Lucene search
K

7035 matches found

PyPA
PyPA
added 2 days ago2 views

MobSF has SQL Injection in its SQLite Database Viewer Utils

DescriptionMobSF's readsqlite function in mobsf/MobSF/utils.py lines 542-566 uses Python string formatting % to construct SQL queries with table names read from a SQLite database's sqlitemaster table. When a security analyst uses MobSF to analyze a malicious mobile application containing a crafte...

6.5CVSS6.2AI score0.00276EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2 days ago4 views

Open WebUI's process_files_batch() endpoint missing ownership check, allows unauthorized file overwrite

SummaryAny authenticated user can overwrite any file's content by ID through the POST /api/v1/retrieval/process/files/batch endpoint. The endpoint performs no ownership check, so a regular user with read access to a shared knowledge base can obtain file UUIDs via GET /api/v1/knowledge/id/files an...

7.1CVSS6.1AI score0.02858EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2 days ago3 views

pypdf: Possible infinite loop during recovery attempts in DictionaryObject.read_from_stream

ImpactAn attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading a file in non-strict mode. PatchesThis has been fixed in pypdf==6.9.2. WorkaroundsIf users cannot upgrade yet, consider applying the changes from PR 3693...

8.2CVSS6.6AI score0.00455EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2 days ago4 views

NVIDIA NeMo Framework contains a vulnerability leading to Remote Code Execution

NVIDIA NeMo Framework contains a vulnerability where an attacker may cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering...

9.8CVSS7.1AI score0.00641EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago3 views

MindSQL is vulnerable to Code Injection through its ask_db function

A vulnerability was found in Mindinventory MindSQL up to 0.2.1. Impacted is the function askdb of the file mindsql/core/mindsqlcore.py. Performing a manipulation results in code injection. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was...

6.5CVSS6.3AI score0.00228EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago3 views

Stored XSS in PySpector HTML Report Generation leads to Javascript Code Execution

SummaryPySpector versions = 0.1.6 are affected by a stored Cross-Site Scripting XSS vulnerability in the HTML report generator. When PySpector scans a Python file containing JavaScript payloads i.e. inside a string passed to eval , the flagged code snippet is interpolated into the HTML report...

6.1CVSS6.3AI score0.00217EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2 days ago5 views

Denial of service via non-terminating SYLT frame parsing loop in tinytag

Summarytinytag 2.2.0 allows an attacker who can supply MP3 files for parsing to trigger a non-terminating loop while the library parses an ID3v2 SYLT synchronized lyrics frame. In server-side deployments that automatically parse attacker-supplied files, a single 498-byte MP3 can cause the parsing...

6.5CVSS6.1AI score0.0041EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added 2 days ago3 views

Improper S3 ownership verification in Bedrock AgentCore Starter Toolkit

SummaryAn issue has been identified in the Bedrock AgentCore Starter Toolkit versions prior to v0.1.13 that may allow a remote actor to inject code during the build process, leading to code execution in the AgentCore Runtime. ImpactA remote actor could inject code during the build process, leadin...

7.5CVSS6.4AI score0.00242EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2 days ago4 views

pypdf has inefficient decoding of array-based streams

ImpactAn attacker who uses this vulnerability can craft a PDF which leads to long runtimes and/or large memory usage. This requires accessing an array-based stream with lots of entries. PatchesThis has been fixed in pypdf==6.9.1. WorkaroundsIf you cannot upgrade yet, consider applying the changes...

6.5CVSS6.5AI score0.00349EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2 days ago4 views

PySpector has a Plugin Sandbox Bypass leads to Arbitrary Code Execution

SummaryPySpector versions = 0.1.6 are affected by a security validation bypass in the plugin system. The validateplugincode function in pluginsystem.py, performs static AST analysis to block dangerous API calls before a plugin is trusted and executed. However, the internal resolvename helper only...

8.3CVSS6.5AI score0.00169EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2 days ago4 views

Arbitrary file write via tar traversal in mlflow

A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of tarfile.extractall without path validation enables crafted tar.gz files containing .. or absolute paths to escape the intended extractio...

9.1CVSS7.2AI score0.00852EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2 days ago4 views

DeepDiff has Memory Exhaustion DoS through SAFE_TO_IMPORT

SummaryThe pickle unpickler RestrictedUnpickler validates which classes can be loaded but does not limit their constructor arguments. A few of the types in SAFETOIMPORT have constructors that allocate memory proportional to their input builtins.bytes, builtins.list, builtins.range. A 40-byte pick...

