4072 matches found
Command Injection in sofianehamlaoui/lockdoor-framework
✍️ Description Command injection occurs due to lack of sanitization of input passed to the os.system command usage in the package. as the package runs only as root every command processed inside the package system command will be running with root privileges , so every command passed via simple...
Code Injection in adobe/ops-cli
Description ops-cli is a wrapper for Terraform, Ansible, Helmfile and SSH for cloud automation , which is vulnerable to Arbitary Code Execution. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept Installation bash pip install ops-cli Run exploit.py...
Code Injection in tensorflow/tfx
Description TensorFlow Extended TFX is a Google-production-scale machine learning platform based on TensorFlow. It provides a configuration framework to express ML pipelines consisting of TFX components. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of...
Prototype Pollution in yomguithereal/baobab
Description baobab is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: javascript // poc.js const Baobab = require'baobab'; console.log'Before: ' + .polluted tree = new Baobab tree.deepMergeJSON.parse'"proto": "polluted": true' console.log'After: ' + .polluted...
Prototype Pollution in bonnevoyager/nested-objects-util
Description nested-objects-util is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var unflatten = require"nested-objects-util" console.log"Before : " + .polluted; unflatten"proto.polluted": "Yes! Its Polluted" console.log"After : " + .polluted; 2...
Prototype Pollution in coderaiser/nessy
Description nessy is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js var nessy = require"nessy" var obj = console.log"Before : " +...
Cross-site Scripting (XSS) - Generic in jsdecena/laracom
Description LaracomLaravel FREE E-Commerce Software this package is vulnerable to Stored Cross-Site Scripting XSS. https://github.com/jsdecena/laracom Steps To Reproduce-: 1 install https://github.com/jsdecena/laracom locally or https://shop.laracom.net/ use demo 2 in search bar enter javascript...
Arbitrary Code Execution via LossNode importlib.import_module() Before audit_tree() Trust Check
Arbitrary Code Execution via LossNode Import Before Audit — Trust Check Bypass Summary The LossNode.init method in skops/io/sklearn.py calls gettype, which invokes importlib.importmodule with attacker-controlled module and class names from the .skops file's schema.json. This import occurs during...
Unsafe cloudpickle.loads() and eval() in Callables Enable RCE via Malicious Task Payloads
This report is not public...
Decompression bomb bypass via negative max_length in streaming API (incomplete fix for CVE-2025-66471)
Description The fix for CVE-2025-66471 in urllib3 2.6.0 added maxlength support to all decoders to prevent decompression bombs when using the streaming API. However, three independent code paths in response.py bypass this protection in urllib3 2.6.3 latest. Bypass 1 — Negative maxlength from buff...
NLTK Data Module - Arbitrary File Read via Dead Security Check
This report is not public...
Uncontrolled Recursion in NLTK StupidBackoff Language Model Allows Denial of Service
This report is not public...
MLflow SageMaker Command Injection Vulnerability
Description The vulnerability exists in /mlflow/sagemaker/init.py at lines 161-167, where user-supplied container image names are directly interpolated into shell commands without proper sanitization before being passed to os.system. Vulnerable Code Path : CLI Input --container parameter ↓...
MLFlow server is exposed to data exfiltration and destruction due to lack of Origin validation
The MLFlow REST server is vulnerable to DNS rebinding attacks, allowing malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against REST endpoints. Once rebinding is successful, the attacker can: Query for experiments via the 2.0/mlflow/experiments/search...
Denial of Service via Unbounded parameter values
Description The /api/memories endpoint in the LibreChat application is found to be accepting arbitrarily large values for the key and value parameters. These inputs are not being properly validated or restricted in terms of maximum allowed character length. When an input containing more than 100...
Dependacy chain attack through hijacking broken github repository at https://github.com/huggingface/transformers/blob/main/src/\ntransformers/models/fuyu/\nconvert_fuyu_model_weights_to_hf.py
Description Type: Dependency Chain Attack through hijacking broken github repository Risk: High Allows arbitrary code execution in model conversion workflows Affected Asset: https://github.com/adept-ai-labs/adept-inference Broken URL in Hugging Face Transformers Root Cause The Hugging Face...
