Lucene search
+L

7044 matches found

PyPA
PyPA
added 2026/06/30 9:6 p.m.8 views

Malicious code in magique-ai (PyPI)

Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08,malicious phantom releases of magique-ai were published to PyPI using stolencredentials. The package executes a bundled JavaScript payload via the Bunruntime on import that harvests and exfiltrates credentials and...

5.9AI score
Exploits0References3Affected Software1
PyPA
PyPA
added 2026/06/30 8:41 p.m.7 views

Malicious code in magique (PyPI)

Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08,malicious phantom releases of magique were published to PyPI using stolencredentials. The package executes a bundled JavaScript payload via the Bunruntime on import that harvests and exfiltrates credentials and...

5.9AI score
Exploits0References3Affected Software1
PyPA
PyPA
added 2026/06/30 8:24 p.m.7 views

Malicious code in funcdesc (PyPI)

Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08,malicious phantom releases of funcdesc were published to PyPI using stolencredentials. The package executes a bundled JavaScript payload via the Bunruntime on import that harvests and exfiltrates credentials and...

5.9AI score
Exploits0References3Affected Software1
PyPA
PyPA
added 2026/06/30 8:12 p.m.6 views

Malicious code in executor-http (PyPI)

Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08,malicious phantom releases of executor-http were published to PyPI using stolencredentials. The package executes a bundled JavaScript payload via the Bunruntime on import that harvests and exfiltrates credentials and...

5.9AI score
Exploits0References3Affected Software1
PyPA
PyPA
added 2026/06/30 8:6 p.m.6 views

Malicious code in executor-engine (PyPI)

Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08,malicious phantom releases of executor-engine were published to PyPI using stolencredentials. The package executes a bundled JavaScript payload via the Bunruntime on import that harvests and exfiltrates credentials an...

5.9AI score
Exploits0References3Affected Software1
PyPA
PyPA
added 2026/06/30 1:16 a.m.6 views

PYSEC-2026-597

NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue 3504. The UNSAFENOPROTOCOLRE regex in nltk/data.py checks for literal ../ sequences but fails to account for percent-encoded traversal sequences such as ..%2f. The url2pathname function decodes...

7.5CVSS7.2AI score0.0051EPSS
Exploits1References1Affected Software1
PyPA
PyPA
added 2026/06/29 8:46 p.m.8 views

Malicious code in coolbox (PyPI)

Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08,malicious phantom releases of coolbox were published to PyPI using stolencredentials. The package executes a bundled JavaScript payload via the Bunruntime on import that harvests and exfiltrates credentials and...

5.9AI score
Exploits0References3Affected Software1
PyPA
PyPA
added 2026/06/29 8:25 p.m.17 views

Malicious code in cmd2func (PyPI)

Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08,malicious phantom releases of cmd2func were published to PyPI using stolencredentials. The package executes a bundled JavaScript payload via the Bunruntime on import that harvests and exfiltrates credentials and...

5.9AI score
Exploits0References3Affected Software1
PyPA
PyPA
added 2026/06/29 8:18 p.m.11 views

Malicious code in bramin (PyPI)

Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08,malicious phantom releases of bramin were published to PyPI using stolencredentials. The package executes a bundled JavaScript payload via the Bunruntime on import that harvests and exfiltrates credentials and...

5.9AI score
Exploits0References3Affected Software1
PyPA
PyPA
added 2026/06/29 7:31 p.m.6 views

Malicious code in tlask (PyPI)

Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08,malicious phantom releases of tlask were published to PyPI using stolencredentials. The package executes a bundled JavaScript payload via the Bunruntime on import that harvests and exfiltrates credentials and...

5.9AI score
Exploits0References3Affected Software1
PyPA
PyPA
added 2026/06/29 5:5 p.m.5 views

Malicious code in rlask (PyPI)

Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08,malicious phantom releases of rlask were published to PyPI using stolencredentials. The package executes a bundled JavaScript payload via the Bunruntime on import that harvests and exfiltrates credentials and...

5.9AI score
Exploits0References3Affected Software1
PyPA
PyPA
added 2026/06/29 4:24 p.m.4 views

Malicious code in nhmpy (PyPI)

Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08,malicious phantom releases of nhmpy were published to PyPI using stolencredentials. The package executes a bundled JavaScript payload via the Bunruntime on import that harvests and exfiltrates credentials and...

