7044 matches found
Python Social Auth - Django has unsafe account association
ImpactUpon authentication, the user could be associated by e-mail even if the associatebyemail pipeline was not included. This could lead to account compromise when a third-party authentication service does not validate provided e-mail addresses or doesn't require unique e-mail addresses. Patches...
python-ldap is Vulnerable to Improper Encoding or Escaping of Output and Improper Null Termination
Summaryldap.dn.escapednchars escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form \00. Any application that uses this helper to construct DNs from untrusted input can be made to consistently fail before a request is sent to the LDAP serv...
Hugging Face Smolagents XPath injection vulnerability in the search_item_ctrl_f function
Hugging Face Smolagents version 1.20.0 contains an XPath injection vulnerability in the searchitemctrlf function located in src/smolagents/visionwebbrowser.py. The function constructs an XPath query by directly concatenating user-supplied input into the XPath expression without proper sanitizatio...
Nautobot Single Source of Truth (SSoT) has an unauthenticated ServiceNow configuration URL
The servicenow config URL is using a generic django View with no authentication.URL: /plugins/ssot/servicenow/config/ ImpactWhat kind of vulnerability is it? Who is impacted?An Unauthenticated attacker could access this page to view the Service Now public instance name e.g...
reflex-dev/reflex has an Open Redirect vulnerability
MitigationMake sure GITHUBCODESPACESPORTFORWARDINGDOMAIN is not set in a production environment. So the following is correct:assert os.getenv"GITHUBCODESPACESPORTFORWARDINGDOMAIN" is None Vulnerability Description---Vulnerability Overview - When theGET/auth-codespace page loads in a GitHub...
Authlib : JWE zip=DEF decompression bomb enables DoS
SummaryAuthlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable tokens to exhaust memory and CPU and cause denial of service. Details- Affected component:...
python-ldap has sanitization bypass in ldap.filter.escape_filter_chars
SummaryThe sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue parameter, and the non-default escapemode=1 is configured. DetailsThe method ldap.filter.escapefilterchars supports 3...
llama-index has Insecure Temporary File
The llamaindex library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default, which is world-writable in multi-user environments. This configuration allows local users to overwrite, delete, or corrupt NLTK data files, leading to potential denial of service, dat...
ZenML is vulnerable to Path Traversal through its `PathMaterializer` class
ZenML version 0.83.1 is affected by a path traversal vulnerability in the PathMaterializer class. The load function uses ispathwithindirectory to validate files during data.tar.gz extraction, which fails to effectively detect symbolic and hard links. This vulnerability can lead to arbitrary file...
LLaMA Factory's Chat API Contains Critical SSRF and LFI Vulnerabilities
Summary A Server-Side Request Forgery SSRF vulnerability in the chat API allows any authenticated user to force the server to make arbitrary HTTP requests to internal and external networks. This can lead to the exposure of sensitive internal services, reconnaissance of the internal network, or...
mkdocs-include-markdown-plugin susceptible to unvalidated input colliding with substitution placeholders
ImpactCWE-20: Improper Input ValidationLow impact PatchesPatched in v7.1.8 commit https://github.com/mondeja/mkdocs-include-markdown-plugin/commit/7466d67aa0de8ffbc427204ad2475fed07678915 WorkaroundsNo...
LangChain Text Splitters is vulnerable to XML External Entity (XXE) attacks due to unsafe XSLT parsing
The HTMLSectionSplitter class in langchain-text-splitters is vulnerable to XML External Entity XXE attacks due to unsafe XSLT parsing. This vulnerability arises because the class allows the use of arbitrary XSLT stylesheets, which are parsed using lxml.etree.parse and lxml.etree.XSLT without any...
DataChain Vulnerable to Deserialization of Untrusted Data from Environment Variables
The DataChain library reads serialized objects from environment variables such as DATACHAINMETASTORE and DATACHAINWAREHOUSE in the loader.py module. An attacker with the ability to set these environment variables can trigger code execution when the application loads...
vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible Server
SummaryA resource-exhaustion denial-of-service vulnerability exists in multiple endpoints of the OpenAI-Compatible Server due to the ability to specify Jinja templates via the chattemplate and chattemplatekwargs parameters. If an attacker can supply these parameters to the API, they can cause a...
python-socketio vulnerable to arbitrary Python code execution (RCE) through malicious pickle deserialization in certain multi-server deployments
SummaryA remote code execution vulnerability in python-socketio versions prior to 5.14.0 allows attackers to execute arbitrary Python code through malicious pickle deserialization in multi-server deployments on which the attacker previously gained access to the message queue that the servers use...
