Vendor CVEs
Pypi
All CVEs
24 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-12205 | Cri | 0.59 | 9.1 | 0.00 | Jun 15, 2026 | Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign() on a Key object picks a nonce, and every later… | ||
| CVE-2026-45832 | Hig | 0.57 | 8.8 | 0.00 | Jun 12, 2026 | All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 endpoints. | ||
| CVE-2026-13676 | imp | 0.49 | 7.5 | — | Jun 29, 2026 | fast-uri: fast-uri: Security policy bypass due to improper Unicode hostname canonicalization | ||
| CVE-2026-4870 | Hig | 0.49 | 7.5 | 0.00 | Jun 12, 2026 | IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to trigger a segmentation fault leading to a denial of service due to uncontrolled recursion in the parser. | ||
| CVE-2026-3840 | Hig | 0.46 | 7.1 | 0.00 | Jun 12, 2026 | A vulnerability in Kedro version 1.2.0 allows an attacker to exploit path traversal by providing a crafted version string. The `_get_versioned_path()` method in `kedro/io/core.py` directly interpolates user-supplied version strings into filesystem paths without sanitization.… | ||
| CVE-2026-54421 | Med | 0.44 | 6.8 | 0.00 | Jun 14, 2026 | In OpenStack Ironic through 35.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information (such as iSCSI credentials). The PATCH outcome is a security issue; the POST outcome is not a security… | ||
| CVE-2026-36725 | Med | 0.40 | 6.1 | 0.00 | Jun 9, 2026 | A markdown based cross-site scripting (XSS) vulnerability in the /system/notice/create endpoint of FastapiAdmin v2.2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the notice_content parameter. | ||
| CVE-2026-48099 | hig | 0.39 | — | 0.00 | Jun 11, 2026 | ### Impact WsgiDAV 4.3.3 can allow a WebDAV request path containing an encoded parent-directory segment to escape the configured filesystem share root in a specific path layout. ### Patches The issue is fixed with version 4.3.4. ### Preconditions The practical impact depends… | ||
| CVE-2026-9641 | Med | 0.34 | 5.3 | 0.00 | Jun 12, 2026 | Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be used for legacy systems. These versions default to using 1000 iterations. Depending on the chosen algorithm,… | ||
| CVE-2026-11625 | 0.00 | — | 0.00 | Jun 27, 2026 | Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random… | |||
| CVE-2026-12844 | 0.00 | — | 0.00 | Jun 26, 2026 | List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise function. pairwise() collects the values returned by the block into a heap buffer sized to the longer input array, then grows the buffer before each copy with a single quadrupling… | |||
| CVE-2026-49851 | 0.00 | — | 0.00 | Jun 24, 2026 | Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear (approximately O(n²)) behavior in parse_link_text. When parsing Markdown containing many consecutive [ characters, parse_link_text… | |||
| CVE-2026-54555 | 0.00 | — | 0.00 | Jun 23, 2026 | rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.42.2, the permission splitter did not conservatively split or reject several shell constructs that Bash treats as command execution boundaries or nested execution. As a result, a command… | |||
| CVE-2025-71358 | 0.00 | — | 0.00 | Jun 22, 2026 | picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.autocomplete.AutoComplete.get_entity function in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims using pickle.load(). | |||
| CVE-2025-71357 | 0.00 | — | 0.00 | Jun 21, 2026 | picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims. | |||
| CVE-2025-71351 | 0.00 | — | 0.00 | Jun 21, 2026 | picklescan before 0.0.25 fails to detect malicious pickle files that use timeit.timeit() in the __reduce__ method, allowing remote code execution. Attackers can craft pickle files that import dangerous libraries like os and execute arbitrary system commands, which evade… | |||
| CVE-2026-12799 | 0.00 | — | 0.00 | Jun 21, 2026 | A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function ui_view_users of the file litellm/proxy/management_endpoints/internal_user_endpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to… | |||
| CVE-2026-12798 | 0.00 | — | 0.00 | Jun 21, 2026 | A weakness has been identified in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function load_openapi_spec_async of the file litellm/proxy/_experimental/mcp_server/openapi_to_mcp_generator.py of the component MCP OpenAPI Spec Loader. This manipulation of… | |||
| CVE-2026-12795 | 0.00 | — | 0.01 | Jun 21, 2026 | A vulnerability was determined in BerriAI litellm up to 1.82.2. This affects the function json.dumps of the file litellm/proxy/management_endpoints/ui_sso.py of the component SSO Debug Flow. Executing a manipulation can lead to missing authentication. The attack can be executed… | |||
| CVE-2026-56340 | 0.00 | — | 0.00 | Jun 20, 2026 | vLLM versions >= 0.10.2 and < 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests with malformed (negative or out-of-bounds) tensor… | |||
| CVE-2026-12048 | 0.00 | — | 0.00 | Jun 18, 2026 | Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server (ErrorResponse messages, including object names quoted back inside relation-does-not-exist errors and inside EXPLAIN Recheck Cond / Exact Heap Blocks… | |||
| CVE-2026-56075 | 0.00 | — | 0.00 | Jun 18, 2026 | PraisonAI before 4.5.128 contains an arbitrary shell command execution vulnerability where the UI modules hardcode approval_mode to auto, overriding administrator configuration from PRAISON_APPROVAL_MODE environment variable. Authenticated attackers can instruct the LLM agent to… | |||
| CVE-2026-48782 | 0.00 | — | 0.00 | Jun 16, 2026 | Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. In versions 1.56.0 through 1.101.0, 2.0.0b1, and 2.0.0b2, the cloud-metadata blocklist could be bypassed by encoding the metadata IP in an IPv6 transition form that the previous… | |||
| CVE-2005-0017 | 0.00 | — | 0.00 | May 2, 2005 | The f2c translator in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files. |
- risk 0.59cvss 9.1epss 0.00
Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign() on a Key object picks a nonce, and every later…
- risk 0.57cvss 8.8epss 0.00
All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 endpoints.
