Lucene search
K

4072 matches found

Huntr
Huntr
added 2025/07/15 4:14 p.m.7 views

World-Writable NLTK Cache Directory Enables Local Users to Tamper with or Delete NLP Data

Description The llamaindex library sets the NLTK data directory to a subdirectory of the codebase by default e.g., static/nltkcache inside the package directory. In multi-user environments or shared hosting, this directory is world-writable or accessible by multiple users. As a result, any user c...

7.8CVSS7.4AI score0.00168EPSS
Exploits1
Huntr
Huntr
added 2025/07/03 12:4 p.m.6 views

Dependacy chain attack through hijacking broken github repository at https://github.com/huggingface/transformers/blob/main/src/\ntransformers/models/fuyu/\nconvert_fuyu_model_weights_to_hf.py

Description Type: Dependency Chain Attack through hijacking broken github repository Risk: High Allows arbitrary code execution in model conversion workflows Affected Asset: https://github.com/adept-ai-labs/adept-inference Broken URL in Hugging Face Transformers Root Cause The Hugging Face...

6.5AI score
Exploits0
Huntr
Huntr
added 2025/07/01 5:58 p.m.7 views

LangChain HTMLSectionSplitter – XXE caused by unsafe XSLT parsing

This report is not public...

7.5CVSS6.9AI score0.00604EPSS
Exploits0
Huntr
Huntr
added 2025/06/30 10:21 a.m.25 views

Path traversal, lead to remote code execution

Description clearml's safeextract is actually ​​NOT secure​​. It fails to properly handle symbolic links and hard links. When these links point to files ​​outside the TAR archive​​, it can lead to ​​arbitrary file writes​​, potentially resulting in ​​remote code execution​​. Due to a change in th...

9.8CVSS6.8AI score0.27095EPSS
Exploits3
Huntr
Huntr
added 2025/06/30 9:0 a.m.8 views

Path traversal, lead to remote code execution

Description In zenml's PathMaterializer class, the load function uses ispathwithindirectory to validate files during data.tar.gz extraction. While this prevents path traversal vulnerabilities, it fails to effectively detect symbolic and hard links. with tarfile.openarchivepathlocal, "r:gz" as tar...

7.8CVSS6.5AI score0.00334EPSS
Exploits1
Huntr
Huntr
added 2025/06/29 4:34 p.m.9 views

Insecure Temporary File Handling Vulnerability in llama-index-core

Description The getcachedir function in llama-index-core uses a predictable, hardcoded directory path /tmp/llamaindex on Linux systems without proper security controls. This vulnerability allows attackers on multi-user systems to steal proprietary models, poison cached embeddings, or conduct...

7.3CVSS7.1AI score0.00134EPSS
Exploits0
Huntr
Huntr
added 2025/06/25 9:54 a.m.8 views

Incorrect Access Control check results in authorization bypass

Description When setting the access control for users, an incorrect access check allows for the bypass of authorization, due to the incorrect use of .some Proof of Concept 1. This is for a scenario, where I admin have created a custom agent and want everyone on the platform to use it, without bei...

5.3CVSS6.1AI score0.00256EPSS
Exploits0
Huntr
Huntr
added 2025/06/25 6:25 a.m.7 views

SSRF in MLflow via user-controlled gateway_path parameter

Description A Server-Side Request Forgery SSRF vulnerability exists in the gatewayproxyhandler function of MLflow. This function accepts a user-controlled gatewaypath parameter and concatenates it directly with a targeturi, allowing an attacker to control the full outbound HTTP request path from...

5.8CVSS7.1AI score0.0037EPSS
Exploits0
Huntr
Huntr
added 2025/06/24 5:10 p.m.7 views

Mass Assignment

Description Mass assignment is a vulnerability that occurs when an application automatically binds user-provided data e.g., from JSON via req.query to internal object properties or database fields without proper filtering. This can allow attackers to manipulate sensitive fields they shouldn’t hav...

7.5CVSS6AI score0.00277EPSS
Exploits1
Huntr
Huntr
added 2025/06/23 8:59 a.m.5 views

Bypass of Mysql Jdbc Attck for CVE-2025-6507

Credits Le1ahttps://github.com/Le1a A1kaidhttps://github.com/for-A1kaid ph0ebushttps://github.com/ph0ebus Description Attackers can exploit this vulnerability to read any system file and even execute arbitrary code through deserialization. The project manager fixed CVE-2025-6507 which I discovere...

