Lucene search
K

7044 matches found

PyPA
PyPA
•added 2026/07/07 2:34 p.m.•7 views

Aim Path Traversal vulnerability

In version 3.22.0 of aimhubio/aim, the LocalFileManager.cleanup function in the aim tracking server accepts a user-specified glob-pattern for deleting files. The function does not verify that the matched files are within the directory managed by LocalFileManager, allowing a maliciously crafted...

7.5CVSS6.1AI score0.00953EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•5 views

Aim vulnerable to Cross-Site Request Forgery

aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery CSRF vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enables CSRF attacks on all endpoints of the tracking server, which can b...

9.6CVSS6.3AI score0.00474EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•7 views

Open WebUI Allows Arbitrary File Write via the `download_model` Endpoint

In version 0.3.8 of open-webui/open-webui, an arbitrary file write vulnerability exists in the downloadmodel endpoint. When deployed on Windows, the application improperly handles file paths, allowing an attacker to manipulate the file path to write files to arbitrary locations on the server's...

7.2CVSS6.8AI score0.01125EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•8 views

Open WebUI Vulnerable to a Session Fixation Attack

A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. The session cookie for all users is set with the default SameSite=Lax and does not have the Secure flag enabled, allowing the session cookie to be sent over HT...

9CVSS7.7AI score0.00659EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•6 views

Open WebUI Allows Viewing of Admin Details

An improper access control vulnerability in open-webui/open-webui v0.3.8 allows an attacker to view admin details. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the /api/v1/auths/admin/details interface to retrieve the first admin...

4.3CVSS6AI score0.00401EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•5 views

Open WebUI Allows Arbitrary File Write via the `/models/upload` Endpoint

In open-webui version 0.3.8, the endpoint /models/upload is vulnerable to arbitrary file write due to improper handling of user-supplied filenames. The vulnerability arises from the usage of filepath = f"UPLOADDIR/file.filename" without proper input validation or sanitization. An attacker can...

7.2CVSS6.8AI score0.02458EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•5 views

H2O Vulnerable to Execution of Arbitrary Files

In h2oai/h2o-3 version 3.46.0, an endpoint exposing a custom EncryptionTool allows an attacker to encrypt any files on the target server with a key of their choosing. The chosen key can also be overwritten, resulting in ransomware-like behavior. This vulnerability makes it possible for an attacke...

6.5CVSS6.1AI score0.0033EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•6 views

Flask-CORS vulnerable to Improper Handling of Case Sensitivity

corydolphin/flask-cors version 5.0.1 contains a vulnerability where the request path matching is case-insensitive due to the use of the trymatch function, which is originally intended for matching hosts. This results in a mismatch because paths in URLs are case-sensitive, but the regex matching...

7.5CVSS5.9AI score0.00642EPSS
Exploits1References8Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•7 views

Open WebUI Allows Admin Deletion via API Endpoint

In open-webui/open-webui version v0.3.8, there is an improper privilege management vulnerability. The application allows an attacker, acting as an admin, to delete other administrators via the API endpoint http://0.0.0.0:8080/api/v1/users/uuidadministrator. This action is restricted by the user...

8.3CVSS5.9AI score0.00647EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•5 views

LiteLLM Vulnerable to Remote Code Execution (RCE)

BerriAI/litellm version 1.40.12 contains a vulnerability that allows remote code execution. The issue exists in the handling of the 'postcallrules' configuration, where a callback function can be added. The provided value is split at the final '.' mark, with the last part considered the function...

8.8CVSS6.5AI score0.01463EPSS
Exploits1References7Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•8 views

Open WebUI Allows Arbitrary File Reading and Deletion

An improper access control vulnerability in open-webui/open-webui v0.3.8 allows attackers to view and delete any files. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the GET /api/v1/files/ interface to retrieve information on all...

8.8CVSS6AI score0.00563EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•5 views

MLflow Uncontrolled Resource Consumption vulnerability

In mlflow/mlflow version v2.13.2, a vulnerability exists that allows the creation or renaming of an experiment with a large number of integers in its name due to the lack of a limit on the experiment name. This can cause the MLflow UI panel to become unresponsive, leading to a potential denial of...

5.3CVSS6AI score0.00615EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•6 views

Open WebUI Vulnerable to Cross-Site Scripting (XSS) via Chat File Upload

A Stored Cross-Site Scripting XSS vulnerability exists in the chat file upload functionality of open-webui/open-webui version 0.3.8. An attacker can inject malicious content into a file, which, when accessed by a victim through a URL or shared chat, executes JavaScript in the victim's browser. Th...

