Lucene search
K
PypaMost viewed

4602 matches found

PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

ormar is vulnerable to SQL Injection through aggregate functions min() and max()

Report of SQL Injection Vulnerability in Ormar ORM A SQL Injection attack can be achieved by passing a crafted string to the min or max aggregate functions. Brief descriptionWhen performing aggregate queries, Ormar ORM constructs SQL expressions by passing user-supplied column names directly into...

9.8CVSS7.5AI score0.00915EPSS
Exploits2References7Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

wolfSSL Python module vulnerable to Improper Authentication

A vulnerability in the handling of verifymode = CERTREQUIRED in the wolfssl Python package wolfssl-py causes client certificate requirements to not be fully enforced.Because the WOLFSSLVERIFYFAILIFNOPEERCERT flag was not included, the behavior effectively matched CERTOPTIONAL: a peer certificate...

9.3CVSS5.9AI score0.00272EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

dcap-qvl has Missing Verification for QE Identity

ImpactThis vulnerability involves a critical gap in the cryptographic verification process within the dcap-qvl.The library fetches QE Identity collateral including qeidentity, qeidentitysignature, and qeidentityissuerchain from the PCCS. However, it skips to verify the QE Identity signature again...

9.3CVSS6AI score0.00208EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

Azure AI Language Authoring Elevation of Privilege Vulnerability can Lead to RCE

Deserialization of untrusted data in the Azure AI Language Conversations Authoring client library for Python allows an unauthorized attacker to execute code over a network...

9.8CVSS7.3AI score0.02344EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

Flask-Reuploaded vulnerable to Remote Code Execution via Server-Side Template Injection

ImpactA critical path traversal and extension bypass vulnerability in Flask-Reuploaded allows remote attackers to achieve arbitrary file write and remote code execution through Server-Side Template Injection SSTI. Patches Flask-Reuploaded has been patched in version 1.5.0 Workarounds1. Do not pas...

9.8CVSS6.7AI score0.01046EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

vLLM has RCE In Video Processing

SummaryA chain of vulnerabilities in vLLM allow Remote Code Execution RCE:1. Info Leak - PIL error messages expose memory addresses, bypassing ASLR2. Heap Overflow - JPEG2000 decoder in OpenCV/FFmpeg has a heap overflow that lets us hijack code executionResult: Send a malicious video URL to vLLM...

9.8CVSS7.5AI score0.03816EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

MLflow Use of Default Password Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the basicauth.ini file. The file contains hard-coded default credentials. An attacker can leverage...

9.8CVSS7.5AI score0.00968EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering

SummaryAn unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScript in an event.The payload executes only if a user explicitly views the affected Stacktrace in the web UI. Details When Pygments returns more lines than it was given a known upstream quirk th...

9.3CVSS6.1AI score0.00286EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

Langflow has Remote Code Execution in CSV Agent

SummaryThe CSV Agent node in Langflow hardcodes allowdangerouscode=True, which automatically exposes LangChain’s Python REPL tool pythonreplast. As a result, an attacker can execute arbitrary Python and OS commands on the server via prompt injection, leading to full Remote Code Execution RCE. 2...

9.8CVSS7.7AI score0.33694EPSS
Exploits4References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

Langroid has WAF Bypass Leading to RCE in TableChatAgent

Affected Scopelangroid = 0.59.31 Vulnerability Description CVE-2025-46724 fix bypass:TableChatAgent can call pandaseval tool to evaluate the expression. There is a WAF in langroid/utils/pandasutils.py introduced to block code injection CVE-2025-46724. However it can be bypassed due to literalok...

9.8CVSS7AI score0.00741EPSS
Exploits2References7Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

Codechecker has an authentication bypass for certain API calls

SummaryAuthentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permissions to any existing user in CodeChecker. DetailsThe following functions are affected under the Authentication endpoint: getAuthorisedNames,...

10CVSS6.2AI score0.00447EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

SGLang's multimodal generation runtime has an unauthenticated path traversal vulnerability

SGLang's multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints...