9.8CVSS7.5AI score0.12993EPSS
Exploits1
Huntr
Huntr
added 2025/06/22 8:34 a.m.9 views

Improper Access Control in Socket.IO Event Handlers Allows Unauthenticated Execution of Sensitive Actions

1. Summary Vulnerability: Unauthenticated Access to Sensitive Socket.IO Events Affected Component: lollmsgenerationevents.py in the lollms server Root Cause: Sensitive actions exposed via Socket.IO events lack authentication and authorization checks, and the application relies on insecure global...

8.2CVSS7.3AI score0.00436EPSS
Exploits0
Huntr
Huntr
added 2025/06/18 1:55 p.m.9 views

Regular Expression Denial of Service (ReDoS) in AdamWeightDecay Optimizer

The AdamWeightDecay optimizer is vulnerable to Regular Expression Denial of Service ReDoS. If an attacker can control the patterns in the includeinweightdecay or excludefromweightdecay lists, they can provide a malicious regular expression that causes catastrophic backtracking. When the optimizer...

7.5CVSS6.3AI score0.00467EPSS
Exploits1
Huntr
Huntr
added 2025/06/18 1:10 p.m.7 views

Path Traversal in Tokenizer Conversion Script

The script for converting slow tokenizers is vulnerable to a Path Traversal attack via the --checkpointname command-line argument. This allows an attacker to create files outside of the intended dumppath directory. Vulnerable Code Location: The vulnerability is located in the logic for converting...

6.3AI score
Exploits0
Huntr
Huntr
added 2025/06/14 6:41 p.m.8 views

Brotli decompression bomb DoS

This report is not public...

7.5CVSS6.9AI score0.00509EPSS
Exploits0
Huntr
Huntr
added 2025/06/14 10:45 a.m.8 views

Regular expression Denial of Service - ReDoS

Description A regular expression denial of service ReDoS vulnerability has been identified in the Hugging Face Transformers library's MarianTokenizer. The vulnerability exists in the removelanguagecode method of the MarianTokenizer class, which processes text to remove language codes. The method...

7.5CVSS6.2AI score0.00483EPSS
Exploits1
Huntr
Huntr
added 2025/06/13 3:14 p.m.5 views

Brotli decompression bomb DoS

Description urllib3 can not stream brotli-encoded responses properly unlike the way it handles gzip responses. It always loads entire decompressed response body into memory when reading brotli-encoded response, which allows malicious servers to perform DoS attack by responding with decompression...

8.9CVSS6.8AI score0.00622EPSS
Exploits0
Huntr
Huntr
added 2025/06/13 8:33 a.m.6 views

Full system file read and delete via GET /api/v1/images/download/{bulk_download_item_name}

Description For invokeai version v6.0.0a1 and below, there is an endpoint for bulk downloading zip file. With some manipulation of the filename arguments, attacker can read and also delete any files on the server through this endpoint. P/S: Tested on Windows Proof of Concept Request: GET...

9.8CVSS7AI score0.00353EPSS
Exploits0
Huntr
Huntr
added 2025/06/13 12:43 a.m.7 views

I

Description Improper authorization controls in the conversation sharing feature make it possible to access other user's conversations given a known conversation ID. The exploitability is limited by the fact that UUIDv4 conversation IDs are generated on the server side and are practically impossib...

4.2CVSS5.9AI score0.00267EPSS
Exploits1
Huntr
Huntr
added 2025/06/09 5:2 p.m.9 views

Regular expression Denial of Service - ReDoS

Description A regular expression denial of service ReDoS vulnerability has been identified in the Hugging Face Transformers library's CLVP number normalizer. The vulnerability exists in the normalizenumbers method of the EnglishNormalizer class, which converts numeric strings to their English wor...

5.3CVSS6.2AI score0.00349EPSS
Exploits1
Huntr
Huntr
added 2025/06/04 11:14 a.m.6 views

H2O-3 MySQL JDBC Driver Deserialization Vulnerability_Key-Value Bypass Parameter Inspection

Creator: zack H2O-3 Version: 3.46.0.7、3.47.0.6928 MySQL JDBC Driver Version: 8.0.19 JDK Version: 8u112 Description There is a JDBC deserialization vulnerability in the H2O-3 REST API(POST /99/ImportSQLTable) that does not require authentication. This vulnerability can lead to Remote Code Executio...

