7035 matches found
Weblate command-line client susceptible to SSL verification skip
ImpactThe SSL verification would be skipped for some crafted URLs. Patches https://github.com/WeblateOrg/wlc/pull/1097 WorkaroundsAvoid using untrusted wlc configurations, as that might cause insecure connections. ReferencesThis issue was reported to us by wh1zee via HackerOne...
pypdf has possible long runtimes for missing /Root object with large /Size values
ImpactAn attacker who exploits this vulnerability can craft a PDF which leads to possibly long runtimes for actually invalid files. This can be achieved by omitting the /Root entry in the trailer, while using a rather large /Size value. Only the non-strict reading mode is affected. PatchesThis ha...
NiceGUI apps are vulnerable to XSS which uses `ui.sub_pages` and render arbitrary user-provided links
SummaryAn unsafe implementation in the click event listener used by ui.subpages, combined with attacker-controlled link rendering on the page, causes an XSS when the user actively clicks on the link. Details1. On click, eventually subpagesnavigate event is...
pypdf has possible long runtimes for malformed startxref
ImpactAn attacker who exploits this vulnerability can craft a PDF which leads to possibly long runtimes for invalid startxref entries. When rebuilding the cross-reference table, PDF files with lots of whitespace characters become problematic. Only the non-strict reading mode is affected...
Fickling has Static Analysis Bypass via Incomplete Dangerous Module Blocklist
Fickling's assessmentctypes, importlib, runpy, code and multiprocessing were added the list of unsafe imports https://github.com/trailofbits/fickling/commit/9a2b3f89bd0598b528d62c10a64c1986fcb09f66, https://github.com/trailofbits/fickling/commit/eb299b453342f1931c787bcb3bc33f3a03a173f9,...
NiceGUI is vulnerable to XSS via Unescaped URL in ui.navigate.history.push() / replace()
SummaryXSS risk exists in NiceGUI when developers pass attacker-controlled strings into ui.navigate.history.push or ui.navigate.history.replace. These helpers are documented as History API wrappers for updating the browser URL without page reload. However, if the URL argument is embedded into...
Fickling Blocklist Bypass: cProfile.run()
Fickling's assessmentcProfile was added to the list of unsafe imports https://github.com/trailofbits/fickling/commit/dc8ae12966edee27a78fe05c5745171a2b138d43. Original report Description SummaryFickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because of...
AcademySoftwareFoundation OpenColorIO has an out-of-bounds vulnerability
A vulnerability was found in AcademySoftwareFoundation OpenColorIO up to 2.5.0. This issue affects the function ConvertToRegularExpression of the file src/OpenColorIO/FileRules.cpp. Performing a manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has...
NiceGUI has Redis connection leak via tab storage causes service degradation
SummaryAn unauthenticated attacker can exhaust Redis connections by repeatedly opening and closing browser tabs on any NiceGUI application using Redis-backed storage. Connections are never released, leading to service degradation when Redis hits its connection limit.NiceGUI continues accepting ne...
Werkzeug safe_join() allows Windows special device names with compound extensions
Werkzeug's safejoin function allows path segments with Windows device names that have file extensions or trailing spaces. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every directory. Windows still accepts them with any file extensio...
Fickling vulnerable to use of ctypes and pydoc gadget chain to bypass detection
Fickling's assessmentpydoc and ctypes were added to the list of unsafe imports https://github.com/trailofbits/fickling/commit/b793563e60a5e039c5837b09d7f4f6b92e6040d1. Original report SummaryBoth ctypes and pydoc modules arent explictly blocked. Even other existing pickle scanning tools like...
Authlib has 1-click Account Takeover vulnerability
Security Advisory: Cache-Backed State Storage CSRF in AuthlibThe Security Labs team at Snyk has reported a security issue affecting Authlib, identified during a recent research project.The Snyk Security Labs team has identified a vulnerability that can result in a one-click account takeover in...
NiceGUI apps which use `ui.sub_pages` vulnerable to zero-click XSS
SummaryAn unsafe implementation in the pushstate event listener used by ui.subpages allows an attacker to manipulate the fragment identifier of the URL, which they can do despite being cross-site, using an iframe. DetailsThe problem is traced as follows:1. On pushstate, handleStateEvent is...
LIEF is vulnerable to segmentation fault
A security flaw has been discovered in lief-project LIEF up to 0.17.1. Affected by this issue is the function Parser::parsebinary of the file src/ELF/Parser.tcc of the component ELF Binary Parser. The manipulation results in null pointer dereference. The attack must be initiated from a local...
Fickling vulnerable to detection bypass due to "builtins" blindness
Fickling's assessmentFickling started emitting AST nodes for builtins imports in order to match them during analysis https://github.com/trailofbits/fickling/commit/9f309ab834797f280cb5143a2f6f987579fa7cdf. Original report SummaryFickling works byPickle bytecode -- AST -- Security analysisHowever...
