Lucene search
K

7035 matches found

PyPA
PyPA
added yesterday5 views

BabelDOC: Arbitrary Code Execution via CMap Pickle Deserialization in babeldoc/pdfminer/cmapdb.py

Arbitrary Code Execution via CMap Pickle Deserialization in babeldoc/pdfminer/cmapdb.py SummaryBabelDOC's vendored PDF parser babeldoc/pdfminer/cmapdb.py deserializes untrusted pickle data when loading CMap files. The loaddata method strips only NUL bytes from a PDF-controlled CMap name, then...

7.8CVSS6.6AI score
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday5 views

Soup Sieve: Regular Expression Denial of Service (ReDoS) via Selector Parser

SummaryThe CSS selector parser in soupsieve the CSS selector engine for Beautiful Soup 4 contains a regular expression vulnerable to catastrophic backtracking. When processing an attribute selector with an unterminated quoted value, the VALUE regex pattern in cssparser.py enters exponential...

7.5CVSS6AI score
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday4 views

psd-tools vulnerable to arbitrary file write via smart-object filename

psd-tools: arbitrary file write/read via smart-object path traversal SummaryIn psd-tools all releases exposing the SmartObject API through v1.17.0, SmartObject.save writes an embedded smart object to a path taken verbatim from the PSD file. Because that name is attacker-controlled and unsanitised...

4.6CVSS6.5AI score
Exploits0References7Affected Software1
PyPA
PyPA
added yesterday5 views

Soup Sieve has Memory Exhaustion via Large Comma-Separated Selector Lists

SummaryThe CSS selector parser in soupsieve the CSS selector engine for Beautiful Soup 4 allocates unbounded memory when compiling large comma-separated selector lists. An attacker who can supply a crafted CSS selector string to soupsieve.compile or Beautiful Soup's .select / .selectone can cause...

7.5CVSS6.2AI score
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday4 views

pymonocypher: Potential heap buffer overflow on nb_blocks in argon2i_32 when provided buffer is too small

ImpactThe argon2i32 implementation does not check the nbblocks size. If the caller does not provide a sufficiently large buffer based on the API contract, then argon2i32 will write past the end of the buffer and possibly corrupt the heap. PatchesFixed in 4.0.2.8, which now verifies that nbblocks ...

5.1CVSS6.2AI score
Exploits0References6Affected Software1
PyPA
PyPA
added yesterday4 views

Mistune: Potential DoS via quadratic-time parsing in parse_link_text

SummaryMistune is vulnerable to a CPU exhaustion DoS due to superlinear approximately On² behavior in parselinktext. A relatively small input consisting of repeated characters causes significant parsing slowdown. Affected componentmistune/inlineparser.py → parselinktext DescriptionWhen parsing...

8.7CVSS7AI score0.0035EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added yesterday4 views

pypdf: Possible infinite loop when processing threads/articles in writer

ImpactAn attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with threads/articles into a writer. PatchesThis has been fixed in pypdf==6.13.1. WorkaroundsIf users cannot upgrade yet, consider applying the changes from PR 3839...

6.9CVSS6AI score0.00111EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added yesterday5 views

Rattler vulnerable to package cache path traversal via conda package build string

rattlercache and py-rattler were vulnerable to package-cache path traversal when handling package metadata from conda channels.During cache materialization, the rattercache code used the package record build string as part of a cache key that was joined into a filesystem path. A malicious or...

5.4CVSS6.1AI score0.00033EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday6 views

`lxml_html_clean.Cleaner` does not strip `javascript:` URLs from namespaced URL attributes

lxmlhtmlclean.Cleaner does not strip javascript: URLs from namespaced URL attributes xlink:hrefReporter: Guillem Lefait · Date: 2026-05-10Affected: lxml ≤ 6.1.0 and lxmlhtmlclean ≤ 0.4.4 latest stableConfirmed against: lxml 6.1.0 + lxmlhtmlclean 0.4.4 on Python 3.13.5, 3.14.4, and 3.15.0a8 libxml...

8.2CVSS6.2AI score
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday4 views

Serena: Unauthenticated Flask dashboard on fixed port enables DNS rebinding → memory poisoning → RCE

SummarySerena's built-in web dashboard exposes an unauthenticated Flask API on a fixed, predictable port TCP 24282, hardcoded as 0x5EDA in constants.py. The server has no authentication, no CSRF protection, and no Host header validation. A DNS rebinding attack allows a malicious webpage to reach...