9.8CVSS7.4AI score0.0064EPSS
Exploits0
Huntr
Huntr
added 2025/06/03 5:9 a.m.9 views

Mysql Jdbc Attck about CVE-2024-45758 and CVE-2024-10553 Bypass

Summary Attackers can exploit this vulnerability to read any system file and even execute arbitrary code through deserialization Details https://github.com/h2oai/h2o-3/commit/ac1d642b4d86f10a02d75974055baf2a4b2025ac Affected Version: The latest master branch Build project version: 3.47.0.99999...

9.8CVSS7.5AI score0.12993EPSS
Exploits2
Huntr
Huntr
added 2025/05/30 8:7 a.m.7 views

langchain-community: Sensitive Information Disclosure Due to Insecure XML Parsing in EverNoteLoader

This report is not public...

7.5CVSS7AI score0.01531EPSS
Exploits0
Huntr
Huntr
added 2025/05/27 3:2 p.m.7 views

Denial of Service(DOS) in JSONReader

Description There exists a denial of service vulnerabilityDOS that occurs by python hitting max recursion depth while parsing a deeply nested json file using JSONReader. Vulnerable piece of code...

8.6CVSS7.1AI score0.0026EPSS
Exploits0
Huntr
Huntr
added 2025/05/25 6:55 a.m.6 views

Environment Variable XSS in Analytics Component

Description A critical stored Cross-Site Scripting XSS vulnerability exists in the Analytics component of lunary-ai/lunary where the NEXTPUBLICCUSTOMSCRIPT environment variable is directly injected into the DOM using dangerouslySetInnerHTML without any sanitization or validation. This allows...

9.6CVSS7.5AI score0.00458EPSS
Exploits1
Huntr
Huntr
added 2025/05/13 1:27 p.m.11 views

IDOR Vulnerability in Template Creation via `projectId` Manipulation

Description An Insecure Direct Object Reference IDOR vulnerability exists in the POST /v1/templates endpoint of the Lunary API. This allows an authenticated user to create templates in another user’s project by modifying the projectId query parameter. This occurs due to a lack of server-side...

7.7CVSS6.7AI score0.00217EPSS
Exploits0
Huntr
Huntr
added 2025/05/01 11:53 a.m.6 views

Regular expression Denial of Service - ReDoS

Description A regular expression denial of service ReDoS vulnerability has been identified in the Hugging Face Transformers library's weight conversion utility. The vulnerability exists in the converttfweightnametoptweightname function, which converts TensorFlow weight names to PyTorch format. Th...

5.3CVSS5.2AI score0.00361EPSS
Exploits1
Huntr
Huntr
added 2025/04/23 9:46 a.m.6 views

Divide By Zero lead to DOS

This report is not public...

7.1AI score
Exploits0
Huntr
Huntr
added 2025/04/21 7:56 a.m.6 views

Python sandbox escape leading to Remote Code Execution (RCE)

Smolagents python sandbox escape leading to Remote Code Execution RCE Summary Smolagents is a barebones library for building agents that “ think in Python code ”—generating and executing Python as part of their reasoning process. Given this design, secure code execution is a critical backbone of...

10CVSS8.6AI score0.18654EPSS
Exploits1
Huntr
Huntr
added 2025/04/05 9:22 a.m.9 views

Regular expression Denial of Service - ReDoS in huggingface/transformers

Description A regular expression denial of service ReDoS vulnerability has been identified in the Hugging Face Transformers library's Donut processor. The vulnerability exists in the token2json method of the DonutProcessor class, which processes document tokens into JSON format. The regex pattern...

5.3CVSS5.3AI score0.00431EPSS
Exploits1
Huntr
Huntr
added 2025/04/04 1:4 p.m.8 views

MD5 Hash Collision in DocugamiReader Overwrites Structurally Distinct Chunks with Identical Text

Description The DocugamiReader class in llamaindex retrieves structured XML documents from the Docugami API, parses them into semantic chunks, and converts them into Document objects. To assign consistent IDs to each chunk, the following logic is used: hashedid =...

6.5CVSS7.2AI score0.00314EPSS
Exploits1
Huntr
Huntr
added 2025/04/03 1:6 a.m.5 views

Denial of Service via `Uncontrolled Recursive` JSON Parsing in `JSONReader`

Description The JSONReader in llamaindex is vulnerable to stack overflow when processing deeply nested JSON, leading to a RecursionError. Attackers can exploit this to trigger Denial of Service DoS by submitting malicious JSON, crashing applications before input validation. This impacts...