8.9CVSS6AI score0.00477EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•7 views

Flask-CORS improper regex path matching vulnerability

corydolphin/flask-cors version 5.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching paths, which can lead to less restrictive CORS policies being applied to sensitive endpoints. This mismatch in regex...

5.3CVSS6AI score0.00652EPSS
Exploits1References8Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•6 views

Flask-CORS allows for inconsistent CORS matching

A vulnerability in corydolphin/flask-cors version 5.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. The request.path is passed through the unquoteplus function, which converts the '+' character to a space ' '. This behavior leads to incorrect path...

5.3CVSS6.1AI score0.00281EPSS
Exploits1References8Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•6 views

H2O Vulnerable to Arbitrary File Overwrite via File Export

In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models does not restrict the export location, allowing an attacker to export a model to any file in the server's file structure, thereby overwriting it. This vulnerability can be exploited to overwrite any file on the target server with a...

7.1CVSS6AI score0.00693EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•7 views

Open WebUI Uncontrolled Resource Consumption vulnerability

A vulnerability in open-webui/open-webui v0.3.8 allows an unauthenticated attacker to sign up with excessively large text in the 'name' field, causing the Admin panel to become unresponsive. This prevents administrators from performing essential user management actions such as deleting, editing, ...

7.5CVSS5.9AI score0.00799EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•7 views

LoLLMS Code Injection vulnerability

A remote code execution vulnerability exists in the Calculate function of parisneo/lollms version 9.8. The vulnerability arises from the use of Python's eval function to evaluate mathematical expressions within a Python sandbox that disables builtins and only allows functions from the math module...

8.4CVSS6.8AI score0.00435EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•8 views

TorchServe script references S3 bucket without ensuring ownership or confirming accessibility

In the latest version of pytorch/serve, the script 'uploadresultstos3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not...

6.3CVSS5.9AI score0.00362EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•6 views

Aim Relative Path Traversal vulnerability

A vulnerability in the runs/delete-batch endpoint of aimhubio/aim version 3.19.3 allows for arbitrary file or directory deletion through path traversal. The endpoint does not mitigate path traversal when handling user-specified run-names, which are used to specify log/metadata files for deletion...

5.3CVSS6.1AI score0.00814EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•6 views

imaginAIry Denial of Service (DoS) vulnerability

A Denial of Service DoS vulnerability exists in the brycedrennan/imaginairy repository, version 15.0.0. The vulnerability is present in the /api/stablestudio/generate endpoint, which can be exploited by sending an invalid request. This causes the server process to terminate abruptly, outputting...

7.5CVSS5.9AI score0.00664EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•7 views

Aim vulnerable to Synchronous Access of Remote Resource without Timeout

A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service through the misuse of the sshfs-client. The tracking server, which is single-threaded, can be made unresponsive by requesting it to connect to an unresponsive socket via sshfs. The lack of an additional timeout setting ...

5.9CVSS5.9AI score0.00442EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•6 views

LlamaIndex Improper Handling of Exceptional Conditions vulnerability

A vulnerability in the LangChainLLM class of the run-llama/llamaindex repository, version v0.12.5, allows for a Denial of Service DoS attack. The streamcomplete method executes the llm using a thread and retrieves the result via the getresponsegen method of the StreamingGeneratorCallbackHandler...

7.5CVSS5.9AI score0.00761EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•8 views

Open WebUI Uncontrolled Resource Consumption vulnerability

In version v0.3.32 of open-webui/open-webui, the application allows users to submit large payloads in the email and password fields during the sign-in process due to the lack of character length validation on these inputs. This vulnerability can lead to a Denial of Service DoS condition when a us...

7.5CVSS7.1AI score0.00811EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•8 views

FastChat Server-Side Request Forgery vulnerability

A Server-Side Request Forgery SSRF vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. This vulnerability allows an attacker to access internal server resources and data that are otherwise inaccessible, such as AWS metadata credentials...

7.5CVSS6AI score0.00703EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•6 views

Kedro allows Remote Code Execution by Pulling Micro Packages

In kedro-org/kedro version 0.19.8, the pullpackage API function allows users to download and extract micro packages from the Internet. However, the function projectwheelmetadata within the code path can execute the setup.py file inside the tar file, leading to remote code execution RCE by running...

8.8CVSS6.8AI score0.00986EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•8 views

Open WebUI Uncontrolled Resource Consumption vulnerability

In version 0.3.32 of open-webui/open-webui, the absence of authentication mechanisms allows any unauthenticated attacker to access the api/v1/utils/code/format endpoint. If a malicious actor sends a POST request with an excessively high volume of content, the server could become completely...

7.5CVSS7.1AI score0.00879EPSS
Exploits2References6Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•6 views

Transformers Regular Expression Denial of Service (ReDoS) vulnerability

A Regular Expression Denial of Service ReDoS vulnerability was identified in the huggingface/transformers library, specifically in the file tokenizationnougatfast.py. The vulnerability occurs in the postprocesssingle function, where a regular expression processes specially crafted input. The issu...

7.5CVSS5.9AI score0.00684EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•6 views

Aim Uncontrolled Resource Consumption vulnerability

A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service DoS attack. The issue arises when a large number of tracked metrics are retrieved simultaneously from the Aim web API, causing the web server to become unresponsive. The root cause is the lack of a limit on the number o...

7.5CVSS6AI score0.00727EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•7 views

LlamaIndex vulnerable to Creation of Temporary File in Directory with Insecure Permissions

A vulnerability in the defaultjsonalyzer function of the JSONalyzeQueryEngine in the run-llama/llamaindex repository allows for SQL injection via prompt injection. This can lead to arbitrary file creation and Denial-of-Service DoS attacks. The vulnerability affects the latest version and is fixed...

7.1CVSS6.1AI score0.00478EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•7 views

Feast Cross-Origin Resource Sharing vulnerability

A Cross-Origin Resource Sharing CORS vulnerability exists in feast-dev/feast version 0.40.0. The CORS configuration on the agentscope server does not properly restrict access to only trusted origins, allowing any external domain to make requests to the API. This can bypass intended security...

7.4CVSS6AI score0.00283EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•7 views

InvokeAI Uncontrolled Resource Consumption vulnerability

A Denial of Service DoS vulnerability was discovered in the /api/v1/boards/boardid endpoint of invoke-ai/invokeai version v5.0.2. This vulnerability occurs when an excessively large payload is sent in the boardname field during a PATCH request. By sending a large payload, the UI becomes...

7.5CVSS6AI score0.00664EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•6 views

langchain-core allows unauthorized users to read arbitrary files from the host file system

A vulnerability in langchain-core versions =0.1.17,=0.2.0,=0.3.0,0.3.15 allows unauthorized users to read arbitrary files from the host file system. The issue arises from the ability to create langchaincore.prompts.ImagePromptTemplate's and by extension langchaincore.prompts.ChatPromptTemplate's...

5.3CVSS6.3AI score0.00366EPSS
Exploits0References8Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•6 views

FastChat open redirect vulnerability

An open redirect vulnerability in lm-sys/fastchat Release v0.2.36 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, and credential theft...

6.1CVSS6.6AI score0.0077EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•6 views

Gradio Path Traversal vulnerability

A vulnerability in the gradio-app/gradio repository, version git 67e4044, allows for path traversal on Windows OS. The implementation of the blockedpath functionality, which is intended to disallow users from reading certain files, is flawed. Specifically, while the application correctly blocks...

5.3CVSS6AI score0.0064EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•7 views

FastChat Uncontrolled Resource Consumption vulnerability

In lm-sys/fastchat Release v0.2.36, the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw can be exploited by sending malformed multipart requests with arbitrary characters at the end of the boundary. Each extra character is processed in an infinit...

7.5CVSS6AI score0.00642EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•6 views

FastChat Server-Side Request Forgery vulnerability

A Server-Side Request Forgery SSRF vulnerability exists in lm-sys/fastchat version 0.2.36. The vulnerability is present in the /queue/join? endpoint, where insufficient validation of the path parameter allows an attacker to send crafted requests. This can lead to unauthorized access to internal...

7.5CVSS7.1AI score0.00646EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•8 views

InvokeAI has Denial of Service (DoS) vulnerability in `/api/v1/images/upload`

A Denial of Service DoS vulnerability in the multipart request boundary processing mechanism of the Invoke-AI server version v5.0.1 allows unauthenticated attackers to cause excessive resource consumption. The server fails to handle excessive characters appended to the end of multipart boundaries...

7.5CVSS6AI score0.00593EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•7 views

FastChat Denial of Service vulnerability

A Denial of Service DoS vulnerability exists in the file upload feature of lm-sys/fastchat version 0.2.36. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this by sending a payload with an excessively large...

