7044 matches found
DB-GPT vulnerable to Arbitrary File Upload with Path Traversal
In eosphoros-ai/db-gpt version v0.6.0, the web API POST /v1/personal/agent/upload is vulnerable to Arbitrary File Upload with Path Traversal. This vulnerability allows unauthorized attackers to upload arbitrary files to the victim's file system at any location. The impact of this vulnerability...
vLLM deserialization vulnerability in vllm.distributed.GroupCoordinator.recv_object
vllm-project vllm version 0.6.0 contains a vulnerability in the distributed training API. The function vllm.distributed.GroupCoordinator.recvobject deserializes received object bytes using pickle.loads without sanitization, leading to a remote code execution vulnerability. Maintainer...
PaddlePaddle Out-of-bounds Read vulnerability
Out-of-bounds read in gathertree in PaddlePaddle before 2.4. A patch is available in the release/2.4 branch...
Kedro deserialization vulnerability
A Remote Code Execution RCE vulnerability has been identified in the Kedro ShelveStore class version 0.19.8. This vulnerability allows an attacker to execute arbitrary Python code via deserialization of malicious payloads, potentially leading to a full system compromise. The ShelveStore class use...
Aim path traversal in LockManager.release_locks
A vulnerability in the LockManager.releaselocks function in aimhubio/aim commit bb76afe allows for arbitrary file deletion through relative path traversal. The runhash parameter, which is user-controllable, is concatenated without normalization as part of a path used to specify file deletion. Thi...
Improper Neutralization of Argument Delimiters in a Decompiling Package Process in APKLeaks
APKLeaks prior to v2.0.4 allows remote authenticated attackers to execute arbitrary OS commands via package name inside the application manifest. Impact An authenticated attacker could include arguments that allow unintended commands or code to be executed, allow sensitive data to be read or...
Apache Airflow Hive Provider vulnerable to Command Injection
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider before 5.0.0...
OS Command Injection in Apache Airflow
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airfl...
Shinken Solutions Shinken Monitoring vulnerable to Incorrect Access Control
Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnerable to Incorrect Access Control. The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme when unserializing objects passed from monitoring nodes to the Shinken monitoring server...
acryl-datahub missing JWT signature check
Missing JWT signature check GHSL-2022-078The StatelessTokenService of the DataHub metadata service GMS does not verify the signature of JWT tokens. This allows an attacker to connect to DataHub instances as any user if Metadata Service authentication is enabled. This vulnerability occurs because...
wger vulnerable to brute force attempts
Improper Restriction of Excessive Authentication Attempts in GitHub repository wger-project/wger prior to 2.2...
calibre-web is vulnerable to Business Logic Errors
calibre-web is vulnerable to Business Logic Errors...
ChainerRL Visualizer 0.1.1 vulnerable to Path Traversal via unsafe use of send_file function
The chainer/chainerrl-visualizer repository through 0.1.1 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
Tooxie Shiva 0.10.0 allows absolute path traversal because Flask send_file function used unsafely
The tooxie/shiva-server repository through 0.10.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
rpc.py vulnerable to Deserialization of Untrusted Data
rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON not Pickle is the default data format, an unauthenticated client can cause the data to be processed with unpickle.Per the maintainer, rpc.p...
SatyaLab opendiamond 10.1.1 vulnerable to path traversal because Flask send_file function used unsafely
The cmusatyalab/opendiamond repository through 10.1.1 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely. A patch is available on the master branch of the repository...
OS Command Injection in Apache Airflow
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Pig Provider...
PaddlePaddle vulnerable to code injection via winstr
In PaddlePaddle before 2.4, paddle.audio.functional.getwindow is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution...
OpenStack Murano Code Execution
OpenStack Murano before 1.0.3 liberty and 2.x before 2.0.1 mitaka, Murano-dashboard before 1.0.3 liberty and 2.x before 2.0.1 mitaka, and python-muranoclient before 0.7.3 liberty and 0.8.x before 0.8.5 mitaka improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files,...
Openstack Keystone Incorrect Authorization vulnerability
A flaw was found in openstack-keystone, only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity. A patch is...
WMAgent arbitrary code execution via a crafted dbs-client package
WMAgent v1.3.3rc2 and 1.3.3rc1, reqmgr2 1.4.1rc5 and 1.4.0rc2, reqmon 1.4.1rc5, and global-workqueue 1.4.1rc5 allows attackers to execute arbitrary code via a crafted dbs-client package...
OpenStack Neutron allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address...
web2py is vulnerable to password brute-force attack
web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks...