6.5CVSS7.8AI score0.00338EPSS
Exploits1
Huntr
Huntr
added 2025/04/01 10:18 p.m.5 views

Hardlink-Based Path Traversal in ObsidianReader

Overview A vulnerability has been identified in the ObsidianReader class from llamaindex.readers.obsidian. This vulnerability allows an attacker to bypass the path restriction mechanism using hardlinks , enabling unauthorized access to sensitive system files such as /etc/passwd. Affected Componen...

6.2CVSS6.8AI score0.0029EPSS
Exploits1
Huntr
Huntr
added 2025/04/01 12:20 p.m.6 views

Arbitary file read through path traversal

Description: The code in genericutils.py has a path traversal vulnerability, which allows an attacker to control the file path provided to the ImageDocument class. This can lead to the reading of arbitrary files on the server, including sensitive system files, through base64 encoding and decoding...

7.5CVSS7.2AI score0.00545EPSS
Exploits1
Huntr
Huntr
added 2025/03/31 10:47 p.m.7 views

Unsafe `Deserialization` in `JsonPickleSerializer` Enables Remote Code Execution

Description A critical deserialization vulnerability exists in the llamaindex library’s JsonPickleSerializer component, enabling remote code execution RCE due to an insecure fallback to Python’s pickle module. When deserializing untrusted data, JsonPickleSerializer prioritizes pickle.loads, which...

7.5CVSS5.9AI score0.00417EPSS
Exploits1
Huntr
Huntr
added 2025/03/31 2:13 p.m.5 views

XSS vulnerability exists in some specific browsers

Description The XSS vulnerability cannot be triggered in Chrome, but it is triggered when using Firefox and the latest version of Firefox. Since Firefox is widely used, when the administrator uses Firefox to view the relevant interface, the XSS vulnerability will be triggered, resulting in the...

8CVSS6AI score0.00341EPSS
Exploits1
Huntr
Huntr
added 2025/03/25 8:42 p.m.8 views

SSRF Vulnerability in RequestsToolkit in langchain-community in langchain-ai/langchain

Description Vulnerability Description RequestsToolkit enables AI agents to perform HTTP requests GET, POST, PATCH, PUT, DELETE via LangChain workflows. However, a Server-Side Request Forgery SSRF vulnerability exists in the RequestToolkit component of the langchain-community package specifically,...

10CVSS6.9AI score0.14059EPSS
Exploits1
Huntr
Huntr
added 2025/03/24 2:50 p.m.8 views

Using Mermaid to cause JS memory overflow and service downtime

Description Librechat has many means of limiting the rate, which can be found at https://www.librechat.ai/docs/configuration/librechatyaml/objectstructure/configratelimits. However, it can be found that the Fork Function in /api/convos/fork is not restricted, which allows attackers to fork...

5.7CVSS7AI score0.00279EPSS
Exploits0
Huntr
Huntr
added 2025/03/23 5:21 p.m.9 views

Timing attacks to guess password in lollms_authentication.py

Description The authenticateuser function in /server/endpoints/lollmsauthentication.py is vulnerable to timing attacks that can be exploited to: Enumerate valid usernames. Guess passwords incrementally by analyzing response time differences. Explanation of the vulnerability def...

7.5CVSS6.9AI score0.00371EPSS
Exploits0
Huntr
Huntr
added 2025/03/19 8:59 p.m.7 views

URL Parsing Issue

Repository: Hugging Face Transformers File: imageutils.py Line: 834 Code Snippet: if video.startswith"https://www.youtube.com" or video.startswith"http://www.youtube.com": Vulnerability Description: The current implementation checks if a video URL starts with "https://www.youtube.com" or...

3.5CVSS7.2AI score0.00329EPSS
Exploits1
Huntr
Huntr
added 2025/03/19 1:7 p.m.7 views

unsanitised Input in code node

Description We can run sandboxed code node with full permissions, before the the sandbox security restrictions are imposed. Javascript allows overriding global functions, thus by defining the parseInt function inside a javascript code node, we are able to execute code with full root permissions o...

