Lucene search
K
PypaMost viewed

5612 matches found

PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

Open WebUI has an LDAP Empty Password Authentication Bypass

LDAP Empty Password Authentication Bypass Affected Component LDAP authentication endpoint:- backend/openwebui/routers/auths.py lines 468-477, user bind with empty password- backend/openwebui/models/auths.py lines 58-60, LdapForm model Affected VersionsCurrent main branch commit 6fdd19bf1 and like...

9.1CVSS7.4AI score0.01461EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

Codechecker has an authentication bypass for certain API calls

SummaryAuthentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permissions to any existing user in CodeChecker. DetailsThe following functions are affected under the Authentication endpoint: getAuthorisedNames,...

10CVSS6.2AI score0.00447EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)

Summaryexecutecode in praisonaiagents/tools/pythontools.py v1.6.37, subprocess sandbox mode can be fully bypassed using print.self to retrieve the real Python builtins module, from which import can be extracted via vars and runtime string construction. This achieves arbitrary OS command execution...

10CVSS6.6AI score0.00707EPSS
Exploits2References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

misp-modules website - Missing CSRF protection in the website home blueprint

A Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the home endpoint. The vulnerability was due to the home blueprint being exempted from CSRF protection. This could allow modification of sessi...

9.3CVSS5.9AI score0.00185EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

FireFighter has unauthenticated SSRF in its Raid jira_bot endpoint that allows IAM credential theft

Impact The POST /api/v2/firefighter/raid/jirabot endpoint CreateJiraBotView is reachable without authentication permissionclasses = permissions.AllowAny. Its attachments payload is fetched server-side via httpx.get with no URL validation, then uploaded as an attachment on the Jira ticket that get...

9.9CVSS6.2AI score0.00272EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

rok Python ProxyShare can be used as an SSRF proxy through absolute URL paths

SummaryAlice exposes a Python SDK ProxyShare with a fixed target URL. Bob sends a request to the share with an absolute URL in the path. The Flask handler passes that path to urllib.parse.urljoin, which replaces Alice's configured target host with Bob's host and returns the server-side response t...

9.9CVSS6AI score0.00061EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

SGLang's multimodal generation runtime has an unauthenticated path traversal vulnerability

SGLang's multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints...

9.1CVSS6.1AI score0.00386EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)

Summaryexecutecode in praisonaiagents/tools/pythontools.py v1.6.37, subprocess sandbox mode can be fully bypassed using print.self to retrieve the real Python builtins module, from which import can be extracted via vars and runtime string construction. This achieves arbitrary OS command execution...

10CVSS6.6AI score0.00707EPSS
Exploits2References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

Langflow Knowledge Bases API is Vulnerable to Path Traversal

SummaryLangflow is vulnerable to Path Traversal in the Knowledge Bases API DELETE /api/v1/knowledgebases. This occurs because user-supplied knowledge base names are concatenated directly into file paths without proper sanitization or boundary validation. An authenticated attacker can exploit this...

9.6CVSS6.1AI score0.04417EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

Rucio has SQL Injection in FilterEngine Oracle JSON Path via DID Search API

SummaryA SQL injection vulnerability in the Oracle path of FilterEngine.createsqlaquery allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint GET /dids//dids/search. Attacker-controlled filter keys and values are interpolated...

9.9CVSS6.5AI score0.00281EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

utcp-cli Vulnerable to Command Injection via Unsanitized Argument Substitution in CLI Communication Protocol

SummaryThe substituteutcpargs method in clicommunicationprotocol.py inserts user-controlled toolargs values directly into shell command strings without any sanitization or escaping. These commands are then executed via /bin/bash -c Unix or powershell.exe -Command Windows, allowing an attacker to...

10CVSS6.2AI score0.00272EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

SGLanG: Multimodal scheduler deserializes untrusted pickle data on 0.0.0.0 ROUTER socket

SGLang's multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads on incoming messages, enabling RCE when exposed to the internet...