8.3CVSS6.6AI score0.00237EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added yesterday5 views

Open WebUI vulnerable to Stored XSS via iFrame in citations model

SummaryManually modifying chat history allows setting the html property within document metadata. This causes the frontend to enter a code path that treats document contents as HTML, and render them in an iFrame when the citation is previewed. This allows stored XSS via a weaponised document...

7.3CVSS6.2AI score0.00194EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added yesterday5 views

pyLoad: SSRF guard bypass via IPv6 6to4/NAT64 transition wrappers of internal IPs

Summaryisglobaladdress in src/pyload/core/utils/web/check.py is the central guard against SSRF-style outbound connections in pyload-ng. It tests whether a given IP is "globally routable" via Python's ipaddress.ipaddressvalue.isglobal, and callers treat not isglobal as "deny":pythondef...

4.9CVSS6.1AI score
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday7 views

pyLoad: Unbounded Memory Growth Leading to DoS and Potential DDoS in EventManager

Description:The EventManager module in pyload manages a list of Client instances for subscribing to events. The addition of each unique uuid from the getevents API causes the creation of a Client instance that gets appended to the clients list. Although there is a clean method available in the...

6.5CVSS6.1AI score
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday5 views

Open WebUI vulnerable to Stored XSS via iFrame embeds in response messages

SummaryManually modifying chat history allows setting the embeds property on a response message, the content of which is loaded into an iFrame with a sandbox that has allow-scripts and allow-same-origin set, ignoring the "iframe Sandbox Allow Same Origin" configuration. This enables stored XSS on...

7.3CVSS6.3AI score0.00198EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added yesterday3 views

Weblate SSRF: outbound URL guard misses some private ranges

ImpactWeblate's VCSRESTRICTPRIVATE did not properly account for some transitional IPv6 ranges, multicast addresses, or some semi-private IPv4 ranges, which allowed some addresses to bypass private range restrictions. Patches https://github.com/WeblateOrg/weblate/pull/19768 ResourcesThe issue was...

5.9CVSS6.1AI score0.00291EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added yesterday4 views

Open WebUI has Blind Server Side Request Forgery in its Image Edit Functionality

SummaryThere is a blind server side request forgery in the functionality that allows editing an image via a prompt. The affected function will perform a GET request on the URL provided by the user. There is no restriction on the domain of the provided URL allowing the local address space to be...

4.3CVSS6.1AI score0.00227EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added yesterday5 views

ONNX has Null Pointer Dereference in Upsample Version Converter Adapter (Zero Inputs)

SummaryNull pointer dereference SIGSEGV in Upsample67::adaptupsample67 onnx/versionconverter/adapters/upsample67.h:31 when convertversion processes a model with an Upsample node that has zero inputs. The adapter accesses node-inputs0-sizes without checking input count. 107-byte PoC crashes on...

5.5CVSS6.1AI score0.0017EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added yesterday4 views

Open WebUI allows limited stored XSS vila uploaded html file

SummaryLow privileged users can upload HTML files which contain JavaScript code via the /api/v1/files/ backend endpoint. This endpoint returns a file id, which can be used to open the file in the browser and trigger the JavaScript code in the user's browser. Under the default settings, files...

6.4CVSS6.1AI score0.003EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added yesterday5 views

Open WebUI vulnerable to stored XSS via unescaped markdown token in MarkdownTokens.svelte leading to full account takeover and RCE via functions

SummaryA vulnerability in the way certain html tags in chat messages are rendered allows attackers to inject JavaScript code into a chat transcript. The JavaScript code will be executed in the user's browser every time that chat transcript is opened, allowing attackers to retrieve the user's acce...

8.7CVSS6.4AI score0.00449EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added yesterday4 views

aiosmtplib vulnerable to SMTP command injection via CR/LF in sender/recipient address

Summaryaiosmtplib's SMTP.mail, SMTP.rcpt, SMTP.vrfy and SMTP.expn send the caller-supplied email address to the server without rejecting embedded CR/LF \r\n bytes. An address that contains a CR/LF is written verbatim onto the SMTP control connection, so the bytes after the CRLF are framed by the...

