πŸ” Search

Found 500 results for "python"

Showing 21 - 40 of 500 results (limited to 500 results)

πŸ”’ CVE CRITICAL CVSS: 9.9 β€’ February 06, 2026

CVE-2026-25592

Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.71.0, an Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernelβ€―.NET SDK, specifically within theβ€―SessionspythonPlugin. The problem has been fixed in Microsoft.SemanticKernel.Core version 1.71.0. As a mitigation, users can create a Function Invocation Filter which checks the arguments being passed to any calls to DownloadFileAsyncβ€― or UploadFileAsync and ensures the provided localFilePath is allow listed.

EPSS: 0.1%
πŸ”’ CVE CRITICAL CVSS: 9.9 β€’ February 04, 2026

CVE-2026-25115

n8n is an open source workflow automation platform. Prior to version 2.4.8, a vulnerability in the python Code node allows authenticated users to break out of the python sandbox environment and execute code outside the intended security boundary. This issue has been patched in version 2.4.8.

EPSS: 0.1%
πŸ”’ CVE CRITICAL CVSS: 9.9 β€’ December 26, 2025

CVE-2025-68668

n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands on the host system running n8n, using the same privileges as the n8n process. This issue has been patched in version 2.0.0. Workarounds for this issue involve disabling the Code Node by setting the environment variable NODES_EXCLUDE: "[\"n8n-nodes-base.code\"]", disabling python support in the Code node by setting the environment variable N8N_python_ENABLED=false, which was introduced in n8n version 1.104.0, and configuring n8n to use the task runner based python sandbox via the N8N_RUNNERS_ENABLED and N8N_NATIVE_python_RUNNER environment variables.

EPSS: 0.0%
πŸ”’ CVE CRITICAL ⚠️ KEV CVSS: 9.9 β€’ February 10, 2025

CVE-2025-24016

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. DistributedAPI parameters are a serialized as JSON and deserialized using `as_wazuh_object` (in `framework/wazuh/core/cluster/common.py`). If an attacker manages to inject an unsanitized dictionary in DAPI request/response, they can forge an unhandled exception (`__unhandled_exc__`) to evaluate arbitrary python code. The vulnerability can be triggered by anybody with API access (compromised dashboard or Wazuh servers in the cluster) or, in certain configurations, even by a compromised agent. Version 4.9.1 contains a fix.

EPSS: 93.9%
πŸ”’ CVE CRITICAL CVSS: 9.8 β€’ May 27, 2026

CVE-2026-44888

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile() endpoint writes user-supplied numeric config values (e.g., SMTP_PORT) directly into pialert.conf without validation. Since pialert.conf is loaded via python's exec() every 3–5 minutes by the background cron process, an attacker can inject arbitrary python code and achieve unauthenticated OS-level RCE. On default installations (PIALERT_WEB_PROTECTION = False), no credentials are required. This vulnerability is fixed in 2026-05-07.

EPSS: 0.1%
πŸ”’ CVE CRITICAL CVSS: 9.8 β€’ May 27, 2026

CVE-2026-44887

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configuration editor allows arbitrary python code to be injected into pialert.conf. Since the background scan daemon loads this file via python's exec(), injected code executes as the daemon process. With web protection disabled (the default configuration), no authentication is required, making this an unauthenticated Remote Code Execution vulnerability. This vulnerability is fixed in 2026-05-07.

EPSS: 0.3%
πŸ”’ CVE CRITICAL CVSS: 9.8 β€’ May 21, 2026

CVE-2026-48207

Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory python-native mode with strict mode disabled and relies on DeserializationPolicy to restrict unsafe classes, functions, or module attributes. This issue affects Apache Fory: from before 1.0.0. Mitigation: Users of Apache Fory are recommended to upgrade to version 1.0.0 or later, which enforces DeserializationPolicy validation for the affected ReduceSerializer paths and thus fixes this issue.

EPSS: 0.1%
πŸ”’ CVE CRITICAL CVSS: 9.8 β€’ May 19, 2026

CVE-2026-31072

The JSONSerializer and CBORSerializer in APScheduler (all versions including 3.10.x and 4.0.0a5) are vulnerable to Remote Code Execution (RCE) via Insecure Deserialization. The unmarshal_object function allows for arbitrary class instantiation and state injection by dynamically importing modules and calling __setstate__ on any class available in the python environment. An attacker can exploit this by submitting a specially crafted JSON or CBOR payload to an application using these serializers

EPSS: 0.2%
πŸ”’ CVE CRITICAL CVSS: 9.8 β€’ May 18, 2026

CVE-2026-8838

Unsafe use of python's eval() on server-received data in the vector_in() function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary code on the client. To remediate this issue, users should upgrade to version 2.1.14.

EPSS: 0.1%
πŸ”’ CVE CRITICAL CVSS: 9.8 β€’ May 18, 2026

CVE-2026-7304

SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as python objects loaded via dill.loads() will be deserialized without validation.

EPSS: 0.4%
πŸ”’ CVE CRITICAL CVSS: 9.8 β€’ May 16, 2026

CVE-2021-47952

python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary python commands by deserializing malicious JSON payloads containing py/repr objects. Attackers can craft JSON strings with py/repr directives that invoke the eval function during deserialization to execute arbitrary code.

