33181 matches found
phpMyFAQ: SVG Sanitizer Bypass via HTML Entity Encoding Leads to Stored XSS and Privilege Escalation
Summary The regex-based SVG sanitizer in phpMyFAQ SvgSanitizer.php can be bypassed using HTML entity encoding in javascript: URLs within SVG attributes. Any user with editfaq permission can upload a malicious SVG that executes arbitrary JavaScript when viewed, enabling privilege escalation from...
phpMyFAQ has a LIKE Wildcard Injection in Search.php — Unescaped % and _ Metacharacters Enable Broad Content Disclosure
Summary The searchCustomPages method in phpmyfaq/src/phpMyFAQ/Search.php uses realescapestring via escape to sanitize the search term before embedding it in LIKE clauses. However, realescapestring does not escape SQL LIKE metacharacters % match any sequence and match any single character. An...
ONNX: TOCTOU arbitrary file read/write in save_external_dat
Summary The saveexternaldata method seems to include multiple issues introducing a local TOCTOU vulnerability, an arbitrary file read/write on any system. It potentially includes a path validation bypass on Windows systems. Regarding the TOCTOU, an attacker seems to be able to overwrite victim's...
Ferret: Path Traversal in IO::FS::WRITE allows arbitrary file write when scraping malicious websites
Summary A path traversal vulnerability in Ferret's IO::FS::WRITE standard library function allows a malicious website to write arbitrary files to the filesystem of the machine running Ferret. When an operator scrapes a website that returns filenames containing ../ sequences, and uses those...
Nhost Leaks Refresh Tokens via URL Query Parameter in OAuth Provider Callback
Refresh Token Leaked via URL Query Parameter in OAuth Provider Callback Summary The auth service's OAuth provider callback flow places the refresh token directly into the redirect URL as a query parameter. Refresh tokens in URLs are logged in browser history, server access logs, HTTP Referer...
PraisonAI Has Authentication Bypass via OAuthManager.validate_token()
Summary OAuthManager.validatetoken returns True for any token not found in its internal store, which is empty by default. Any HTTP request to the MCP server with an arbitrary Bearer token is treated as authenticated, granting full access to all registered tools and agent capabilities. Details...
PraisonAI Has Missing Authentication in WebSocket Gateway
Summary The PraisonAI Gateway server accepts WebSocket connections at /ws and serves agent topology at /info with no authentication. Any network client can connect, enumerate registered agents, and send arbitrary messages to agents and their tool sets. Details gateway/server.py:242 source -...
PraisonAI Has SSRF in FileTools.download_file() via Unvalidated URL
Summary FileTools.downloadfile in praisonaiagents validates the destination path but performs no validation on the url parameter, passing it directly to httpx.stream with followredirects=True. An attacker who controls the URL can reach any host accessible from the server including cloud metadata...
PraisonAI Has Sandbox Escape via shell=True and Bypassable Blocklist in SubprocessSandbox
Summary SubprocessSandbox in all modes BASIC, STRICT, NETWORKISOLATED calls subprocess.run with shell=True and relies solely on string-pattern matching to block dangerous commands. The blocklist does not include sh or bash as standalone executables, allowing trivial sandbox escape in STRICT mode...
AVideo has Stored XSS via Unescaped Menu Item Fields in TopMenu Plugin
Summary The TopMenu plugin renders menu item fields icon classes, URLs, and text labels directly into HTML without applying htmlspecialchars or any other output encoding. Since menu items are rendered on every public page through plugin hooks, a single malicious menu entry results in stored...
KubeAI: OS Command Injection via Model URL in Ollama Engine startup probe allows arbitrary command execution in model pods
CHAMP: Description Summary The ollamaStartupProbeScript function in internal/modelcontroller/engineollama.go constructs a shell command string using fmt.Sprintf with unsanitized model URL components ref, modelParam. This shell command is executed via bash -c as a Kubernetes startup probe. An...
