5612 matches found
Fickling has a bypass via runpy.run_path() and runpy.run_module()
Fickling's assessmentrunpy was added to the list of unsafe imports https://github.com/trailofbits/fickling/commit/9a2b3f89bd0598b528d62c10a64c1986fcb09f66. Original report SummaryFickling versions up to and including 0.1.6 do not treat Python’s runpy module as unsafe. Because of this, a malicious...
Fickling Blocklist Bypass: cProfile.run()
Fickling's assessmentcProfile was added to the list of unsafe imports https://github.com/trailofbits/fickling/commit/dc8ae12966edee27a78fe05c5745171a2b138d43. Original report Description SummaryFickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because of...
Fickling has Static Analysis Bypass via Incomplete Dangerous Module Blocklist
Fickling's assessmentctypes, importlib, runpy, code and multiprocessing were added the list of unsafe imports https://github.com/trailofbits/fickling/commit/9a2b3f89bd0598b528d62c10a64c1986fcb09f66, https://github.com/trailofbits/fickling/commit/eb299b453342f1931c787bcb3bc33f3a03a173f9,...
NiceGUI is vulnerable to XSS via Unescaped URL in ui.navigate.history.push() / replace()
SummaryXSS risk exists in NiceGUI when developers pass attacker-controlled strings into ui.navigate.history.push or ui.navigate.history.replace. These helpers are documented as History API wrappers for updating the browser URL without page reload. However, if the URL argument is embedded into...
AcademySoftwareFoundation OpenColorIO has an out-of-bounds vulnerability
A vulnerability was found in AcademySoftwareFoundation OpenColorIO up to 2.5.0. This issue affects the function ConvertToRegularExpression of the file src/OpenColorIO/FileRules.cpp. Performing a manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has...
Authlib has 1-click Account Takeover vulnerability
Security Advisory: Cache-Backed State Storage CSRF in AuthlibThe Security Labs team at Snyk has reported a security issue affecting Authlib, identified during a recent research project.The Snyk Security Labs team has identified a vulnerability that can result in a one-click account takeover in...
Fickling vulnerable to detection bypass due to "builtins" blindness
Fickling's assessmentFickling started emitting AST nodes for builtins imports in order to match them during analysis https://github.com/trailofbits/fickling/commit/9f309ab834797f280cb5143a2f6f987579fa7cdf. Original report SummaryFickling works byPickle bytecode -- AST -- Security analysisHowever...
LIEF is vulnerable to segmentation fault
A security flaw has been discovered in lief-project LIEF up to 0.17.1. Affected by this issue is the function Parser::parsebinary of the file src/ELF/Parser.tcc of the component ELF Binary Parser. The manipulation results in null pointer dereference. The attack must be initiated from a local...
NiceGUI apps which use `ui.sub_pages` vulnerable to zero-click XSS
SummaryAn unsafe implementation in the pushstate event listener used by ui.subpages allows an attacker to manipulate the fragment identifier of the URL, which they can do despite being cross-site, using an iframe. DetailsThe problem is traced as follows:1. On pushstate, handleStateEvent is...
NiceGUI has Redis connection leak via tab storage causes service degradation
SummaryAn unauthenticated attacker can exhaust Redis connections by repeatedly opening and closing browser tabs on any NiceGUI application using Redis-backed storage. Connections are never released, leading to service degradation when Redis hits its connection limit.NiceGUI continues accepting ne...
pypdf has possible long runtimes for missing /Root object with large /Size values
ImpactAn attacker who exploits this vulnerability can craft a PDF which leads to possibly long runtimes for actually invalid files. This can be achieved by omitting the /Root entry in the trailer, while using a rather large /Size value. Only the non-strict reading mode is affected. PatchesThis ha...
pypdf has possible long runtimes for malformed startxref
ImpactAn attacker who exploits this vulnerability can craft a PDF which leads to possibly long runtimes for invalid startxref entries. When rebuilding the cross-reference table, PDF files with lots of whitespace characters become problematic. Only the non-strict reading mode is affected...
Fickling vulnerable to use of ctypes and pydoc gadget chain to bypass detection
Fickling's assessmentpydoc and ctypes were added to the list of unsafe imports https://github.com/trailofbits/fickling/commit/b793563e60a5e039c5837b09d7f4f6b92e6040d1. Original report SummaryBoth ctypes and pydoc modules arent explictly blocked. Even other existing pickle scanning tools like...
NiceGUI apps are vulnerable to XSS which uses `ui.sub_pages` and render arbitrary user-provided links
SummaryAn unsafe implementation in the click event listener used by ui.subpages, combined with attacker-controlled link rendering on the page, causes an XSS when the user actively clicks on the link. Details1. On click, eventually subpagesnavigate event is...
AIOHTTP Vulnerable to Cookie Parser Warning Storm
SummaryReading multiple invalid cookies can lead to a logging storm. ImpactIf the cookies attribute is accessed in an application, then an attacker may be able to trigger a storm of warning-level logs using a specially crafted Cookie header.----Patch:...
records-mover Injection vulnerability
A weakness has been identified in bluelabsio records-mover up to 1.5.4. The affected element is an unknown function of the component Table Object Handler. This manipulation causes SQL Injection. The attack needs to be launched locally. Upgrading to version 1.6.0 is sufficient to fix this issue...
Bokeh server applications have Incomplete Origin Validation in WebSockets
This vulnerability allows for Cross-Site WebSocket Hijacking CSWSH of a deployed Bokeh server instance. ScopeThis vulnerability is only relevant to deployed Bokeh server instances. There is no impact on static HTML output, standalone embedded plots, or Jupyter notebook usage. This vulnerability...
loggingredactor converts non-string types to string types in logs
ImpactNon-string types are converted into string types, leading to type errors in %d conversions. PatchesThe problem has been patched in version 0.0.6. WorkaroundsNone without patching. ResourcesIssue report: https://github.com/armurox/loggingredactor/issues/7Release:...
MONAI has Path Traversal (Zip Slip) in NGC Private Bundle Download
SummaryA Path Traversal Zip Slip vulnerability exists in MONAI's downloadfromngcprivate function. The function uses zipfile.ZipFile.extractall without path validation, while other similar download functions in the same codebase properly use the existing safeextractmember function.This appears to ...
picklescan has Arbitrary file read using `io.FileIO`
SummaryUnsafe pickle deserialization allows unauthenticated attackers to read arbitrary server files and perform SSRF. By chaining io.FileIO and urllib.request.urlopen, an attacker can bypass RCE-focused blocklists to exfiltrate sensitive data example: /etc/passwd to an external server. DetailsTh...
Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API)
Impacturllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once.urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip,...
Parsl Monitoring Visualization Vulnerable to SQL Injection
Affected Product: Parsl Python Parallel Scripting LibraryComponent: parsl.monitoring.visualizationVulnerability Type: SQL Injection CWE-89Severity: High CVSS Rating Recommended: 7.5 - 8.6URL: https://github.com/Parsl/parsl/blob/master/parsl/monitoring/visualization/views.pySummaryA SQL Injection...
AIOHTTP vulnerable to denial of service through large payloads
SummaryA request can be crafted in such a way that an aiohttp server's memory fills up uncontrollably during processing. ImpactIf an application includes a handler that uses the Request.post method, an attacker may be able to freeze the server by exhausting the memory.-----Patch:...
AIOHTTP vulnerable to DoS through chunked messages
SummaryHandling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. ImpactIf an application makes use of the request.read method in an endpoint, it may be possible for an attacker to cause the server to spend a moderate amount of blocking CPU ti...
AIOHTTP has unicode match groups in regexes for ASCII protocol elements
SummaryThe parser allows non-ASCII decimals to be present in the Range header. ImpactThere is no known impact, but there is the possibility that there's a method to exploit a request smuggling vulnerability.----Patch:...
AIOHTTP's unicode processing of header values could cause parsing discrepancies
SummaryThe Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters. ImpactIf a pure Python version of aiohttp is installed i.e. without the usual C extensions or AIOHTTPNOEXTENSIONS is enabled, then an attacker may be able to execute a request smuggling...
AIOHTTP vulnerable to DoS when bypassing asserts
SummaryWhen assert statements are bypassed, an infinite loop can occur, resulting in a DoS attack when processing a POST body. ImpactIf optimisations are enabled -O or PYTHONOPTIMIZE=1, and the application includes a handler that uses the Request.post method, then an attacker may be able to execu...
Picklescan has Incomplete List of Disallowed Inputs
SummaryCurrently picklescanner only blocks some specific functions of the pydoc and operator modules. Attackers can use other functions within these allowed modules to go through undetected and achieve RCE on the final user. Particularly pydoc.locate: Can dynamically resolve and import arbitrary...
libsodium has Incomplete List of Disallowed Inputs
libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.This advisoory...
AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb
SummaryA zip bomb can be used to execute a DoS against the aiohttp server. ImpactAn attacker may be able to send a compressed request that when decompressed by aiohttp could exhaust the host's memory.------Patch: https://github.com/aio-libs/aiohttp/commit/2b920c39002cee0ec5b402581779bbaaf7c9138a...
Feast vulnerable to Deserialization of Untrusted Data
A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0, specifically in the Kubernetes materializer job located at feast/sdk/python/feast/infra/computeengines/kubernetes/main.py. The vulnerability arises from the use of yaml.load..., Loader=yaml.Loader to...
Picklescan Bypasses Unsafe Globals Check using pty.spawn
SummaryThe vulnerability allows malicious actors to bypass PickleScan's unsafe globals check, leading to potential arbitrary code execution. The issue stems from the absence of the pty library more specifically, of the pty.spawn function from PickleScan's list of unsafe globals. This vulnerabilit...
badkeys vulnerable to ASCII control character injection on console via malformed input
ImpactAn attacker may inject content with ASCII control characters like vertical tabs, ANSI escape sequences, etc., that can create misleading output of the badkeys command-line tool. This impacts scanning DKIM keys both --dkim and --dkim-dns, SSH keys --ssh-lines mode, and filenames in various...