EPSS: 0.4%
πŸ”’ CVE CRITICAL CVSS: 9.8 β€’ May 12, 2026

CVE-2026-31239

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization (CWE-502) when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.from_pretrained() method uses torch.load() to load the pytorch_model.bin weight file without enabling the security-restrictive weights_only=True parameter. This allows the deserialization of arbitrary python objects via the pickle module. An attacker can exploit this by publishing a malicious model repository on HuggingFace Hub. When a victim loads a model from this repository, arbitrary code is executed on the victim's system in the context of the mamba process.

EPSS: 0.1%
πŸ”’ CVE CRITICAL CVSS: 9.8 β€’ May 12, 2026

CVE-2026-31238

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization (CWE-502) in its model serving component. When starting a model server with the ludwig serve command, the framework loads model weight files using torch.load() without enabling the security-restrictive weights_only=True parameter. This default behavior allows the deserialization of arbitrary python objects via the pickle module. An attacker can exploit this by providing a maliciously crafted PyTorch model file, leading to arbitrary code execution on the system hosting the Ludwig model server.

EPSS: 0.1%
πŸ”’ CVE CRITICAL CVSS: 9.8 β€’ May 12, 2026

CVE-2026-31237

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization (CWE-502) through its predict() method. When a user provides a dataset file path to the predict() method, the framework automatically determines the file format. If the file is a pickle (.pkl) file, it is loaded using pandas.read_pickle() without any validation or security restrictions. This allows the deserialization of arbitrary python objects via the unsafe pickle module. A remote attacker can exploit this by providing a maliciously crafted pickle file, leading to arbitrary code execution on the system running the Ludwig prediction.

EPSS: 0.5%
πŸ”’ CVE CRITICAL CVSS: 9.8 β€’ May 12, 2026

CVE-2026-31236

The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom python function definitions. However, the tool directly executes the provided code using the unsafe exec() function without any sanitization, sandboxing, or security restrictions. An attacker can exploit this by crafting a malicious llm command with arbitrary python code in the --functions argument and using social engineering to trick a victim into running it. This leads to arbitrary code execution on the victim's system, potentially granting the attacker full control.

EPSS: 0.1%
πŸ”’ CVE CRITICAL CVSS: 9.8 β€’ May 12, 2026

CVE-2026-31235

The imgaug library thru 0.4.0 contains an insecure deserialization vulnerability in its BackgroundAugmenter class within the multicore.py module. The class uses python's pickle module to deserialize data received via a multiprocessing queue in the _augment_images_worker() method without any safety checks. An attacker who can influence the data placed into this queue (e.g., through social engineering, malicious input scripts, or a compromised shared queue) can provide a malicious pickle payload. When deserialized, this payload can execute arbitrary code in the context of the worker process, leading to remote or local code execution depending on the deployment scenario.

EPSS: 0.1%
πŸ”’ CVE CRITICAL CVSS: 9.8 β€’ May 12, 2026

CVE-2026-31231

Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The endpoint is designed to execute arbitrary python code provided by the user, but it does so using the unsafe exec() function without any sandboxing, validation, or security controls. An attacker can exploit this by sending a specially crafted POST request containing malicious python code to the execution endpoint. This leads to arbitrary code execution on the Cognee server with the privileges of the server process, allowing complete compromise of the system.

EPSS: 0.4%
πŸ”’ CVE CRITICAL CVSS: 9.8 β€’ May 12, 2026

CVE-2026-31230

The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component (robustness_evaluation_fgsm_pytorch.py). The script uses the unsafe eval() function to parse string values provided via the --clip_values and --input_shape command-line arguments. This allows an attacker to inject arbitrary python code into these arguments, which will be executed when eval() is called. The vulnerability can be exploited remotely if an attacker can control these arguments (e.g., through pipeline configuration or automated scripts), leading to arbitrary code execution on the system running the ART evaluation.

EPSS: 0.1%
πŸ”’ CVE CRITICAL CVSS: 9.8 β€’ May 12, 2026

CVE-2026-31229

The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains an insecure deserialization vulnerability (CWE-502) in its Kubeflow component's model loading functionality. When loading model weights from a file (e.g., model.pt) during robustness evaluation, the code uses torch.load() without the security-restrictive weights_only=True parameter. This allows the deserialization of arbitrary python objects via the Pickle module. An attacker can exploit this by uploading a maliciously crafted model file to an object storage location referenced by the pipeline, or by controlling the model_id parameter to point to such a file. When the pipeline loads the model, the malicious payload is executed, leading to remote code execution.

EPSS: 0.5%
πŸ”’ CVE CRITICAL CVSS: 9.8 β€’ May 12, 2026

CVE-2026-31228

The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe eval() function to dynamically evaluate user-supplied strings for the LossFn and Optimizer parameters without any sanitization or security restrictions. An attacker can exploit this by providing a specially crafted string that contains arbitrary python code, which will be executed when eval() is called, leading to complete compromise of the system running the ART evaluation.

EPSS: 0.4%