85669 matches found
Vantage6: Set admin user and password from environment or configuration
ImpactVantage6 currently provides an initial user with username root and password root. This is not ideal for the following reasons:- Attackers know that almost all vantage6 servers have a user with username root that probably has admin rights- The initial password is very weak and it is possible...
kas checks out SHA-like git branches as valid commits
ImpactWhen relying solely on a git commit ID SHA-1 or SHA-256 to qualify if a checkout of a repository is equivalent to the state validated while adding its commit ID to a kas configuration, users may be tricked to check out a branch of the same name from this repository. This implies that the...
PYSEC-2026-2544 kas checks out SHA-like git branches as valid commits
Impact When relying solely on a git commit ID SHA-1 or SHA-256 to qualify if a checkout of a repository is equivalent to the state validated while adding its commit ID to a kas configuration, users may be tricked to check out a branch of the same name from this repository. This implies that the...
PYSEC-2026-2463 Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows
Impact Arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows. Dulwich's path-element validator accepted tree entries whose filenames contained bytes that Windows interprets as structural path syntax: - \ — the Windows path...
compliance-trestle - jinja has an Arbitrary File Write via Path Traversal
Relevant Products/Components: trestle/core/commands/author/jinja.py trestle author jinja--- Detailed Description:The -o/--output argument in trestle author jinja allows writing files outside the intended workspace.The application does not properly validate: ../ ..\ absolute pathsThis allows...
Dulwich Vulnerable to Command Injection via Merge Driver Path
SummaryDulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the %P placeholder and executes it with subprocess.run..., shell=True. An attacker who can cause a victim to merge an untrusted...
PYSEC-2026-2423 compliance-trestle - jinja has an Arbitrary File Write via Path Traversal
Relevant Products/Components: trestle/core/commands/author/jinja.py trestle author jinja --- Detailed Description: The -o/--output argument in trestle author jinja allows writing files outside the intended workspace. The application does not properly validate: ../ ..\ absolute paths This allows...
PYSEC-2026-2464 Dulwich Vulnerable to Command Injection via Merge Driver Path
Summary Dulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the %P placeholder and executes it with subprocess.run..., shell=True. An attacker who can cause a victim to merge an untrusted...
Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows
ImpactArbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows.Dulwich's path-element validator accepted tree entries whose filenames contained bytes that Windows interprets as structural path syntax: - \ — the Windows path separator...
PYSEC-2026-2957 Prefect has an Argument Injection issue
A vulnerability in the GitHubRepository block of the prefect-github integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the reference field. The reference field is concatenated directly into a git clone command string without proper...
Prefect has an Argument Injection issue
A vulnerability in the GitHubRepository block of the prefect-github integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the reference field. The reference field is concatenated directly into a git clone command string without proper...
PYSEC-2026-3395 python-utcp: Full Process Environment Exposed to CLI Subprocess - Secrets Leakage via Command Injection
Summary prepareenvironment in clicommunicationprotocol.py passes a full copy of os.environ to every CLI subprocess. When combined with the Command Injection vulnerability CWE-78 in substituteutcpargs tracked as GHSA-33p6-5jxp-p3x4, an attacker can exfiltrate all process-level secrets in a single...
Microsoft APM: Symlinks under `.apm/prompts/` and `.apm/agents/` are dereferenced during `apm install`, copying host-local file contents into the project tree
SummaryTwo primitive integrators in apm-cli enumerate package files with bare Path.glob / Path.rglob calls and read each match with Path.readtext, transparently following symbolic links.A symlink committed inside a remote APM dependency under .apm/prompts/.prompt.md or .apm/agents/.agent.md is...
python-utcp: Full Process Environment Exposed to CLI Subprocess - Secrets Leakage via Command Injection
Summaryprepareenvironment in clicommunicationprotocol.py passes a full copy of os.environ to every CLI subprocess. When combined with the Command Injection vulnerability CWE-78 in substituteutcpargs tracked as GHSA-33p6-5jxp-p3x4, an attacker can exfiltrate all process-level secrets in a single...
PYSEC-2026-2377 Microsoft APM: Symlinks under `.apm/prompts/` and `.apm/agents/` are dereferenced during `apm install`, copying host-local file contents into the project tree
Summary Two primitive integrators in apm-cli enumerate package files with bare Path.glob / Path.rglob calls and read each match with Path.readtext, transparently following symbolic links. A symlink committed inside a remote APM dependency under .apm/prompts/.prompt.md or .apm/agents/.agent.md is...
PYSEC-2026-2444 dbt MCP Server has an Argument Injection in dbt CLI Tool Wrappers via node_selection and resource_type Parameters
Discovered through manual source code review. Verified by PoC execution against a local dbt-mcp v1.15.1 installation. Summary rundbtcommand in src/dbtmcp/dbtcli/tools.py constructs the dbt subprocess argument list by appending user-supplied MCP tool parameters without sanitization. Two independen...
PYSEC-2026-2441 dbt MCP Server Logs Tool Arguments Including SQL Queries and Credentials in Plaintext Without Redaction When File Logging Is Enabled
Discovered through manual source code review. Verified by PoC execution against a local dbt-mcp v1.15.1 installation. Summary DbtMCP.calltool in src/dbtmcp/mcp/server.py logs the complete raw arguments dictionary at INFO level on every tool invocation line 67 and again at ERROR level if the call...
dbt MCP Server Logs Tool Arguments Including SQL Queries and Credentials in Plaintext Without Redaction When File Logging Is Enabled
Discovered through manual source code review. Verified by PoC execution against a local dbt-mcp v1.15.1 installation. SummaryDbtMCP.calltool in src/dbtmcp/mcp/server.py logs the complete raw arguments dictionary at INFO level on every tool invocation line 67 and again at ERROR level if the call...
dbt MCP Server has an Argument Injection in dbt CLI Tool Wrappers via node_selection and resource_type Parameters
Discovered through manual source code review. Verified by PoC execution against a local dbt-mcp v1.15.1 installation. Summaryrundbtcommand in src/dbtmcp/dbtcli/tools.py constructs the dbt subprocess argument list by appending user-supplied MCP tool parameters without sanitization. Two independent...
Microsoft APM CLI's plugin.json component paths escape plugin root and copy arbitrary host files during install
SummaryMicrosoft APM normalizes marketplace plugins by copying plugin components referenced in plugin.json into .apm/. The manifest fields agents, skills, commands, and hooks are attacker-controlled, but the implementation does not enforce that those paths remain inside the plugin directory. A...