Skip to main content

Paddlepaddle

31 CVEs product

Monthly

CVE-2024-1603 PyPI HIGH POC This Week

paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.read_file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Paddlepaddle
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-0818 PyPI CRITICAL POC Act Now

Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Paddlepaddle
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2024-0917 PyPI CRITICAL POC Act Now

remote code execution in paddlepaddle/paddle 2.6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Paddlepaddle
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-0815 PyPI HIGH POC PATCH This Week

Command injection in paddle.utils.download._wget_download (bypass filter) in paddlepaddle/paddle 2.6.0. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Paddlepaddle
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-0817 PyPI HIGH POC PATCH This Week

Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Paddlepaddle
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2023-52314 PyPI CRITICAL PATCH Act Now

PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Paddlepaddle
NVD GitHub
CVSS 3.1
9.6
EPSS
0.3%
CVE-2023-52313 PyPI MEDIUM PATCH This Month

FPE in paddle.argmin and paddle.argmax in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Paddlepaddle
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-52312 PyPI MEDIUM PATCH This Month

Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Paddlepaddle
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-52311 PyPI CRITICAL PATCH Act Now

PaddlePaddle before 2.6.0 has a command injection in _wget_download. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Paddlepaddle
NVD GitHub
CVSS 3.1
9.6
EPSS
0.3%
CVE-2023-52310 PyPI CRITICAL PATCH Act Now

PaddlePaddle before 2.6.0 has a command injection in get_online_pass_interval. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Paddlepaddle
NVD GitHub
CVSS 3.1
9.6
EPSS
0.3%
CVE-2023-52309 PyPI HIGH PATCH This Week

Heap buffer overflow in paddle.repeat_interleave in PaddlePaddle before 2.6.0. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Information Disclosure Buffer Overflow Denial Of Service Paddlepaddle
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2023-52308 PyPI MEDIUM PATCH This Month

FPE in paddle.amin in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Paddlepaddle
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-52307 PyPI HIGH PATCH This Week

Stack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Denial Of Service Paddlepaddle
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2023-52306 PyPI MEDIUM PATCH This Month

FPE in paddle.lerp in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Paddlepaddle
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-52305 PyPI MEDIUM PATCH This Month

FPE in paddle.topk in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Paddlepaddle
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-52304 PyPI HIGH PATCH This Week

Stack overflow in paddle.searchsorted in PaddlePaddle before 2.6.0. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Denial Of Service Paddlepaddle
NVD GitHub
CVSS 3.1
8.2
EPSS
0.2%
CVE-2023-52303 PyPI MEDIUM PATCH This Month

Nullptr in paddle.put_along_axis in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Paddlepaddle
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-52302 PyPI MEDIUM PATCH This Month

Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Paddlepaddle
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-38678 PyPI MEDIUM PATCH This Month

OOB access in paddle.mode in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Denial Of Service Paddlepaddle
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-38677 PyPI MEDIUM PATCH This Month

FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Paddlepaddle
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-38676 PyPI MEDIUM PATCH This Month

Nullptr in paddle.dot in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Paddlepaddle
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-38675 PyPI MEDIUM PATCH This Month

FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Paddlepaddle
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-38674 PyPI MEDIUM PATCH This Month

FPE in paddle.nanmedian in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Paddlepaddle
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-38673 PyPI CRITICAL POC PATCH Act Now

PaddlePaddle before 2.5.0 has a command injection in fs.py. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Paddlepaddle
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-38672 PyPI HIGH POC PATCH This Week

FPE in paddle.trace in PaddlePaddle before 2.5.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Paddlepaddle
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-38671 PyPI CRITICAL POC PATCH Act Now

Heap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Paddlepaddle
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-38670 PyPI HIGH POC PATCH This Week

Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Paddlepaddle
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-38669 PyPI CRITICAL POC PATCH Act Now

Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Paddlepaddle
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-46742 PyPI CRITICAL POC PATCH Act Now

Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Paddlepaddle
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-46741 PyPI CRITICAL POC PATCH Act Now

Out-of-bounds read in gather_tree in PaddlePaddle before 2.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Paddlepaddle
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2022-45908 PyPI CRITICAL POC PATCH Act Now

In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Paddlepaddle
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
EPSS 1% CVSS 7.5
HIGH POC This Week

paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.read_file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Paddlepaddle
NVD
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Paddlepaddle
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

remote code execution in paddlepaddle/paddle 2.6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Paddlepaddle
NVD
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Command injection in paddle.utils.download._wget_download (bypass filter) in paddlepaddle/paddle 2.6.0. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Paddlepaddle
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Paddlepaddle
NVD
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Paddlepaddle
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

FPE in paddle.argmin and paddle.argmax in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Paddlepaddle
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Paddlepaddle
NVD GitHub
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

PaddlePaddle before 2.6.0 has a command injection in _wget_download. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Paddlepaddle
NVD GitHub
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

PaddlePaddle before 2.6.0 has a command injection in get_online_pass_interval. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Paddlepaddle
NVD GitHub
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Heap buffer overflow in paddle.repeat_interleave in PaddlePaddle before 2.6.0. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Information Disclosure Buffer Overflow Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

FPE in paddle.amin in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Paddlepaddle
NVD GitHub
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Stack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Denial Of Service Paddlepaddle
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

FPE in paddle.lerp in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Paddlepaddle
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

FPE in paddle.topk in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Paddlepaddle
NVD GitHub
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Stack overflow in paddle.searchsorted in PaddlePaddle before 2.6.0. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Denial Of Service Paddlepaddle
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Nullptr in paddle.put_along_axis in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Paddlepaddle
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Paddlepaddle
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

OOB access in paddle.mode in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Paddlepaddle
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Nullptr in paddle.dot in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Paddlepaddle
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Paddlepaddle
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

FPE in paddle.nanmedian in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Paddlepaddle
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

PaddlePaddle before 2.5.0 has a command injection in fs.py. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Paddlepaddle
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

FPE in paddle.trace in PaddlePaddle before 2.5.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Paddlepaddle
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

Heap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Paddlepaddle
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Paddlepaddle
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL POC PATCH Act Now

Out-of-bounds read in gather_tree in PaddlePaddle before 2.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Paddlepaddle
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Paddlepaddle
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy