Lucene search
K

7035 matches found

PyPA
PyPA
added yesterday5 views

mcp-memory-service: Missing Authentication on Document API Endpoints Allows Unauthenticated Memory Read/Write/Delete

Missing Authentication on Document API Endpoints Allows Unauthenticated Memory Read/Write/Delete SummaryAll HTTP routes under /api/documents/ in mcp-memory-service are served without any authentication dependency, even when the server is configured with an API key MCPAPIKEY or OAuth. An...

9.8CVSS6.2AI score
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday5 views

Cortex has Untrusted Project Bootstrap Code Execution via `CLAUDE_PROJECT_DIR`

Untrusted Project Bootstrap Code Execution via CLAUDEPROJECTDIR SummaryThe Cortex MCP server neuro-cortex-memory treats the CLAUDEPROJECTDIR environment variable — automatically set by Claude Code to the currently open project directory — as a trusted Cortex developer checkout. When the...

8.5CVSS6.7AI score
Exploits0References6Affected Software1
PyPA
PyPA
added yesterday7 views

Open Babel has out-of-bounds write in ORCA nAtoms parser (second variant)

SummaryA memory-safety vulnerability in Open Babel's ORCA parser allowed anout-of-bounds write when reading a crafted input file. DetailsA second variant of the nAtoms out-of-bounds write in the ORCAreader: a different malformed-input path produced the same class ofwrite past the end of the...

9.8CVSS6.7AI score0.00816EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added yesterday3 views

Open Babel has heap buffer overflow in SMILES OBSmilesParser::ParseSmiles

SummaryA memory-safety vulnerability in Open Babel's SMILES parser caused aheap buffer overflow when reading a crafted input string. DetailsThe flaw was in OBSmilesParser::ParseSmiles. A malformed SMILESinput caused the parser to write past the end of a heap-allocatedbuffer. ImpactOpen Babel is a...

7.8CVSS6.5AI score0.00224EPSS
Exploits1References12Affected Software1
PyPA
PyPA
added yesterday4 views

Open Babel has out-of-bounds write in Gaussian coords_type orientation parser

SummaryA memory-safety vulnerability in Open Babel's Gaussian output parserallowed an out-of-bounds write when reading a crafted input file. DetailsThe flaw was in the coordstype orientation parser inside theGaussian output reader. A malformed orientation block caused theparser to write past the...

7.8CVSS6.6AI score0.00704EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added yesterday4 views

Open Babel has NULL pointer dereference in CACAO CacaoFormat::SetHilderbrandt

SummaryA memory-safety vulnerability in Open Babel's CACAO parser caused aNULL pointer dereference when reading a crafted input file. DetailsThe flaw was in CacaoFormat::SetHilderbrandt. A malformed inputcaused the parser to dereference a NULL pointer while applying theHilderbrandt transformation...

5.5CVSS6.1AI score0.00188EPSS
Exploits1References11Affected Software1
PyPA
PyPA
added yesterday3 views

Open Babel has an out-of-bounds read in CIF transform3d::DescribeAsString

Summary A memory-safety vulnerability in Open Babel's CIF file format parser allowed an out-of-bounds read when reading a crafted input file. Details The flaw was in OpenBabel::transform3d::DescribeAsString. A malformed symmetry-operation string caused the parser to read past the end of its...

8.1CVSS6.1AI score0.00759EPSS
Exploits1References16Affected Software1
PyPA
PyPA
added yesterday3 views

mcp-memory-service: OAuth read-only clients can write and delete memories through MCP tools/call

SummaryThe HTTP MCP JSON-RPC endpoint at /mcp requires only OAuth read scope for all requests, then dispatches tools/call directly to handlers that include mutating tools. A read-only OAuth client can call storememory and deletememory through MCP even though the corresponding REST endpoints requi...

8.1CVSS6.1AI score0.00264EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added yesterday3 views

Open Babel has out-of-bounds write (overlapping memcpy) in zipstream basic_unzip_streambuf::underflow

SummaryA memory-safety vulnerability in Open Babel's bundled zipstreamdecompression code caused an out-of-bounds write via overlappingmemcpy when reading a crafted gzip-compressed chemistry file. DetailsThe flaw was in basicunzipstreambuf::underflow. The decompressionbuffer refill path invoked...

