Lucene search
K

7035 matches found

PyPA
PyPA
added 2 days ago3 views

LiteLLM: Server-Side Template Injection in /prompts/test endpoint

ImpactThe POST /prompts/test endpoint accepted user-supplied prompt templates and rendered them without sandboxing. A crafted template could run arbitrary code inside the LiteLLM Proxy process.The endpoint only checks that the caller presents a valid proxy API key, so any authenticated user could...

8.8CVSS6.2AI score0.00373EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2 days ago4 views

Apache Airflow's authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop (HITL) and TaskInstance record

The authenticated /ui/dagsendpoint did not enforce per-DAG access control on embedded Human-in-the-Loop HITL and TaskInstance records: a logged-in Airflow user with read access to at least one DAG could retrieve HITL prompts including their request parameters and full TaskInstance details for DAG...

4.3CVSS6.1AI score0.00352EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago4 views

kaggle-mcp has a Path Traversal issue

A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerability affects the function preparekaggledataset of the file src/kagglemcp/server.py. The manipulation of the argument competitionid leads to path traversal. The attack is possible t...

7.5CVSS6.5AI score0.00411EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago3 views

AWS Encryption SDK for Python: Key commitment policy bypass via shared key cache

SummaryAWS Encryption SDK ESDK for Python is a client-side encryption library. An issue exists where, under certain circumstances, a specific cryptographic algorithm downgrade in the caching layer might allow an authenticated local threat actor to bypass key commitment policy enforcement via a...

5.7CVSS6.1AI score0.00096EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added 2 days ago3 views

AstrBot has Incomplete Filtering of Special Elements

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function createtemplate of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a template engine. The atta...

5.8CVSS5.8AI score0.00299EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago4 views

Wooey has an Incorrect Privilege Assignment issue

A vulnerability was determined in Wooey up to 0.13.2. The impacted element is the function addorupdatescript of the file wooey/api/scripts.py of the component API Endpoint. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has...

6.5CVSS6.2AI score0.00214EPSS
Exploits0References11Affected Software1
PyPA
PyPA
added 2 days ago3 views

pip has an interpretation conflict due to handling both concatenated tar and ZIP files as ZIP files

pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior only proceeds wit...

4.6CVSS6.5AI score0.00144EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago4 views

Poetry has Path Traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4

SummaryThe extractall function in src/poetry/utils/helpers.py:410-426 extracts sdist tarballs without path traversal protection on Python versions where tarfile.datafilter is unavailable. Considering only Python versions which are still supported by Poetry, these are 3.10.0 - 3.10.12 and 3.11.0 -...

8.7CVSS6.3AI score0.00294EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago4 views

verl's math_equal() Vulnerable to Arbitrary Code Execution via Unsafe eval()

A vulnerability was identified in ByteDance verl up to 0.7.1. Affected is the function mathequal of the file primemath/grader.py. The manipulation leads to a sandbox issue. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be...

6.3CVSS5.5AI score0.00333EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added 2 days ago5 views

InstructLab vulnerable to Path Traversal

A flaw was found in InstructLab. A local attacker could exploit a path traversal vulnerability in the chat session handler by manipulating the logsdir parameter. This allows the attacker to create new directories and write files to arbitrary locations on the system, potentially leading to...

7.1CVSS6.1AI score0.00164EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago3 views

LMDeploy has Server-Side Request Forgery (SSRF) via Vision-Language Image Loading

SummaryA Server-Side Request Forgery SSRF vulnerability exists in LMDeploy's vision-language module. The loadimage function in lmdeploy/vl/utils.py fetches arbitrary URLs without validating internal/private IP addresses, allowing attackers to access cloud metadata services, internal networks, and...

7.5CVSS6.3AI score0.4525EPSS
Exploits2References8Affected Software1
PyPA
PyPA
added 2 days ago3 views

InstructLab Includes Functionality from Untrusted Control Sphere

A flaw was found in InstructLab. The linuxtrain.py script hardcodes trustremotecode=True when loading models from HuggingFace. This allows a remote attacker to achieve arbitrary Python code execution by convincing a user to run ilab train/download/generate with a specially crafted malicious model...

8.8CVSS6.4AI score0.00417EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago3 views

Apache Airflow's asset dependency graph did not restrict nodes by the viewer's DAG read permissions

The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with read access to at least one DAG could browse the asset graph for any other asset in the deployment and learn the existence and names of DAGs and assets outside their authorized scope.Users are...

4.3CVSS6.1AI score0.00352EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago3 views

AgentScope vulnerable to Server-Side Request Forgery

A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the function processaudioblock of the file src/agentscope/agent/agentbase.py. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible to launch the attack...

7.5CVSS6.7AI score0.00284EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago4 views

Apache Doris MCP Server vulnerable to SQL Injection via improper query context neutralization

Apache Doris MCP Server versions prior to 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Versions 0.6.1...

5.3CVSS6.2AI score0.00655EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2 days ago3 views

RAGAS has SSRF via Multi-Modal Faithfulness Collections Module

A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affected element is the function tryprocesslocalfile/tryprocessurl of the file src/ragas/metrics/collections/multimodalfaithfulness/util.py of the component Collections Module. Performing a manipulation of the argument...

8.1CVSS6.3AI score0.00277EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago3 views

Langflow: DoS Through Lack of File Size Restriction via Deprecated Unauthenticated File Upload API

A security flaw has been discovered in langflow-ai langflow up to 1.1.0. This issue affects the function createuploadfile of the file src/backend/base/Langflow/api/v1/endpoints.py of the component API Endpoint. The manipulation results in unrestricted upload. It is possible to launch the attack...

7.5CVSS6.6AI score0.00284EPSS
Exploits0References10Affected Software1
PyPA
PyPA
added 2 days ago3 views

Langflow has an Information Leak through Incomplete API Key Redaction

A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function removeapikeys/hasapiterms of the file src/backend/base/langflow/api/utils/core.py of the component Flow Using API. This manipulation causes unprotected storage of credentials. The attack can be initiated...

5.1CVSS5.8AI score0.0032EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago4 views

Langflow: Cleartext Storage of Authentication Settings in Project Creation Endpoint

A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function createproject/encryptauthsettings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument authsetting...

5.3CVSS5.7AI score0.00152EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added 2 days ago3 views

AgentScope vulnerable to Server-Side Request Forgery

A security flaw has been discovered in modelscope agentscope up to 1.0.18. This affects the function getbytesfromweburl of the file src/agentscope/utils/common.py of the component Internal Service. Performing a manipulation results in server-side request forgery. It is possible to initiate the...

7.5CVSS6.6AI score0.00326EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago4 views

AgentScope vulnerable to Server-Side Request Forgery

A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the function parseurl/prepareimage/openaiaudiototext of the file src/agentscope/tool/multimodality/openaitools.py of the component Cloud Metadata Endpoint. Such manipulation of the argument...

7.5CVSS6.6AI score0.00284EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago4 views

AgentScope Vulnerable to Remote Code Injection

A vulnerability was determined in modelscope agentscope up to 1.0.18. Affected by this vulnerability is the function executepythoncode/executeshellcommand of the file src/AgentScope/tool/coding/python.py. This manipulation causes code injection. The attack is possible to be carried out remotely...

7.5CVSS6.6AI score0.00311EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago4 views

apache-airflow-providers-keycloak: Missing OAuth 2.0 State and PKCE Enables Login CSRF and Session Fixation

The Keycloak authentication manager in apache-airflow-providers-keycloak did not generate or validate the OAuth 2.0 state parameter on the login / login-callback flow, and did not use PKCE. An attacker with a Keycloak account in the same realm could deliver a crafted callback URL to a victim's...

5.4CVSS6.1AI score0.00328EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2 days ago3 views

FastChat has a Content Moderation Bypass via Arena Side-by-Side Views

A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function addtext of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was...

6.9CVSS5.9AI score0.00308EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added 2 days ago4 views

Langflow vulnerable to injection

A vulnerability was detected in langflow-ai langflow up to 1.8.3. The impacted element is the function getclientip/installmcpconfig of the file src/backend/base/langflow/api/v1/mcpprojects.py of the component Model Context Protocol Configuration API. Performing a manipulation of the argument...

6.5CVSS6.4AI score0.00232EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago2 views

FastChat has Denial of Service Through Blocking Event Loop in Model Workers (Incomplete Fix for ff66426)

A security vulnerability has been detected in lm-sys fastchat up to 0.2.36. This issue affects the function apigenerate of the component Worker API Endpoint. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed publicly and may be...

6.9CVSS5.7AI score0.00623EPSS
Exploits0References11Affected Software1
PyPA
PyPA
added 2 days ago4 views

Dagster Vulnerable to SQL Injection via Dynamic Partition Keys in Database I/O Manager Integrations

SummaryThe DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers constructed SQL WHERE clauses by interpolating dynamic partition key values into queries without escaping. A user with the Add Dynamic Partitions permission could create a partition key that injects arbitrary SQL, which would...