9.8CVSS6AI score0.00399EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

praisonai-platform: Any workspace member can promote themselves or others to owner via PATCH /workspaces/{id}/members/{user_id}

SummaryType: Vertical privilege escalation. The PATCH /workspaces/workspaceid/members/userid endpoint is gated by requireworkspacememberworkspaceid, which defaults to minrole="member" and is never overridden by the route. The handler then calls MemberService.updateroleworkspaceid, userid, body.ro...

9.6CVSS6AI score0.00032EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

SGLang: Unauthenticated RCE via --enable-custom-logit-processor

SGLang's multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads will be deserialized without validation...

9.8CVSS6.6AI score0.00585EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

PraisonAI Platform has a cross-workspace IDOR + member-role privilege escalation

SummaryThe Platform server exposes resources under /api/v1/workspaces/workspaceid/... and protects them with a requireworkspacememberworkspaceid FastAPI dependency. The dependency only checks that the caller is a member of the workspaceid in the URL prefix. The route handlers then look up the inn...

9.4CVSS5.9AI score0.00043EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

Rucio has SQL Injection in FilterEngine PostgreSQL Query Builder via DID Search API

SummaryA SQL injection vulnerability in FilterEngine.createpostgresquery allows any authenticated Rucio user to execute arbitrary SQL against the configured PostgreSQL metadata database through the DID search endpoint GET /dids//dids/search. When the external metadata plugin postgresmeta is...

9.9CVSS7AI score0.00301EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

mamba language model framework vulnerable to insecure deserialization when loading pre-trained models from HuggingFace Hub

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

9.8CVSS6.2AI score0.00409EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

django-s3file is vulnerable to relative path traversal

ImpactS3FileMiddleware is vulnerable to relative path traversal attacks, where an attacker can use a modified request to escape pre-signed upload locations and have the Django application load files from random locations into request.FILESDepending on how files are handled, this may lead to...

9.9CVSS6AI score0.00564EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

llm CLI tool contains a code injection vulnerability via `--functions` command-line argument

The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...

9.8CVSS6.5AI score0.00327EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

Langroid has Prompt to SQL Injection, Leading to RCE

Security Vulnerability Report: Prompt to SQL Injection leading to RCE in latest Langroid Affected Scopelangroid 0.63.0 Vulnerability Description SQLChatAgent executes SQL produced by an LLM, which is influenceable by prompt injection. When configured with a database role that has privileges...

9.8CVSS6.9AI score0.00409EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

Ludwig framework is vulnerable to insecure deserialization in its model serving component

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization CWE-502 in its model serving component. When starting a model server with the ludwig serve command, the framework loads model weight files using torch.load without enabling the security-restrictive weightsonly=True...

9.8CVSS6.6AI score0.00497EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

wger: cross-tenant password reset and plaintext disclosure via gym=None bypass

SummaryThe resetuserpassword and gympermissionsuseredit views in wger perform a gym-scope authorization check using Python object comparison != that evaluates None != None as False, silently bypassing the guard when both the attacker and victim have no gym assignment gym=None. A user with...

9.9CVSS6.2AI score0.00371EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

PraisonAI Has Path Traversal in FileTools

Executive Summary:The path validation has a critical logic bug: it checks for .. AFTER normpath has already collapsed all .. sequences. This makes the check completely useless and allows trivial path traversal to any file on the system.The path validation function also does not resolve the symlin...

9.2CVSS6.1AI score0.00416EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

PraisonAI Vulnerable Untrusted Remote Template Code Execution

PraisonAI treats remotely fetched template files as trusted executable code without integrity verification, origin validation, or user confirmation, enabling supply chain attacks through malicious templates.--- DescriptionWhen a user installs a template from a remote source e.g., GitHub, PraisonA...

9.6CVSS6.4AI score0.00304EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

Open Source Kubectl MCP Server vulnerable to arbitrary code execution via user interaction with crafted HTML page

An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page...

9.8CVSS6.4AI score0.00578EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

PraisonAI's unauthenticated A2A official example can reach real LLM-driven `eval()` tool execution

SummaryThe first-party PraisonAI A2A server example combines three behaviors into a remotely exploitable Critical chain:1. The example exposes an A2A server without configuring authtoken.2. The same example binds the server to 0.0.0.0.3. The example registers a calculateexpression tool implemente...

