Lucene search
K

7035 matches found

PyPA
PyPA
added 2 days ago4 views

pypdf: Manipulated FlateDecode XFA streams can exhaust RAM

ImpactAn attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode. PatchesThis has been fixed in pypdf==6.7.3. WorkaroundsIf projects...

8.7CVSS6.8AI score0.00348EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added 2 days ago4 views

Rucio WebUI has a Stored Cross-site Scripting (XSS) Vulnerability in its Custom RSE Attribute

SummaryA stored Cross-site Scripting XSS vulnerability was identified in the Custom RSE Attribute of the WebUI where attacker-controlled input is persisted by the backend and later rendered in the WebUI without proper output encoding. This allows arbitrary JavaScript execution in the context of t...

6.1CVSS6.3AI score0.00287EPSS
Exploits1References9Affected Software1
PyPA
PyPA
added 2 days ago5 views

Rucio WebUI has Username Enumeration via Login Error Message

SummaryThe WebUI login endpoint returns distinct error messages depending on whether a supplied username exists, allowing unauthenticated attackers to enumerate valid usernames. DetailsWhen submitting invalid credentials to /ui/login, the WebUI responds with different error messages based on the...

5.3CVSS6.1AI score0.00327EPSS
Exploits1References9Affected Software1
PyPA
PyPA
added 2 days ago4 views

Apache Superset: Read-Only Bypass via Improper Input Validation on PostgreSQL Connections

An Improper Input Validation vulnerability exists in Apache Superset that allows an authenticated user with SQLLab access to bypass the read-only verification check when using a PostgreSQL database connection.While the system effectively blocks standard Data Manipulation Language DML statements...

7.1CVSS6.1AI score0.00348EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago4 views

Apache Superset: Incomplete DISALLOWED_SQL_FUNCTIONS default list for ClickHouse engine

Apache Superset utilizes a configurable dictionary, DISALLOWEDSQLFUNCTIONS, to restrict the execution of potentially sensitive SQL functions within SQL Lab and charts. While this feature included restrictions for engines like PostgreSQL, a vulnerability was reported where the default list for the...

6.5CVSS6.2AI score0.00607EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago4 views

OpenFUN Richie Observable Timing Discrepancy in its sync_course_run_from_request function

An issue in OpenFUN Richie LMS in src/richie/apps/courses/api.py. The application used the non-constant time == operator for HMAC signature verification in the synccourserunfromrequest function. This allows remote attackers to forge valid signatures and bypass authentication by measuring response...

4.8CVSS6.1AI score0.00376EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2 days ago4 views

Rucio WebUI has a Reflected Cross-site Scripting Vulnerability

SummaryA reflected Cross-site Scripting vulnerability was located in the rendering of the ExceptionMessage of the WebUI 500 error which could allow attackers to steal login session tokens of users who navigate to a specially crafted URL. DetailsThe WebUI error message renders ExceptionMessage whi...

8.1CVSS6.1AI score0.00263EPSS
Exploits1References9Affected Software1
PyPA
PyPA
added 2 days ago4 views

pypdf has a possible infinite loop when loading circular /Prev entries in cross-reference streams

ImpactAn attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. PatchesThis has been fixed in pypdf==6.7.2. WorkaroundsIf users cannot upgrade yet, consider applying the changes from PR 3655...

7.5CVSS6.6AI score0.00346EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2 days ago2 views

Rucio WebUI has a Stored Cross-site Scripting (XSS) vulnerability its Identity Name

SummaryA stored Cross-site Scripting XSS vulnerability was identified in the Identity Name of the WebUI where attacker-controlled input is persisted by the backend and later rendered in the WebUI without proper output encoding. This allows arbitrary JavaScript execution in the context of the WebU...

6.1CVSS6.3AI score0.00287EPSS
Exploits1References9Affected Software1
PyPA
PyPA
added 2 days ago4 views

Rucio WebUI has Stored Cross-site Scripting (XSS) in RSE Metadata

SummaryA stored Cross-site Scripting XSS vulnerability was identified in the RSE metadata of the WebUI where attacker-controlled input is persisted by the backend and later rendered in the WebUI without proper output encoding. This allows arbitrary JavaScript execution in the context of the WebUI...

6.1CVSS6.3AI score0.00287EPSS
Exploits1References9Affected Software1
PyPA
PyPA
added 2 days ago2 views

Apache Superset allows authenticated users to view sensitive data without explicit permissions

A Sensitive Data Exposure vulnerability exists in Apache Superset allowing authenticated users to retrieve sensitive user information. The Tag endpoint disabled by default allows users to retrieve a list of objects associated with a specific tag.When these associated objects include Users, the AP...

6.5CVSS6.1AI score0.004EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago4 views

Apache Superset allows privileged users to conduct error-based SQL Injection

Improper Neutralization of Special Elements used in a SQL Command 'SQL Injection' vulnerability in Apache Superset allows an authenticated user with read access to conduct error-based SQL injection via the sqlExpression or where parameters.This issue affects Apache Superset: before 6.0.0.Users ar...

6.5CVSS6.1AI score0.00503EPSS
Exploits2References6Affected Software1
PyPA
PyPA
added 2 days ago4 views

Rucio WebUI Vulnerable to Stored Cross-site Scripting (XSS) through Custom Rule Function

SummaryA stored Cross-site Scripting XSS vulnerability was identified in the Custom Rules function of the WebUI where attacker-controlled input is persisted by the backend and later rendered in the WebUI without proper output encoding. This allows arbitrary JavaScript execution in the context of...

7.3CVSS6.3AI score0.0026EPSS
Exploits1References9Affected Software1
PyPA
PyPA
added 2 days ago3 views

Isso affected by Stored XSS via comment website field

ImpactThis is a stored Cross-Site Scripting XSS vulnerability affecting the website and author comment fields. The website field was HTML-escaped using quote=False, which left single and double quotes unescaped. Since the frontend inserts the website value directly into a single-quoted href...

6.1CVSS6.2AI score0.00216EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2 days ago3 views

Apache Airflow exposes sensitive information in its log files

Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were...

6.5CVSS6.1AI score0.00363EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago3 views

Apache Airflow error reporting may expose full kwargs

When a DAG failed during parsing, Airflow’s error-reporting in the UI could include the full kwargs passed to the operators. If those kwargs contained sensitive values such as secrets, they might be exposed in the UI tracebacks to authenticated users who had permission to view that DAG.The issue...

6.5CVSS6AI score0.00801EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago3 views

MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability

MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this vulnerability.The specific flaw...

8.1CVSS7.4AI score0.01682EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago4 views

Google Cloud Vertex AI has a a vulnerability involving predictable bucket naming

Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up tobut not including 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictably...

7.7CVSS6.3AI score0.00438EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2 days ago2 views

datapizza-ai has unsafe deserialization via pickle.loads() in RedisCache

A vulnerability has been found in datapizza-labs datapizza-ai 0.0.7. Affected by this vulnerability is the function RedisCache of the file datapizza-ai-cache/redis/datapizza/cache/redis/cache.py. Such manipulation leads to deserialization. The attack requires being on the local network. A high...

7.5CVSS5.4AI score0.00821EPSS
Exploits2References8Affected Software1
PyPA
PyPA
added 2 days ago4 views

D-Tale affected by Remote Code Execution through the /save-column-filter endpoint

ImpactUsers hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. PatchesUsers should upgrade to version 3.20.0. WorkaroundsThere are no workarounds for versions 3.20.0...

9.8CVSS6.5AI score0.00712EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago4 views

Google Cloud Vertex AI SDK affected by Stored Cross-Site Scripting (XSS)

Stored Cross-Site Scripting XSS in the genai/evalsvisualization component of Google Cloud Vertex AI SDK google-cloud-aiplatform versions from 1.98.0 up to but not including 1.131.0 allows an unauthenticated remote attacker to execute arbitrary JavaScript in a victim's Jupyter or Colab environment...

8.6CVSS7.2AI score0.00529EPSS
Exploits2References8Affected Software1
PyPA
PyPA
added 2 days ago4 views

Apache Superset Improper Authorization allows low-privileged users to bypass access controls

An Improper Authorization vulnerability exists in Apache Superset that allows a low-privileged user to bypass data access controls. When creating a dataset, Superset enforces permission checks to prevent users from querying unauthorized data. However, an authenticated attacker with permissions to...

7.1CVSS6.1AI score0.00436EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago2 views

datapizza-ai: Server-Side Template Injection in ChatPromptTemplate via Jinja2 Template Handler

A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Template Handler. This manipulation of the argument Prompt causes improper neutralization of special...

