Lucene search
K

7035 matches found

PyPA
PyPA
added 2 days ago5 views

pyload-ng has a WebUI JSON permission mismatch that lets ADD/DELETE users invoke MODIFY-only actions

SummarySeveral WebUI JSON endpoints enforce weaker permissions than the core API methods they invoke. This allows authenticated low-privileged users to execute MODIFY operations that should be denied by pyLoad's own permission model.Confirmed mismatches:- ADD user can reorder packages/files...

5.4CVSS6.3AI score0.00219EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2 days ago3 views

parisneo/lollms has an insufficient session expiration vulnerability

An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms. The application fails to invalidate active sessions after a password reset, allowing an attacker to continue using an old session token. This issue arises due to the absence of logic to reject reques...

4.1CVSS6.1AI score0.0021EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2 days ago3 views

stata-mcp has insufficient validation of user-supplied Stata do-file content that can lead to command execution

A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-supplied Stata do-file content can lead to command execution...

9.8CVSS6.1AI score0.00557EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago3 views

OpenEXR has a signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write

Summaryinternalexrundopiz advances the working wavelet pointer with signed 32-bit arithmetic:cwavbuf += nx ny wcount;Because nx, ny, and wcount are int, a crafted EXR file can make this product overflow and wrap. The next channel then decodes from an incorrect address. The wavelet decode path...

8.8CVSS7AI score0.00482EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added 2 days ago4 views

pyLoad: Unprotected storage_folder enables arbitrary file write to Flask session store and code execution (Incomplete fix for CVE-2026-33509)

SummaryThe fix for CVE-2026-33509 GHSA-r7mc-x6x7-cqxx added an ADMINONLYOPTIONS set to block non-admin users from modifying security-critical config options. The storagefolder option is not in this set and passes the existing path restriction because the Flask session directory is outside both...

8.8CVSS6.5AI score0.00529EPSS
Exploits2References9Affected Software1
PyPA
PyPA
added 2 days ago6 views

OpenEXR has use after free in PyObject_StealAttrString

SummaryThere is a use-after-free in PyObjectStealAttrString of pyOpenEXRold.cpp.This bug was found with ZeroPath. DetailsThe legacy adapter defines PyObjectStealAttrString that calls PyObjectGetAttrString to obtain a new reference, immediately decrefs it, and returns the pointer. Callers then pas...

7.5CVSS6.9AI score0.00294EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2 days ago3 views

PyBlade: SSTI/RCE via Bypassed AST Validation in sandbox.py

A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha. The affected element is the function issafeast of the file sandbox.py of the component AST Validation. Such manipulation leads to improper neutralization of special elements used in a template engine. The attack may...

6.5CVSS6AI score0.00314EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added 2 days ago4 views

OpenEXR Makes Use of Uninitialized Memory

SummaryWhile fuzzing openexrexrcheckfuzzer, Valgrind reports a conditional branch depending on uninitialized data inside genericunpack. This indicates a use of uninitialized memory CWE-457. The issue is reproducible with the current OSS-Fuzz harness and a single-file PoC. DetailsEnvironment:-...

7.5CVSS7AI score0.00373EPSS
Exploits1References10Affected Software1
PyPA
PyPA
added 2 days ago4 views

OpenEXR has heap-buffer-overflow via signed integer underflow in ImfContextInit.cpp

SummaryA heap-buffer-overflow OOB read occurs in the istreamnonparallelread function in ImfContextInit.cpp when parsing a malformed EXR file through a memory-mapped IStream. A signed integer subtraction produces a negative value that is implicitly converted to sizet, resulting in a massive length...

6.5CVSS6.1AI score0.00523EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2 days ago4 views

kedro-datasets has a path traversal vulnerability in PartitionedDataset that allows arbitrary file write

ImpactPartitionedDataset in kedro-datasets was vulnerable to path traversal. Partition IDs were concatenated directly with the dataset base path without validation. An attacker or malicious input containing .. components in a partition ID could cause files to be written outside the configured...

6.5CVSS6.1AI score0.00427EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added 2 days ago4 views

PraisonAI Has Arbitrary File Write (Zip Slip) in Templates Extraction

The PraisonAI templates installation feature is vulnerable to a "Zip Slip" Arbitrary File Write attack. When downloading and extracting template archives from external sources e.g., GitHub, the application uses Python's zipfile.extractall without verifying if the files within the archive resolve...

8.1CVSS6.3AI score0.00314EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2 days ago3 views

PraisonAI recipe registry pull path traversal writes files outside the chosen output directory

SummaryPraisonAI's recipe registry pull flow extracts attacker-controlled .praison tar archives with tar.extractall and does not validate archive member paths before extraction. A malicious publisher can upload a recipe bundle that contains ../ traversal entries and any user who later pulls that...

7.3CVSS6.2AI score0.00291EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2 days ago2 views

OpenEXR has buffer overflow in PyOpenEXR_old's channels() and channel()

SummaryA memory safety bug in the legacy OpenEXR Python adapter the deprecated OpenEXR.InputFile wrapper allow crashes and likely code execution when opening attacker-controlled EXR files or when passing crafted Python objects.Integer overflow and unchecked allocation in InputFile.channel and...

7.8CVSS7.2AI score0.00237EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2 days ago5 views

LiteLLM: Privilege escalation via unrestricted proxy configuration endpoint

ImpactThe /config/update endpoint does not enforce admin role authorization. A user who is already authenticated into the platform can then use this endpoint to do the following: - Modify proxy configuration and environment variables - Register custom pass-through endpoint handlers pointing to...

8.8CVSS6.5AI score0.26409EPSS
Exploits2References6Affected Software1
PyPA
PyPA
added 2 days ago3 views

LTI JupyterHub Authenticator: Unbounded Memory Growth via Nonce Storage (Denial of Service)

SummaryThe LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so an attacker with knowledge of a valid consumer key can send repeated requests with unique nonces to gradually exhaust server memory, causing a...

5.9CVSS6.1AI score0.00329EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago4 views

web3.py: SSRF via CCIP Read (EIP-3668) OffchainLookup URL handling

Summaryweb3.py implements CCIP Read / OffchainLookup EIP-3668 by performing HTTP requests to URLs supplied by smart contracts in offchainlookuppayload"urls". The implementation uses these contract-supplied URLs directly after sender / data template substitution without any destination validation:...

7.2CVSS6.2AI score0.00228EPSS
Exploits2References6Affected Software1
PyPA
PyPA
added 2 days ago4 views

vLLM: Server-Side Request Forgery (SSRF) in `download_bytes_from_url `

SummaryA Server Side Request Forgery SSRF vulnerability in downloadbytesfromurl allows any actor who can control batch input JSON to make the vLLM batch runner issue arbitrary HTTP/HTTPS requests from the server, without any URL validation or domain restrictions.This can be used to target interna...

5.4CVSS6.1AI score0.00246EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2 days ago4 views

LightRAG: Hardcoded JWT Signing Secret Allows Authentication Bypass

Subject: Security Vulnerability Report Hardcoded JWT Secret CVE-2026-30762Hi HKUDS team,I'm writing to report a security vulnerability I discovered in LightRAG v1.4.10. This has been assigned CVE-2026-30762 by MITRE.Vulnerability: Hardcoded JWT signing secretType: Improper Authentication...

7.5CVSS6.1AI score0.0012EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2 days ago3 views

curl_cffi: Redirect-based SSRF leads to internal network access in curl_cffi (with TLS impersonation bypass)

Summarycurlcffi does not restrict requests to internal IP ranges, and follows redirects automatically via the underlying libcurl.Because of this, an attacker-controlled URL can redirect requests to internal services such as cloud metadata endpoints. In addition, curlcffi’s TLS impersonation featu...

8.6CVSS6.1AI score0.00463EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2 days ago4 views

pyLoad: SSRF in parse_urls API endpoint via unvalidated URL parameter

Vulnerability DetailsCWE-918: Server-Side Request Forgery SSRFThe parseurls API function in src/pyload/core/api/init.py line 556 fetches arbitrary URLs server-side via geturlurl pycurl without any URL validation, protocol restriction, or IP blacklist. An authenticated user with ADD permission can...

7.7CVSS6.2AI score0.00269EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2 days ago3 views

D-Tale: Remote Code Execution through redis/shelf storage

ImpactUsers hosting D-Tale publicly while using a redis or shelf storage layer could be vulnerable to remote code execution allowing attackers to run malicious code on the server. PatchesUsers should upgrade to version 3.22.0. WorkaroundsThere are no workarounds for versions 3.22.0...

9.8CVSS6.5AI score0.00622EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2 days ago3 views

OpenEXR: Heap information disclosure in PXR24 decompression via unchecked decompressed size (undo_pxr24_impl)

SummaryThe PXR24 decompression function undopxr24impl in OpenEXR internalpxr24.c ignores the actual decompressed size outSize returned by exruncompressbuffer and instead reads from the scratch buffer based solely on the expected size uncompressedsize derived from the header metadata.Additionally,...

8.7CVSS6.2AI score0.00482EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2 days ago3 views

OpenEXR: integer overflow to OOB write in uncompress_b44_impl()

SummaryThe B44/B44A decoder in OpenEXR reconstructs row pointers into a scratch buffer using int. When the channel width nx is large enough, the product y nx overflows int, causing the row pointer to wrap before the start of the scratch buffer. Subsequent memcpy calls then write decoded pixel...

8.4CVSS7AI score0.00244EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2 days ago3 views

Ajenti has an authorization bypass during custom package installation

ImpactAn authenticated user using the authusers plugin authentication method could install a custom package even if this user is not superuser. PatchesThis is fixed in the version 2.2.15. Users should upgrade to this version as soon as possible...

7.2CVSS6.1AI score0.00266EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago4 views

PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution

Summaryrunpython in praisonai constructs a shell command string by interpolating user-controlled code into python3 -c "" and passing it to subprocess.run..., shell=True. The escaping logic only handles \ and ", leaving $ and backtick substitutions unescaped, allowing arbitrary OS command executio...

9.8CVSS6.3AI score0.00545EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2 days ago4 views

FastMCP: Missing Consent Verification in OAuth Proxy Callback Facilitates Confused Deputy Vulnerabilities

SummaryWhile testing the GitHubProvider OAuth integration, which allows authentication to a FastMCP MCP server via a FastMCP OAuthProxy using GitHub OAuth, it was discovered that the FastMCP OAuthProxy does not properly validate the user's consent upon receiving the authorization code from GitHub...

8.2CVSS6.1AI score0.00207EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2 days ago3 views

Open WebUI has Broken Access Control in Tool Valves

Summary Broken Access Control in Tool ValvesOpen WebUI supports function calling through "Tools". Function calling allows an LLM to reliably connect to external tools and interact with external APIs. Exemplary use-cases include connecting to an internal knowledge base, retrieving emails from an...

7.7CVSS6.2AI score0.05271EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2 days ago2 views

PraisonAI: SSRF via Unvalidated api_base in passthrough() Fallback

Summarypassthrough and apassthrough in praisonai accept a caller-controlled apibase parameter that is concatenated with endpoint and passed directly to httpx.Client.request when the litellm primary path raises AttributeError. No URL scheme validation, private IP filtering, or domain allowlist is...

7.7CVSS6.1AI score0.00337EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2 days ago4 views

PraisonAI Has ReDoS via Unvalidated User-Controlled Regex in MCPToolIndex.search_tools()

SummaryMCPToolIndex.searchtools compiles a caller-supplied string directly as a Python regular expression with no validation, sanitization, or timeout. A crafted regex causes catastrophic backtracking in the re engine, blocking the Python thread for hundreds of seconds and causing a complete...

7.5CVSS6.1AI score0.00402EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2 days ago4 views

OpenStack Glance is affected by Server-Side Request Forgery (SSRF)

OpenStack Glance versions = 30.0.0 30.1.1, == 31.0.0 are affected by Server-Side Request Forgery SSRF. By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only the glance image import functionality is affected. In particular, the...

7.1CVSS6.1AI score0.00258EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2 days ago4 views

FastMCP has a Command Injection vulnerability - Gemini CLI

Server names containing shell metacharacters e.g., & can cause command injection on Windows when passed to fastmcp install claude-code or fastmcp install gemini-cli. These install paths use subprocess.run with a list argument, but on Windows the target CLIs often resolve to .cmd wrappers that are...

7.8CVSS6.2AI score0.00749EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2 days ago3 views

PraisonAI Has SSRF in FileTools.download_file() via Unvalidated URL

SummaryFileTools.downloadfile in praisonaiagents validates the destination path but performs no validation on the url parameter, passing it directly to httpx.stream with followredirects=True. An attacker who controls the URL can reach any host accessible from the server including cloud metadata...

8.6CVSS6.1AI score0.00405EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2 days ago4 views

alerta-server has potential SQL Injection vulnerability in Query String Syntax (q=) API

ImpactThe Query string search API q= was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. PatchesFixed in v9.1.0. The Postgres query parser now uses parameterized queries with...

9.8CVSS6.1AI score0.00505EPSS
Exploits0References10Affected Software1
PyPA
PyPA
added 2 days ago3 views

PraisonAI Has Sandbox Escape via shell=True and Bypassable Blocklist in SubprocessSandbox

SummarySubprocessSandbox in all modes BASIC, STRICT, NETWORKISOLATED calls subprocess.run with shell=True and relies solely on string-pattern matching to block dangerous commands. The blocklist does not include sh or bash as standalone executables, allowing trivial sandbox escape in STRICT mode v...

10CVSS6.1AI score0.00383EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2 days ago3 views

python-ecdsa: Denial of Service via improper DER length validation in crafted private keys

SummaryAn issue in the low-level DER parsing functions can cause unexpected exceptions to be raised from the public API functions.1. ecdsa.der.removeoctetstring accepts truncated DER where the encoded length exceeds the available buffer. For example, an OCTET STRING that declares a length of 4096...

5.3CVSS6.1AI score0.00476EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2 days ago3 views

Hugging Face Smolagents has an Injection issue

A weakness has been identified in huggingface smolagents 1.25.0.dev0. This affects the function evaluateaugassign/evaluatecall/evaluatewith of the file src/smolagents/localpythonexecutor.py of the component Incomplete Fix CVE-2025-9959. This manipulation causes code injection. It is possible to...

10CVSS6.4AI score0.00575EPSS
Exploits1References11Affected Software1
PyPA
PyPA
added 2 days ago3 views

Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check

Vulnerability IDOR in GET/PATCH/DELETE /api/v1/flow/flowidThe readflow helper in src/backend/base/langflow/api/v1/flows.py branched on the AUTOLOGIN setting to decide whether to filter by userid. When AUTOLOGIN was False i.e., authentication was enabled, neither branch enforced an ownership check...

8.8CVSS6.1AI score0.00468EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago4 views

Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check

Vulnerability IDOR in GET/PATCH/DELETE /api/v1/flow/flowidThe readflow helper in src/backend/base/langflow/api/v1/flows.py branched on the AUTOLOGIN setting to decide whether to filter by userid. When AUTOLOGIN was False i.e., authentication was enabled, neither branch enforced an ownership check...

8.8CVSS6.1AI score0.00468EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago4 views

Apache Airflow Provider for Databricks: TLS Certificate Verification is Disabled in Databricks Provider K8s Token Exchange

Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in a man-of-a-middle attack that traffic is intercepted and manipulated or credentials exfiltrated w/o...

4.8CVSS6.1AI score0.00355EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2 days ago2 views

Home Assistant has stored XSS in history-graphs

SummaryThe "remaining charge time"-sensor for mobile phones imported/included from Android Auto it appears is vulnerable to the same issue as CVE-2025-62172.This also indicates that any sensor showing their name in the history-graph, is likely to be vulnerable to this issue. DetailsAnother entity...

8.8CVSS6.2AI score0.00202EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2 days ago3 views

MLFlow allows Tracing + Assessments Access

In the latest version of mlflow/mlflow, when the basic-auth app is enabled, tracing and assessment endpoints are not protected by permission validators. This allows any authenticated user, including those with NOPERMISSIONS on the experiment, to read trace information and create assessments for...

8.1CVSS7AI score0.00331EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2 days ago6 views

Home Assistant has stored XSS in Map-card through malicious device name

SummaryAn authenticated party can add a malicious name to their device entity, allowing for Cross-Site Scripting attacks against anyone who can see a dashboard with a Map-card which includes that entity. It requires that the victim hovers over an information point The lines or the dots representi...

8.8CVSS6.2AI score0.00241EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2 days ago4 views

Open WebUI's Insecure Direct Object Reference (IDOR) allows access to other users' memories

SummaryAny authenticated user can read other users' private memories via /api/v1/retrieval/query/collection DetailsVulnerability 1: Missing authorization in collection queryingIn backend/openwebui/routers/retrieval.py, the querycollectionhandler function accepts a list of collectionnames but...

4.3CVSS6.1AI score0.00253EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2 days ago3 views

Giskard Agents have Server-side template injection via ChatWorkflow.chat() using non-sandboxed Jinja2 Environment

SummaryChatWorkflow.chatmessage passes its string argument directly as a Jinja2 template source to a non-sandboxed Environment. A developer who passes user input to this method enables full remote code execution via Jinja2 class traversal.The method name chat and parameter name message naturally...

8.8CVSS6.5AI score0.00611EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2 days ago2 views

Azure Data Explorer MCP Server: KQL Injection in multiple tools allows MCP client to execute arbitrary Kusto queries

Summaryadx-mcp-server ListDictstr, Any: client = getkustoclient query = f"tablename | getschema" ListDictstr, Any: client = getkustoclient query = f"tablename | sample samplesize" ListDictstr, Any: client = getkustoclient query = f".show table tablename details" -- KQL injection resultset =...

8.3CVSS6.3AI score0.00396EPSS
Exploits3References6Affected Software1
PyPA
PyPA
added 2 days ago3 views

NVIDIA NeMo Framework contains an RCE vulnerability in checkpoint loading

NVIDIA NeMo Framework contains a vulnerability in checkpoint loading where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering...

9.8CVSS7.1AI score0.00641EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago1 views

Open WebUI has unauthorized deletion of knowledge files

SummaryAn access control check is missing when deleting a file from a knowledge base. The only check being done is that the user has write access to the knowledge base or is admin, but NOT that the file actually belongs to this knowledge base. It is thus possible to delete arbitrary files from...

8.1CVSS6.2AI score0.00252EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2 days ago3 views

Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`

SummaryAn unsanitised filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a FileNotFoundError whose message — including the server's absolute DATADIR path — is returned verbatim in the HTTP 400 response body, confirming information...

4.3CVSS6.2AI score0.00427EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2 days ago4 views

Pygments has Regular Expression Denial of Service (ReDoS) due to Inefficient Regex for GUID Matching

A security flaw has been discovered in pygments before 2.20.0. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been release...

4.8CVSS5.8AI score0.00156EPSS
Exploits0References11Affected Software1
PyPA
PyPA
added 2 days ago6 views

pyLoad SETTINGS Permission Users Can Achieve Remote Code Execution via Unrestricted Reconnect Script Configuration

SummaryThe setconfigvalue API endpoint allows users with the non-admin SETTINGS permission to modify any configuration option without restriction. The reconnect.script config option controls a file path that is passed directly to subprocess.run in the thread manager's reconnect logic. A SETTINGS...

8.8CVSS6.6AI score0.00529EPSS
Exploits1References6Affected Software1
Total number of security vulnerabilities7035