7035 matches found
pypdf: Manipulated FlateDecode XFA streams can exhaust RAM
ImpactAn attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode. PatchesThis has been fixed in pypdf==6.7.3. WorkaroundsIf projects...
Rucio WebUI has a Stored Cross-site Scripting (XSS) Vulnerability in its Custom RSE Attribute
SummaryA stored Cross-site Scripting XSS vulnerability was identified in the Custom RSE Attribute of the WebUI where attacker-controlled input is persisted by the backend and later rendered in the WebUI without proper output encoding. This allows arbitrary JavaScript execution in the context of t...
Rucio WebUI has Username Enumeration via Login Error Message
SummaryThe WebUI login endpoint returns distinct error messages depending on whether a supplied username exists, allowing unauthenticated attackers to enumerate valid usernames. DetailsWhen submitting invalid credentials to /ui/login, the WebUI responds with different error messages based on the...
Apache Superset: Read-Only Bypass via Improper Input Validation on PostgreSQL Connections
An Improper Input Validation vulnerability exists in Apache Superset that allows an authenticated user with SQLLab access to bypass the read-only verification check when using a PostgreSQL database connection.While the system effectively blocks standard Data Manipulation Language DML statements...
Apache Superset: Incomplete DISALLOWED_SQL_FUNCTIONS default list for ClickHouse engine
Apache Superset utilizes a configurable dictionary, DISALLOWEDSQLFUNCTIONS, to restrict the execution of potentially sensitive SQL functions within SQL Lab and charts. While this feature included restrictions for engines like PostgreSQL, a vulnerability was reported where the default list for the...
OpenFUN Richie Observable Timing Discrepancy in its sync_course_run_from_request function
An issue in OpenFUN Richie LMS in src/richie/apps/courses/api.py. The application used the non-constant time == operator for HMAC signature verification in the synccourserunfromrequest function. This allows remote attackers to forge valid signatures and bypass authentication by measuring response...
Rucio WebUI has a Reflected Cross-site Scripting Vulnerability
SummaryA reflected Cross-site Scripting vulnerability was located in the rendering of the ExceptionMessage of the WebUI 500 error which could allow attackers to steal login session tokens of users who navigate to a specially crafted URL. DetailsThe WebUI error message renders ExceptionMessage whi...
pypdf has a possible infinite loop when loading circular /Prev entries in cross-reference streams
ImpactAn attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. PatchesThis has been fixed in pypdf==6.7.2. WorkaroundsIf users cannot upgrade yet, consider applying the changes from PR 3655...
Rucio WebUI has a Stored Cross-site Scripting (XSS) vulnerability its Identity Name
SummaryA stored Cross-site Scripting XSS vulnerability was identified in the Identity Name of the WebUI where attacker-controlled input is persisted by the backend and later rendered in the WebUI without proper output encoding. This allows arbitrary JavaScript execution in the context of the WebU...
Rucio WebUI has Stored Cross-site Scripting (XSS) in RSE Metadata
SummaryA stored Cross-site Scripting XSS vulnerability was identified in the RSE metadata of the WebUI where attacker-controlled input is persisted by the backend and later rendered in the WebUI without proper output encoding. This allows arbitrary JavaScript execution in the context of the WebUI...
Apache Superset allows authenticated users to view sensitive data without explicit permissions
A Sensitive Data Exposure vulnerability exists in Apache Superset allowing authenticated users to retrieve sensitive user information. The Tag endpoint disabled by default allows users to retrieve a list of objects associated with a specific tag.When these associated objects include Users, the AP...
Apache Superset allows privileged users to conduct error-based SQL Injection
Improper Neutralization of Special Elements used in a SQL Command 'SQL Injection' vulnerability in Apache Superset allows an authenticated user with read access to conduct error-based SQL injection via the sqlExpression or where parameters.This issue affects Apache Superset: before 6.0.0.Users ar...
Rucio WebUI Vulnerable to Stored Cross-site Scripting (XSS) through Custom Rule Function
SummaryA stored Cross-site Scripting XSS vulnerability was identified in the Custom Rules function of the WebUI where attacker-controlled input is persisted by the backend and later rendered in the WebUI without proper output encoding. This allows arbitrary JavaScript execution in the context of...
Isso affected by Stored XSS via comment website field
ImpactThis is a stored Cross-Site Scripting XSS vulnerability affecting the website and author comment fields. The website field was HTML-escaped using quote=False, which left single and double quotes unescaped. Since the frontend inserts the website value directly into a single-quoted href...
