Lucene search
+L

7044 matches found

PyPA
PyPA
•added 2025/05/19 4:15 p.m.•12 views

PYSEC-2025-180

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.5.2, any user with the capability manage customizations can edit webhook that will execute javascript code. This can be abused to cause a denial of service attack by prototype...

7.6CVSS5.9AI score0.00353EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2025/05/19 12:15 p.m.•9 views

PYSEC-2025-40

A vulnerability in the preprocessstring function of the transformers.testingutils module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service ReDoS attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leadin...

7.5CVSS7.1AI score0.00507EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2025/05/17 4:15 p.m.•8 views

PYSEC-2025-49

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with...

8.8CVSS8.2AI score0.01454EPSS
Exploits4References7Affected Software1
PyPA
PyPA
•added 2025/05/16 9:15 a.m.•11 views

PYSEC-2025-145

A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service DoS attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, which can...

7.5CVSS7.1AI score0.00422EPSS
Exploits1References1Affected Software1
PyPA
PyPA
•added 2025/05/14 11:15 p.m.•10 views

PYSEC-2025-124

Label Studio is a multi-type data labeling and annotation tool. A vulnerability in versions prior to 1.18.0 allows an attacker to inject a malicious script into the context of a web page, which can lead to data theft, session hijacking, unauthorized actions on behalf of the user, and other attack...

7.6CVSS5.8AI score0.0054EPSS
Exploits1References1Affected Software1
PyPA
PyPA
•added 2025/05/14 4:15 p.m.•10 views

PYSEC-2025-39

motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed camera device path with the add/addcamera motionEye web API allows an attacker with motionEye admin user credentials to execute...

9.3CVSS7.3AI score0.00424EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2025/05/14 11:16 a.m.•17 views

PYSEC-2025-60

Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB.This issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2.Users are recommended to upgrade to version...

7.5CVSS6.9AI score0.00709EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2025/05/14 11:15 a.m.•10 views

PYSEC-2025-59

Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who hasprivilege to create UDF can register malicious function fromuntrusted URI.This issue affects Apache IoTDB: from 1.0.0 before 1.3.4.Users are recommended to upgrade to version 1.3.4, which fixes the...

9.8CVSS7.5AI score0.01304EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2025/05/08 5:16 p.m.•10 views

PYSEC-2025-38

OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling if a deployment was performed via the API. A malicious project assigned as a node owner can provide a path to any local file readable by ironic-conductor, which may then be written to the target...

2.8CVSS6.8AI score0.00155EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2025/05/08 4:17 a.m.•10 views

PYSEC-2025-37

An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.striptags function is vulnerable to a potential denial-of-service slow performance when processing inputs containing large sequences of incomplete HTML tags. The template filter...

5.3CVSS7AI score0.14243EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 2025/05/06 3:16 p.m.•4 views

PYSEC-2025-242

FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. An HTTP header injection vulnerability has been identified in versions prior to 2.0.0. By manipulating the X-Forwarded-For header, an attacker can potentially...

7.5CVSS6.2AI score0.0029EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2025/05/05 7:15 p.m.•11 views

PYSEC-2025-136

Cross-Site Scripting XSS vulnerability exists in Mezzanine CMS 6.0.0 in the "View Entries" feature within the Forms module...

6.1CVSS5.8AI score0.00242EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2025/05/05 5:18 p.m.•18 views

PYSEC-2025-179

OpenCTI is an open cyber threat intelligence CTI platform. Prior to version 6.4.11 any user with the capability manage customizations can execute commands on the underlying infrastructure where OpenCTI is hosted and can access internal server side secrets by misusing the web-hooks. Since the...

9.1CVSS7.5AI score0.00776EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2025/04/30 7:15 p.m.•11 views

PYSEC-2025-178

OpenCTI is an open-source cyber threat intelligence platform. In versions starting from 6.4.8 to before 6.4.10, the allow/deny lists can be bypassed, allowing a user to change attributes that are intended to be unmodifiable by the user. It is possible to toggle the external flag on/off and change...

