7035 matches found
Granian vulnerable to DoS via WSGI response header panic
SummaryGranian aborts a worker process if a WSGI application returns an invalid HTTP response header name or value. The WSGI response conversion path uses .unwrap on both the header name and header value constructors, so malformed output from the application becomes a process abort instead of a...
OpenStack Ironic has an Incorrect Resource Transfer Between Spheres
An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token which provides access to all OpenStack services Ironic is authorized for; o...
Ethyca Fides has a Privacy Request Identity Verification Bypass Vulnerability via Duplicate Detection
SummaryFides deployments that enable both subject identity verification and duplicate privacy request detection are affected by a vulnerability in which an administrator can approve a privacy request whose identity was never verified. For erasure policies, this can result in unauthorized deletion...
ciguard: discover_pipeline_files follows symlinks out of scan root
SummaryThe discoverpipelinefiles function in src/ciguard/discovery.py introduced in v0.8.0 and used by the MCP scanrepo tool shipped in v0.8.1 walks a directory tree following symlinks, with cycle protection via tracking visited resolved paths. An attacker who can plant a symlink in a directory t...
ciguard: Container image runs as root (no USER directive)
SummaryThe published ghcr.io/jo-jo98/ciguard container image inherits the default root user because the Dockerfile lacks a USER directive. ciguard is a static analyser with no need for root privileges; running as root inside a container makes any future container-runtime escape CVE more impactful...
PyLoad vulnerable to unauthenticated traceback disclosure via global exception handler in WebUI
Summarypyload-ng WebUI returns full Python traceback details to clients on unhandled exceptions.Because /web/ is reachable without authentication and renders attacker-controlled template names, an unauthenticated user can reliably trigger a server exception for example by requesting a non-existen...
Mistune has a ReDoS in LINK_TITLE_RE that allows denial of service via crafted Markdown input
SummaryA ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE allows an attacker who can supply Markdown for parsing to cause denial of service. A crafted 58-byte Markdown document blocks the parser for approximately 6 seconds measured on Apple M2, Python 3.14.3, with exponenti...
Paramiko rsakey.py allows the SHA-1 algorithm
In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm...
vLLM Vulnerable to Remote DoS via Special-Token Placeholders
SummaryThis report explains a Token Injection vulnerability in vLLMâs multimodal processing. Unauthenticated, text-only prompts that spell special tokens are interpreted as control. Image and video placeholder sequences supplied without matching data cause vLLM to index into empty grids during...
ciguard: SCA HTTP client reads response body without size cap
SummaryBoth SCA HTTP clients src/ciguard/analyzer/sca/osv.py and src/ciguard/analyzer/sca/endoflife.py call payload = json.loadsresp.read.decode'utf-8' without a maximum-bytes cap. A hostile or compromised endoflife.date / OSV.dev or a successful TLS MITM could return a multi-GB response,...
PPTAgent: Arbitrary File Write + Directory Creation via markdown_table_to_image
SummaryThe markdowntabletoimage tool accepts a caller-controlled path parameter and passes it directly to gethtmltableimage:python pptagent/mcpserver.py:127-143def markdowntabletoimagemarkdowntable: str, path: str, css: str - str: """ Args: path str: The file path where the image will be saved ""...
PPTAgent: Arbitrary File Write via `save_generated_slides`
Summary This vulnerability has been fixed in https://github.com/icip-cas/PPTAgent/commit/418491a9a1c02d9d93194b5973bb58df35cf9d00.The savegeneratedslides MCP tool accepts a pptxpath argument and writes the generated PPTX file to that path without any workspace restriction or path validation:pytho...
requests-hardened is Vulnerable to Server-Side Request Forgery
The SSRF protection in requests-hardened prior to version 1.2.1 fails to block IP addresses within the RFC 6598 Shared Address Space 100.64.0.0/10. An attacker who can supply arbitrary URLs to requests-hardened could exploit this gap to access internal services hosted within 100.64.0.0/10. This i...
wireshark-mcp vulnerable to arbitrary file write via export_objects when WIRESHARK_MCP_ALLOWED_DIRS is not configured
Description Impactwireshark-mcp exposes a wiresharkexportobjects MCP tool that accepts an attacker-controlled destdir parameter and passes it to tshark's --export-objects flag with no mandatory path restriction.The path sandbox alloweddirs is None by default and only activates when the environmen...
PPTAgent: Arbitrary Code Execution via Python eval() of LLM-Generated Code with Builtins in Scope
Summary This vulnerability has been fixed in https://github.com/icip-cas/PPTAgent/commit/418491a9a1c02d9d93194b5973bb58df35cf9d00.CodeExecutor.executeactions pptagent/apis.py:126-205 processes LLM-generated slide editing actions using Python's eval: python pptagent/apis.py:184-186partialfunc =...