8.7CVSS6.5AI score0.00452EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2 days ago3 views

PyMuPDF has a path traversal in _main_.py

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

8.2CVSS6.2AI score0.00354EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2 days ago4 views

Vanna has a SQL injection in the remove_training_data function

A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function removetrainingdata of the file src/vanna/legacy/google/bigqueryvector.py. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

7.5CVSS6.7AI score0.00254EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago4 views

Frigte has broken access control viewer user can delete admin and other users account

SummaryUsers with the viewer role can delete admin and other users account. It this leads to denial of service and affects data integrity. DetailsEndpoint DELETE /api/users/admin is enable to anonymous user. PoCI deleted admin user on demo.frigate.video: ImpactIt this leads to denial of service a...

8.1CVSS6.1AI score0.00243EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2 days ago4 views

ha-mcp OAuth 2.1 DCR mode enables network reconnaissance via an error oracle

SummaryThe ha-mcp OAuth consent form beta feature accepts a user-supplied haurl and makes a server-side HTTP request to haurl/api/config with no URL validation. An unauthenticated attacker can submit arbitrary URLs to perform internal network reconnaissance via an error oracle. Two additional cod...

5.3CVSS6.3AI score0.00278EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2 days ago4 views

multipart vulnerable to ReDoS in `parse_options_header()`

SummaryThe parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted HTTP or multipart segment headers. This can be abused for denial of service DoS attacks against web...

7.5CVSS7AI score0.00699EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2 days ago3 views

MLflow has a command injection in mlflow/sagemaker/__init__.py

A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the mlflow/sagemaker/init.py file at lines 161-167. The vulnerability arises from the direct interpolation of user-supplied container image names into shell commands without proper sanitization, whic...

8.8CVSS7.2AI score0.01456EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added 2 days ago3 views

django-unicorn affected by component state manipulation via unvalidated attribute access

SummaryComponent state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modify internal attributes such as templatename or trigger protected methods. Vulnerability...

5.3CVSS6.1AI score0.0021EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2 days ago4 views

ha-mcp has XSS via Unescaped HTML in OAuth Consent Form

SummaryThe ha-mcp OAuth consent form renders user-controlled parameters via Python f-strings with no HTML escaping. An attacker who can reach the OAuth endpoint and convince the server operator to follow a crafted authorization URL could execute JavaScript in the operator's browser. This affects...

6.8CVSS6.2AI score0.00181EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2 days ago3 views

pypdf: manipulated stream length values can exhaust RAM

ImpactAn attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length inside the stream. PatchesThis has been fixed in pypdf==6.8.0. WorkaroundsIf you cannot...

6.8CVSS6.5AI score0.00172EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago2 views

SGLangs `replay_request_dump.py` contains an insecure pickle.load() without validation and proper deserialization

SGLangs replayrequestdump.py contains an insecure pickle.load without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running the script...

7.8CVSS6.9AI score0.00334EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago4 views

Graphiti vulnerable to Cypher Injection via unsanitized node_labels in search filters

SummaryGraphiti versions before 0.28.2 contained a Cypher injection vulnerability in shared search-filter construction for non-Kuzu backends. Attacker-controlled label values supplied through SearchFilters.nodelabels were concatenated directly into Cypher label expressions without validation.In M...

8.1CVSS6.3AI score0.00344EPSS
Exploits2References8Affected Software1
PyPA
PyPA
added 2 days ago5 views

Magic Wormhole: "wormhole receive" allows arbitrary local file overwrite

ImpactWhat kind of vulnerability is it? Who is impacted?Receiving a file wormhole receive from a malicious party could result in overwriting critical local files, including /.ssh/authorizedkeys and .bashrc. This could be used to compromise the receiver's computer.Only the sender of the file the...

8.2CVSS6AI score0.0035EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2 days ago4 views

FastMCP OAuth Proxy token reuse across MCP servers

While testing the OAuth Proxy implementation, it was noticed that the server does not properly respect the resource parameter submitted by the client in the authorization and token request. Instead of issuing the token explicitly for this MCP server, the token is issued for the baseurl passed to...

7.4CVSS6.1AI score0.00358EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2 days ago3 views

mcp-memory-service Vulnerable to System Information Disclosure via Health Endpoint

SummaryThe /api/health/detailed endpoint returns detailed system information including OS version, Python version, CPU count, memory totals, disk usage, and the full database filesystem path. When MCPALLOWANONYMOUSACCESS=true is set required for the HTTP server to function without OAuth/API key,...

