7038 matches found
xml2rfc has an arbitrary file read vulnerability
ImpactWhen generating PDF files, this vulnerability allows an attacker to read arbitrary files from the filesystem by injecting malicious link element into the XML. WorkaroundsTest untrusted input with link elements with rel="attachment" before processing. CreditsThis vulnerability was reported b...
Picklescan is missing detection when calling built-in python ensurepip._run_pip
SummaryUsing ensurepip.runpip function, which is a built-in python library function to execute remote pickle file. DetailsThe attack payload executes in the following steps:First, the attacker craft the payload by calling to ensurepip.runpip function in reduce methodThen when the victim after...
Picklescan has a missing detection when calling built-in python idlelib.debugobj.ObjectTreeItem
SummaryUsing idlelib.debugobj.ObjectTreeItem.SetText, which is a built-in python library function to execute remote pickle file. DetailsThe attack payload executes in the following steps:First, the attacker craft the payload by calling to idlelib.debugobj.ObjectTreeItem.SetText function in reduce...
LlamaIndex affected by a Denial of Service (DOS) in JSONReader
A denial of service vulnerability exists in the JSONReader component of the run-llama/llamaindex repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting its maximum recursion depth...
Eventlet affected by HTTP request smuggling in unparsed trailers
ImpactThe Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections.This vulnerability could enable attackers to:- Bypass front-end security controls- Launch targeted attacks against active site users- Poison web caches PatchesProblem has been...
Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.get_entity
SummaryUsing idlelib.autocomplete.AutoComplete.getentity, which is a built-in python library function to execute remote pickle file. DetailsThe attack payload executes in the following steps:First, the attacker craft the payload by calling to idlelib.autocomplete.AutoComplete.getentity function i...
ESP-IDF web_server basic auth bypass using empty or incomplete Authorization header
SummaryOn the ESP-IDF platform, ESPHome's webserver authentication check can pass incorrectly when the client-supplied base64-encoded Authorization value is empty or is a substring of the correct value e.g., correct username with partial password. This allows access to webserver functionality...
Exiv2 has quadratic performance in ICC profile parsing in JpegBase::readMetadata
ImpactA denial-of-service was found in Exiv2 version v0.28.5: a quadratic algorithm in the ICC profile parsing code in jpegBase::readMetadata can cause Exiv2 to run for a long time. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image...
MobSF Vulnerable to Arbitrary File Write (AR-Slip) via Absolute Path in .a Extraction
SummaryThe vulnerability allows any user to overwrite any files available under the account privileges of the running process. DetailsAs part of static analysis, iOS MobSF supports loading and parsing statically linked libraries .a. When parsing such archives, the code extracts the embedded objec...
XGrammar affected by Denial of Service by infinite recursion grammars
SummaryThis issue: http://github.com/mlc-ai/xgrammar/issues/250 should have it's own security advisory. Since several tools accept and pass user supplied grammars to xgrammar, and it is so easy to trigger it seems like a High...
Apache Superset has bypass of `DISALLOWED_SQL_FUNCTIONS` that allows execution of blocked SQL functions
A bypass of the DISALLOWEDSQLFUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. An attacker can use a special inline block to circumvent the denylist. This allows a user with SQL Lab access to execute functions that were intended to be disabled, leadi...
Apache Superset allows authenticated users to discover metadata about datasources they don't have permission to access
Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the datasourceid in the URL, an attacker can...
Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs
Dear Maintainers,I am writing to you on behalf of the Tencent AI Sec. We have identified a potential vulnerability in one of your products and would like to report it to you for further investigation and mitigation. SummaryThe jk parameter is received in pyLoad CNL Blueprint. Due to the lack of j...
h2 allows HTTP Request Smuggling due to illegal characters in headers
SummaryHTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to manipulate request...
Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation (Post-RCE)
This vulnerability was discovered by researchers at Check Point. We are sharing this report as part of a responsible disclosure process and are happy to assist in validation and remediation if needed. SummaryA privilege escalation vulnerability exists in Langflow containers where an authenticated...
Apache Superset's chart visualization has a stored Cross-Site Scripting (XSS) vulnerability
A stored Cross-Site Scripting XSS vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they...
vLLM has remote code execution vulnerability in the tool call parser for Qwen3-Coder
SummaryAn unsafe deserialization vulnerability allows any authenticated user to execute arbitrary code on the server if they are able to get the model to pass the code as an argument to a tool call. Details vLLM's Qwen3 Coder tool parser contains a code execution path that uses Python's eval...
Apache Superset data query improperly discloses database schema information to low-privileged guest user
When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user.This...
vllm API endpoints vulnerable to Denial of Service Attacks
SummaryA Denial of Service DoS vulnerability can be triggered by sending a single HTTP GET request with an extremely large header to an HTTP endpoint. This results in server memory exhaustion, potentially leading to a crash or unresponsiveness. The attack does not require authentication, making i...
