90 matches found
Incorrect Behavior Order: Validate Before Canonicalize
Overview Affected versions of this package are vulnerable to Incorrect Behavior Order: Validate Before Canonicalize in the parsing of Git objects with malformed or ambiguous commit or tag objects. An attacker can cause inconsistent interpretation of object metadata or signature validation by...
EUVD-2026-23866
pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior only proceeds wit...
CVE-2026-3902
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...
PT-2026-30867
Name of the Vulnerable Software and Affected Versions Django versions 6.0 through 6.0.3, 5.2 through 5.2.12, and 4.2 through 4.2.29 Description The ASGIRequest component allows a remote attacker to spoof headers due to an ambiguous mapping of header variants with hyphens or with underscores to a...
[SECURITY] Fedora 43 Update: python-ply-3.11-33.fc43
PLY is a straightforward lex/yacc implementation. Here is a list of its essential features: It is implemented entirely in Python. It uses LR-parsing which is reasonably efficient and well suited for larger grammars. PLY provides most of the standard lex/yacc features including support for empty...
[SECURITY] Fedora 44 Update: python-ply-3.11-33.fc44
PLY is a straightforward lex/yacc implementation. Here is a list of its essential features: It is implemented entirely in Python. It uses LR-parsing which is reasonably efficient and well suited for larger grammars. PLY provides most of the standard lex/yacc features including support for empty...
GHSA-P2M9-WCP5-6QW3 multipart vulnerable to ReDoS in `parse_options_header()`
Summary The parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted HTTP or multipart segment headers. This can be abused for denial of service DoS attacks against web...
multipart vulnerable to ReDoS in `parse_options_header()`
Summary The parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted HTTP or multipart segment headers. This can be abused for denial of service DoS attacks against web...
Regular Expression Denial of Service (ReDoS)
Overview multipart is a Parser for multipart/form-data Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the parseoptionsheader function due to the use of a regular expression with ambiguous alternation. An attacker can cause significant resource...
GO-2026-4638 WeKnora Vulnerable to Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection in github.com/Tencent/WeKnora
WeKnora Vulnerable to Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection in github.com/Tencent/WeKnora...
CVE-2026-30856 WeKnora: Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution. By exploiting an ambiguous naming...
CVE-2026-30856 WeKnora: Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution. By exploiting an ambiguous naming...
CVE-2026-30856 WeKnora: Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution. By exploiting an ambiguous naming...
PT-2026-23799
Name of the Vulnerable Software and Affected Versions WeKnora versions prior to 0.3.0 Description WeKnora, an LLM-powered framework for deep document understanding and semantic retrieval, is susceptible to a vulnerability involving tool name collision and indirect prompt injection. A malicious...
Cryptographic Semantic Binding Flaw
ALTCHA libraries are vulnerable to a cryptographic semantic binding flaw. The vulnerability is due to ambiguous HMAC binding between challenge parameters and the nonce, which allows an attacker to splice or reinterpret a valid proof-of-work submission for example by modifying the expiration value...
ibexa/user login enumerates user accounts
Impact In v5, error messages could provide enough information to tell whether a user exists or not. This is resolved by ensuring the error messages are sufficiently ambigious. Patches See "Patched versions". Workarounds None. Resources...
EUVD-2023-12504
Malicious code in bioql PyPI...
EUVD-2025-24678
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-0450
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 8.1 to 15.8.5, and from 15.9 to 15.9.4, and from 15.10 to 15.10.1. It was possible t...
PT-2025-34934 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 18.1.5 GitLab CE/EE versions 18.2 through 18.2.5 GitLab CE/EE versions 18.3 through 18.3.1 Description: An issue exists in GitLab CE/EE where an authenticated attacker could distribute malicious code that appear...