7035 matches found
OpenStack's Mistral Client has a local file inclusion vulnerability
The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' feature that may result in disclosure of arbitrary local files content...
pypdf's LZWDecode streams be manipulated to exhaust RAM
ImpactAn attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the LZWDecode filter.This is a follow up to GHSA-jfx9-29x2-rv3j to align the default limit with the one for zlib...
Fugue is Vulnerable to Remote Code Execution by Pickle Deserialization via FlaskRPCServer
SummaryThe Fugue framework implements an RPC server system for distributed computing operations. In the corefunctionality of the RPC server implementation, Ifound thatthedecodefunction infugue/rpc/flask.pydirectly usescloudpickle.loadsto deserialize datawithout any sanitization. This creates a...
motionEye vulnerable to RCE via unsanitized motion config parameter
SummaryA command injection vulnerability in MotionEye allows attackers to achieve Remote Code Execution RCE by supplying malicious values in configuration fields exposed via the Web UI. Because MotionEye writes user-supplied values directly into Motion configuration files without sanitization,...
Apache Airflow has a command injection vulnerability in "example_dag_decorator"
An example dag exampledagdecorator had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production not default or the example dag code copied to build your own...
Dosage vulnerable to a Directory Traversal through crafted HTTP responses
ImpactWhen downloadinging comic images, Dosage constructs target file names from different aspects of the remote comic page URL, image URL, page content, etc.. While the basename is properly stripped of directory-traversing characters, the file extension is taken from the HTTP Content-Type header...
Apache Airflow `/api/v2/dagReports` executes DAG Python in API
API users via /api/v2/dagReports could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available...
Agno session state overwrites between different sessions/users
ImpactUnder certain conditions under high concurrency, when sessionstate is passed to an Agent or Team during run or arun calls, a race condition can occur, causing a sessionstate to be assigned and persisted to the incorrect session. This may result in user data from one session being exposed to...
OctoPrint vulnerable to XSS in Action Commands Notification and Prompt
ImpactOctoPrint versions up to and including 1.11.3 are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Action Command notification and prompt popups generated by the printer.An attacker who successfully convinces a victim to print a specially crafted file...
Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events
SummaryOpen WebUI v0.6.33 and below contains a code injection vulnerability in the Direct Connections feature that allows malicious external model servers to execute arbitrary JavaScript in victim browsers via Server-Sent Event SSE execute events. This leads to authentication token theft, complet...
Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE
SummaryThe functionality that inserts custom prompts into the chat window is vulnerable to DOM XSS when 'Insert Prompt as Rich Text' is enabled, since the prompt body is assigned to the DOM sink .innerHtml without sanitisation. Any user with permissions to create prompts can abuse this to plant a...
DSPy does not properly restrict file reads
The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the “PythonInterpreter” class...
cryptidy allows code execution via untrusted data due to pickle.loads
cryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aesdecryptmessage in symmetricencryption.py...
AstrBot has an arbitrary file read vulnerability in function _encode_image_bs64
AstrBot Project v3.5.22 has an arbitrary file read vulnerability in function encodeimagebs64. Since the encodeimagebs64 function defined in entities.py opens the image specified by the user in the request body and returns the image content as a base64-encoded string without checking the legitimac...
Byaidu PDFMathTranslate vulnerable to open redirect
An open redirect vulnerability exists in Byaidu PDFMathTranslate v1.9.9 that allows attackers to craft URLs that cause the application to redirect users to arbitrary external websites via the file parameter to the /gradioapi endpoint. This vulnerability could be exploited for phishing attacks or ...
LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer
SummaryPrior to langgraph-checkpoint version 3.0 , LangGraph’s JsonPlusSerializer used as the default serialization protocol for all checkpointing contains a remote code execution RCE vulnerability when deserializing payloads saved in the "json" serialization mode.If an attacker can cause your...
AstrBot contains a directory traversal vulnerability
AstrBot Project v3.5.22 contains a directory traversal vulnerability. The handler function installpluginupload of the interface '/plugin/install-upload' parses the filename from the request body provided by the user, and directly uses the filename to assign to filepath without checking the validi...
Apache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode
An attacker with a valid read-only account can bypass Doris MCP Server’s read-only mode due to improper access control, allowing modifications that should have been prevented by read-only restrictions.Impact:Bypasses read-only mode; attackers with read-only access may perform unauthorized...
Scrapy is vulnerable to a denial of service (DoS) attack due to flaws in brotli decompression implementation
Scrapy versions up to 2.13.3 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of...
Starlette vulnerable to O(n^2) DoS via Range header merging in ``starlette.responses.FileResponse``
SummaryAn unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion per request, causing denial‑of‑service for endpoints serving files e.g., StaticFiles or any use of...
CKAN vulnerable to fixed session IDs
ImpactSession ids could be fixed by an attacker if the site is configured with server-side session storage CKAN uses cookie-based session storage by default. The attacker would need to either set a cookie on the victim's browser or steal the victim's currently valid session. Session identifiers a...
pypdf can exhaust RAM via manipulated LZWDecode streams
ImpactAn attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter. PatchesThis has been fixed in pypdf==6.1.3. WorkaroundsIf you cannot upgrade yet, consider applying the changes from PR...
CKAN vulnerable to stored XSS in resource description
ImpactThe helpers.markdownextract function did not perform sufficient sanitization of input data before wrapping in an HTML literal element. This helper is used to render user-provided data on dataset, resource, organization or group pages plus any page provided by an extension that used that...
pypdf possibly loops infinitely when reading DCT inline images without EOF marker
ImpactAn attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page which has an inline image using the DCTDecode filter. PatchesThis has been fixed in pypdf==6.1.3. WorkaroundsIf you cannot upgrade yet, consider applyi...
aiomysql allows arbitrary access to client files through vulnerability of a malicious MySQL server
SummaryThe client-side settings are not checked before sending local files to MySQL server, which allows obtaining arbitrary files from the client using a rogue server. DetailsIt is possible to create a rogue MySQL server that emulates authorization, ignores client flags and requests arbitrary...
Keras is vulnerable to arbitrary local file loading and Server-Side Request Forgery
The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF.This vulnerability stems from the way the StringLookup layer is handled during model loading from a...
FastMCP vulnerable to windows command injection in FastMCP Cursor installer via server_name
SummaryA command-injection vulnerability lets any attacker who can influence the servername field of an MCP execute arbitrary OS commands on Windows hosts that run fastmcp install cursor Details1. generatecursordeeplinkservername, … embeds servername verbatim in a cursor://…?name= query string.2...
LangGraph SQLite Checkpoint Filter Key SQL Injection POC for SqliteStore
SummaryLangGraph's SQLite store implementation contains SQL injection vulnerabilities using direct string concatenation without proper parameterization, allowing attackers to inject arbitrary SQL and bypass access controls. Details/langgraph/libs/checkpoint-sqlite/langgraph/store/sqlite/base.pyTh...
LangGraph's SQLite store implementation has a SQL Injection Vulnerability
A SQL injection vulnerability exists in the langchain-ai/langgraph repository, specifically in the LangGraph's SQLite store implementation. The affected version is langgraph-checkpoint-sqlite 2.0.10. The vulnerability arises from improper handling of filter operators $eq, $ne, $gt, $lt, $gte, $lt...
Apache Airflow's create action can upsert existing Pools/Connections/Variables
User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action...
BBOT's gitlab.py exposes globally configured "gitlab" API key
Summarybbot's gitlab.py sends the user's "gitlab" API key to on-premise GitLab instances.If a user has configured a gitlab.com API key using this mechanism, it may be leaked to an attacker-controlled server. ImpactA user with a "gitlab" API key configured who uses bbot to scan a malicious webserv...
FastMCP vulnerable to reflected XSS in client's callback page
SummaryWhile setting up an oauth client, it was noticed that the callback page hosted by the client during the flow embeds user-controlled content without escaping or sanitizing it. This leads to a reflected Cross-Site-Scripting vulnerability. DetailsThe affected code is located in...
pg8000 SQL injection vulnerability via a specially crafted Python list input
SQL injection vulnerability in tlocke pg8000 1.31.4 allows remote attackers to execute arbitrary SQL commands via a specially crafted Python list input to function pg8000.native.literal...
MLflow Weak Password Requirements Authentication Bypass Vulnerability
MLflow Weak Password Requirements Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of passwords. T...
MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability
MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this vulnerability.The specific flaw...