Apache Airflow exposes sensitive information in its log files
Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were...
Apache Airflow error reporting may expose full kwargs
When a DAG failed during parsing, Airflow’s error-reporting in the UI could include the full kwargs passed to the operators. If those kwargs contained sensitive values such as secrets, they might be exposed in the UI tracebacks to authenticated users who had permission to view that DAG.The issue...
MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability
MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this vulnerability.The specific flaw...
Google Cloud Vertex AI has a a vulnerability involving predictable bucket naming
Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up tobut not including 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictably...
datapizza-ai has unsafe deserialization via pickle.loads() in RedisCache
A vulnerability has been found in datapizza-labs datapizza-ai 0.0.7. Affected by this vulnerability is the function RedisCache of the file datapizza-ai-cache/redis/datapizza/cache/redis/cache.py. Such manipulation leads to deserialization. The attack requires being on the local network. A high...
D-Tale affected by Remote Code Execution through the /save-column-filter endpoint
ImpactUsers hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. PatchesUsers should upgrade to version 3.20.0. WorkaroundsThere are no workarounds for versions 3.20.0...
Google Cloud Vertex AI SDK affected by Stored Cross-Site Scripting (XSS)
Stored Cross-Site Scripting XSS in the genai/evalsvisualization component of Google Cloud Vertex AI SDK google-cloud-aiplatform versions from 1.98.0 up to but not including 1.131.0 allows an unauthenticated remote attacker to execute arbitrary JavaScript in a victim's Jupyter or Colab environment...
Apache Superset Improper Authorization allows low-privileged users to bypass access controls
An Improper Authorization vulnerability exists in Apache Superset that allows a low-privileged user to bypass data access controls. When creating a dataset, Superset enforces permission checks to prevent users from querying unauthorized data. However, an authenticated attacker with permissions to...
datapizza-ai: Server-Side Template Injection in ChatPromptTemplate via Jinja2 Template Handler
A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Template Handler. This manipulation of the argument Prompt causes improper neutralization of special...
Apache Airflow vulnerable to Code Injection in the web-server context via LogTemplate table
DAG Author who already has quite a lot of permissions could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server server-side as a...
yt-dlp: Arbitrary Command Injection when using the `--netrc-cmd` option
SummaryWhen yt-dlp's --netrc-cmd command-line option or netrccmd Python API parameter is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously crafted URL. Impactyt-dlp maintainers assume the impact of this vulnerability to be high for anyone who uses...
Hugging Face Smolagents has a Server-Side Request Forgery issue
A weakness has been identified in huggingface smolagents 1.24.0. Impacted is the function requests.get/requests.post of the component LocalPythonExecutor. Executing a manipulation can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been made...
NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code execution
NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...
pypdf possibly has long runtimes for malformed FlateDecode streams
ImpactAn attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires a malformed /FlateDecode stream, where the byte-by-byte decompression is used. PatchesThis has been fixed in pypdf==6.7.1. WorkaroundsIf you cannot upgrade yet, consider applying the changes...
pypdf has a possible infinite loop when processing TreeObject
ImpactAn attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires accessing the children of a TreeObject, for example as part of outlines. PatchesThis has been fixed in pypdf==6.7.1. WorkaroundsIf you cannot upgrade yet, consider applying the changes fro...
NVIDIA NeMo Framework Deserializes Untrusted Data
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering...
OpenStack Nova calls qemu-img without format restrictions for resize
An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...
pypdf has possible long runtimes/large memory usage for large /ToUnicode streams
ImpactAn attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text extraction. PatchesThis has been fixed in pypdf==6.7.1. WorkaroundsIf...
Skill-scanner Unsecured Network Binding Vulnerability
Description:A vulnerability in the API Server of Skill Scanner could allow a unauthenticated, remote attacker to interact with the server API and either trigger a denial of service DoS condition or upload arbitrary files.This vulnerability is due to an erroneous binding to multiple interfaces. An...
Picklescan (scan_pytorch) Bypass via dynamic eval MAGIC_NUMBER
SummaryThis is a scanning bypass to scanpytorch function in picklescan. As we can see in the implementation of getmagicnumber that uses pickletools.genopsdata to get the magicnumber with the condition opcode.name includes INT or LONG, but the PyTorch's implemtation simply uses picklemodule.load t...