7.5CVSS6AI score0.00588EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•16 views

DB-GPT vulnerable to Cross-Site Request Forgery

In version 0.6.0 of eosphoros-ai/db-gpt, the uvicorn app created by dbgptserver uses an overly permissive instance of CORSMiddleware which sets the Access-Control-Allow-Origin to for all requests. This configuration makes all endpoints exposed by the server vulnerable to Cross-Site Request Forger...

8.1CVSS6AI score0.00228EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•9 views

GluonCV Arbitrary File Write via TarSlip

A vulnerability in the ImageClassificationDataset.fromcsv API of the dmlc/gluon-cv repository, version 0.10.0, allows for arbitrary file write. The function downloads and extracts tar.gz files from URLs without proper sanitization, making it susceptible to a TarSlip vulnerability. Attackers can...

7.1CVSS6.1AI score0.00293EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•6 views

H2O Vulnerable to Denial of Service (DoS) via `/3/ParseSetup` Endpoint

A vulnerability in the /3/ParseSetup endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service DoS attack. The endpoint applies a user-specified regular expression to a user-controllable string. This can be exploited by an attacker to cause inefficient regular expression complexity,...

7.5CVSS5.9AI score0.00588EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•6 views

HyperLPR Denial of Service vulnerability

A vulnerability in szad670401/hyperlpr v3.0 allows for a Denial of Service DoS attack. The server fails to handle excessive characters appended to the end of multipart boundaries, regardless of the character used. This flaw can be exploited by sending malformed multipart requests with arbitrary...

7.5CVSS6AI score0.00489EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•5 views

DB-GPT Uncontrolled Resource Consumption vulnerability

A Denial of Service DoS vulnerability in the multipart request boundary processing mechanism of eosphoros-ai/db-gpt v0.6.0 allows unauthenticated attackers to cause excessive resource consumption. The server fails to handle excessive characters appended to the end of multipart boundaries, leading...

7.5CVSS7.1AI score0.0067EPSS
Exploits2References5Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•6 views

Gradio Vulnerable to Denial of Service (DoS) via Crafted HTTP Request

A Regular Expression Denial of Service ReDoS vulnerability exists in the gradio-app/gradio repository, affecting the gr.Datetime component. The affected version is git commit 98cbcae. The vulnerability arises from the use of a regular expression ^?:\snow\s?:-\s\d+\sdmhs??\s$ to process user input...

7.5CVSS6AI score0.01015EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•7 views

H2O Vulnerable to Denial of Service (DoS) and File Write

In h2oai/h2o-3 version 3.46.0.1, the runtool command exposes classes in the water.tools package through the ast parser. This includes the XGBoostLibExtractTool class, which can be exploited to shut down the server and write large files to arbitrary directories, leading to a denial of service...

7.5CVSS6AI score0.00636EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•6 views

DB-GPT Path Traversal vulnerability

A Path Traversal vulnerability exists in the eosphoros-ai/db-gpt version 0.6.0 at the API endpoint /v1/resource/file/delete. This vulnerability allows an attacker to delete any file on the server by manipulating the filekey parameter. The filekey parameter is not properly sanitized, enabling an...

8.2CVSS6.1AI score0.0067EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•6 views

H2O Vulnerable to Denial of Service (DoS) via `/3/Parse` Endpoint

A vulnerability in the /3/Parse endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service DoS attack. The endpoint uses a user-specified string to construct a regular expression, which is then applied to another user-specified string. By sending multiple simultaneous requests, an...

7.5CVSS5.9AI score0.00588EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•5 views

Gradio Vulnerable to Denial of Service (DoS) via Crafted Zip Bomb

A vulnerability in the dataframe component of gradio-app/gradio version git 98cbcae allows for a zip bomb attack. The component uses pd.readcsv to process input values, which can accept compressed files. An attacker can exploit this by uploading a maliciously crafted zip bomb, leading to a server...

7.5CVSS6AI score0.0061EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2026/07/07 2:34 p.m.•5 views

LiteLLM Vulnerable to Denial of Service (DoS)

A vulnerability in BerriAI/litellm, as of commit 26c03c9, allows unauthenticated users to cause a Denial of Service DoS by exploiting the use of ast.literaleval to parse user input. This function is not safe and is prone to DoS attacks, which can crash the litellm Python server...

7.5CVSS5.9AI score0.00526EPSS
Exploits0References6Affected Software1
Total number of security vulnerabilities7044