5.3CVSS6.1AI score0.00369EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2 days ago2 views

vLLM has SSRF Protection Bypass

SummaryThe SSRF protection fix for https://github.com/vllm-project/vllm/security/advisories/GHSA-qh4c-xf7m-gxfc can be bypassed in the loadfromurlasync method due to inconsistent URL parsing behavior between the validation layer and the actual HTTP client. Affected Component- File:...

9.8CVSS7AI score0.00485EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added 2 days ago3 views

MCP Atlassian has SSRF via unvalidated X-Atlassian-Jira-Url / X-Atlassian-Confluence-Url headers

SummaryAn unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint can force the server process to make outbound HTTP requests to an arbitrary attacker-controlled URL by supplying two custom HTTP headers without an Authorization header. No authentication is required. The vulnerabili...

8.2CVSS6.4AI score0.14958EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2 days ago3 views

Apache Airflow Providers Http has Unsafe Pickle Deserializatio leading to RCE via HttpOperator

A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permissions as Dag Author. Since direct DB access is not usual and recommended for Airflow, the likelihood of it making any damage is...

8.8CVSS7.1AI score0.00695EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added 2 days ago4 views

Apache Airflow AWS Auth Manager has Host Header Injection Leading to SAML Authentication Bypass

In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL.This allowed to gain access to different instances with potentially different access controls by reusing SAML response from other instances.You shoul...

5.4CVSS6AI score0.00359EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added 2 days ago3 views

mcp-memory-service's Wildcard CORS with Credentials Enables Cross-Origin Memory Theft

SummaryWhen the HTTP server is enabled MCPHTTPENABLED=true, the application configures FastAPI's CORSMiddleware with alloworigins='', allowcredentials=True, allowmethods="", and allowheaders="". The wildcard Access-Control-Allow-Origin: header permits any website to read API responses cross-origi...

8.8CVSS6.1AI score0.00387EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2 days ago4 views

Azure MCP Server has Server-Side Request Forgery issue that allows authorized attacker to elevate privileges over a network

Server-Side Request Forgery SSRF in Azure MCP Server allows an authorized attacker to elevate privileges over a network...

8.8CVSS7.1AI score0.00959EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago2 views

Django vulnerable to Uncontrolled Resource Consumption

An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29.URLField.topython in Django calls urllib.parse.urlsplit, which performs NFKC normalization on Windows that is disproportionately slow for certain Unicode characters, allowing a remote attacker to cause denial of...

7.5CVSS7AI score0.00734EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2 days ago2 views

MS-Agent vulnerable to Command Injection

A Command Injection vulnerability in ModelScope's MS-Agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input...

6.5CVSS7.3AI score0.01611EPSS
Exploits2References8Affected Software1
PyPA
PyPA
added 2 days ago4 views

OpenChatBI has a Path Traversal Vulnerability in save_report Tool

ImpactThe savereport tool in openchatbi/tool/savereport.py suffers from a critical path traversal vulnerability due to insufficient input sanitization of the fileformat parameter. The function only removes leading dots of fileformat using fileformat.lstrip"." but allows path traversal sequences...

9.8CVSS6.3AI score0.00443EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago4 views

RAGAS has an Arbitrary File Read vulnerability

An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrievedcontexts parameter when handling multimodal inputs...

8.7CVSS6.6AI score0.00534EPSS
Exploits1References9Affected Software1
PyPA
PyPA
added 2 days ago4 views

OpenViking contains a Path Traversal vulnerability

OpenViking versions 0.2.1 and prior, fixed in commit46b3e76, contain a path traversal vulnerability in the .ovpack import handling that allows attackers to write files outside the intended import directory. Attackers can craft malicious ZIP archives with traversal sequences, absolute paths, or...

8.4CVSS6.2AI score0.00181EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2 days ago4 views

Django has a Race Condition vulnerability

An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29.Race condition in file-system storage and file-based cache backends in Django allows an attacker to cause file system objects to be created with incorrect permissions via concurrent requests, where one thread's...

3.7CVSS6.1AI score0.00341EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2 days ago3 views

dbt-common's commonprefix() doesn't protect against path traversal

ImpactWhat kind of vulnerability is it? Who is impacted?A path traversal vulnerability exists in dbt-common's safeextract function used when extracting tarball archives. The function uses os.path.commonprefix to validate that extracted files remain within the intended destination directory...