Fickling has a bypass via runpy.run_path() and runpy.run_module()
Fickling's assessmentrunpy was added to the list of unsafe imports https://github.com/trailofbits/fickling/commit/9a2b3f89bd0598b528d62c10a64c1986fcb09f66. Original report SummaryFickling versions up to and including 0.1.6 do not treat Python’s runpy module as unsafe. Because of this, a malicious...
loggingredactor converts non-string types to string types in logs
ImpactNon-string types are converted into string types, leading to type errors in %d conversions. PatchesThe problem has been patched in version 0.0.6. WorkaroundsNone without patching. ResourcesIssue report: https://github.com/armurox/loggingredactor/issues/7Release:...
AIOHTTP vulnerable to denial of service through large payloads
SummaryA request can be crafted in such a way that an aiohttp server's memory fills up uncontrollably during processing. ImpactIf an application includes a handler that uses the Request.post method, an attacker may be able to freeze the server by exhausting the memory.-----Patch:...
AIOHTTP Vulnerable to Cookie Parser Warning Storm
SummaryReading multiple invalid cookies can lead to a logging storm. ImpactIf the cookies attribute is accessed in an application, then an attacker may be able to trigger a storm of warning-level logs using a specially crafted Cookie header.----Patch:...
AIOHTTP vulnerable to DoS through chunked messages
SummaryHandling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. ImpactIf an application makes use of the request.read method in an endpoint, it may be possible for an attacker to cause the server to spend a moderate amount of blocking CPU ti...
Parsl Monitoring Visualization Vulnerable to SQL Injection
Affected Product: Parsl Python Parallel Scripting LibraryComponent: parsl.monitoring.visualizationVulnerability Type: SQL Injection CWE-89Severity: High CVSS Rating Recommended: 7.5 - 8.6URL: https://github.com/Parsl/parsl/blob/master/parsl/monitoring/visualization/views.pySummaryA SQL Injection...
Bokeh server applications have Incomplete Origin Validation in WebSockets
This vulnerability allows for Cross-Site WebSocket Hijacking CSWSH of a deployed Bokeh server instance. ScopeThis vulnerability is only relevant to deployed Bokeh server instances. There is no impact on static HTML output, standalone embedded plots, or Jupyter notebook usage. This vulnerability...
records-mover Injection vulnerability
A weakness has been identified in bluelabsio records-mover up to 1.5.4. The affected element is an unknown function of the component Table Object Handler. This manipulation causes SQL Injection. The attack needs to be launched locally. Upgrading to version 1.6.0 is sufficient to fix this issue...
MONAI has Path Traversal (Zip Slip) in NGC Private Bundle Download
SummaryA Path Traversal Zip Slip vulnerability exists in MONAI's downloadfromngcprivate function. The function uses zipfile.ZipFile.extractall without path validation, while other similar download functions in the same codebase properly use the existing safeextractmember function.This appears to ...
Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API)
Impacturllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once.urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip,...
picklescan has Arbitrary file read using `io.FileIO`
SummaryUnsafe pickle deserialization allows unauthenticated attackers to read arbitrary server files and perform SSRF. By chaining io.FileIO and urllib.request.urlopen, an attacker can bypass RCE-focused blocklists to exfiltrate sensitive data example: /etc/passwd to an external server. DetailsTh...
AIOHTTP vulnerable to DoS when bypassing asserts
SummaryWhen assert statements are bypassed, an infinite loop can occur, resulting in a DoS attack when processing a POST body. ImpactIf optimisations are enabled -O or PYTHONOPTIMIZE=1, and the application includes a handler that uses the Request.post method, then an attacker may be able to execu...
AIOHTTP has unicode match groups in regexes for ASCII protocol elements
SummaryThe parser allows non-ASCII decimals to be present in the Range header. ImpactThere is no known impact, but there is the possibility that there's a method to exploit a request smuggling vulnerability.----Patch:...
AIOHTTP vulnerable to brute-force leak of internal static file path components
SummaryPath normalization for static files prevents path traversal, but opens up the ability for an attacker to ascertain theexistence of absolute path components. ImpactIf an application uses web.static not recommended for production deployments, it may be possible for an attacker to ascertain t...
AIOHTTP's unicode processing of header values could cause parsing discrepancies
SummaryThe Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters. ImpactIf a pure Python version of aiohttp is installed i.e. without the usual C extensions or AIOHTTPNOEXTENSIONS is enabled, then an attacker may be able to execute a request smuggling...
Picklescan does not block ctypes
SummaryPicklescan doesnt flag ctypes module as a dangerous module, which is a huge issue. ctypes is basically a foreign function interface library and can be used to Load DLLs Call C functions directly Manipulate memory raw pointers.This can allow attackers to achieve RCE by invoking direct...
Feast vulnerable to Deserialization of Untrusted Data
A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0, specifically in the Kubernetes materializer job located at feast/sdk/python/feast/infra/computeengines/kubernetes/main.py. The vulnerability arises from the use of yaml.load..., Loader=yaml.Loader to...
