Lucene search
K

7035 matches found

PyPA
PyPA
added yesterday4 views

python-multipart affected by Denial of Service via large multipart preamble or epilogue data

SummaryA denial of service vulnerability exists when parsing crafted multipart/form-data requests with large preamble or epilogue sections. DetailsTwo inefficient multipart parsing paths could be abused with attacker-controlled input.Before the first multipart boundary, the parser handled leading...

5.3CVSS6.1AI score0.00351EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added yesterday3 views

UEFI Firmware Parser has a heap out-of-bounds write in tiano decompressor ReadCLen

uefi-firmware contains a heap out-of-bounds write vulnerability in the native tiano/EFI decompressor. in uefifirmware/compression/Tiano/Decompress.c, ReadCLen reads Number = GetBitsSd, CBIT with CBIT = 9, so Number can be as large as 511, while the destination array Sd-mCLen has NC = 510 elements...

9.8CVSS7AI score
Exploits0References7Affected Software1
PyPA
PyPA
added yesterday4 views

Keras has an untrusted deserialization vulnerability

A vulnerability in the TFSMLayer class of the keras package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of .keras models, even when safemode=True. This bypasses the security guarantees of safemode and enables arbitrary attacker-controlled...

8.8CVSS7.3AI score0.00363EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added yesterday4 views

OpenStack Keystone: LDAP identity backend does not convert enabled attribute to boolean

In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the userenabledinvert configuration option is False the default. The ldaprestomodel method in the UserApi class only performed string-to-boolean conversion when...

7.7CVSS6.1AI score0.00317EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added yesterday4 views

Giskard has a Regular Expression Denial of Service (ReDoS) in RegexMatching Check

SummaryThe RegexMatching check in the giskard-checks package passes a user-supplied regular expression pattern directly to Python's re.search without any timeout, complexity guard, or pattern validation. An attacker who can control the regex pattern or the text being matched can craft inputs that...

5.5CVSS6.2AI score0.00149EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added yesterday3 views

MetaGPT has an eval injection in metagpt/strategy/tot.py

A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function generatethoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is...

9.8CVSS6.5AI score0.00409EPSS
Exploits1References9Affected Software1
PyPA
PyPA
added yesterday3 views

Giskard has Unsandboxed Jinja2 Template Rendering in ConformityCheck

Summary The ConformityCheck class in giskard-checks rendered the rule parameter through Jinja2's default Template constructor. Because the rule string is silently interpreted as a Jinja2 template, a developer may not realize that template expressions embedded in rule definitions are evaluated at...

7.8CVSS6.2AI score0.00144EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added yesterday4 views

MetaGPT affected by server-side request forgery in metagpt/utils/common.py

A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.2. This impacts the function decodeimage of the file metagpt/utils/common.py. The manipulation of the argument imgurlorb64 results in server-side request forgery. It is possible to launch the attack remotely. The exploit ha...

6.5CVSS6.4AI score0.00263EPSS
Exploits1References9Affected Software1
PyPA
PyPA
added yesterday4 views

ajenti.plugin.core has race conditions in 2FA

ImpactIf the 2FA was activated, it was possible during a short moment after the authentication of an user to bypass its authentication. PatchesThis is fixed in the version 0.112. Users should upgrade to this version as soon as possible...

9.1CVSS6.1AI score0.00232EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday3 views

pypdf: Manipulated XMP metadata entity declarations can exhaust RAM

ImpactAn attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. PatchesThis has been fixed in pypdf==6.10.0. WorkaroundsIf you cannot upgrade yet, consider applying the changes from PR 3724...

6.9CVSS6AI score0.00423EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added yesterday3 views

pypdf has long runtimes for wrong size values in cross-reference and object streams

ImpactAn attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large /Size values or object streams with wrong large /N values. PatchesThis has been fixed in pypdf==6.10.1. WorkaroundsIf you cannot upgrade yet, consider...

6.9CVSS6AI score0.00297EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added yesterday3 views

pyLoad has Stale Session Privilege After Role/Permission Change (Privilege Revocation Bypass)

SummarypyLoad caches role and permission in the session at login and continues to authorize requests using these cached values, even after an admin changes the user's role/permissions in the database.As a result, an already logged-in user can keep old revoked privileges until logout/session expir...

8.8CVSS7AI score0.00325EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added yesterday4 views

MetaGPT has an eval injection via a cross-site request forgery attack

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.2. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the component Mineflayer HTTP API. Executing a manipulation can lead to cross-site request forgery. The attack...

8.8CVSS5.7AI score0.00224EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added yesterday6 views

Apache Airlfow: Sensitive Azure Service Bus connection string (and possibly other providers) exposed to users with view access

The accesskey and connectionstring connection properties were not marked as sensitive names in secrets masker. This means that user with read permission could see the values in Connection UI, as well as when Connection was accidently logged to logs, those values could be seen in the logs. Azure...

6.5CVSS6.1AI score0.00552EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added yesterday5 views

PraisonAI Vulnerable to RCE via Automatic tools.py Import

PraisonAI automatically imports ./tools.py from the current working directory when launching certain components. This includes call.py, toolresolver.py, and CLI tool-loading paths.A malicious tools.py placed in the process working directory is executed immediately, allowing arbitrary Python code...

8.4CVSS6.5AI score0.00246EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added yesterday3 views

Bugsink affected by authenticated arbitrary file write in artifactbundle/assemble

Authenticated arbitrary file write in artifact bundle assembly SummaryAn authenticated file write vulnerability was identified in Bugsink 2.1.0 in the artifact bundle assembly flow.A user with a valid authentication token could cause the application to write attacker-controlled content to a...

7.1CVSS6.4AI score0.00299EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added yesterday3 views

PraisonAI Vulnerable to RCE via Automatic tools.py Import

PraisonAI automatically imports ./tools.py from the current working directory when launching certain components. This includes call.py, toolresolver.py, and CLI tool-loading paths.A malicious tools.py placed in the process working directory is executed immediately, allowing arbitrary Python code...

8.4CVSS6.5AI score0.00246EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added yesterday3 views

PraisonAI: SQLiteConversationStore didn't validate table_prefix when constructing SQL queries

SummaryThe tableprefix configuration value is directly used to construct SQL table identifiers without validation.If an attacker controls this value, they can manipulate SQL query structure, leading to unauthorized data access e.g., reading internal SQLite tables such as sqlitemaster and tamperin...

9.8CVSS6.2AI score0.00297EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added yesterday3 views

PraisonAI Vulnerable to Server-Side Request Forgery via Unvalidated webhook_url in Jobs API

SummaryThe /api/v1/runs endpoint accepts an arbitrary webhookurl in the request body with no URL validation. When a submitted job completes success or failure, the server makes an HTTP POST request to this URL using httpx.AsyncClient. An unauthenticated attacker can use this to make the server se...

10CVSS6.3AI score0.0028EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added yesterday4 views

PraisonAI Vulnerable to Sensitive Environment Variable Exposure via Untrusted MCP Subprocess Execution

PraisonAI’s MCP Model Context Protocol integration allows spawning background servers via stdio using user-supplied command strings e.g., MCP"npx -y @smithery/cli ...". These commands are executed through Python’s subprocess module. By default, the implementation forwards the entire parent proces...

5.5CVSS6.3AI score0.00182EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added yesterday4 views

PraisonAIAgents: SSRF via unvalidated URL in `web_crawl` httpx fallback

| Field | Value ||---|---|| Severity | High || Type | SSRF -- unvalidated URL in webcrawl httpx fallback allows internal network access || Affected | src/praisonai-agents/praisonaiagents/tools/webcrawltools.py:133-180 | Summarywebcrawl's httpx fallback path passes user-supplied URLs directly to...

7.1CVSS6.1AI score0.00281EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added yesterday6 views

PraisonAI: Coarse-Grained Tool Approval Cache Bypasses Per-Invocation Consent for Shell Commands

SummaryThe approval system in PraisonAI Agents caches tool approval decisions by tool name only, not by invocation arguments. Once a user approves executecommand for any command e.g., ls -la, all subsequent executecommand calls in that execution context bypass the approval prompt entirely. Combin...

6.8CVSS6.3AI score0.00116EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added yesterday4 views

PraisonAI: Unauthenticated Allow-List Manipulation Bypasses Agent Tool Approval Safety Controls

SummaryThe gateway's /api/approval/allow-list endpoint permits unauthenticated modification of the tool approval allowlist when no authtoken is configured the default. By adding dangerous tool names e.g., shellexec, filewrite to the allowlist, an attacker can cause the ExecApprovalManager to...

7.9CVSS6.3AI score0.00227EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added yesterday4 views

PraisonAIAgents: Environment Variable Secret Exfiltration via os.path.expandvars() Bypassing shell=False in Shell Tool

SummaryThe executecommand function in shelltools.py calls os.path.expandvars on every command argument at line 64, manually re-implementing shell-level environment variable expansion despite using shell=False line 88 for security. This allows exfiltration of secrets stored in environment variable...

7.4CVSS6.4AI score0.00273EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added yesterday4 views

PraisonAI: Unauthenticated Information Disclosure of Agent Instructions via /api/agents in AgentOS

SummaryThe AgentOS deployment platform exposes a GET /api/agents endpoint that returns agent names, roles, and the first 100 characters of agent system instructions to any unauthenticated caller. The AgentOS FastAPI application has no authentication middleware, no API key validation, and defaults...

5.3CVSS6.1AI score0.00758EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added yesterday2 views

PraisonAI Vulnerable to Code Injection and Protection Mechanism Failure

PraisonAI's AST-based Python sandbox can be bypassed using type.getattribute trampoline, allowing arbitrary code execution when running untrusted agent code. DescriptionThe executecodedirect function in praisonaiagents/tools/pythontools.py uses AST filtering to block dangerous Python attributes...

8.6CVSS6.6AI score0.0024EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added yesterday5 views

PraisonAI Vulnerable to Implicit Execution of Arbitrary Code via Automatic `tools.py` Loading

PraisonAI automatically loads a file named tools.py from the current working directory to discover and register custom agent tools. This loading process uses importlib.util.specfromfilelocation and immediately executes module-level code via spec.loader.execmodule without explicit user consent,...

7.8CVSS6.6AI score0.00209EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added yesterday4 views

PraisonAIAgents has SSRF and Local File Read via Unvalidated URLs in web_crawl Tool

SummaryThe webcrawl function in praisonaiagents/tools/webcrawltools.py accepts arbitrary URLs from AI agents with zero validation. No scheme allowlisting, hostname/IP blocklisting, or private network checks are applied before fetching. This allows an attacker or prompt injection in crawled conten...

7.7CVSS6.2AI score0.00269EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added yesterday3 views

PraisonAI Vulnerable to Decompression Bomb DoS via Recipe Bundle Extraction Without Size Limits

SummaryThe safeextractall function in PraisonAI's recipe registry validates archive members against path traversal attacks but performs no checks on individual member sizes, cumulative extracted size, or member count before calling tar.extractall. An attacker can publish a malicious recipe bundle...

6.5CVSS6.2AI score0.00243EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added yesterday3 views

PraisonAIAgents: Path Traversal via Unvalidated Glob Pattern in list_files Bypasses Workspace Boundary

SummaryThe listfiles tool in FileTools validates the directory parameter against workspace boundaries via validatepath, but passes the pattern parameter directly to Path.glob without any validation. Since Python's Path.glob supports .. path segments, an attacker can use relative path traversal in...

