Lucene search
K

7038 matches found

PyPA
PyPA
added 2026/07/07 4:3 p.m.8 views

xml2rfc has an arbitrary file read vulnerability

ImpactWhen generating PDF files, this vulnerability allows an attacker to read arbitrary files from the filesystem by injecting malicious link element into the XML. WorkaroundsTest untrusted input with link elements with rel="attachment" before processing. CreditsThis vulnerability was reported b...

8.7CVSS6AI score0.00265EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/07/07 4:3 p.m.7 views

Picklescan is missing detection when calling built-in python ensurepip._run_pip

SummaryUsing ensurepip.runpip function, which is a built-in python library function to execute remote pickle file. DetailsThe attack payload executes in the following steps:First, the attacker craft the payload by calling to ensurepip.runpip function in reduce methodThen when the victim after...

8.1CVSS6.3AI score0.00367EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/07/07 4:3 p.m.7 views

Picklescan has a missing detection when calling built-in python idlelib.debugobj.ObjectTreeItem

SummaryUsing idlelib.debugobj.ObjectTreeItem.SetText, which is a built-in python library function to execute remote pickle file. DetailsThe attack payload executes in the following steps:First, the attacker craft the payload by calling to idlelib.debugobj.ObjectTreeItem.SetText function in reduce...

8.1CVSS6.3AI score0.00253EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/07/07 4:3 p.m.8 views

LlamaIndex affected by a Denial of Service (DOS) in JSONReader

A denial of service vulnerability exists in the JSONReader component of the run-llama/llamaindex repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting its maximum recursion depth...

8.6CVSS6AI score0.0026EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/07/07 4:3 p.m.8 views

Eventlet affected by HTTP request smuggling in unparsed trailers

ImpactThe Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections.This vulnerability could enable attackers to:- Bypass front-end security controls- Launch targeted attacks against active site users- Poison web caches PatchesProblem has been...

9.1CVSS5.7AI score0.00363EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2026/07/07 4:3 p.m.6 views

Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.get_entity

SummaryUsing idlelib.autocomplete.AutoComplete.getentity, which is a built-in python library function to execute remote pickle file. DetailsThe attack payload executes in the following steps:First, the attacker craft the payload by calling to idlelib.autocomplete.AutoComplete.getentity function i...

8.1CVSS6.3AI score0.00248EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/07/07 4:3 p.m.6 views

ESP-IDF web_server basic auth bypass using empty or incomplete Authorization header

SummaryOn the ESP-IDF platform, ESPHome's webserver authentication check can pass incorrectly when the client-supplied base64-encoded Authorization value is empty or is a substring of the correct value e.g., correct username with partial password. This allows access to webserver functionality...

8.1CVSS5.9AI score0.01514EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2026/07/07 4:3 p.m.7 views

Exiv2 has quadratic performance in ICC profile parsing in JpegBase::readMetadata

ImpactA denial-of-service was found in Exiv2 version v0.28.5: a quadratic algorithm in the ICC profile parsing code in jpegBase::readMetadata can cause Exiv2 to run for a long time. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image...

5.5CVSS6AI score0.00226EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added 2026/07/07 4:3 p.m.6 views

MobSF Vulnerable to Arbitrary File Write (AR-Slip) via Absolute Path in .a Extraction

SummaryThe vulnerability allows any user to overwrite any files available under the account privileges of the running process. DetailsAs part of static analysis, iOS MobSF supports loading and parsing statically linked libraries .a. When parsing such archives, the code extracts the embedded objec...

6.5CVSS6AI score0.0056EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2026/07/07 4:3 p.m.7 views

XGrammar affected by Denial of Service by infinite recursion grammars

SummaryThis issue: http://github.com/mlc-ai/xgrammar/issues/250 should have it's own security advisory. Since several tools accept and pass user supplied grammars to xgrammar, and it is so easy to trigger it seems like a High...