5.9AI score
Exploits0References3Affected Software1
PyPA
PyPA
added 2026/06/29 4:7 p.m.4 views

Malicious code in mflux-streamlit (PyPI)

Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08,malicious phantom releases of mflux-streamlit were published to PyPI using stolencredentials. The package executes a bundled JavaScript payload via the Bunruntime on import that harvests and exfiltrates credentials an...

5.9AI score
Exploits0References4Affected Software1
PyPA
PyPA
added 2026/06/29 3:42 p.m.6 views

Malicious code in spateo-release (PyPI)

Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08,malicious phantom releases of spateo-release were published to PyPI using stolencredentials. The package executes a bundled JavaScript payload via the Bunruntime on import that harvests and exfiltrates credentials and...

5.9AI score
Exploits0References3Affected Software1
PyPA
PyPA
added 2026/06/29 3:36 p.m.4 views

Malicious code in dynamo-release (PyPI)

Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08,malicious phantom releases of dynamo-release were published to PyPI using stolencredentials. The package executes a bundled JavaScript payload via the Bunruntime on import that harvests and exfiltrates credentials and...

5.9AI score
Exploits0References3Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP

The nbconvert HTTP handlers in jupyterserver render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default non-sanitizing behavior, a notebook carrying an HTML payload in a displaydata outpu...

9.3CVSS6AI score0.00227EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.6 views

Salesforce Uni2TS has a Code Injection vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS: through 1.2.0...

9.8CVSS6.1AI score0.00372EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.8 views

python-statemachine SCXML <data expr> Eval Injection

Summarypython-statemachine 3.1.2 evaluates attributes in SCXML documents using Python's eval. Any application that passes attacker-controlled SCXML content to SCXMLProcessor is vulnerable to arbitrary code execution in the context of the hosting process. DetailsSCXMLProcessor.parsescxmlfile...

9.8CVSS6.7AI score0.01188EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.6 views

Lemur: ACME SSRF + creator-equality IDOR lead to AWS IAM/PKI compromise

Lemur 1.9.0: any SSO-authenticated user achieves AWS IAM compromise and permanent PKI key access via ACME acmeurl SSRF and creator-equality IDOR Vulnerability Summary Field | Value-- | --Title | Lemur 1.9.0: any SSO-authenticated user achieves AWS IAM compromise and permanent PKI key access via...

9.9CVSS6.1AI score
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.5 views

NASA AMMOS Instrument Toolkit: Path traversal resulting in arbitrary file append (can be triggered over the network by unauthenticated attacker)

SummaryThe Binary Stream Capture BSC component exposes an unauthenticated HTTP API for dynamically creating packet capture “handlers.” Because the code blindly trusts path‑related form fields, a remote client can:- Bypass the configured log root and direct BSC to log to arbitrary filesystem...

9.1CVSS6.3AI score0.00163EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

LiteLLM: Authentication Bypass via Host Header Injection

ImpactA Host-header parsing flaw in the LiteLLM proxy could, under specific conditions, allow unauthenticated access to protected management routes. The auth layer derived the effective route from request.url.path in litellm/proxy/auth/authutils.py::getrequestroute, which Starlette reconstructs...

9.8CVSS6AI score0.00559EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

Remote unauthenticated attackers able to upload files in Onionshare

OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to upload files on a non-public node when using the --receive functionality...

9.8CVSS7.2AI score0.0232EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit

SummaryAll components based on BaseFileComponent are vulnerable to the following vulnerability:1. Docling DoclingInlineComponent2. Docling Serve DoclingRemoteComponent3. Read File FileComponent4. NVIDIA Retriever Extraction NvidiaIngestComponent5. Video File VideoFileComponent6. Unstructured API...

9.6CVSS6.4AI score0.00411EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

Backpropagate: backprop ui --auth and backprop ui --share do not enforce authentication

SummaryIn backpropagate = 1.1.0, the optional Reflex web UI pip install backpropagateui, launched via backprop ui exposes a training control plane: dataset upload, model load, training start/stop, multi-run orchestration, GGUF export, and HuggingFace Hub push.The CLI accepts two operator-facing...

9.3CVSS6.2AI score0.00324EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

Injection vulnerability that affects ironic-discoverd

OpenStack Ironic Inspector aka ironic-inspector or ironic-discoverd, when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error...

