-chocolate-snake npm...

MAL-2025-139005 Malicious code in shy-red-snake (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 136a6c89f41ffb43e3480e9e135af5adb06770bf847e4378bda22bebd5a66d2e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in shy-red-snake (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 136a6c89f41ffb43e3480e9e135af5adb06770bf847e4378bda22bebd5a66d2e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-117165

Malicious code in potential-salmon-snake npm...

EUVD-2025-102023

Malicious code in supremesnakez3n npm...

MAL-2025-129303 Malicious code in passive_snake_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d9f78b4628c559db68d342e5b3b7ccd1dec371f96d868f12c28558b0827fd5a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in supreme_snake_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7786bdedfc3515850906ce0d7ac40cdaf72134975edf8657053c045666ff7aef This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-119601 Malicious code in driving_snake_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea77b359bb50caef899a5d05b1ffd520ed9e52461b7a4fbf0122b3eb256d1393 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-123739 Malicious code in typical_snake_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3f3e37ba9630fa0aa9bafaa1466c28ad7e1ef2a2feb99b24a364c7c327236bd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-95737

Malicious code in profoundsnakez3n npm...