Symlink Attack

Overview @boxlite-ai/boxlite is a BoxLite - Embeddable micro-VM runtime for secure, isolated code execution Affected versions of this package are vulnerable to Symlink Attack via improper path resolution during extraction of OCI image layer tarballs. An attacker can write arbitrary files to...

Authorization Bypass Through User-Controlled Key

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the chatcompletion process. An attacker can access and continue another user's conversation by supplying a known Chat ID in API requests. This is only...

Server-side Request Forgery (SSRF)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the validateurl function in the URL validation component. An attacker can bypass private-address checks by supplying a hostname that resolves to a private IPv6 address...

CVE-2026-42193

Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, the /webhooks/sns endpoint accepts Amazon SNS notification payloads from unauthenticated requests without verifying the SNS signature, certificate, or topic ARN, meaning anyone can forge a valid-looking webhoo...

Missing Authorization

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization via the validatecollectionaccess function. An attacker can obtain sensitive metadata, such as IDs, names, and descriptions of all knowledge bases across users, by sending crafted API...

Unsound access to padding bytes while serializing date/time values using the Mysql backend

Diesel-async uses the mysql-async crate for interacting with Mysql compatible databases. This library already provides access to deserialized data for date/time releated types. Diesel-async then translated these deserialized data back to their serialized binary representation to hook into diesels...

CVE-2026-7397

A security flaw has been discovered in NousResearch hermes-agent 0.8.0. This affects the function checksensitivepath of the file tools/filetools.py. The manipulation results in symlink following. Attacking locally is a requirement. The exploit has been released to the public and may be used for...

PT-2026-35969

A security flaw has been discovered in NousResearch hermes-agent 0.8.0. This affects the function check sensitive path of the file tools/file tools.py. The manipulation results in symlink following. Attacking locally is a requirement. The exploit has been released to the public and may be used fo...

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error during the intra-handshake attestation.. An attacker can impersonate a trusted service endpoint and gain unauthorized access to sensitive data or operations by extracting the ephemeral TLS private key through...

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error during the intra-handshake attestation.. An attacker can impersonate a trusted service endpoint and gain unauthorized access to sensitive data or operations by extracting the ephemeral TLS private key through...

CVE-2025-66249

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache Livy. This issue affects Apache Livy: from 0.3.0 before 0.9.0. The vulnerability can only be exploited with non-default Apache Livy Server settings. If the configuration value...

EUVD-2025-208637

Malicious configuration can lead to unauthorized file access in Apache Livy. This issue affects Apache Livy 0.7.0 and 0.8.0 when connecting to Apache Spark 3.1 or later. A request that includes a Spark configuration value supported from Apache Spark version 3.1 can lead to users gaining access to...

Apache Livy: Restrict file access

Malicious configuration can lead to unauthorized file access in Apache Livy. This issue affects Apache Livy 0.7.0 and 0.8.0 when connecting to Apache Spark 3.1 or later. A request that includes a Spark configuration value supported from Apache Spark version 3.1 can lead to users gaining access to...

CVE-2025-66249

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache Livy. This issue affects Apache Livy: from 0.3.0 before 0.9.0. The vulnerability can only be exploited with non-default Apache Livy Server settings. If the configuration value...

CVE-2025-60012

Malicious configuration can lead to unauthorized file access in Apache Livy. This issue affects Apache Livy 0.7.0 and 0.8.0 when connecting to Apache Spark 3.1 or later. A request that includes a Spark configuration value supported from Apache Spark version 3.1 can lead to users gaining access to...

CVE-2025-66249 Apache Livy: Unauthorized directory access

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache Livy. This issue affects Apache Livy: from 0.3.0 before 0.9.0. The vulnerability can only be exploited with non-default Apache Livy Server settings. If the configuration value...

Allocation of Resources Without Limits or Throttling

Overview tenso is a High-performance zero-copy tensor protocol Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to missing bounds checks during tensor deserialization. An attacker can exploit this by providing crafted serialized data tha...

CVE-2024-13903 quickjs-ng QuickJS qjs quickjs.c JS_GetRuntime stack-based overflow

A vulnerability was found in quickjs-ng QuickJS up to 0.8.0. It has been declared as problematic. Affected by this vulnerability is the function JSGetRuntime of the file quickjs.c of the component qjs. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely...

Double Free

Overview Affected versions of this package are vulnerable to Double Free due to improper loop checks in the poolfree function, which is part of the pool series allocator alongside poolmalloc and poolrealloc. An attacker can execute arbitrary code remotely by exploiting this flaw. PoC c include...

PT-2022-27995 · Unknown · Usememos/Memos

Name of the Vulnerable Software and Affected Versions: usememos/memos versions prior to 0.9.0 Description: The issue is related to an Authorization Bypass Through User-Controlled Key and Improper Authentication in the usememos/memos GitHub repository. Recommendations: For versions prior to 0.9.0,...