LangChain HTMLSectionSplitter – XXE caused by unsafe XSLT parsing
This report is not public...
Path traversal, lead to remote code execution
Description In zenml's PathMaterializer class, the load function uses ispathwithindirectory to validate files during data.tar.gz extraction. While this prevents path traversal vulnerabilities, it fails to effectively detect symbolic and hard links. with tarfile.openarchivepathlocal, "r:gz" as tar...
SSRF in MLflow via user-controlled gateway_path parameter
Description A Server-Side Request Forgery SSRF vulnerability exists in the gatewayproxyhandler function of MLflow. This function accepts a user-controlled gatewaypath parameter and concatenates it directly with a targeturi, allowing an attacker to control the full outbound HTTP request path from...
Path Traversal in Tokenizer Conversion Script
The script for converting slow tokenizers is vulnerable to a Path Traversal attack via the --checkpointname command-line argument. This allows an attacker to create files outside of the intended dumppath directory. Vulnerable Code Location: The vulnerability is located in the logic for converting...
Brotli decompression bomb DoS
This report is not public...
Full system file read and delete via GET /api/v1/images/download/{bulk_download_item_name}
Description For invokeai version v6.0.0a1 and below, there is an endpoint for bulk downloading zip file. With some manipulation of the filename arguments, attacker can read and also delete any files on the server through this endpoint. P/S: Tested on Windows Proof of Concept Request: GET...
langchain-community: Sensitive Information Disclosure Due to Insecure XML Parsing in EverNoteLoader
This report is not public...
Denial of Service(DOS) in JSONReader
Description There exists a denial of service vulnerabilityDOS that occurs by python hitting max recursion depth while parsing a deeply nested json file using JSONReader. Vulnerable piece of code...
MD5 Hash Collision in DocugamiReader Overwrites Structurally Distinct Chunks with Identical Text
Description The DocugamiReader class in llamaindex retrieves structured XML documents from the Docugami API, parses them into semantic chunks, and converts them into Document objects. To assign consistent IDs to each chunk, the following logic is used: hashedid =...
SSRF Vulnerability in RequestsToolkit in langchain-community in langchain-ai/langchain
Description Vulnerability Description RequestsToolkit enables AI agents to perform HTTP requests GET, POST, PATCH, PUT, DELETE via LangChain workflows. However, a Server-Side Request Forgery SSRF vulnerability exists in the RequestToolkit component of the langchain-community package specifically,...
Regular expression Denial of Service - ReDoS
Description The regex defined in the variable SETTINGRE contains repetition groups and non-optimized quantifiers, which can lead to exponential backtracking when receiving "almost matching" payloads. This may degrade the application's performance or even cause a denial-of-service DoS when...
Command injection in LLama-Index CLI
Description There is an OS command injection vulnerability in the LLama-Index CLI. Because of pasting the --files argument directly into os.system, an attacker who controls the content of this argument can inject shell commands. The vulnerability was marked as "Local" in the CVSS rating because t...
Admin Able to Create User Without Setting a Password
Description The application allows an admin to create a new user account without assigning a password. This could lead to security vulnerabilities, or the system might inadvertently create an account with a default or blank password, making it susceptible to unauthorized access. Proof of Concept ...
SQL Injection in default_jsonalyzer via prompt injection leads to arbitrary file creation
Target Link Description defaultjsonalyzer function used in JSONalyzeQueryEngine execute a sqlite query that llm made. If the attacker control the sqlite query with prompt injection and execute a malicious sqlite query, then Denial-of-Service attack and arbitrary file creation is possible. Root...
Exception unhandled, lead to server crash
Description In node js express, if exception is uncaught, the server will crash. fs module sometimes throw exception when dealing with file upload. Unauth user can send something to the server trigger the exception lead to server crash. Proof of Concept import requests import random import string...
A malicious gguf model can lead to DoS due to unchecked null pointer dereference via network
This report is not public...
Read from host file system via ImagePromptTemplate in langchain-core
Description You can create langchaincore.prompts.ImagePromptTemplate's and by extension the langchaincore.prompts.ChatPromptTemplate's with input variables that make it possible for the prompt template to read any user-specified path from the server file system. If the outputs of the prompt...
Denial of service through tracking and requesting Aim objects through web API
This report is not public...
Server Side Request Forgery(SSRF) on WordExtractor in langgenius/dify
Summary The vulnerability occurs when uploading DOCX files in the "Create Knowledge" section. If an external relationship exists in the DOCX file, the reltype value is requested as a URL. Requests are sent using the 'requests' module instead of the 'ssrfproxy', which can lead to an SSRF...
Ollama server is vulnerable to OOM DoS attacks when using `makeRequestWithRetry` and `getAuthorizationToken` functions
This report is not public...
Local File Inclusion in netease-youdao/qanything
This report is not public...
Important Cookie without Secure flag
Description Cookie accessToken is without Secure flag. Mentioned cookie is responsible for user auth. Proof of Concept Repro steps: As logged in user https://app.vrite.io/ open DevTools and check Cookies table, get value of accessToken cookie. Open other browser, go to app.vrite.io site, open...
Cross-Site Request Forgery (CSRF)
A Cross-site request forgery CSRF attack is a type of malicious attack whereby an attacker tricks a victim into performing an action on a website that they do not intend to do. This can be done by sending the victim a malicious link or by exploiting a vulnerability in the website. For example, an...
The user can put their survey in the survey groups even though this survey group is not in public mode
Description The user can put their survey in the survey groups even though this survey group is not in public mode Proof of Concept Step 1: The survey group SG03 isn't in public mode \ Step 2: In the "Survey groups" tab, User2 with only survey permission only sees the survey group Default \ Step ...
Dos via Document Comments
Description An attacker can abuse the document comment functionality, handled by the /api/comments.create API endpoint, since there is not size check or validation of the comment contents, which allows an attacker to send a comment with almost an unlimited number of characters1MB max POST size...
Stored XSS on user "Edit own profile" function
Description An attacker can inject malicious executable scripts into the code of the Social media field Proof of Concept Log in as a Member user, access My profile - Edit own profile function, insert this payload to any field " autofocus onfocus=promptdocument.domain then click Save. Access the...
Stored XSS on entire Client site
Description Admin or Staff with "System" permission can produce a store XSS on entire Client site Proof of Concept Edit the "Signature" field to this value "FOSSBilling.org - Client Management, Invoice and Support Software"" Then it will trigger in every Client screens Seems like it was rendered ...
Unable to indicate negative amount in captial
Description Unable to indicate negative amount in captial Proof of Concept 1 Login application 2 Go to Capital Add Capital Fill in amount -999,999,999.00 3 The website indicate an negative amount...
Improper Error Handling at Rating function
Description Please enter a description of the vulnerability. Navigating rating function http://127.0.0.1:8083/ratings/stored/-1 Change this number to arbitrary characters http://192.168.14.180:8083/ratings/stored/-2 Error occurs allows user to know the path of application file within system...
CSV Injection in CSV files generated by the backend
1 login in https://demo.limesurvey.org/index.php 2 the demo admin create a user with name "=1+cmd|'/C calc'!A0". 4 other users login and download all the users' data as csv. 5 other users open the csv file with execl in windows, notice that choose ";" as separator as. 6 we can see that the...
XSS in Library Description and Synopsis
Description The 'description' and 'synopsis' fields of libraries are vulnerable to stored XSS injection. If a user sets the synopsis or description of a library to ''"' they can set a stored XSS payload that fires whenever someone visits the /libraries page. Normally libraries are only editable b...
reflected xss
Description reflected xss SUMMURY here i uses demo instalation https://demo.limesurvey.org/ in firefox browser Proof of Concept login into user account and visit...
HTML Injection
Description HTML Injection vulnerability was discovered in Accounting module that allow authenticated user to inject malicious HTML code inside "accountnumber" parameter. Proof of Concept Video...
Send any message to any to any private channel
Description A user can add any message to a private channel that is not in that channel. This error is because the web application did not check if the sender userid is in that private channel. Proof of Concept Login to website in brower 1 with user A. Login to website in brower 2 with user B. Us...