ReviewBoard and Djblets library are vulnerable to code execution
An eval vulnerability exists in Python Software Foundation Djblets version before 0.6.30 and 0.7.0 before 0.7.19 and Beanbag Review Board before 1.7.15 when parsing JSON requests allowing an attacker to execute arbitrary Python code...
web2py remote code execution via hardcoded encryption key in session.connect function
The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function...
Session Fixation in ipsilon
A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active...
Openstack Magnum Unsafe Credential Handling
OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform...
OpenStack Nova logs sensitive context from notification exceptions
An issue was discovered in exceptionwrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens...
OpenStack os-vif Ageing time of 0 disables linuxbridge MAC learning
In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of packets for instance...
OpenStack Object Storage (swift) Code Injection vulnerability
OpenStack Object Storage swift before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object...
Plone Unauthenticated Write Vulnerability
A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT overwrite some content without needing write permission...
Server-Side Request Forgery in calibreweb
calibreweb prior to version 0.6.17 is vulnerable to server-side request forgery SSRF. This is due to an incomplete fix for CVE-2022-0339. The blacklist does not check for 0.0.0.0, which would result in a payload of 0.0.0.0 resolving to localhost...
Cobbler vulnerable to arbitrary code execution
Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user...
Radicale is vulnerable to directory traversal on Windows Filesystem Storage Backend component
The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore...
Server-Side Request Forgery in calibreweb
calibreweb prior to version 0.6.17 is vulnerable to server-side request forgery SSRF. This is a result of incomplete SSRF protection that can be bypassed via an HTTP redirect. An HTTP server set up to respond with a 302 redirect may redirect a request to localhost...
Cobbler has Exposed Dangerous Method or Function
It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon...
OpenStack Murano Code Execution
OpenStack Murano before 1.0.3 liberty and 2.x before 2.0.1 mitaka, Murano-dashboard before 1.0.3 liberty and 2.x before 2.0.1 mitaka, and python-muranoclient before 0.7.3 liberty and 0.8.x before 0.8.5 mitaka improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files,...
OpenStack Octavia Amphora-Agent not requiring Client-Certificate
Amphora Images in OpenStack Octavia =0.10.0 =3.0.0 =4.0.0 4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the...
SQL injection in calibreweb
Calibre-Web before 0.6.18 allows user table SQL Injection...
Cobbler Improper Validation of Security Tokens
Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API /cobblerapi that can result in Privilege escalation, data manipulation or...
Command injection in libvcs and vcspull
The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the updaterepo function when using hg, the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command execution...
Malicious code in pyphetools (PyPI)
Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08,malicious phantom releases of pyphetools were published to PyPI using stolencredentials. The package executes a bundled JavaScript payload via the Bunruntime on import that harvests and exfiltrates credentials and...
PYSEC-2026-2146
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI and path handling. This vulnerability is fixed in 2.94.0...
PYSEC-2026-2144
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2.91.0, the METS-GBS backend's XML parsing and the input document format detection lacked security controls. An attacker could craft malicious METS-GBS...
Malicious code in ppkt2synergy (PyPI)
Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08,malicious phantom releases of ppkt2synergy were published to PyPI using stolencredentials. The package executes a bundled JavaScript payload via the Bunruntime on import that harvests and exfiltrates credentials and...
Malicious code in phenopacket-store-toolkit (PyPI)
Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08,malicious phantom releases of phenopacket-store-toolkit were published to PyPI using stolencredentials. The package executes a bundled JavaScript payload via the Bunruntime on import that harvests and exfiltrates...
PYSEC-2026-238
The Apache Airflow FTP provider's FTPSHook.getconn created an ftplib.FTPTLS connection but never called protp, so although the control channel was TLS-protected the data channel was transmitted in cleartext. Any deployment using FTPSHook or FTPSFileTransmitOperator to move files over FTPS exposed...
Malicious code in gpsea (PyPI)
Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08,malicious phantom releases of gpsea were published to PyPI using stolencredentials. The package executes a bundled JavaScript payload via the Bunruntime on import that harvests and exfiltrates credentials and...
Malicious code in embiggen (PyPI)
Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08,malicious phantom releases of embiggen were published to PyPI using stolencredentials. The package executes a bundled JavaScript payload via the Bunruntime on import that harvests and exfiltrates credentials and...
PYSEC-2026-2145
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.73.0 until 2.91.0, he LaTeX backend's handling of \includegraphics, \input, and \include commands lacked path containment validation. Attackers could craft malicio...