Lucene search
+L

4 matches found

osv
osv
added 2026/06/17 9:34 p.m.7 views

GHSA-4PQM-J46F-795X Hermes Agent contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin validation

Hermes Agent before 0.16.0 contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin validation. FastAPI HTTP middleware does not execute for WebSocket upgrade requests on /api/pty, /api/ws, /api/pub, and /api/events endpoints, enabling...

8.7CVSS6AI score0.006EPSS
Exploits0References7
vulnrichment
vulnrichment
added 2026/05/15 2:13 a.m.10 views

CVE-2026-2652 Authentication Bypass in mlflow/mlflow

A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled --app-name basic-auth and served via uvicorn ASGI. The FastAPI permission middleware only enforces authentication on /gateway/...

8.6CVSS7.5AI score0.01502EPSS
Exploits1References2
ossf
ossf
added 2026/03/13 8:20 p.m.8 views

Malicious code in fastapi-middleware-cors (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 305178589615e2247b892b3e305e5fd69a0fc02092f0b115b6b384441f5ddd46 Library disguised as FastAPI helper is executing obfuscated code during importing the module. The code is highly obfuscated; the code seems to contain an...

5.8AI score
Exploits0References1
osv
osv
added 2024/07/15 8:15 p.m.73 views

UBUNTU-CVE-2024-40627

Fastapi OPA is an opensource fastapi middleware which includes auth flow. HTTP OPTIONS requests are always allowed by OpaMiddleware, even when they lack authentication, and are passed through directly to the application. OpaMiddleware allows all HTTP OPTIONS requests without evaluating it against...

5.8CVSS5.8AI score0.00563EPSS
Exploits0References5
Rows per page
Query Builder