7.2CVSS5.7AI score0.00686EPSS
Exploits2References8Affected Software1
PyPA
PyPA
added 2 days ago4 views

Apache Airflow vulnerable to Code Injection in the web-server context via LogTemplate table

DAG Author who already has quite a lot of permissions could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server server-side as a...

8.4CVSS6.6AI score0.01134EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2 days ago3 views

yt-dlp: Arbitrary Command Injection when using the `--netrc-cmd` option

SummaryWhen yt-dlp's --netrc-cmd command-line option or netrccmd Python API parameter is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously crafted URL. Impactyt-dlp maintainers assume the impact of this vulnerability to be high for anyone who uses...

8.8CVSS6.1AI score0.01596EPSS
Exploits2References7Affected Software1
PyPA
PyPA
added 2 days ago5 views

Hugging Face Smolagents has a Server-Side Request Forgery issue

A weakness has been identified in huggingface smolagents 1.24.0. Impacted is the function requests.get/requests.post of the component LocalPythonExecutor. Executing a manipulation can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been made...

9.8CVSS6.3AI score0.00379EPSS
Exploits1References9Affected Software1
PyPA
PyPA
added 2 days ago3 views

NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code execution

NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

8.8CVSS6.2AI score0.00521EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago4 views

pypdf possibly has long runtimes for malformed FlateDecode streams

ImpactAn attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires a malformed /FlateDecode stream, where the byte-by-byte decompression is used. PatchesThis has been fixed in pypdf==6.7.1. WorkaroundsIf you cannot upgrade yet, consider applying the changes...

6.9CVSS6.5AI score0.00168EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago2 views

pypdf has a possible infinite loop when processing TreeObject

ImpactAn attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires accessing the children of a TreeObject, for example as part of outlines. PatchesThis has been fixed in pypdf==6.7.1. WorkaroundsIf you cannot upgrade yet, consider applying the changes fro...

6.9CVSS6.5AI score0.00168EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago4 views

NVIDIA NeMo Framework Deserializes Untrusted Data

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering...

7.8CVSS6.5AI score0.00187EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago5 views

OpenStack Nova calls qemu-img without format restrictions for resize

An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...

8.2CVSS6.1AI score0.00341EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago4 views

pypdf has possible long runtimes/large memory usage for large /ToUnicode streams

ImpactAn attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text extraction. PatchesThis has been fixed in pypdf==6.7.1. WorkaroundsIf...

6.9CVSS6.5AI score0.00168EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago5 views

Skill-scanner Unsecured Network Binding Vulnerability

Description:A vulnerability in the API Server of Skill Scanner could allow a unauthenticated, remote attacker to interact with the server API and either trigger a denial of service DoS condition or upload arbitrary files.This vulnerability is due to an erroneous binding to multiple interfaces. An...

9.1CVSS6.2AI score0.00328EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago4 views

Picklescan (scan_pytorch) Bypass via dynamic eval MAGIC_NUMBER

SummaryThis is a scanning bypass to scanpytorch function in picklescan. As we can see in the implementation of getmagicnumber that uses pickletools.genopsdata to get the magicnumber with the condition opcode.name includes INT or LONG, but the PyTorch's implemtation simply uses picklemodule.load t...

7.1CVSS6.1AI score0.00434EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added 2 days ago3 views

DiskCache has unsafe pickle deserialization

DiskCache python-diskcache through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache...

9.8CVSS7.3AI score0.00521EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2 days ago2 views

Keras has a Local File Disclosure via HDF5 External Storage During Keras Weight Loading

SummaryTensorFlow / Keras continues to honor HDF5 “external storage” and ExternalLink features when loading weights. A malicious .weights.h5 or a .keras archive embedding such weights can direct loadweights to read from an arbitrary readable filesystem path. The bytes pulled from that path popula...

7.5CVSS6.3AI score0.00298EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added 2 days ago5 views

MCP Run Python Deno Sandbox Misconfiguration Allows SSRF Attacks via Localhost Access

ImpactServer-Side Request Forgery SSRF:A security vulnerability exists in the mcp-run-python tool specifically within the Pydantic-AI integration due to an overly permissive Deno sandbox configuration.The tool configures the Deno runtime—which is intended to isolate the execution of untrusted...

5.8CVSS6.3AI score0.00165EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2 days ago3 views

LangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages

Server-Side Request Forgery SSRF in ChatOpenAI Image Token Counting SummaryThe ChatOpenAI.getnumtokensfrommessages method fetches arbitrary imageurl values without validation when computing token counts for vision-enabled models. This allows attackers to trigger Server-Side Request Forgery SSRF...

