Lucene search
K
PypaMost viewed

5612 matches found

PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

terminal-controller-mcp vulnerable to Command Injection

A command injection vulnerability in the executecommand function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary commands via a crafted input...

10CVSS6.2AI score0.01891EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

Guardrails AI contains a code injection vulnerability in its Hub package installation mechanism

Guardrails AI thru 0.6.7 contains a code injection vulnerability CWE-94 in its Hub package installation mechanism. When installing validator packages via guardrails hub install, the system retrieves a manifest from the Guardrails Hub and dynamically executes a script specified in the postinstall...

9.8CVSS6.4AI score0.00635EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

Ludwig framework is vulnerable to insecure deserialization through its predict() method.

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization CWE-502 through its predict method. When a user provides a dataset file path to the predict method, the framework automatically determines the file format. If the file is a pickle .pkl file, it is loaded using...

9.8CVSS6.6AI score0.006EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView

The /add/ endpoint AddView in core/views.py accepts a config JSON field that gets merged into the crawl config without validation. This config is exported as environment variables when archive plugins run, allowing injection of arbitrary tool arguments to achieve RCE.When PUBLICADDVIEW=True commo...

9.8CVSS6.6AI score0.00404EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

PraisonAI MCP `tools/call` path-traversal => RCE via Python `.pth` injection

SummaryPraisonAI's MCP Model Context Protocol server praisonai mcp serve registers four file-handling tools by default — praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and praisonai.workflow.show. Each accepts a path or filename string from MCP tools/call arguments and join...

9.6CVSS6.6AI score0.00619EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

PraisonAI call server exposes unauthenticated agent listing, invocation, and deletion when CALL_SERVER_TOKEN is unset

SummaryPraisonAI's call server exposes a network-facing agent control API without authentication when CALLSERVERTOKEN is not configured.The affected component is the praisonai.api.agentinvoke router as mounted by praisonai.api.call. The authentication helper verifytoken fails open when...

9.8CVSS5.9AI score0.00075EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

Horovod contains an insecure deserialization vulnerability in its KVStore HTTP server component

Horovod thru 0.28.1 contains an insecure deserialization vulnerability CWE-502 in its KVStore HTTP server component. The KVStore server, used for distributed task coordination, lacks authentication and authorization controls, allowing any remote attacker to write arbitrary data via HTTP PUT...

9.8CVSS6.4AI score0.00687EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

APScheduler's JSONSerializer and CBORSerializer are vulnerable to Remote Code Execution (RCE) via Insecure Deserialization

The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...

9.8CVSS6.2AI score0.0081EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

amazon-redshift-python-driver vulnerable to Remote Code Execution via eval() Injection

Summaryamazon-redshift-python-driver is the official Python connector for Amazon Redshift. In versions 2.1.13 and earlier, the driver insufficiently validates data received from the server during query result processing. A rogue server or man-in-the-middle could leverage this to execute arbitrary...

9.8CVSS6.7AI score0.00808EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained download_path in confluence_download_attachment

SummaryThe confluencedownloadattachment MCP tool accepts a downloadpath parameter that is written to without any directory boundary enforcement. An attacker who can call this tool and supply or access a Confluence attachment with malicious content can write arbitrary content to any path the serve...

9CVSS6.7AI score0.0226EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

PickleScan's profile.run blocklist mismatch allows exec() bypass

Summarypicklescan v1.0.3 blocks profile.Profile.run and profile.Profile.runctx but does NOT block the module-level profile.run function. A malicious pickle calling profile.runstatement achieves arbitrary code execution via exec while picklescan reports 0 issues. This is because the blocklist entr...

9.8CVSS6.5AI score0.0046EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

ajenti.plugin.core has password bypass when 2FA is activated

ImpactIf the 2FA was activated, it was possible to bypass the password authentication PatchesThis is fixed in the version 0.112. Users should upgrade to this version as soon as possible...