9.2CVSS6.3AI score0.01585EPSS
Exploits0References13Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

mcp-pinot: Unauthenticated tool invocation via default oauth_enabled=False + host 0.0.0.0 bind

ResolutionFixed in v3.1.0, released 2026-05-25. The fix was merged in PR 95 at commit 1c7d3f9. The fix changes the default HTTP bind host to 127.0.0.1, refuses non-loopback HTTP/HTTPS exposure unless OAuth is enabled, makes Helm exposure opt-in and OAuth-gated, and adds parser-backed...

10CVSS6.2AI score0.00498EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.5 views

praisonai-platform: Any workspace member can add arbitrary user as owner via POST /workspaces/{id}/members

SummaryType: Privilege escalation / cross-tenant member injection. The POST /workspaces/workspaceid/members endpoint is gated only by requireworkspacememberworkspaceid default minrole="member" and forwards the request body's userid and role straight into MemberService.addworkspaceid, userid, role...

9.6CVSS6AI score0.00031EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Docker API

SummaryThe safeevalexpression function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore. Python generator and frame object attributes giframe, fback, fbuiltins do NOT start with underscore, enabling a complete sandbox escape to achieve...

10CVSS6.8AI score0.0045EPSS
Exploits2References7Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

motionEye: Authentication possible via password hash

SummaryAn authentication bypass vulnerability exists due to improper trust in client-controlled cookies. The application accepts user-supplied cookie values containing a username and password-hash-derived value as sufficient authentication material. These cookies can be set or modified prior to...

9.1CVSS6.1AI score
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.5 views

MCP-for-Stata: Command injection via log_file_name parameter in Stata command wrapper

SummaryThe logfilename parameter in the statado API and CLI is directly interpolated into a Stata command string without sanitization. The security guard GuardValidator only scans the do-file content but does not validate this parameter. An attacker can inject arbitrary Stata commands including...

9.3CVSS6.1AI score0.00629EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.6 views

Jupyter Enterprise Gateway: ContainerProcessProxy._enforce_prohibited_ids Bypass

SummaryJupyter Enterprise Gateway has a prohibited UID and GID feature that by default prevents launching kernels with UID or GID 0 root.This can be bypassed. It is possible to launch kernels with a prohibited UID and/or GID by using a specially crafted KERNELUID or KERNELGID value.The feature is...

9.8CVSS6.3AI score0.00106EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.6 views

Jupyter Enterprise Gateway: Kubernetes Manifest Injection in Jinja2 Template Rendering

SummaryThe environment variables used during the rendering of the Kubernetes manifest allow YAML injection, enabling attackers to overwrite existing keys like securityContext and inject multi-document YAML to create additional unintended Kubernetes resources. DetailsThe server interpolates...

10CVSS6.4AI score0.00062EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.7 views

Jupyter Enterprise Gateway: Jinja2 Template Server Side Template Injection resulting in Remote Code Execution

SummaryThe environment variables KERNELXXX used during the rendering of the Kubernetes manifest are vulnerable to Server Side Template Injection SSTI.By including Jinja2 template expressions it is possible to execution Python code and OS Commands in the Enterprise Gateway service.The code can use...

10CVSS6.6AI score0.0086EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.6 views

Meta Ads MCP: Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token

Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token | Field | Value || ---------------- | ----- || Repository | pipeboard-co/meta-ads-mcp || Affected version | ≤ 1.0.101 commit 496c988 7d14226; Versions 1.0.102–1.0.105 lack git tags, so patch status is unconfirmed. ||...

9.1CVSS6.2AI score0.0013EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

wolfSSL Python module vulnerable to Improper Authentication

A vulnerability in the handling of verifymode = CERTREQUIRED in the wolfssl Python package wolfssl-py causes client certificate requirements to not be fully enforced.Because the WOLFSSLVERIFYFAILIFNOPEERCERT flag was not included, the behavior effectively matched CERTOPTIONAL: a peer certificate...

9.3CVSS5.9AI score0.00272EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

terminal-controller-mcp vulnerable to Command Injection

A command injection vulnerability in the executecommand function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary commands via a crafted input...

10CVSS6.2AI score0.01891EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

OpenStack Vitrage: Unauthorized Access to the Host can Lead to Eval Injection

In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...

9.1CVSS7.5AI score0.00763EPSS
Exploits2References8Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

Flask-Reuploaded vulnerable to Remote Code Execution via Server-Side Template Injection

ImpactA critical path traversal and extension bypass vulnerability in Flask-Reuploaded allows remote attackers to achieve arbitrary file write and remote code execution through Server-Side Template Injection SSTI. Patches Flask-Reuploaded has been patched in version 1.5.0 Workarounds1. Do not pas...

