Lucene search
K

85669 matches found

PyPA
PyPA
added 2 days ago3 views

Vantage6: Set admin user and password from environment or configuration

ImpactVantage6 currently provides an initial user with username root and password root. This is not ideal for the following reasons:- Attackers know that almost all vantage6 servers have a user with username root that probably has admin rights- The initial password is very weak and it is possible...

6.9CVSS6AI score0.00292EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2 days ago3 views

kas checks out SHA-like git branches as valid commits

ImpactWhen relying solely on a git commit ID SHA-1 or SHA-256 to qualify if a checkout of a repository is equivalent to the state validated while adding its commit ID to a kas configuration, users may be tricked to check out a branch of the same name from this repository. This implies that the...

2.1CVSS6AI score0.00018EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2 days ago4 views

PYSEC-2026-2544 kas checks out SHA-like git branches as valid commits

Impact When relying solely on a git commit ID SHA-1 or SHA-256 to qualify if a checkout of a repository is equivalent to the state validated while adding its commit ID to a kas configuration, users may be tricked to check out a branch of the same name from this repository. This implies that the...

2.1CVSS6AI score0.00018EPSS
Exploits0References6
OSV
OSV
added 2 days ago3 views

PYSEC-2026-2463 Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows

Impact Arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows. Dulwich's path-element validator accepted tree entries whose filenames contained bytes that Windows interprets as structural path syntax: - \ — the Windows path...

8.8CVSS6.6AI score0.00635EPSS
Exploits0References8
PyPA
PyPA
added 2 days ago5 views

compliance-trestle - jinja has an Arbitrary File Write via Path Traversal

Relevant Products/Components: trestle/core/commands/author/jinja.py trestle author jinja--- Detailed Description:The -o/--output argument in trestle author jinja allows writing files outside the intended workspace.The application does not properly validate: ../ ..\ absolute pathsThis allows...

8.4CVSS6.4AI score0.0005EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2 days ago5 views

Dulwich Vulnerable to Command Injection via Merge Driver Path

SummaryDulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the %P placeholder and executes it with subprocess.run..., shell=True. An attacker who can cause a victim to merge an untrusted...

7.7CVSS6.5AI score0.00555EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2 days ago4 views

PYSEC-2026-2423 compliance-trestle - jinja has an Arbitrary File Write via Path Traversal

Relevant Products/Components: trestle/core/commands/author/jinja.py trestle author jinja --- Detailed Description: The -o/--output argument in trestle author jinja allows writing files outside the intended workspace. The application does not properly validate: ../ ..\ absolute paths This allows...

8.4CVSS6.4AI score0.0005EPSS
Exploits0References7
OSV
OSV
added 2 days ago3 views

PYSEC-2026-2464 Dulwich Vulnerable to Command Injection via Merge Driver Path

Summary Dulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the %P placeholder and executes it with subprocess.run..., shell=True. An attacker who can cause a victim to merge an untrusted...

7.7CVSS6.5AI score0.00555EPSS
Exploits0References7
PyPA
PyPA
added 2 days ago5 views

Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows

ImpactArbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows.Dulwich's path-element validator accepted tree entries whose filenames contained bytes that Windows interprets as structural path syntax: - \ — the Windows path separator...

8.8CVSS6.6AI score0.00635EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2 days ago3 views

PYSEC-2026-2957 Prefect has an Argument Injection issue

A vulnerability in the GitHubRepository block of the prefect-github integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the reference field. The reference field is concatenated directly into a git clone command string without proper...

8.5CVSS7.4AI score0.00298EPSS
Exploits0References5
PyPA
PyPA
added 2 days ago5 views

Prefect has an Argument Injection issue

A vulnerability in the GitHubRepository block of the prefect-github integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the reference field. The reference field is concatenated directly into a git clone command string without proper...

8.5CVSS7.4AI score0.00298EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2 days ago4 views

PYSEC-2026-3395 python-utcp: Full Process Environment Exposed to CLI Subprocess - Secrets Leakage via Command Injection

Summary prepareenvironment in clicommunicationprotocol.py passes a full copy of os.environ to every CLI subprocess. When combined with the Command Injection vulnerability CWE-78 in substituteutcpargs tracked as GHSA-33p6-5jxp-p3x4, an attacker can exfiltrate all process-level secrets in a single...