9.8CVSS6.7AI score0.00084EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

Boxlite: Path Traversal Vulnerability Leads to Arbitrary File Write on the Host

SummaryBoxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and run OCI containers within them. Boxlite allows users to specify the OCI image used by containers in the sandbox. However, when processing tar entries in OCI images, Boxlite does not account for...

9.6CVSS6.7AI score0.00482EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

mlflow: FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by authentication or authorization

In mlflow/mlflow, the FastAPI job endpoints under /ajax-api/3.0/jobs/ are not protected by authentication or authorization when the basic-auth app is enabled. This vulnerability affects the latest version of the repository. If job execution is enabled MLFLOWSERVERENABLEJOBEXECUTION=true and any j...

9.8CVSS7.8AI score0.04392EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

PraisonAI has sandbox escape via exception frame traversal in `execute_code` (subprocess mode)

Summaryexecutecode in praisonaiagents.tools.pythontools defaults tosandboxmode="sandbox", which runs user code in a subprocess wrapped with arestricted builtins dict and an AST-based blocklist. The AST blocklist embedded inside the subprocess wrapper blockedattrs, line 143 ofpythontools.py contai...

9.9CVSS6.6AI score0.00541EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code

Summaryexecutecode in praisonai-agents runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed by passing a str subclass with an overridden startswith method to the safegetattr wrapper, achieving arbitrary OS command execution on the host. Detailspythontools.py:20...

10CVSS6.2AI score0.00707EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

pgAdmin 4 server mode has an authorization vulnerability affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules.Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...

9.9CVSS6.2AI score0.00455EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

praisonai-platform: JWT signing key defaults to hardcoded "dev-secret-change-me", allowing token forgery for any user when PLATFORM_ENV is unset

SummaryType: Insecure default cryptographic key. The JWT signing secret defaults to the hardcoded literal "dev-secret-change-me" when PLATFORMJWTSECRET is unset. A safety check exists but only fires when PLATFORMENV != "dev"; the default value of PLATFORMENV is "dev", so the check is silently...

9.8CVSS6.1AI score0.00054EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

PraisonAI Has Missing Authentication in WebSocket Gateway

SummaryThe PraisonAI Gateway server accepts WebSocket connections at /ws and serves agent topology at /info with no authentication. Any network client can connect, enumerate registered agents, and send arbitrary messages to agents and their tool sets. Detailsgateway/server.py:242 source -...

9.1CVSS6AI score0.00444EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

Marimo: Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass

SummaryMarimo 19.6k stars has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands.Unlike other WebSocket endpoints e.g., /ws that correctly...

9.8CVSS7.6AI score0.95645EPSS
Exploits11References10Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

Sentry: Improper authentication on SAML SSO process allows user identity linking

ImpactA critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program.The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same Sent...

9.1CVSS6AI score0.00435EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

PraisonAI Vulnerable to OS Command Injection

The executecommand function and workflow shell execution are exposed to user-controlled input via agent workflows, YAML definitions, and LLM-generated tool calls, allowing attackers to inject arbitrary shell commands through shell metacharacters.--- DescriptionPraisonAI's workflow system and...

9.6CVSS6.4AI score0.00419EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

parisneo/lollms vulnerable to stored XSS in the social feature

A Stored Cross-Site Scripting XSS vulnerability was identified in the social feature of parisneo/lollms, affecting the latest version prior to 2.2.0. The vulnerability exists in the createpost function within backend/routers/social/init.py, where user-provided content is directly assigned to the...

9.6CVSS7.1AI score0.00405EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

Google Agent Development Kit (ADK) has a Code Injection and Missing Authentication vulnerability

A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit ADK versions 1.7.0 and 2.0.0a1 through 1.28.1 and 2.0.0a2 on Python OSS, Cloud Run, and GKE allows an unauthenticated remote attacker to execute arbitrary code on the server hosting the ADK instance.This...

10CVSS6.4AI score0.01816EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

PraisonAIAgents has an OS Command Injection via shell=True in Memory Hooks Executor (memory/hooks.py)

SummaryThe memory hooks executor in praisonaiagents passes a user-controlled command stringdirectly to subprocess.run with shell=True atsrc/praisonai-agents/praisonaiagents/memory/hooks.py lines 303 to 305.No sanitization, no shlex.quote, no character filter, and no allowlist checkexists anywhere...

