Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2025/06/30 9:0 a.m.8 views

Path traversal, lead to remote code execution

Description In zenml's PathMaterializer class, the load function uses ispathwithindirectory to validate files during data.tar.gz extraction. While this prevents path traversal vulnerabilities, it fails to effectively detect symbolic and hard links. with tarfile.openarchivepathlocal, "r:gz" as tar...

7.8CVSS6.5AI score0.00334EPSS
Exploits1
Huntr
Huntr
added 2025/06/25 9:54 a.m.8 views

Incorrect Access Control check results in authorization bypass

Description When setting the access control for users, an incorrect access check allows for the bypass of authorization, due to the incorrect use of .some Proof of Concept 1. This is for a scenario, where I admin have created a custom agent and want everyone on the platform to use it, without bei...

5.3CVSS6.1AI score0.00256EPSS
Exploits0
Huntr
Huntr
added 2025/06/18 1:10 p.m.8 views

Path Traversal in Tokenizer Conversion Script

The script for converting slow tokenizers is vulnerable to a Path Traversal attack via the --checkpointname command-line argument. This allows an attacker to create files outside of the intended dumppath directory. Vulnerable Code Location: The vulnerability is located in the logic for converting...

6.3AI score
Exploits0
Huntr
Huntr
added 2025/06/14 6:41 p.m.8 views

Brotli decompression bomb DoS

This report is not public...

7.5CVSS6.9AI score0.00509EPSS
Exploits0
Huntr
Huntr
added 2025/06/14 10:45 a.m.8 views

Regular expression Denial of Service - ReDoS

Description A regular expression denial of service ReDoS vulnerability has been identified in the Hugging Face Transformers library's MarianTokenizer. The vulnerability exists in the removelanguagecode method of the MarianTokenizer class, which processes text to remove language codes. The method...

7.5CVSS6.2AI score0.00483EPSS
Exploits1
Huntr
Huntr
added 2025/05/30 8:7 a.m.8 views

langchain-community: Sensitive Information Disclosure Due to Insecure XML Parsing in EverNoteLoader

This report is not public...

7.5CVSS7AI score0.01531EPSS
Exploits0
Huntr
Huntr
added 2025/05/27 3:2 p.m.8 views

Denial of Service(DOS) in JSONReader

Description There exists a denial of service vulnerabilityDOS that occurs by python hitting max recursion depth while parsing a deeply nested json file using JSONReader. Vulnerable piece of code...

8.6CVSS7.1AI score0.0026EPSS
Exploits0
Huntr
Huntr
added 2025/04/04 1:4 p.m.8 views

MD5 Hash Collision in DocugamiReader Overwrites Structurally Distinct Chunks with Identical Text

Description The DocugamiReader class in llamaindex retrieves structured XML documents from the Docugami API, parses them into semantic chunks, and converts them into Document objects. To assign consistent IDs to each chunk, the following logic is used: hashedid =...

6.5CVSS7.2AI score0.00314EPSS
Exploits1
Huntr
Huntr
added 2025/04/01 12:20 p.m.8 views

Arbitary file read through path traversal

Description: The code in genericutils.py has a path traversal vulnerability, which allows an attacker to control the file path provided to the ImageDocument class. This can lead to the reading of arbitrary files on the server, including sensitive system files, through base64 encoding and decoding...

7.5CVSS7.2AI score0.00545EPSS
Exploits1
Huntr
Huntr
added 2025/03/25 8:42 p.m.8 views

SSRF Vulnerability in RequestsToolkit in langchain-community in langchain-ai/langchain

Description Vulnerability Description RequestsToolkit enables AI agents to perform HTTP requests GET, POST, PATCH, PUT, DELETE via LangChain workflows. However, a Server-Side Request Forgery SSRF vulnerability exists in the RequestToolkit component of the langchain-community package specifically,...

10CVSS6.9AI score0.14059EPSS
Exploits1
Huntr
Huntr
added 2025/03/07 7:49 p.m.8 views

Regular expression Denial of Service - ReDoS

Description The regex defined in the variable SETTINGRE contains repetition groups and non-optimized quantifiers, which can lead to exponential backtracking when receiving "almost matching" payloads. This may degrade the application's performance or even cause a denial-of-service DoS when...

7.5CVSS7.2AI score0.0043EPSS
Exploits1
Huntr
Huntr
added 2025/02/27 9:33 a.m.8 views

Command injection in LLama-Index CLI

Description There is an OS command injection vulnerability in the LLama-Index CLI. Because of pasting the --files argument directly into os.system, an attacker who controls the content of this argument can inject shell commands. The vulnerability was marked as "Local" in the CVSS rating because t...

