Cloudflare Public Bug Bounty: AI Playground XSS to steal user-chat messages and access to connected MCP Server

A reflected XSS vulnerability was discovered in the AI Playground OAuth handler due to unescaped interpolation of the errordescription parameter into a script tag. The issue has been patched, and users of the open-source Agents SDK should upgrade to v0.3.10...

EUVD-2012-0101

Malware in sbrugna...

EUVD-2023-0264

Malicious code in bioql PyPI...

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. A security vulnerability exists in Open WebUI version v0.3.10, which stems from the lack of an authentication mechanism in the api/v1/utils/pdf endpoint, which allows an unauthenticated attacke...

pyspider 安全漏洞

pyspider is a powerful web crawler system open-sourced by Roy Binux. A security vulnerability exists in pyspider v0.3.10 and earlier versions, which stems from vulnerability to cross-site request forgery initiated via a Flask endpoint...

CVE-2024-39162

pyspider through 0.3.10 allows /update XSS. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2024-39162

pyspider through 0.3.10 allows /update XSS. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

PYSEC-2024-208

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the createfromblueprint builtin can result in a double eval vulnerability when rawargs=True and the args argument has side-effects. It can be seen that the buildcreateIR function of t...

PT-2024-24738 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions 0.3.10 and prior Description: The issue arises when the raw log builtin is called with memory or storage arguments to be used as topics, resulting in incorrect values being logged. This is due to the build IR function of the...

Vyper 安全漏洞

Vyper is the Pythonic smart contract language for EVM. A security vulnerability exists in Vyper 0.3.10 and prior versions, which stems from a security issue with the built-in sqrt parameter...

PT-2024-21300 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions 0.3.10 and earlier Description: The issue arises when an excessively large value is specified as the starting index for an array in abi decode, causing the read position to overflow. This results in the decoding of values outsi...

PYSEC-2024-150

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Arrays can be keyed by a signed integer, while they are defined for unsigned integers only. The typechecker doesn't throw when spotting the usage of an int as an index for an array. The typechecker allows the usage of...

Vyper Input Validation Error Vulnerability

Vyper is the Pythonic smart contract language for EVM. An input validation error vulnerability exists in Vyper 0.3.10 and earlier versions, which stems from a type checker that allows the use of signed integers as the index of an array, potentially resulting in a denial of service...

Vyper Encryption Issue Vulnerability

Vyper is the Pythonic smart contract language for EVM. A cryptographic issue exists in Vyper version 0.3.10 and prior versions, which is caused by a miscalculation of the "height" variable...

PYSEC-2024-151

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Vyper compiler allows passing a value in builtin rawcall even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due to the semantics o...

PYSEC-2024-151

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Vyper compiler allows passing a value in builtin rawcall even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due to the semantics o...

Vyper Code Issue Vulnerability

Vyper is the Pythonic smart contract language for EVM. A code issue vulnerability exists in Vyper version 0.3.10 and prior versions that stems from not disabling static and delegate calls...

PYSEC-2023-191

Vyper is a Pythonic Smart Contract Language for the EVM. The abidecode function does not validate input when it is nested in an expression. Uses of abidecode can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a...

CVE-2023-42441

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. Starting in version 0.2.9 and prior to version 0.3.10, locks of the type @nonreentrant"" or @nonreentrant'' do not produce reentrancy checks at runtime. This issue is fixed in version 0.3.10. As a workaround, ensure...

Design/Logic Flaw

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. Starting in version 0.2.9 and prior to version 0.3.10, locks of the type @nonreentrant"" or @nonreentrant'' do not produce reentrancy checks at runtime. This issue is fixed in version 0.3.10. As a workaround, ensure...