285926 matches found
Arbitrary Code Execution in pdfminer.six via Crafted PDF Input
Summarypdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The CMapDB.loaddata function in pdfminer.six uses pickle.loads to deserialize pickle files. These pickle files are supposed to be part of the pdfminer.six distribution stored in the...
Fugue is Vulnerable to Remote Code Execution by Pickle Deserialization via FlaskRPCServer
SummaryThe Fugue framework implements an RPC server system for distributed computing operations. In the corefunctionality of the RPC server implementation, Ifound thatthedecodefunction infugue/rpc/flask.pydirectly usescloudpickle.loadsto deserialize datawithout any sanitization. This creates a...
PYSEC-2026-1729 Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events
Summary Open WebUI v0.6.33 and below contains a code injection vulnerability in the Direct Connections feature that allows malicious external model servers to execute arbitrary JavaScript in victim browsers via Server-Sent Event SSE execute events. This leads to authentication token theft, comple...
PYSEC-2026-1135 Apache Airflow has a command injection vulnerability in "example_dag_decorator"
An example dag exampledagdecorator had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production not default or the example dag code copied to build your own...
PYSEC-2026-1680 motionEye vulnerable to RCE via unsanitized motion config parameter
Summary A command injection vulnerability in MotionEye allows attackers to achieve Remote Code Execution RCE by supplying malicious values in configuration fields exposed via the Web UI. Because MotionEye writes user-supplied values directly into Motion configuration files without sanitization,...
Apache Airflow has a command injection vulnerability in "example_dag_decorator"
An example dag exampledagdecorator had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production not default or the example dag code copied to build your own...
LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer
SummaryPrior to langgraph-checkpoint version 3.0 , LangGraph’s JsonPlusSerializer used as the default serialization protocol for all checkpointing contains a remote code execution RCE vulnerability when deserializing payloads saved in the "json" serialization mode.If an attacker can cause your...
Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events
SummaryOpen WebUI v0.6.33 and below contains a code injection vulnerability in the Direct Connections feature that allows malicious external model servers to execute arbitrary JavaScript in victim browsers via Server-Sent Event SSE execute events. This leads to authentication token theft, complet...
PYSEC-2026-1527 LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer
Summary Prior to langgraph-checkpoint version 3.0 , LangGraph’s JsonPlusSerializer used as the default serialization protocol for all checkpointing contains a remote code execution RCE vulnerability when deserializing payloads saved in the "json" serialization mode. If an attacker can cause your...
PYSEC-2026-1714 OctoPrint vulnerable to XSS in Action Commands Notification and Prompt
Impact OctoPrint versions up to and including 1.11.3 are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Action Command notification and prompt popups generated by the printer. An attacker who successfully convinces a victim to print a specially crafted fil...
motionEye vulnerable to RCE via unsanitized motion config parameter
SummaryA command injection vulnerability in MotionEye allows attackers to achieve Remote Code Execution RCE by supplying malicious values in configuration fields exposed via the Web UI. Because MotionEye writes user-supplied values directly into Motion configuration files without sanitization,...
Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE
SummaryThe functionality that inserts custom prompts into the chat window is vulnerable to DOM XSS when 'Insert Prompt as Rich Text' is enabled, since the prompt body is assigned to the DOM sink .innerHtml without sanitisation. Any user with permissions to create prompts can abuse this to plant a...
PYSEC-2026-1741 Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE
Summary The functionality that inserts custom prompts into the chat window is vulnerable to DOM XSS when 'Insert Prompt as Rich Text' is enabled, since the prompt body is assigned to the DOM sink .innerHtml without sanitisation. Any user with permissions to create prompts can abuse this to plant ...
OctoPrint vulnerable to XSS in Action Commands Notification and Prompt
ImpactOctoPrint versions up to and including 1.11.3 are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Action Command notification and prompt popups generated by the printer.An attacker who successfully convinces a victim to print a specially crafted file...
PYSEC-2026-1365 FastMCP vulnerable to windows command injection in FastMCP Cursor installer via server_name
Summary A command-injection vulnerability lets any attacker who can influence the servername field of an MCP execute arbitrary OS commands on Windows hosts that run fastmcp install cursor Details 1. generatecursordeeplinkservername, … embeds servername verbatim in a cursor://…?name= query string...
FastMCP vulnerable to windows command injection in FastMCP Cursor installer via server_name
SummaryA command-injection vulnerability lets any attacker who can influence the servername field of an MCP execute arbitrary OS commands on Windows hosts that run fastmcp install cursor Details1. generatecursordeeplinkservername, … embeds servername verbatim in a cursor://…?name= query string.2...
Authlib is vulnerable to Denial of Service via Oversized JOSE Segments
SummaryAuthlib’s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url‑encoded header or signature spans hundreds of megabytes. During verification, Authlib decodes and parses the full input before it is rejected, driving...
PYSEC-2026-1203 Authlib is vulnerable to Denial of Service via Oversized JOSE Segments
Summary Authlib’s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url‑encoded header or signature spans hundreds of megabytes. During verification, Authlib decodes and parses the full input before it is rejected, driving...
PYSEC-2026-2071 ZenML is vulnerable to Path Traversal through its `PathMaterializer` class
ZenML version 0.83.1 is affected by a path traversal vulnerability in the PathMaterializer class. The load function uses ispathwithindirectory to validate files during data.tar.gz extraction, which fails to effectively detect symbolic and hard links. This vulnerability can lead to arbitrary file...
ZenML is vulnerable to Path Traversal through its `PathMaterializer` class
ZenML version 0.83.1 is affected by a path traversal vulnerability in the PathMaterializer class. The load function uses ispathwithindirectory to validate files during data.tar.gz extraction, which fails to effectively detect symbolic and hard links. This vulnerability can lead to arbitrary file...