6.3CVSS5.7AI score0.00202EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2025/04/30 1:15 a.m.•10 views

PYSEC-2025-42

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and prior to 0.8.5, having vLLM integration with mooncake, are vulnerable to remote code execution due to using pickle based serialization over unsecured ZeroMQ sockets. The vulnerab...

10CVSS8.1AI score0.01478EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2025/04/24 1:15 a.m.•11 views

PYSEC-2025-34

The unsafe globals in Picklescan before 0.0.25 do not include ssl. Consequently, ssl.getservercertificate can exfiltrate data via DNS after deserialization...

6.8CVSS7AI score0.002EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2025/04/22 6:15 p.m.•19 views

PYSEC-2025-56

OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPrint has a vulnerability that allows an attacker to bypass the login redirect and directly access the rendered HTML of certain frontend pages. The primary risk lies in potential...

4.3CVSS7AI score0.00227EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2025/04/18 4:15 p.m.•15 views

PYSEC-2025-41

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution RCE vulnerability exists in PyTorch when loading a model using torch.load with...

9.8CVSS7.2AI score0.01917EPSS
Exploits1References1Affected Software1
PyPA
PyPA
•added 2025/04/17 6:15 p.m.•29 views

PYSEC-2025-177

Pycel through 1.0b30, when operating on an untrusted spreadsheet, allows code execution via a crafted formula in a cell, such as one beginning with the =IFA1=200, eval"import'os'.system substring...

9.8CVSS6.2AI score0.00837EPSS
Exploits2References5Affected Software1
PyPA
PyPA
•added 2025/04/15 9:16 p.m.•13 views

PYSEC-2025-35

Weblate is a web based localization tool. Prior to version 5.11, when creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client's URL parameters during the creation process. If, for example, the source code...

7.5CVSS7.2AI score0.00357EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2025/04/14 3:15 a.m.•10 views

PYSEC-2025-171

A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD3Importer::ValidateSurfaceHeaderOffsets of the file code/AssetLib/MD3/MD3Loader.cpp of the component File Handler. The manipulation leads to heap-based buffer...

5.3CVSS5.9AI score0.00262EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2025/04/09 4:15 p.m.•25 views

PYSEC-2025-235

XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to 0.1.18, Xgrammar includes a cache for compiled grammars to increase performance with repeated use of the same grammar. This cache is held in memory. Since the cache is unbounded, a system maki...

6.5CVSS6.5AI score0.00466EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2025/04/09 4:15 p.m.•9 views

PYSEC-2025-32

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.8, there was an insecure deserialization in BentoML's runner server. By setting specific headers and parameters in the POST request, it is possible to execute any unauthorized...

9.8CVSS7.4AI score0.50446EPSS
Exploits5References3Affected Software1
PyPA
PyPA
•added 2025/04/07 8:15 p.m.•9 views

PYSEC-2025-117

Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialReference::Release function. NOTE: the Supplier indicates that the report is invalid and could not be reproduced...

5.5CVSS5.8AI score0.00214EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2025/04/07 3:15 p.m.•13 views

PYSEC-2025-36

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrarycode...

9.8CVSS7.9AI score0.9999EPSS
Exploits33References4Affected Software1
PyPA
PyPA
•added 2025/04/06 8:15 p.m.•9 views

PYSEC-2025-16

LNbits is a Lightning wallet and accounts system. A Server-Side Request Forgery SSRF vulnerability has been discovered in LNbits' LNURL authentication handling functionality. When processing LNURL authentication requests, the application accepts a callback URL parameter and makes an HTTP request ...

9.3CVSS7.2AI score0.00628EPSS
Exploits2References2Affected Software1
PyPA
PyPA
•added 2025/04/04 2:15 a.m.•10 views

PYSEC-2025-170

A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD2Importer::InternReadFile in the library code/AssetLib/MD2/MD2Loader.cpp of the component Malformed File Handler. The manipulation of the argument Name leads ...