SPDK is vulnerable to buffer overflow in the NVMe-oF target component
Storage Performance Development Kit SPDK 25.05 is vulnerable to Buffer Overflow in the NVMe-oF target component in SPDK - lib/nvmf...
vLLM is vulnerable to timing attack at bearer auth
SummaryThe API key support in vLLM performed validation using a method that was vulnerable to a timing attack. This could potentially allow an attacker to discover a valid API key using an approach more efficient than brute force...
NiceGUI has a Reflected XSS
SummaryA Cross-Site Scripting XSS risk exists in NiceGUI when developers render unescaped user input into the DOM using ui.html. Before version 3.0, NiceGUI does not enforce HTML or JavaScript sanitization, so applications that directly combine components like ui.input with ui.html without escapi...
Litestar X-Forwarded-For Header Spoofing Vulnerability Enables Rate Limit Evasion
While testing Litestar's RateLimitMiddleware, I discovered that rate limits can be completely bypassed by manipulating the X-Forwarded-For header. This renders IP-based rate limiting ineffective against determined attackers. The ProblemLitestar's RateLimitMiddleware uses cachekeyfromrequest to...
vLLM is vulnerable to Server-Side Request Forgery (SSRF) through `MediaConnector` class
SummaryA Server-Side Request Forgery SSRF vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The loadfromurl and loadfromurlasync methods fetch and process media from user-provided URLs without adequate restrictions on the target hosts. This allows ...
clearml is vulnerable to Path Traversal through its `safe_extract` function
A vulnerability in clearml versions before 2.0.2 allows for path traversal due to improper handling of symbolic and hard links in the safeextract function. This flaw can lead to arbitrary file writes outside the intended directory, potentially resulting in remote code execution if critical files...
Django vulnerable to partial directory traversal via archives
An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract function, used by the "startapp --template" and "startproject --template" commands, allows partial directory traversal via an archive with file paths sharing a common...
Llama Stack could potentially allow for remote code execution
Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolveastbytype function which could potentially allow for remote code execution...
JupyterLab LaTeX typesetter links did not enforce `noopener` attribute
Links generated with LaTeX typesetters in Markdown files and Markdown cells in JupyterLab and Jupyter Notebook did not include the noopener attribute.This is deemed to have no impact on the default installations. Theoretically users of third-party LaTeX-rendering extensions could find themselves...
Authlib: JWS/JWT accepts unknown crit headers (RFC violation → possible authz bypass)
SummaryAuthlib’s JWS verification accepts tokens that declare unknown critical header parameters crit, violating RFC 7515 “must‑understand” semantics. An attacker can craft a signed token with a critical header for example, bork or cnf that strict verifiers reject but Authlib accepts. In...
ml-logger file handler allows reading arbitrary files
A security flaw has been discovered in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected by this issue is the function streamhandler of the file mllogger/server.py of the component File Handler. Performing manipulation of the argument key results in information disclosure...
llama-index-core insecurely handles temporary files
The llama-index-core package, up to version 0.12.44, contains a vulnerability in the getcachedir function where a predictable, hardcoded directory path /tmp/llamaindex is used on Linux systems without proper security controls. This vulnerability allows attackers on multi-user systems to steal...
Hugging Face Transformers library has Regular Expression Denial of Service
A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically within the normalizenumbers method of the EnglishNormalizer class. This vulnerability affects versions up to 4.52.4 and is fixed in version 4.53.0. The issue arises fro...
ml-logger has path traversal in the file argument
A vulnerability was identified in geyang ml-logger 0.10.36 and prior. Affected by this vulnerability is the function loghandler of the file mllogger/server.py. Such manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The exploit is publicly...
mcp-kubernetes-server has a Command Injection vulnerability
mcp-kubernetes-server does not correctly enforce the --disable-write / --disable-delete protections when commands are chained. The server only inspects the first token to decide whether an operation is write/delete, which allows a read-like command to be followed by a write action using shell...
pip's fallback tar extraction doesn't check symbolic links point to extraction directory
When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python versi...
Hugging Face Transformers vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer
The huggingface/transformers library, versions prior to 4.53.0, is vulnerable to Regular Expression Denial of Service ReDoS in the AdamWeightDecay optimizer. The vulnerability arises from the douseweightdecay method, which processes user-controlled regular expressions in the includeinweightdecay...
ml-logger deserialization vulnerability
A vulnerability was determined in geyang ml-logger 0.10.36 and prior. Affected is the function loghandler of the file mllogger/server.py of the component Ping Handler. This manipulation of the argument data causes deserialization. It is possible to initiate the attack remotely. The exploit has be...
Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods
ImpactWhen Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface. This allows an enabled user to reset their password and be able to create J...
xml2rfc is vulnerable to arbitrary file reads through prepped files
ImpactWhen generating PDF files, this vulnerability allows an attacker to read arbitrary files from the filesystem by injecting malicious link element into the prepped RFCXML. WorkaroundsTest untrusted input with link elements with rel="attachment" before processing. ReferencesThis is related to...
