3742 matches found
PYSEC-2024-220
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves Cross-Site Scripting XSS on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users...
PYSEC-2024-218
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a race condition in the updaterootinconfig function, allowing an attacker to modify the root URL used by the Gradio frontend to communicate with the backend. By exploiting this flaw, an attacker ca...
PYSEC-2024-217
Gradio is an open-source Python package designed for quick prototyping. This is a data validation vulnerability affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected...
PYSEC-2024-199
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a timing attack in the way Gradio compares hashes for the analyticsdashboard function. Since the comparison is not done in constant time, an attacker could exploit this by measuring the response ti...
PYSEC-2024-216
Gradio is an open-source Python package designed for quick prototyping. This vulnerability is a lack of integrity check on the downloaded FRP client, which could potentially allow attackers to introduce malicious code. If an attacker gains access to the remote URL from which the FRP client is...
PYSEC-2024-215
Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to Server-Side Request Forgery SSRF in the /queue/join endpoint. Gradio’s asyncsaveurltocache function allows attackers to force the Gradio server to send HTTP requests to user-controlled URLs. This...
PYSEC-2024-198
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves data exposure due to the enablemonitoring flag not properly disabling monitoring when set to False. Even when monitoring is supposedly disabled, an attacker or unauthorized user can still access th...
PYSEC-2024-214
Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to CORS origin validation accepting a null origin. When a Gradio server is deployed locally, the localhostaliases variable includes "null" as a valid origin. This allows attackers to make unauthoriz...
PYSEC-2024-196
Gradio is an open-source Python package designed for quick prototyping. This vulnerability is related to CORS origin validation, where the Gradio server fails to validate the request origin when a cookie is present. This allows an attacker’s website to make unauthorized requests to a local Gradio...
PYSEC-2024-213
Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to the bypass of directory traversal checks within the isinorequal function. This function, intended to check if a file resides within a given directory, can be bypassed with certain payloads that...
PYSEC-2024-197
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a one-level read path traversal in the /customcomponent endpoint. Attackers can exploit this flaw to access and leak source code from custom Gradio components by manipulating the file path in the...
PYSEC-2024-168
Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure and HTTPOnly flags. This issue has been addressed in release version 4.0.0 and all users are advis...
PYSEC-2024-311
Wasmtime is an open source runtime for WebAssembly. Under certain concurrent event orderings, a wasmtime::Engine's internal type registry was susceptible to double-unregistration bugs due to a race condition, leading to panics and potentially type registry corruption. That registry corruption...
PYSEC-2024-312
Wasmtime is an open source runtime for WebAssembly. Wasmtime's implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. The runtime crash may be undefined behavior if Wasmtime was compiled with Rust 1.80 or prior. The runtim...
PYSEC-2024-109
DeepSpeed Remote Code Execution Vulnerability...
PYSEC-2024-102
An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize and urlizetrunc template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters...
PYSEC-2024-101
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. A path traversal vulnerability inside of LocalMode's openlocalfile method allows an authenticated user with adequate permissions to download any .txt via the ScreensControllersh...
PYSEC-2024-121
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible to exfiltration via Cross-site scripting s...
PYSEC-2024-100
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. The login functionality contains a reflected cross-site scripting XSS vulnerability. This vulnerability is fixed in 5.19.0. Note: This CVE only affects Open Source Edition, and...
PYSEC-2024-186
RestrictedPython is a restricted execution environment for Python to run untrusted code. A user can gain access to protected and potentially sensible information indirectly via AttributeError.obj and the string module. The problem will be fixed in version 7.3. As a workaround, If the application...
PYSEC-2024-291
Assimp v5.4.3 is vulnerable to Buffer Overflow via the MD5Importer::LoadMD5MeshFile function...
PYSEC-2024-171
Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable ...
PYSEC-2024-290
OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timing attack...
PYSEC-2024-99
OpenSlides 4.0.15 was discovered to be using a weak hashing algorithm to store passwords...
PYSEC-2024-272
Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon edit operation. All...
PYSEC-2024-273
Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon edit operation. All...
PYSEC-2024-91
A vulnerability was found in MicroPython 1.23.0. It has been classified as critical. Affected is the function mpvfsumount of the file extmod/vfs.c of the component VFS Unmount Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit...
PYSEC-2024-96
A vulnerability was found in MicroPython 1.23.0. It has been classified as critical. Affected is the function mpvfsumount of the file extmod/vfs.c of the component VFS Unmount Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit...
PYSEC-2024-95
A vulnerability was found in MicroPython 1.23.0. It has been classified as critical. Affected is the function mpvfsumount of the file extmod/vfs.c of the component VFS Unmount Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit...
PYSEC-2024-94
A vulnerability was found in MicroPython 1.22.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file py/objarray.c. The manipulation leads to use after free. The attack can be launched remotely. The complexity of an attack is rather high. The...
PYSEC-2024-92
A vulnerability was found in MicroPython 1.22.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file py/objarray.c. The manipulation leads to use after free. The attack can be launched remotely. The complexity of an attack is rather high. The...
PYSEC-2024-93
A vulnerability was found in MicroPython 1.23.0. It has been classified as critical. Affected is the function mpvfsumount of the file extmod/vfs.c of the component VFS Unmount Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit...
PYSEC-2024-89
A vulnerability was found in MicroPython 1.23.0. It has been rated as critical. Affected by this issue is the function mpzasbytes of the file py/objint.c. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and ma...
PYSEC-2024-88
A vulnerability was found in MicroPython 1.23.0. It has been rated as critical. Affected by this issue is the function mpzasbytes of the file py/objint.c. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and ma...
PYSEC-2024-87
A vulnerability was found in MicroPython 1.23.0. It has been rated as critical. Affected by this issue is the function mpzasbytes of the file py/objint.c. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and ma...
PYSEC-2024-85
Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when using ‘finetune’ on it...
PYSEC-2024-83
Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when used for a prediction...
PYSEC-2024-79
An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list creation. If such a query i...
PYSEC-2024-82
Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded model to run arbitrary code on the server when interacted with...
PYSEC-2024-84
Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when a ‘describe’ query is run on it...
PYSEC-2024-81
An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list item creation. If such a...
PYSEC-2024-80
An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for site column creation. If such a...
PYSEC-2024-78
An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integration is installed on the server. If a specially crafted ‘INSERT’ query containing Python code is run against a database created with the ChromaDB engine, the cod...
PYSEC-2024-77
An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. If a specially crafted ‘SELECT WHERE’ clause containing Python code is run against a database created with the Weaviate engine,...
PYSEC-2024-212
Apache Airflow versions before 2.10.1 have a vulnerability that allowsDAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to execute code submitted by the DAG author. Users are advised to upgrade to version 2.10.1 or later,...
PYSEC-2024-266
Example DAG: exampleinleteventextra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the...
PYSEC-2024-74
MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service. Version 23.12.4.2 contai...
PYSEC-2024-90
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In Indico prior to version 3.3.4, corresponding to Flask-Multipass prior to version 0.5.5, there is a Cross-Site-Scripting vulnerability during account creation when redirecting to the...
PYSEC-2024-180
Stored XSS in organizer and event settings of pretix up to 2024.7.0 allows malicious event organizers to inject HTML tags into e-mail previews on settings page. The default Content Security Policy of pretix prevents execution of attacker-provided scripts, making exploitation unlikely. However,...
PYSEC-2024-192
An issue was discovered in llamaindex before 0.10.38. download/integration.py includes an exec call for import clsname...