- risk 0.49cvss 7.5epss —
fast-uri: fast-uri: Security policy bypass due to improper Unicode hostname canonicalization
- risk 0.49cvss 7.5epss 0.00
IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to trigger a segmentation fault leading to a denial of service due to uncontrolled recursion in the parser.
- risk 0.46cvss 7.1epss 0.00
A vulnerability in Kedro version 1.2.0 allows an attacker to exploit path traversal by providing a crafted version string. The `_get_versioned_path()` method in `kedro/io/core.py` directly interpolates user-supplied version strings into filesystem paths without sanitization.…
- risk 0.44cvss 6.8epss 0.00
In OpenStack Ironic through 35.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information (such as iSCSI credentials). The PATCH outcome is a security issue; the POST outcome is not a security…
- risk 0.40cvss 6.1epss 0.00
A markdown based cross-site scripting (XSS) vulnerability in the /system/notice/create endpoint of FastapiAdmin v2.2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the notice_content parameter.
- risk 0.39cvss —epss 0.00
### Impact WsgiDAV 4.3.3 can allow a WebDAV request path containing an encoded parent-directory segment to escape the configured filesystem share root in a specific path layout. ### Patches The issue is fixed with version 4.3.4. ### Preconditions The practical impact depends…
- risk 0.34cvss 5.3epss 0.00
Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be used for legacy systems. These versions default to using 1000 iterations. Depending on the chosen algorithm,…
- CVE-2026-11625Jun 27, 2026risk 0.00cvss —epss 0.00
Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random…
- CVE-2026-12844Jun 26, 2026risk 0.00cvss —epss 0.00
List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise function. pairwise() collects the values returned by the block into a heap buffer sized to the longer input array, then grows the buffer before each copy with a single quadrupling…
- CVE-2026-49851Jun 24, 2026risk 0.00cvss —epss 0.00
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear (approximately O(n²)) behavior in parse_link_text. When parsing Markdown containing many consecutive [ characters, parse_link_text…
- CVE-2026-54555Jun 23, 2026risk 0.00cvss —epss 0.00
rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.42.2, the permission splitter did not conservatively split or reject several shell constructs that Bash treats as command execution boundaries or nested execution. As a result, a command…
- CVE-2025-71358Jun 22, 2026risk 0.00cvss —epss 0.00
picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.autocomplete.AutoComplete.get_entity function in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims using pickle.load().
- CVE-2025-71357Jun 21, 2026risk 0.00cvss —epss 0.00
picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims.
- CVE-2025-71351Jun 21, 2026risk 0.00cvss —epss 0.00
picklescan before 0.0.25 fails to detect malicious pickle files that use timeit.timeit() in the __reduce__ method, allowing remote code execution. Attackers can craft pickle files that import dangerous libraries like os and execute arbitrary system commands, which evade…
- CVE-2026-12799Jun 21, 2026risk 0.00cvss —epss 0.00
A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function ui_view_users of the file litellm/proxy/management_endpoints/internal_user_endpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to…
- CVE-2026-12798Jun 21, 2026risk 0.00cvss —epss 0.00
A weakness has been identified in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function load_openapi_spec_async of the file litellm/proxy/_experimental/mcp_server/openapi_to_mcp_generator.py of the component MCP OpenAPI Spec Loader. This manipulation of…
- CVE-2026-12795Jun 21, 2026risk 0.00cvss —epss 0.01
A vulnerability was determined in BerriAI litellm up to 1.82.2. This affects the function json.dumps of the file litellm/proxy/management_endpoints/ui_sso.py of the component SSO Debug Flow. Executing a manipulation can lead to missing authentication. The attack can be executed…
- CVE-2026-56340Jun 20, 2026risk 0.00cvss —epss 0.00
vLLM versions >= 0.10.2 and < 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests with malformed (negative or out-of-bounds) tensor…
- CVE-2026-12048Jun 18, 2026risk 0.00cvss —epss 0.00
Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server (ErrorResponse messages, including object names quoted back inside relation-does-not-exist errors and inside EXPLAIN Recheck Cond / Exact Heap Blocks…
- CVE-2026-56075Jun 18, 2026risk 0.00cvss —epss 0.00
PraisonAI before 4.5.128 contains an arbitrary shell command execution vulnerability where the UI modules hardcode approval_mode to auto, overriding administrator configuration from PRAISON_APPROVAL_MODE environment variable. Authenticated attackers can instruct the LLM agent to…
- CVE-2026-48782Jun 16, 2026risk 0.00cvss —epss 0.00
Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. In versions 1.56.0 through 1.101.0, 2.0.0b1, and 2.0.0b2, the cloud-metadata blocklist could be bypassed by encoding the metadata IP in an IPv6 transition form that the previous…
- CVE-2005-0017May 2, 2005risk 0.00cvss —epss 0.00
The f2c translator in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files.