7.8CVSS6.5AI score0.00202EPSS
Exploits1References12Affected Software1
PyPA
PyPA
added yesterday4 views

Open Babel has NULL pointer dereference in MOL2 OBAtom::SetFormalCharge

SummaryA memory-safety vulnerability in Open Babel's MOL2 file format parsercaused a NULL pointer dereference when reading a crafted input file. DetailsThe flaw was in OBAtom::SetFormalCharge as called from the MOL2parser. A malformed atom record caused the parser to call the methodon a NULL atom...

8.1CVSS6.3AI score0.007EPSS
Exploits1References12Affected Software1
PyPA
PyPA
added yesterday4 views

Open Babel has NULL pointer dereference in ChemKinFormat::ReadReactionQualifierLines

SummaryA memory-safety vulnerability in Open Babel's ChemKin parser causeda NULL pointer dereference when reading a crafted input file. DetailsThe flaw was in ChemKinFormat::ReadReactionQualifierLines. Amalformed reaction qualifier record caused the parser to dereferencea NULL pointer. ImpactOpen...

5.5CVSS6.1AI score0.00187EPSS
Exploits1References11Affected Software1
PyPA
PyPA
added yesterday3 views

Open Babel has out-of-bounds read in PQS lowerit (pre-buffer read)

SummaryA memory-safety vulnerability in Open Babel's PQS parser caused anout-of-bounds pre-buffer read when reading a crafted input file. DetailsThe flaw was in the lowerit helper used by the PQS parser. Amalformed input caused the helper to read one or more bytes beforethe start of its input...

5.5CVSS6.1AI score0.00189EPSS
Exploits1References11Affected Software1
PyPA
PyPA
added yesterday4 views

Open Babel has a NULL pointer dereference in CDXML OBAtom::GetExplicitValence

SummaryA memory-safety vulnerability in Open Babel's CDXML file format parsercaused a NULL pointer dereference when reading a crafted input file. DetailsThe flaw was in OBAtom::GetExplicitValence as called from the CDXMLparser. A malformed fragment caused the parser to invoke the methodon a NULL...

6.5CVSS6.1AI score0.00394EPSS
Exploits1References12Affected Software1
PyPA
PyPA
added yesterday3 views

Open Babel has out-of-bounds write in CSR PadString (title field)

SummaryA memory-safety vulnerability in Open Babel's CSR parser allowed anout-of-bounds write when reading a crafted input file. DetailsThe flaw was in the PadString helper used to handle the CSR titlefield. A title longer than the fixed destination buffer caused theparser to write past the end o...

9.8CVSS6.7AI score0.00816EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added yesterday3 views

Open Babel has heap buffer overflow in ChemKin ChemKinFormat::CheckSpecies

SummaryA memory-safety vulnerability in Open Babel's ChemKin parser causeda heap buffer overflow when reading a crafted input file. DetailsThe flaw was in ChemKinFormat::CheckSpecies. A malformed speciesrecord caused the parser to write past the end of a heap-allocatedbuffer. ImpactOpen Babel is ...

7.8CVSS6.5AI score0.00224EPSS
Exploits1References10Affected Software1
PyPA
PyPA
added yesterday4 views

Open Babel has Use-after-free in GAMESS GAMESSOutputFormat::ReadMolecule

SummaryA memory-safety vulnerability in Open Babel's GAMESS output parsercaused a use-after-free when reading a crafted input file. DetailsThe flaw was in GAMESSOutputFormat::ReadMolecule. A malformed inputcaused the parser to dereference a stale pointer after the underlyingobject had been freed...

7.8CVSS6.4AI score0.00196EPSS
Exploits1References11Affected Software1
PyPA
PyPA
added yesterday3 views

Lemur has an authorization bypass in StrictRolePermission / AuthorityCreatorPermission

SummaryStrictRolePermission and AuthorityCreatorPermission in lemur/auth/permissions.py call flaskprincipal.Permission.init with zero Needs when their config flags are unset. Both flags defaulted to False in code prior to the fix, so this was the state of any Lemur install that hadn't explicitly...

8.8CVSS6.3AI score0.00035EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday2 views

python-socketio: Binary attachment accumulation can cause denial of service

ImpactThe python-socketio server stores binary EVENT and ACK messages in memory while it waits to receive their binary attachments. Once all the attachments are received, these messages are then processed. An attacker can submit a binary message and intentionally omit sending one or more of its...

7.5CVSS6.1AI score
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday2 views

Lemur Privilege Escalation: Non-admin role members can rewrite role membership via PUT /api/1/roles/<id>

Summary The PUT /api/1/roles/ handler in lemur/roles/views.py gates only on RoleMemberPermissionroleid.can, which is satisfied for any user who is already a member of the target role. The handler then passes data"users" and data"name" directly to service.update, permitting any role member to...

6.3CVSS6.2AI score
Exploits0References6Affected Software1
PyPA
PyPA
added yesterday2 views

joserfc: b64=false RFC7797 JWS payloads bypass JWSRegistry payload-size limits during deserialization

RFC7797 b64=false JWS payloads bypass JWSRegistry payload-size limits during deserialization SummaryTesting revealed that joserfc accepts oversized RFC7797 b64=false JWS payloads without applying JWSRegistry.maxpayloadlength.The normal JWS compact and flattened JSON paths reject payloads above th...

5.3CVSS6AI score0.00163EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added yesterday2 views

python-engineio has unbound thread allocation that can cause denial of service

ImpactAn attacker can cause the creation of unnecessary background threads in the python-engineio server by exploiting the heartbeat mechanism, which launches a thread when a new connection is received, and when the client sends a PONG packet.Note: this issue primarily affects synchronous servers...

7.5CVSS6.1AI score
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday2 views

Flawfinder output manipulation via untrusted filenames and source text

ImpactThis vulnerability is an improper input neutralization issue leading to output manipulation, specifically, Terminal/ANSI Escape Sequence Injection and XML Injection: Terminal Output Spoofing: A malicious file whose name contains ANSI escape sequences can end up being included in flawfinder'...

6.1AI score
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday4 views

pydantic-ai: SSRF blocklist bypass via IPv4-compatible, SIIT/IVI, and local NAT64 IPv6 addresses (incomplete fix of CVE-2026-46678)

SummaryWhen an application using Pydantic AI opts a URL into forcedownload='allow-local' which disables the default block on private/internal IPs and runs on a network that routes the affected IPv6 transition forms NAT64- or ISATAP-configured networks, the cloud-metadata blocklist could be bypass...

6.8CVSS6.1AI score0.00332EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added yesterday3 views

Lemur: Crafted CRL/OCSP URLs in uploaded certificates lead to post-authentication SSRF

Summary When verifying an uploaded certificate, lemur/certificates/verify.py extracts the CRL Distribution Point URL and the OCSP responder URL directly from the certificate's extensions and issues outbound requests to those URLs without scheme restriction or destination allow-listing. An...

6.3CVSS6.2AI score
Exploits0References6Affected Software1
PyPA
PyPA
added yesterday4 views

Lemur user-update path stores plaintext passwords

Summarylemur.users.service.update writes a user's new password as plaintext to the users.password column. The User model wires bcrypt hashing to SQLAlchemy's beforeinsert event but registers no equivalent listener for beforeupdate, and service.update does not call user.hashpassword after assignin...

4.9CVSS6AI score
Exploits0References6Affected Software1
PyPA
PyPA
added yesterday4 views

pydantic-ai: SSRF blocklist bypass via IPv4-compatible, SIIT/IVI, and local NAT64 IPv6 addresses (incomplete fix of CVE-2026-46678)

SummaryWhen an application using Pydantic AI opts a URL into forcedownload='allow-local' which disables the default block on private/internal IPs and runs on a network that routes the affected IPv6 transition forms NAT64- or ISATAP-configured networks, the cloud-metadata blocklist could be bypass...

6.8CVSS6.1AI score0.00332EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added yesterday5 views

Lemur: JWT verifier honors attacker-supplied alg, enabling ATO

Lemur 1.9.0: JWT verifier trusts attacker-supplied alg from token header — defense-in-depth gap; chain-dependent ATO with secret disclosure Vulnerability Summary Field | Value-- | --Title | Lemur 1.9.0: JWT verifier trusts attacker-supplied alg from token header — defense-in-depth gap;...

4.8CVSS6AI score
Exploits0References6Affected Software1
PyPA
PyPA
added yesterday3 views

python-engineio has possible denial of service due to maximum payload size sometimes not being enforced

ImpactThere are two specific configurations of the python-engineio server in which the size of incoming messages is not checked before the messages are loaded into memory. An attacker can take advantage of these to cause unnecessary memory allocations in the python-engineio server. The two cases...

7.5CVSS6.1AI score
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday5 views

motionEye's missing authentication on ActionHandler allows unauthenticated camera action execution

SummaryThe ActionHandler.post method in motionEye has no authentication decorator, allowing any unauthenticated attacker to trigger camera actions including snapshots, recording start/stop, and configured action scripts PTZ controls, alarm triggers, etc.. Vulnerability DetailsFile:...