OpenStack Horizon has Incorrect Behavior Order
An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix...
Langchain-Chatchat Uses Insufficiently Random Values
A vulnerability was found in chatchat-space Langchain-Chatchat up to 0.3.1.3. The affected element is the function getfileid of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component Uploaded File Handler. Performing a manipulation results in insufficiently rando...
Microdot has HTTP response splitting in Response.set_cookie()
ImpactThe Response.setcookie method does not sanitize its string arguments, and in particular will not detect the presence of the \r\n sequence in them. This can be a potential source of header injection attacks.For a header injection attack through this issue to be possible, an attacker must fir...
Pillow has a PDF Parsing Trailer Infinite Loop (DoS)
ImpactAn attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. PatchesPatched version: 12.2.0.PdfParser introduced in Pillow 4.2.0 follows Prev pointers in PDF trailers to read cross-reference sections. If...
IKUS Rdiffweb allows an attacker with any valid or stolen access token to act as other users
IKUS Rdiffweb version 2.10.5 and below have an improper authorization flaw that allows an attacker with any valid or stolen access token to act as other users. The API does not enforce binding between the authenticated subject and the targeted user/tenant, so crafted requests can read or modify...
Langchain-Chatchat Uses a Broken or Risky Cryptographic Algorithm
A flaw has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. This issue affects the function PIL.Image.tobytes of the file libs/chatchat-server/chatchat/webuipages/dialogue/dialogue.py of the component Vision Chat Paste Image Handler. This manipulation of the argument...
Langchain-Chatchat has a Race Condition in its OpenAI-Compatible File Upload API
A vulnerability has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. Impacted is the function files of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component OpenAI-Compatible File Upload API. Such manipulation of the argument file.filename leads to...
Prefect Git Argument Injection in GitRepository Pull Steps
A vulnerability was found in PrefectHQ prefect up to 3.6.25.dev6. Affected by this issue is some unknown functionality of the file src/prefect/runner/storage.py of the component GitRepository Pull Handler. The manipulation of the argument commitsha/directories results in argument injection. It is...
mem0ai mem0 has an Improper Input Validation Issue
A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vectorstores/faiss.py. Performing a manipulation results in deserialization. It is possible to initiate the attack remotely. The exploit has been made public and could be used...
MindsDB has an Improper Access Control Issue
A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...
Prefect Unauthenticated Event Injection via /api/events/in WebSocket
A flaw has been found in PrefectHQ prefect up to 3.6.13. Affected is an unknown function of the file /api/events/in of the component WebSocket Endpoint. Executing a manipulation can lead to missing authentication. The attack may be performed from remote. The exploit has been published and may be...
Prefect Auth Bypass via endswith() Health Check Exemption
A vulnerability was detected in PrefectHQ prefect up to 3.6.21. This impacts the function endswith of the file /api/health of the component Health Check API. Performing a manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit is now public...
pyp2spec is Vulnerable to Code Injection
Impactpyp2spec was writing PyPI package metadata e.g. the summary field into the generated spec file without escaping RPM macro directives. When a packager then runs rpmbuild, those directives get evaluated, so a malicious package can execute arbitrary commands on the build machine.The macro...
SGLang has an Improper Input Validation/Injection Issue
A vulnerability was detected in sgl-project SGLang up to 0.5.9. Impacted is the function gettokenizer of the file python/sglang/srt/utils/hftransformersutils.py of the component HuggingFace Transformer Handler. The manipulation results in deserialization. The attack can be executed remotely. A hi...
Prefect SSRF Bypass via DNS Rebinding in validate_restricted_url
A vulnerability has been found in PrefectHQ prefect up to 3.6.28.dev1. Affected by this vulnerability is the function validaterestrictedurl of the component Webhook/Notification. The manipulation leads to time-of-check time-of-use. It is possible to initiate the attack remotely. The attack is...
mcpo-simple-server has a Path Traversal issue
A weakness has been identified in getsimpletool mcpo-simple-server up to 0.2.0. Affected is the function deletesharedprompt of the file src/mcposimpleserver/services/promptmanager/basemanager.py. This manipulation of the argument detail causes relative path traversal. It is possible to initiate t...
Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS
ImpactA stored Cross-Site Scripting XSS vulnerability in Jupyter Notebook allows attackers to steal authentication tokens from users who open malicious notebook files and interact with elements that the attacker can make look indistinguishable from legitimate controls single click interaction.The...
pygeoapi 0.23.x: Path Traversal in STAC FileSystemProvider
ImpactA raw string path concatenation vulnerability in pygeoapi's STAC FileSystemProvider plugin can allow for requests to STAC collection based collections to expose directories without authentication. The issue manifests when pygeoapi is deployed without a proxy or web front end that would...
django-mdeditor is Missing Authentication for Critical Function
All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary code execution since this endpoint lacks authentication protection and proper sanitisation of file...
CKAN has Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql`
ImpactA vulnerability in datastoresearchsql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information. PatchesThe issue has been patched in CKAN 2.10.10 and CKAN 2.11.5 WorkaroundsDisable the DataStore SQL search ckan.datastore.sqlsearch.enable...
CKAN has CSRF exemption primed by anonymous requests
Views can be marked as exempt from CSRF protection Access to the views via tokens or unauthenticated requests marked the endpoint as not requiring CSRF protection. The marking was a member variable in flask-wtf.csrf.CSRFProtect, which was stored as a module level variable in the flaskapp...
AstrBot Makes Use of Hard-coded Password
A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. This issue affects some unknown processing of the file astrbot/dashboard/routes/auth.py of the component Dashboard. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The...
Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS
ImpactA stored Cross-Site Scripting XSS vulnerability in Jupyter Notebook allows attackers to steal authentication tokens from users who open malicious notebook files and interact with elements that the attacker can make look indistinguishable from legitimate controls single click interaction.The...
CKAN has Unauthenticated Authorization Bypass in `datastore_search_sql`
ImpactA vulnerability in datastoresearchsql allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system information PatchesThe issue has been patched in CKAN 2.10.10 and CKAN 2.11.5 WorkaroundsDisable the DataStore SQL search...
pygeoapi 0.23.x: Unauthenticated SSRF via OGC API - Processes Subscriber
ImpactOGC API - Process execution requests can use the subscriber object to requests to internal HTTP services. PatchesThe issue has been patched in master branch and made available as part of the 0.23.3 release. The patch disables any HTTP requests made to internal resources by default unless...
sqlite-mcp has an Injection issue
A security flaw has been discovered in dubydu sqlite-mcp up to 0.1.0. The affected element is the function extracttojson of the file src/entry.py. Performing a manipulation of the argument outputfilename results in sql injection. Remote exploitation of the attack is possible. The exploit has been...
mkdocs-mcp-plugin has a Path Traversal issue
A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function readdocument/listdocuments of the file server.py. Performing a manipulation of the argument docsdir/filepath results in path traversal. The attack is possible to be carried out remotely. The exploit has...
OpenStack Ironic is Vulnerable to Inclusion of Functionality from Untrusted Control Sphere
OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-default configuration that has a console interface...
mcp-url-downloader has a Server-Side Request Forgery issue
A vulnerability has been found in dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. Affected by this issue is the function validateurlsafe of the file src/mcpurldownloader/server.py. Such manipulation of the argument url leads to server-side request forgery. The attack...
auto-favicon has a Server-Side Request Forgery issue
A vulnerability was found in dh1011 auto-favicon up to f189116a9259950c2393f114dbcb94dde0ad864b. This issue affects the function generatefaviconfromurl of the file src/autofavicon/server.py of the component MCP Tool. The manipulation of the argument imageurl results in server-side request forgery...
CKAN has no certificate validation on STMP connection
ImpactConfigured SMTP server may be spoofed with any certificate e.g. self-signed, leaving credentials and all emails sent open to MITM attacks. PatchesThe vulnerability has been patched in CKAN 2.10.10 and CKAN 2.11.5...
notes-mcp has a Path Traversal issue
A security vulnerability has been detected in edvardlindelof notes-mcp up to 0.1.4. This affects an unknown function of the file notesmcp.py. The manipulation of the argument rootdir/path leads to path traversal. The attack is possible to be carried out remotely. The exploit has been disclosed...
beets has a Cross-site Scripting vulnerability
During code logic analyis, an area that may lead to unintended behavior under specific conditions was discovered. Overview- Verified Version: 80cd21554124da07d17a4f962c7d770a4f70d0f2- Vulnerability Type: Stored XSS- Affected Location: beetsplug/web/templates/index.html:42- Trigger Scenario:...
Apache Airflow's authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop (HITL) and TaskInstance record
The authenticated /ui/dagsendpoint did not enforce per-DAG access control on embedded Human-in-the-Loop HITL and TaskInstance records: a logged-in Airflow user with read access to at least one DAG could retrieve HITL prompts including their request parameters and full TaskInstance details for DAG...
pip Vulnerable to Inclusion of Functionality from Untrusted Control Sphere
pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...