Eval Injection

Overview agno is an Agno: a lightweight library for building Multi-Agent Systems Affected versions of this package are vulnerable to Eval Injection via the fieldtype parameter in the model execution process. An attacker can execute arbitrary Python code by manipulating the value passed to the eva...

CVE-2024-6877

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Eliz Software Panel allows Reflected XSS.This issue affects Panel: before v2.3.24...

CVE-2024-5958

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Eliz Software Panel allows Command Line Execution through SQL Injection. This issue affects Panel: before v2.3.24...

CVE-2024-5958

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Eliz Software Panel allows Command Line Execution through SQL Injection.This issue affects Panel: before v2.3.24...

CVE-2024-5959

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Eliz Software Panel allows Stored XSS. This issue affects Panel: before v2.3.24...

CVE-2024-5959 Stored XSS in Eliz Software's Panel

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Eliz Software Panel allows Stored XSS. This issue affects Panel: before v2.3.24...

Eliz Panel 跨站脚本漏洞

Eliz Panel is a control panel from Eliz, Inc. A cross-site scripting vulnerability exists in Eliz Panel versions prior to 2.3.24, which stems from incorrect neutralization of inputs during web page generation, allowing stored cross-site scripting attacks...

WordPress plugin jQuery T(-) Countdown Widget 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

GHSA-GGMR-44CV-24PM Code injection via unsafe YAML loading

Impact Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An attacker can add malicious code to the config file of a trained model and attempt to convince users to...

Code injection via unsafe YAML loading

Impact Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An attacker can add malicious code to the config file of a trained model and attempt to convince users to...

CVE-2021-43811

Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An...

PYSEC-2021-848

Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An...

Code injection

Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An...

PYSEC-2021-848

Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An...

Sockeye 代码注入漏洞

Sockeye is an open source sequence-to-sequence framework for neural machine translation based on PyTorch. Sockeye suffers from a code injection vulnerability that stems from Sockeye's use of YAML to store model and data configurations on disk.Versions of Sockeye up to 2.3.24 are loaded using...