4301 matches found
MLflow Server-Side Request Forgery (SSRF)
A malicious user could use this issue to access internal HTTPs servers and in the worst case ie: aws instance it could be abused to get a remote code execution on the victim machine...
Excessive Attack Surface in pyload-ng
Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41...
Heap-based buffer overflow in ZBar
A heap-based buffer overflow exists in the qrreadermatchcenters function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be...
Glances's Browser API Exposes Reusable Downstream Credentials via `/api/4/serverslist`
SummaryIn Central Browser mode, the /api/4/serverslist endpoint returns raw server objects from GlancesServersList.getserverslist. Those objects are mutated in-place during background polling and can contain a uri field with embedded HTTP Basic credentials for downstream Glances servers, using th...
Command Injection in Apache Airflow and Apache Airflow MySQL Provider
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0...
PickleScan's pkgutil.resolve_name has a universal blocklist bypass
Summarypkgutil.resolvename is a Python stdlib function that resolves any "module:attribute" string to the corresponding Python object at runtime. By using pkgutil.resolvename as the first REDUCE call in a pickle, an attacker can obtain a reference to ANY blocked function e.g., os.system,...
PandasAI vulnerable to arbitrary code execution
An issue in pandas-ai v.0.8.1 and before allows a remote attacker to execute arbitrary code via the isjailbreak function...
Code Injection in pyload-ng
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31...
MLFlow Path Traversal Vulnerability
A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information...
pyminizip affected by zlib's integer overflow/heap based buffer overflow vulnerability due to vulnerable dependency
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product.pyminizip uses version 1.2.11 of zlib's code...
TorchServe Server-Side Request Forgery vulnerability
ImpactRemote Server-Side Request Forgery SSRF Issue: TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity of the system and...
Apache Airflow Hive Provider Beeline remote code execution with Principal
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Apache Hive Provider: before 6.1.1.Before version 6.1.1 it waspossible to bypass the security check to RCE viaprincipal parameter. For this to beexploited it requir...
Remote Code Execution due to Full Controled File Write in mlflow
The mlflow web server includes tools for tracking experiments, packaging code into reproducible runs, and sharing and deploying models. As this vulnerability allows to write / overwrite any file on the file system, it gives a lot of ways to archive code execution like overwriting /home//.bashrc. ...
postgraas-server vulnerable to SQL injection
A vulnerability, which was classified as critical, was found in Blue Yonder postgraasserver up to 2.0.0b2. Affected is the function createpgconnection/createpostgresdb of the file postgraasserver/backends/postgrescluster/postgresclusterdriver.py of the component PostgreSQL Backend Handler. The...
MLflow authentication requirement bypass can allow a user to arbitrarily create an account
An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirement...
ReportLab vulnerable to remote code execution via paraparser
paraparser in ReportLab before 3.5.31 allows remote code execution because startunichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '...
Langchain SQL Injection vulnerability
In Langchain before 0.0.247, prompt injection allows execution of arbitrary code against the SQL service provided by the chain...
MLflow allowed arbitrary files to be PUT onto the server
MLflow allowed arbitrary files to be PUT onto the server...
Ray has arbitrary code execution via jobs submission API
Anyscale Ray allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment...
Ray Path Traversal vulnerability
LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers response can be found here:...
Ray Missing Authorization vulnerability
LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers response can be found here:...
Ray OS Command Injection vulnerability
A command injection exists in Ray's cpuprofile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication...
Apache Airflow Sqoop Provider Improper Input Validation vulnerability
Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider. This issue affects Apache Airflow Sqoop Provider versions before 3.1.1...
Remote code execution in pytorch lightning
A remote code execution RCE vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to modify application state base...
TensorFlow has a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation
ImpactAttackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or RCE.When axis is larger than the dim of input, c-Diminput,axis goes out of bound.Same problem occurs in the QuantizeAndDequantizeV2/V3/V4/V4Grad...
Use of hard-coded, security-relevant constants in deepset-ai/haystack
Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack in version 1.15.0 and prior. A patch is available at commit 5fc84904f198de661d5b933fde756aa922bf09f1...
vanna vulnerable to remote code execution caused by prompt injection
In the latest version of vanna-ai/vanna, the vanna.ask function is vulnerable to remote code execution due to prompt injection. The root cause is the lack of a sandbox when executing LLM-generated code, allowing an attacker to manipulate the code executed by the exec function in...
Apache Airflow Hive Provider vulnerable to code injection
Apache Software Foundation's Apache Airflow Hive Provider before 6.0.0 is vulnerable to improper control of generation of code...