8.3CVSS6.3AI score0.00265EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2 days ago4 views

Apache Airflow allows code execution through crafted XCom payloads

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0,...

7.2CVSS6.3AI score0.00822EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago4 views

Dagster Vulnerable to SQL Injection via Dynamic Partition Keys in Database I/O Manager Integrations

SummaryThe DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers constructed SQL WHERE clauses by interpolating dynamic partition key values into queries without escaping. A user with the Add Dynamic Partitions permission could create a partition key that injects arbitrary SQL, which would...

8.3CVSS6.3AI score0.00265EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2 days ago4 views

Apache Airflow exposes SQL stack trace despite "api/expose_stack_traces" set to false

In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/exposestacktraces" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue...

7.5CVSS6.1AI score0.00449EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago3 views

Apache Airflow allows users with asset materialize permissions to trigger DAGs outside of their permissions

UI / API User with asset materialize permission could trigger dags they had no access to. Users are advised to migrate to Airflow version 3.2.0 that fixes the issue...

7.5CVSS6.1AI score0.00426EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2 days ago3 views

Dagster Vulnerable to SQL Injection via Dynamic Partition Keys in Database I/O Manager Integrations

SummaryThe DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers constructed SQL WHERE clauses by interpolating dynamic partition key values into queries without escaping. A user with the Add Dynamic Partitions permission could create a partition key that injects arbitrary SQL, which would...

8.3CVSS6.3AI score0.00265EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2 days ago4 views

Apache Airflow Exposes Secrets in Variables Saved as JSON Dictionaries

Secrets in Variables saved as JSON dictionaries were not properly redacted - in case the variables were retrieved by the user the secrets stored as nested fields were not masked.If developers do not store variables with sensitive values in JSON form, their projects are not affected. Otherwise...

3.7CVSS6.1AI score0.00421EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago3 views

Dagster Vulnerable to SQL Injection via Dynamic Partition Keys in Database I/O Manager Integrations

SummaryThe DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers constructed SQL WHERE clauses by interpolating dynamic partition key values into queries without escaping. A user with the Add Dynamic Partitions permission could create a partition key that injects arbitrary SQL, which would...

8.3CVSS6.3AI score0.00265EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2 days ago4 views

PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315)

The fix for CVE-2026-40315 added input validation to SQLiteConversationStore only. Nine sibling backends — MySQL, PostgreSQL, async SQLite/MySQL/PostgreSQL, Turso, SingleStore, Supabase, SurrealDB — pass tableprefix straight into f-string SQL. Same root cause, same code pattern, same exploitation...

9.8CVSS6.2AI score0.00347EPSS
Exploits2References5Affected Software1
PyPA
PyPA
added 2 days ago4 views

Home Assistant Command-line Interface: Handling of user-supplied Jinja2 templates

ImpactUp to 1.0.0 of home-assitant-cli or hass-cli for short an unrestricted environment was used to handle Jninja2 templates instead of a sandboxed one. The user-supplied input within Jinja2 templates was rendered locally with no restrictions. This gave users access to Python's internals and...

5.6CVSS6.5AI score0.00103EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago5 views

pypdf: Possible long runtimes for wrong size values in incremental mode

ImpactAn attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires loading a PDF with a large trailer /Size value in incremental mode. PatchesThis has been fixed in pypdf==6.10.2. WorkaroundsIf you cannot upgrade yet, consider applying the changes from PR 37...

6.8CVSS6AI score0.00214EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago3 views

pypdf: Manipulated FlateDecode image dimensions can exhaust RAM

ImpactAn attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing an image using /FlateDecode with large size values. PatchesThis has been fixed in pypdf==6.10.2. WorkaroundsIf you cannot upgrade yet, consider applying the changes from P...

6.8CVSS6AI score0.00226EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago3 views

PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315)

The fix for CVE-2026-40315 added input validation to SQLiteConversationStore only. Nine sibling backends — MySQL, PostgreSQL, async SQLite/MySQL/PostgreSQL, Turso, SingleStore, Supabase, SurrealDB — pass tableprefix straight into f-string SQL. Same root cause, same code pattern, same exploitation...

