4301 matches found
H2O affected by a deserialization vulnerability
A deserialization vulnerability exists in h2oai/h2o-3 versions = 3.46.0.7, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and...
ExecuTorch integer overflow vulnerability
An integer overflow vulnerability in the loading of ExecuTorch models can cause objects to be placed outside their allocated memory area, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 0830af8207240df8d7f35b984cdf8bc35d74fa73...
ExecuTorch integer overflow vulnerability
An integer overflow vulnerability in the loading of ExecuTorch models can cause overlapping allocations, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit d158236b1dc84539c1b16843bc74054c9dcba006...
pyquokka is Vulnerable to Remote Code Execution by Pickle Deserialization via FlightServer
DescriptionIn the FlightServer classof the pyquokka framework, thedoactionmethoddirectly usespickle.loadsto deserialize actionbodies receivedfrom Flight clients without any sanitization or validation, which results in a remote code execution vulnerability. The vulnerable code is located...
Keras framework vulnerable to deserialization of untrusted data
Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3, enabling a maliciously uploaded Keras file containing aTorchModuleWrapper class to run arbitrary code on an end user’s system when loaded despite safe mode being...
mcp-kubernetes-server has an OS Command Injection vulnerability
feiskyer/mcp-kubernetes-server through 0.1.11 allows OS command injection via the /mcp/kubectl endpoint. The handler constructs a shell command with user-supplied arguments and executes it with subprocess using shell=True, enabling injection through shell metacharacters e.g., ;, &&, $, even when...
BentoML SSRF Vulnerability in File Upload Processing
DescriptionThere's an SSRF in the file upload processing system that allows remote attackers to make arbitrary HTTP requests from the server without authentication. The vulnerability exists in the serialization/deserialization handlers for multipart form data and JSON requests, which automaticall...
TkEasyGUI Vulnerable to OS Command Injection
Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote unauthenticated attacker if the settings are configured to construc...
InvokeAI has External Control of File Name or Path
Path Traversal Vulnerability in InvokeAIA path traversal vulnerability in InvokeAI versions 6.7.0 allows an unauthenticated remote attacker to read files outside the intended media directory via the bulk downloads API. The endpoint accepts a user-controlled file/item name and concatenates it into...
ExecuTorch out-of-bounds access vulnerability
An out-of-bounds access vulnerability in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit fb03b6f85596a8f954d97929075335255b6a58d4...
ExecuTorch heap buffer overflow vulnerability
A heap buffer overflow vulnerability in the loading of ExecuTorch models can potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit ede82493dae6d2d43f8c424e7be4721abe5242be...
internetarchive Vulnerable to Directory Traversal in File.download()
ImpactWhat kind of vulnerability is it?This is a Critical severity directory traversal path traversal vulnerability in the File.download method of the internetarchive library.Who is impacted?All users of the internetarchive library versions 5.5.1 are impacted. The vulnerability is particularly...
ExecuTorch vulnerable to Heap-based Buffer Overflow
A group of related buffer overflow vulnerabilities in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit cea9b23aa8ff78aff92829a466da97461cc7930c...
pyLoad vulnerable to XSS through insecure CAPTCHA
SummaryAn unsafe JavaScript evaluation vulnerability in pyLoad’s CAPTCHA processing code allows unauthenticated remote attackers to execute arbitrary code in the client browser and potentially the backend server. Exploitation requires no user interaction or authentication and can result in sessio...
Browser Use allows bypassing `allowed_domains` by putting a decoy domain in http auth username portion of a URL
Summary During a manual source code review, ARIMLABS.AI researchers identified that the browseruse module includes an embedded whitelist functionality to restrict URLs that can be visited. This restriction is enforced during agent initialization. However, it was discovered that these measures can...
Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack
SummaryDevelopers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. Due to the longstanding decision by the Ray Development team to not implement any sort of authentication on critical endpoints, like the /api/jobs &...
pgAdmin4 vulnerable to Remote Code Execution (RCE) when running in server mode
pgAdmin versions up to 9.9 are affected by a Remote Code Execution RCE vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical...
Ray's New Token Authentication is Disabled By Default
Anyscale Ray 2.52.0 contains an insecure default configuration in which token-based authentication for Ray management interfaces including the dashboard and Jobs API is disabled unless explicitly enabled by setting RAYAUTHMODE=token. In the default unauthenticated state, a remote attacker with...