9.1CVSS6.1AI score0.00386EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)

Summaryexecutecode in praisonaiagents/tools/pythontools.py v1.6.37, subprocess sandbox mode can be fully bypassed using print.self to retrieve the real Python builtins module, from which import can be extracted via vars and runtime string construction. This achieves arbitrary OS command execution...

10CVSS6.6AI score0.00707EPSS
Exploits2References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

Compromise of PyTorch Lightning PyPi Package Versions

Security Advisory: Compromise of PyTorch Lightning PyPI Package Versions Published: 2026-04-30 Last Updated: 2026-05-12 Github Advisory: CVE-2026-44484We have identified a security incident affecting certain versions of one of our PyPI packages. What happenedWe have determined that one or more...

9.8CVSS6AI score0.00392EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

PraisonAI `deploy --type api` emits a Flask server with authentication disabled by default

SummaryCVE-2026-44338 GHSA-6rmh-7xcm-cpxj documents that PraisonAI ships a code-generator praisonai.deploy.api.generateapiservercode that emits a Flask API server with authentication disabled by default. Users who follow the documented quickstart praisonai deploy --type api get a server that:-...

9.8CVSS7.4AI score0.26799EPSS
Exploits3References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

ChromaDB Python project has a pre-authentication code injection vulnerability

A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...

10CVSS7.5AI score0.12387EPSS
Exploits2References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

FireFighter has unauthenticated SSRF in its Raid jira_bot endpoint that allows IAM credential theft

Impact The POST /api/v2/firefighter/raid/jirabot endpoint CreateJiraBotView is reachable without authentication permissionclasses = permissions.AllowAny. Its attachments payload is fetched server-side via httpx.get with no URL validation, then uploaded as an attachment on the Jira ticket that get...

9.9CVSS6.2AI score0.00272EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

Rucio has SQL Injection in FilterEngine Oracle JSON Path via DID Search API

SummaryA SQL injection vulnerability in the Oracle path of FilterEngine.createsqlaquery allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint GET /dids//dids/search. Attacker-controlled filter keys and values are interpolated...

9.9CVSS6.5AI score0.00281EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

imgaug contains an insecure deserialization vulnerability in BackgroundAugmenter class within multicore.py module

The imgaug library thru 0.4.0 contains an insecure deserialization vulnerability in its BackgroundAugmenter class within the multicore.py module. The class uses Python's pickle module to deserialize data received via a multiprocessing queue in the augmentimagesworker method without any safety...

9.8CVSS6.7AI score0.00472EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)

Summaryexecutecode in praisonaiagents/tools/pythontools.py v1.6.37, subprocess sandbox mode can be fully bypassed using print.self to retrieve the real Python builtins module, from which import can be extracted via vars and runtime string construction. This achieves arbitrary OS command execution...

10CVSS6.6AI score0.00707EPSS
Exploits2References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

rok Python ProxyShare can be used as an SSRF proxy through absolute URL paths

SummaryAlice exposes a Python SDK ProxyShare with a fixed target URL. Bob sends a request to the share with an absolute URL in the path. The Flask handler passes that path to urllib.parse.urljoin, which replaces Alice's configured target host with Bob's host and returns the server-side response t...

9.9CVSS6AI score0.00061EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

EPyT-Flow vulnerable to unsafe JSON deserialization (__type__)

ImpactEPyT-Flow’s REST API parses attacker-controlled JSON request bodies using a custom deserializer myloadfromjson that supports a type field. When type is present, the deserializer dynamically imports an attacker-specified module/class and instantiates it with attacker-supplied arguments. This...

10CVSS6AI score0.00657EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

MLflow: Improper Origin Validation in MLflow Assistant /ajax-api Endpoints Enables Browser-Mediated Local Command Execution

In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests from a malicious webpage to interact with the MLflow Assistant running on a victim's local machine. ...

9.6CVSS7.5AI score0.00371EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

Open WebUI has an LDAP Empty Password Authentication Bypass

LDAP Empty Password Authentication Bypass Affected Component LDAP authentication endpoint:- backend/openwebui/routers/auths.py lines 468-477, user bind with empty password- backend/openwebui/models/auths.py lines 58-60, LdapForm model Affected VersionsCurrent main branch commit 6fdd19bf1 and like...

9.1CVSS7.4AI score0.01461EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

utcp-cli Vulnerable to Command Injection via Unsanitized Argument Substitution in CLI Communication Protocol

SummaryThe substituteutcpargs method in clicommunicationprotocol.py inserts user-controlled toolargs values directly into shell command strings without any sanitization or escaping. These commands are then executed via /bin/bash -c Unix or powershell.exe -Command Windows, allowing an attacker to...

10CVSS6.2AI score0.00272EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

PraisonAI Platform has a cross-workspace IDOR + member-role privilege escalation

SummaryThe Platform server exposes resources under /api/v1/workspaces/workspaceid/... and protects them with a requireworkspacememberworkspaceid FastAPI dependency. The dependency only checks that the caller is a member of the workspaceid in the URL prefix. The route handlers then look up the inn...

9.4CVSS5.9AI score0.00043EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

PySyft server-side arbitrary Python execution after code approval

PySyft Syft Datasite/Server versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions via @sy.syftfunction for remote execution on the server. While a...

9.8CVSS6.9AI score0.00631EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

SGLanG: Multimodal scheduler deserializes untrusted pickle data on 0.0.0.0 ROUTER socket

SGLang's multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads on incoming messages, enabling RCE when exposed to the internet...

9.8CVSS6AI score0.00399EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

SGLang: Unauthenticated RCE via --enable-custom-logit-processor

SGLang's multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads will be deserialized without validation...

9.8CVSS6.6AI score0.00585EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

Langroid has Prompt to SQL Injection, Leading to RCE

Security Vulnerability Report: Prompt to SQL Injection leading to RCE in latest Langroid Affected Scopelangroid 0.63.0 Vulnerability Description SQLChatAgent executes SQL produced by an LLM, which is influenceable by prompt injection. When configured with a database role that has privileges...

9.8CVSS6.9AI score0.00409EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

django-s3file is vulnerable to relative path traversal

ImpactS3FileMiddleware is vulnerable to relative path traversal attacks, where an attacker can use a modified request to escape pre-signed upload locations and have the Django application load files from random locations into request.FILESDepending on how files are handled, this may lead to...

9.9CVSS6AI score0.00564EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

Rucio has SQL Injection in FilterEngine PostgreSQL Query Builder via DID Search API

SummaryA SQL injection vulnerability in FilterEngine.createpostgresquery allows any authenticated Rucio user to execute arbitrary SQL against the configured PostgreSQL metadata database through the DID search endpoint GET /dids//dids/search. When the external metadata plugin postgresmeta is...

9.9CVSS7AI score0.00301EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

llm CLI tool contains a code injection vulnerability via `--functions` command-line argument

The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...

9.8CVSS6.5AI score0.00327EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

mamba language model framework vulnerable to insecure deserialization when loading pre-trained models from HuggingFace Hub

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

9.8CVSS6.2AI score0.00409EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

Horovod contains an insecure deserialization vulnerability in its KVStore HTTP server component

Horovod thru 0.28.1 contains an insecure deserialization vulnerability CWE-502 in its KVStore HTTP server component. The KVStore server, used for distributed task coordination, lacks authentication and authorization controls, allowing any remote attacker to write arbitrary data via HTTP PUT...

9.8CVSS6.4AI score0.00687EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

PraisonAI call server exposes unauthenticated agent listing, invocation, and deletion when CALL_SERVER_TOKEN is unset

SummaryPraisonAI's call server exposes a network-facing agent control API without authentication when CALLSERVERTOKEN is not configured.The affected component is the praisonai.api.agentinvoke router as mounted by praisonai.api.call. The authentication helper verifytoken fails open when...

9.8CVSS5.9AI score0.00075EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

PraisonAI MCP `tools/call` path-traversal => RCE via Python `.pth` injection

SummaryPraisonAI's MCP Model Context Protocol server praisonai mcp serve registers four file-handling tools by default — praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and praisonai.workflow.show. Each accepts a path or filename string from MCP tools/call arguments and join...

9.6CVSS6.6AI score0.00619EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

Ludwig framework is vulnerable to insecure deserialization through its predict() method.

