184382 matches found
PT-2026-53479
Multiple vector store integrations in run-llama/llama index version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index...
PT-2026-53209
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.1.2-1.1 Description A NULL pointer dereference occurs in the AMD64 AGP driver when operating in virtualized environments, such as qemu/kvm, that lack a physical AMD northbridge. The issue stems from broken erro...
PT-2026-53388
Summary bbot's gitdumper.py insufficiently sanitises a .git/config file, leading to Remote Code Execution RCE. bbot's gitdumper.py can be made to consume a malicious .git/index file, leading to arbitrary file write which can be used to achieve Remote Code Execution RCE. Impact A user who uses bbo...
PT-2026-53535
Summary picklescan v1.0.3 blocks profile.Profile.run and profile.Profile.runctx but does NOT block the module-level profile.run function. A malicious pickle calling profile.runstatement achieves arbitrary code execution via exec while picklescan reports 0 issues. This is because the blocklist ent...
PT-2026-53304
A security vulnerability has been detected in Edimax EW-7478APC 1.04. This affects the function formQoS of the file /goform/formQoS of the component POST Request Handler. The manipulation of the argument selSSID leads to buffer overflow. Remote exploitation of the attack is possible. The exploit...
PT-2026-53544
Summary praisonai browser start exposes the browser bridge on 0.0.0.0 by default, and its /ws endpoint accepts websocket clients that omit the Origin header entirely. An unauthenticated network client can connect as a fake controller, send start session, cause the server to forward start automati...
PT-2026-53201
A security flaw has been discovered in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /department.php. The manipulation of the argument editid results in sql injection. The attack may be performed from remote. The exploit has been released to the public a...
PT-2026-53717
Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A malicious website may be able to silently hijack clipboard data. This issue was addressed through...
PT-2026-53217
Name of the Vulnerable Software and Affected Versions itsourcecode Hospital Management System version 1.0 Description A SQL injection issue exists in the /doctorprofile.php endpoint. This occurs when the doctorname parameter is manipulated, allowing a remote attacker to execute arbitrary SQL...
PT-2026-53605
SGLang's multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads on incoming messages, enabling RCE when exposed to the internet...
PT-2026-53468
Security Vulnerability Report: Prompt to SQL Injection leading to RCE in latest Langroid Affected Scope langroid @localhost:5432/postgres" Create SQL Chat Agent config = SQLChatAgentConfig database uri=DATABASE URI, llm=OpenAIGPTConfig api base=os.getenv"base ur...
PT-2026-53529
PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution RCE instead of the intended explanation of the natural language processing by the LLM. The security controls of PandasAI 2.4.3 and earlier fail ...
PT-2026-53576
Description In the FlightServer class of the pyquokka framework, the do action method directly uses pickle.loads to deserialize action bodies received from Flight clients without any sanitization or validation, which results in a remote code execution vulnerability. The vulnerable code is located...
PT-2026-53273
acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat check and subsequent symlink-following operations such as stat, chown,...
PT-2026-53706
Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A double free issue, which occurs when the system attempts to free the same memory location twice, was addressed with improved memory...
PT-2026-53211
Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform. This issue affects Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00; Hitachi Virtual Storage Platfo...
PT-2026-53585
Vulnerability A vulnerability has been identified in Rasa Pro and Rasa Open Source that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. The prerequisites for this are: - The HTTP API must be enabled on the...
PT-2026-53446
In invoke-ai/invokeai version v5.0.2, the web API POST /api/v1/images/delete is vulnerable to Arbitrary File Deletion. This vulnerability allows unauthorized attackers to delete arbitrary files on the server, potentially including critical or sensitive system files such as SSH keys, SQLite...
PT-2026-53536
Summary pkgutil.resolve name is a Python stdlib function that resolves any "module:attribute" string to the corresponding Python object at runtime. By using pkgutil.resolve name as the first REDUCE call in a pickle, an attacker can obtain a reference to ANY blocked function e.g., os.system,...
PT-2026-53636
Impacted Environments This issue ONLY impacts environments using the PyNcclPipe KV cache transfer integration with the V0 engine. No other configurations are affected. Summary vLLM supports the use of the PyNcclPipe class to establish a peer-to-peer communication domain for data transmission...
PT-2026-53457
A arbitrary code injection vulnerability in TensorFlow's Keras framework 2.13 allows attackers to execute arbitrary code with the same permissions as the application using a model that allow arbitrary code irrespective of the application...
PT-2026-53503
This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the basic auth.ini file. The file contains hard-coded default credentials. An attacker can leverag...
PT-2026-53417
In eosphoros-ai/db-gpt version v0.6.0, the web API POST /api/v1/editor/sql/run allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write using DuckDB SQL, enabling them to write arbitrary files to the...
PT-2026-53432
Impact A critical path traversal and extension bypass vulnerability in Flask-Reuploaded allows remote attackers to achieve arbitrary file write and remote code execution through Server-Side Template Injection SSTI. Patches Flask-Reuploaded has been patched in version 1.5.0 Workarounds 1. Do not...
PT-2026-53324
When using the "tarfile" module with a file opened in "streaming mode" mode="r|" the tarfile module did not properly handle EOF, making archive parsing take exponentially longer...
PT-2026-53326
When using the "tarfile" module with a file opened in "streaming mode" mode="r|" the tarfile module did not properly handle EOF, making archive parsing take exponentially longer...