8.7CVSS6AI score0.00436EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2026/07/07 4:3 p.m.7 views

Apache Superset has bypass of `DISALLOWED_SQL_FUNCTIONS` that allows execution of blocked SQL functions

A bypass of the DISALLOWEDSQLFUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. An attacker can use a special inline block to circumvent the denylist. This allows a user with SQL Lab access to execute functions that were intended to be disabled, leadi...

6.5CVSS6.2AI score0.00628EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/07/07 4:3 p.m.8 views

Apache Superset allows authenticated users to discover metadata about datasources they don't have permission to access

Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the datasourceid in the URL, an attacker can...

6.5CVSS6AI score0.00479EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/07/07 4:3 p.m.7 views

Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs

Dear Maintainers,I am writing to you on behalf of the Tencent AI Sec. We have identified a potential vulnerability in one of your products and would like to report it to you for further investigation and mitigation. SummaryThe jk parameter is received in pyLoad CNL Blueprint. Due to the lack of j...

8.7CVSS6AI score0.003EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/07/07 4:3 p.m.8 views

h2 allows HTTP Request Smuggling due to illegal characters in headers

SummaryHTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to manipulate request...

6.9CVSS6AI score0.01596EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2026/07/07 4:3 p.m.7 views

Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation (Post-RCE)

This vulnerability was discovered by researchers at Check Point. We are sharing this report as part of a responsible disclosure process and are happy to assist in validation and remediation if needed. SummaryA privilege escalation vulnerability exists in Langflow containers where an authenticated...

8.8CVSS6.4AI score0.00433EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2026/07/07 4:3 p.m.10 views

Apache Superset's chart visualization has a stored Cross-Site Scripting (XSS) vulnerability

A stored Cross-Site Scripting XSS vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they...

5.4CVSS6.2AI score0.00617EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/07/07 4:3 p.m.7 views

vLLM has remote code execution vulnerability in the tool call parser for Qwen3-Coder

SummaryAn unsafe deserialization vulnerability allows any authenticated user to execute arbitrary code on the server if they are able to get the model to pass the code as an argument to a tool call. Details vLLM's Qwen3 Coder tool parser contains a code execution path that uses Python's eval...

8.8CVSS6.8AI score0.04016EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2026/07/07 4:3 p.m.7 views

Apache Superset data query improperly discloses database schema information to low-privileged guest user

When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user.This...

5.3CVSS5.9AI score0.00519EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/07/07 4:3 p.m.7 views

vllm API endpoints vulnerable to Denial of Service Attacks

SummaryA Denial of Service DoS vulnerability can be triggered by sending a single HTTP GET request with an extremely large header to an HTTP endpoint. This results in server memory exhaustion, potentially leading to a crash or unresponsiveness. The attack does not require authentication, making i...

7.5CVSS6AI score0.00527EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2026/07/07 4:3 p.m.8 views

Copier's safe template has filesystem write access outside destination path

ImpactCopier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it turns out, a safe template can currently write files outside the destination path...

6.9CVSS6AI score0.00244EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/07/07 4:3 p.m.7 views

OMERO.web displays unecessary user information when requesting password reset

BackgroundIf an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. ImpactOMERO.web before 5.29.1 PatchesUser should upgrade to 5.29.2 or higher WorkaroundsDisable the...

5.3CVSS6AI score0.00261EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/07/07 4:3 p.m.6 views

PyPDF's Manipulated FlateDecode streams can exhaust RAM

ImpactAn attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used on a malicious cross-reference stream. Other content streams are affected on explicit access. PatchesThis has been...

8.7CVSS5.8AI score0.00437EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added 2026/07/07 4:3 p.m.8 views

Copier's safe template has arbitrary filesystem read/write access

ImpactCopier's current security model shall restrict filesystem access through Jinja:- Files can only be read using % include ... %, which is limited by Jinja to reading files from the subtree of the local template clone in our case.- Files are written in the destination directory according to...

8.5CVSS6.1AI score0.0024EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/07/07 4:3 p.m.9 views

MaterialX Stack Overflow via Lack of MTLX XML Parsing Recursion Limit

SummaryWhen parsing an MTLX file with multiple nested nodegraph implementations, the MaterialX XML parsing logic can potentially crash due to stack exhaustion. DetailsBy specification, multiple kinds of elements in MTLX support nesting other elements, such as in the case of nodegraph elements...

7.5CVSS6AI score0.00605EPSS
Exploits1References10Affected Software1
PyPA
PyPA
added 2026/07/07 4:3 p.m.8 views

Hugging Face Transformers Regular Expression Denial of Service (ReDoS) vulnerability

A Regular Expression Denial of Service ReDoS vulnerability exists in the Hugging Face Transformers library, specifically in the converttfweightnametoptweightname function. This function, responsible for converting TensorFlow weight names to PyTorch format, uses a regex pattern /^/^// that can be...

5.3CVSS6.1AI score0.00391EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2026/07/07 4:3 p.m.7 views

TinyScientist has Path Traversal Vulnerability in PDF Review Function (CWE-22)

DescriptionA critical path traversal vulnerability CWE-22 has been identified in the reviewpaper function in backend/app.py. The vulnerability allows malicious users to access arbitrary PDF files on the server by providing crafted file paths that bypass the intended security restrictions...

8.8CVSS6AI score0.0064EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/07/07 4:3 p.m.7 views

copyparty allows Regex Denial of Service (ReDoS) in the upload listing

SummaryThe filter parameter for the "Recent uploads" page allows arbitrary Regexes. If this feature is enabled which is the default, an attacker can craft a filter which deadlocks the server. PoChttps://127.0.0.1:3923/?ru=.++x ImpactThe server becomes fully inaccessible for a long time...

7.5CVSS6AI score0.00397EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2026/07/07 4:3 p.m.7 views

PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter

SummaryThe parameter addlinks in the API /json/addpackage is vulnerable to SQL Injection. SQL injection vulnerabilities can lead to sensitive data leakage. Details- Affected file:https://github.com/pyload/pyload/blob/develop/src/pyload/core/database/filedatabase.pyL271- Affected...

8.8CVSS6AI score0.00325EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2026/07/07 4:3 p.m.11 views

ExecuTorch integer overflow vulnerability leads to code execution

An integer overflow vulnerability in the loading of ExecuTorch models can cause smaller-than-expected memory regions to be allocated, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 8f062d3f661e20bb19b24b767b9a9a46e8359f2b...

9.8CVSS6.6AI score0.00593EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/07/07 4:3 p.m.7 views

MaterialX Lack of MTLX Import Depth Limit Leads to DoS (Denial-Of-Service) Via Stack Exhaustion

SummaryNested imports of MaterialX files can lead to a crash via stack memory exhaustion, due to the lack of a limit on the "import chain" depth. DetailsThe MaterialX specification supports importing other files by using XInclude tags.When parsing file imports, recursion is used to process nested...

7.5CVSS6.1AI score0.00818EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added 2026/07/07 4:3 p.m.6 views

Picklescan has pickle parsing logic flaw that leads to malicious pickle file bypass

DetailsThere's a parsing logic error in picklescan and modelscan while trying to deal with opcode STACKGLOBAL.Function listglobals when handling STACKGLOBAL at position n, it is expected to track two arguments but in wrong range. The loop only consider the range from 1 to n-1 but forgets to...

9.8CVSS6AI score0.00475EPSS
Exploits0References11Affected Software1
PyPA
PyPA
added 2026/07/07 4:3 p.m.7 views

uv allows ZIP payload obfuscation through parsing differentials

ImpactIn versions 0.8.5 and earlier of uv, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. This enabled two parser differentials against other Python package installers:1. An attacker could contrive a ZIP...

6.8CVSS6.2AI score0.00196EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2026/07/07 4:3 p.m.7 views

SKOPS Card.get_model happily allows arbitrary code execution

SummaryThe Card class of skops, used for model documentation and sharing, allows arbitrary code execution. When a file other than .zip is provided to the Card class during instantiation, the internally invoked Card.getmodel method silently falls back to joblib without warning. Unlike the .skops...

8.4CVSS6.6AI score0.00212EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2026/07/07 4:2 p.m.7 views

OpenEXR Out of Bounds Heap Read due to Bad Pointer Arithmetic in LossyDctDecoder_execute

SummaryThe OpenEXRCore code is vulnerable to a heap-based buffer overflow during a read operation due to bad pointer math when decompressing DWAA-packed scan-line EXR files with a maliciously forged chunk. DetailsIn the LossyDctDecoderexecute function from src/lib/OpenEXRCore/internaldwadecoder.h...

9.1CVSS6.2AI score0.00496EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added 2026/07/07 4:2 p.m.7 views

MaterialX Null Pointer Dereference in getShaderNodes due to Unchecked nodeGraph->getOutput return

SummaryWhen parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which can lead to crashes with maliciously crafted files. DetailsIn src/MaterialXCore/Material.cpp, in function getShaderNodes, the following code fetches the output nodes for a given...

7.5CVSS6AI score0.00463EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2026/07/07 4:2 p.m.7 views

OpenEXR Heap-Based Buffer Overflow in Deep Scanline Parsing via Forged Unpacked Size

SummaryThe OpenEXRCore code is vulnerable to a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep scan-line EXR files with a maliciously forged chunk header. DetailsWhen parsing STORAGEDEEPSCANLINE chunks from an EXR file, the following code from...

8.4CVSS6.7AI score0.00312EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added 2026/07/07 4:2 p.m.7 views

Bugsink path traversal via event_id in ingestion

SummaryIn affected versions, ingestion paths construct file locations directly from untrusted eventid input without validation. A specially crafted eventid can result in paths outside the intended directory, potentially allowing file overwrite or creation in arbitrary locations.Submitting such...

7.2CVSS6AI score0.00538EPSS
Exploits0References13Affected Software1
PyPA
PyPA
added 2026/07/07 4:2 p.m.6 views

OpenEXR ScanLineProcess::run_fill NULL Pointer Write In "reduceMemory" Mode

SummaryWhen reading a deep scanline image with a large sample count in reduceMemory mode, it is possible to crash a target application with a NULL pointer dereference in a write operation. DetailsIn the ScanLineProcess::runfillfunction, implemented in src/lib/OpenEXR/ImfDeepScanLineInputFile.cpp,...

6.2CVSS6.2AI score0.00198EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2026/07/07 4:2 p.m.6 views

MS SWIFT Remote Code Execution via unsafe PyYAML deserialization

DescriptionA Remote Code Execution RCE vulnerability exists in the modelscope/ms-swift project due to unsafe use of yaml.load in combination with vulnerable versions of the PyYAML library ≤ 5.3.1. The issue resides in the tests/run.py script, where a user-supplied YAML configuration file is...

9.8CVSS6.4AI score0.02494EPSS
Exploits1References10Affected Software1
PyPA
PyPA
added 2026/07/07 4:2 p.m.7 views

MaterialX Null Pointer Dereference in MaterialXCore Shader Generation due to Unchecked implGraphOutput

SummaryWhen parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which can lead to crashes with maliciously crafted files. DetailsIn source/MaterialXCore/Material.cpp, the following code extracts the output nodes for a given implementation graph:cpp...

7.5CVSS6AI score0.00516EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added 2026/07/07 4:2 p.m.8 views

copyparty Reflected XSS via Filter Parameter

SummaryUnauthorized reflected Cross-Site-Scripting when accessing the URL for recent uploads with the filter parameter containing JavaScript code. DetailsWhen accessing the recent uploads page at /?ru, users can filter the results using an input field at the top. This field appends a filter...