OctoPrint is Vulnerable to RCE Attacks via Unsanitized Filename in File Upload
ImpactOctoPrint versions up until and including 1.11.2 contain a vulnerability that allows an authenticated attacker to upload a file under a specially crafted filename that will allow arbitrary command execution if said filename becomes included in a command defined in a system event handler and...
copyparty: Sharing a single file does not fully restrict access to other files in source folder
There was a missing permission-check in the shares feature the shr global-option.When a share is created for just one file inside a folder, it was possible to access the other files inside that folder by guessing the filenames.It was not possible to descend into subdirectories in this manner; onl...
Hugging Face Transformers is vulnerable to ReDoS through its MarianTokenizer
A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically affecting the MarianTokenizer's removelanguagecode method. This vulnerability is present in version 4.52.4 and has been fixed in version 4.53.0. The issue arises from...
PyInstaller has local privilege escalation vulnerability
ImpactDue to a special entry being appended to sys.path during the bootstrap process of a PyInstaller-frozen application, and due to the bootstrap script attempting to load an optional module for bytecode decryption while this entry is still present in sys.path, an application built with...
Neo4j Cypher MCP server is vulnerable to DNS rebinding
ImpactDNS rebinding vulnerability in Neo4j Cypher MCP server allows malicious websites to bypass Same-Origin Policy protections and execute unauthorised tool invocations against locally running Neo4j MCP instances. The attack relies on the user being enticed to visit a malicious website and spend...
Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation
SummaryThe OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with client:create or client:update permissions to escalate their privileges to owner-level. DetailsWhen creating or updating OAuth...
Infrahub: Deleted and expired API tokens can still authenticate
ImpactA bug in the authentication logic will cause API tokens that were deleted and/or expired to be considered valid. This means that any API token that is associated with an active user account can authenticate successfully. PatchesThis issue is fixed in versions 1.3.9 and 1.4.5 WorkaroundsUser...
Indico may disclose unauthorized user details access via legacy API
ImpactA legacy API to retrieve user details could be misused to retrieve profile details of other users without having admin permissions due to a broken access check. PatchesYou should to update to Indico 3.3.8 as soon as possible.See the docs for instructions on how to update. WorkaroundsIt is...
Indico vulnerable to Cross-Site Scripting via LaTeX math code
ImpactThere is a Cross-Site-Scripting vulnerability when rendering LaTeX math code in contribution or abstract descriptions. PatchesYou should to update to Indico 3.3.8 as soon as possible.See the docs for instructions on how to update. WorkaroundsOnly let trustworthy users create content on...
SGLang Remote Code Execution Vulnerability via Unsafe Deserialization in update_weights_from_tensor
A security flaw has been discovered in lmsys sglang 0.4.6. Affected by this vulnerability is the function main of the file /updateweightsfromtensor. The manipulation of the argument serializednamedtensors results in deserialization. The attack can be launched remotely. The exploit has been releas...
xgrammar vulnerable to denial of service by huge enum grammar
SummaryProvided grammar, would fit in a context window of most of the models, but takes minutes to process in 0.1.23. In testing with 0.1.16 the parser worked fine so this seems to be a regression caused by Earley parser. DetailsFull reproducer provider in the POC section. The resulting grammar i...
Fides Webserver API Rate Limiting Vulnerability in Proxied Environments
SummaryThe Fides Webserver API's built-in IP-based rate limiting is ineffective in environments with CDNs, proxies or load balancers. The system incorrectly applies rate limits based on directly connected infrastructure IPs rather than client IPs, and stores counters in-memory rather than in a...
Fides' Admin UI User Password Change Does Not Invalidate Current Session
SummaryAdmin UI user password changes in Fides do not invalidate active user sessions, creating a vulnerability chaining opportunity where attackers who have obtained session tokens through other attack vectors such as XSS can maintain access even after password reset. This issue is not directly...
Weblate has a long session expiry when verifying second factor
ImpactThe verification of the second factor had too long a session expiry. The long session expiry could be used to circumvent rate limiting of the second factor. PatchesThis issue has been addressed in Weblate 5.13.1 via https://github.com/WeblateOrg/weblate/pull/16002. ReferencesThanks to Nahid...
Fides has a Lack of Brute-Force Protections on Authentication Endpoints
SummaryThe Fides Admin UI login endpoint relies on a general IP-based rate limit for all API traffic and lacks specific anti-automation controls designed to protect against brute-force attacks. This could allow attackers to conduct credential testing attacks, such as credential stuffing or passwo...