PT-2026-53458
A flaw was found in openstack-keystone, only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity. A patch is...
PT-2026-53554
Summary The first-party PraisonAI A2A server example combines three behaviors into a remotely exploitable Critical chain: 1. The example exposes an A2A server without configuring auth token. 2. The same example binds the server to 0.0.0.0. 3. The example registers a calculateexpression tool...
PT-2026-53592
WMAgent v1.3.3rc2 and 1.3.3rc1, reqmgr2 1.4.1rc5 and 1.4.0rc2, reqmon 1.4.1rc5, and global-workqueue 1.4.1rc5 allows attackers to execute arbitrary code via a crafted dbs-client package...
PT-2026-53418
Impact This vulnerability involves a critical gap in the cryptographic verification process within the dcap-qvl. The library fetches QE Identity collateral including qe identity, qe identity signature, and qe identity issuer chain from the PCCS. However, it skips to verify the QE Identity signatu...
PT-2026-53475
Impact When JWT authentication is enabled enable jwt auth: true, the OIDC userinfo cache uses token:20 as the cache key. JWT headers produced by the same signing algorithm generate identical first 20 characters. This configuration option is not enabled by default. Most instances are not affected...
PT-2026-53509
Unsafe Deserialization vulnerability in Modular Max Serve before 25.6, specifically when the "--experimental-enable-kvcache-agent" feature is used allowing attackers to execute arbitrary code...
PT-2026-53408
Summary utils.get shared secret always returns -1 - allows anyone to connect to cobbler XML-RPC as user '' password -1 and make any changes. Details utils.py get shared secret: def get shared secret - Unionstr, int: """ The 'web.ss' file is regenerated each time cobblerd restarts and is used to...
PT-2026-53464
Summary Langflow is vulnerable to Path Traversal in the Knowledge Bases API DELETE /api/v1/knowledge bases. This occurs because user-supplied knowledge base names are concatenated directly into file paths without proper sanitization or boundary validation. An authenticated attacker can exploit th...
PT-2026-53422
Impact EPyT-Flow’s REST API parses attacker-controlled JSON request bodies using a custom deserializer my load from json that supports a type field. When type is present, the deserializer dynamically imports an attacker-specified module/class and instantiates it with attacker-supplied arguments...
PT-2026-53445
The imgaug library thru 0.4.0 contains an insecure deserialization vulnerability in its BackgroundAugmenter class within the multicore.py module. The class uses Python's pickle module to deserialize data received via a multiprocessing queue in the augment images worker method without any safety...
PT-2026-53462
langchain experimental aka LangChain Experimental 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify which uses eval in LLMSymbolicMathChain. LLMSymbolicMathChain was introduced in fcccde406dd9e9b05fc9babcbeb9ff527b0ec0c6 2023-10-05...
PT-2026-53485
A Stored Cross-Site Scripting XSS vulnerability was identified in the social feature of parisneo/lollms, affecting the latest version prior to 2.2.0. The vulnerability exists in the create post function within backend/routers/social/ init .py, where user-provided content is directly assigned to t...
PT-2026-53382
SQL injection vulnerability in long2ice asyncmy thru 0.2.10 allows attackers to execute arbitrary SQL commands via crafted dict keys...
PT-2026-53325
When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...
PT-2026-53394
Summary Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. One of the core security features claimed by Boxlite is the ability to mount host directories in read-only mode read only=True into the ...
PT-2026-53443
Horovod thru 0.28.1 contains an insecure deserialization vulnerability CWE-502 in its KVStore HTTP server component. The KVStore server, used for distributed task coordination, lacks authentication and authorization controls, allowing any remote attacker to write arbitrary data via HTTP PUT...
PT-2026-53274
Name of the Vulnerable Software and Affected Versions attr versions prior to 2.6.0 Description A flaw in the attr component, specifically within the getfattr and setfattr utilities, allows a local attacker to perform a symlink traversal attack. By replacing a pathname component with a symbolic li...
PT-2026-53483
A SQL injection vulnerability exists in the duckdb retriever component of the run-llama/llama index repository, specifically in llama-index-retrievers-duckdb-retriever prior to v0.4.0. The vulnerability arises from the construction of SQL queries without using prepared statements, allowing an...
PT-2026-53268
Name of the Vulnerable Software and Affected Versions FrontAccounting versions prior to 2.4.20 Description A path traversal issue exists in the attachment upload handler. Authenticated attackers can execute arbitrary code by uploading files using traversal sequences in the unique name parameter. ...
PT-2026-53498
A malicious user could use this issue to access internal HTTPs servers and in the worst case ie: aws instance it could be abused to get a remote code execution on the victim machine...
PT-2026-53726
Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A malicious website may exfiltrate data cross-origin. This occurs due to insufficient checks within t...
PT-2026-53448
A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active...
PT-2026-53662
LibrePhotos before 1.0.0 contains a broken object level authorization vulnerability in the SetPhotosShared endpoint that allows authenticated users to grant themselves access to other users' private photos by bypassing ownership validation. Attackers can manipulate shared to relations without...
PT-2026-53442
A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attackers to write arbitrary data to any file on the server. This is achieved by exploiting the /3/Parse endpoint to inject attacker-controlled data as the header of an empty file, which is then exported using the...