PraisonAI: SSRF via Unvalidated api_base in passthrough() Fallback
Summary passthrough and apassthrough in praisonai accept a caller-controlled apibase parameter that is concatenated with endpoint and passed directly to httpx.Client.request when the litellm primary path raises AttributeError. No URL scheme validation, private IP filtering, or domain allowlist is...
PraisonAI Has ReDoS via Unvalidated User-Controlled Regex in MCPToolIndex.search_tools()
Summary MCPToolIndex.searchtools compiles a caller-supplied string directly as a Python regular expression with no validation, sanitization, or timeout. A crafted regex causes catastrophic backtracking in the re engine, blocking the Python thread for hundreds of seconds and causing a complete...
PraisonAI Has Second-Order SQL Injection in `get_all_user_threads`
Summary The getalluserthreads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via updatethread. When the application loads the thread list, the injected payload executes and grants full database...
PraisonAI: OS Command Injection in MCPHandler.parse_mcp_command()
Summary The --mcp CLI argument is passed directly to shlex.split and forwarded through the call chain to anyio.openprocess with no validation, allowlist check, or sanitization at any hop, allowing arbitrary OS command execution as the process user. Details cli/features/mcp.py:61 source -...
PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution
Summary runpython in praisonai constructs a shell command string by interpolating user-controlled code into python3 -c "" and passing it to subprocess.run..., shell=True. The escaping logic only handles \ and ", leaving $ and backtick substitutions unescaped, allowing arbitrary OS command executi...
PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code
Summary executecode in praisonai-agents runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed by passing a str subclass with an overridden startswith method to the safegetattr wrapper, achieving arbitrary OS command execution on the host. Details pythontools.py:2...
Parser Server's streaming file download bypasses afterFind file trigger authorization
Impact File downloads via HTTP Range requests bypass the afterFindParse.File trigger and its validators on storage adapters that support streaming e.g. the default GridFS adapter. This allows access to files that should be protected by afterFind trigger authorization logic or built-in validators...
Tesla Fleet Telemetry allows spoofing telemetry for arbitrary vehicles via compromised vehicle credentials
Summary A vulnerability in vehicle authentication allows threat actor with valid client credentials i.e., a private key and certificate from a rooted infotainment system to impersonate arbitrary VINs when authenticating to the telemetry server. Impact The attacker would be able to submit falsifie...
Ella Core Has Audit Log Falsification via Path/Body IMSI Mismatch in UpdateSubscriber
Summary The PUT /api/v1/subscriber/imsi API accepts an IMSI identifier from both the URL path and the JSON request body but never verifies they match. This allows an authenticated NetworkManager to modify any subscriber's policy while the audit trail records a fabricated or unrelated subscriber...
Ella Core Panics Upon NGAP handover failure
Summary Ella Core panics when processing a NGAP handover failure message. Impact If an attacker can force a gNodeB to send NGAP handover failure messages to Ella Core, the process will crash, thereby disrupting service for all connected subscribers. Fix Improve guards in NGAP handover handlers...
Haraka affected by DoS via `__proto__` email header
Summary Sending an email with proto: as a header name crashes the Haraka worker process. Details The header parser at nodemodules/haraka-email-message/lib/header.js:215-218 stores headers in a plain object: javascript addheaderkey, value, method this.headerskey ??= // line 216 this.headerskeymeth...
Copier `_external_data` allows path traversal and absolute-path local file read without unsafe mode
Summary Copier's externaldata feature allows a template to load YAML files using template-controlled paths. The documentation describes these values as relative paths from the subproject destination, so relative paths themselves appear to be part of the intended feature model. However, the curren...
phpMyFAQ: Stored XSS via Regex Bypass in Filter::removeAttributes()
Summary The sanitization pipeline for FAQ content is: 1. Filter::filterVar$input, FILTERSANITIZESPECIALCHARS — encodes , ", ', & to HTML entities 2. htmlentitydecode$input, ENTQUOTES | ENTHTML5 — decodes entities back to characters 3. Filter::removeAttributes$input — removes dangerous HTML...
phpMyFAQ: Path Traversal - Arbitrary File Deletion in MediaBrowserController
Summary The MediaBrowserController::index method handles file deletion for the media browser. When the fileRemove action is triggered, the user-supplied name parameter is concatenated with the base upload directory path without any path traversal validation. The FILTERSANITIZESPECIALCHARS filter...
Copier `_subdirectory` allows template root escape via parent-directory traversal
Summary Copier's subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-directory traversal such as .. and uses it directly when selecting the template root. As a result, a template can escape its own directory and ma...
dbgate-web: Stored XSS in applicationIcon leads to potential RCE in Electron due to unsafe renderer configuration
Summary A stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML without sanitization. In the web UI this allows script execution in another user's browser; in the Electron desktop app this can escalate to local code execution because...
ewe Has Improper Neutralization of CRLF Sequences in HTTP Headers (HTTP Request/Response Splitting)
Summary The encodeheaders function in src/ewe/internal/encoder.gleam directly interpolates response header keys and values into raw HTTP bytes without validating or stripping CRLF \r\n sequences. An application that passes user-controlled data into response headers e.g., setting a Location redire...
Poetry Has Wheel Path Traversal Which Can Lead to Arbitrary File Write
Summary A crafted wheel can contain ../ paths that Poetry writes to disk without containment checks, allowing arbitrary file write with the privileges of the Poetry process. Impact Arbitrary file write path traversal from untrusted wheel content. Impacts users/CI/CD systems installing malicious o...
StableLib Ed25519 Signature Malleability via Missing S < L Check
Ed25519 Signature Malleability via Missing S = L to prevent signature malleability. When S = L, SB = S mod LB = S - LB, meaning two different 32-byte S values produce the same verification result. An attacker who observes a valid signature R, S can produce a second valid signature R, S + L for th...
CI4MS: Account Deactivation Module Grants Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw)
Summary Vulnerability: Improper Session Invalidation on Account Deactivation Broken Access Control / Logic Flaw - This vulnerability is caused by a backend logic flaw that maintains a false trust assumption that already-authenticated users remain trustworthy, even after their accounts are...
CI4MS: Stored Cross‑Site Scripting (Stored XSS) in Backend User Management Allows Session Hijacking and Full Administrative Account Compromise
Summary A critical Stored Cross-Site Scripting Stored XSS vulnerability exists in the backend user management functionality. The application fails to properly sanitize user-controlled input before rendering it in the administrative interface, allowing attackers to inject persistent JavaScript cod...
CI4MS: Account Deletion Module Grants Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw)
Summary Vulnerability: Improper Session Invalidation on Account Deletion Broken Access Control / Logic Flaw - This vulnerability is caused by a backend logic flaw that maintains a false trust assumption that already-authenticated users remain trustworthy, even after their accounts are explicitly...
CI4MS: Blogs Categories Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Summary Vulnerability: Stored DOM XSS via Blog Category Title Persistent Payload Injection - Stored Cross-Site Scripting via Unsanitized Blog Category Title in Blog Management Description The application fails to properly sanitize user-controlled input when creating or editing blog categories. An...
CI4MS: Blogs Posts Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Summary Vulnerability: Stored DOM XSS via Blog Post Content Persistent Payload Injection - Stored Cross-Site Scripting via Unsanitized Blog Post Content in Blog Management Description The application fails to properly sanitize user-controlled input when creating or editing blog posts. An attacker...
CI4MS: Blogs Posts (Categories) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Summary Vulnerability: Blogs Posts Categories Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS - Stored Cross-Site Scripting via Unsanitized Blog Post Content in Blog Management Categories Description The application fails to properly sanitize user-controlled input wh...
CI4MS: Pages Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Summary Vulnerability: Stored DOM XSS via Page Management Fields Persistent Payload Injection - Stored Cross-Site Scripting via Unsanitized Page Creation and Editing Inputs Description The application fails to properly sanitize user-controlled input within the Page Management functionality when...