7.8CVSS8.7AI score0.0103EPSS
Exploits1
Huntr
Huntr
added 2024/11/19 4:56 p.m.8 views

Admin Able to Create User Without Setting a Password

Description The application allows an admin to create a new user account without assigning a password. This could lead to security vulnerabilities, or the system might inadvertently create an account with a default or blank password, making it susceptible to unauthorized access. Proof of Concept ...

5.5CVSS7.2AI score0.00336EPSS
Exploits1
Huntr
Huntr
added 2024/11/12 10:24 a.m.8 views

SQL Injection in default_jsonalyzer via prompt injection leads to arbitrary file creation

Target Link Description defaultjsonalyzer function used in JSONalyzeQueryEngine execute a sqlite query that llm made. If the attacker control the sqlite query with prompt injection and execute a malicious sqlite query, then Denial-of-Service attack and arbitrary file creation is possible. Root...

7.1CVSS7.3AI score0.00478EPSS
Exploits1
Huntr
Huntr
added 2024/11/11 7:53 a.m.8 views

Exception unhandled, lead to server crash

Description In node js express, if exception is uncaught, the server will crash. fs module sometimes throw exception when dealing with file upload. Unauth user can send something to the server trigger the exception lead to server crash. Proof of Concept import requests import random import string...

7.5CVSS7.7AI score0.00864EPSS
Exploits1
Huntr
Huntr
added 2024/11/06 4:56 p.m.8 views

A malicious gguf model can lead to DoS due to unchecked null pointer dereference via network

This report is not public...

7.5CVSS9.4AI score0.00648EPSS
Exploits1
Huntr
Huntr
added 2024/11/06 10:58 a.m.8 views

DoS using malicious gguf model file

This report is not public...

7.5CVSS7.7AI score0.00822EPSS
Exploits1
Huntr
Huntr
added 2024/11/04 7:10 p.m.8 views

Read from host file system via ImagePromptTemplate in langchain-core

Description You can create langchaincore.prompts.ImagePromptTemplate's and by extension the langchaincore.prompts.ChatPromptTemplate's with input variables that make it possible for the prompt template to read any user-specified path from the server file system. If the outputs of the prompt...

5.3CVSS5.4AI score0.00366EPSS
Exploits0
Huntr
Huntr
added 2024/11/01 1:30 a.m.8 views

Server Side Request Forgery(SSRF) on WordExtractor in langgenius/dify

Summary The vulnerability occurs when uploading DOCX files in the "Create Knowledge" section. If an external relationship exists in the DOCX file, the reltype value is requested as a URL. Requests are sent using the 'requests' module instead of the 'ssrfproxy', which can lead to an SSRF...

6.5CVSS6.8AI score0.00472EPSS
Exploits1
Huntr
Huntr
added 2024/10/31 9:19 p.m.8 views

Ollama server is vulnerable to OOM DoS attacks when using `makeRequestWithRetry` and `getAuthorizationToken` functions

This report is not public...

7.5CVSS7.7AI score0.00672EPSS
Exploits2
Huntr
Huntr
added 2024/10/31 1:49 p.m.8 views

CSRF ON SIGNUP PAGE

CSRF ON CREATING A NEW USER in mlflow/mlflow Reported on Oct 31st 2024 The Signup feature of Mlflow is vulnerable to CSRF attack that allow attacker to create a new account. This may be used to perform unauthorised actions on behalf of the malcious user . Proof of Concept : An attacker can use CS...

7.1CVSS5.7AI score0.00202EPSS
Exploits1
Huntr
Huntr
added 2024/10/23 4:53 p.m.8 views

XSS by uploading pdf file

This report is not public...

5.4CVSS7.1AI score0.00359EPSS
Exploits1
Huntr
Huntr
added 2024/10/16 11:49 a.m.8 views

Local File Inclusion in netease-youdao/qanything

This report is not public...

7.5CVSS7.1AI score0.0139EPSS
Exploits1
Huntr
Huntr
added 2023/08/22 6:50 a.m.8 views

BrowserView Allows Popups, which leads to Remote Code Execution

Description The Application has a functionality that allows users to add URLs for custom Webservices. If a user adds a URL containing malicious code, then it can be used to open a new Browser Window, which will lead to Remote Code Execution on the victims computer. Proof of Concept ATTACKER SETUP...

7.6AI score
Exploits0
Huntr
Huntr
added 2023/08/18 11:54 a.m.8 views

Important Cookie without Secure flag

Description Cookie accessToken is without Secure flag. Mentioned cookie is responsible for user auth. Proof of Concept Repro steps: As logged in user https://app.vrite.io/ open DevTools and check Cookies table, get value of accessToken cookie. Open other browser, go to app.vrite.io site, open...

6.9AI score
Exploits0References1
Huntr
Huntr
added 2023/08/14 3:54 p.m.8 views

Cross-Site Request Forgery (CSRF)

A Cross-site request forgery CSRF attack is a type of malicious attack whereby an attacker tricks a victim into performing an action on a website that they do not intend to do. This can be done by sending the victim a malicious link or by exploiting a vulnerability in the website. For example, an...