9.3CVSS5.9AI score0.00329EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

excel-mcp-server has a Path Traversal issue

SummaryA path traversal vulnerability exists in excel-mcp-server versions up to and including 0.1.7. When running in SSE or Streamable-HTTP transport mode the documented way to use this server remotely, an unauthenticated attacker on the network can read, write, and overwrite arbitrary files on t...

9.4CVSS6.2AI score0.00391EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

PraisonAI has critical RCE via `type: job` workflow YAML

praisonai workflow run loads untrusted YAML and if type: job executes steps through JobWorkflowExecutor in jobworkflow.py.This supports: - run: → shell command execution via subprocess.run- script: → inline Python execution via exec- python: → arbitrary Python script execution A malicious YAML fi...

9.8CVSS6.3AI score0.00609EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

Mesop has a Path Traversal utilizing `FileStateSessionBackend` leads to Application Denial of Service and File Write/Deletion

SummaryA Path Traversal vulnerability allows any user or attacker supplying an untrusted statetoken through the UI stream payload to arbitrarily target files on the disk under the standard file-based runtime backend. This can result in application denial of service via crash loops when reading...

10CVSS6.1AI score0.00713EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

External Control of File Name or Path in h2oai/h2o-3

Remote unauthenticated attackers can overwrite arbitrary server files with attacker-controllable data. The data that the attacker can control is not entirely arbitrary. h2o writes a CSV/XLS/etc file to disk, so the attacker data is wrapped in quotations and starts with "C1", if they're exporting ...

9.3CVSS7.3AI score0.00715EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

SGLang's encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module

SGLang's encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads without authentication...

9.8CVSS7.5AI score0.01158EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

Command Injection in Apache Airflow and Apache Airflow MySQL Provider

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0...

9.8CVSS7.2AI score0.11082EPSS
Exploits2References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint

SummaryThe POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data containing arbitrary Python code in node definitions instead of the stored flow...

9.8CVSS8.1AI score0.99972EPSS
Exploits51References14Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

Apache Airflow Sqoop Provider Improper Input Validation vulnerability

Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider. This issue affects Apache Airflow Sqoop Provider versions before 3.1.1...

9.8CVSS7.2AI score0.01895EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

Gradio allows users to access arbitrary files

ImpactThis vulnerability allows users of Gradio applications that have a public link such as on Hugging Face Spaces to access files on the machine hosting the Gradio application. This involves intercepting and modifying the network requests made by the Gradio app to the server. PatchesYes, the...

9.2CVSS7AI score0.85393EPSS
Exploits2References7Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

ConsoleMe has an Arbitrary File Read Vulnerability via Limited Git command

ID: NFLX-2024-002 ImpactAuthenticated users can achieve limited RCE in ConsoleMe, restricted to flag inputs on a single CLI command. Due to this constraint, it is not currently known whether full RCE is possible but it is unlikely. However, a specific flag allows authenticated users to read any...

9.6CVSS6AI score0.00928EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

PaddlePaddle Path Traversal vulnerability

Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6...

9.1CVSS7.2AI score0.01048EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint

BerriAI/litellm is vulnerable to Server-Side Template Injection SSTI via the /completions endpoint. The vulnerability arises from the hfchattemplate method processing the chattemplate parameter from the tokenizerconfig.json file through the Jinja template engine without proper sanitization...

9.8CVSS7.5AI score0.01256EPSS
Exploits1References9Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

pyLoad allows upload to arbitrary folder lead to RCE

SummaryAn authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution Detailsexample version: 0.5file:src/pyload/webui/app/blueprints/[email protected]"/render/", endpoint="render"def renderfilename: mimetype =...

9.1CVSS7.5AI score0.01354EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

Aim Web API vulnerable to Remote Code Execution

A critical Remote Code Execution RCE vulnerability was identified in the aimhubio/aim project, specifically within the /api/runs/search/run/ endpoint, affecting versions = 3.0.0. The vulnerability resides in the runsearchapi function of the aim/web/api/runs/views.py file, where improper restricti...