CI4MS: Menu Management (Posts) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Summary Vulnerability: Stored DOM XSS via Posts Added to Menu Persistent Payload Injection - Stored Cross-Site Scripting via Unsafe Rendering of Post Entries in Menu Management Description The application fails to properly sanitize user-controlled input when adding Posts to navigation menus throu...
CI4MS: Menu Management (Pages) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Summary Vulnerability: Stored DOM XSS via Pages Added to Menu Persistent Payload Injection - Stored Cross-Site Scripting via Unsafe Rendering of Page Entries in Menu Management Description The application fails to properly sanitize user-controlled input when adding Pages to navigation menus throu...
CI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM Blind XSS
Summary Vulnerability: Stored DOM Blind XSS via Backup Management Filename Persistent Payload Injection - Stored Cross-Site Scripting Blind XSS via Unsanitized Backup Filename in Backup Management Description The application fails to properly sanitize user-controlled input when handling backup...
CI4MS: System Settings (Company Information) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Summary Vulnerability: Stored DOM XSS via System Settings – Company Information Same-Page Attribute Breakout & Persistent Payload Injection - Stored Cross-Site Scripting via Unsanitized Company Information Configuration Fields with Immediate Same-Page Execution Description The application fails t...
CI4MS: System Settings (Social Media Management) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Summary Vulnerability: Stored DOM XSS via System Settings – Social Media Management Same-Page Attribute Breakout & Persistent Payload Injection - Stored Cross-site Scripting via Unsanitized Social Media Configuration Fields with Immediate Same-Page Execution Description The application fails to...
CI4MS: Logs Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Summary Vulnerability: Stored DOM Blind XSS via Logs Interface Rendering Administrative Context Execution - Stored Cross-Site Scripting Blind XSS via Unsafe Rendering of User-Controlled Logged Data Description The application renders user-controlled input unsafely within the logs interface. If an...
CI4MS: Blogs Tags Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Summary Vulnerability: Stored DOM XSS via Blog Tag Name Persistent Payload Injection - Stored Cross-Site Scripting via Unsanitized Blog Tag Name in Blog Management Description The application fails to properly sanitize user-controlled input when creating or editing blog tags. An attacker can inje...
AIOHTTP accepts duplicate Host headers
Summary Multiple Host headers were allowed in aiohttp. Impact Mostly this doesn't affect aiohttp security itself, but if a reverse proxy is applying security rules depending on the target Host, it is theoretically possible that the proxy and aiohttp could process different host names, possibly...
AIOHTTP's C parser (llhttp) accepts null bytes and control characters in response header values - header injection/security bypass
Summary The C parser the default for most installs accepted null bytes and control characters is response headers. Impact An attacker could send header values that are interpreted differently than expected due to the presence of control characters. For example, request.url.origin may return a...
AIOHTTP has HTTP response splitting via \r in reason phrase
Summary An attacker who controls the reason parameter when creating a Response may be able to inject extra headers or similar exploits. Impact In the unlikely situation that an application allows untrusted data to be used in the response's reason parameter, then an attacker could manipulate the...
AIOHTTP leaks Cookie and Proxy-Authorization headers on cross-origin redirect
Summary When following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. Impact The Cookie and Proxy-Authorizations headers could contain sensitive information which may be leaked to an unintended party after following...
AIOHTTP has late size enforcement for non-file multipart fields causes memory DoS
Summary For some multipart form fields, aiohttp read the entire field into memory before checking clientmaxsize. Impact If an application uses Request.post an attacker can send a specially crafted multipart request to force significant temporary memory allocation even when the request is ultimate...
Payload has Insufficient Filename Validation in Client-Upload Signed-URL Endpoints
Impact The client-upload signed-URL endpoints for S3, GCS, Azure, and R2 did not properly sanitize filenames. An attacker could craft filenames to escape the intended storage location. Consumers are affected if ALL of these are true: - Payload version v3.78.0 - Using client-upload signed-URL...