7.7CVSS6.1AI score0.00223EPSS
Exploits0References5
PyPA
PyPA
added 2 days ago4 views

Microsoft APM: Symlinks under `.apm/prompts/` and `.apm/agents/` are dereferenced during `apm install`, copying host-local file contents into the project tree

SummaryTwo primitive integrators in apm-cli enumerate package files with bare Path.glob / Path.rglob calls and read each match with Path.readtext, transparently following symbolic links.A symlink committed inside a remote APM dependency under .apm/prompts/.prompt.md or .apm/agents/.agent.md is...

7.4CVSS6.2AI score0.00654EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2 days ago5 views

python-utcp: Full Process Environment Exposed to CLI Subprocess - Secrets Leakage via Command Injection

Summaryprepareenvironment in clicommunicationprotocol.py passes a full copy of os.environ to every CLI subprocess. When combined with the Command Injection vulnerability CWE-78 in substituteutcpargs tracked as GHSA-33p6-5jxp-p3x4, an attacker can exfiltrate all process-level secrets in a single...

7.7CVSS6.1AI score0.00223EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2 days ago4 views

PYSEC-2026-2377 Microsoft APM: Symlinks under `.apm/prompts/` and `.apm/agents/` are dereferenced during `apm install`, copying host-local file contents into the project tree

Summary Two primitive integrators in apm-cli enumerate package files with bare Path.glob / Path.rglob calls and read each match with Path.readtext, transparently following symbolic links. A symlink committed inside a remote APM dependency under .apm/prompts/.prompt.md or .apm/agents/.agent.md is...

7.4CVSS6.2AI score0.00654EPSS
Exploits0References7
OSV
OSV
added 2 days ago3 views

PYSEC-2026-2444 dbt MCP Server has an Argument Injection in dbt CLI Tool Wrappers via node_selection and resource_type Parameters

Discovered through manual source code review. Verified by PoC execution against a local dbt-mcp v1.15.1 installation. Summary rundbtcommand in src/dbtmcp/dbtcli/tools.py constructs the dbt subprocess argument list by appending user-supplied MCP tool parameters without sanitization. Two independen...

6.3CVSS6.3AI score0.00018EPSS
Exploits0References6
OSV
OSV
added 2 days ago4 views

PYSEC-2026-2441 dbt MCP Server Logs Tool Arguments Including SQL Queries and Credentials in Plaintext Without Redaction When File Logging Is Enabled

Discovered through manual source code review. Verified by PoC execution against a local dbt-mcp v1.15.1 installation. Summary DbtMCP.calltool in src/dbtmcp/mcp/server.py logs the complete raw arguments dictionary at INFO level on every tool invocation line 67 and again at ERROR level if the call...

2.5CVSS6.2AI score0.00012EPSS
Exploits0References6
PyPA
PyPA
added 2 days ago5 views

dbt MCP Server Logs Tool Arguments Including SQL Queries and Credentials in Plaintext Without Redaction When File Logging Is Enabled

Discovered through manual source code review. Verified by PoC execution against a local dbt-mcp v1.15.1 installation. SummaryDbtMCP.calltool in src/dbtmcp/mcp/server.py logs the complete raw arguments dictionary at INFO level on every tool invocation line 67 and again at ERROR level if the call...

2.5CVSS6.2AI score0.00012EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago4 views

dbt MCP Server has an Argument Injection in dbt CLI Tool Wrappers via node_selection and resource_type Parameters

Discovered through manual source code review. Verified by PoC execution against a local dbt-mcp v1.15.1 installation. Summaryrundbtcommand in src/dbtmcp/dbtcli/tools.py constructs the dbt subprocess argument list by appending user-supplied MCP tool parameters without sanitization. Two independent...

6.3CVSS6.3AI score0.00018EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago4 views

Microsoft APM CLI's plugin.json component paths escape plugin root and copy arbitrary host files during install

SummaryMicrosoft APM normalizes marketplace plugins by copying plugin components referenced in plugin.json into .apm/. The manifest fields agents, skills, commands, and hooks are attacker-controlled, but the implementation does not enforce that those paths remain inside the plugin directory. A...

7.1CVSS6.2AI score0.00351EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder