4072 matches found
H2O-3 PostgreSQL Driver RCE - Bypassing CVE-2025-6544 Mitigation
Description A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The current security mitigation implemented in H2O-3 relies on a parameter blacklist mechanism that exclusively targets MySQL JDBC...
Uncontrolled Recursion in NLTK StupidBackoff Language Model Allows Denial of Service
This report is not public...
Integer Overflow lead to DOS in handling Accept-Encoding header in API /v2/models/<model-name>/generate
This report is not public...
XSS in Chat Message Leads to Account Tackover
Description The vulnerability resides in the data persistence layer of the application. The fromdict method in the AppLollmsMessage class acts as a "sink" for raw data. It retrieves the content value from an input dictionary and assigns it directly to the object without any form of sanitization o...
Arbitrary File Read via Log Symlink following in FileTaskHandler
This report is not public...
Stored XSS in Home Feed via Post Content Lead to Account Takeover
Description A Stored Cross-Site Scripting XSS vulnerability was identified in the social feature of the application. The backend fails to sanitize user-provided content in the post creation endpoint. This allows an attacker to inject and store malicious JavaScript, which is then executed in the...
Session is not expiring after password resetting
This report is not public...
Path Traversal in Agent Flows via `uuid` (Arbitrary .json File Read/Delete)
Description : Summary I discovered a Path Traversal vulnerability in the AgentFlows component that allows reading and deleting arbitrary .json files on the server. The issue stems from the improper usage of path.join combined with normalizePath. The application resolves the file path using user...
Improper Access Control via Weak JWT Token Leads to Admin Takeover and Privilege Escalation
Description The application's session management is vulnerable to Authorization Bypass and Vertical Privilege Escalation. During dynamic analysis of the application's authentication flow, I discovered that the JSON Web Tokens JWT are signed with a weak secret key. This allowed me to perform an...
Arbitrary Code Execution via Unsafe torch.load() in Trainer Checkpoint Loading
Summary A critical arbitrary code execution vulnerability exists in HuggingFace Transformers' Trainer class. The loadrngstate method at src/transformers/trainer.py:3059 calls torch.load without the weightsonly=True parameter. While a safeglobals context manager wraps this call, it provides no...
TFSMLayer bypasses `safe_mode=True`, allowing attacker-controlled code execution during model inference
Summary TFSMLayer allows loading attacker-controlled TensorFlow SavedModels when deserializing a .keras model, even when safemode=True the default. While TensorFlow does not execute SavedModel functions during load, the attacker-controlled graph is registered during deserialization and executes...
Command Injection through bash -c
This report is not public...
Unbounded Classification Output Sorting Leads to Remote Denial-of-Service in Triton Inference Server
This report is not public...
Unauthenticated File Upload in LollMS
Executive Summary A critical security vulnerability has been identified in LollMS that allows unauthenticated users to upload and process files through the /api/files/extract-text endpoint. This endpoint lacks authentication requirements, contradicting the application's documented "Secure...
Server-Side Request Forgery (SSRF) in LollMS Export Content
Executive Summary A security vulnerability has been identified in LollMS that allows Server-Side Request Forgery SSRF attacks through the /api/files/export-content endpoint. The downloadimagetotemp function downloads images from arbitrary user-controlled URLs without validation, allowing attacker...
Insecure Direct Object Reference (IDOR) in LollMS Friend Request Response
Executive Summary A critical security vulnerability has been identified in LollMS that allows any authenticated user to accept or reject friend requests belonging to other users. The respondrequest function lacks authorization checks, enabling Insecure Direct Object Reference IDOR attacks. Affect...
Content-Type Spoofing in LollMS Image Upload
Executive Summary A security vulnerability has been identified in LollMS that allows authenticated users to bypass file type validation by spoofing the Content-Type header. The /api/upload/chatimage endpoint only validates the HTTP header, not the actual file content, allowing malicious files to ...
Job API exposed without authorization
This report is not public...
Tracing + Assessments Access
This report is not public...
Airflow externalLogUrl Permission Bypass
1. Summary The externalLogUrl endpoint in Airflow’s FastAPI enforces only the weaker Task Instance access permission TASKINSTANCE instead of the intended Task Logs permission TASKLOGS. As a result, low-privileged users who are not authorized to view task logs can still obtain external log access...
Command Injection via Malicious Model Artifacts
A command injection vulnerability exists in MLflow's model serving container initialization code. When deploying a model with envmanager=LOCAL, MLflow reads dependency specifications from the model artifact's pythonenv.yaml file and directly interpolates them into a shell command without...
MLflow Tarfile Path traversal in mlflow/mlflow
Description Vulnerability Report: Unsafe Tar Extraction Path Traversal Due to the lack of path traversal verification in the tar decompression part, it may lead to the possibility of overwriting any file or gaining elevated privileges. This is a non-expected vulnerability. Location File:...
Apache Arrow IPC cached prebuffer path triggers signed integer overflow UB in read-range coalescing
Description Apache Arrow C++ commit d89c14b5d5203bc403fb62060fdf1ef2c0a49339 contains a signed integer overflow undefined behavior in the IO range coalescing logic, specifically in arrow/cpp/src/arrow/io/interfaces.cc:475 arrow::io::internal::CoalesceReadRanges. The overflow is reachable from...
