153 matches found
Decepticon
⚡ Decepticon — Autonomous Multi-Agent Offensive Security !L...
Webite-Security-Scanner
Webite-Security-Scanner A modular web...
CVE-2026-29872
A cross-session information disclosure vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 2026-01-19. The affected Streamlit-based GitHub MCP Agent stores user-supplied API tokens in process-wide environment variables using os.environ without...
EUVD-2026-17141
A cross-session information disclosure vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 2026-01-19. The affected Streamlit-based GitHub MCP Agent stores user-supplied API tokens in process-wide environment variables using os.environ without...
CVE-2026-29872
A cross-session information disclosure vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 2026-01-19. The affected Streamlit-based GitHub MCP Agent stores user-supplied API tokens in process-wide environment variables using os.environ without...
CVE-2026-29872
A cross-session information disclosure vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 2026-01-19. The affected Streamlit-based GitHub MCP Agent stores user-supplied API tokens in process-wide environment variables using os.environ without...
CVE-2026-29872
Technical details about CVE-2026-29872 are not publicly available in the provided connected documents. The Initial Description contains information but no further technical specifics. Monitor for updates.
PT-2026-29084
Name of the Vulnerable Software and Affected Versions awesome-llm-apps versions prior to commit e46690f99c3f08be80a9877fab52acacf7ab8251 Description A cross-session information disclosure issue exists in the awesome-llm-apps project. The Streamlit-based GitHub MCP Agent stores user-supplied API...
CVE-2026-29872
A cross-session information disclosure vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 2026-01-19. The affected Streamlit-based GitHub MCP Agent stores user-supplied API tokens in process-wide environment variables using os.environ without...
CVE-2026-29872
A cross-session information disclosure vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 2026-01-19. The affected Streamlit-based GitHub MCP Agent stores user-supplied API tokens in process-wide environment variables using os.environ without...
CVE-2026-33682
Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery SSRF vulnerability. The vulnerability arises from improper validation of attacker-supplied...
CVE-2026-33682 Streamlit on Windows has Unauthenticated SSRF Vulnerability (NTLM Credential Exposure)
Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery SSRF vulnerability. The vulnerability arises from improper validation of attacker-supplied...
CVE-2026-33682 Streamlit on Windows has Unauthenticated SSRF Vulnerability (NTLM Credential Exposure)
Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery SSRF vulnerability. The vulnerability arises from improper validation of attacker-supplied...
CVE-2026-33682
CVE-2026-33682 (Streamlit) affects Windows deployments of Streamlit Open Source up to version 1.53.x. The issue is an SSRF vulnerability caused by insufficient validation of attacker-controlled filesystem paths in component request handling (notably ComponentRequestHandler). On Windows, supplying...
CVE-2026-33682 Streamlit on Windows has Unauthenticated SSRF Vulnerability (NTLM Credential Exposure)
Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery SSRF vulnerability. The vulnerability arises from improper validation of attacker-supplied...
Streamlit 代码问题漏洞
Streamlit is an open-source data-oriented Python application development framework created by Streamlit. Versions of Streamlit prior to 1.54.0 contained code vulnerabilities. These vulnerabilities stemmed from improper validation of file system paths provided by attackers, which could lead to...
ace-cm (>=0.0.1 <=0.0.4), active-framework (>=2.0.0 <=2.0.9) +379 more potentially affected by CVE-2026-33682 via streamlit (>=0.49.0 <=1.53.1)
streamlit PYPI version =0.49.0, =0.0.1, =2.0.0, =0.0.0, =1.2.1, =0.0.2, =0.0.5, =0.1.0, =0.0.0, =0.2.0, =0.2.2 and more Source cves: CVE-2026-33682 Source advisory: OSV:GHSA-7P48-42J8-8846...
Server-side Request Forgery (SSRF)
Overview streamlit is a The fastest way to build data apps in Python Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to improper validation of filesystem paths in the ComponentRequestHandler process. An attacker can trigger outbound SMB authentication...
Unauthenticated SSRF Vulnerability in Streamlit on Windows (NTLM Credential Exposure)
Streamlit Open Source Security Advisory 1. Impacted Products Streamlit Open Source versions prior to 1.54.0 running on Windows hosts. 2. Introduction Snowflake Streamlit Open Source addressed a security vulnerability affecting Windows deployments related to improper handling and validation of...
GHSA-7P48-42J8-8846 Unauthenticated SSRF Vulnerability in Streamlit on Windows (NTLM Credential Exposure)
Streamlit Open Source Security Advisory 1. Impacted Products Streamlit Open Source versions prior to 1.54.0 running on Windows hosts. 2. Introduction Snowflake Streamlit Open Source addressed a security vulnerability affecting Windows deployments related to improper handling and validation of...