5.5CVSS6.1AI score0.00284EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2025/04/03 3:15 p.m.•2 views

PYSEC-2025-264

A vulnerability has been found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This vulnerability affects the function Assimp::SceneCombiner::AddNodeHashes of the file code/Common/SceneCombiner.cpp of the component File Handler. The manipulation leads to out-of-bounds rea...

4.8CVSS5.2AI score0.00245EPSS
Exploits1References7Affected Software1
PyPA
PyPA
•added 2025/04/03 2:15 p.m.•11 views

PYSEC-2025-169

A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. Affected by this issue is the function Assimp::LWO::AnimResolver::UpdateAnimRangeSetup of the file code/AssetLib/LWO/LWOAnimation.cpp of the component LWO File Handler. The manipulation...

7.8CVSS5.8AI score0.00301EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2025/04/03 2:15 p.m.•2 views

PYSEC-2025-263

A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::ASE::Parser::ParseLV4MeshBonesVertices of the file code/AssetLib/ASE/ASEParser.cpp of the component ASE File Handler. The manipulation leads to heap-based buff...

7.8CVSS5.8AI score0.00301EPSS
Exploits1References7Affected Software1
PyPA
PyPA
•added 2025/04/03 4:15 a.m.•10 views

PYSEC-2025-197

A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0. This issue affects the function torch.cuda.memory.cachingallocatordelete of the file c10/cuda/CUDACachingAllocator.cpp. The manipulation leads to memory corruption. An attack has to be approached locally. The...

4.8CVSS4.8AI score0.00243EPSS
Exploits1References7Affected Software1
PyPA
PyPA
•added 2025/04/02 10:15 p.m.•10 views

PYSEC-2025-229

A vulnerability classified as problematic was found in WebAssembly wabt 1.0.36. Affected by this vulnerability is the function BinaryReaderInterp::BeginFunctionBody of the file src/interp/binary-reader-interp.cc. The manipulation leads to null pointer dereference. The attack can be launched...

5.3CVSS4.3AI score0.00566EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2025/04/02 10:15 p.m.•20 views

PYSEC-2025-196

A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jitmodulefromflatbuffer. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used...

5.5CVSS4.8AI score0.00254EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2025/04/02 1:15 p.m.•13 views

PYSEC-2025-14

An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.setlanguage are subject to a potential denial-of-service attack v...

7.5CVSS7AI score0.00997EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2025/03/31 9:15 p.m.•2 views

PYSEC-2025-261

A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::ASEImporter::BuildUniqueRepresentation of the file code/AssetLib/ASE/ASELoader.cpp of the component ASE File Handler. The manipulation of the argument mIndices leads ...

8.8CVSS6.2AI score0.0047EPSS
Exploits1References7Affected Software1
PyPA
PyPA
•added 2025/03/31 9:15 p.m.•3 views

PYSEC-2025-262

A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function Assimp::MDLImporter::ParseTextureColorData of the file code/AssetLib/MDL/MDLMaterialLoader.cpp of the component MDL File Handler. The manipulation of the argument...

6.5CVSS5.6AI score0.00581EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2025/03/31 5:15 p.m.•16 views

PYSEC-2025-48

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The mitigation for CVE-2024-29190 in validhost uses socket.gethostbyname, which is vulnerable to SSRF abuse using DNS rebinding technique. This...

9.8CVSS6.9AI score0.00712EPSS
Exploits2References4Affected Software1
PyPA
PyPA
•added 2025/03/31 4:15 p.m.•11 views

PYSEC-2025-195

A vulnerability classified as critical was found in PyTorch 2.6.0. This vulnerability affects the function torch.lstmcell. The manipulation leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used...

