Gothburz

**Name of the Vulnerable Software and Affected Versions** MLflow (affected versions not specified) **Description** MLflow is susceptible to an authentication bypass due to the use of default passwords. This allows unauthorized access to the system. The issue involves a critical security flaw with a CVSS score of 9.8. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Langflow (affected versions not specified) **Description** A flaw exists in the disk cache service of Langflow that allows remote attackers to execute arbitrary code on affected installations. Authentication is required for exploitation. The issue stems from insufficient validation of user-supplied data, leading to the deserialization of untrusted data. An attacker can exploit this to execute code within the service account's context. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** gemini-mcp-tool (affected versions not specified) **Description** The gemini-mcp-tool software contains a critical flaw in the `execAsync` method that allows for unauthenticated remote code execution (RCE). This issue stems from a lack of proper input validation before executing system calls, enabling attackers to inject malicious shell commands. An attacker can reach a network-accessible MCP endpoint and send crafted input to the `execAsync` method, causing the service to execute commands as the gemini-mcp-tool service account. Successful exploitation could lead to full host compromise, including file read/write access, persistence, credential theft, and potential takeover of AI/ML platforms. The root cause is identified as an OS Command Injection (CWE-78) due to insufficient sanitization and lack of parameterized execution. Attackers can leverage shell metacharacters to inject commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Langflow (affected versions not specified) **Description** A flaw exists in Langflow related to the handling of Python function components, potentially allowing remote attackers to execute arbitrary code on affected systems. An attacker may be able to introduce custom Python code into a workflow and leverage this to execute code within the application's context. The impact and exploitability depend on the specific product configuration. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open WebUI (affected versions not specified) **Description** A flaw exists in the `load tool module by id` function of Open WebUI that allows remote attackers to execute arbitrary code. Authentication is required for exploitation. The issue stems from insufficient validation of user-supplied input before it is used to execute Python code. Successful exploitation allows an attacker to execute code within the context of the service account. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open WebUI (affected versions not specified) **Description** A flaw exists in Open WebUI that allows remote attackers to execute arbitrary code. Authentication is required to exploit this issue. The vulnerability is located within the `install frontmatter requirements` function and stems from insufficient validation of user-supplied input before it is used in a system call. Successful exploitation could allow an attacker to execute code with the privileges of the service account. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foundation Agents MetaGPT (affected versions not specified) **Description** This issue is a code injection leading to remote code execution in Foundation Agents MetaGPT. It allows attackers to execute arbitrary code on affected systems without authentication. The root cause is insufficient validation of user-supplied strings before they are used to execute Python code within the `actionoutput str to mapping` function. An attacker can leverage this to execute code with the privileges of the service account. The flaw can be exploited over HTTP for initial access or lateral movement. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Langflow (affected versions not specified) **Description** A flaw exists in Langflow that allows remote attackers to execute arbitrary code on affected systems. Authentication is not required for exploitation. The issue stems from insufficient validation of user-supplied input provided to the `validate` API endpoint. Specifically, the code parameter is not properly sanitized before being used to execute Python code, potentially allowing an attacker to execute code with root privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Langflow (affected versions not specified) **Description** A flaw exists in Langflow that allows remote attackers to execute arbitrary code. Authentication is not required for exploitation. The issue stems from the inclusion of functionality from an untrusted control sphere when handling the `exec globals` parameter provided to the validate endpoint. Successful exploitation allows an attacker to execute code in the context of root. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Katana Network Development Starter Kit (affected versions not specified) **Description** The Katana Network Development Starter Kit contains a command injection flaw in the `executeCommand` function, potentially allowing remote code execution. The issue stems from insufficient input validation when processing commands. The `executeCommand` function directly incorporates user-supplied input into system commands without proper sanitization, which could allow an attacker to inject arbitrary commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPT Academic (affected versions not specified) **Description** A flaw exists in the `stream daas` function that allows remote attackers to execute arbitrary code on affected systems. This is due to insufficient validation of user-supplied data, leading to deserialization of untrusted data. Successful exploitation could allow an attacker to execute code in the context of root. Interaction with a malicious DAAS server is required for exploitation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** github-kanban-mcp-server (affected versions not specified) **Description** A flaw exists in github-kanban-mcp-server that allows remote attackers to execute arbitrary code on affected systems. Authentication is not required for exploitation. The issue stems from insufficient validation of user-supplied input within the `create issue` parameter before it is used in a system call. This can allow an attacker to execute code in the context of the service account. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPT Academic (affected versions not specified) **Description** A flaw exists in the `run in subprocess wrapper func` function that allows remote attackers to execute arbitrary code on affected systems. Authentication is not required for exploitation. The issue stems from insufficient validation of user-supplied data, leading to deserialization of untrusted data. An attacker can potentially execute code with root privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPT Academic (affected versions not specified) **Description** A flaw exists that allows remote attackers to execute arbitrary code on affected installations of GPT Academic. Authentication is not required to exploit this issue. The vulnerability is due to insufficient validation of user-supplied data within the upload endpoint, leading to deserialization of untrusted data. An attacker can potentially execute code with root privileges. The specific API endpoint involved is the upload endpoint. The vulnerability stems from the deserialization of untrusted data, potentially through a vulnerable parameter submitted during the upload process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Langflow (affected versions not specified) **Description** A flaw exists in Langflow that allows remote attackers to execute arbitrary code. This does not require authentication. The issue is due to insufficient validation of user-supplied input before it is used in the `eval custom component code()` function to execute Python code. An attacker can exploit this to execute code within the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** mcp-server-siri-shortcuts (affected versions not specified) **Description** This issue allows local attackers to escalate privileges on affected systems. An attacker must first have the ability to execute low-privileged code on the target system. The flaw is due to insufficient validation of user-supplied input within the `shortcutName` parameter before it is used to execute a system call. This can be leveraged to execute arbitrary code in the context of the service account. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MCP Manager for Claude Desktop (affected versions not specified) **Description** The software contains a security issue that allows for sandbox escape and arbitrary code execution within the context of the MCP Manager process. This is triggered by manipulated MCP configurations or malicious pages/files. The software is considered high risk in production environments. **Recommendations** Disable or remove the software until an official fix is available.

**Name of the Vulnerable Software and Affected Versions** Open WebUI (affected versions not specified) **Description** A flaw exists in Open WebUI that allows network-adjacent attackers to disclose sensitive information. The issue stems from transmitting credentials in plaintext through an unspecified endpoint. Authentication is not required for exploitation. Successful exploitation could lead to further compromise of the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foundation Agents MetaGPT (affected versions not specified) **Description** A flaw exists in the `deserialize message` function that allows remote attackers to execute arbitrary code on affected systems. Authentication is not required for exploitation. The issue stems from a lack of proper validation of user-supplied data, leading to the deserialization of untrusted data. An attacker can leverage this to execute code within the context of the service account. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tencent FaceDetection-DSFD (affected versions not specified) **Description** A flaw exists in Tencent FaceDetection-DSFD that allows remote attackers to execute arbitrary code. User interaction is required, such as visiting a malicious page or opening a malicious file. The issue stems from insufficient validation of user-supplied data, leading to deserialization of untrusted data within the `resnet` endpoint. Successful exploitation could allow an attacker to execute code with root privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.