9.8CVSS7.6AI score0.00712EPSS
Exploits1
Huntr
Huntr
added 2025/03/17 4:10 p.m.6 views

Regular expression Denial of Service - ReDoS

Description A regular expression denial of service ReDoS vulnerability has been identified in the Hugging Face Transformers library's dynamic module utilities. The vulnerability exists in the getimports function in dynamicmoduleutils.py, which uses a vulnerable regular expression pattern to filte...

5.3CVSS7.3AI score0.00431EPSS
Exploits1
Huntr
Huntr
added 2025/03/15 7:42 p.m.6 views

Regular expression Denial of Service - ReDoS

Description A regular expression denial of service ReDoS vulnerability has been identified in the Hugging Face Transformers library's configuration file resolution mechanism. The vulnerability exists in the getconfigurationfile function, which uses the vulnerable regular expression pattern...

5.3CVSS7AI score0.00431EPSS
Exploits1
Huntr
Huntr
added 2025/03/12 11:27 p.m.7 views

Path Traversal via Symbolic Links in `ObsidianReader`

Description The ObsidianReader class, designed to parse Obsidian vaults, contains a critical security flaw that allows arbitrary file read through symbolic links symlinks. When processing a vault, the reader does not resolve or validate the absolute paths of files, enabling an attacker to place a...

7.5CVSS6.9AI score0.00555EPSS
Exploits1
Huntr
Huntr
added 2025/03/11 10:51 p.m.7 views

Uncontrolled Memory Consumption in `SimpleDirectoryReader` Due to Post-Limit File Processing

Description Summary: The SimpleDirectoryReader component in llamaindex.core contains a resource management flaw where user-specified file limits numfileslimit are applied after fully enumerating and loading all discovered files into memory. This design causes uncontrolled memory consumption and...

5.3CVSS7.5AI score0.0037EPSS
Exploits0
Huntr
Huntr
added 2025/03/07 7:49 p.m.8 views

Regular expression Denial of Service - ReDoS

Description The regex defined in the variable SETTINGRE contains repetition groups and non-optimized quantifiers, which can lead to exponential backtracking when receiving "almost matching" payloads. This may degrade the application's performance or even cause a denial-of-service DoS when...

7.5CVSS7.2AI score0.0043EPSS
Exploits1
Huntr
Huntr
added 2025/03/07 1:35 p.m.5 views

MD5 Hash Collision Causes Overwriting of Papers with the Same Title, Leading to Data Loss

Description The ArxivReader class in LlamaIndex is responsible for searching for papers on ArXiv, downloading them, and processing them for AI model training. The workflow of ArxivReader is as follows: 1. The user searches for a specific topic on ArXiv, retrieving a list of relevant papers. impor...

5.3CVSS6.6AI score0.00281EPSS
Exploits1
Huntr
Huntr
added 2025/03/02 3:6 a.m.6 views

Privilege escalation from writing file into temporary directory to arbitrary code execution

Description The MLFlow temporary directory gets assigned insecure world-writable permissions 0o777. def getorcreatetmpdir: """ Get or create a temporary directory which will be removed once python process exit. """ from mlflow.utils.databricksutils import getreplid, isindatabricksruntime if...

7CVSS7.4AI score0.00215EPSS
Exploits1
Huntr
Huntr
added 2025/02/28 5:24 a.m.6 views

XML Entity Expansion vulnerability in Sitemap parser

Description There is an XML entity expansion billion laughs vulnerability in the sitemap parser. When accessing a malicious Sitemap XML, this results in a Denial of Service. Vulnerable class: import urllib.request import xml.etree.ElementTree as ET from typing import List from...

7.5CVSS7.1AI score0.00415EPSS
Exploits1
Huntr
Huntr
added 2025/02/28 4:54 a.m.7 views

SQL injection vulnerabilities in multiple vector stores

Description Multiple vector store integrations have SQL injection vulnerabilities, which can allow an attacker to read and write data using SQL. Example vulnerable code snippet in the Couchbase vector store integration: def deleteself, refdocid: str, kwargs: Any - None: """ Delete a document by i...

9.8CVSS8AI score0.00581EPSS
Exploits1
Huntr
Huntr
added 2025/02/27 9:33 a.m.8 views

Command injection in LLama-Index CLI

Description There is an OS command injection vulnerability in the LLama-Index CLI. Because of pasting the --files argument directly into os.system, an attacker who controls the content of this argument can inject shell commands. The vulnerability was marked as "Local" in the CVSS rating because t...

7.8CVSS8.7AI score0.0103EPSS
Exploits1
Total number of security vulnerabilities4072