5616 matches found
Flask uses fallback key instead of current signing key
In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key.Signing is provided by the itsdangerous library. A list of keys can be passed, and it expects the last top key in the list to be the most...
Langroid has a Code Injection vulnerability in LanceDocChatAgent through vector_store
SummaryLanceDocChatAgent uses pandas eval through computefromdocs:https://github.com/langroid/langroid/blob/18667ec7e971efc242505196f6518eb19a0abc1c/langroid/vectorstore/base.pyL136-L150As a result, an attacker may be able to make the agent run malicious commands through QueryPlan.dataframecalc...
Apache Superset Allows Ownership Takeover
Improper Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions.This issue affects Apache Superset: through 4.1.1.Users are recommended to upgrade to version 4.1.2 or above, which fixes the issue...
docarray prototype pollution
A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function getitem of the file /docarray/data/torchdataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes...
markdownify allows large headline prefixes such as <h9999999>, which causes memory consumption
python-markdownify aka markdownify before 0.14.1 allows large headline prefixes such as in addition to through . This causes memory consumption...
AWorld OS Command Injection vulnerability
A vulnerability was found in inclusionAI AWorld up to 8c257626e648d98d793dd9a1a950c2af4dd84c4e. It has been rated as critical. This issue affects the function subprocess.run/subprocess.Popen of the file AWorld/aworld/virtualenvironments/terminals/shelltool.py. The manipulation leads to os command...
Mobile Security Framework (MobSF) Allows Stored Cross Site Scripting (XSS) via malicious SVG Icon Upload
Vulnerable MobSF Versions: = v4.3.2CVSS V4.0 Score: 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:NDetails:A Stored Cross-Site Scripting XSS vulnerability has been identified in MobSF versions ≤ 4.3.2. The vulnerability arises from improper sanitization of user-supplied SVG...
Langroid Allows XXE Injection via XMLToolMessage
SummaryA LLM application leveraging XMLToolMessage class may be exposed to untrusted XML input that could result in DoS and/or exposing local files with sensitive information. DetailsXMLToolMessage uses lxml without...
Crawl4AI SSRF vulnerability
Crawl4AI =0.4.247 is vulnerable to SSRF in /crawl4ai/asyncdispatcher.py...
LLaMA-Factory Allows Arbitrary Code Execution via Unsafe Deserialization in Ilamafy_baichuan2.py
DescriptionA critical vulnerability exists in the llamafybaichuan2.py script of the LLaMA-Factory project. The script performs insecure deserialization using torch.load on user-supplied .bin files from an input directory. An attacker can exploit this behavior by crafting a malicious .bin file tha...
Data exposure via ZeroMQ on multi-node vLLM deployment
ImpactIn a multi-node vLLM deployment, vLLM uses ZeroMQ for some multi-node communication purposes. The primary vLLM host opens an XPUB ZeroMQ socket and binds it to ALL interfaces. While the socket is always opened for a multi-node deployment, it is only used when doing tensor parallelism across...
Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack
Vulnerable MobSF Versions: = v4.3.2Details:MobSF is a widely adopted mobile application security testing tool used by security teams across numerous organizations. Typically, MobSF is deployed on centralized internal or cloud-based servers that also host other security tools and web applications...
Apache Airflow Common SQL Provider Vulnerable to SQL Injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Airflow Common SQL Provider.When using the partition clause in SQLTableCheckOperator as parameter which was a recommended pattern, Authenticated UI User could inject arbitrary SQL command wh...
AWS SAM CLI Path Traversal allows file copy to local cache
SummaryThe AWS Serverless Application Model Command Line Interface AWS SAM CLI is an open-source CLI tool that helps Lambda developers to build and develop Lambda applications locally on their computers using Docker.After completing a build with AWS SAM CLI which include symlinks, the content of...
Whoogle allows attackers to execute arbitrary code via supplying a crafted search query
An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to execute arbitrary code via supplying a crafted search query...
LMDeploy Improper Input Validation Vulnerability
A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been classified as critical. Affected is the function loadweightckpt of the file lmdeploy/lmdeploy/vl/model/utils.py of the component PT File Handler. The manipulation leads to deserialization. Attacking locally is a requirement...
InternLM LMDeploy code injection vulnerability
A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been declared as critical. Affected by this vulnerability is the function Open of the file lmdeploy/docs/en/conf.py. The manipulation leads to code injection. It is possible to launch the attack on the local host. The exploit has...