5.3CVSS6.1AI score
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday6 views

OctoPrint has possible file exfiltration via query parameters on upload endpoints

ImpactOctoPrint versions up until and including 1.11.7 as well as 2.0.0rc1 and 2.0.0rc2 contain a vulnerability that allows an attacker with the FILEUPLOAD permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the upload folder where they then can be...

7CVSS6.1AI score
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday4 views

OctoPrint has XSS in its Suppressed Command Notifications

ImpactOctoPrint versions up to and including 1.11.7 as well as 2.0.0rc1 and 2.0.0rc2 are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Suppressed Command notifications popups generated by the printer.An attacker who successfully convinces a victim to prin...

4.6CVSS6AI score
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday3 views

Glances has arbitrary file write and command execution via `secure_popen` redirection and chaining operators in AMP command configuration

SummaryThe securepopen function in glances/secure.py interprets file redirection, | pipe, and && command chaining operators in command strings. These operators are applied without any validation on the target file path, piped command, or chained command.When Application Monitoring Process AMP...

7.8CVSS6.4AI score0.00184EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added yesterday4 views

LangGraph Checkpoint: Unsafe JSON deserialization in checkpoint loading

SummaryLangGraph's JsonPlusSerializer can reconstruct Python objects from JSON checkpoint payloads. Under conditions where someone could modify checkpoint bytes at rest in the backing store, the deserialization path could reconstruct objects beyond what the application expects, which could in tur...

6.8CVSS6.5AI score0.00232EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday4 views

amazon-braket-sdk vulnerable to Insecure Deserialization via pickle.loads()

SummaryAmazon Braket SDK is an open-source Python library for interacting with the Amazon Braket quantum computing service, including managing hybrid quantum jobs and retrieving job results. An issue exists where, under certain circumstances, a remote authenticated user with S3 write access to a...

7.5CVSS6.6AI score0.0038EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added yesterday4 views

zeroconf: Unvalidated rdlength in record payload readers allows LAN-local cache corruption via crafted mDNS packet

Impactreadcharacterstring and readstring in src/zeroconf/protocol/incoming.py sliced self.dataself.offset : self.offset + length and advanced self.offset by the declared length without checking it against self.datalen. Python's slice silently returns fewer bytes when the end index runs past the...

7.1CVSS6.1AI score
Exploits0References7Affected Software1
PyPA
PyPA
added yesterday6 views

motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read

SummarymEye contains an absolute path traversal vulnerability in multiple media file handlers that allows an attacker to read arbitrary files from the filesystem.The affected handlers accept a user-controlled filename parameter and construct filesystem paths using os.path.join. When an absolute...

8.7CVSS6.2AI score0.00623EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added yesterday3 views

LangGraph SDK has unsafe URL path construction

Summarylanggraph-sdk constructs HTTP request paths for resource operations by interpolating caller-supplied identifier values into URL templates. Without sanitization of those values, identifiers that contain characters with special meaning in URL paths could cause the resulting request to addres...

9.1CVSS6AI score0.00216EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added yesterday4 views

Glances has Insecure Pickle Deserialization in its Version Cache that Leads to Arbitrary Code Execution

Summaryglances/outdated.py uses pickle.load to read a version-check cache file stored at a predictable, world-accessible path /.cache/glances/glances-version.db or $XDGCACHEHOME/glances/glances-version.db. No integrity check, signature verification, or format validation is performed before...

7.8CVSS6.5AI score0.00303EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added yesterday4 views

ComfyUI-Manager has an Unprotected Alternate Channel (CWE-420)

ImpactAn Unprotected Alternate Channel CWE-420 vulnerability was discovered in ComfyUI-Manager versions prior to 3.38. Vulnerability DetailsIn affected versions, ComfyUI-Manager stored its configuration in the user/default/ComfyUI-Manager/ directory, which was accessible via ComfyUI's web APIs...

7.5CVSS7.1AI score0.01361EPSS
Exploits3References7Affected Software1
PyPA
PyPA
added yesterday3 views

motionEye has an Arbitrary File Read via Path Traversal in Picture/Movie Preview Endpoint

SummarymotionEye v0.43.1 latest stable is vulnerable to path traversal in the picture and movie API endpoints, like /picture/id/preview/filename. Neither the API handlers, nor the mediafiles.py functions like getmediapreview check for .. sequences in the filename parameter, except getmediacontent...

