)>;,_(-)

works

Bug Hunting

Llama-Cpp-Python Remote Code Execution by Server-Side Template Injection in Model Metadata

Remote-Code Execution due to Server-Side Template Injection of unportection renderer behaviour in GGUF Model Metadata in Llama-cpp-Python

CVE
RCE
Llama-cpp-Python
Vulnerability
CVE-2024-34359

Transformers has a Deserialization of Untrusted Data

Transformers contains a Deserialization of Untrusted Data vulnerability within the load_repo_checkpoint() function under the TFPreTrainedModel() class. This vulnerability enables attackers to execute arbitrary code and commands by using a carefully crafted serialized payload.

CVE
RCE
Transformers
Vulnerability
CVE-2024-3568

Transformers RCE in 'tools/base.py' -> 'load_tool'

Transformer's transformers.load_tool *(can be access via from transformers import tools; tools.load_tool or transformers.load_tool) will execute arbitrary Python Commands in a maliciously-built repo without any HuggingFace Warnings in Hub and no trust_remote_code is required.

RCE
Transformers
Vulnerability

ManageBac Stored XSS Vulnerability via MITM Request Modification

This vulnerability occurs when submitting any content (comments, discussions) using the built-in editor, where intercepting and modifying the packet with Burp Suite as a Man-In-The-Middle (MITM) attack is possible.

XSS
Sensitive-Data
Managebac

Microsoft Semantic Kernel RCE

Microsoft NLP Semantic Kernel Template Engine Remote-Code Execution

OSS
MSRC Case 87868

Using eval() to load external AWS Sagemaker LLM request leading Python Command Injections in imartinez/privategpt

In sagemaker.py 's SagemakerLLM class's complete(), Since PrivateGPT used eval() instead of json.loads() to load the remote-retrieved string into a dictionary, Python-OS-command injections payload can be parsed the response of AWS Sagemaker

OSS
RCE
CVE-2024-4343

Tenda AC8v4 contains Multiple Stack-Overflow leading RCE

Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via multiple variable in the multiple functions. CVE-2023-33669 -> CVE-2023-33675

Stack-Overflow
Router
Mips
6 CVEs

Arbitrary File Reading via Path Traversal in geopython/pygeoapi

This vulnerability allows malicious users to inject LFI Payloads bypassing the existing sanitizations into the path variable, causing read arbitrary file reading via ''.//././/.'; Fixed in pull/1593.

OSS
Arbitrary-File-Reading

GateKeep.ai IDOR -> Arbitrary User-data edit and disclosure

IDOR -> Arbitrary User-data edit and disclosure in gatekeep.ai text-to-video generation platform. Attacker can arbitrary edit and disclose user-data by exploiting the flaw in privilege management.

ML/AI
IDOR

Arbitrary File Overwrite in ZulipConnector when zuliprc- direcetory exists in danswer-ai/danswer

Arbitrary file overwrite vulnerability in ZulipConnector's load_credentials function due to unsanitized realm_name and credentials content handling when zuliprc- directory exists.

OSS
Arbitrary-File-Overwrite
CVE-2024-7957