7044 matches found
llama-cpp-python vulnerable to Remote Code Execution by Server-Side Template Injection in Model Metadata
Descriptionllama-cpp-python depends on class Llama in llama.py to load .gguf llama.cpp or Latency Machine Learning Models. The init constructor built in the Llama takes several parameters to configure the loading and running of the model. Other than NUMA, LoRa settings, loading tokenizers, and...
TorchServe vulnerable to bypass of allowed_urls configuration
ImpactTorchServe's check on allowedurls configuration can be by-passed if the URL contains characters such as ".." but it does not prevent the model from being downloaded into the model store. Once a file is downloaded, it can be referenced without providing a URL the second time, which effective...
NASA AIT-Core vulnerable to remote code execution
An issue in the API wait function of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via supplying a crafted string...
LangChain Experimental vulnerable to arbitrary code execution
langchainexperimental aka LangChain Experimental before 0.0.52, part of LangChain before 0.1.8, allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the import, subclasses, builtins, globals, getattribute, bases, mro, or base attribute in Python code. These are not...
Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service
Important: Exploiting this vulnerability requires the attacker to have access to your Frigate instance, which means they could also just delete all of your recordings or perform any other action. If you have configured authentication in front of Frigate via a reverse proxy, then this vulnerabilit...
Mocodo vulnerable to SQL injection in `/web/generate.php`
Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sqlcase input field in /web/generate.php, allowing remote attackers to execute arbitrary SQL commands and potentially command injection, leading to remote code execution RCE under certain conditions...
changedetection.io has a Server Side Template Injection using Jinja2 which allows Remote Command Execution
SummaryA Server Side Template Injection in changedetection.io caused by usage of unsafe functions of Jinja2 allows Remote Command Execution on the server host. Detailschangedetection.io version: 0.45.20docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEdgtlmoon/changedetection.io latest 53529c2e69f...
SQLAlchemyDA unauthenticated arbitrary SQL query execution
ImpactThe vulnerability allows unauthenticated execution of arbitrary SQL statements on the database the SQLAlchemyDA instance is connected to. All users are affected. PatchesThe problem has been patched in version 2.2. WorkaroundsThere is no workaround. All users are urged to upgrade to version ...
Gradio allows users to access arbitrary files
ImpactThis vulnerability allows users of Gradio applications that have a public link such as on Hugging Face Spaces to access files on the machine hosting the Gradio application. This involves intercepting and modifying the network requests made by the Gradio app to the server. PatchesYes, the...
Vanna prompt injection code execution
The Vanna library uses a prompt function to present the user with visualized results, it is possible to alter the prompt using prompt injection and run arbitrary Python code instead of the intended visualization code. Specifically - allowing external input to the library’s “ask” method with...
Flask-AppBuilder vulnerable to incorrect authentication when using auth type OpenID
ImpactWhen Flask-AppBuilder is set to AUTHTYPE AUTHOID, allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker unauthorised privilege access if a custom OpenID service is deployed by the...
CraftBeerPi 4 allows arbitrary code execution
URL GET parameter "logtime" utilized within the "downloadlog" function from "cbpi/httpendpoints/httpsystem.py" is subsequently passed to the "os.system" function in "cbpi/controller/systemcontroller.py" without prior validation allowing arbitrary code execution. This issue affects CraftBeerPi 4:...
Improper Certificate Validation in apache airflow mongo hook
When sslwas enabled for Mongo Hook, default settings included "allowinsecure" which caused that certificates were not validated. This was unexpected and undocumented. Users are recommended to upgrade to version 4.0.0, which fixes this issue...
cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes
Summaryutils.getsharedsecret always returns -1 - allows anyone to connect to cobbler XML-RPC as user '' password -1 and make any changes. Detailsutils.py getsharedsecret:def getsharedsecret - Unionstr, int: """ The 'web.ss' file is regenerated each time cobblerd restarts and is used to agree on...
ConsoleMe has an Arbitrary File Read Vulnerability via Limited Git command
ID: NFLX-2024-002 ImpactAuthenticated users can achieve limited RCE in ConsoleMe, restricted to flag inputs on a single CLI command. Due to this constraint, it is not currently known whether full RCE is possible but it is unlikely. However, a specific flag allows authenticated users to read any...
pyload-ng vulnerable to RCE with js2py sandbox escape
SummaryAny pyload-ng running under python3.11 or below are vulnerable under RCE. Attacker can send a request containing any shell command and the victim server will execute it immediately. Detailsjs2py has a vulnerability of sandbox escape assigned as CVE-2024-28397, which is used by the...
PaddlePaddle Path Traversal vulnerability
Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6...
LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint
BerriAI/litellm is vulnerable to Server-Side Template Injection SSTI via the /completions endpoint. The vulnerability arises from the hfchattemplate method processing the chattemplate parameter from the tokenizerconfig.json file through the Jinja template engine without proper sanitization...
Aim Web API vulnerable to Remote Code Execution
A critical Remote Code Execution RCE vulnerability was identified in the aimhubio/aim project, specifically within the /api/runs/search/run/ endpoint, affecting versions = 3.0.0. The vulnerability resides in the runsearchapi function of the aim/web/api/runs/views.py file, where improper restricti...
pyLoad allows upload to arbitrary folder lead to RCE
SummaryAn authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution Detailsexample version: 0.5file:src/pyload/webui/app/blueprints/[email protected]"/render/", endpoint="render"def renderfilename: mimetype =...
NASA AIT-Core vulnerable to remote code execution
An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands...
PaddlePaddle vulnerable to remote code execution
remote code execution in paddlepaddle/paddle 2.6.0...