5.3CVSS5.4AI score0.00183EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 2025/03/31 3:15 p.m.•12 views

PYSEC-2025-194

A vulnerability classified as critical has been found in PyTorch 2.6.0. This affects the function torch.jit.script. The manipulation leads to memory corruption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used...

5.3CVSS5.4AI score0.00183EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 2025/03/31 3:15 p.m.•11 views

PYSEC-2025-193

A vulnerability was found in PyTorch 2.6.0. It has been rated as critical. Affected by this issue is the function torch.nn.utils.rnn.unpacksequence. The manipulation leads to memory corruption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used...

5.3CVSS5.5AI score0.00185EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 2025/03/31 2:15 p.m.•10 views

PYSEC-2025-192

A vulnerability was found in PyTorch 2.6.0. It has been declared as critical. Affected by this vulnerability is the function torch.nn.utils.rnn.padpackedsequence. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the...

5.3CVSS5.5AI score0.00185EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 2025/03/30 4:15 p.m.•13 views

PYSEC-2025-191

A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnnmaxpool2d. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be...

5.5CVSS4.7AI score0.00237EPSS
Exploits1References7Affected Software1
PyPA
PyPA
•added 2025/03/25 9:15 p.m.•13 views

PYSEC-2025-114

A template injection vulnerability in the Dashboard of NASA Fprime v3.4.3 allows attackers to execute arbitrary code via uploading a crafted Vue file...

9.8CVSS6.2AI score0.00726EPSS
Exploits1References1Affected Software1
PyPA
PyPA
•added 2025/03/25 9:15 p.m.•11 views

PYSEC-2025-116

A command injection vulnerability in the Command Dispatcher Service of NASA Fprime v3.4.3 allows attackers to execute arbitrary commands...

9.8CVSS6AI score0.01663EPSS
Exploits1References1Affected Software1
PyPA
PyPA
•added 2025/03/25 9:15 p.m.•13 views

PYSEC-2025-115

NASA Fprime v3.4.3 was discovered to contain multiple cross-site scripting XSS vulnerabilities...

6.1CVSS5.6AI score0.00266EPSS
Exploits1References1Affected Software1
PyPA
PyPA
•added 2025/03/25 10:15 a.m.•10 views

PYSEC-2025-168

A vulnerability classified as critical was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function AIMD5PARSESTRINGINQUOTATION of the file code/AssetLib/MD5/MD5Parser.cpp of the component MD5 File Handler. The manipulation of the argument data leads to heap-based...

8.8CVSS6.7AI score0.00478EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2025/03/25 10:15 a.m.•10 views

PYSEC-2025-167

A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::AC3DImporter::ConvertObjectSection of the file code/AssetLib/AC/ACLoader.cpp of the component AC3D File Handler. The manipulation of the argument tmp leads to...

8.8CVSS6.7AI score0.00482EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2025/03/25 9:15 a.m.•11 views

PYSEC-2025-166

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been rated as critical. Affected by this issue is the function Assimp::AC3DImporter::ConvertObjectSection of the file code/AssetLib/AC/ACLoader.cpp of the component AC3D File Handler. The manipulation of the argument...

8.8CVSS6.2AI score0.00431EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2025/03/25 9:15 a.m.•14 views

PYSEC-2025-165

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been declared as critical. Affected by this vulnerability is the function Assimp::AC3DImporter::ConvertObjectSection of the file code/AssetLib/AC/ACLoader.cpp of the component AC3D File Handler. The manipulation of the...

8.8CVSS6.7AI score0.00508EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2025/03/25 9:15 a.m.•21 views

PYSEC-2025-164

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as critical. Affected is the function SceneCombiner::MergeScenes of the file code/AssetLib/LWS/LWSLoader.cpp of the component LWS File Handler. The manipulation leads to out-of-bounds read. It is possible ...

8.8CVSS6.1AI score0.00462EPSS
Exploits1References5Affected Software1
Total number of security vulnerabilities7044