5.3CVSS6.2AI score0.00311EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added yesterday4 views

PraisonAIAgents: Arbitrary File Read via read_skill_file Missing Workspace Boundary and Approval Gate

Summaryreadskillfile in skilltools.py allows reading arbitrary files from the filesystem by accepting an unrestricted skillpath parameter. Unlike filetools.readfile which enforces workspace boundary confinement, and unlike runskillscript which requires critical-level approval, readskillfile has...

7.5CVSS6.2AI score0.00234EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added yesterday4 views

PraisonAI has Unrestricted Upload Size in WSGI Recipe Registry Server that Enables Memory Exhaustion DoS

SummaryThe WSGI-based recipe registry server server.py reads the entire HTTP request body into memory based on the client-supplied Content-Length header with no upper bound. Combined with authentication being disabled by default no token configured, any local process can send arbitrarily large PO...

7.5CVSS6.2AI score0.00334EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added yesterday4 views

PraisonAI has Template Injection in Agent Tool Definitions

SummaryDirect insertion of unescaped user input into template-rendering tools allows arbitrary code execution via specially crafted agent instructions. DetailsThe createagentcentrictools function returns tools like acpcreatefile that process file content using template rendering. When user input...

8.8CVSS6.6AI score0.00558EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added yesterday4 views

FoundationAgents MetaGPT vulnerable to eval injection

A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xmlfill of the file metagpt/actions/actionnode.py of the component XML Handler. Executing a manipulation can lead to improper neutralization of directives in dynamically evaluated cod...

9.8CVSS6.5AI score0.00387EPSS
Exploits1References9Affected Software1
PyPA
PyPA
added yesterday3 views

FoundationAgents MetaGPT vulnerable to OS Command Injection in metagpt/tools/libs/terminal.py

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The affected element is the function Bash.run in the library metagpt/tools/libs/terminal.py. This manipulation causes os command injection. The attack is possible to be carried out remotely. The project was informed of the...

9.8CVSS6.8AI score0.02241EPSS
Exploits1References9Affected Software1
PyPA
PyPA
added yesterday4 views

FoundationAgents MetaGPT vulnerable to OS Command Injection in metagpt/utils/common.py

A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function getmimetype of the file metagpt/utils/common.py. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. The project was...

9.8CVSS6.6AI score0.02283EPSS
Exploits1References9Affected Software1
PyPA
PyPA
added yesterday4 views

FoundationAgents MetaGPT vulnerable to os command injection via the Terminal.run_command

A vulnerability has been found in FoundationAgents MetaGPT up to 0.8.1. This issue affects the function Terminal.runcommand in the library metagpt/tools/libs/terminal.py. The manipulation leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed ...

9.8CVSS6.2AI score0.02328EPSS
Exploits1References9Affected Software1
PyPA
PyPA
added yesterday4 views

MetaGPT has an Injection issue

A vulnerability was detected in FoundationAgents MetaGPT up to 0.8.1. This affects the function checksolution of the component HumanEvalBenchmark/MBPPBenchmark. Performing a manipulation results in code injection. The attack may be initiated remotely. The exploit is now public and may be used. Th...

9.8CVSS6.7AI score0.00387EPSS
Exploits1References9Affected Software1
PyPA
PyPA
added yesterday4 views

PraisonAI has Memory State Leakage and Path Traversal in MultiAgent Context Handling

SummaryThe MultiAgentLedger and MultiAgentMonitor components in the provided code exhibit vulnerabilities that can lead to context leakage and arbitrary file operations. Specifically:1. Memory State Leakage via Agent ID Collision: The MultiAgentLedger uses a dictionary to store ledgers by agent I...

8.8CVSS6.6AI score0.00687EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added yesterday4 views

PraisonAI: Unauthenticated WebSocket Endpoint Proxies to Paid OpenAI Realtime API Without Rate Limits

SummaryThe /media-stream WebSocket endpoint in PraisonAI's call module accepts connections from any client without authentication or Twilio signature validation. Each connection opens an authenticated session to OpenAI's Realtime API using the server's API key. There are no limits on concurrent...

