Lucene search
K

7035 matches found

PyPA
PyPA
added yesterday4 views

Apache Airflow: Authenticated users can bypass the `is_safe_url` check

A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the issafeurl check, enabling redirection from a trusted Airflow domain to an attacker-controlled origin. Users are advised to upgrade to apache-airflow 3.2.2 or later. As a defense-in-dept...

7.2CVSS6.1AI score0.00649EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added yesterday5 views

praisonai-platform: Missing authorization on member removal enables full workspace takeover by any user regardless of role

SummaryType: Authorization bypass enabling owner lockout. The DELETE /workspaces/workspaceid/members/userid endpoint is gated only by requireworkspacememberworkspaceid default minrole="member". Any member can remove any other member, including the workspace owner, using a single DELETE. There is ...

8.1CVSS6.1AI score0.00041EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday4 views

PraisonAI Platform workspace-scoped routes allow cross-workspace object access by global object ID

SummaryPraisonAI Platform's workspace-scoped REST routes contain a systemic object-level authorization flaw that allows an authenticated user from one workspace to access, modify, and delete objects belonging to another workspace by supplying the victim object's global UUID.The affected pattern...

8.8CVSS6AI score0.00044EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday3 views

Aider has an SSRF vulnerability through its AWS EC2 Metadata Endpoint

A security vulnerability has been detected in Aider-AI Aider 0.86.3.dev. This affects the function requests.get of the file apidocs.py of the component AWS EC2 Metadata Endpoint. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit...

6.5CVSS6.1AI score0.00209EPSS
Exploits0References10Affected Software1
PyPA
PyPA
added yesterday2 views

praisonai-platform: Label endpoints' unchecked label_id/issue_id enable cross-workspace label IDOR (edit, delete, link)

SummaryType: Insecure Direct Object Reference. Five label endpoints — PATCH /workspaces/workspaceid/labels/labelid, DELETE .../labels/labelid, POST .../issues/issueid/labels/labelid, DELETE .../issues/issueid/labels/labelid, GET .../issues/issueid/labels — gate access on...

7.6CVSS6.2AI score0.00038EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday2 views

Apache Airflow has an Improper Authorization issue

The structuredata endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those linked Dags. An authenticated UI/API user authorized for one Dag could enumerate linked Dag IDs and dependency metadata for other...

3.1CVSS6.1AI score0.00459EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added yesterday4 views

PraisonAI Platform: Missing role checks let any workspace member become owner and control workspace membership

SummaryPraisonAI Platform has a broken workspace authorization check that allows any authenticated low-privilege workspace member to escalate their own role to owner.The issue is caused by privileged workspace-management routes using the shared dependency requireworkspacemember... without requiri...

8.8CVSS6.1AI score0.00063EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday4 views

Apache Airflow Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

A bug in Apache Airflow's Variable response masker caused nested-key redaction triggered by secret-suffixed key names like password, token, secret, apikey to be bypassed when the JSON value's nesting depth exceeded the shared secrets masker's recursion limit: the masker returned the original nest...

6.5CVSS6.1AI score0.00335EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added yesterday3 views

Apache Airflow has no certificate validation on SMTP STARTTLS connections

Apache Airflow's EmailOperator and the underlying airflow.utils.email helpers established SMTP STARTTLS connections without verifying the remote certificate when the deployment used email smtpstarttls=True without email smtpssl. An attacker positioned between the worker and the configured SMTP...

5.9CVSS6.2AI score0.00185EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added yesterday3 views

AstrBot: Manipulation of astr_main_agent's session_id parameter leads to authorization bypass

A vulnerability was identified in AstrBotDevs AstrBot 4.24.2. This affects the function astrmainagent of the file astrbot/core/astrmainagent.py. Such manipulation of the argument sessionid leads to authorization bypass. It is possible to launch the attack remotely. The exploit is publicly availab...