6.9CVSS6.2AI score
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday5 views

Langroid: handle_message() executes user-supplied tool JSON without sender verification

SummaryA Langroid application exposing a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads, even when tools are registered with use=False, handle=True. Detailsenablemessage..., use=False, handle=True only prevents the LLM from being instructed to generate th...

8.1CVSS6.1AI score0.00392EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday3 views

Linuxfabrik Monitoring Plugins have local privilege escalation using embedded command

SummaryWhen a check plugin places user provided input inside a command which is passed to shellexec, an attacker can abuse this to run arbitrary commands. This is mainly dangerous for plugins which are listed in the sudoers file, because this allows an attacker controlling the nagios user to get...

7.8CVSS6.3AI score
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday4 views

Langroid: Neo4jChatAgent executes LLM-generated Cypher without validation (prompt-to-Cypher injection; config-conditional RCE), mirroring the SQLChatAgent bug fixed in CVE-2026-25879

Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validation, no statement-type allowlist, and no opt-out gate. The query text is influenceable by prompt injection direct user input or indirect content the agent reads back via RAG, so an attacker who can...

9.8CVSS6.1AI score0.00461EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday3 views

Langroid: SQLChatAgent dangerous-function blocklist can be bypassed with quoted or schema-qualified pg_read_file calls

SQLChatAgent validatequery dangerous-pattern regex is bypassable via quoted/commented/qualified function names SummaryThe SQLChatAgent SQL-injection mitigation, with default allowdangerousoperations=False, combines a raw-text regex blocklist DANGEROUSSQLPATTERNS with a sqlglot SELECT-only stateme...

9.3CVSS6.2AI score0.00646EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday5 views

flyto-core has Unauthenticated Command Execution via HTTP MCP `execute_module`

Unauthenticated Command Execution via HTTP MCP executemodule SummaryThe HTTP MCP endpoint POST /mcp in flyto-core accepts unauthenticated JSON-RPC tools/call requests and dispatches them to arbitrary registered modules, including sandbox.executeshell, which passes attacker-controlled input direct...

8.4CVSS6.5AI score
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday5 views

Linuxfabrik Monitoring Plugins allow insecure creation of SQLite databases

SummaryThe SQLite databases are created at predictable static paths in /tmp. Any user can therefore create a symlink at these paths in /tmp pointing to arbitrary files. The monitoring scripts then follows these symlinks and then creates their database at the symlink target.This becomes really...

5.1CVSS6.3AI score
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday5 views

WeasyPrint has CSS Injection via Presentational Hints

SummaryA CSS injection issue exists in WeasyPrint when HTML presentational hints are enabled. Unescaped attribute values are embedded into CSS, allowing injection of arbitrary CSS declarations. This affects applications processing untrusted HTML input. DetailsFile: weasyprint/css/init.pyThe...

6.5CVSS6.2AI score
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday4 views

Kiwi TCMS has an Open Redirect via unvalidated next parameter in account confirmation endpoint

SummaryAn open redirect vulnerability in the account confirmation endpoint allows an unauthenticated attacker to craft a URL hosted on a legitimate Kiwi TCMS instance that redirects victims to an arbitrary external domain. The attack surface is particularly relevant for phishing campaigns targeti...

6.1CVSS6.2AI score
Exploits0References7Affected Software1
PyPA
PyPA
added yesterday4 views

Kiwi TCMS vulnerable to stored XSS via JavaScript: URI in extra_link field (TestPlan & TestCase)

SummaryIn Kiwi TCMS the fields TestCase.extralink and TestPlan.extralink were meant to represent URLs to external resources however in versions prior to 16.1 user input was not being sanitized and values were rendered verbatim which represents an opportunity for cross-site scripting exploitation...

6AI score
Exploits0References7Affected Software1
PyPA
PyPA
added yesterday5 views

Langroid: Sandbox Escape to Remote Code Execution via Incomplete `eval()` Mitigation in TableChatAgent

Advisory DetailsTitle: Sandbox Escape to Remote Code Execution via Incomplete eval Mitigation in TableChatAgentDescription: SummaryLangroid is vulnerable to a critical Sandbox Escape leading to Remote Code Execution RCE in its TableChatAgent and VectorStore capabilities. When these agents evaluat...

10CVSS6.4AI score0.00912EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday5 views

flyto-core has SSRF guard bypass via IPv6 transition addresses (IPv4-mapped / 6to4 / NAT64) in validate_url_ssrf

Summaryflyto-core's SSRF protection validateurlssrf / isprivateip in src/core/utils.py blocks private and metadata destinations by resolving the host and testing the resulting IP for membership in a hardcoded PRIVATEIPRANGES list. That list contains only the native RFC 1918 / loopback / link-loca...

7.1CVSS6.2AI score
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday4 views

joserfc: HS256/HS384/HS512 verify accepts empty/nil HMAC key (cross-language sibling of CVE-2026-45363)

Summaryjoserfc.jwt.decode accepts attacker-forged HMAC-signed tokens when thecaller-supplied verification key is the empty string or None.HMACAlgorithm.sign and HMACAlgorithm.verify insrc/joserfc/rfc7518/jwsalgs.py:62-70 feed whateverOctKey.getopkey... produced into hmac.new..., and...

8.7CVSS6.1AI score
Exploits0References7Affected Software1
PyPA
PyPA
added yesterday4 views

Langroid: SQLChatAgent _validate_query blocklist misses pg_read_file family enabling arbitrary file read

SummarySQLChatAgent in langroid ships a validatequery defense-in-depth layerwhose DANGEROUSSQLPATTERNS regex blocklist enumerates dangerous SQLprimitives by specific function name. The list misses the canonicalPostgreSQL filesystem-disclosure family pgreadfile, pgstatfile,pglslogdir, pglswaldir,...

8.7CVSS6.3AI score0.00686EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added yesterday5 views

Dulwich's submodule path traversal in porcelain.submodule_update / porcelain.clone(recurse_submodules=True) yields RCE via attacker-dropped .git/hooks payload

Summarydulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted upstream repository without path validation. A malicious .gitmodules plus a matching tree gitlink whose path is .git/hooks or any...

7.5CVSS6.5AI score0.00448EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added yesterday7 views

fast-mcp-telegram: Bearer token path traversal bypasses reserved Telegram session protection

Summaryfast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. The verifier rejects the exact reserved token telegram, but it does not reject path separators or normalize the path before checking whether the session file exists. A remote HTTP clien...

9.4CVSS6.3AI score0.00423EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday5 views

Open Babel has out-of-bounds write in MOPAC translationVectors[] (UNIT CELL TRANSLATION)

SummaryA memory-safety vulnerability in Open Babel's MOPAC output parserallowed an out-of-bounds write into the translationVectors arraywhen reading the "UNIT CELL TRANSLATION" block of a crafted inputfile. DetailsThe MOPAC output reader stored translation vectors from the UNIT CELLTRANSLATION...

9.8CVSS6.7AI score0.00816EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added yesterday5 views

Kiwi TCMS's /init-db/ page renders and responds to requests after first use

Kiwi TCMS provides the /init-db/ page as part of its setup mechanism for administrators who prefer a browser instead of the command line. In previous versions of Kiwi TCMS this page still renders and responds to requests even after first use. ImpactThe /init-db/ page does not require any user...

6.9CVSS6AI score0.00048EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday4 views

Linuxfabrik Monitoring Plugins: Sudoers may be able to obtain privilege escalation via /usr/bin/apt-get arguments

SummaryIn the Debian.sudoers file, apt-get is allowed for the nagios user. The full command including the arguments are not enforced and can therefore be choosen arbitrarily. This allows to easily get a root shell as the nagios user: PoCBy choosing a particular argument, you can get as a nagios...

8.4CVSS6.1AI score
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday4 views

Recce server has unauthenticated SQL execution that allows local file read/write through DuckDB

ImpactRecce OSS server deployments that expose the server to an untrusted network without authentication are vulnerable to unauthenticated SQL execution through the query run API.When Recce is configured with a DuckDB-backed project, an attacker can use DuckDB filesystem primitives to read and...

7.8CVSS6.1AI score
Exploits0References6Affected Software1
PyPA
PyPA
added yesterday3 views

Langroid: Path traversal in the file tools allows read/write outside configured current directory

SummaryLangroid's ReadFileTool and WriteFileTool appear to treat currdir as the intended working-directory boundary for file operations. However, the tools only change the process working directory to currdir and then operate on the user-supplied filepath without resolving and enforcing that the...

7.1CVSS6.1AI score0.00184EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added yesterday8 views

Open Babel has out-of-bounds write in ORCA nAtoms parser (second variant)

SummaryA memory-safety vulnerability in Open Babel's ORCA parser allowed anout-of-bounds write when reading a crafted input file. DetailsA second variant of the nAtoms out-of-bounds write in the ORCAreader: a different malformed-input path produced the same class ofwrite past the end of the...

9.8CVSS6.7AI score0.00816EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added yesterday4 views

Open Babel has out-of-bounds write in MSI translationVectors[]

SummaryA memory-safety vulnerability in Open Babel's MSI parser allowed anout-of-bounds write into the translationVectors array whenreading a crafted input file. DetailsThe MSI reader stored cell translation vectors into a fixed-sizetranslationVectors array. A malformed input could push morevecto...

9.8CVSS6.7AI score0.00863EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added yesterday5 views

Open Babel has out-of-bounds write in Gaussian translationVectors[]

SummaryA memory-safety vulnerability in Open Babel's Gaussian output parserallowed an out-of-bounds write into the translationVectors arraywhen reading a crafted input file. DetailsThe Gaussian reader stored periodic-cell translation vectors into afixed-size translationVectors array. A malformed...

9.8CVSS6.6AI score0.00816EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added yesterday5 views

Open Babel has out-of-bounds write in ORCA nAtoms parser

SummaryA memory-safety vulnerability in Open Babel's ORCA parser allowed anout-of-bounds write when reading a crafted input file. DetailsThe flaw was in the nAtoms handling of the ORCA reader. A malformedinput caused the parser to write past the end of its destinationbuffer. ImpactOpen Babel is a...

9.8CVSS6.7AI score0.00816EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added yesterday5 views

Open Babel has out-of-bounds write in MOPAC translationVectors[] (FINAL POINT)

SummaryA memory-safety vulnerability in Open Babel's MOPAC output parserallowed an out-of-bounds write into the translationVectors arraywhen reading the "FINAL POINT" block of a crafted input file. DetailsThe MOPAC output reader stored translation vectors from the FINALPOINT block into a fixed-si...

9.8CVSS7AI score0.00863EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added yesterday5 views

Open Babel has out-of-bounds write in MOL2 attribute/value parser

SummaryA memory-safety vulnerability in Open Babel's MOL2 parser allowed anout-of-bounds write when reading a crafted input file. DetailsThe flaw was in the attribute/value parsing path of the MOL2 reader.An over-long attribute or value caused the parser to write past theend of a fixed-size...

8.1CVSS6.7AI score0.00796EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added yesterday5 views

Open Babel has uninitialized pointer dereference in PQS pFormat

SummaryA memory-safety vulnerability in Open Babel's PQS parser caused anuninitialized pointer dereference when reading a crafted input file. DetailsThe flaw was in the pFormat handling of the PQS reader. A malformedinput caused the parser to dereference a format pointer that hadnever been...

9.8CVSS6.4AI score0.00843EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added yesterday4 views

Open Babel has out-of-bounds write in MOPAC IN translationVectors[] (Tv atom)

SummaryA memory-safety vulnerability in Open Babel's MOPAC input parserallowed an out-of-bounds write into the translationVectors arraywhen reading Tv translation-vector atoms from a crafted inputfile. DetailsThe MOPAC IN reader stored Tv-atom translation vectors into afixed-size translationVecto...

9.8CVSS6.7AI score0.00863EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added yesterday4 views

Open Babel has out-of-bounds write in PQS coord_file parser

SummaryA memory-safety vulnerability in Open Babel's PQS parser allowed anout-of-bounds write when reading a crafted input file. DetailsThe flaw was in the coordfile parsing path of the PQS reader. Amalformed coord file specifier caused the parser to write past theend of its destination buffer...

9.8CVSS6.7AI score0.00843EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added yesterday4 views

Open Babel has uninitialized pointer dereference in MSI atom parser

SummaryA memory-safety vulnerability in Open Babel's MSI parser caused anuninitialized pointer dereference when reading a crafted input file. DetailsThe flaw was in the atom handling of the MSI reader. A malformedrecord caused the parser to dereference an atom pointer that hadnever been...

9.8CVSS6.6AI score0.00816EPSS
Exploits1References8Affected Software1
Total number of security vulnerabilities7035