Lucene search
K

7044 matches found

PyPA
PyPA
•added 2026/07/07 4:2 p.m.•8 views

AWS SAM CLI Path Traversal allows file copy to local cache

SummaryThe AWS Serverless Application Model Command Line Interface AWS SAM CLI is an open-source CLI tool that helps Lambda developers to build and develop Lambda applications locally on their computers using Docker.After completing a build with AWS SAM CLI which include symlinks, the content of...

6.9CVSS6.1AI score0.0062EPSS
Exploits0References8Affected Software1
PyPA
PyPA
•added 2026/07/07 4:2 p.m.•7 views

Whoogle allows attackers to execute arbitrary code via supplying a crafted search query

An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to execute arbitrary code via supplying a crafted search query...

9.3CVSS6.3AI score0.00502EPSS
Exploits1References7Affected Software1
PyPA
PyPA
•added 2026/07/07 4:2 p.m.•7 views

Mesop Class Pollution vulnerability leads to DoS and Jailbreak attacks

From @jackfromeast and @superboy-zjc:We have identified a class pollution vulnerability in Mesop = 0.14.0 application that allows attackers to overwrite global variables and class attributes in certain Mesop modules during runtime. This vulnerability could directly lead to a denial of service DoS...

8.1CVSS6AI score0.00629EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 2026/07/07 4:2 p.m.•7 views

Litestar and Starlite vulnerable to Path Traversal

SummaryLocal File Inclusion via Path Traversal in LiteStar Static File ServingA Local File Inclusion LFI vulnerability has been discovered in the static file serving component of LiteStar. This vulnerability allows attackers to exploit path traversal flaws, enabling unauthorized access to sensiti...

8.2CVSS6.1AI score0.00722EPSS
Exploits0References8Affected Software1
PyPA
PyPA
•added 2026/07/07 4:2 p.m.•11 views

HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering

ImpactThe vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature.A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user...

8.8CVSS6.1AI score0.00373EPSS
Exploits0References7Affected Software1
PyPA
PyPA
•added 2026/07/07 4:0 p.m.•10 views

Malicious code in instructor-mcp (PyPI)

Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08,malicious phantom releases of instructor-mcp were published to PyPI using stolencredentials. The package executes a bundled JavaScript payload via the Bunruntime on import that harvests and exfiltrates credentials and...

5.9AI score
Exploits0References3Affected Software1
PyPA
PyPA
•added 2026/07/07 3:36 p.m.•10 views

Malicious code in dreamgen (PyPI)

Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08,malicious phantom releases of dreamgen were published to PyPI using stolencredentials. The package executes a bundled JavaScript payload via the Bunruntime on import that harvests and exfiltrates credentials and...

5.9AI score
Exploits0References3Affected Software1
PyPA
PyPA
•added 2026/07/07 3:16 p.m.•5 views

PYSEC-2026-2092

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16.DomainNameValidator does not prohibit newlines in domain names unless used via a form field, since CharField strips newlines. If an application uses values with newlines in an HTTP response, header injection can occur. Djang...

6.1CVSS6.1AI score0.00217EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2026/07/07 3:16 p.m.•5 views

PYSEC-2026-2091

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16.django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed from a bytes object, which can disclose adjacent memory or cause service degradation via a potential segmentation fault when the vsibuffer...

6.3CVSS6.1AI score0.00291EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2026/07/07 3:16 p.m.•5 views

PYSEC-2026-2090

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16.UpdateCacheMiddleware and the cachepage decorator cache responses that vary on cookies when the incoming request carries unrelated cookies, which allows remote attackers to read private data from the shared cache.Earlier,...

5.3CVSS6.1AI score0.00375EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•7 views

Synapse vulnerable to federation denial of service via malformed events

ImpactA malicious server can craft events with a depth outside the integer range allowed by Canonical JSON. When such an event is received by Synapse version up to 1.127.0, it prevents it from federating with other servers. The vulnerability has been exploited in the wild. PatchesFixed in Synapse...

7.5CVSS5.8AI score0.01157EPSS
Exploits0References7Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•7 views

Frappe has possibility of SQL injection due to improper validations

ImpactSQL injection could be achieved via a specially crafted request, which could allow malicious person to gain access to sensitive information. WorkaroundsUpgrading is required, no other workaround is present...