7.5CVSS6.1AI score0.00372EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added yesterday4 views

LangChain has incomplete f-string validation in prompt templates

LangChain's f-string prompt-template validation was incomplete in two respects.First, some prompt template classes accepted f-string templates and formatted them without enforcing the same attribute-access validation as PromptTemplate. In particular, DictPromptTemplate and ImagePromptTemplate cou...

5.3CVSS6.2AI score0.00262EPSS
Exploits0References11Affected Software1
PyPA
PyPA
added yesterday3 views

PraisonAI Vulnerable to Argument Injection into Cloud Run Environment Variables via Unsanitized Comma in gcloud --set-env-vars

Summarydeploy.py constructs a single comma-delimited string for the gcloud rundeploy --set-env-vars argument by directly interpolating openaimodel,openaikey, and openaibase without validating that these values do notcontain commas. gcloud uses a comma as the key-value pair separator...

8.4CVSS6.2AI score0.00231EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added yesterday4 views

PraisonAI Vulnerable to Stored XSS via Unsanitized Agent Output in HTML Rendering (nh3 Not a Required Dependency)

SummaryThe Flask API endpoint in src/praisonai/api.py renders agent output as HTML without effective sanitization. The sanitizehtml function relies on the nh3 library, which is not listed as a required or optional dependency in pyproject.toml. When nh3 is absent the default installation, the...

6.1CVSS6.2AI score0.00216EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added yesterday3 views

PraisonAI Has Unauthenticated SSE Event Stream that Exposes All Agent Activity in A2U Server

The A2U Agent-to-User event stream server in PraisonAI exposes all agent activity without authentication. This is a separate component from the gateway server fixed in CVE-2026-34952.The createa2uroutes function registers the following endpoints with NO authentication checks:- GET /a2u/info —...

7.5CVSS6.1AI score0.00425EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added yesterday4 views

OpenEXR: DWA Lossy Decoder Heap Out-of-Bounds Write

SummaryThe DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. For a large enough width, the calculation overflows and later decoder stores operate on a wrapped pointer outside the allocated rowBlock backing store.This bug is reachable from the publ...

8.8CVSS6.2AI score0.00419EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added yesterday3 views

PraisonAI recipe registry publish path traversal allows out-of-root file write

SummaryPraisonAI's recipe registry publish endpoint writes uploaded recipe bundles to a filesystem path derived from the bundle's internal manifest.json before it verifies that the manifest name and version match the HTTP route. A malicious publisher can place ../ traversal sequences in the bundl...

7.1CVSS6.2AI score0.00334EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added yesterday3 views

Lupa has a Sandbox escape and RCE due to incomplete attribute_filter enforcement in getattr / setattr

SummaryThe attributefilter in the Lupa library is intended to restrict access to sensitive Python attributes when exposing objects to Lua.However, the filter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to...

10CVSS6.5AI score0.00613EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added yesterday4 views

OpenViking contains a missing authorization vulnerability in the task polling endpoints

OpenViking versions prior to 0.3.3 contain a missing authorization vulnerability in the task polling endpoints that allows unauthorized attackers to enumerate or retrieve background task metadata created by other users. Attackers can access the /api/v1/tasks and /api/v1/tasks/taskid routes withou...

6.9CVSS6.1AI score0.00384EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added yesterday4 views

rfc3161-client Has Improper Certificate Validation

SummaryAn Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw in how the library extracts the leaf certificate from an unordered PKCS7 bag of certificates, an attacker can...

7.5CVSS6.1AI score0.00188EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added yesterday5 views

pyload-ng has a WebUI JSON permission mismatch that lets ADD/DELETE users invoke MODIFY-only actions

SummarySeveral WebUI JSON endpoints enforce weaker permissions than the core API methods they invoke. This allows authenticated low-privileged users to execute MODIFY operations that should be denied by pyLoad's own permission model.Confirmed mismatches:- ADD user can reorder packages/files...

5.4CVSS6.3AI score0.00219EPSS
Exploits1References5Affected Software1
Total number of security vulnerabilities7035