Home Assistant Core before is vulnerable to Directory Traversal
Home Assistant Core before v2025.8.0 is vulnerable to Directory Traversal. The Downloader integration does not fully validate file paths during concatenation, leaving a path traversal vulnerability...
Picklescan vulnerable to Arbitrary File Writing
SummaryPicklescan has got open and shutil in its default dangerous blocklist to prevent arbitrary file overwrites. However the module distutils isnt blocked and can be used for the same purpose ie to write arbitrary files. DetailsThis is another vulnerability which impacts the downstream user.By...
Picklescan has Incomplete List of Disallowed Inputs
SummaryCurrently picklescanner only blocks some specific functions of the pydoc and operator modules. Attackers can use other functions within these allowed modules to go through undetected and achieve RCE on the final user. Particularly pydoc.locate: Can dynamically resolve and import arbitrary...
badkeys vulnerable to ASCII control character injection on console via malformed input
ImpactAn attacker may inject content with ASCII control characters like vertical tabs, ANSI escape sequences, etc., that can create misleading output of the badkeys command-line tool. This impacts scanning DKIM keys both --dkim and --dkim-dns, SSH keys --ssh-lines mode, and filenames in various...
Picklescan Bypasses Unsafe Globals Check using pty.spawn
SummaryThe vulnerability allows malicious actors to bypass PickleScan's unsafe globals check, leading to potential arbitrary code execution. The issue stems from the absence of the pty library more specifically, of the pty.spawn function from PickleScan's list of unsafe globals. This vulnerabilit...
Local Deep Research is Vulnerable to Server-Side Request Forgery (SSRF) in Download Service
SummaryThe download service downloadservice.py makes HTTP requests using raw requests.get without utilizing the application's SSRF protection saferequests.py. This can allow attackers to access internal services and attempt to reach cloud provider metadata endpoints AWS/GCP/Azure, as well as...
Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran._eval_length
SummaryPicklescan uses the numpy.f2py.crackfortran.evallength function a NumPy F2PY helper to execute arbitrary Python code during unpickling. DetailsPicklescan fails to detect a malicious pickle that uses the gadget numpy.f2py.crackfortran.evallength in reduce, allowing arbitrary command executi...
lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()
SummaryAn insecure deserialization vulnerability exists in lmdeploy where torch.load is called without the weightsonly=True parameter when loading model checkpoint files. This allows an attacker to execute arbitrary code on the victim's machine when they load a malicious .bin or .pt model file.CW...
AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb
SummaryA zip bomb can be used to execute a DoS against the aiohttp server. ImpactAn attacker may be able to send a compressed request that when decompressed by aiohttp could exhaust the host's memory.------Patch: https://github.com/aio-libs/aiohttp/commit/2b920c39002cee0ec5b402581779bbaaf7c9138a...
Marshmallow has DoS in Schema.load(many)
ImpactSchema.loaddata, many=True is vulnerable to denial of service attacks. A moderately sized request can consume a disproportionate amount of CPU time. Patches4.1.2, 3.26.2 Workaroundspy Fail fastdef loadmanyschema, data, kwargs: if not isinstancedata, list: raise ValidationError'Invalid input...
libsodium has Incomplete List of Disallowed Inputs
libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.This advisoory...
Langflow Missing Authentication on Critical API Endpoints
SummaryMultiple critical API endpoints in Langflow are missing authentication controls, allowing any unauthenticated user to access sensitive user conversation data, transaction histories, and perform destructive operations including message deletion. This affects endpoints handling personal data...
mcp-server-git has missing path validation when using --repository flag
In mcp-server-git versions prior to 2025.12.18, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repopath arguments in subsequent tool calls were actually within that configured path. This could allow tool calls t...
mcp-server-git's unrestricted git_init tool allows repository creation at arbitrary filesystem locations
In mcp-server-git versions prior to 2025.9.25, the gitinit tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other tools which required an existing repository, gitinit could operate on any directory accessible to the server proces...
mcp-server-git argument injection in git_diff and git_checkout functions allows overwriting local files
In mcp-server-git versions prior to 2025.12.18, the gitdiff and gitcheckout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values e.g., --output=/path/to/file for gitdiff would be interpreted as command-line options rather than git refs,...
Langflow vulnerable to Server-Side Request Forgery
Vulnerability OverviewLangflow provides an API Request component that can issue arbitrary HTTP requests within a flow. This component takes a user-supplied URL, performs only normalization and basic format checks, and then sends the request using a server-side httpx client. It does not block...
nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows
SummaryOn Windows, converting a notebook containing SVG output to a PDF results in unauthorized code execution. Specifically, a third party can create a inkscape.bat file that defines a Windows batch script, capable of arbitrary code execution.When a user runs jupyter nbconvert --to pdf on a...
pretix has Broken Access Control Allowing Cross-User File Access via UUID
An API endpoint allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only...