Lucene search
K
PypaMost viewed

5612 matches found

PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

llm CLI tool contains a code injection vulnerability via `--functions` command-line argument

The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...

9.8CVSS6.5AI score0.00327EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView

The /add/ endpoint AddView in core/views.py accepts a config JSON field that gets merged into the crawl config without validation. This config is exported as environment variables when archive plugins run, allowing injection of arbitrary tool arguments to achieve RCE.When PUBLICADDVIEW=True commo...

9.8CVSS6.6AI score0.00404EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

Langroid has Prompt to SQL Injection, Leading to RCE

Security Vulnerability Report: Prompt to SQL Injection leading to RCE in latest Langroid Affected Scopelangroid 0.63.0 Vulnerability Description SQLChatAgent executes SQL produced by an LLM, which is influenceable by prompt injection. When configured with a database role that has privileges...

9.8CVSS6.9AI score0.00409EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

PraisonAI MCP `tools/call` path-traversal => RCE via Python `.pth` injection

SummaryPraisonAI's MCP Model Context Protocol server praisonai mcp serve registers four file-handling tools by default — praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and praisonai.workflow.show. Each accepts a path or filename string from MCP tools/call arguments and join...

9.6CVSS6.6AI score0.00619EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

PySyft server-side arbitrary Python execution after code approval

PySyft Syft Datasite/Server versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions via @sy.syftfunction for remote execution on the server. While a...

9.8CVSS6.9AI score0.00631EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

PraisonAI call server exposes unauthenticated agent listing, invocation, and deletion when CALL_SERVER_TOKEN is unset

SummaryPraisonAI's call server exposes a network-facing agent control API without authentication when CALLSERVERTOKEN is not configured.The affected component is the praisonai.api.agentinvoke router as mounted by praisonai.api.call. The authentication helper verifytoken fails open when...

9.8CVSS5.9AI score0.00075EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

APScheduler's JSONSerializer and CBORSerializer are vulnerable to Remote Code Execution (RCE) via Insecure Deserialization

The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...

9.8CVSS6.2AI score0.0081EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

Horovod contains an insecure deserialization vulnerability in its KVStore HTTP server component

Horovod thru 0.28.1 contains an insecure deserialization vulnerability CWE-502 in its KVStore HTTP server component. The KVStore server, used for distributed task coordination, lacks authentication and authorization controls, allowing any remote attacker to write arbitrary data via HTTP PUT...

9.8CVSS6.4AI score0.00687EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

amazon-redshift-python-driver vulnerable to Remote Code Execution via eval() Injection

Summaryamazon-redshift-python-driver is the official Python connector for Amazon Redshift. In versions 2.1.13 and earlier, the driver insufficiently validates data received from the server during query result processing. A rogue server or man-in-the-middle could leverage this to execute arbitrary...

9.8CVSS6.7AI score0.00808EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

dash-uploader has a directory traversal vulnerability

ImpactAn unauthenticated path traversal vulnerability exists in dash-uploader versions 0.1.0 through 0.7.0a2. The library's HTTP request handler at dashuploader/httprequesthandler.py reads three form parameters uploadid, resumableFilename, resumableIdentifier from request.form.get and passes them...

9.8CVSS7.5AI score0.05982EPSS
Exploits4References9Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

OpenViking: Unauthenticated remote bot control via OpenAPI HTTP routes

OpenViking prior to commitc7bb167 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the apikey configuration value is unset or empty. Remote attackers with network access to the exposed service can invoke...

9.1CVSS6AI score0.00571EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

praisonai-platform: JWT signing key defaults to hardcoded "dev-secret-change-me", allowing token forgery for any user when PLATFORM_ENV is unset

SummaryType: Insecure default cryptographic key. The JWT signing secret defaults to the hardcoded literal "dev-secret-change-me" when PLATFORMJWTSECRET is unset. A safety check exists but only fires when PLATFORMENV != "dev"; the default value of PLATFORMENV is "dev", so the check is silently...

9.8CVSS6.1AI score0.00054EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained download_path in confluence_download_attachment

SummaryThe confluencedownloadattachment MCP tool accepts a downloadpath parameter that is written to without any directory boundary enforcement. An attacker who can call this tool and supply or access a Confluence attachment with malicious content can write arbitrary content to any path the serve...

9CVSS6.7AI score0.0226EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

PickleScan's profile.run blocklist mismatch allows exec() bypass

Summarypicklescan v1.0.3 blocks profile.Profile.run and profile.Profile.runctx but does NOT block the module-level profile.run function. A malicious pickle calling profile.runstatement achieves arbitrary code execution via exec while picklescan reports 0 issues. This is because the blocklist entr...

9.8CVSS6.5AI score0.0046EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

excel-mcp-server has a Path Traversal issue

SummaryA path traversal vulnerability exists in excel-mcp-server versions up to and including 0.1.7. When running in SSE or Streamable-HTTP transport mode the documented way to use this server remotely, an unauthenticated attacker on the network can read, write, and overwrite arbitrary files on t...

