Lucene search
K

181 matches found

RedhatCVE
RedhatCVE
added 6 days ago6 views

CVE-2026-58203

A flaw was found in the pydantic-settings component. When configured to handle nested secrets, this vulnerability allows an attacker to read sensitive files from outside the designated secrets directory. By placing a specially crafted symbolic link within the secrets directory, an attacker can...

5.3CVSS5.9AI score0.00138EPSS
Exploits0References4
NVD
NVD
added 2026/07/06 4:16 p.m.8 views

CVE-2026-58203

pydantic-settings provides settings management using Pydantic. From 2.12.0 until 2.14.2, NestedSecretsSettingsSource reads secret values from files in a configured secretsdir. When secretsnestedsubdir=True, a directory entry inside secretsdir that is a symbolic link pointing outside secretsdir is...

5.3CVSS0.00138EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/07/06 2:24 p.m.6 views

CVE-2026-58203

pydantic-settings provides settings management using Pydantic. From 2.12.0 until 2.14.2, NestedSecretsSettingsSource reads secret values from files in a configured secretsdir. When secretsnestedsubdir=True, a directory entry inside secretsdir that is a symbolic link pointing outside secretsdir is...

5.3CVSS6AI score0.00138EPSS
Exploits0
EUVD
EUVD
added 2026/07/06 2:24 p.m.15 views

EUVD-2026-41878

pydantic-settings provides settings management using Pydantic. From 2.12.0 until 2.14.2, NestedSecretsSettingsSource reads secret values from files in a configured secretsdir. When secretsnestedsubdir=True, a directory entry inside secretsdir that is a symbolic link pointing outside secretsdir is...

5.3CVSS6AI score0.00138EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 2:24 p.m.4 views

CVE-2026-58203

pydantic-settings provides settings management using Pydantic. From 2.12.0 until 2.14.2, NestedSecretsSettingsSource reads secret values from files in a configured secretsdir. When secretsnestedsubdir=True, a directory entry inside secretsdir that is a symbolic link pointing outside secretsdir is...

5.3CVSS6AI score0.00138EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/06 2:24 p.m.19 views

CVE-2026-58203

CVE-2026-58203 affects pydantic-settings, specifically NestedSecretsSettingsSource. From 2.12.0 through 2.14.2, when secrets_nested_subdir is true, a directory entry that is a symbolic link to outside secrets_dir is followed, enabling reading files outside the configured directory and bypassing s...

5.3CVSS6AI score0.00138EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/29 11:50 a.m.9 views

PYSEC-2026-435 Open WebUI has an LDAP Empty Password Authentication Bypass

LDAP Empty Password Authentication Bypass Affected Component LDAP authentication endpoint: - backend/openwebui/routers/auths.py lines 468-477, user bind with empty password - backend/openwebui/models/auths.py lines 58-60, LdapForm model Affected Versions Current main branch commit 6fdd19bf1 and...

9.1CVSS6AI score0.01461EPSS
Exploits1References5
Fedora
Fedora
added 2026/06/29 1:11 a.m.18 views

[SECURITY] Fedora 43 Update: python-pydantic-settings-2.14.2-1.fc43

Settings management using pydantic...

5.8AI score
Exploits0
Fedora
Fedora
added 2026/06/28 12:58 a.m.8 views

[SECURITY] Fedora 44 Update: python-pydantic-settings-2.14.2-1.fc44

Settings management using pydantic...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/06/26 7:17 p.m.12 views

EUVD-2026-37512

pydantic-ai: SSRF blocklist bypass via IPv4-compatible, SIIT/IVI, and local NAT64 IPv6 addresses incomplete fix of CVE-2026-46678...

6.8CVSS5.8AI score0.00332EPSS
Exploits0References5
OSV
OSV
added 2026/06/26 7:17 p.m.4 views

GHSA-CG7W-RG45-PC59 pydantic-ai: SSRF blocklist bypass via IPv4-compatible, SIIT/IVI, and local NAT64 IPv6 addresses (incomplete fix of CVE-2026-46678)

Summary When an application using Pydantic AI opts a URL into forcedownload='allow-local' which disables the default block on private/internal IPs and runs on a network that routes the affected IPv6 transition forms NAT64- or ISATAP-configured networks, the cloud-metadata blocklist could be...

