Brandon Niemczyk

**Name of the Vulnerable Software and Affected Versions** Langflow (affected versions not specified) **Description** A flaw exists in the disk cache service of Langflow that allows remote attackers to execute arbitrary code on affected installations. Authentication is required for exploitation. The issue stems from insufficient validation of user-supplied data, leading to the deserialization of untrusted data. An attacker can exploit this to execute code within the service account's context. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** mcp-server-siri-shortcuts (affected versions not specified) **Description** This issue allows local attackers to escalate privileges on affected systems. An attacker must first have the ability to execute low-privileged code on the target system. The flaw is due to insufficient validation of user-supplied input within the `shortcutName` parameter before it is used to execute a system call. This can be leveraged to execute arbitrary code in the context of the service account. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foundation Agents MetaGPT (affected versions not specified) **Description** A flaw exists in the `deserialize message` function that allows remote attackers to execute arbitrary code on affected systems. Authentication is not required for exploitation. The issue stems from a lack of proper validation of user-supplied data, leading to the deserialization of untrusted data. An attacker can leverage this to execute code within the context of the service account. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foundation Agents MetaGPT (affected versions not specified) **Description** This issue is a code injection leading to remote code execution in Foundation Agents MetaGPT. It allows attackers to execute arbitrary code on affected systems without authentication. The root cause is insufficient validation of user-supplied strings before they are used to execute Python code within the `actionoutput str to mapping` function. An attacker can leverage this to execute code with the privileges of the service account. The flaw can be exploited over HTTP for initial access or lateral movement. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open WebUI (affected versions not specified) **Description** A flaw exists in Open WebUI that allows remote attackers to execute arbitrary code. Authentication is required to exploit this issue. The vulnerability is located within the `install frontmatter requirements` function and stems from insufficient validation of user-supplied input before it is used in a system call. Successful exploitation could allow an attacker to execute code with the privileges of the service account. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open WebUI (affected versions not specified) **Description** A flaw exists in the `load tool module by id` function of Open WebUI that allows remote attackers to execute arbitrary code. Authentication is required for exploitation. The issue stems from insufficient validation of user-supplied input before it is used to execute Python code. Successful exploitation allows an attacker to execute code within the context of the service account. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open WebUI (affected versions not specified) **Description** A flaw exists in Open WebUI that allows network-adjacent attackers to disclose sensitive information. The issue stems from transmitting credentials in plaintext through an unspecified endpoint. Authentication is not required for exploitation. Successful exploitation could lead to further compromise of the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** github-kanban-mcp-server (affected versions not specified) **Description** A flaw exists in github-kanban-mcp-server that allows remote attackers to execute arbitrary code on affected systems. Authentication is not required for exploitation. The issue stems from insufficient validation of user-supplied input within the `create issue` parameter before it is used in a system call. This can allow an attacker to execute code in the context of the service account. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MCP Manager for Claude Desktop (affected versions not specified) **Description** The software contains a security issue that allows for sandbox escape and arbitrary code execution within the context of the MCP Manager process. This is triggered by manipulated MCP configurations or malicious pages/files. The software is considered high risk in production environments. **Recommendations** Disable or remove the software until an official fix is available.

**Name of the Vulnerable Software and Affected Versions** Hugging Face Transformers (affected versions not specified) **Description** A flaw exists in the `convert config` function that allows remote attackers to execute arbitrary code on affected systems. Exploitation requires user interaction, specifically the conversion of a malicious checkpoint. The issue stems from insufficient validation of user-supplied strings before they are used to execute Python code. An attacker can exploit this to execute code with the privileges of the current user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hugging Face Transformers (affected versions not specified) **Description** A flaw exists within the `convert config` function in Hugging Face Transformers, allowing remote attackers to execute arbitrary code on affected systems. Exploitation requires user interaction, specifically the conversion of a malicious checkpoint. The issue stems from insufficient validation of user-supplied strings before they are used to execute Python code, potentially allowing an attacker to execute code in the context of the current user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hugging Face Transformers (affected versions not specified) **Description** A flaw exists in Hugging Face Transformers related to the parsing of checkpoints, allowing remote attackers to execute arbitrary code. The issue stems from insufficient validation of user-supplied data, leading to the deserialization of untrusted data. User interaction is required, such as visiting a malicious page or opening a malicious file, to trigger exploitation. The vulnerability was identified as ZDI-CAN-28308. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hugging Face Transformers (affected versions not specified) **Description** A flaw exists in Hugging Face Transformers related to the parsing of weights, stemming from insufficient validation of user-supplied data. This can lead to the deserialization of untrusted data, potentially allowing a remote attacker to execute arbitrary code. User interaction is required, as the target must visit a malicious page or open a malicious file to trigger the issue. The vulnerability was assigned ZDI-CAN-28309. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hugging Face smolagents (affected versions not specified) **Description** A flaw exists in Hugging Face smolagents that allows remote attackers to execute arbitrary code on affected systems. Authentication is not required for exploitation. The issue stems from insufficient validation of user-supplied data during the parsing of pickle data, leading to the deserialization of untrusted data. An attacker can exploit this to execute code within the service account context. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hugging Face Transformers (affected versions not specified) **Description** A flaw exists within the `convert config` function in Hugging Face Transformers that allows remote attackers to execute arbitrary code on affected installations. Exploitation requires user interaction, specifically the conversion of a malicious checkpoint. The issue stems from insufficient validation of user-supplied strings before they are used to execute Python code, potentially allowing an attacker to execute code in the context of the current user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.