3.7CVSS6.2AI score0.00379EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2 days ago3 views

Emmett-Core: Unhandled CookieError Exception Causing Denial of Service

SummaryThe cookies property in emmettcore.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticated attackers to trigger HTTP 500 errors and cause denial of service. DetailsLocation: emmettcore/http/wrappers/init.py line...

7.5CVSS6.1AI score0.00271EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2 days ago3 views

MCP-Salesforce's arbitrary attribute access leads to disclosure of Salesforce auth token

ImpactDisclosure of Salesforce OAuth bearer tokens used by the MCP. Patchesfix applied in 0.1.10 WorkaroundsRotate any Salesforce tokens/credentials used by MCP-Salesforce...

8.7CVSS6.1AI score0.00409EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2 days ago3 views

MCP Run Python has a Sandbox Escape & Server Takeover Vulnerability

ImpactCritical Sandbox Escape & Server Takeover:A critical security vulnerability exists in mcp-run-python due to a lack of isolation between the Python runtime Pyodide and the host JavaScript environment.The runPython and runPythonAsync functions execute Python code using Pyodide without...

5.8CVSS6.4AI score0.00177EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2 days ago4 views

LangSmith Client SDK Affected by Server-Side Request Forgery via Tracing Header Injection

SummaryThe LangSmith SDK's distributed tracing feature is vulnerable to Server-Side Request Forgery via malicious HTTP headers. An attacker can inject arbitrary apiurl values through the baggage header, causing the SDK to exfiltrate sensitive trace data to attacker-controlled endpoints.---...

5.8CVSS7.1AI score0.00282EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2 days ago7 views

Pydantic AI has Stored XSS via Path Traversal in Web UI CDN URL

SummaryA Path Traversal vulnerability in the Pydantic AI web UI allows an attacker to serve arbitrary JavaScript in the context of the application by crafting a malicious URL. If a victim clicks the link or visits it via an iframe, attacker-controlled code executes in their browser, enabling thef...

7.1CVSS6.2AI score0.00324EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago2 views

pgadmin4 affected by a Restore restriction bypass via key disclosure vulnerability

pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract t...

7.4CVSS7AI score0.00392EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago4 views

Pydantic AI has Server-Side Request Forgery (SSRF) in URL Download Handling

SummaryA Server-Side Request Forgery SSRF vulnerability exists in Pydantic AI's URL download functionality. When applications accept message history from untrusted sources, attackers can include malicious URLs that cause the server to make HTTP requests to internal network resources, potentially...

8.6CVSS6.7AI score0.00579EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2 days ago4 views

libsodium has Incomplete List of Disallowed Inputs

libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.This advisoory...

4.5CVSS6.1AI score0.00166EPSS
Exploits0References16Affected Software1
PyPA
PyPA
added 2 days ago3 views

Pydantic AI has Server-Side Request Forgery (SSRF) in URL Download Handling

SummaryA Server-Side Request Forgery SSRF vulnerability exists in Pydantic AI's URL download functionality. When applications accept message history from untrusted sources, attackers can include malicious URLs that cause the server to make HTTP requests to internal network resources, potentially...

8.6CVSS6.7AI score0.00579EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2 days ago3 views

web2py has an Open Redirect Vulnerability

web2py versions 2.27.1-stable+timestamp.2023.11.16.08.03.57 and prior contain an Open Redirect vulnerability. If this vulnerability is exploited, the user may be redirected to an arbitrary website when accessing a specially crafted URL. As a result, the user may become a victim of a phishing atta...

5.1CVSS6.2AI score0.00294EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago4 views

Scrapy is vulnerable to a denial of service (DoS) attack due to flaws in brotli decompression implementation

Scrapy versions up to 2.13.3 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of...

7.5CVSS7AI score0.00509EPSS
Exploits0References12Affected Software1
PyPA
PyPA
added 2 days ago4 views

Pydantic AI has Stored XSS via Path Traversal in Web UI CDN URL

SummaryA Path Traversal vulnerability in the Pydantic AI web UI allows an attacker to serve arbitrary JavaScript in the context of the application by crafting a malicious URL. If a victim clicks the link or visits it via an iframe, attacker-controlled code executes in their browser, enabling thef...

7.1CVSS6.2AI score0.00324EPSS
Exploits0References6Affected Software1
Total number of security vulnerabilities7035