9.3CVSS6.4AI score0.00229EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

LiteLLM: Authentication bypass via OIDC userinfo cache key collision

ImpactWhen JWT authentication is enabled enablejwtauth: true, the OIDC userinfo cache uses token:20 as the cache key. JWT headers produced by the same signing algorithm generate identical first 20 characters.This configuration option is not enabled by default. Most instances are not affected.An...

9.4CVSS6AI score0.0049EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

aws-mcp has a Command Injection Remote Code Execution Vulnerability

aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling...

9.8CVSS7.8AI score0.01908EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

PraisonAI Vulnerable to Remote Code Execution via YAML Deserialization in Agent Definition Loading

SummaryThe AgentService.loadAgentFromFile method uses the js-yaml library to parse YAML files without disabling dangerous tags such as !!js/function and !!js/undefined. This allows an attacker to craft a malicious YAML file that, when parsed, executes arbitrary JavaScript code. An attacker can...

9.8CVSS6.9AI score0.0058EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

PraisonAI has an incomplete fix for CVE-2026-34935 - OS Command Injection

SummaryThe fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parsemcpcommand, allowing arbitrary executables like bash, python, or /bin/sh with inline code execution flags to pass through to subprocess execution. Affected Package- Ecosystem: PyPI-...

9.8CVSS6.8AI score0.00824EPSS
Exploits2References7Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

Apache Airflow: JWT token still valid after logout

When user logged out, the JWT token the user had authtenticated with was not invalidated, which could lead to reuse of that token in case it was intercepted. In Airflow 3.2 we implemented the mechanism that implements token invalidation at logout. Users who are concerned about the logout scenario...

9.1CVSS6AI score0.00667EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

pyLoad: SSRF filter bypass via HTTP redirect in BaseDownloader (Incomplete fix for CVE-2026-33992)

SummaryThe fix for CVE-2026-33992 GHSA-m74m-f7cr-432x added IP validation to BaseDownloader.download that checks the hostname of the initial download URL. However, pycurl is configured with FOLLOWLOCATION=1 and MAXREDIRS=10, causing it to automatically follow HTTP redirects. Redirect targets are...

9.3CVSS6AI score0.00397EPSS
Exploits2References7Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

Agno is vulnerable to Eval Injection

Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the fieldtype parameter passed to eval. Attackers can influence the fieldtype value in a FunctionCall to achieve...

9.8CVSS6.9AI score0.00852EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

gramps-webapi: Zip Slip Path Traversal in Media Archive Import

SummaryA path traversal vulnerability Zip Slip exists in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with directory-traversal filenames to write arbitrary files outside the intended temporary extraction directory on the server...

9.1CVSS6.1AI score0.00401EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

PraisonAI Browser Server allows unauthenticated WebSocket clients to hijack connected extension sessions

Summarypraisonai browser start exposes the browser bridge on 0.0.0.0 by default, and its /ws endpoint accepts websocket clients that omit the Origin header entirely. An unauthenticated network client can connect as a fake controller, send startsession, cause the server to forward startautomation ...

9.1CVSS6.2AI score0.00356EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

Pipecat: Remote Code Execution by Pickle Deserialization Through LivekitFrameSerializer

Remote Code Execution via Unsafe Deserialization in Pipecat's LivekitFrameSerializer SummaryA critical vulnerability exists in Pipecat's LivekitFrameSerializer – an optional, non-default, undocumented frame serializer class now deprecated intended for LiveKit integration. The class's deserialize...

9.8CVSS7.2AI score0.00701EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

PraisonAI has critical RCE via `type: job` workflow YAML

praisonai workflow run loads untrusted YAML and if type: job executes steps through JobWorkflowExecutor in jobworkflow.py.This supports: - run: → shell command execution via subprocess.run- script: → inline Python execution via exec- python: → arbitrary Python script execution A malicious YAML fi...

9.8CVSS6.3AI score0.00609EPSS
Exploits1References6Affected Software1
Total number of security vulnerabilities5000