9.8CVSS7.8AI score0.018EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

BackendAI Missing Authentication for Critical Function

Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration is disabled...

9.8CVSS6.1AI score0.00375EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

llama_index vulnerable to SQL Injection

Multiple vector store integrations in run-llama/llamaindex version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index...

9.8CVSS7.3AI score0.00581EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

pyLoad CNL Blueprint allows Path Traversal through `dlc_path` which leads to Remote Code Execution (RCE)

SummaryPath Traversal in pyLoad-ng CNL Blueprint via package parameter allows Arbitrary File Write leading to Remote Code Execution RCE The addcrypted endpoint in pyload-ng suffers from an unsafe path construction vulnerability, allowing unauthenticated attackers to write arbitrary files outside...

9.8CVSS8AI score0.01191EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

Langflow Unauth RCE

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code...

9.8CVSS7.7AI score0.99972EPSS
Exploits33References11Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

rfc3161-client has insufficient verification for timestamp response signatures

Impactrfc3161-client 1.0.2 and earlier contain a flaw in their timestamp response signature verification logic. In particular, it performs chain verification against the TSR's embedded certificates up to the trusted roots, but fails to verify the TSR's own signature against the timestamping leaf...

9.3CVSS5.9AI score0.00147EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

Hugging Face smolagents: Unsafe deserialization in Remote Python Executor leads to RCE

Hugging Face smolagents Remote Python Executor Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face smolagents. Authentication is not required to exploit this...

10CVSS7.7AI score0.0083EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

Cybersecurity AI (CAI) vulnerable to Command Injection in run_ssh_command_with_credentials Agent tool

SummaryA command injection vulnerability is present in the function tool runsshcommandwithcredentials available to AI agents. Details This is the source code of the function tool runsshcommandwithcredentials code: python@functiontooldef runsshcommandwithcredentials host: str, username: str,...

9.6CVSS6.3AI score0.01799EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

Apache Airflow Providers Edge3 exposes internal API allowing RCE in web server context

Edge3 Worker RPC RCE on Airflow 2.This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if projects installed and configured it on Airflow 2.The Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if projects installed and...

9.8CVSS6.1AI score0.00823EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

pgadmin4 has a Meta-Command Filter Command Execution

The PLAIN restore meta-command filter introduced in pgAdmin as part of the fix for CVE-2025-12762 does not detect meta-commands when a SQL file begins with a UTF-8 Byte Order Mark EF BB BF or other special byte sequences. The implemented filter uses the function hasmetacommands, which scans raw...

9.8CVSS7.6AI score0.12217EPSS
Exploits2References8Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

DeepDiff Class Pollution in Delta class leading to DoS, Remote Code Execution, and more

SummaryPython class pollution is a novel vulnerability categorized under CWE-915. The Delta class is vulnerable to class pollution via its constructor, and when combined with a gadget available in DeltaDiff itself, it can lead to Denial of Service and Remote Code Execution via insecure Pickle...

10CVSS6.7AI score0.01056EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

smolagents has Sandbox Escape Vulnerability in the local_python_executor.py Module

A sandbox escape vulnerability was identified in huggingface/smolagents version 1.14.0, allowing attackers to bypass the restricted execution environment and achieve remote code execution RCE. The vulnerability stems from the localpythonexecutor.py module, which inadequately restricts Python code...

10CVSS7.9AI score0.18654EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

Apache Pyfory python is vulnerable to deserialization of untrusted data

Deserialization of untrusted data inpython in pyforyversions 0.12.0 through 0.12.2, or thelegacypyfury versions from0.1.0 through 0.10.3: allows arbitrary code execution. An application is vulnerable if it reads pyfory serialized data from untrusted sources.An attacker can craft a data stream tha...