Hugging Face Smolagents XPath injection vulnerability in the search_item_ctrl_f function
Hugging Face Smolagents version 1.20.0 contains an XPath injection vulnerability in the searchitemctrlf function located in src/smolagents/visionwebbrowser.py. The function constructs an XPath query by directly concatenating user-supplied input into the XPath expression without proper sanitizatio...
python-ldap has sanitization bypass in ldap.filter.escape_filter_chars
SummaryThe sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue parameter, and the non-default escapemode=1 is configured. DetailsThe method ldap.filter.escapefilterchars supports 3...
Mammoth is vulnerable to Directory Traversal
Versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth before 1.11.0; versions of the package org.zwobble.mammoth:mammoth before 1.11.0 are vulnerable to Directory Traversal due to the lack of...
Authlib : JWE zip=DEF decompression bomb enables DoS
SummaryAuthlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable tokens to exhaust memory and CPU and cause denial of service. Details- Affected component:...
Home Assistant has Stored XSS vulnerability in Energy dashboard from Energy Entity Name
SummaryAn authenticated party can add a malicious name to the Energy entity, allowing for Cross-Site Scripting attacks against anyone who can see the Energy dashboard, when they hover over any information point The blue bar in the picture belowAn alternative, and more impactful scenario, is that...
llama-index has Insecure Temporary File
The llamaindex library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default, which is world-writable in multi-user environments. This configuration allows local users to overwrite, delete, or corrupt NLTK data files, leading to potential denial of service, dat...
python-ldap is Vulnerable to Improper Encoding or Escaping of Output and Improper Null Termination
Summaryldap.dn.escapednchars escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form \00. Any application that uses this helper to construct DNs from untrusted input can be made to consistently fail before a request is sent to the LDAP serv...
Synapse's invalid device keys degrade federation functionality
ImpactLack of validation for device keys in Synapse before 1.138.3 and in Synapse 1.139.0 allow an attacker registered on the victim homeserver to degrade federation functionality, unpredictably breaking outbound federation to other homeservers. PatchesPatched in Synapse 1.138.3, 1.138.4, 1.139.1...
pyLoad CNL and captcha handlers allow Code Injection via unsanitized parameters
SummarypyLoad web interface contained insufficient input validation in both the Captcha script endpoint and the Click'N'Load CNL Blueprint. This flaw allowed untrusted user input to be processed unsafely, which could be exploited by an attacker to inject arbitrary content into the web UI or...
Authlib is vulnerable to Denial of Service via Oversized JOSE Segments
SummaryAuthlib’s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url‑encoded header or signature spans hundreds of megabytes. During verification, Authlib decodes and parses the full input before it is rejected, driving...
reflex-dev/reflex has an Open Redirect vulnerability
MitigationMake sure GITHUBCODESPACESPORTFORWARDINGDOMAIN is not set in a production environment. So the following is correct:assert os.getenv"GITHUBCODESPACESPORTFORWARDINGDOMAIN" is None Vulnerability Description---Vulnerability Overview - When theGET/auth-codespace page loads in a GitHub...
Nautobot Single Source of Truth (SSoT) has an unauthenticated ServiceNow configuration URL
The servicenow config URL is using a generic django View with no authentication.URL: /plugins/ssot/servicenow/config/ ImpactWhat kind of vulnerability is it? Who is impacted?An Unauthenticated attacker could access this page to view the Service Now public instance name e.g...
BBOT's git_clone.py can expose users' GitHub API keys to an attacker-controlled webserver
SummaryDue to unsafe URL handling, bbot's gitclone.py can be made to leak a user's github.com API key to an attacker-controlled webserver. ImpactA user who has placed their github.com API key in the configuration for any of the following modules: githubcodesearch githubworkflows gitlab gitclone...
Python Social Auth - Django has unsafe account association
ImpactUpon authentication, the user could be associated by e-mail even if the associatebyemail pipeline was not included. This could lead to account compromise when a third-party authentication service does not validate provided e-mail addresses or doesn't require unique e-mail addresses. Patches...
clearml is vulnerable to Path Traversal through its `safe_extract` function
A vulnerability in clearml versions before 2.0.2 allows for path traversal due to improper handling of symbolic and hard links in the safeextract function. This flaw can lead to arbitrary file writes outside the intended directory, potentially resulting in remote code execution if critical files...