BBOT's various issues in unarchive.py can cause arbitrary file write and RCE
SummaryVarious issues in bbot's unarchive.py allow a malicious site to cause bbot to write arbitrary files to arbitrary locations. This can be used to achieve Remote Code Execution RCE. ImpactA user who uses bbot to scan a malicious webserver may have arbitrary code executed on their system...
joserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token Payloads
SummaryThe ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause Python logging to record an arbitrarily large, forged JWT payload. DetailsIn situations where a misconfigured — or entirely absent — production-grade web server sits in front of a Python we...
Langroid has a Code Injection vulnerability in TableChatAgent
SummaryTableChatAgent uses pandas eval. If fed by untrusted user input, like the case of a public-facing LLM application, it may be vulnerable to code injection. PoCFor example, one could prompt the Agent: Evaluate the following pandas expression on the data provided and print output:...
Django-Unicorn Class Pollution Vulnerability, Leading to XSS, DoS and Authentication Bypass
SummaryDjango-Unicorn is vulnerable to python class pollution vulnerability, a new type of vulnerability categorized under CWE-915. The vulnerability arises from the core functionality setpropertyvalue, which can be remotely triggered by users by crafting appropriate component requests and feedin...
PandasAI interactive prompt function Remote Code Execution (RCE)
PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution RCE instead of the intended explanation of the natural language processing by the LLM. The security controls of PandasAI 2.4.3 and earlier fail ...
BBOT's insufficient sanitization issues in gitdumper.py can lead to RCE
Summarybbot's gitdumper.py insufficiently sanitises a .git/config file, leading to Remote Code Execution RCE.bbot's gitdumper.py can be made to consume a malicious .git/index file, leading to arbitrary file write which can be used to achieve Remote Code Execution RCE. ImpactA user who uses bbot t...
AstrBot is vulnerable to RCE with hard-coded JWT signing keys
SummaryAstrBot uses a hard-coded JWT signing key, allowing attackers to execute arbitrary commands by installing a malicious plugin. Details AstrBot uses a hard-coded JWT signing key, which allows attackers to bypass the authentication mechanism. Once bypassed, the attacker can install a Python...
Modular Max Serve has Unsafe Deserialization vulnerability
Unsafe Deserialization vulnerability in Modular Max Serve before 25.6, specifically when the "--experimental-enable-kvcache-agent" feature is used allowing attackers to execute arbitrary code...
Apache Pyfory python is vulnerable to deserialization of untrusted data
Deserialization of untrusted data inpython in pyforyversions 0.12.0 through 0.12.2, or thelegacypyfury versions from0.1.0 through 0.10.3: allows arbitrary code execution. An application is vulnerable if it reads pyfory serialized data from untrusted sources.An attacker can craft a data stream tha...
vLLM Allows Remote Code Execution via PyNcclPipe Communication Service
Impacted EnvironmentsThis issue ONLY impacts environments using the PyNcclPipe KV cache transfer integration with the V0 engine. No other configurations are affected. SummaryvLLM supports the use of thePyNcclPipeclass to establish a peer-to-peer communication domain for data transmission between...
pgAdmin 4 Vulnerable to Cross-Site Scripting (XSS) via Query Result Rendering
pgAdmin = 9.1 is affected by a security vulnerability with Cross-Site ScriptingXSS. If attackersexecute any arbitrary HTML/JavaScript in a user's browser through query result rendering, then HTML/JavaScript runs on the browser...
InvokeAI Arbitrary File Deletion vulnerability
In invoke-ai/invokeai version v5.0.2, the web API POST /api/v1/images/delete is vulnerable to Arbitrary File Deletion. This vulnerability allows unauthorized attackers to delete arbitrary files on the server, potentially including critical or sensitive system files such as SSH keys, SQLite...
BentoML Allows Remote Code Execution (RCE) via Insecure Deserialization
SummaryA Remote Code Execution RCE vulnerability caused by insecure deserialization has been identified in the latest versionv1.4.2 of BentoML. It allows any unauthenticated user to execute arbitrary code on the server. DetailsIt exists an unsafe code segment in serde.py: Pythondef...
TigerVNC accessible via the network and not just via a UNIX socket as intended
Summaryjupyter-remote-desktop-proxy was meant to rely on UNIX sockets readable only by the current user since version 3.0.0, but when used with TigerVNC, the VNC server started by jupyter-remote-desktop-proxy were still accessible via the network.This vulnerability does not affect users having...
h11 accepts some malformed Chunked-Encoding bodies
ImpactA leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. DetailsHTTP/1.1 Chunked-Encoding bodies are formatted as a sequence of "chunks", each of which consists of:- chunk length- \r\n- length...