6.8AI score
Exploits0
Huntr
Huntr
added 2023/06/29 12:18 p.m.8 views

XSS Reflected via import file funtion

Description The application does import data from the file without cleaning the data inside before processing, resulting in javascript code that can be injected and triggered when the victim executes the function. Proof of Concept Step1: The attacker creates a .csv file containing a payload to...

6.6AI score
Exploits0
Huntr
Huntr
added 2023/06/28 10:17 p.m.8 views

The user can put their survey in the survey groups even though this survey group is not in public mode

Description The user can put their survey in the survey groups even though this survey group is not in public mode Proof of Concept Step 1: The survey group SG03 isn't in public mode \ Step 2: In the "Survey groups" tab, User2 with only survey permission only sees the survey group Default \ Step ...

6.9AI score
Exploits0
Huntr
Huntr
added 2023/06/26 11:11 a.m.8 views

Path Traversal in uploadAttachment

POC : see https://1drv.ms/v/s!Avwg5C1eKVA4gl3LF2hgRyVNrSqk?e=DHbHKF We also contact the Maintainer through email lujie.ac.cn...

6.9AI score
Exploits0
Huntr
Huntr
added 2023/06/25 9:28 p.m.8 views

Dos via Document Comments

Description An attacker can abuse the document comment functionality, handled by the /api/comments.create API endpoint, since there is not size check or validation of the comment contents, which allows an attacker to send a comment with almost an unlimited number of characters1MB max POST size...

6.7AI score
Exploits0
Huntr
Huntr
added 2023/06/18 3:33 a.m.8 views

Stored XSS on user "Edit own profile" function

Description An attacker can inject malicious executable scripts into the code of the Social media field Proof of Concept Log in as a Member user, access My profile - Edit own profile function, insert this payload to any field " autofocus onfocus=promptdocument.domain then click Save. Access the...

7AI score
Exploits0
Huntr
Huntr
added 2023/06/15 3:47 p.m.8 views

Stored XSS on entire Client site

Description Admin or Staff with "System" permission can produce a store XSS on entire Client site Proof of Concept Edit the "Signature" field to this value "FOSSBilling.org - Client Management, Invoice and Support Software"" Then it will trigger in every Client screens Seems like it was rendered ...

6.2AI score
Exploits0
Huntr
Huntr
added 2023/04/19 4:34 a.m.8 views

Unable to indicate negative amount in captial

Description Unable to indicate negative amount in captial Proof of Concept 1 Login application 2 Go to Capital Add Capital Fill in amount -999,999,999.00 3 The website indicate an negative amount...

6.9AI score
Exploits0
Huntr
Huntr
added 2023/04/17 1:2 p.m.8 views

Improper Error Handling at Rating function

Description Please enter a description of the vulnerability. Navigating rating function http://127.0.0.1:8083/ratings/stored/-1 Change this number to arbitrary characters http://192.168.14.180:8083/ratings/stored/-2 Error occurs allows user to know the path of application file within system...

6.9AI score
Exploits0
Huntr
Huntr
added 2023/03/12 6:36 a.m.8 views

CSV Injection in CSV files generated by the backend

1 login in https://demo.limesurvey.org/index.php 2 the demo admin create a user with name "=1+cmd|'/C calc'!A0". 4 other users login and download all the users' data as csv. 5 other users open the csv file with execl in windows, notice that choose ";" as separator as. 6 we can see that the...

6.5AI score
Exploits0
Huntr
Huntr
added 2023/02/20 3:45 p.m.8 views

XSS in Library Description and Synopsis

Description The 'description' and 'synopsis' fields of libraries are vulnerable to stored XSS injection. If a user sets the synopsis or description of a library to ''"' they can set a stored XSS payload that fires whenever someone visits the /libraries page. Normally libraries are only editable b...

1AI score
Exploits0
Huntr
Huntr
added 2023/02/13 12:50 p.m.8 views

HTML Injection

Description HTML Injection vulnerability was discovered in Accounting module that allow authenticated user to inject malicious HTML code inside "accountnumber" parameter. Proof of Concept Video...

7.5AI score
Exploits0
Huntr
Huntr
added 2023/01/01 9:57 a.m.8 views

Send any message to any to any private channel

Description A user can add any message to a private channel that is not in that channel. This error is because the web application did not check if the sender userid is in that private channel. Proof of Concept Login to website in brower 1 with user A. Login to website in brower 2 with user B. Us...