6.3CVSS6AI score0.02393EPSS
Exploits3References7Affected Software1
PyPA
PyPA
added 2026/07/07 4:2 p.m.9 views

MS SWIFT WEB-UI RCE Vulnerability

I. Detailed Description: This includes scenarios, screenshots, vulnerability reproduction methods. For account-related vulnerabilities, please provide test accounts. If the reproduction process is complex, you may record a video, upload it to Taopan, and attach the link.1. Install ms-swift pip...

5.9CVSS6.1AI score0.01177EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/07/07 4:2 p.m.6 views

OpenEXR Out-Of-Memory via Unbounded File Header Values

SummaryThe OpenEXR file format defines many information about the final image inside of the file header, such as the size of data/display window.The application trusts the value of dataWindow size provided in the header of the input file, and performs computations based on this value.This may...

5.5CVSS5.9AI score0.00259EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2026/07/07 4:2 p.m.5 views

copyparty has DOM-Based XSS vulnerability when displaying multimedia metadata

SummaryAn unauthenticated attacker is able to execute arbitrary JavaScript code in a victim's browser due to improper sanitization of multimedia tags in music files, including m3u files. DetailsMultimedia metadata is rendered in the web-app without sanitization. This can be exploited in two ways:...

6.1CVSS6.2AI score0.00395EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2026/07/07 4:2 p.m.7 views

AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections

SummaryThe Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. ImpactIf a pure Python version of aiohttp is installed i.e. without the usual C extensions or AIOHTTPNOEXTENSIONS is enabled, then an attacker may be able to execute...

7.5CVSS6AI score0.00297EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/07/07 4:2 p.m.6 views

FastAPI Guard has a regex bypass

SummaryThe regular expression patched to mitigate the ReDoS vulnerability by limiting the length of string fails to catch inputs that exceed this limit. DetailsIn version 3.0.1, you can find a commit like the one in the link below, which was made to prevent...

8.8CVSS6AI score0.00734EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2026/07/07 4:2 p.m.7 views

Skops may allow MethodNode to access unexpected object fields through dot notation, leading to arbitrary code execution at load time

SummaryAn inconsistency in MethodNode can be exploited to access unexpected object fields through dot notation. This can be used to achieve arbitrary code execution at load time.While this issue may seem similar to https://github.com/skops-dev/skops/security/advisories/GHSA-m7f4-hrc6-fwg3, it is...

8.7CVSS6.6AI score0.00138EPSS
Exploits0References10Affected Software1
PyPA
PyPA
added 2026/07/07 4:2 p.m.7 views

Dagster Local File Inclusion vulnerability

Local File Inclusion in dagster.grpc.impl.getnotebookdata in Dagster 1.10.14 allows attackers with access to the gRPC server to read arbitrary files by supplying path traversal sequences in the notebookpath field of ExternalNotebookData requests, bypassing the intended extension-based check...

6.6CVSS6AI score0.00524EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added 2026/07/07 4:2 p.m.6 views

Calibre Web and Autocaliweb have OS Command Injection vulnerability

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Calibre Web, Autocaliweb allows Blind OS Command Injection. This issue affects Calibre Web: 0.6.24 Nicolette; Autocaliweb: from 0.7.0 before 0.7.1...

9.8CVSS5.9AI score0.02729EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2026/07/07 4:2 p.m.6 views

`pyLoad` has Path Traversal Vulnerability in `json/upload` Endpoint that allows Arbitrary File Write

SummaryAn authenticated path traversal vulnerability exists in the /json/upload endpoint of the pyLoad By manipulating the filename of an uploaded file, an attacker can traverse out of the intended upload directory, allowing them to write arbitrary files to any location on the system accessible t...

7.5CVSS6.2AI score0.00645EPSS
Exploits0References7Affected Software1
Total number of security vulnerabilities7038