Langflow Missing Authentication on Critical API Endpoints
SummaryMultiple critical API endpoints in Langflow are missing authentication controls, allowing any unauthenticated user to access sensitive user conversation data, transaction histories, and perform destructive operations including message deletion. This affects endpoints handling personal data...
lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()
SummaryAn insecure deserialization vulnerability exists in lmdeploy where torch.load is called without the weightsonly=True parameter when loading model checkpoint files. This allows an attacker to execute arbitrary code on the victim's machine when they load a malicious .bin or .pt model file.CW...
Picklescan does not block ctypes
SummaryPicklescan doesnt flag ctypes module as a dangerous module, which is a huge issue. ctypes is basically a foreign function interface library and can be used to Load DLLs Call C functions directly Manipulate memory raw pointers.This can allow attackers to achieve RCE by invoking direct...
Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran._eval_length
SummaryPicklescan uses the numpy.f2py.crackfortran.evallength function a NumPy F2PY helper to execute arbitrary Python code during unpickling. DetailsPicklescan fails to detect a malicious pickle that uses the gadget numpy.f2py.crackfortran.evallength in reduce, allowing arbitrary command executi...
filelock has a TOCTOU race condition which allows symlink attacks during lock file creation
ImpactA Time-of-Check-Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation where filelock checks if a file exists before opening it with OTRUNC. An attacke...
Langflow vulnerable to Server-Side Request Forgery
Vulnerability OverviewLangflow provides an API Request component that can issue arbitrary HTTP requests within a flow. This component takes a user-supplied URL, performs only normalization and basic format checks, and then sends the request using a server-side httpx client. It does not block...
mcp-server-git argument injection in git_diff and git_checkout functions allows overwriting local files
In mcp-server-git versions prior to 2025.12.18, the gitdiff and gitcheckout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values e.g., --output=/path/to/file for gitdiff would be interpreted as command-line options rather than git refs,...
mcp-server-git has missing path validation when using --repository flag
In mcp-server-git versions prior to 2025.12.18, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repopath arguments in subsequent tool calls were actually within that configured path. This could allow tool calls t...
FastAPI SSP is vulnerable to Cross-site Request Forgery (CSRF) through improper OAuth parameter validation
Versions of the package fastapi-sso before 0.19.0 are vulnerable to Cross-site Request Forgery CSRF due to the improper validation of the OAuth state parameter during the authentication callback. While the getloginurl method allows for state generation, it does not persist the state or bind it to...
pretix has Broken Access Control Allowing Cross-User File Access via UUID
An API endpoint allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only...
PyMdown Extensions has a ReDOS bug in its Figure Capture extension
ImpactThis issue describes a ReDOS bug found within the figure caption extension pymdownx.blocks.caption .In systems that take unchecked user content, this could cause long hangs when processing the data if a malicious payload was crafted. PatchesThis issue is patched in Release 10.16.1...
Weblate has an arbitrary file read via symbolic links
ImpactIt was possible to read arbitrary files from the server file system using crafted symbolic links in the repository. ResourcesThanks to Jason Marcello for responsible disclosure...
Fickling has missing detection for marshal.loads and types.FunctionType in unsafe modules list
Fickling AssessmentBased on the test case provided in the original report below, this bypass was caused by marshal and types missing from the block list of unsafe module imports, Fickling started blocking both modules to address this issue. This was fixed in...
LangGraph's SQLite is vulnerable to SQL injection via metadata filter key in SQLite checkpointer list method
ContextA SQL injection vulnerability exists in LangGraph's SQLite checkpoint implementation that allows attackers to manipulate SQL queries through metadata filter keys. This affects applications that accept untrusted metadata filter keys not just filter values in checkpoint search operations...
NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content
SummaryA Cross-Site Scripting XSS vulnerability exists in the ui.interactiveimage component of NiceGUI v3.3.1 and earlier. The component renders SVG content using Vue's v-html directive without any sanitization. This allows attackers to inject malicious HTML or JavaScript via the SVG tag...
NiceGUI has a path traversal in app.add_media_files() allows arbitrary file read
SummaryA directory traversal vulnerability in NiceGUI's App.addmediafiles allows a remote attacker to read arbitrary files on the server filesystem. DetailsHello, I am Seungbin Yang, a university student studying cybersecurity. While reviewing the source code of the repository, I discovered a...
open-webui is Vulnerable to Incorrect Access Control
open-webui v0.6.33 is vulnerable to Incorrect Access Control. The API /api/tasks/stop/ directly accesses and cancels tasks without verifying user ownership, enabling attackers a normal user to stop arbitrary LLM response tasks...