9.8CVSS6.4AI score0.41255EPSS
Exploits2References9Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

Apache Pyfory python is vulnerable to deserialization of untrusted data

Deserialization of untrusted data inpython in pyforyversions 0.12.0 through 0.12.2, or thelegacypyfury versions from0.1.0 through 0.10.3: allows arbitrary code execution. An application is vulnerable if it reads pyfory serialized data from untrusted sources.An attacker can craft a data stream tha...

9.8CVSS6.4AI score0.41255EPSS
Exploits2References9Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

Django-Unicorn Class Pollution Vulnerability, Leading to XSS, DoS and Authentication Bypass

SummaryDjango-Unicorn is vulnerable to python class pollution vulnerability, a new type of vulnerability categorized under CWE-915. The vulnerability arises from the core functionality setpropertyvalue, which can be remotely triggered by users by crafting appropriate component requests and feedin...

9.3CVSS6AI score0.0047EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

BBOT's insufficient sanitization issues in gitdumper.py can lead to RCE

Summarybbot's gitdumper.py insufficiently sanitises a .git/config file, leading to Remote Code Execution RCE.bbot's gitdumper.py can be made to consume a malicious .git/index file, leading to arbitrary file write which can be used to achieve Remote Code Execution RCE. ImpactA user who uses bbot t...

9.6CVSS6.3AI score0.00447EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

PandasAI interactive prompt function Remote Code Execution (RCE)

PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution RCE instead of the intended explanation of the natural language processing by the LLM. The security controls of PandasAI 2.4.3 and earlier fail ...

9.8CVSS6.6AI score0.0122EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

AstrBot is vulnerable to RCE with hard-coded JWT signing keys

SummaryAstrBot uses a hard-coded JWT signing key, allowing attackers to execute arbitrary commands by installing a malicious plugin. Details AstrBot uses a hard-coded JWT signing key, which allows attackers to bypass the authentication mechanism. Once bypassed, the attacker can install a Python...

9.8CVSS6.4AI score0.00281EPSS
Exploits2References8Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

Langroid has a Code Injection vulnerability in TableChatAgent

SummaryTableChatAgent uses pandas eval. If fed by untrusted user input, like the case of a public-facing LLM application, it may be vulnerable to code injection. PoCFor example, one could prompt the Agent: Evaluate the following pandas expression on the data provided and print output:...

9.8CVSS6AI score0.00741EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

Modular Max Serve has Unsafe Deserialization vulnerability

Unsafe Deserialization vulnerability in Modular Max Serve before 25.6, specifically when the "--experimental-enable-kvcache-agent" feature is used allowing attackers to execute arbitrary code...

9.3CVSS6.4AI score0.00297EPSS
Exploits1References10Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

Cobbler Improper Validation of Security Tokens

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API /cobblerapi that can result in Privilege escalation, data manipulation or...

9.8CVSS7.1AI score0.6786EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

Plone Unauthenticated Write Vulnerability

A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT overwrite some content without needing write permission...

9.8CVSS7.2AI score0.02258EPSS
Exploits0References10Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

OpenStack os-vif Ageing time of 0 disables linuxbridge MAC learning

In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of packets for instance...

9.1CVSS7.2AI score0.02591EPSS
Exploits0References11Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

OpenStack Object Storage (swift) Code Injection vulnerability

OpenStack Object Storage swift before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object...

9.8CVSS7.6AI score0.06518EPSS
Exploits0References19Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

OpenStack Murano Code Execution

OpenStack Murano before 1.0.3 liberty and 2.x before 2.0.1 mitaka, Murano-dashboard before 1.0.3 liberty and 2.x before 2.0.1 mitaka, and python-muranoclient before 0.7.3 liberty and 0.8.x before 0.8.5 mitaka improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files,...

9.8CVSS7.6AI score0.03166EPSS
Exploits0References11Affected Software1
Total number of security vulnerabilities5000