Lucene search
K

4072 matches found

Huntr
Huntr
added 2025/02/25 10:4 a.m.5 views

SQL Injection in DuckDBVectorStore via delete can lead to RCE

Description The delete function in DuckDBVectorStore easily attacks SQL when the attack controls the refdocid parameter.This can help attackers read and write arbitrary files on the server and lead to rce. ddbquery = f""" DELETE FROM self.tablename WHERE jsonextractstringmetadata, '$.refdocid' =...

9.8CVSS7.7AI score0.00705EPSS
Exploits1
Huntr
Huntr
added 2025/02/22 5:56 p.m.6 views

Unauthenticated Stored XSS via dangerouslySetInnerHTML

An UNAUTHENTICATED attacker can achieve stored cross-site scripting XSS by injecting malicious JavaScript the v1/runs/ingest if he adds an empty citations field to trigger a code path where dangerouslySetInnerHTML is used to render the attacker controlled text. This vulnerability allows the...

9.1CVSS5.3AI score0.00415EPSS
Exploits1
Huntr
Huntr
added 2025/02/15 8:25 a.m.9 views

A malicious manifests can lead to DoS due to unchecked array bound access via network in ollama/ollama

This report is not public...

7.5CVSS7.7AI score0.00426EPSS
Exploits1
Huntr
Huntr
added 2025/02/11 11:22 a.m.9 views

Regular expression Denial of Service - ReDoS

Description The preprocessstring function in the transformers.testingutils module uses a regular expression to process code blocks in docstrings. This regular expression has the following structure: codeblockpattern = r"?:python|py\s\n\s ?:.?\n?.?" The segment ?:.?\n?.? contains nested quantifier...

7.5CVSS7.4AI score0.00507EPSS
Exploits1
Huntr
Huntr
added 2025/02/02 1:21 p.m.6 views

A DoS attack occurred in run-llama/llama_index due to inappropriate secure coding measures

Description A DoS vulnerability has been identified in the KnowledgeBaseWebReader class of the run-llama/llamaindex project, and this issue has been reported see the link below: Huntr Report : https://huntr.com/bounties/27883f22-35ff-49df-aaa5-05031c7d6ad8 However, due to the developer's...

7.5CVSS7.9AI score0.00438EPSS
Exploits1
Huntr
Huntr
added 2025/01/25 8:10 p.m.7 views

Bucket "h2o-release" publicly writable, allowing an attacker to replace any file

The S3 bucket "h2o-release" where you host docs and which you instruct your users to use as a Maven repo e.g. in here https://github.com/h2oai/h2o-3?tab=readme-ov-file3-using-h2o-3-artifacts is publicly writable. It is possible to overwrite any file in that bucket. As a PoC I created the followin...

7.1AI score
Exploits0
Huntr
Huntr
added 2025/01/22 11:30 a.m.7 views

Regular expression Denial of Service - ReDoS

Description A Regular Expression Denial of Service ReDoS vulnerability was identified in the Transformers library, specifically in the file tokenizationgptneoxjapanese.py of the GPT-NeoX-Japanese model. The vulnerability occurs in the SubWordJapaneseTokenizer class, where regular expressions...

6.5CVSS5.5AI score0.00384EPSS
Exploits1
Huntr
Huntr
added 2025/01/11 5:16 p.m.4 views

Bug Bounty Report: Command Injection Vulnerability in subprocess Call

This report is not public...

7.1AI score
Exploits0
Huntr
Huntr
added 2024/12/14 4:48 a.m.6 views

Denial of Service(DOS) in LangChainLLM due to missing exception handler.

Summary The streamcomplete method of the LangChainLLM class executes the llm using a thread and retrieves the result of the llm via the getresponsegen method of the StreamingGeneratorCallbackHandler class. During this process, getresponsegen recursively detects the onllmerror and onllmend events...

7.5CVSS7.7AI score0.00761EPSS
Exploits1
Huntr
Huntr
added 2024/12/06 5:37 a.m.7 views

SQL Injection to RCE on FinanceChatLlamaPack

Summary The Finance Chat Llama Pack implements a hierarchical agent based on LLM for financial chat and information extraction. It includes an agent called 'database agent' for interacting with a PostgreSQL database. However, due to the lack of protections in the runsqlquery function on the...

10CVSS10AI score0.01311EPSS
Exploits1
Huntr
Huntr
added 2024/12/04 7:28 p.m.6 views

SSRF check bypass in Requests utility

Description The autogpt application relies on a wrapper around the requests library in order to avoid SSRF attacks performing a check on the provided URL. Such check is performed using the urlparse function from urllib.parse library, and the request is later performed using the requests library...