5.3CVSS6.2AI score0.00262EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added 2 days ago6 views

pypdf vulnerable to inefficient decoding of ASCIIHexDecode streams

ImpactAn attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /ASCIIHexDecode filter. PatchesThis has been fixed in pypdf==6.7.5. WorkaroundsIf you cannot upgrade yet, consider applying the changes from PR 3666...

6.9CVSS6.1AI score0.00399EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago4 views

BentoML Vulnerable to Arbitrary File Write via Symlink Path Traversal in Tar Extraction

Arbitrary File Write via Symlink Path Traversal in Tar Extraction SummaryThe safeextracttarfile function validates that each tar member's path is within the destination directory, but for symlink members it only validates the symlink's own path, not the symlink's target. An attacker can create a...

8.6CVSS6.5AI score0.00257EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2 days ago3 views

LangGraph: BaseCache Deserialization of Untrusted Data may lead to Remote Code Execution

ContextA Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable cache backends that inherit from BaseCache and opt nodes into caching via CachePolicy. Prior to langgraph-checkpoint 4.0.0, BaseCache defaults to JsonPlusSerializerpicklefallback=True. When...

6.6CVSS7.5AI score0.00698EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago3 views

joserfc's PBES2 p2c Unbounded Iteration Count enables Denial of Service (DoS)

Summary A resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library decrypts a JSON Web Encryption JWE token using Password-Based Encryption PBES2 algorithms, it reads the p2c PBES2 Count parameter directl...

7.5CVSS6.2AI score0.00432EPSS
Exploits2References7Affected Software1
PyPA
PyPA
added 2 days ago4 views

wger: IDOR in nutritional_values endpoints exposes private dietary data via direct ORM lookup

SummaryThree nutritionalvalues action endpoints fetch objects via Model.objects.getpk=pk — a raw ORM call that bypasses the user-scoped queryset. Any authenticated user can read another user's private nutrition plan data, including caloric intake and full macro breakdown, by supplying an arbitrar...

4.3CVSS6.2AI score0.0026EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2 days ago4 views

pypdf: Manipulated RunLengthDecode streams can exhaust RAM

ImpactAn attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. PatchesThis has been fixed in pypdf==6.7.4. WorkaroundsIf you cannot upgrade yet, consider applying the changes from PR 3664...

6.9CVSS6.1AI score0.00423EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago4 views

wger: IDOR via user-unscoped cache keys on routine API actions exposes workout data

SummaryFive routine detail action endpoints check a cache before calling self.getobject. Cache keys are scoped only by pk — no user ID is included. When a victim has previously accessed their routine via the API, an attacker can retrieve the cached response for the same PK without any ownership...

3.5CVSS6.1AI score0.00245EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2 days ago4 views

mcp-server-git : Path traversal in git_add allows staging files outside repository boundaries

In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. The tool used GitPython's repo.index.add, which did not enforce working-tree boundary checks for relative paths. As a result,...

6.5CVSS6.1AI score0.00287EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2 days ago4 views

OpenEXR's CompositeDeepScanLine integer-overflow leads to heap OOB write

SummaryFunction: CompositeDeepScanLine::readPixels, reachable from high-level multipart deep read flows MultiPartInputFile + DeepScanLineInputPart + CompositeDeepScanLine.Vulnerable lines src/lib/OpenEXR/ImfCompositeDeepScanLine.cpp:- totalsizesptr += countsjptr; line 511- overallsamplecount +=...

8.4CVSS7.1AI score0.00201EPSS
Exploits2References5Affected Software1
PyPA
PyPA
added 2 days ago4 views

zae-limiter: DynamoDB hot partition throttling enables per-entity Denial of Service

SummaryAll rate limit buckets for a single entity share the same DynamoDB partition key namespace/ENTITYid. A high-traffic entity can exceed DynamoDB's per-partition throughput limits 1,000 WCU/sec, causing throttling that degrades service for that entity — and potentially co-located entities in...

5.3CVSS6.1AI score0.00228EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2 days ago4 views

wger: IDOR in RepetitionsConfig and MaxRepetitionsConfig API leak other users' workout data

SummaryRepetitionsConfigViewSet and MaxRepetitionsConfigViewSet return all users' repetition config data because their getqueryset calls .all instead of filtering by the authenticated user. Any registered user can enumerate every other user's workout structure. Detailswger/manager/api/views.py:49...

4.3CVSS6.1AI score0.00257EPSS
Exploits1References6Affected Software1
Total number of security vulnerabilities7035