33190 matches found
MetaGPT has an eval injection in metagpt/strategy/tot.py
A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function generatethoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is...
aws-mcp has a Command Injection Remote Code Execution Vulnerability
aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handlin...
Daptin has Unauthenticated Path Traversal and Zip Slip
Impact The cloudstore.file.upload action in server/actions/actioncloudstorefileupload.go writes user-supplied filenames directly to disk without proper validation. This allows unauthenticated attackers to perform path traversal and zip slip attacks, leading to arbitrary file write and potential...
mathjs Allows Improperly Controlled Modification of Dynamically-Determined Object Attributes
Impact This security vulnerability allowed executing arbitrary JavaScript via the expression parser of mathjs. You can be affected when you have an application where users can evaluate arbitrary expressions using the mathjs expression parser. Patches The issue was introduced in mathjs v13.1.0, an...
unhead: Streaming SSR `streamKey` injected into inline script without identifier validation
Summary createStreamableHead streamKey interpolated its streamKey argument directly into the streaming SSR bootstrap and suspense-chunk inline scripts without identifier validation or escaping. If an application forwards untrusted data into that configuration value, the rendered scripts become a...
rembg server is vulnerable to Server-Side Request Forgery (SSRF) and a weak default CORS configuration
GitHub Security Lab GHSL Vulnerability Report, rembg: GHSL-2024-161, GHSL-2024-162 The GitHub Security Lab team has identified potential security vulnerabilities in rembg. We are committed to working with you to help resolve these issues. In this report you will find everything you need to...
Temporal does not enforce authentication and authorization for the streaming AdminService/StreamWorkflowReplicationMessages endpoint
The frontend gRPC server's streaming interceptor chain did not include the authorization interceptor. When a ClaimMapper and Authorizer are configured, unary RPCs enforce authentication and authorization, but the streaming AdminService/StreamWorkflowReplicationMessages endpoint accepted requests...
Duplicate Advisory: GeoNode contains a server-side request forgery vulnerability in the service registration endpoint
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hw9r-6m78-w6h3. This link is maintained to preserve external references. Original Description GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side request forgery vulnerability in the...
paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass
Summary An unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in authenticated mode with default configuration. No user interaction, no credentials, just the target's address. The entire chain is six API calls. I verified every ste...
rhukster/dom-sanitizer: SVG <style> tag allows CSS injection via unfiltered url() and @import directives
Summary DOMSanitizer::sanitize allows elements in SVG content but never inspects their text content. CSS url references and @import rules pass through unfiltered, causing the browser to issue HTTP requests to attacker-controlled hosts when the sanitized SVG is rendered. Details In...
DNN: Same HostGUID for all new installs
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue...
DNN: Force Friend Request Acceptance
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user could craft a request that would force the acceptance of a friend request on another user. Version 10.2.2...
next-intl has an open redirect vulnerability
Impact Applications using the next-intl middleware with localePrefix: 'as-needed' could construct URLs where path handling and the WHATWG URL parser resolved a relative redirect target to another host e.g. scheme-relative // or control characters stripped by the URL parser, so the middleware coul...
Juju: In-Memory Token Store for Discharge Tokens Lacks Concurrency Safety and Persistence
Summary The localLoginHandlers struct in the Juju API server maintains an in-memory map to store discharge tokens following successful local authentication. This map is accessed concurrently from multiple HTTP handler goroutines without any synchronization primitive protecting it. The absence of ...
Juju: CloudSpec method leaking cloud credentials
Impact If a user has login permission to a controller and knows the controller model UUID, they can call the CloudSpec method on the Controller facade and get cloud credentials used to bootstrap the controller. The CloudSpec API is called by workers running in the controller to maintain connectio...
gramps-webapi: Zip Slip Path Traversal in Media Archive Import
Summary A path traversal vulnerability Zip Slip exists in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with directory-traversal filenames to write arbitrary files outside the intended temporary extraction directory on the...
n8n-mcp has unauthenticated session termination and information disclosure in HTTP transport
Summary Several HTTP transport endpoints in n8n-mcp lacked proper authentication, and the health check endpoint exposed sensitive operational metadata without credentials. Impact An unauthenticated attacker with network access to the n8n-mcp HTTP server could disrupt active MCP sessions and gathe...
pypdf: Manipulated XMP metadata entity declarations can exhaust RAM
Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. Patches This has been fixed in pypdf==6.10.0. Workarounds If you cannot upgrade yet, consider applying the changes from PR 3724...
Arcane has Unauthenticated SSRF with Conditional Response Reflection in Template Fetch Endpoint
Summary The /api/templates/fetch endpoint accepts a caller-supplied url parameter and performs a server-side HTTP GET request to that URL without authentication and without URL scheme or host validation. The server's response is returned directly to the caller. type. This constitutes an...
phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()
phpseclib SSH2: Variable-time comparison in HMAC verification Summary phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp, which short-circuits on the first differi...
DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased ...
basic-ftp: Incomplete CRLF Injection Protection Allows Arbitrary FTP Command Execution via Credentials and MKD Commands
Summary basic-ftp's CRLF injection protection added in commit 2ecc8e2 for GHSA-chqc-8p9q-pq6q is incomplete. Two code paths bypass the protectWhitespace control character check: 1 the login method directly concatenates user-supplied credentials into USER/PASS FTP commands without any validation,...
Flux notification-controller GCR Receiver missing email validation allows unauthorized reconciliation triggering
Impact The gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any valid Google-issued token, to authenticate against the Receiver webhook endpoint, triggering unauthorized Flux reconciliations...
Step CA affected by an index out of bounds panic in TPM attestation EKU validation
Summary An attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key AK certificate with an empty Extended Key Usage EKU extension during TPM device attestation. Details When processing a device-attest-01 ACME challenge using TPM attestation, Step CA...
LangSmith Client SDKs has Prototype Pollution in langsmith-sdk via Incomplete `__proto__` Guard in Internal lodash `set()`
GHSA-fw9q-39r9-c252: Prototype Pollution via Incomplete Lodash set Guard in langsmith-sdk Severity: Medium CVSS 5.6 Status: Fixed in 0.5.18 --- Summary The LangSmith JavaScript/TypeScript SDK langsmith contains an incomplete prototype pollution fix in its internally vendored lodash set utility. T...
goshs has a file-based ACL authorization bypass in goshs state-changing routes
Summary goshs enforces the documented per-folder .goshs ACL/basic-auth mechanism for directory listings and file reads, but it does not enforce the same authorization checks for state-changing routes. An unauthenticated attacker can upload files with PUT, upload files with multipart POST /upload,...
goshs is Missing Write Protection for Parametric Data Values
Summary The SFTP command rename sanitizes only the source path and not the destination, so it is possible to write outside of the root directory of the SFTP. Details Here is the issue: go // helper.go:155-215 func cmdFileroot string, r sftp.Request, ip string, sftpServer SFTPServer error fullPath...
Rembg has a Path Traversal via Custom Model Loading
Summary A path traversal vulnerability in the rembg HTTP server allows unauthenticated remote attackers to read arbitrary files from the server's filesystem. By sending a crafted request with a malicious modelpath parameter, an attacker can force the server to attempt loading any file as an ONNX...
nimiq-blockchain is missing a wall-clock upper bound on block timestamps
Impact Block timestamp validation enforces that timestamp = parent.timestamp for non-skip blocks and timestamp == parent.timestamp + MINPRODUCERTIMEOUT for skip blocks, but there is no visible upper bound check against the wall clock. A malicious block-producing validator can set block timestamps...
ajenti.plugin.core has race conditions in 2FA
Impact If the 2FA was activated, it was possible during a short moment after the authentication of an user to bypass its authentication. Patches This is fixed in the version 0.112. Users should upgrade to this version as soon as possible...
xrootd has path traversal in directory listing that allows access to the parent directory via trailing ".." pattern
Summary A path traversal vulnerability in XRootD allows users to escape the exported directory scope and enumerate the contents of the parent directory by appending /.. specifically without trailing slash to an exported path in xrdfs ls or HTTP PROPFIND requests. This bypass ignores the all.expor...
Ech0 has Stored XSS via SVG Upload and Content-Type Validation Bypass in File Upload
Summary The file upload endpoint validates Content-Type using only the client-supplied multipart header, with no server-side content inspection or file extension validation. Combined with an unauthenticated static file server that determines Content-Type from file extension, this allows an admin ...
Ech0 has SSRF via DNS Resolution Bypass in Webhook URL Validation
Summary The validateWebhookURL function in webhooksettingservice.go attempts to block webhooks targeting private/internal IP addresses, but only checks literal IP strings via net.ParseIP. Hostnames that DNS-resolve to private IPs e.g., 169.254.169.254.nip.io, 10.0.0.1.nip.io bypass all checks,...
Ech0's Missing Authorization on System Logs Allows Non-Admin Information Disclosure
Summary The system log endpoints GET /api/system/logs, GET /api/system/logs/stream, WS /ws/system/logs lack authorization checks, allowing any authenticated non-admin user to read and stream all server logs. These logs contain error stack traces, internal file paths, module names, and arbitrary...
Ech0 Comment Panel Endpoints Missing RequireScopes Middleware — Scoped Access Token Bypass
Summary All 9 comment panel admin endpoints /api/panel/comments/ are missing RequireScopes middleware, while every other admin endpoint in the application enforces scope-based authorization on access tokens. An admin-issued access token scoped to minimal permissions e.g., echo:read only can perfo...