7.5CVSS7.7AI score0.00534EPSS
Exploits1
Huntr
Huntr
added 2024/12/04 12:5 p.m.10 views

Changing the "ID" parameter in the user cookie allows loading the profile picture of other users

Description A vulnerability has been discovered in AnythingLLM Docker that allows users, even with "Default" permission, to obtain other users' profile pictures. Proof of Concept 1 Create a new user with the default role; 2 Log in to the user account you created; 3 Open the browser inspector and...

4.3CVSS6.7AI score0.00453EPSS
Exploits1
Huntr
Huntr
added 2024/12/03 10:12 a.m.16 views

Regular expression Denial of Service - ReDoS

Description A Regular Expression Denial of Service ReDoS vulnerability identified in the Transformers library, specifically in the file tokenizationnougatfast.py. The vulnerability occurs in the postprocesssingle function, where a regular expression processes specially crafted input. The issue...

7.5CVSS6.2AI score0.00684EPSS
Exploits0
Huntr
Huntr
added 2024/12/03 4:27 a.m.6 views

AutoGPT SSTI Vulnerability Leading to Remote Code Execution (RCE)

Summary AutoGPT, an open-source AI tool that automates task execution, is vulnerable to a Server-Side Template Injection SSTI that could lead to arbitrary command execution. The vulnerability arises from the improper handling of user-supplied format strings in the AgentOutputBlock implementation,...

8.8CVSS9.1AI score0.01522EPSS
Exploits1
Huntr
Huntr
added 2024/11/26 7:9 a.m.4 views

Remote Code Execution via Unsafe Torch Load in TransfoXLCorpus

Description This is a new bypass to the patch of my previous report, in which the maintainers only apply the "TRUSTREMOTECODE" to guard the vulnerable code of vocabdict = pickle.loadf, but overlooked another vulnerable code of corpusdict = torch.loadresolvedcorpusfile without setting...

7.6AI score
Exploits0
Huntr
Huntr
added 2024/11/26 3:15 a.m.5 views

A SQL Injection in DuckDB via prompt can lead to RCE

Target Link Description sql = f""" SELECT ftsmainself.tablename.matchbm25self.nodeidcolumn, 'query' AS score, self.nodeidcolumn, self.textcolumn FROM self.tablename WHERE score IS NOT NULL ORDER BY score DESC LIMIT self.similaritytopk; """ The duckdbretriever performs "search using string" and...

9.8CVSS10AI score0.01311EPSS
Exploits1
Huntr
Huntr
added 2024/11/22 8:56 a.m.6 views

MD5 Hash Collision in SageMaker Workflow

The possibility exists that MD5 collisions could occur in past cache configurations, potentially leading to workflows being inadvertently replaced. Impact In a SageMaker workflow, there is a potential risk associated with using MD5 hashes due to hash collisions. MD5 is vulnerable to collision...

5.9CVSS5.8AI score0.00247EPSS
Exploits0
Huntr
Huntr
added 2024/11/19 4:56 p.m.8 views

Admin Able to Create User Without Setting a Password

Description The application allows an admin to create a new user account without assigning a password. This could lead to security vulnerabilities, or the system might inadvertently create an account with a default or blank password, making it susceptible to unauthorized access. Proof of Concept ...

5.5CVSS7.2AI score0.00336EPSS
Exploits1
Huntr
Huntr
added 2024/11/17 7:58 p.m.4 views

Stored Cross-Site Scripting (XSS) via SAML IdP XML Injection

An attacker can achieve stored cross-site scripting XSS by injecting malicious JavaScript into the SAML IdP XML metadata. This metadata is used to generate the SAML login redirect URL, which is ultimately set as the value of window.location.href. This vulnerability allows the attacker to execute...

7.3CVSS6.2AI score0.00351EPSS
Exploits1
Huntr
Huntr
added 2024/11/17 1:57 p.m.6 views

Arbitrary File Overwrite & RCE via Tarfile Path Traversal

Description The DJL package utilizes an untar function, for example, when downloading and saving models. Additionally, the untar function overwrites existing files. Therefore, the untar method includes the following two security measures to prevent misuse of its functionality. 1. Security measure...

7.2AI score
Exploits0
Huntr
Huntr
added 2024/11/16 6:58 a.m.6 views

Improper access of prompt data by another user.

Description Another user can able to see the prompts data of a particular users. Proof of Concept let promptid be the prompt id of user 1 visit http://127.0.0.1:8080/prompts/promptid from another users user 2 session user 2 can see the user 1 promptid's data. Previously it was reported by some on...

8.8CVSS6.8AI score0.00671EPSS
Exploits1
Huntr
Huntr
added 2024/11/15 5:26 a.m.4 views

Lack of unique constraint validation allows overwriting evaluators

Description The application allows the creation of evaluators without enforcing a unique constraint on the combination of projectId and slug. This allows an attacker to overwrite existing data by submitting a POST request with the same slug as an existing evaluator. Since the backend lacks databa...

