CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2019-0068

Malware in sbrugna...

8.6CVSS7.3AI score0.02334EPSS

Exploits1References40

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-6893

Malicious code in bioql PyPI...

8.1CVSS5.8AI score0.0039EPSS

Exploits1References4

OSV•added 2025/03/20 12:32 p.m.•3 views

GHSA-R229-5WGF-F28G Aim Improper Access Control

In version 3.22.0 of aimhubio/aim, the AimQL query language uses an outdated version of the safergetattr function from RestrictedPython. This version does not protect against the str.formatmap method, allowing an attacker to leak server-side secrets or potentially gain unrestricted code execution...

5.9CVSS7.6AI score0.0039EPSS

Exploits1References4

Github Security Blog•added 2025/03/20 12:32 p.m.•4 views

Aim Improper Access Control

8.1CVSS7.3AI score0.0039EPSS

Exploits1References4Affected Software1

CVE•added 2025/03/20 10:11 a.m.•43 views

CVE-2024-8238

CVE-2024-8238 affects aimhubio/aim v3.22.0 where AimQL uses an outdated safer_getattr() from RestrictedPython, failing to block str.format_map() and allowing access to arbitrary Python attributes (e.g., os.environ) and potential unrestricted code execution if a malicious .dll/.so is loaded. Multi...

8.1CVSS7.4AI score0.0039EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2025/03/20 10:11 a.m.•4 views

CVE-2024-8238 Unrestricted Code Execution in aimhubio/aim

5.9CVSS6AI score0.0039EPSS

Exploits1References1

Tenable Nessus•added 2019/06/07 12:0 a.m.•60 views

Ubuntu 16.04 LTS / 18.04 LTS : Jinja2 vulnerabilities (USN-4011-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4011-1 advisory. Olivier Dony discovered that Jinja incorrectly handled str.format. An attacker could possibly use this issue to escape the sandbox. This issu...

8.6CVSS7.4AI score0.02334EPSS

Exploits1References3

OSV•added 2019/06/06 11:14 a.m.•0 views

USN-4011-1 jinja2 vulnerabilities

Olivier Dony discovered that Jinja incorrectly handled str.format. An attacker could possibly use this issue to escape the sandbox. This issue only affected Ubuntu 16.04 LTS. CVE-2016-10745 Brian Welch discovered that Jinja incorrectly handled str.formatmap. An attacker could possibly use this...

8.6CVSS6.9AI score0.02334EPSS

Exploits1References3

Mageia•added 2019/05/18 12:33 p.m.•87 views

Updated python-jinja2 packages fix security vulnerability

Sandbox escape due to information disclosure via str.format CVE-2016-10745. str.formatmap allows sandbox escape CVE-2019-10906...

8.6CVSS2.6AI score0.02334EPSS

Exploits1References3

RedHat Linux•added 2019/05/13 10:51 a.m.•4 views

python-jinja2: str.format_map allows sandbox escape

A flaw was found in Jinja. Python string formatting could allow an attacker to escape the sandbox. The highest threat from this vulnerability is to data confidentiality and integrity and system availability...

8.6CVSS7.3AI score0.02334EPSS

Exploits1References5

OSV•added 2019/04/07 12:29 a.m.•5 views

AZL-41949 CVE-2019-10906 affecting package nodejs for versions less than 20.14.0-1

In Pallets Jinja before 2.10.1, str.formatmap allows a sandbox escape...

8.6CVSS6.9AI score0.02334EPSS

Exploits1References1