Lucene search
K

169 matches found

NVD
NVD
added 2026/03/30 6:16 p.m.10 views

CVE-2026-29872

A cross-session information disclosure vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 2026-01-19. The affected Streamlit-based GitHub MCP Agent stores user-supplied API tokens in process-wide environment variables using os.environ without...

8.2CVSS0.00253EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/30 12:0 a.m.2 views

CVE-2026-29872

A cross-session information disclosure vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 2026-01-19. The affected Streamlit-based GitHub MCP Agent stores user-supplied API tokens in process-wide environment variables using os.environ without...

8.2CVSS5.9AI score0.00253EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.5 views

PT-2026-29084

Name of the Vulnerable Software and Affected Versions awesome-llm-apps versions prior to commit e46690f99c3f08be80a9877fab52acacf7ab8251 Description A cross-session information disclosure issue exists in the awesome-llm-apps project. The Streamlit-based GitHub MCP Agent stores user-supplied API...

8.2CVSS5.9AI score0.00253EPSS
Exploits1References5
CVE
CVE
added 2026/03/30 12:0 a.m.6 views

CVE-2026-29872

The CVE-2026-29872 issue affects the awesome-llm-apps project, specifically a Streamlit-based GitHub MCP Agent. The underlying problem is storing user-provided API tokens in process-wide environment variables via os.environ without proper session isolation, allowing cross-session information disc...

8.2CVSS5.9AI score0.00253EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/03/30 12:0 a.m.16 views

CVE-2026-29872

A cross-session information disclosure vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 2026-01-19. The affected Streamlit-based GitHub MCP Agent stores user-supplied API tokens in process-wide environment variables using os.environ without...

0.00253EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/30 12:0 a.m.7 views

CVE-2026-29872

A cross-session information disclosure vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 2026-01-19. The affected Streamlit-based GitHub MCP Agent stores user-supplied API tokens in process-wide environment variables using os.environ without...

5.9AI score0.00253EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/27 10:51 p.m.5 views

CVE-2026-33682

Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery SSRF vulnerability. The vulnerability arises from improper validation of attacker-supplied...

4.8CVSS5.8AI score0.00282EPSS
Exploits0References1
CVE
CVE
added 2026/03/26 9:45 p.m.12 views

CVE-2026-33682

CVE-2026-33682 (Streamlit) affects Windows deployments of Streamlit Open Source up to version 1.53.x. The issue is an SSRF vulnerability caused by insufficient validation of attacker-controlled filesystem paths in component request handling (notably ComponentRequestHandler). On Windows, supplying...

4.8CVSS5.9AI score0.00282EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/26 9:45 p.m.22 views

CVE-2026-33682 Streamlit on Windows has Unauthenticated SSRF Vulnerability (NTLM Credential Exposure)

Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery SSRF vulnerability. The vulnerability arises from improper validation of attacker-supplied...

4.7CVSS0.00282EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/26 9:45 p.m.2 views

CVE-2026-33682 Streamlit on Windows has Unauthenticated SSRF Vulnerability (NTLM Credential Exposure)

Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery SSRF vulnerability. The vulnerability arises from improper validation of attacker-supplied...

4.7CVSS5.8AI score0.00282EPSS
Exploits0References3
OSV
OSV
added 2026/03/26 9:45 p.m.5 views

CVE-2026-33682 Streamlit on Windows has Unauthenticated SSRF Vulnerability (NTLM Credential Exposure)

Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery SSRF vulnerability. The vulnerability arises from improper validation of attacker-supplied...

4.7CVSS5.9AI score0.00282EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.9 views

Streamlit 代码问题漏洞

Streamlit is an open-source data-oriented Python application development framework created by Streamlit. Versions of Streamlit prior to 1.54.0 contained code vulnerabilities. These vulnerabilities stemmed from improper validation of file system paths provided by attackers, which could lead to...

4.8CVSS5.9AI score0.00282EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/25 9:20 p.m.7 views

Server-side Request Forgery (SSRF)

Overview streamlit is a The fastest way to build data apps in Python Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to improper validation of filesystem paths in the ComponentRequestHandler process. An attacker can trigger outbound SMB authentication...

4.8CVSS5.9AI score0.00282EPSS
Exploits0References3
OSV
OSV
added 2026/03/25 9:20 p.m.4 views

GHSA-7P48-42J8-8846 Unauthenticated SSRF Vulnerability in Streamlit on Windows (NTLM Credential Exposure)

Streamlit Open Source Security Advisory 1. Impacted Products Streamlit Open Source versions prior to 1.54.0 running on Windows hosts. 2. Introduction Snowflake Streamlit Open Source addressed a security vulnerability affecting Windows deployments related to improper handling and validation of...

4.7CVSS5.8AI score0.00282EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2026/03/25 9:20 p.m.3 views

ace-cm (>=0.0.1 <=0.0.4), active-framework (>=2.0.0 <=2.0.9) +379 more potentially affected by CVE-2026-33682 via streamlit (>=0.49.0 <=1.53.1)

streamlit PYPI version =0.49.0, =0.0.1, =2.0.0, =0.0.0, =1.2.1, =0.0.2, =0.0.5, =0.1.0, =0.0.0, =0.2.0, =0.2.2 and more Source cves: CVE-2026-33682 Source advisory: OSV:GHSA-7P48-42J8-8846...

4.8CVSS5.7AI score0.00282EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/25 9:20 p.m.6 views

ace-cm (>=0.0.1 <=0.0.4), active-framework (>=2.0.0 <=2.0.9) +328 more potentially affected by CVE-2026-33682 via streamlit (>=1.0.0 <=1.53.1)

streamlit PYPI version =1.0.0, =0.0.1, =2.0.0, =0.0.0, =1.2.1, =0.0.2, =0.0.5, =0.1.0, =0.0.0, =0.2.0, =0.2.2 and more Source cves: CVE-2026-33682 Source advisory: SNYK:PYTHON-STREAMLIT-15782919...

4.8CVSS5.7AI score0.00282EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/03/25 9:20 p.m.4 views

Unauthenticated SSRF Vulnerability in Streamlit on Windows (NTLM Credential Exposure)

Streamlit Open Source Security Advisory 1. Impacted Products Streamlit Open Source versions prior to 1.54.0 running on Windows hosts. 2. Introduction Snowflake Streamlit Open Source addressed a security vulnerability affecting Windows deployments related to improper handling and validation of...

4.8CVSS5.8AI score0.00282EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.14 views

PT-2026-28176

Name of the Vulnerable Software and Affected Versions Streamlit versions prior to 1.54.0 Description Streamlit Open Source versions running on Windows hosts are affected by an unauthenticated Server-Side Request Forgery SSRF issue. This arises from insufficient validation of filesystem paths...

4.7CVSS5.9AI score0.00282EPSS
Exploits0References10
GithubExploit
GithubExploit
added 2026/02/09 10:45 p.m.143 views

SQL_ARES_LZL

SQL ARES LZL - Suite de Inyección SQL Avanzada ARES LZL...

5.7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 8:34 a.m.17 views

CVE-2024-41116

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the visparams variable on line 1254 in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 1345, leading to remote code...

9.8CVSS9.7AI score0.01322EPSS
Exploits1References1
Rows per page
Query Builder