Mesop Class Pollution vulnerability leads to DoS and Jailbreak attacks
From @jackfromeast and @superboy-zjc:We have identified a class pollution vulnerability in Mesop = 0.14.0 application that allows attackers to overwrite global variables and class attributes in certain Mesop modules during runtime. This vulnerability could directly lead to a denial of service DoS...
jupyterlab-git has a command injection vulnerability in "Open Git Repository in Terminal"
OverviewOn many platforms, a third party can create a Git repository under a name that includes a shell command substitution ^1 string in the syntax $. These directory names are allowed in macOS and a majority of Linux distributions ^2. If a user starts jupyter-lab in a parent directory of this...
Litestar and Starlite vulnerable to Path Traversal
SummaryLocal File Inclusion via Path Traversal in LiteStar Static File ServingA Local File Inclusion LFI vulnerability has been discovered in the static file serving component of LiteStar. This vulnerability allows attackers to exploit path traversal flaws, enabling unauthorized access to sensiti...
Malicious code in dreamgen (PyPI)
Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08,malicious phantom releases of dreamgen were published to PyPI using stolencredentials. The package executes a bundled JavaScript payload via the Bunruntime on import that harvests and exfiltrates credentials and...
Synapse vulnerable to federation denial of service via malformed events
ImpactA malicious server can craft events with a depth outside the integer range allowed by Canonical JSON. When such an event is received by Synapse version up to 1.127.0, it prevents it from federating with other servers. The vulnerability has been exploited in the wild. PatchesFixed in Synapse...
Aim Excessive Data Query Operations in a Large Data Table vulnerability
In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of Text objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these...
LiteLLM Has an Improper Authorization Vulnerability
An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internaluserviewer' logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the applicatio...
MLflow Cross-Site Request Forgery (CSRF) vulnerability
A Cross-Site Request Forgery CSRF vulnerability exists in the Signup feature of mlflow/mlflow versions 2.17.0 to 2.20.1. This vulnerability allows an attacker to create a new account, which may be used to perform unauthorized actions on behalf of the malicious user...
Frappe has possibility of SQL injection due to improper validations
ImpactSQL injection could be achieved via a specially crafted request, which could allow malicious person to gain access to sensitive information. WorkaroundsUpgrading is required, no other workaround is present...
Frappe has Possibility of Remote Code Execution due to improper validation
ImpactA system user was able to create certain documents in a specific way that could lead to RCE. WorkaroundsThere's no workaround, an upgrade is required. CreditsThanks to Thanh of Calif.io for reporting the issue...
Frappe vulnerable to information disclosure leading to account takeover
ImpactMaking crafted requests could lead to information disclosure that could further lead to account takeover. WorkaroundsThere's no workaround to fix this without upgrading. CreditsThanks to Thanh of Calif.io for reporting the issue...
MLflow Uncontrolled Resource Consumption vulnerability
In mlflow/mlflow version 2.17.2, the /graphql endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given experiment. This can tie up all the workers allocated by MLFlow, rendering the application unable to...
Composio Eval Injection Vulnerability
In composiohq/composio version 0.4.3, the mathematicalcalculator endpoint uses the unsafe eval function to perform mathematical operations. This can lead to arbitrary code execution if untrusted input is passed to the eval function...
composio Server-Side Request Forgery (SSRF) vulnerability
A Server-Side Request Forgery SSRF vulnerability exists in composiohq/composio version v0.4.2, specifically in the /api/actions/execute/WEBTOOLSCRAPEWEBSITECONTENT endpoint. This vulnerability allows an attacker to read files, access AWS metadata, and interact with local services on the system...
H2O Vulnerable to Arbitrary File Overwrite
In h2oai/h2o-3 version 3.46.0, the /99/Models/name/json endpoint allows for arbitrary file overwrite on the target server. The vulnerability arises from the exportModelDetails function in ModelsHandler.java, where the user-controllable mexport.dir parameter is used to specify the file path for...
LiteLLM Reveals Portion of API Key via a Logging File
In berriai/litellm before version 1.44.12, the litellm/litellmcoreutils/litellmlogging.py file contains a vulnerability where the API key masking code only masks the first 5 characters of the key. This results in the leakage of almost the entire API key in the logs, exposing a significant amount ...
Gradio DOS in multipart boundry while uploading the file
A vulnerability in the file upload process of gradio-app/gradio version @gradio/[email protected] allows for a Denial of Service DoS attack. An attacker can append a large number of characters to the end of a multipart boundary, causing the system to continuously process each character and issue...