DiskCache has unsafe pickle deserialization
DiskCache python-diskcache through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache...
Keras has a Local File Disclosure via HDF5 External Storage During Keras Weight Loading
SummaryTensorFlow / Keras continues to honor HDF5 “external storage” and ExternalLink features when loading weights. A malicious .weights.h5 or a .keras archive embedding such weights can direct loadweights to read from an arbitrary readable filesystem path. The bytes pulled from that path popula...
MCP Run Python Deno Sandbox Misconfiguration Allows SSRF Attacks via Localhost Access
ImpactServer-Side Request Forgery SSRF:A security vulnerability exists in the mcp-run-python tool specifically within the Pydantic-AI integration due to an overly permissive Deno sandbox configuration.The tool configures the Deno runtime—which is intended to isolate the execution of untrusted...
LangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages
Server-Side Request Forgery SSRF in ChatOpenAI Image Token Counting SummaryThe ChatOpenAI.getnumtokensfrommessages method fetches arbitrary imageurl values without validation when computing token counts for vision-enabled models. This allows attackers to trigger Server-Side Request Forgery SSRF...
Emmett-Core: Unhandled CookieError Exception Causing Denial of Service
SummaryThe cookies property in emmettcore.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticated attackers to trigger HTTP 500 errors and cause denial of service. DetailsLocation: emmettcore/http/wrappers/init.py line...
MCP-Salesforce's arbitrary attribute access leads to disclosure of Salesforce auth token
ImpactDisclosure of Salesforce OAuth bearer tokens used by the MCP. Patchesfix applied in 0.1.10 WorkaroundsRotate any Salesforce tokens/credentials used by MCP-Salesforce...
MCP Run Python has a Sandbox Escape & Server Takeover Vulnerability
ImpactCritical Sandbox Escape & Server Takeover:A critical security vulnerability exists in mcp-run-python due to a lack of isolation between the Python runtime Pyodide and the host JavaScript environment.The runPython and runPythonAsync functions execute Python code using Pyodide without...
LangSmith Client SDK Affected by Server-Side Request Forgery via Tracing Header Injection
SummaryThe LangSmith SDK's distributed tracing feature is vulnerable to Server-Side Request Forgery via malicious HTTP headers. An attacker can inject arbitrary apiurl values through the baggage header, causing the SDK to exfiltrate sensitive trace data to attacker-controlled endpoints.---...
Pydantic AI has Stored XSS via Path Traversal in Web UI CDN URL
SummaryA Path Traversal vulnerability in the Pydantic AI web UI allows an attacker to serve arbitrary JavaScript in the context of the application by crafting a malicious URL. If a victim clicks the link or visits it via an iframe, attacker-controlled code executes in their browser, enabling thef...
pgadmin4 affected by a Restore restriction bypass via key disclosure vulnerability
pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract t...
Pydantic AI has Server-Side Request Forgery (SSRF) in URL Download Handling
SummaryA Server-Side Request Forgery SSRF vulnerability exists in Pydantic AI's URL download functionality. When applications accept message history from untrusted sources, attackers can include malicious URLs that cause the server to make HTTP requests to internal network resources, potentially...
libsodium has Incomplete List of Disallowed Inputs
libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.This advisoory...
Pydantic AI has Server-Side Request Forgery (SSRF) in URL Download Handling
SummaryA Server-Side Request Forgery SSRF vulnerability exists in Pydantic AI's URL download functionality. When applications accept message history from untrusted sources, attackers can include malicious URLs that cause the server to make HTTP requests to internal network resources, potentially...
web2py has an Open Redirect Vulnerability
web2py versions 2.27.1-stable+timestamp.2023.11.16.08.03.57 and prior contain an Open Redirect vulnerability. If this vulnerability is exploited, the user may be redirected to an arbitrary website when accessing a specially crafted URL. As a result, the user may become a victim of a phishing atta...
Scrapy is vulnerable to a denial of service (DoS) attack due to flaws in brotli decompression implementation
Scrapy versions up to 2.13.3 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of...
Pydantic AI has Stored XSS via Path Traversal in Web UI CDN URL
SummaryA Path Traversal vulnerability in the Pydantic AI web UI allows an attacker to serve arbitrary JavaScript in the context of the application by crafting a malicious URL. If a victim clicks the link or visits it via an iframe, attacker-controlled code executes in their browser, enabling thef...