6.5CVSS6.7AI score0.00535EPSS
Exploits1
Huntr
Huntr
added 2024/11/14 4:44 p.m.7 views

Logging into webui as view only internal user provides overly privileged bearer key

Description When an user with the role "internaluserviewer" logs into the application they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the application. The following steps are taken: An admin creates an Internal User with the role...

8.1CVSS8.7AI score0.00315EPSS
Exploits0
Huntr
Huntr
added 2024/11/13 4:42 a.m.7 views

Partial Account Takeover due to Insecure Data Querying

This report is not public...

8.1CVSS7.1AI score0.00641EPSS
Exploits1
Huntr
Huntr
added 2024/11/12 7:10 p.m.10 views

Denial of service through batched queries in GraphQL

This report is not public...

7.5CVSS7.1AI score0.00517EPSS
Exploits1
Huntr
Huntr
added 2024/11/12 2:33 p.m.6 views

Improper Access Control Allows deleting other users' reminders

Description Because the report I reported before was exploited on the public, I created a new report to exploit on the local machine The vulnerability allows users to delete other users' prompts on the system via the groupid parameter Proof of Concept const deletePromptController = async req, res...

9.4CVSS9.2AI score0.00516EPSS
Exploits1
Huntr
Huntr
added 2024/11/12 10:24 a.m.7 views

SQL Injection in default_jsonalyzer via prompt injection leads to arbitrary file creation

Target Link Description defaultjsonalyzer function used in JSONalyzeQueryEngine execute a sqlite query that llm made. If the attacker control the sqlite query with prompt injection and execute a malicious sqlite query, then Denial-of-Service attack and arbitrary file creation is possible. Root...

7.1CVSS7.3AI score0.00478EPSS
Exploits1
Huntr
Huntr
added 2024/11/11 7:53 a.m.8 views

Exception unhandled, lead to server crash

Description In node js express, if exception is uncaught, the server will crash. fs module sometimes throw exception when dealing with file upload. Unauth user can send something to the server trigger the exception lead to server crash. Proof of Concept import requests import random import string...

7.5CVSS7.7AI score0.00864EPSS
Exploits1
Huntr
Huntr
added 2024/11/11 6:4 a.m.7 views

Path traversal, lead to arbitrary file write, lead to remote code execution

Description Anythingllm use multer library to handle http multi-part file upload. Anything llm use the following code to handle non-ascii file name file.originalname = Buffer.fromfile.originalname, "latin1".toString "utf8" ; This way of manipulating filename is will lead to path traversal. multer...

7.2CVSS7.6AI score0.19777EPSS
Exploits1
Huntr
Huntr
added 2024/11/09 10:52 a.m.5 views

Arbitrary file deletion on Windows via the '/v1/agent/hub/update' endpoint.

This report is not public...

8.2CVSS7.1AI score0.00514EPSS
Exploits1
Huntr
Huntr
added 2024/11/09 4:40 a.m.12 views

Remote Code Execution via Model Deserialization on /api/v2/models/install API

Summary I have identified a critical vulnerability leading to remote code execution in the /api/v2/models/install API through unsafe model deserialization. The API allows users to specify a model URL, which is downloaded and loaded server-side using torch.load without proper validation. This...

9.8CVSS10AI score0.05342EPSS
Exploits5
Huntr
Huntr
added 2024/11/08 4:25 p.m.10 views

Leakage of Langfuse API keys in team exception handling

This report is not public...

7.5CVSS7.7AI score0.00523EPSS
Exploits1
Huntr
Huntr
added 2024/11/08 7:6 a.m.4 views

Integer Overflow In /v2/repository/models/<model_name>/load

This report is not public...

7.1AI score
Exploits0
Huntr
Huntr
added 2024/11/08 6:21 a.m.5 views

multer(file upload middleware in express) misused, lead to remote code execution

Description Librechat use multer to handle multi-part file upload. multer library will deal with '../' kind of path traversal, then let the programmer decide the actual filename, then join the path to write the upload the file. this means, if '../' is provided by the user of librechat, multer wil...

8.8CVSS9.2AI score0.01622EPSS
Exploits1
Huntr
Huntr
added 2024/11/07 1:10 p.m.5 views

IDOR Vulnerability in PATCH `/v1/runs/:id/score` Endpoint Allows Unauthorized Score Updates for Other Users’ Runs

Description An Insecure Direct Object Reference IDOR vulnerability exists in the PATCH /v1/runs/:id/score endpoint. This endpoint allows an attacker to update the score data of any run by manipulating the id parameter in the request URL, which corresponds to the runIdscore in the database. The...