6.5CVSS6.4AI score0.00211EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added yesterday4 views

PraisonAI has Cross-Workspace IDOR and Privilege Escalation via Platform API

SummaryThe PraisonAI Platform API has two authorization failures that together break workspace isolation. The service layer for issues and projects performs global primary-key lookups without checking workspace ownership, so any authenticated user can read, modify, and delete resources in any...

8.8CVSS6.2AI score0.00044EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday5 views

PraisonAI CLI automatically resolves @url mentions in prompt text and can read loopback URLs into model context

SummaryPraisonAI's direct-prompt CLI automatically expands @url: mentions in raw prompt text before agent execution begins.If a prompt contains @url:, the CLI calls MentionsParser.process.... The @url: handler then performs a direct urllib.request.urlopen request to the attacker-controlled URL an...

5.5CVSS6.2AI score0.00014EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday6 views

PraisonAI spider_tools SSRF protection bypass via alternate loopback host encodings

SummaryPraisonAI's spidertools URL validation can be bypassed using alternate loopback host encodings.The affected component is:textpraisonaiagents/tools/spidertools.pyThe tool contains a URL validation function intended to block local or unsafe targets before fetching attacker-controlled URLs...

5.5CVSS6.3AI score0.00014EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday4 views

PraisonAI spider_tools SSRF protection bypass via alternate loopback host encodings

SummaryPraisonAI's spidertools URL validation can be bypassed using alternate loopback host encodings.The affected component is:textpraisonaiagents/tools/spidertools.pyThe tool contains a URL validation function intended to block local or unsafe targets before fetching attacker-controlled URLs...

5.5CVSS6.3AI score0.00014EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday3 views

PraisonAI vulnerable to unauthenticated arbitrary file read via MCP workflow.show, workflow.validate, deploy.validate

SummaryThe fix for GHSA-9mqq-jqxf-grvw / CVE-2026-44336 is incomplete. The original advisory description named four vulnerable handlers in mcpserver/adapters/clitools.py: "registers four file-handling tools by default, praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and...

9.6CVSS6.1AI score0.00619EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added yesterday7 views

PraisonAI CLI automatically resolves @url mentions in prompt text and can read loopback URLs into model context

SummaryPraisonAI's direct-prompt CLI automatically expands @url: mentions in raw prompt text before agent execution begins.If a prompt contains @url:, the CLI calls MentionsParser.process.... The @url: handler then performs a direct urllib.request.urlopen request to the attacker-controlled URL an...

5.5CVSS6.2AI score0.00014EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday4 views

BoxLite has a Timeout Bypass Vulnerability

SummaryBoxLite is a sandbox service that allows users to create lightweight virtual machines Boxes and run OCI containers within them. BoxLite allows users to configure a timeout for services running inside the virtual machine. When the timeout is triggered, BoxLite sends a signal to kill the...

6.5CVSS6.1AI score0.00268EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added yesterday4 views

PraisonAI: Arbitrary code execution via unguarded `spec.loader.exec_module` in `agents_generator.py` - sibling of CVE-2026-44334

Arbitrary code execution via ungated spec.loader.execmodule in agentsgenerator.py v4.6.32 chokepoint refactor bypass Summary The v4.6.32 chokepoint refactor which patched CVE-2026-44334 / GHSA-xcmw-grxf-wjhj added the PRAISONAIALLOWLOCALTOOLS env-var gate to the tooloverride.py sinks. However, tw...

8.1CVSS6.6AI score0.00102EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday5 views

ouroboros-ai Vulnerable to Remote Code Execution via Untrusted Project-Directory .env

ImpactA Remote Code Execution RCE vulnerability was discovered in Ouroboros. If a user clones a malicious repository and runs Ouroboros commands within that directory, it can lead to arbitrary code execution and potential system takeover.The vulnerability CWE-426: Untrusted Search Path & CWE-15:...