6.8CVSS5.8AI score0.00332EPSS
Exploits0References6
Snyk
Snyk
added 2026/06/19 10:10 p.m.7 views

Symlink Attack

Overview pydantic-settings is a Settings management using Pydantic Affected versions of this package are vulnerable to Symlink Attack in the NestedSecretsSettingsSource process when secretsnestedsubdir is enabled and a symbolic link inside the configured secrets directory points outside of it. An...

5.3CVSS6AI score0.00138EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.11 views

PT-2026-55944

Name of the Vulnerable Software and Affected Versions pydantic-settings versions 2.12.0 through 2.14.1 Description The NestedSecretsSettingsSource reads secret values from files within a configured secrets dir. When the secrets nested subdir variable is set to true, the system follows symbolic...

5.3CVSS6AI score0.00138EPSS
Exploits0References9
OSV
OSV
added 2026/06/18 3:49 a.m.16 views

ROOT-APP-PYPI-CVE-2024-3772 CVE-2024-3772 in rootio-pydantic - Patched by Root

Root has patched CVE-2024-3772 in the rootio-pydantic package for Root:PyPI. Multiple fixed versions available...

5.9CVSS5.4AI score0.00949EPSS
Exploits1
NVD
NVD
added 2026/06/17 1:20 p.m.10 views

CVE-2026-48782

Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. In versions 1.56.0 through 1.101.0, 2.0.0b1, and 2.0.0b2, the cloud-metadata blocklist could be bypassed by encoding the metadata IP in an IPv6 transition form that the previous fix, CVE-2026-46678...

6.8CVSS0.00332EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/17 7:14 a.m.12 views

CVE-2026-48782

A flaw was found in Pydantic AI, where its cloud-metadata blocklist could be bypassed. This vulnerability allows an attacker to expose cloud IAM Identity and Access Management short-term credentials. The bypass occurs when an application using Pydantic AI is configured to allow local file downloa...

6.8CVSS5.3AI score0.00332EPSS
Exploits0References7
CVE
CVE
added 2026/06/16 10:49 p.m.33 views

CVE-2026-48782

CVE-2026-48782 affects Pydantic AI (versions 1.56.0–1.101.0, 2.0.0b1, 2.0.0b2) where the cloud-metadata blocklist can be bypassed by IPv6 transition forms that previous fixes did not decode. The IPv6 forms bypassing the blocklist can expose cloud IAM short-term credentials when an app uses force_...

6.8CVSS5.3AI score0.00332EPSS
Exploits0References4
OSV
OSV
added 2026/06/16 10:49 p.m.2 views

CVE-2026-48782 pydantic-ai: SSRF blocklist bypass via IPv4-compatible, SIIT/IVI, and local NAT64 IPv6 addresses (incomplete fix of CVE-2026-46678)

Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. In versions 1.56.0 through 1.101.0, 2.0.0b1, and 2.0.0b2, the cloud-metadata blocklist could be bypassed by encoding the metadata IP in an IPv6 transition form that the previous fix, CVE-2026-46678...

6.8CVSS5.9AI score0.00332EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.20 views

PT-2026-50129

Summary When an application using Pydantic AI opts a URL into force download='allow-local' which disables the default block on private/internal IPs and runs on a network that routes the affected IPv6 transition forms NAT64- or ISATAP-configured networks, the cloud-metadata blocklist could be...

6.8CVSS6.1AI score0.00332EPSS
Exploits0References14
GithubExploit
GithubExploit
added 2026/06/10 9:49 a.m.64 views

Fulcrum-OSINT-monitor

FULCRUM — Architecture Technique v3.1 Vue d'ensemble FULC...

5.5AI score
Exploits0
Rows per page
Query Builder