Copier's safe template has filesystem write access outside destination path
ImpactCopier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it turns out, a safe template can currently write files outside the destination path...
OMERO.web displays unecessary user information when requesting password reset
BackgroundIf an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. ImpactOMERO.web before 5.29.1 PatchesUser should upgrade to 5.29.2 or higher WorkaroundsDisable the...
PyPDF's Manipulated FlateDecode streams can exhaust RAM
ImpactAn attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used on a malicious cross-reference stream. Other content streams are affected on explicit access. PatchesThis has been...
Copier's safe template has arbitrary filesystem read/write access
ImpactCopier's current security model shall restrict filesystem access through Jinja:- Files can only be read using % include ... %, which is limited by Jinja to reading files from the subtree of the local template clone in our case.- Files are written in the destination directory according to...
MaterialX Stack Overflow via Lack of MTLX XML Parsing Recursion Limit
SummaryWhen parsing an MTLX file with multiple nested nodegraph implementations, the MaterialX XML parsing logic can potentially crash due to stack exhaustion. DetailsBy specification, multiple kinds of elements in MTLX support nesting other elements, such as in the case of nodegraph elements...
Hugging Face Transformers Regular Expression Denial of Service (ReDoS) vulnerability
A Regular Expression Denial of Service ReDoS vulnerability exists in the Hugging Face Transformers library, specifically in the converttfweightnametoptweightname function. This function, responsible for converting TensorFlow weight names to PyTorch format, uses a regex pattern /^/^// that can be...
TinyScientist has Path Traversal Vulnerability in PDF Review Function (CWE-22)
DescriptionA critical path traversal vulnerability CWE-22 has been identified in the reviewpaper function in backend/app.py. The vulnerability allows malicious users to access arbitrary PDF files on the server by providing crafted file paths that bypass the intended security restrictions...
copyparty allows Regex Denial of Service (ReDoS) in the upload listing
SummaryThe filter parameter for the "Recent uploads" page allows arbitrary Regexes. If this feature is enabled which is the default, an attacker can craft a filter which deadlocks the server. PoChttps://127.0.0.1:3923/?ru=.++x ImpactThe server becomes fully inaccessible for a long time...
PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter
SummaryThe parameter addlinks in the API /json/addpackage is vulnerable to SQL Injection. SQL injection vulnerabilities can lead to sensitive data leakage. Details- Affected file:https://github.com/pyload/pyload/blob/develop/src/pyload/core/database/filedatabase.pyL271- Affected...
ExecuTorch integer overflow vulnerability leads to code execution
An integer overflow vulnerability in the loading of ExecuTorch models can cause smaller-than-expected memory regions to be allocated, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 8f062d3f661e20bb19b24b767b9a9a46e8359f2b...
MaterialX Lack of MTLX Import Depth Limit Leads to DoS (Denial-Of-Service) Via Stack Exhaustion
SummaryNested imports of MaterialX files can lead to a crash via stack memory exhaustion, due to the lack of a limit on the "import chain" depth. DetailsThe MaterialX specification supports importing other files by using XInclude tags.When parsing file imports, recursion is used to process nested...
Picklescan has pickle parsing logic flaw that leads to malicious pickle file bypass
DetailsThere's a parsing logic error in picklescan and modelscan while trying to deal with opcode STACKGLOBAL.Function listglobals when handling STACKGLOBAL at position n, it is expected to track two arguments but in wrong range. The loop only consider the range from 1 to n-1 but forgets to...
uv allows ZIP payload obfuscation through parsing differentials
ImpactIn versions 0.8.5 and earlier of uv, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. This enabled two parser differentials against other Python package installers:1. An attacker could contrive a ZIP...
SKOPS Card.get_model happily allows arbitrary code execution
SummaryThe Card class of skops, used for model documentation and sharing, allows arbitrary code execution. When a file other than .zip is provided to the Card class during instantiation, the internally invoked Card.getmodel method silently falls back to joblib without warning. Unlike the .skops...
OpenEXR Out of Bounds Heap Read due to Bad Pointer Arithmetic in LossyDctDecoder_execute
SummaryThe OpenEXRCore code is vulnerable to a heap-based buffer overflow during a read operation due to bad pointer math when decompressing DWAA-packed scan-line EXR files with a maliciously forged chunk. DetailsIn the LossyDctDecoderexecute function from src/lib/OpenEXRCore/internaldwadecoder.h...
MaterialX Null Pointer Dereference in getShaderNodes due to Unchecked nodeGraph->getOutput return
SummaryWhen parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which can lead to crashes with maliciously crafted files. DetailsIn src/MaterialXCore/Material.cpp, in function getShaderNodes, the following code fetches the output nodes for a given...
OpenEXR Heap-Based Buffer Overflow in Deep Scanline Parsing via Forged Unpacked Size
SummaryThe OpenEXRCore code is vulnerable to a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep scan-line EXR files with a maliciously forged chunk header. DetailsWhen parsing STORAGEDEEPSCANLINE chunks from an EXR file, the following code from...
Bugsink path traversal via event_id in ingestion
SummaryIn affected versions, ingestion paths construct file locations directly from untrusted eventid input without validation. A specially crafted eventid can result in paths outside the intended directory, potentially allowing file overwrite or creation in arbitrary locations.Submitting such...
OpenEXR ScanLineProcess::run_fill NULL Pointer Write In "reduceMemory" Mode
SummaryWhen reading a deep scanline image with a large sample count in reduceMemory mode, it is possible to crash a target application with a NULL pointer dereference in a write operation. DetailsIn the ScanLineProcess::runfillfunction, implemented in src/lib/OpenEXR/ImfDeepScanLineInputFile.cpp,...
MS SWIFT Remote Code Execution via unsafe PyYAML deserialization
DescriptionA Remote Code Execution RCE vulnerability exists in the modelscope/ms-swift project due to unsafe use of yaml.load in combination with vulnerable versions of the PyYAML library ≤ 5.3.1. The issue resides in the tests/run.py script, where a user-supplied YAML configuration file is...
MaterialX Null Pointer Dereference in MaterialXCore Shader Generation due to Unchecked implGraphOutput
SummaryWhen parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which can lead to crashes with maliciously crafted files. DetailsIn source/MaterialXCore/Material.cpp, the following code extracts the output nodes for a given implementation graph:cpp...
copyparty Reflected XSS via Filter Parameter
SummaryUnauthorized reflected Cross-Site-Scripting when accessing the URL for recent uploads with the filter parameter containing JavaScript code. DetailsWhen accessing the recent uploads page at /?ru, users can filter the results using an input field at the top. This field appends a filter...
MS SWIFT WEB-UI RCE Vulnerability
I. Detailed Description: This includes scenarios, screenshots, vulnerability reproduction methods. For account-related vulnerabilities, please provide test accounts. If the reproduction process is complex, you may record a video, upload it to Taopan, and attach the link.1. Install ms-swift pip...
OpenEXR Out-Of-Memory via Unbounded File Header Values
SummaryThe OpenEXR file format defines many information about the final image inside of the file header, such as the size of data/display window.The application trusts the value of dataWindow size provided in the header of the input file, and performs computations based on this value.This may...
copyparty has DOM-Based XSS vulnerability when displaying multimedia metadata
SummaryAn unauthenticated attacker is able to execute arbitrary JavaScript code in a victim's browser due to improper sanitization of multimedia tags in music files, including m3u files. DetailsMultimedia metadata is rendered in the web-app without sanitization. This can be exploited in two ways:...
AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections
SummaryThe Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. ImpactIf a pure Python version of aiohttp is installed i.e. without the usual C extensions or AIOHTTPNOEXTENSIONS is enabled, then an attacker may be able to execute...
FastAPI Guard has a regex bypass
SummaryThe regular expression patched to mitigate the ReDoS vulnerability by limiting the length of string fails to catch inputs that exceed this limit. DetailsIn version 3.0.1, you can find a commit like the one in the link below, which was made to prevent...
Skops may allow MethodNode to access unexpected object fields through dot notation, leading to arbitrary code execution at load time
SummaryAn inconsistency in MethodNode can be exploited to access unexpected object fields through dot notation. This can be used to achieve arbitrary code execution at load time.While this issue may seem similar to https://github.com/skops-dev/skops/security/advisories/GHSA-m7f4-hrc6-fwg3, it is...
Dagster Local File Inclusion vulnerability
Local File Inclusion in dagster.grpc.impl.getnotebookdata in Dagster 1.10.14 allows attackers with access to the gRPC server to read arbitrary files by supplying path traversal sequences in the notebookpath field of ExternalNotebookData requests, bypassing the intended extension-based check...
Calibre Web and Autocaliweb have OS Command Injection vulnerability
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Calibre Web, Autocaliweb allows Blind OS Command Injection. This issue affects Calibre Web: 0.6.24 Nicolette; Autocaliweb: from 0.7.0 before 0.7.1...
`pyLoad` has Path Traversal Vulnerability in `json/upload` Endpoint that allows Arbitrary File Write
SummaryAn authenticated path traversal vulnerability exists in the /json/upload endpoint of the pyLoad By manipulating the filename of an uploaded file, an attacker can traverse out of the intended upload directory, allowing them to write arbitrary files to any location on the system accessible t...