9.4CVSS6.2AI score0.00391EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

PraisonAI has critical RCE via `type: job` workflow YAML

praisonai workflow run loads untrusted YAML and if type: job executes steps through JobWorkflowExecutor in jobworkflow.py.This supports: - run: → shell command execution via subprocess.run- script: → inline Python execution via exec- python: → arbitrary Python script execution A malicious YAML fi...

9.8CVSS6.3AI score0.00609EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

ajenti.plugin.core has password bypass when 2FA is activated

ImpactIf the 2FA was activated, it was possible to bypass the password authentication PatchesThis is fixed in the version 0.112. Users should upgrade to this version as soon as possible...

9.3CVSS5.9AI score0.00329EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

Mesop has a Path Traversal utilizing `FileStateSessionBackend` leads to Application Denial of Service and File Write/Deletion

SummaryA Path Traversal vulnerability allows any user or attacker supplying an untrusted statetoken through the UI stream payload to arbitrarily target files on the disk under the standard file-based runtime backend. This can result in application denial of service via crash loops when reading...

10CVSS6.1AI score0.00713EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

External Control of File Name or Path in h2oai/h2o-3

Remote unauthenticated attackers can overwrite arbitrary server files with attacker-controllable data. The data that the attacker can control is not entirely arbitrary. h2o writes a CSV/XLS/etc file to disk, so the attacker data is wrapped in quotations and starts with "C1", if they're exporting ...

9.3CVSS7.3AI score0.00715EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

SGLang's encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module

SGLang's encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads without authentication...

9.8CVSS7.5AI score0.01158EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

Glances's Browser API Exposes Reusable Downstream Credentials via `/api/4/serverslist`

SummaryIn Central Browser mode, the /api/4/serverslist endpoint returns raw server objects from GlancesServersList.getserverslist. Those objects are mutated in-place during background polling and can contain a uri field with embedded HTTP Basic credentials for downstream Glances servers, using th...

9.1CVSS6.6AI score0.00472EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

Command Injection in Apache Airflow and Apache Airflow MySQL Provider

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0...

9.8CVSS7.2AI score0.11082EPSS
Exploits2References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint

SummaryThe POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data containing arbitrary Python code in node definitions instead of the stored flow...

9.8CVSS8.1AI score0.99972EPSS
Exploits51References14Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

MLflow allowed arbitrary files to be PUT onto the server

MLflow allowed arbitrary files to be PUT onto the server...

10CVSS7.1AI score0.04408EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

weixin-python XML External Entity vulnerability

A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/toxml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The name...

9.8CVSS6.2AI score0.00775EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

Code Injection in paddlepaddle

The vulnerability arises from the way the url parameter is incorporated into the command string without proper validation or sanitization. If the url is constructed from untrusted sources, an attacker could potentially inject malicious commands...

9.3CVSS7.1AI score0.00456EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

Hyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VC

ImpactWhen verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs LDP-VCs, the result of verifying the presentation document.proof was not factored into the final verified value true/false on the presentation record. Below is an example result from verifying a JSON-LD...

9.9CVSS7AI score0.00627EPSS
Exploits1References9Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

LlamaIndex includes an exec call for `import {cls_name}`

An issue was discovered in llamaindex before 0.10.38. download/integration.py includes an exec call for import clsname...

9.8CVSS7.2AI score0.00528EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

H2O.ai H2O vulnerable to deserialization attacks via a JDBC Connection URL

H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to deserialization attacks, file reads, and command execution. Exploitation can occur when an attacker has access to post to the ImportSQLTable URI with a JSON document containing a connectionurl property with a...

9.1CVSS7.1AI score0.00899EPSS
Exploits1References10Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

pyload-ng vulnerable to RCE with js2py sandbox escape

SummaryAny pyload-ng running under python3.11 or below are vulnerable under RCE. Attacker can send a request containing any shell command and the victim server will execute it immediately. Detailsjs2py has a vulnerability of sandbox escape assigned as CVE-2024-28397, which is used by the...

9.8CVSS6.8AI score0.16513EPSS
Exploits22References7Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

llama-cpp-python vulnerable to Remote Code Execution by Server-Side Template Injection in Model Metadata

Descriptionllama-cpp-python depends on class Llama in llama.py to load .gguf llama.cpp or Latency Machine Learning Models. The init constructor built in the Llama takes several parameters to configure the loading and running of the model. Other than NUMA, LoRa settings, loading tokenizers, and...

9.6CVSS7.6AI score0.2842EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

TorchServe vulnerable to bypass of allowed_urls configuration

ImpactTorchServe's check on allowedurls configuration can be by-passed if the URL contains characters such as ".." but it does not prevent the model from being downloaded into the model store. Once a file is downloaded, it can be referenced without providing a URL the second time, which effective...

