7035 matches found
pretix has Broken Access Control Allowing Cross-User File Access via UUID
Multiple API endpoints allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only...
PyMdown Extensions has a ReDOS bug in its Figure Capture extension
ImpactThis issue describes a ReDOS bug found within the figure caption extension pymdownx.blocks.caption .In systems that take unchecked user content, this could cause long hangs when processing the data if a malicious payload was crafted. PatchesThis issue is patched in Release 10.16.1...
filelock has a TOCTOU race condition which allows symlink attacks during lock file creation
ImpactA Time-of-Check-Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation where filelock checks if a file exists before opening it with OTRUNC. An attacke...
FastAPI SSP is vulnerable to Cross-site Request Forgery (CSRF) through improper OAuth parameter validation
Versions of the package fastapi-sso before 0.19.0 are vulnerable to Cross-site Request Forgery CSRF due to the improper validation of the OAuth state parameter during the authentication callback. While the getloginurl method allows for state generation, it does not persist the state or bind it to...
FastAPI Users Vulnerable to 1-click Account Takeover in Apps Using FastAPI SSO
DescriptionThe OAuth login state tokens are completely stateless and carry no per-request entropy or any data that could link them to the session that initiated the OAuth flow. generatestatetoken is always called with an empty statedata dict, so the resulting JWT only contains the fixed audience...
Biopython is vulnerable to doctype XML external entity (XXE) injection through Bio.Entrez
Bio.Entrez in Biopython through 1.86 allows doctype XXE...
Cowrie has a SSRF vulnerability in wget/curl emulation enabling DDoS amplification
SummaryA Server-Side Request Forgery SSRF vulnerability in Cowrie's emulated shell mode allows unauthenticated attackers to abuse the honeypot as an amplification vector for HTTP-based denial-of-service attacks against arbitrary third-party hosts. DetailsWhen Cowrie operates in emulated shell mod...
Weblate has an arbitrary file read via symbolic links
ImpactIt was possible to read arbitrary files from the server file system using crafted symbolic links in the repository. ResourcesThanks to Jason Marcello for responsible disclosure...
Open Redirect Vulnerability in Taguette
SummaryAn Open Redirect vulnerability exists in Taguette that allows attackers to craft malicious URLs that redirect users to arbitrary external websites after authentication. This can be exploited for phishing attacks where victims believe they are interacting with a trusted Taguette instance bu...
urllib3 streaming API improperly handles highly compressed data
Impacturllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once.When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP...
HTTP/HTTPS Traffic Interception Bypass in mad-proxy
A vulnerability in mad-proxy versions = 0.3 allows attackers to bypass HTTP/HTTPS traffic interception rules, potentially exposing sensitive traffic...
Ansible Community General Collection is vulnerable to exposure of sensitive information
A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure IE of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and...
NiceGUI has a path traversal in app.add_media_files() allows arbitrary file read
SummaryA directory traversal vulnerability in NiceGUI's App.addmediafiles allows a remote attacker to read arbitrary files on the server filesystem. DetailsHello, I am Seungbin Yang, a university student studying cybersecurity. While reviewing the source code of the repository, I discovered a...
Universal Tool Calling Protocol (UTCP) client library for Python vulnerable to Trust Boundary Violation through Manual JSON specification
The vulnerability arises when a client fetches a tools’ JSON specification, known as a Manual, from a remote Manual Endpoint. While a provider may initially serve a benign manual e.g., one defining an HTTP tool call, earning the clients’ trust, a malicious provider can later change the manual to...
NiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style Injection
SummaryA Cross-Site Scripting XSS vulnerability exists in ui.addcss, ui.addscss, and ui.addsass functions in NiceGUI v3.3.1 and earlier.These functions allow developers to inject styles dynamically. However, they lack proper sanitization or encoding for the JavaScript context they generate. An...
Fickling has missing detection for marshal.loads and types.FunctionType in unsafe modules list
Fickling AssessmentBased on the test case provided in the original report below, this bypass was caused by marshal and types missing from the block list of unsafe module imports, Fickling started blocking both modules to address this issue. This was fixed in...
ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay
ImpactA cryptographic semantic binding flaw in ALTCHA libraries allows challenge payload splicing, which may enable replay attacks. The HMAC signature does not unambiguously bind challenge parameters to the nonce, allowing an attacker to reinterpret a valid proof-of-work submission with a modifie...
open-webui is Vulnerable to Incorrect Access Control
open-webui v0.6.33 is vulnerable to Incorrect Access Control. The API /api/tasks/stop/ directly accesses and cancels tasks without verifying user ownership, enabling attackers a normal user to stop arbitrary LLM response tasks...
ComposioHQ has a directory traversal vulnerability
Directory Traversal vulnerability in ComposioHQ v.0.7.20 allows a remote attacker to obtain sensitive information via the downloadfileordir function...
NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content
SummaryA Cross-Site Scripting XSS vulnerability exists in the ui.interactiveimage component of NiceGUI v3.3.1 and earlier. The component renders SVG content using Vue's v-html directive without any sanitization. This allows attackers to inject malicious HTML or JavaScript via the SVG tag...
Open WebUI vulnerable to Server-Side Request Forgery (SSRF) via Arbitrary URL Processing in /api/v1/retrieval/process/web
SummaryA Server-Side Request Forgery SSRF vulnerability in Open WebUI allows any authenticated user to force the server to make HTTP requests to arbitrary URLs. This can be exploited to access cloud metadata endpoints AWS/GCP/Azure, scan internal networks, access internal services behind firewall...
Pyrofork has a Path Traversal in download_media Method
SummaryThe downloadmedia method in Pyrofork does not sanitize filenames received from Telegram messages before using them in file path construction. This allows a remote attacker to write files to arbitrary locations on the filesystem by sending a specially crafted document with path traversal...
urllib3 allows an unbounded number of links in the decompression chain
Impacturllib3 supports chained HTTP encoding algorithms for response content according to RFC 9110 e.g., Content-Encoding: gzip, zstd.However, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leadi...
LangGraph's SQLite is vulnerable to SQL injection via metadata filter key in SQLite checkpointer list method
ContextA SQL injection vulnerability exists in LangGraph's SQLite checkpoint implementation that allows attackers to manipulate SQL queries through metadata filter keys. This affects applications that accept untrusted metadata filter keys not just filter values in checkpoint search operations...
Weblate has improper validation upon invitation acceptance
ImpactIt was possible to accept an invitation opened by a different Weblate user. Patches https://github.com/WeblateOrg/weblate/pull/16913 WorkaroundsUsers should avoid leaving Weblate sessions with an unattended opened invitation. ReferencesThanks to Nahid0x for responsibly disclosing this...
Werkzeug safe_join() allows Windows special device names
Werkzeug's safejoin function allows path segments with Windows device names. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every directory. sendfromdirectory uses safejoin to safely serve files at user-specified paths under a director...
trytond allows remote attackers to obtain sensitive trace-back (server setup) information
Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back server setup information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70...
Spotipy has a XSS vulnerability in its OAuth callback server
SummaryXSS vulnerability in OAuth callback server allows JavaScript injection through unsanitized error parameter. Attackers can execute arbitrary JavaScript in the user's browser during OAuth authentication. DetailsVulnerable Code: spotipy/oauth2.py lines 1238-1274 RequestHandler.doGETThe...
Keras Directory Traversal Vulnerability
SummaryKeras's keras.utils.getfile function is vulnerable to directory traversal attacks despite implementing filtersafepaths. The vulnerability exists because extractarchive uses Python's tarfile.extractall method without the security-critical filter="data" parameter. A PATHMAX symlink resolutio...
trytond does not enforce access rights for the route of the HTML editor.
Tryton trytond 6.0 before 7.6.11 does not enforce access rights for the route of the HTML editor. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70...
arcade-mcp-server Has Default Hardcoded Worker Secret That Allows Full Unauthorized Access to All HTTP MCP Worker Endpoints
SummaryThe arcade-mcp HTTP server uses a hardcoded default worker secret "dev" that is never validated or overridden during normal server startup. As a result, any unauthenticated attacker who knows this default key can forge valid JWTs and fully bypass the FastAPI authentication layer. This gran...
trytond does not enforce access rights for data export
Tryton trytond 6.0 before 7.6.11 does not enforce access rights for data export. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70...
Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default
DescriptionThe Model Context Protocol MCP Python SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication using FastMCP with streamable HTTP or SSE transport, and has not configured...