DB-GPT is vulnerable to SQL Injection attacks from unauthenticated users
In eosphoros-ai/db-gpt version v0.6.0, the web API POST /api/v1/editor/sql/run allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write using DuckDB SQL, enabling them to write arbitrary files to the...
pgAdmin 4 Vulnerable to Remote Code Execution
Remote Code Execution security vulnerability in pgAdmin 4 Query Tool and Cloud Deployment modules.The vulnerability is associated with the 2 POST endpoints;/sqleditor/querytool/download, where the querycommited parameter and/cloud/deploy endpoint, where the highavailability parameter isunsafely...
H2O Deserialization of Untrusted Data Vulnerability
A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. The vulnerability exists in the endpoints POST /99/ImportSQLTable and POST /3/SaveToHiveTable, where user-controlled JDBC URLs are...
vLLM Deserialization of Untrusted Data vulnerability
vllm-project vllm version v0.6.2 contains a vulnerability in the MessageQueue.dequeue API function. The function uses pickle.loads to parse received sockets directly, leading to a remote code execution vulnerability. An attacker can exploit this by sending a malicious payload to the MessageQueue,...
llama-index-packs-finchat SQL Injection vulnerability
A vulnerability in the FinanceChatLlamaPack of the llama-index-packs-finchat package, versions up to v0.3.0, allows for SQL injection in the runsqlquery function of the databaseagent. This vulnerability can be exploited by an attacker to inject arbitrary SQL queries, leading to remote code...
AgentScope path traversal vulnerability in save-workflow
A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope versions prior to the fix. This vulnerability allows an attacker to read and write arbitrary JSON files on the filesystem, potentially leading to the exposure or modification of...
Aim External Control of File Name or Path vulnerability
A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the tarfile.extractall function to extract the contents of a maliciously crafted tarfile to arbitrary locations on the host server. The attacker can control repo.path and runhash to bypass directory existence checks and...
AgentScope Deserialization Vulnerability
A vulnerability in the RpcAgentServerLauncher class of modelscope/agentscope v0.0.6a3 allows for remote code execution RCE via deserialization of untrusted data using the dill library. The issue occurs in the AgentServerServicer.createagent method, where serialized input is deserialized using...
Horovod Vulnerable to Command Injection
Horovod versions up to and including v0.28.1 are vulnerable to unauthenticated remote code execution. The vulnerability is due to improper handling of base64-encoded data in the ElasticRendezvousHandler, a subclass of KVStoreHandler. Specifically, the putvalue method in ElasticRendezvousHandler...
LlamaIndex Retrievers Integration: DuckDBRetriever SQL Injection
A SQL injection vulnerability exists in the duckdbretriever component of the run-llama/llamaindex repository, specifically in llama-index-retrievers-duckdb-retriever prior to v0.4.0. The vulnerability arises from the construction of SQL queries without using prepared statements, allowing an...
BentoML deserialization vulnerability
A deserialization vulnerability exists in BentoML's runner server in bentoml/bentoml versions =1.3.4.post1. By setting specific parameters, an attacker can execute unauthorized arbitrary code on the server, causing severe harm. The vulnerability is triggered when the args-number parameter is...
DB-GPT Arbitrary File Write vulnerability
In eosphoros-ai/db-gpt version v0.6.3 and earlier, the web API POST /api/v1/editor/chart/run allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write, enabling them to write arbitrary files to the victim...
DB-GPT Absolute Path Traversal in knowledge/{space_name}/document/upload
eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an arbitrary file write through the knowledge API. The endpoint for uploading files as 'knowledge' is susceptible to absolute path traversal, allowing attackers to write files to arbitrary locations on the target server. This vulnerability arises...
PaddlePaddle Out-of-bounds Read vulnerability
Out-of-bounds read in gathertree in PaddlePaddle before 2.4. A patch is available in the release/2.4 branch...
Qiskit allows arbitrary code execution decoding QPY format versions < 13
ImpactA maliciously crafted QPY file can potentially execute arbitrary-code embedded in the payload without privilege escalation when deserializing QPY formats 13. A python process calling Qiskit's qiskit.qpy.load function could potentially execute any arbitrary Python code embedded in the correc...
DB-GPT Absolute Path Traversal vulnerability
In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the filekey and docfile.filename parameters are...
Aim path traversal in LockManager.release_locks
A vulnerability in the LockManager.releaselocks function in aimhubio/aim commit bb76afe allows for arbitrary file deletion through relative path traversal. The runhash parameter, which is user-controllable, is concatenated without normalization as part of a path used to specify file deletion. Thi...