Ckan remote code execution and private information access via crafted resource ids
Specific vulnerabilities: Arbitrary file write in resourcecreate and packageupdate actions, using the ResourceUploader object. Also reachable via packagecreate, packagerevise, and packagepatch via calls to packageupdate. Remote code execution via unsafe pickle loading, via Beaker's session store...
pytorch-lightning vulnerable to Arbitrary File Write via /v1/runs API endpoint
A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows attackers to exploit path traversal when extracting tar.gz files. When the LightningApp is running with the pluginserver, attackers can deploy malicious tar.gz plugins that embed arbitrary files with path...
toui allows user-specific variables to be shared between users
ImpactWebsites that use Website.uservars property in versions. PatchesIt affects versions v2.0.1 to v2.4.0. Please upgrade to v2.4.1 WorkaroundsDo not use Website.uservars in websites when using versions v2.0.1 to v2.4.0. Also, do not use Website.signinuser in version v2.4.0 only. ExplanationToUI...
Buffer overflow in sponge queue functions
ImpactThe Keccak sponge function interface accepts partial inputs to be absorbed and partial outputs to be squeezed. A buffer can overflow when partial data with some specific sizes are queued, where at least one of them has a length of 2^32 - 200 bytes or more. PatchesYes, see commit fdc6fef0...
Header injection in TurboGears
A vulnerability classified as critical has been found in OnShift TurboGears 1.0.11.10. This affects an unknown part of the file turbogears/controllers.py of the component HTTP Header Handler. The manipulation leads to http response splitting. It is possible to initiate the attack remotely...
Apache Airflow Google Provider Improper Input Validation vulnerability
Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0...
weixin-python XML External Entity vulnerability
A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/toxml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The name...
TensorFlow has a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation
ImpactAttackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or RCE.When axis is larger than the dim of input, c-Diminput,axis goes out of bound.Same problem occurs in the QuantizeAndDequantizeV2/V3/V4/V4Grad...
Apache Airflow Hive Provider Improper Input Validation vulnerability
Improper Input Validation vulnerability in the Apache Airflow Hive Provider. This issue affects Apache Airflow Hive Provider versions before 5.1.3...
TensorFlow has a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation
ImpactAttackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or RCE.When axis is larger than the dim of input, c-Diminput,axis goes out of bound.Same problem occurs in the QuantizeAndDequantizeV2/V3/V4/V4Grad...
Unsafe yaml deserialization in llama-hub
The OpenAPI and ChatGPT plugin loaders in LlamaHub aka llama-hub before 0.0.67 allow attackers to execute arbitrary code because safeload is not used for YAML...
Arbitrary Code Execution in Pillow
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 which was about the expression parameter...
parisneo/lollms Local File Inclusion (LFI) attack
parisneo/lollms version 9.5 is vulnerable to Local File Inclusion LFI attacks due to insufficient path sanitization. The sanitizepathfromendpoint function fails to properly sanitize Windows-style paths backward slash \, allowing attackers to perform directory traversal attacks on Windows systems...
Hyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VC
ImpactWhen verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs LDP-VCs, the result of verifying the presentation document.proof was not factored into the final verified value true/false on the presentation record. Below is an example result from verifying a JSON-LD...
Cross-site Scripting in Apache superset
A stored cross-site scripting XSS vulnerability exists in Apache Superset before 3.0.3.An authenticated attacker with create/update permissions on charts or dashboards could store a script or add a specific HTML snippet that would act as a stored XSS.For 2.X versions, users should change their...
AutoGPT bypass of the shell commands denylist settings
A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell commands denylist settings. The issue arises when the denylist is configured to block specific commands, such as whoami and /bin/whoami. An attacker can circumvent this restriction by executing...
Code execution in pandasai
GenerateSDFPipeline in syntheticdataframe in PandasAI aka pandas-ai through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE:...
litellm vulnerable to remote code execution based on using eval unsafely
BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. The vulnerability exists in the adddeployment function, which decodes and decrypts environment variables from base64 and assigns them to os.environ. An attacker can exploit this by sendin...
LlamaIndex includes an exec call for `import {cls_name}`
An issue was discovered in llamaindex before 0.10.38. download/integration.py includes an exec call for import clsname...
Deserialization of untrusted data in synthcity
A vulnerability, which was classified as critical, has been found in vanderSchaar LAB synthcity 0.2.9. Affected by this issue is the function loadfromfile of the component PKL File Handler. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been...
qdrant input validation failure
qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read and write during the snapshot recovery process. Attackers can exploit this vulnerability by manipulating snapshot files to include symlinks, leading to arbitrary file read by adding a symlink that points to a desired file on the...
LangChain Experimental Eval Injection vulnerability
langchainexperimental aka LangChain Experimental 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify which uses eval in LLMSymbolicMathChain. LLMSymbolicMathChain was introduced in fcccde406dd9e9b05fc9babcbeb9ff527b0ec0c6 2023-10-05...