6.5CVSS6.1AI score0.00418EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday4 views

dbt MCP Server: Unauthenticated OAuth Context Endpoint Leaks dbt Platform Tokens

Unauthenticated OAuth Context Endpoint Leaks dbt Platform Tokens SummaryThe local OAuth helper FastAPI server bundled with dbt-mcp exposes the GET /dbtplatformcontext endpoint without any form of authentication or host-origin validation. After a user completes the OAuth login flow against dbt Clo...

6.8CVSS6.3AI score
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday4 views

Glances: XML-RPC Server Missing Host Header Validation Enables DNS Rebinding Attack

SummaryThe Glances XML-RPC server glances -s, implemented in glances/server.py does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. CVE-2026-32632 patched in 4.5.2 added TrustedHostMiddleware to the REST/WebUI server; the MCP server has had equivalent protection...

5.3CVSS6.2AI score0.00156EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added yesterday3 views

py7zr: O(n^2) algorithmic complexity DoS in PackInfo._read()

SummaryPackInfo.read uses an On^2 cumulative sum pattern where numstreams is read directly from the archive header. A crafted .7z archive with a large numstreams value causes excessive CPU consumption during SevenZipFile.init — no extraction is needed. A 50 KB archive takes 7 seconds of CPU time...

8.7CVSS6.2AI score0.00321EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added yesterday6 views

motionEye's World-Readable Configuration File Exposes Admin Password Hash

Security Advisory: World-Readable Configuration File Exposes Admin Password Hash in motionEye SummarymotionEye v0.43.1 and prior versions create the configuration file /etc/motioneye/motion.conf with 644 permissions -rw-r--r--, making it readable by any local user on the system. This file contain...

7.2CVSS6AI score0.18993EPSS
Exploits17References5Affected Software1
PyPA
PyPA
added yesterday4 views

Glances: XML-RPC Multi-Origin CORS Configuration Silently Falls Back to Wildcard (Incomplete Fix for CVE-2026-33533)

SummaryThe Glances XML-RPC server glances -s introduced a configurable CORS origin list in version 4.5.3 as a mitigation for CVE 2026-33533. However, the implementation silently falls back to Access-Control-Allow-Origin: whenever corsorigins contains more than one entry. An operator who configure...

7.4CVSS6.1AI score0.00409EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added yesterday3 views

py7zr: Decompression bomb (zip bomb) denial of service via unchecked extraction size

py7zr's Worker.decompress extracts archive entries without tracking total decompressed size. A crafted .7z file can exhaust disk or memory before the extraction completes.Measured: 15.6 KB archive → 100 MB output 6,556:1 ratio.Proof of concept:pythonimport py7zr, tempfile, os create bomb: compres...

8.7CVSS6.1AI score0.00321EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added yesterday4 views

Glances is Vulnerable to Command Injection via KVM/QEMU VM Domain Names in glances/plugins/vms/engines/virsh.py

SummaryThe Glances KVM/QEMU monitoring engine glances/plugins/vms/engines/virsh.py passes VM domain names, read directly from virsh list --all output, into f-string command templates that are processed by securepopen. securepopen is explicitly designed to interpret &&, |, and as shell operators...

7.8CVSS6.5AI score0.00213EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added yesterday3 views

jupyterlab-git extension: Stored XSS leading to RCE

OverviewAmazon Web Services AWS Security has identified a stored cross-site scripting XSS issue in the jupyterlab-git JupyterLab extension that can lead to remote code execution RCE. The issue exists in thePlainTextDiff.ts component, where the createHeader method passes Git filenames directly to...

9.3CVSS6.6AI score0.00284EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added yesterday3 views

Stanza: Remote Code Execution via Unsafe Pickle Deserialization in Model Loaders

SummaryStanza 1.12.0 attempts to safely load PyTorch checkpoint files using torch.load..., weightsonly=True, but automatically falls back to the fully unsafe torch.load..., weightsonly=False when the safe load raises pickle.UnpicklingError. Because the UnpicklingError condition is fully...

7.5CVSS6.5AI score0.00302EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added yesterday4 views

Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK install_packages()

SummaryThe AWS Bedrock AgentCore Python SDK bedrock-agentcore is an open-source SDK that enables developers to build, deploy, and manage agents on AWS Bedrock AgentCore. An issue exists in the installpackages method of the Code Interpreter client where crafted package name arguments can bypass...

8.4CVSS6.4AI score0.00302EPSS
Exploits0References7Affected Software1
Total number of security vulnerabilities7035