Ech0 Scope Bypass: profile:read Access Token Can Change Admin Password and Escalate to Unrestricted Session
Summary The PUT /user endpoint is protected by RequireScopes"profile:read", which is a read-only scope. However, the endpoint performs write operations including password changes. An attacker who obtains an admin's restricted profile:read access token can change the admin's password, then login t...
ajenti.plugin.core has password bypass when 2FA is activated
Impact If the 2FA was activated, it was possible to bypass the password authentication Patches This is fixed in the version 0.112. Users should upgrade to this version as soon as possible...
Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain
Vulnerability Disclosure: Unrestricted Cloud Metadata Exfiltration via Header Injection Chain Summary The Axios library is vulnerable to a specific gadget-style attack chain in which prototype pollution in a third-party dependency may be leveraged to inject unsanitized header values into outbound...
REDAXO has reflected XSS backend packages API via function parameter (CSRF token required)
Summary A reflected XSS vulnerability has been identified in the REDAXO backend. The function parameter is concatenated into an API error message and rendered without HTML escaping. --- Details Root cause User input function is injected into an exception message, then rendered by rexview::error...
REDAXO has reflected XSS in backend Metainfo API via type parameter (CSRF token required)
Summary A reflected XSS vulnerability has been identified in the REDAXO backend. The type parameter is concatenated into an API error message and rendered without HTML escaping. --- Details Root cause User input type is injected into an exception message, then rendered by rexview::error which...
Ech0: Missing authorization on dashboard log endpoints allows low-privilege users to access sensitive system logs
Summary Ech0 allows any authenticated user to read historical system logs and subscribe to live log streams because the dashboard log endpoints validate only that a JWT is present and valid, but do not require an administrator role or privileged scope. Impact Any valid user session can access GET...
Ech0: Scoped admin access tokens can bypass least-privilege controls on privileged endpoints, including backup export
Summary Ech0 scoped access tokens do not reliably enforce least privilege: multiple privileged admin routes omit scope checks, and the backup export handler strips token scope metadata entirely, allowing a low-scope admin access token to reach broader admin functionality than intended. Impact An...
uv vulnerable to arbitrary file deletion through RECORD entries
Impact Wheel RECORD entries can contain relative paths that traverse outside of the wheel’s installation prefix. In versions 0.11.5 and earlier of uv, these wheels were not rejected on installation and the RECORD was respected without validation on uninstall. uv uses the RECORD to determine files...
PraisonAI Browser Server allows unauthenticated WebSocket clients to hijack connected extension sessions
Summary praisonai browser start exposes the browser bridge on 0.0.0.0 by default, and its /ws endpoint accepts websocket clients that omit the Origin header entirely. An unauthenticated network client can connect as a fake controller, send startsession, cause the server to forward startautomation...
PraisonAI has critical RCE via `type: job` workflow YAML
praisonai workflow run loads untrusted YAML and if type: job executes steps through JobWorkflowExecutor in jobworkflow.py. This supports: - run: → shell command execution via subprocess.run - script: → inline Python execution via exec - python: → arbitrary Python script execution A malicious YAML...
PraisonAI Vulnerable to RCE via Automatic tools.py Import
PraisonAI automatically imports ./tools.py from the current working directory when launching certain components. This includes call.py, toolresolver.py, and CLI tool-loading paths. A malicious tools.py placed in the process working directory is executed immediately, allowing arbitrary Python code...
SiYuan: Publish Reader Path Traversal Delete via `removeUnusedAttributeView`
Summary The endpoint /api/av/removeUnusedAttributeView is vulnerable to a path traversal CWE-22 that allows an attacker to delete arbitrary .json files on the server. The issue arises because user-controlled input id is directly used in filesystem path construction without validation or...
SiYuan: Publish Reader Can Arbitrarily Delete Attribute View Files via `/api/av/removeUnusedAttributeView`
Summary An authenticated publish-service reader can invoke /api/av/removeUnusedAttributeView and cause persistent deletion of arbitrary attribute view AV definition files from the workspace. The route is protected only by generic CheckAuth, which accepts publish RoleReader requests. The handler...
PraisonAI: SQLiteConversationStore didn't validate table_prefix when constructing SQL queries
Summary The tableprefix configuration value is directly used to construct SQL table identifiers without validation. If an attacker controls this value, they can manipulate SQL query structure, leading to unauthorized data access e.g., reading internal SQLite tables such as sqlitemaster and...
Bugsink affected by authenticated arbitrary file write in artifactbundle/assemble
Authenticated arbitrary file write in artifact bundle assembly Summary An authenticated file write vulnerability was identified in Bugsink 2.1.0 in the artifact bundle assembly flow. A user with a valid authentication token could cause the application to write attacker-controlled content to a...