8.7CVSS5.9AI score0.00339EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•7 views

Aim Excessive Data Query Operations in a Large Data Table vulnerability

In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of Text objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these...

7.5CVSS5.9AI score0.0059EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•7 views

Aim Uncontrolled Resource Consumption vulnerability

In version 3.25.0 of aimhubio/aim, the tracking server is vulnerable to a denial of service attack. The server overrides the maximum size for websocket messages, allowing very large images to be tracked. This causes the server to become unresponsive to other requests while processing the large...

7.5CVSS5.9AI score0.0059EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•16 views

Frappe has possibility of SQL injection due to improper validations

ImpactAn SQL Injection vulnerability has been identified in Frappe Framework which could allow a malicious actor to access sensitive information. WorkaroundsUpgrading is required, no other workaround is present. CreditsThanks to Thanh of Calif.io for reporting the issue...

8.7CVSS5.9AI score0.00424EPSS
Exploits0References7Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•7 views

LiteLLM Has a Leakage of Langfuse API Keys

In berriai/litellm version v1.52.1, an issue in proxyserver.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive information, including langfusesecret and langfusepublickey, which can provide full access to the Langfuse...

7.5CVSS6AI score0.00523EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•7 views

Frappe has Possibility of Remote Code Execution due to improper validation

ImpactA system user was able to create certain documents in a specific way that could lead to RCE. WorkaroundsThere's no workaround, an upgrade is required. CreditsThanks to Thanh of Calif.io for reporting the issue...

8.8CVSS6AI score0.00669EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•7 views

MLflow Uncontrolled Resource Consumption vulnerability

In mlflow/mlflow version 2.17.2, the /graphql endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given experiment. This can tie up all the workers allocated by MLFlow, rendering the application unable to...

7.5CVSS6.3AI score0.00517EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•7 views

LiteLLM Has an Improper Authorization Vulnerability

An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internaluserviewer' logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the applicatio...

8.1CVSS6AI score0.00315EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•7 views

MLflow Cross-Site Request Forgery (CSRF) vulnerability

A Cross-Site Request Forgery CSRF vulnerability exists in the Signup feature of mlflow/mlflow versions 2.17.0 to 2.20.1. This vulnerability allows an attacker to create a new account, which may be used to perform unauthorized actions on behalf of the malicious user...

7.1CVSS5.9AI score0.00202EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•7 views

Frappe vulnerable to information disclosure leading to account takeover

ImpactMaking crafted requests could lead to information disclosure that could further lead to account takeover. WorkaroundsThere's no workaround to fix this without upgrading. CreditsThanks to Thanh of Calif.io for reporting the issue...

9.3CVSS5.9AI score0.00398EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•7 views

SageMaker Workflow component allows possibility of MD5 hash collisions

A vulnerability in the SageMaker Workflow component of aws/sagemaker-python-sdk allows for the possibility of MD5 hash collisions in all versions. This can lead to workflows being inadvertently replaced due to the reuse of results from different configurations that produce the same MD5 hash. This...

5.9CVSS5.9AI score0.00245EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•6 views

Gradio DOS in multipart boundry while uploading the file

A vulnerability in the file upload process of gradio-app/gradio version @gradio/[email protected] allows for a Denial of Service DoS attack. An attacker can append a large number of characters to the end of a multipart boundary, causing the system to continuously process each character and issue...

7.5CVSS6AI score0.00744EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•7 views

composio allows Server-Side Request Forgery (SSRF) in BROWSERTOOL

A Server-Side Request Forgery SSRF vulnerability exists in composiohq/composio version v0.4.4. This vulnerability allows an attacker to read the contents of any file in the system by exploiting the BROWSERTOOLGOTOPAGE and BROWSERTOOLGETPAGEDETAILS actions...

7.5CVSS6.7AI score0.00679EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•9 views

BentoML Denial of Service (DoS) via Multipart Boundary

BentoML version v1.3.4post1 is vulnerable to a Denial of Service DoS attack. The vulnerability can be exploited by appending characters, such as dashes -, to the end of a multipart boundary in an HTTP request. This causes the server to continuously process each character, leading to excessive...

7.5CVSS5.9AI score0.00664EPSS
Exploits0References7Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•7 views

H2O Vulnerable to Arbitrary File Overwrite

In h2oai/h2o-3 version 3.46.0, the /99/Models/name/json endpoint allows for arbitrary file overwrite on the target server. The vulnerability arises from the exportModelDetails function in ModelsHandler.java, where the user-controllable mexport.dir parameter is used to specify the file path for...

8.2CVSS6.1AI score0.00514EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•9 views

LiteLLM Reveals Portion of API Key via a Logging File

In berriai/litellm before version 1.44.12, the litellm/litellmcoreutils/litellmlogging.py file contains a vulnerability where the API key masking code only masks the first 5 characters of the key. This results in the leakage of almost the entire API key in the logs, exposing a significant amount ...

7.5CVSS7.2AI score0.00708EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•7 views

LiteLLM Vulnerable to Denial of Service (DoS) via Crafted HTTP Request

A Denial of Service DoS vulnerability exists in berriai/litellm version v1.44.5. This vulnerability can be exploited by appending characters, such as dashes -, to the end of a multipart boundary in an HTTP request. The server continuously processes each character, leading to excessive resource...

7.5CVSS7.1AI score0.00792EPSS
Exploits1References7Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•8 views

Open WebUI lacks authentication for the `api/v1/utils/pdf` endpoint

In version v0.3.10 of open-webui/open-webui, the api/v1/utils/pdf endpoint lacks authentication mechanisms, allowing unauthenticated attackers to access the PDF generation service. This vulnerability can be exploited by sending a POST request with an excessively large payload, potentially leading...

8.2CVSS6AI score0.00597EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•7 views

MLflow has a Local File Read/Path Traversal in dbfs

A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, concatenating the URL directly into the file protocol results in an arbitrary file read vulnerability. This issue occurs because only the path part of the URL is checked, while...

7.5CVSS6AI score0.02484EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•7 views

Composio Eval Injection Vulnerability

In composiohq/composio version 0.4.3, the mathematicalcalculator endpoint uses the unsafe eval function to perform mathematical operations. This can lead to arbitrary code execution if untrusted input is passed to the eval function...

9.8CVSS6.5AI score0.01103EPSS
Exploits1References7Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•8 views

AgentScope stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability exists in modelscope/agentscope, as of the latest commit 21161fe on the main branch. The vulnerability occurs in the view for inspecting detailed run information, where a user-controllable string run ID is appended and rendered as HTML. This allows ...

6.1CVSS6.1AI score0.00389EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•8 views

Quivr unauthenticated Denial of Service (DoS) via Multipart Boundary

A Denial of Service DoS vulnerability in the file upload feature of stangirard/quivr v0.0.298 allows unauthenticated attackers to cause excessive resource consumption by appending characters to the end of a multipart boundary in an HTTP request. This leads to the server continuously processing ea...

7.5CVSS5.9AI score0.00701EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•7 views

composio Server-Side Request Forgery (SSRF) vulnerability

A Server-Side Request Forgery SSRF vulnerability exists in composiohq/composio version v0.4.2, specifically in the /api/actions/execute/WEBTOOLSCRAPEWEBSITECONTENT endpoint. This vulnerability allows an attacker to read files, access AWS metadata, and interact with local services on the system...

7.5CVSS6AI score0.00671EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•6 views

Open WebUI Has Improper Access Control Leading to Arbitrary Prompt Read

In version v0.3.8 of open-webui/open-webui, improper access control vulnerabilities allow an attacker to view any prompts. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the /api/v1/prompts/ interface to retrieve all prompt...

4.3CVSS6AI score0.00401EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•9 views

PyTorch Lightning denial of service vulnerability

A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the /api/v1/state endpoint of LightningApp. This issue occurs due to improper handling of unexpected state values, which results in the server...

7.5CVSS6AI score0.00588EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•7 views

H2O Vulnerable to Denial of Service (DoS) via `/3/ImportFiles` Endpoint

A vulnerability in the /3/ImportFiles endpoint of h2oai/h2o-3 version 3.46.1 allows an attacker to cause a denial of service. The endpoint takes a single GET parameter, path, which can be recursively set to reference itself. This leads the server to repeatedly call its own endpoint, eventually...

7.5CVSS7AI score0.00727EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•6 views

Aim Improper Access Control

In version 3.22.0 of aimhubio/aim, the AimQL query language uses an outdated version of the safergetattr function from RestrictedPython. This version does not protect against the str.formatmap method, allowing an attacker to leak server-side secrets or potentially gain unrestricted code execution...

8.1CVSS6.5AI score0.00702EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•7 views

H2O Vulnerable to Denial of Service (DoS) via `HEAD` Request

A vulnerability in the typeahead endpoint of h2oai/h2o-3 version 3.46.0 allows for a denial of service. The endpoint performs a HEAD request to verify the existence of a specified resource without setting a timeout. An attacker can exploit this by sending multiple requests to an attacker-controll...

7.5CVSS6AI score0.00446EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•8 views

Open WebUI allows Remote Code Execution via Arbitrary File Upload to /audio/api/v1/transcriptions

OpenWebUI version 0.3.0 contains a vulnerability in the audio API endpoint /audio/api/v1/transcriptions that allows for arbitrary file upload. The application performs insufficient validation on the file.contenttype and allows user-controlled filenames, leading to a path traversal vulnerability...

8.1CVSS6.7AI score0.00881EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•13 views

Open WebUI stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability exists in open-webui/open-webui version 0.3.8. The vulnerability is present in the /api/v1/models/add endpoint, where the model description field is improperly sanitized before being rendered in chat. This allows an attacker to inject malicious...

8.4CVSS6AI score0.00897EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•7 views

Gradio Vulnerable to Open Redirect

An open redirect vulnerability exists in the latest version of gradio-app/gradio. The vulnerability allows an attacker to redirect users to a malicious website by URL encoding. This can be exploited by sending a crafted request to the application, which results in a 302 redirect to an...

6.1CVSS5.9AI score0.00723EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•7 views

Aim allows denial of service due to no timeouts for some tracking server endpoints

In version 3.23.0 of aimhubio/aim, certain methods that request data from external servers do not have set timeouts, causing the server to wait indefinitely for a response. This can lead to a denial of service, as the tracking server does not respond to other requests while waiting. The issue...

7.5CVSS6AI score0.00446EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•16 views

Open WebUI denial of service through endpoint for converting markdown

In version 0.3.8 of open-webui, an endpoint for converting markdown to HTML is exposed without authentication. A maliciously crafted markdown payload can cause the server to spend excessive time converting it, leading to a denial of service. The server becomes unresponsive to other requests until...

7.5CVSS7.1AI score0.00811EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•7 views

Prefect CORS (Cross-Origin Resource Sharing) misconfiguration

A CORS Cross-Origin Resource Sharing misconfiguration in prefecthq/prefect prior to version 3.0.3 allows unauthorized domains to access sensitive data. This vulnerability can lead to unauthorized access to the database, resulting in potential data leaks, loss of confidentiality, service disruptio...

7.6CVSS7.1AI score0.00168EPSS
Exploits0References9Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•7 views

Open WebUI has SSRF in /openai/models

The /openai/models endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery SSRF. An attacker can change the OpenAI URL to any URL without checks, causing the endpoint to send a request to the specified URL and return the output. This vulnerability allows the...

7.7CVSS6.1AI score0.24461EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•5 views

Open WebUI Vulnerable to Cross-Site Request Forgery (CSRF)

In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. This vulnerability allows an attacker to perform Cross-Site Request Forgery CSRF attacks, where an unaware user can unintentionally perform sensitive actions by simply...

6.9CVSS5.8AI score0.00234EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•6 views

Open WebUI Cross-Site Request Forgery (CSRF) Vulnerability

A vulnerability in open-webui/open-webui versions = 0.3.8 allows remote code execution by non-admin users via Cross-Site Request Forgery CSRF. The application uses cookies with the SameSite attribute set to lax for authentication and lacks CSRF tokens. This allows an attacker to craft a malicious...

8.8CVSS6.8AI score0.00444EPSS
Exploits2References8Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•8 views

Gunicorn HTTP Request/Response Smuggling vulnerability

Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data...

7.5CVSS5.9AI score0.00738EPSS
Exploits0References9Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•7 views

H2O Vulnerable to Denial of Service (DoS) via Large GZIP Parsing

In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploading and repeatedly parsing a large GZIP file can cause a denial of service. The server becomes unresponsive due to memory exhaustion and a large number of concurrent slow-running jobs. This issue arises from the improper handling...

7.5CVSS6AI score0.00719EPSS
Exploits1References6Affected Software1
Total number of security vulnerabilities7044