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization CWE-502 through its predict method. When a user provides a dataset file path to the predict method, the framework automatically determines the file format. If the file is a pickle .pkl file, it is loaded using...

9.8CVSS6.6AI score0.006EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

APScheduler's JSONSerializer and CBORSerializer are vulnerable to Remote Code Execution (RCE) via Insecure Deserialization

The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...

9.8CVSS6.2AI score0.0081EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView

The /add/ endpoint AddView in core/views.py accepts a config JSON field that gets merged into the crawl config without validation. This config is exported as environment variables when archive plugins run, allowing injection of arbitrary tool arguments to achieve RCE.When PUBLICADDVIEW=True commo...

9.8CVSS6.6AI score0.00404EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

praisonai-platform: Any workspace member can promote themselves or others to owner via PATCH /workspaces/{id}/members/{user_id}

SummaryType: Vertical privilege escalation. The PATCH /workspaces/workspaceid/members/userid endpoint is gated by requireworkspacememberworkspaceid, which defaults to minrole="member" and is never overridden by the route. The handler then calls MemberService.updateroleworkspaceid, userid, body.ro...

9.6CVSS6AI score0.00032EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

PraisonAI Vulnerable Untrusted Remote Template Code Execution

PraisonAI treats remotely fetched template files as trusted executable code without integrity verification, origin validation, or user confirmation, enabling supply chain attacks through malicious templates.--- DescriptionWhen a user installs a template from a remote source e.g., GitHub, PraisonA...

9.6CVSS6.4AI score0.00304EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

Boxlite: Path Traversal Vulnerability Leads to Arbitrary File Write on the Host

SummaryBoxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and run OCI containers within them. Boxlite allows users to specify the OCI image used by containers in the sandbox. However, when processing tar entries in OCI images, Boxlite does not account for...

9.6CVSS6.7AI score0.00482EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

amazon-redshift-python-driver vulnerable to Remote Code Execution via eval() Injection

Summaryamazon-redshift-python-driver is the official Python connector for Amazon Redshift. In versions 2.1.13 and earlier, the driver insufficiently validates data received from the server during query result processing. A rogue server or man-in-the-middle could leverage this to execute arbitrary...

9.8CVSS6.7AI score0.00808EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

PraisonAI's unauthenticated A2A official example can reach real LLM-driven `eval()` tool execution

SummaryThe first-party PraisonAI A2A server example combines three behaviors into a remotely exploitable Critical chain:1. The example exposes an A2A server without configuring authtoken.2. The same example binds the server to 0.0.0.0.3. The example registers a calculateexpression tool implemente...

9.8CVSS6.7AI score0.00084EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code

Summaryexecutecode in praisonai-agents runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed by passing a str subclass with an overridden startswith method to the safegetattr wrapper, achieving arbitrary OS command execution on the host. Detailspythontools.py:20...

10CVSS6.2AI score0.00707EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

Ludwig framework is vulnerable to insecure deserialization in its model serving component

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization CWE-502 in its model serving component. When starting a model server with the ludwig serve command, the framework loads model weight files using torch.load without enabling the security-restrictive weightsonly=True...

9.8CVSS6.6AI score0.00497EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

wger: cross-tenant password reset and plaintext disclosure via gym=None bypass

SummaryThe resetuserpassword and gympermissionsuseredit views in wger perform a gym-scope authorization check using Python object comparison != that evaluates None != None as False, silently bypassing the guard when both the attacker and victim have no gym assignment gym=None. A user with...

9.9CVSS6.2AI score0.00371EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

PraisonAI Has Path Traversal in FileTools

Executive Summary:The path validation has a critical logic bug: it checks for .. AFTER normpath has already collapsed all .. sequences. This makes the check completely useless and allows trivial path traversal to any file on the system.The path validation function also does not resolve the symlin...

9.2CVSS6.1AI score0.00416EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.1 views

pgAdmin 4 server mode has an authorization vulnerability affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules.Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...

9.9CVSS6.2AI score0.00455EPSS
Exploits0References6Affected Software1
Total number of security vulnerabilities4602