9.8CVSS6.7AI score0.01046EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

H2O has an External Control of File Name or Path vulnerability

A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attackers to write arbitrary data to any file on the server. This is achieved by exploiting the /3/Parse endpoint to inject attacker-controlled data as the header of an empty file, which is then exported using the...

9.1CVSS7.9AI score0.00629EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

Semantic Kernel has Arbitrary File Write via AI Agent Function Calling in .NET SDK

ImpactWhat kind of vulnerability is it? Who is impacted?An Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel.NET SDK, specifically within theSessionsPythonPlugin.Developers who have built applications which include Microsoft's Semantic Kernel.NET SDK and are...

9.9CVSS5.9AI score0.0195EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.6 views

Azure AI Language Authoring Elevation of Privilege Vulnerability can Lead to RCE

Deserialization of untrusted data in the Azure AI Language Conversations Authoring client library for Python allows an unauthorized attacker to execute code over a network...

9.8CVSS7.3AI score0.02344EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.5 views

MLflow Use of Default Password Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the basicauth.ini file. The file contains hard-coded default credentials. An attacker can leverage...

9.8CVSS7.5AI score0.00968EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.5 views

Unstructured has Path Traversal via Malicious MSG Attachment that Allows Arbitrary File Write

A Path Traversal vulnerability in the partitionmsg function allows an attacker to write or overwrite arbitrary files on the filesystem when processing malicious MSG files with attachments. Impact An attacker can craft a malicious .msg file with attachment filenames containing path traversal...

9.8CVSS7.9AI score0.00616EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.5 views

vLLM has RCE In Video Processing

SummaryA chain of vulnerabilities in vLLM allow Remote Code Execution RCE:1. Info Leak - PIL error messages expose memory addresses, bypassing ASLR2. Heap Overflow - JPEG2000 decoder in OpenCV/FFmpeg has a heap overflow that lets us hijack code executionResult: Send a malicious video URL to vLLM...

9.8CVSS7.5AI score0.03816EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.5 views

Langroid has WAF Bypass Leading to RCE in TableChatAgent

Affected Scopelangroid = 0.59.31 Vulnerability Description CVE-2025-46724 fix bypass:TableChatAgent can call pandaseval tool to evaluate the expression. There is a WAF in langroid/utils/pandasutils.py introduced to block code injection CVE-2025-46724. However it can be bypassed due to literalok...

9.8CVSS7AI score0.00741EPSS
Exploits2References7Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.5 views

ormar is vulnerable to SQL Injection through aggregate functions min() and max()

Report of SQL Injection Vulnerability in Ormar ORM A SQL Injection attack can be achieved by passing a crafted string to the min or max aggregate functions. Brief descriptionWhen performing aggregate queries, Ormar ORM constructs SQL expressions by passing user-supplied column names directly into...

9.8CVSS7.5AI score0.00915EPSS
Exploits2References7Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.5 views

dcap-qvl has Missing Verification for QE Identity

ImpactThis vulnerability involves a critical gap in the cryptographic verification process within the dcap-qvl.The library fetches QE Identity collateral including qeidentity, qeidentitysignature, and qeidentityissuerchain from the PCCS. However, it skips to verify the QE Identity signature again...

9.3CVSS6AI score0.00208EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.5 views

Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering

SummaryAn unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScript in an event.The payload executes only if a user explicitly views the affected Stacktrace in the web UI. Details When Pygments returns more lines than it was given a known upstream quirk th...

9.3CVSS6.1AI score0.00286EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.4 views

CAI find_file Agent Tool has Command Injection Vulnerability Through Argument Injection

SummaryThe CAI Cybersecurity AI framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via subprocess.Popen with shell=True, allowing attackers to execute arbitrary commands on the host system. Vulnerable...

9.6CVSS6.3AI score0.008EPSS
Exploits3References7Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.5 views

Langflow has Remote Code Execution in CSV Agent

SummaryThe CSV Agent node in Langflow hardcodes allowdangerouscode=True, which automatically exposes LangChain’s Python REPL tool pythonreplast. As a result, an attacker can execute arbitrary Python and OS commands on the server via prompt injection, leading to full Remote Code Execution RCE. 2...

9.8CVSS7.7AI score0.33694EPSS
Exploits4References6Affected Software1
Total number of security vulnerabilities7044