9.8CVSS6.2AI score0.00347EPSS
Exploits2References5Affected Software1
PyPA
PyPA
added 2 days ago4 views

Neo4j Labs MCP Servers: SSRF and Data Modification via read_only Mode Bypass Through CALL Procedures

SummaryThe readonly mode in mcp-neo4j-cypher versions prior to 0.6.0 can be bypassed using CALL procedures. Details ImpactThe enforcing of readonly mode in vulnerable versions could be bypassed by certain APOC procedures. Patchesv0.6.0 release hardened the checks around the mode. The only way to...

2.3CVSS6.1AI score0.00264EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago3 views

Dagster Vulnerable to SQL Injection via Dynamic Partition Keys in Database I/O Manager Integrations

SummaryThe DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers constructed SQL WHERE clauses by interpolating dynamic partition key values into queries without escaping. A user with the Add Dynamic Partitions permission could create a partition key that injects arbitrary SQL, which would...

8.3CVSS6.3AI score0.00265EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2 days ago4 views

Dagster Vulnerable to SQL Injection via Dynamic Partition Keys in Database I/O Manager Integrations

SummaryThe DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers constructed SQL WHERE clauses by interpolating dynamic partition key values into queries without escaping. A user with the Add Dynamic Partitions permission could create a partition key that injects arbitrary SQL, which would...

8.3CVSS6.3AI score0.00265EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2 days ago2 views

pypdf: Manipulated FlateDecode predictor parameters can exhaust RAM

ImpactAn attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing a stream compressed using /FlateDecode with a /Predictor unequal 1 and large predictor parameters. PatchesThis has been fixed in pypdf==6.10.2. WorkaroundsIf you cannot...

6.8CVSS6AI score0.00226EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago3 views

wger has Stored XSS via Unescaped License Attribution Fields

Stored XSS via Unescaped License Attribution Fields SummaryThe AbstractLicenseModel.attributionlink property in wger/utils/models.py constructs HTML strings by directly interpolating user-controlled fields licenseauthor, licensetitle, licenseobjecturl, licenseauthorurl, licensederivativesourceurl...

5.4CVSS6.2AI score0.00207EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2 days ago3 views

UEFI Firmware Parser has a heap out-of-bounds write in tiano decompressor ReadCLen

uefi-firmware contains a heap out-of-bounds write vulnerability in the native tiano/EFI decompressor. in uefifirmware/compression/Tiano/Decompress.c, ReadCLen reads Number = GetBitsSd, CBIT with CBIT = 9, so Number can be as large as 511, while the destination array Sd-mCLen has NC = 510 elements...

9.8CVSS7AI score
Exploits0References7Affected Software1
PyPA
PyPA
added 2 days ago3 views

UEFI Firmware Parser has a stack out-of-bounds write in tiano decompressor MakeTable

uefi-firmware contains a stack out-of-bounds write vulnerability in the native tiano/EFI decompressor. in uefifirmware/compression/Tiano/Decompress.c, MakeTable does not validate that bit-length values read from the compressed bitstream are within the expected range 0..16. a crafted firmware blob...

9.8CVSS6.4AI score
Exploits0References7Affected Software1
PyPA
PyPA
added 2 days ago4 views

LangSmith SDK: Streaming token events bypass output redaction

SummaryThe LangSmith SDK's output redaction controls hideOutputs in JS, hideoutputs in Python do not apply to streaming token events. When an LLM run produces streaming output, each chunk is recorded as a newtoken event containing the raw token value. These events bypass the redaction pipeline...

5.3CVSS6.1AI score0.00214EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2 days ago4 views

Apache Airflow: RCE by race condition in example_xcom dag

The example examplexcomthat was included in airflow documentation implemented unsafe pattern of reading valuefrom xcom in the way that could be exploited to allow UI user who had access to modify XComs to perform arbitraryexecution of code on the worker. Since the UI users are already highly...

8.1CVSS6.2AI score0.00579EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2 days ago3 views

Apache Airflow: JWT token appearing in logs

JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors. Users are advised to upgrade to Airflow version that contains fix.Users are recommended to upgrade to version 3.2.0, which fixes this issue...

7.5CVSS6.1AI score0.00739EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added 2 days ago4 views

wger has Broken Access Control in Global Gym Configuration Update Endpoint

Summarywger exposes a global configuration edit endpoint at /config/gym-config/edit implemented by GymConfigUpdateView. The view declares permissionrequired = 'config.changegymconfig' but does not enforce it because it inherits WgerFormMixin ownership-only checks instead of the project’s...

7.6CVSS6.1AI score0.00333EPSS
Exploits1References7Affected Software1
Total number of security vulnerabilities7035