BentoML Denial of Service (DoS) via Multipart Boundary
BentoML version v1.3.4post1 is vulnerable to a Denial of Service DoS attack. The vulnerability can be exploited by appending characters, such as dashes -, to the end of a multipart boundary in an HTTP request. This causes the server to continuously process each character, leading to excessive...
LiteLLM Vulnerable to Denial of Service (DoS) via Crafted HTTP Request
A Denial of Service DoS vulnerability exists in berriai/litellm version v1.44.5. This vulnerability can be exploited by appending characters, such as dashes -, to the end of a multipart boundary in an HTTP request. The server continuously processes each character, leading to excessive resource...
composio allows Server-Side Request Forgery (SSRF) in BROWSERTOOL
A Server-Side Request Forgery SSRF vulnerability exists in composiohq/composio version v0.4.4. This vulnerability allows an attacker to read the contents of any file in the system by exploiting the BROWSERTOOLGOTOPAGE and BROWSERTOOLGETPAGEDETAILS actions...
H2O Vulnerable to Denial of Service (DoS) via `/3/ImportFiles` Endpoint
A vulnerability in the /3/ImportFiles endpoint of h2oai/h2o-3 version 3.46.1 allows an attacker to cause a denial of service. The endpoint takes a single GET parameter, path, which can be recursively set to reference itself. This leads the server to repeatedly call its own endpoint, eventually...
Aim Improper Access Control
In version 3.22.0 of aimhubio/aim, the AimQL query language uses an outdated version of the safergetattr function from RestrictedPython. This version does not protect against the str.formatmap method, allowing an attacker to leak server-side secrets or potentially gain unrestricted code execution...
Aim allows denial of service due to no timeouts for some tracking server endpoints
In version 3.23.0 of aimhubio/aim, certain methods that request data from external servers do not have set timeouts, causing the server to wait indefinitely for a response. This can lead to a denial of service, as the tracking server does not respond to other requests while waiting. The issue...
Gradio Vulnerable to Open Redirect
An open redirect vulnerability exists in the latest version of gradio-app/gradio. The vulnerability allows an attacker to redirect users to a malicious website by URL encoding. This can be exploited by sending a crafted request to the application, which results in a 302 redirect to an...
H2O Vulnerable to Denial of Service (DoS) via `HEAD` Request
A vulnerability in the typeahead endpoint of h2oai/h2o-3 version 3.46.0 allows for a denial of service. The endpoint performs a HEAD request to verify the existence of a specified resource without setting a timeout. An attacker can exploit this by sending multiple requests to an attacker-controll...
Prefect CORS (Cross-Origin Resource Sharing) misconfiguration
A CORS Cross-Origin Resource Sharing misconfiguration in prefecthq/prefect prior to version 3.0.3 allows unauthorized domains to access sensitive data. This vulnerability can lead to unauthorized access to the database, resulting in potential data leaks, loss of confidentiality, service disruptio...
PyTorch Lightning denial of service vulnerability
A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the /api/v1/state endpoint of LightningApp. This issue occurs due to improper handling of unexpected state values, which results in the server...
H2O Vulnerable to Denial of Service (DoS) via Large GZIP Parsing
In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploading and repeatedly parsing a large GZIP file can cause a denial of service. The server becomes unresponsive due to memory exhaustion and a large number of concurrent slow-running jobs. This issue arises from the improper handling...
Open WebUI Cross-Site Request Forgery (CSRF) Vulnerability
A vulnerability in open-webui/open-webui versions = 0.3.8 allows remote code execution by non-admin users via Cross-Site Request Forgery CSRF. The application uses cookies with the SameSite attribute set to lax for authentication and lacks CSRF tokens. This allows an attacker to craft a malicious...
Gunicorn HTTP Request/Response Smuggling vulnerability
Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data...
Aim Path Traversal vulnerability
In version 3.22.0 of aimhubio/aim, the LocalFileManager.cleanup function in the aim tracking server accepts a user-specified glob-pattern for deleting files. The function does not verify that the matched files are within the directory managed by LocalFileManager, allowing a maliciously crafted...
Open WebUI Allows Arbitrary File Write via the `download_model` Endpoint
In version 0.3.8 of open-webui/open-webui, an arbitrary file write vulnerability exists in the downloadmodel endpoint. When deployed on Windows, the application improperly handles file paths, allowing an attacker to manipulate the file path to write files to arbitrary locations on the server's...
Flask-CORS improper regex path matching vulnerability
corydolphin/flask-cors version 5.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching paths, which can lead to less restrictive CORS policies being applied to sensitive endpoints. This mismatch in regex...