169 matches found
CVE-2026-29872
A cross-session information disclosure vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 2026-01-19. The affected Streamlit-based GitHub MCP Agent stores user-supplied API tokens in process-wide environment variables using os.environ without...
CVE-2026-29872
A cross-session information disclosure vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 2026-01-19. The affected Streamlit-based GitHub MCP Agent stores user-supplied API tokens in process-wide environment variables using os.environ without...
PT-2026-29084
Name of the Vulnerable Software and Affected Versions awesome-llm-apps versions prior to commit e46690f99c3f08be80a9877fab52acacf7ab8251 Description A cross-session information disclosure issue exists in the awesome-llm-apps project. The Streamlit-based GitHub MCP Agent stores user-supplied API...
CVE-2026-29872
The CVE-2026-29872 issue affects the awesome-llm-apps project, specifically a Streamlit-based GitHub MCP Agent. The underlying problem is storing user-provided API tokens in process-wide environment variables via os.environ without proper session isolation, allowing cross-session information disc...
CVE-2026-29872
A cross-session information disclosure vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 2026-01-19. The affected Streamlit-based GitHub MCP Agent stores user-supplied API tokens in process-wide environment variables using os.environ without...
CVE-2026-29872
A cross-session information disclosure vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 2026-01-19. The affected Streamlit-based GitHub MCP Agent stores user-supplied API tokens in process-wide environment variables using os.environ without...
CVE-2026-33682
Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery SSRF vulnerability. The vulnerability arises from improper validation of attacker-supplied...
CVE-2026-33682
CVE-2026-33682 (Streamlit) affects Windows deployments of Streamlit Open Source up to version 1.53.x. The issue is an SSRF vulnerability caused by insufficient validation of attacker-controlled filesystem paths in component request handling (notably ComponentRequestHandler). On Windows, supplying...
CVE-2026-33682 Streamlit on Windows has Unauthenticated SSRF Vulnerability (NTLM Credential Exposure)
Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery SSRF vulnerability. The vulnerability arises from improper validation of attacker-supplied...
CVE-2026-33682 Streamlit on Windows has Unauthenticated SSRF Vulnerability (NTLM Credential Exposure)
Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery SSRF vulnerability. The vulnerability arises from improper validation of attacker-supplied...
CVE-2026-33682 Streamlit on Windows has Unauthenticated SSRF Vulnerability (NTLM Credential Exposure)
Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery SSRF vulnerability. The vulnerability arises from improper validation of attacker-supplied...
Streamlit 代码问题漏洞
Streamlit is an open-source data-oriented Python application development framework created by Streamlit. Versions of Streamlit prior to 1.54.0 contained code vulnerabilities. These vulnerabilities stemmed from improper validation of file system paths provided by attackers, which could lead to...
Server-side Request Forgery (SSRF)
Overview streamlit is a The fastest way to build data apps in Python Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to improper validation of filesystem paths in the ComponentRequestHandler process. An attacker can trigger outbound SMB authentication...
GHSA-7P48-42J8-8846 Unauthenticated SSRF Vulnerability in Streamlit on Windows (NTLM Credential Exposure)
Streamlit Open Source Security Advisory 1. Impacted Products Streamlit Open Source versions prior to 1.54.0 running on Windows hosts. 2. Introduction Snowflake Streamlit Open Source addressed a security vulnerability affecting Windows deployments related to improper handling and validation of...
ace-cm (>=0.0.1 <=0.0.4), active-framework (>=2.0.0 <=2.0.9) +379 more potentially affected by CVE-2026-33682 via streamlit (>=0.49.0 <=1.53.1)
streamlit PYPI version =0.49.0, =0.0.1, =2.0.0, =0.0.0, =1.2.1, =0.0.2, =0.0.5, =0.1.0, =0.0.0, =0.2.0, =0.2.2 and more Source cves: CVE-2026-33682 Source advisory: OSV:GHSA-7P48-42J8-8846...
ace-cm (>=0.0.1 <=0.0.4), active-framework (>=2.0.0 <=2.0.9) +328 more potentially affected by CVE-2026-33682 via streamlit (>=1.0.0 <=1.53.1)
streamlit PYPI version =1.0.0, =0.0.1, =2.0.0, =0.0.0, =1.2.1, =0.0.2, =0.0.5, =0.1.0, =0.0.0, =0.2.0, =0.2.2 and more Source cves: CVE-2026-33682 Source advisory: SNYK:PYTHON-STREAMLIT-15782919...
Unauthenticated SSRF Vulnerability in Streamlit on Windows (NTLM Credential Exposure)
Streamlit Open Source Security Advisory 1. Impacted Products Streamlit Open Source versions prior to 1.54.0 running on Windows hosts. 2. Introduction Snowflake Streamlit Open Source addressed a security vulnerability affecting Windows deployments related to improper handling and validation of...
PT-2026-28176
Name of the Vulnerable Software and Affected Versions Streamlit versions prior to 1.54.0 Description Streamlit Open Source versions running on Windows hosts are affected by an unauthenticated Server-Side Request Forgery SSRF issue. This arises from insufficient validation of filesystem paths...
SQL_ARES_LZL
SQL ARES LZL - Suite de Inyección SQL Avanzada ARES LZL...
CVE-2024-41116
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the visparams variable on line 1254 in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 1345, leading to remote code...