8.6CVSS6.5AI score0.00557EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added yesterday4 views

zeroconf: Unbounded exception-dedup state retains packet buffers via traceback frame locals, enabling LAN-local memory exhaustion

ImpactDNSIncoming.logexceptiondebug and the four QuietLogger exception-dedup methods stored an unbounded seenlogs dict keyed by strsys.excinfo1. The seven IncomingDecodeError messages raised from readname / decodelabelsatoffset RFC 6762 §18 name-decoding error paths all embed self.source — the...

6.5CVSS6.1AI score0.0002EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added yesterday5 views

zeroconf has unbounded DNS record cache that allows LAN-local memory exhaustion via multicast flood

ImpactDNSCache.asyncadd inserted every response record into cache, expirations, expireheap, and servicecache with no cap on entry count. The only pre-existing protection was a PTR TTL floor DNSPTRMINTTL = 1125 s, RFC 6762 §10, which actually prolonged attacker-injected records, and a periodic...

6.5CVSS6.1AI score0.00023EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added yesterday2 views

xiaomusic contains an unauthenticated path traversal vulnerability

xiaomusic v0.5.7 contains an unauthenticated path traversal vulnerability in the GET /music/filepath:path endpoint that allows unauthenticated attackers to read arbitrary files outside the intended music directory by exploiting an incomplete path prefix check. Attackers can request files from...

8.7CVSS6.2AI score0.00513EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added yesterday4 views

zeroconf has unbounded recursion in DNS compression-pointer decoder that allows LAN-local denial of service

ImpactDNSIncoming.decodelabelsatoffset recurses once per DNS-name compression pointer RFC 1035 §4.1.4. Pointer cycles and label counts were capped, but the chain length of unique forward pointers was not. A single 3 kB mDNS packet carrying 1500 chained pointers drives the recursion past CPython's...

6.5CVSS6.1AI score0.0002EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added yesterday4 views

compliance-trestle Profile Import has an Arbitrary File Read via trestle:// URI and Relative Path Traversal

SummaryThe compliance-trestle library's profile import mechanism resolves trestle:// URIs and relative file paths by joining them with trestleroot and calling .resolve, but performs no boundary check to ensure the resolved path stays within the trestle workspace. An attacker can craft a malicious...

6.9CVSS6.2AI score0.00061EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added yesterday4 views

Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows

ImpactArbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows.Dulwich's path-element validator accepted tree entries whose filenames contained bytes that Windows interprets as structural path syntax: - \ — the Windows path separator...

8.8CVSS6.6AI score0.00635EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added yesterday4 views

local-deep-research has an SSRF bypass in `safe_get`

SummaryThe URL checking logic in local-deep-research has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. DetailsThe current project uses validateurl to validate the input URL. The main logic is to perform security checks on the host portion of the URL extracted by...

5CVSS6.2AI score0.00247EPSS
Exploits0References10Affected Software1
PyPA
PyPA
added yesterday4 views

OpenStack Neutron has an Incorrect Authorization issue

In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defined policy rules use singular names. The mismatched names evaluate as allowed under the default policy, permitting a project reader to create and update tags...

5.3CVSS6.1AI score0.00295EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added yesterday4 views

compliance-trestle Vulnerable to Remote Code Execution via Recursive Server-Side Template Injection (SSTI)

A High severity Server-Side Template Injection SSTI vulnerability exists in the trestle author jinja command. The command recursively evaluates rendered templates, allowing an attacker to achieve arbitrary command execution with privileges of the running process by injecting malicious payloads in...

7.8CVSS6.4AI score0.00022EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added yesterday6 views

compliance-trestle Vulnerable to SSRF in Remote Fetching Subsystem

A source code audit led to the discovery of three significant security vulnerabilities in the trestle/core/remote/cache.py module.Finding 1 Critical: SSRF CWE-918The HTTPSFetcher.dofetch method passes a user-supplied URL directly to requests.get without validation. This allows an attacker to...