Keras code injection vulnerability
A arbitrary code injection vulnerability in TensorFlow's Keras framework 2.13 allows attackers to execute arbitrary code with the same permissions as the application using a model that allow arbitrary code irrespective of the application...
llama-index-core Command Injection vulnerability
A command injection vulnerability exists in the run-llama/llamaindex repository, specifically within the safeeval function. Attackers can bypass the intended security mechanism, which checks for the presence of underscores in code generated by LLM, to execute arbitrary code. This is achieved by...
PyMySQL SQL Injection vulnerability
PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escapedict...
llama-index-core Prompt Injection vulnerability leading to Arbitrary Code Execution
A vulnerability was identified in the executils class of the llamaindex package, specifically within the safeeval function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be exploited to bypass method...
Insecure deserialization in BentoML
An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution RCE by sending a specially crafted POST request. By exploiting this vulnerability, attackers can execute arbitrary commands on the server hosting the BentoML application. The vulnerability is...
pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user
pgAdmin prior to version 8.4 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is...
NASA AIT-Core vulnerable to SQL Injection
NASA AIT-Core v2.5.2 was discovered to contain multiple SQL injection vulnerabilities via the querypackets and insert functions...
NASA AIT-Core vulnerable to remote code execution
An issue in NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via a crafted packet...
pyLoad CNL Blueprint allows Path Traversal through `dlc_path` which leads to Remote Code Execution (RCE)
SummaryPath Traversal in pyLoad-ng CNL Blueprint via package parameter allows Arbitrary File Write leading to Remote Code Execution RCE The addcrypted endpoint in pyload-ng suffers from an unsafe path construction vulnerability, allowing unauthenticated attackers to write arbitrary files outside...
pgadmin4 has a Meta-Command Filter Command Execution
The PLAIN restore meta-command filter introduced in pgAdmin as part of the fix for CVE-2025-12762 does not detect meta-commands when a SQL file begins with a UTF-8 Byte Order Mark EF BB BF or other special byte sequences. The implemented filter uses the function hasmetacommands, which scans raw...
Cybersecurity AI (CAI) vulnerable to Command Injection in run_ssh_command_with_credentials Agent tool
SummaryA command injection vulnerability is present in the function tool runsshcommandwithcredentials available to AI agents. Details This is the source code of the function tool runsshcommandwithcredentials code: python@functiontooldef runsshcommandwithcredentials host: str, username: str,...
Rasa Allows Remote Code Execution via Remote Model Loading
VulnerabilityA vulnerability has been identified in Rasa Pro and Rasa Open Source that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution.The prerequisites for this are:- The HTTP API must be enabled on the Ra...
llama_index vulnerable to SQL Injection
Multiple vector store integrations in run-llama/llamaindex version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index...
rfc3161-client has insufficient verification for timestamp response signatures
Impactrfc3161-client 1.0.2 and earlier contain a flaw in their timestamp response signature verification logic. In particular, it performs chain verification against the TSR's embedded certificates up to the trusted roots, but fails to verify the TSR's own signature against the timestamping leaf...
Hugging Face smolagents: Unsafe deserialization in Remote Python Executor leads to RCE
Hugging Face smolagents Remote Python Executor Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face smolagents. Authentication is not required to exploit this...
BackendAI Missing Authentication for Critical Function
Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration is disabled...
Sentry's improper authentication on SAML SSO process allows user impersonation
ImpactA critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program.The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same Sent...
asyncmy is vulnerable to SQL injection via crafted dict keys
SQL injection vulnerability in long2ice asyncmy thru 0.2.10 allows attackers to execute arbitrary SQL commands via crafted dict keys...
Rasa Allows Remote Code Execution via Remote Model Loading
VulnerabilityA vulnerability has been identified in Rasa Pro and Rasa Open Source that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution.The prerequisites for this are:- The HTTP API must be enabled on the Ra...
LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs
SummaryA serialization injection vulnerability exists in LangChain's dumps and dumpd functions. The functions do not escape dictionaries with 'lc' keys when serializing free-form dictionaries. The 'lc' key is used internally by LangChain to mark serialized objects. When user-controlled data...
Langflow Unauth RCE
Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code...
Salt vulnerable to directory traversal attack in file receiving method
Directory traversal vulnerability in recvfile method allows arbitrary files to be written to the master cache directory...
Apache Airflow Providers Edge3 exposes internal API allowing RCE in web server context
Edge3 Worker RPC RCE on Airflow 2.This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if projects installed and configured it on Airflow 2.The Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if projects installed and...
Weblate is vulnerable to RCE through Git config file overwrite
ImpactIt was possible to overwrite Git configuration remotely and override some of its behavior. ResourcesThanks to Jason Marcello for responsible disclosure...
smolagents has Sandbox Escape Vulnerability in the local_python_executor.py Module
A sandbox escape vulnerability was identified in huggingface/smolagents version 1.14.0, allowing attackers to bypass the restricted execution environment and achieve remote code execution RCE. The vulnerability stems from the localpythonexecutor.py module, which inadequately restricts Python code...
ExecuTorch heap buffer overflow vulnerability
A heap buffer overflow vulnerability in the loading of ExecuTorch models can potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit ede82493dae6d2d43f8c424e7be4721abe5242be...
TkEasyGUI Vulnerable to OS Command Injection
Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote unauthenticated attacker if the settings are configured to construc...
internetarchive Vulnerable to Directory Traversal in File.download()
ImpactWhat kind of vulnerability is it?This is a Critical severity directory traversal path traversal vulnerability in the File.download method of the internetarchive library.Who is impacted?All users of the internetarchive library versions 5.5.1 are impacted. The vulnerability is particularly...