Peppol-py is vulnerable to XXE attacks due to Saxon configuration
Peppol-py before 1.1.1 allows XXE attacks because of the Saxon configuration. When validating XML-based invoices, the XML parser could read files from the filesystem and expose their content to a remote host...
fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib
SummaryThe fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The vulnerability affects the main code path of fontTools.varLib, used by the fonttools varLib CLI and a...
Calibre-Web Has a Stored Cross-Site Scripting (XSS) Vulnerability via the 'username' Field During User Creation
A Stored Cross-Site Scripting XSS vulnerability in Calibre-Web v0.6.25 allows attackers to inject malicious JavaScript into the 'username' field during user creation. The payload is stored unsanitized and later executed when the /ajax/listusers endpoint is accessed...
vLLM vulnerable to remote code execution via transformers_utils/get_config
Summaryvllm has a critical remote code execution vector in a config class named NemotronNanoVLConfig. When vllm loads a model config that contains an automap entry, the config class resolves that mapping with getclassfromdynamicmodule... and immediately instantiates the returned class. This fetch...
AWS Advanced Python Wrapper: Privilege Escalation in Aurora PostgreSQL instance
Description of Vulnerability:An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rdssuperuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service RDS...
vLLM deserialization vulnerability leading to DoS and potential RCE
SummaryA memory corruption vulnerability that leading to a crash denial-of-service and potentially remote code execution RCE exists in vLLM versions 0.10.2 and later, in the Completions API endpoint. When processing user-supplied prompt embeddings, the endpoint loads serialized tensors using...
pgAdmin has vulnerability in LDAP authentication mechanism that allows bypassing TLS certificate verification
pgAdmin = 9.9is affected by avulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification...
Insecure Deserialization (pickle) in pdfminer.six CMap Loader — Local Privesc
🚀 OverviewThis report demonstrates a real-world privilege escalation vulnerability in pdfminer.six due to unsafe usage of Python's pickle module for CMap file loading.It shows how a low-privileged user can gain root access or escalate to any service account by exploiting insecure deserialization ...
OpenStack Keystone allows /v3/ec2tokens or /v3/s3tokens request with valid AWS Signature to provide Keystone authorization.
OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization...
Arbitrary Code Execution in pdfminer.six via Crafted PDF Input
Summarypdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The CMapDB.loaddata function in pdfminer.six uses pickle.loads to deserialize pickle files. These pickle files are supposed to be part of the pdfminer.six distribution stored in the...
Bugsink is vulnerable to unauthenticated remote DoS via crafted Brotli input
ImpactIn affected versions, brotli "bombs" highly compressed brotli streams, such as many zeros can be sent to the server. Since the server will attempt to decompress these streams before applying various maximums, this can lead to exhaustion of the available memory and thus a Denial of...
pgAdmin 4 has command injection vulnerability on Windows systems
pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup and restore operations, enabling attackers to execute arbitrary system commands by providing specially crafted file path input...
LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templates
ContextA template injection vulnerability exists in LangChain's prompt template system that allows attackers to access Python object internals through template syntax. This vulnerability affects applications that accept untrusted template strings not just template variables in ChatPromptTemplate...
vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs
SummaryUsers can crash the vLLM engine serving multimodal models by passing multimodal embedding inputs with correct ndim but incorrect shape e.g. hidden dimension is wrong, regardless of whether the model is intended to support such inputs as defined in the Supported Models page.The issue has...
Bugsink is vulnerable to unauthenticated remote DoS via crafted Brotli input (via CPU)
ImpactIn affected versions, a specially crafted Brotli-compressed envelope can cause Bugsink to spend excessive CPU time in decompression, leading to denial of service.This can be done if the DSN is known, which it is in many common setups JavaScript, Mobile Apps. PatchesPatched in Bugsink 2.0.6...
vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`
SummaryThe /v1/chat/completions and /tokenize endpoints allow a chattemplatekwargs request parameter that is used in the code before it is properly validated against the chat template. With the right chattemplatekwargs parameters, it is possible to block processing of the API server for long...
pgAdmin is affected by an LDAP injection vulnerability
pgAdmin = 9.9is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject special LDAP characters in the username, causing the DC/LDAP server and the client to process an unusual amount of data DOS...