9.8CVSS5.9AI score0.00792EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

Gradio allows users to access arbitrary files

ImpactThis vulnerability allows users of Gradio applications that have a public link such as on Hugging Face Spaces to access files on the machine hosting the Gradio application. This involves intercepting and modifying the network requests made by the Gradio app to the server. PatchesYes, the...

9.2CVSS7AI score0.85393EPSS
Exploits2References7Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

ConsoleMe has an Arbitrary File Read Vulnerability via Limited Git command

ID: NFLX-2024-002 ImpactAuthenticated users can achieve limited RCE in ConsoleMe, restricted to flag inputs on a single CLI command. Due to this constraint, it is not currently known whether full RCE is possible but it is unlikely. However, a specific flag allows authenticated users to read any...

9.6CVSS6AI score0.00928EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service

Important: Exploiting this vulnerability requires the attacker to have access to your Frigate instance, which means they could also just delete all of your recordings or perform any other action. If you have configured authentication in front of Frigate via a reverse proxy, then this vulnerabilit...

9.3CVSS7AI score0.49774EPSS
Exploits0References12Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

SQLAlchemyDA unauthenticated arbitrary SQL query execution

ImpactThe vulnerability allows unauthenticated execution of arbitrary SQL statements on the database the SQLAlchemyDA instance is connected to. All users are affected. PatchesThe problem has been patched in version 2.2. WorkaroundsThere is no workaround. All users are urged to upgrade to version ...

9.8CVSS7.4AI score0.00881EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

PaddlePaddle Path Traversal vulnerability

Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6...

9.1CVSS7.2AI score0.01048EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint

BerriAI/litellm is vulnerable to Server-Side Template Injection SSTI via the /completions endpoint. The vulnerability arises from the hfchattemplate method processing the chattemplate parameter from the tokenizerconfig.json file through the Jinja template engine without proper sanitization...

9.8CVSS7.5AI score0.01256EPSS
Exploits1References9Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

Insecure deserialization in BentoML

An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution RCE by sending a specially crafted POST request. By exploiting this vulnerability, attackers can execute arbitrary commands on the server hosting the BentoML application. The vulnerability is...

10CVSS8.1AI score0.01497EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

llama-index-core Prompt Injection vulnerability leading to Arbitrary Code Execution

A vulnerability was identified in the executils class of the llamaindex package, specifically within the safeeval function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be exploited to bypass method...

9.8CVSS7.5AI score0.01233EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

pyLoad allows upload to arbitrary folder lead to RCE

SummaryAn authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution Detailsexample version: 0.5file:src/pyload/webui/app/blueprints/[email protected]"/render/", endpoint="render"def renderfilename: mimetype =...

9.1CVSS7.5AI score0.01354EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

Aim Web API vulnerable to Remote Code Execution

A critical Remote Code Execution RCE vulnerability was identified in the aimhubio/aim project, specifically within the /api/runs/search/run/ endpoint, affecting versions = 3.0.0. The vulnerability resides in the runsearchapi function of the aim/web/api/runs/views.py file, where improper restricti...

9.8CVSS7.8AI score0.018EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user

pgAdmin prior to version 8.4 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is...

9.9CVSS7.3AI score0.79326EPSS
Exploits4References8Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

PyMySQL SQL Injection vulnerability

PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escapedict...

9.8CVSS6.6AI score0.00691EPSS
Exploits1References9Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

PaddlePaddle vulnerable to remote code execution

remote code execution in paddlepaddle/paddle 2.6.0...

9.8CVSS7.8AI score0.01638EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

Keras code injection vulnerability

A arbitrary code injection vulnerability in TensorFlow's Keras framework 2.13 allows attackers to execute arbitrary code with the same permissions as the application using a model that allow arbitrary code irrespective of the application...

9.8CVSS7.7AI score0.01745EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

llama-index-core Command Injection vulnerability

A command injection vulnerability exists in the run-llama/llamaindex repository, specifically within the safeeval function. Attackers can bypass the intended security mechanism, which checks for the presence of underscores in code generated by LLM, to execute arbitrary code. This is achieved by...

9.8CVSS8AI score0.02862EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

BackendAI Missing Authentication for Critical Function

Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration is disabled...

9.8CVSS6.1AI score0.00375EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

asyncmy is vulnerable to SQL injection via crafted dict keys

SQL injection vulnerability in long2ice asyncmy thru 0.2.10 allows attackers to execute arbitrary SQL commands via crafted dict keys...

9.8CVSS6.2AI score0.00373EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

Rasa Allows Remote Code Execution via Remote Model Loading

VulnerabilityA vulnerability has been identified in Rasa Pro and Rasa Open Source that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution.The prerequisites for this are:- The HTTP API must be enabled on the Ra...

9CVSS6AI score0.00895EPSS
Exploits0References6Affected Software1
Total number of security vulnerabilities5000