6.7CVSS6.2AI score0.00012EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added yesterday5 views

compliance-trestle - jinja has an Arbitrary File Write via Path Traversal

Relevant Products/Components: trestle/core/commands/author/jinja.py trestle author jinja--- Detailed Description:The -o/--output argument in trestle author jinja allows writing files outside the intended workspace.The application does not properly validate: ../ ..\ absolute pathsThis allows...

8.4CVSS6.4AI score0.0005EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added yesterday5 views

Dulwich Vulnerable to Command Injection via Merge Driver Path

SummaryDulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the %P placeholder and executes it with subprocess.run..., shell=True. An attacker who can cause a victim to merge an untrusted...

7.7CVSS6.5AI score0.00555EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added yesterday3 views

agno contains a SQL injection vulnerability

agno 2.6.5 contains a SQL injection vulnerability in the ClickHouse vector database backend that allows attackers to inject arbitrary SQL expressions by supplying malicious metadata keys and values to the deletebymetadata method. Attackers can exploit the unsafe f-string interpolation in...

8.7CVSS6.2AI score0.00319EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added yesterday8 views

Shamefile has an arbitrary file read via shamefile.yaml in shame next

ImpactA path traversal vulnerability in shame next allows an attacker-controlled shamefile.yaml to disclose contents of files outside the repository, one line at a time, to the terminal of a user who runs the command. See patch commit for technical details. PatchesFixed in 0.1.7. Upgrade to eithe...

5.5CVSS6.1AI score0.00013EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added yesterday3 views

pretix vulnerable to Authorization Bypass Through User-Controlled Key

When creating an export through the pretix API, API clients are returned an UUID value for their export job a long, random string like 35742818-c375-4d15-839f-d49aecce94d6. Using this UUID, the API client can then request the actual file for download. The same kind of UUID is used in other places...

7CVSS6.1AI score0.00219EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday4 views

Taipy contains a path traversal vulnerability

Taipy 4.1.1, fixed in commit 129fd40, contains a path traversal vulnerability in the ElementLibrary.getresource method in taipy/gui/extension/library.py that allows unauthenticated attackers to escape the intended module directory by exploiting an incomplete path containment check using...

8.7CVSS6.1AI score0.00409EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added yesterday3 views

compliance-trestle Remote Fetching Mechanism has an Arbitrary File Write via Cache Path Traversal

SummaryThe compliance-trestle library's remote fetching cache mechanism HTTPSFetcher and SFTPFetcher constructs the local cache file path from the URL path component without sanitizing path traversal sequences ../. When a remote OSCAL profile references a URL with traversal in its path, the HTTP...

7.1CVSS6.5AI score0.00047EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added yesterday4 views

AsyncSSH `AuthorizedKeysFile %u` path traversal allows attacker-selected authorized keys to authenticate a traversal username

SummaryAsyncSSH 2.22.0 expands the OpenSSH-compatible AuthorizedKeysFile %u token with the raw SSH username during pre-authentication server config reload. A server configured with a documented per-user key pattern such as AuthorizedKeysFile authorizedkeys/%u can be made to read an authorized-key...

8.2CVSS6.1AI score0.00221EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday4 views

OpenStack Swift: s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

7.1CVSS6.2AI score0.00322EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added yesterday4 views

hermes-agent has an Incorrect Comparison

A security flaw has been discovered in NousResearch hermes-agent 2026.4.23. Affected is the function discoverdashboardplugins of the file hermescli/webserver.py of the component CLI web-dashboard Interface. Performing a manipulation of the argument HERMESENABLEPROJECTPLUGINS results in incorrect...

5.3CVSS5.8AI score0.00228EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added yesterday2 views

Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability

Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability CWE-90 that allows unauthenticated attackers to exfiltrate directory data or bypass authentication. Upgrade to apache-airflow-providers-fab 3.6.4 or later. If immediate upgrade is not possible, disable LDAP...