7.5CVSS7.6AI score0.00525EPSS
Exploits1
Huntr
Huntr
added 2024/11/07 11:43 a.m.9 views

RCE via Global State Override

This exploit effectively serves as a bypass for CVE-2024-3408. An attacker can override global state to enable custom filters, which then facilitates remote code execution RCE. Specifically, this vulnerability leverages the ability to manipulate global application settings to activate the...

9.8CVSS8.5AI score0.77951EPSS
Exploits5
Huntr
Huntr
added 2024/11/06 4:56 p.m.5 views

A malicious gguf model can lead to DoS due to unchecked null pointer dereference via network

This report is not public...

7.5CVSS9.4AI score0.00648EPSS
Exploits1
Huntr
Huntr
added 2024/11/06 1:20 p.m.8 views

A malicious gguf model can lead to DoS due to unchecked array bound access via network

This report is not public...

7.1AI score
Exploits0
Huntr
Huntr
added 2024/11/06 11:56 a.m.7 views

malicious gguf model can cause DoS by allocate unlimited memory via network access

This report is not public...

7.5CVSS7.7AI score0.00672EPSS
Exploits1
Huntr
Huntr
added 2024/11/06 11:42 a.m.9 views

malicious gguf model can be uploaded and created causing division by zero via network, leading to DoS

This report is not public...

7.5CVSS7.7AI score0.13476EPSS
Exploits1
Huntr
Huntr
added 2024/11/06 10:58 a.m.8 views

DoS using malicious gguf model file

This report is not public...

7.5CVSS7.7AI score0.00822EPSS
Exploits1
Huntr
Huntr
added 2024/11/06 6:23 a.m.5 views

Not limitation of upload file size, lead to server crash

Description librechat use multer, which is a middleware which handles streaming multipart fileupload. If use in memory storagemulter by default, can do not limit the upload file size, when handling big file, server will crash for out of memory. Attacker with no privilege can exploit this. Proof o...

7.5CVSS7.8AI score0.00761EPSS
Exploits1
Huntr
Huntr
added 2024/11/04 7:10 p.m.8 views

Read from host file system via ImagePromptTemplate in langchain-core

Description You can create langchaincore.prompts.ImagePromptTemplate's and by extension the langchaincore.prompts.ChatPromptTemplate's with input variables that make it possible for the prompt template to read any user-specified path from the server file system. If the outputs of the prompt...

5.3CVSS5.4AI score0.00366EPSS
Exploits0
Huntr
Huntr
added 2024/11/02 11:49 p.m.7 views

Denial of service through tracking and requesting Aim objects through web API

This report is not public...

7.5CVSS7.1AI score0.0059EPSS
Exploits1
Huntr
Huntr
added 2024/11/02 8:22 a.m.6 views

dify tools vanna has pandas query inject

This report is not public...

8.8CVSS7.1AI score0.00983EPSS
Exploits1
Huntr
Huntr
added 2024/11/01 8:43 p.m.5 views

Denial of service by tracking large images

This report is not public...

7.5CVSS7.1AI score0.0059EPSS
Exploits1
Huntr
Huntr
added 2024/11/01 7:13 a.m.3 views

Lack of proper access control on endpoint to delete evaluators

Description The /v1/evaluators/ route allows users to delete evaluators of a project by sending a DELETE request. However, the route lacks proper access control, such as middleware to ensure that only users with appropriate roles can delete evaluator data. The current implementation: Does not...

8.1CVSS8.1AI score0.00508EPSS
Exploits1
Huntr
Huntr
added 2024/11/01 1:30 a.m.8 views

Server Side Request Forgery(SSRF) on WordExtractor in langgenius/dify

Summary The vulnerability occurs when uploading DOCX files in the "Create Knowledge" section. If an external relationship exists in the DOCX file, the reltype value is requested as a URL. Requests are sent using the 'requests' module instead of the 'ssrfproxy', which can lead to an SSRF...

6.5CVSS6.8AI score0.00472EPSS
Exploits1
Huntr
Huntr
added 2024/10/31 9:19 p.m.8 views

Ollama server is vulnerable to OOM DoS attacks when using `makeRequestWithRetry` and `getAuthorizationToken` functions

This report is not public...

7.5CVSS7.7AI score0.00672EPSS
Exploits2
Huntr
Huntr
added 2024/10/31 1:49 p.m.7 views

CSRF ON SIGNUP PAGE

CSRF ON CREATING A NEW USER in mlflow/mlflow Reported on Oct 31st 2024 The Signup feature of Mlflow is vulnerable to CSRF attack that allow attacker to create a new account. This may be used to perform unauthorised actions on behalf of the malcious user . Proof of Concept : An attacker can use CS...

7.1CVSS5.7AI score0.00202EPSS
Exploits1
Total number of security vulnerabilities4072