Unsafe Pickle Deserialization in apache-airflow-providers-http leading to RCE via HttpOperator
A High severity Unsafe Deserialization vulnerability exists in the airflow.providers.http package. The HttpOperator uses pickle.loads to deserialize untrusted data received from the Triggerer service via the database in the executecomplete method. This allows an attacker who has gained write acce...
Arbitrary file write via tar traversal
Summary A crafted tar.gz passed to MLflow pyfunc extraction is unpacked with tarfile.extractall without path validation. Archive entries containing .. or absolute paths can escape the destination directory and write arbitrary files on the host. This is reachable when users supply prebuiltenvuri o...
Arbitrary File Read via Absolute Path Input in nltk.util.filestring() enabling Local & Remote File Disclosure
This report is not public...
MLflow SageMaker Command Injection Vulnerability
Description The vulnerability exists in /mlflow/sagemaker/init.py at lines 161-167, where user-supplied container image names are directly interpolated into shell commands without proper sanitization before being passed to os.system. Vulnerable Code Path : CLI Input --container parameter ↓...
Arbitrary Code Execution in NLTK StanfordSegmenter via untrusted JAR loading
This report is not public...
NLTK – Multiple CorpusReader classes allow Arbitrary File Read via Path Traversal
This report is not public...
Arbitrary File Read via FileSystemPathPointer + PlaintextCorpusReader (bypass even if nltk.data.find() is patched
This report is not public...
Command Injection in example_xcom.py via XCom race condition
This report is not public...
Zip Slip Vulnerability in NLTK Downloader Leading to Remote Code Execution
This report is not public...
Unlimited-memory decompression leads to DoS bypassing `--http-max-input-size`
This report is not public...
Persistent Temp-File incomplete cleanup / resource exhaustion in `transformers` Serve
Description The transformers OpenAI-compatible server leaks every base64 image it decodes to disk. Because the temporary files are never cleaned up, an attacker can exhaust disk space by repeatedly calling /v1/chat/completions with base64 imageurl entries. Vulnerable Code In...
Remote code execution via transformers_utils/get_config
This report is not public...
Path traversal vulnerability via `FileSystemPathPointer.join()` method allows unauthorized file access
Description A critical path traversal vulnerability exists in the FileSystemPathPointer.join method within the nltk library. The vulnerability allows attackers to bypass directory restrictions and access files outside the intended directory structure by using path traversal sequences such as ../ ...
MLFlow server is exposed to data exfiltration and destruction due to lack of Origin validation
The MLFlow REST server is vulnerable to DNS rebinding attacks, allowing malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against REST endpoints. Once rebinding is successful, the attacker can: Query for experiments via the 2.0/mlflow/experiments/search...
text-generation-inference: Unbounded external image fetch in validation leads to resource-exhaustion DoS
Description Text Generation Inference Router DoS via pre-validation image fetch in VLM mode. Affected: Router workspace version 3.3.6 the latest repo, when deployed with a vision/VLM model e.g., Idefics/Mllama/Idefics2/Idefics3/Gemma3/Llama4/Paligemma/LlavaNext/Qwen2VL/Qwen25VL. Pure text LLMs do...
Integer Overflow lead to DOS in API `v2/models/<model-name>/infer`
This report is not public...
Arbitrary code execution during YAML config parsing in Kubernetes materializer
Summary The Kubernetes materializer entry point feast/sdk/python/feast/infra/computeengines/kubernetes/main.py deserializes /var/feast/featurestore.yaml and /var/feast/materializationconfig.yaml using yaml.load..., Loader=yaml.Loader. Because yaml.Loader eagerly instantiates arbitrary Python...
Integer Overflow → Heap Buffer Overflow in BYTES-Tensor Parsing (DoS)
This report is not public...
Path Traversal vulnerability in keras using tar extract
Technical Details of the Vulnerability Summary Keras's keras.utils.getfile function is vulnerable to directory traversal attacks despite implementing filtersafepaths. The vulnerability exists because extractarchive uses Python's tarfile.extractall method without the security-critical filter="data...
Account takeover due to missing oauth audience verification in google sign in
Description The web application integrates Google OAuth for user authentication. Upon successful Google sign-in and user consent, the application receives a token from Google. This token is used by the web application to fetch user profile information such as email and name and complete the login...
Authorization Bypass in MLflow Basic Auth (unprotected Flask/GraphQL routes)
This report is not public...
Denial of Service via Unbounded parameter values
Description The /api/memories endpoint in the LibreChat application is found to be accepting arbitrarily large values for the key and value parameters. These inputs are not being properly validated or restricted in terms of maximum allowed character length. When an input containing more than 100...
Insecure API Design: Able to Disable 2-Factor Authentication Without OTP or Backup Code
Description There is a minor issue in the 2-Factor Authentication 2FA flow. when a user tries to disable 2FA from the dashboard, the system should ask for a valid OTP or backup code and verify it through the following API: POST /api/auth/2fa/verify HTTP/1.1 Host: 127.0.0.1:3080 User-Agent:...
Possible HTML Injection in Accept-Language header
This report is not public...
SQLite Operator-Based SQL Injection Vulnerability in LangGraph
This report is not public...
User Enumeration via "Account not found" Message
This report is not public...
XPath Injection in search_item_ctrl_f Function - Hugging Face Smolagents v1.20.0
The searchitemctrlf function in the Hugging Face Smolagents library is vulnerable to XPath injection. The function simply concatenates user input into an XPath query without sanitizing or escaping the input. Vulnerable Code Location: File: src/smolagents-1.20.0/smolagents/visionwebbrowser.py...