5.3CVSS6.1AI score0.00574EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added yesterday3 views

vllm has Improper Resource Shutdown or Release

A vulnerability was identified in vllm-project vllm 0.19.0. This issue affects some unknown processing of the component OpenAI-compatible Serving Path. Such manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit is publicly available and might be used...

6.9CVSS5.8AI score0.00427EPSS
Exploits0References10Affected Software1
PyPA
PyPA
added yesterday4 views

Pydantic AI: SSRF cloud-metadata blocklist bypass via IPv4-mapped IPv6 (Incomplete fix of CVE-2026-25580)

SummaryWhen an application using Pydantic AI opts a URL into forcedownload='allow-local' which disables the default block on private/internal IPs, the cloud-metadata blocklist could be bypassed by encoding the metadata IP in an IPv6 transition form IPv4-mapped IPv6, 6to4, or NAT64. Dual-stack and...

8.6CVSS6.6AI score0.00579EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added yesterday6 views

hermes-agent has an Injection issue

A vulnerability was found in NousResearch hermes-agent 2026.4.23. The impacted element is the function scancontextcontent of the file agent/promptbuilder.py. The manipulation results in injection. The attack may be performed from remote. The exploit has been made public and could be used. The...

7.5CVSS6.5AI score0.00305EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added yesterday5 views

Pydantic AI: SSRF cloud-metadata blocklist bypass via IPv4-mapped IPv6 (Incomplete fix of CVE-2026-25580)

SummaryWhen an application using Pydantic AI opts a URL into forcedownload='allow-local' which disables the default block on private/internal IPs, the cloud-metadata blocklist could be bypassed by encoding the metadata IP in an IPv6 transition form IPv4-mapped IPv6, 6to4, or NAT64. Dual-stack and...

6.8CVSS6.1AI score0.00039EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added yesterday2 views

Flask-Security-Too OAuth reauthentication freshness bypass via cross- user OAuth identity acceptance

Summary Flask-Security-Too 5.8.0's OAuth reauthentication flow can mark a session as fresh after verifying an OAuth account that belongs to a different user. If an attacker can operate an already-authenticated but stale victim session, they can complete OAuth verification using their own OAuth...

6AI score0.00035EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday3 views

hermes-agent has a sandbox issue

A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This impacts the function executecode of the file tools/codeexecutiontool.py of the component Environment Variable Handler. Such manipulation leads to sandbox issue. It is possible to launch the attack remotely. The...

7.5CVSS6.5AI score0.0038EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added yesterday4 views

LiteLLM allows a user to modify their own user_role via the /user/update endpoint

LiteLLM prior to 1.83.10 allows a user to modify their own userrole via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxyadmin...

8.8CVSS7.1AI score0.00653EPSS
Exploits2References12Affected Software1
PyPA
PyPA
added yesterday2 views

SQLAdmin: Authorization Bypass on `ajax_lookup`

ImpactThe ajaxlookup endpoint in application.py bypasses the isaccessible access control check that all other endpoints enforce.If a developer restricts model access by overriding isaccessible, an authenticated user can still query that model's data through the ajaxlookup endpoint — silently...

4.3CVSS6.1AI score0.00279EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added yesterday4 views

Prefect has an Argument Injection issue

A vulnerability in the GitHubRepository block of the prefect-github integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the reference field. The reference field is concatenated directly into a git clone command string without proper...

8.5CVSS7.4AI score0.00298EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added yesterday3 views

hermes-agent has an Injection issue

A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.23. Impacted is an unknown function of the file agent/skillsguard.py of the component Skills Guard Multi-Word Prompt Handler. The manipulation of the argument THREATPATTERNS leads to injection. Remote exploitatio...

7.5CVSS6.5AI score0.00305EPSS
Exploits0References10Affected Software1
Total number of security vulnerabilities7035