6.9AI score
Exploits0
Huntr
Huntr
added 2022/11/22 4:9 p.m.8 views

DOM-based Cross-site Scripting (DXSS) Vulnerability

Description Two CalendarXP products have DXSS vulnerability in common parts of HTML files. CalendarXP FlatCalendarXP through 10.0.1 has DXSS vulnerability in iflateng.htm and nflateng.htm, and CalendarXP PopCalendarXP through 10.0.1 has DXSS vulnerability in ipopeng.htm and npopeng.htm. Proof of...

0.3AI score
Exploits0
Huntr
Huntr
added 2022/11/21 8:28 a.m.8 views

heap-buffer-overflow in gf_isom_box_write_header

Description heap-buffer-overflow in gfisomboxwriteheader at isomedia/boxfuncs.c:408. version info git log commit 68064e10172675e0853d6f429fb2055112835602 grafted, HEAD - master, origin/master, origin/HEAD Author: jeanlf Date: Fri Nov 18 10:36:10 2022 +0100 fixed build without http2 support ./MP4B...

7AI score
Exploits0
Huntr
Huntr
added 2022/09/26 11:44 p.m.8 views

Stored Cross-Site Scripting (XSS) in via direct link to attachments

Description The XSS is related to this previous report. The fix to prevent XSS in uploaded attachments is insufficient, as there is no mitigation when accessing attachments via a direct link. Proof of Concept Steps to reproduce: 1. Log in to Inventree 2. Click on Parts. Add a new Category and...

1.3AI score
Exploits0
Huntr
Huntr
added 2022/09/04 12:22 p.m.8 views

UI Discrepancy in Password

Description There is UI discrepancy in the user password section in nakama console. The UI presents the following message to the user for a short password: "Password is required, must be 8 chars or longer and consist of at least a capital letter, a small letter and a number". However, the backend...

7.2AI score
Exploits0
Huntr
Huntr
added 2022/08/02 2:0 p.m.8 views

Weak password policy on account creation/password update

Description The password policy used in the account creation and password change pages is weak, allowing to set a password of only 1 character. Proof of Concept Case 1 - Account Creation 1. 1 - Login as admin and go to the users page. 2. 2 - Create a new user and set 1 as the password and click i...

0.2AI score
Exploits0
Huntr
Huntr
added 2022/07/17 2:30 a.m.8 views

Cross-Site Request Forgery (CSRF)

Description I found a possible Cross-Site Request Forgery CSRF vulnerability in Login Form. Login CSRF is a type of attack where the attacker can force the user to log in to the attacker’s account on a website and thus reveal information about what the user is doing while logged in. Proof of...

1.6AI score
Exploits0References3
Huntr
Huntr
added 2022/07/04 10:37 a.m.8 views

Regular Expression Denial of Service (ReDoS)

Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in parse-url. It allows cause a denial of service when calling function parse-url. The ReDoS vulnerability is mainly due to the regex /git@|https?://\w.@+/|:,\w,-,,/+.git0,1/0,1/ and can be...

3.4AI score
Exploits0
Huntr
Huntr
added 2022/06/30 6:50 p.m.8 views

File Protocol Spoofing

Description parse-url misinterpreting the file:// protocol when trying to match git urls. The following payload is certainly valid file protocol but is interpreted as ssh protocol. file:///etc/passwd?http://a:1:1 Proof of Concept // PoC.js const fs = require'fs'; var parseURL = require"parse-url"...

7.2AI score
Exploits0
Huntr
Huntr
added 2022/06/25 2:38 a.m.8 views

Improper storage of authorization cookie on HTTPs pages

The authorization cookie used by the panel pufferauth is stored in the browser without using HttpOnly or Secure flags on the cookie...

0.9AI score
Exploits0
Huntr
Huntr
added 2022/06/19 4:19 a.m.8 views

Cross-site Scripting (XSS) - Stored

Description Titra is vulnerable to Stored XSS in the Task field when creating a new task in a project. Steps to reproduce 1.In the Overview tab, click on New project button. 2.Enter a project name and click Save. 3.Move to the Tasks tab in that project and click on New Task button. 4.In the Task...

0.5AI score
Exploits0
Huntr
Huntr
added 2022/06/13 9:59 a.m.8 views

Weak Password Policy

Description You can change your password in profile to a weak password. Proof of Concept 1. Login and go to your Profile 2. Use the password change feature or https://app.titra.io/changePwd 3. Enter your current password, fill the "Password" and "Password again" with 1 You can see your password h...

7.2AI score
Exploits0References2
Huntr
Huntr
added 2022/06/13 4:27 a.m.8 views

Stored XSS in Customer Company Name

Description The application inventree is vulnerable to Stored XSS in customer company name field. Proof of Concept Video PoC Link: https://drive.google.com/file/d/11tKQzqKFobDEuqigsQYIdQhMnqSLIBsi/view?usp=sharing...

0.2AI score
Exploits0
Total number of security vulnerabilities4072