분류 전체보기
-
Langfuse Server Side Request Forgery(SSRF)Bug Bounty 2025. 8. 31. 01:44
https://github.com/langfuse/langfuse GitHub - langfuse/langfuse: 🪢 Open source LLM engineering platform: LLM Observability, metrics, evals, prompt management, pla🪢 Open source LLM engineering platform: LLM Observability, metrics, evals, prompt management, playground, datasets. Integrates with OpenTelemetry, Langchain, OpenAI SDK, LiteLLM, and more. 🍊YC W23 ...github.comPatchedhttps://github.c..
-
-
Remote Code Execution Vulnerability in pgAdmin (CVE-2025-2945)Bug Bounty 2025. 4. 4. 18:19
IntroductionThis post provides a technical explanation of a Remote Code Execution (RCE) vulnerability discovered in pgAdmin (≤9.1), a widely used administration tool for PostgreSQL databases. To exploit this vulnerability, an authenticated user must be able to send a POST request to the pgAdmin server.The vulnerability exists in two separate features — /sqleditor/query_tool/download and /cloud/d..
-
잘못된 os.path.join() 사용으로 인한 취약점Web 2025. 3. 17. 01:10
1. os.path.join()import osBASE_DIR = "/tmp/"SUB_DIR = "sub_path"full_path = os.path.join(BASE_DIR, SUB_DIR) print(full_path) # /tmp/sub_pathhttps://docs.python.org/3/library/os.path.html#os.path.joinos.path.join(path, *paths) 인자 구성을 가진 함수로, 첫번째 인자의 path를 기준으로 그 다음 인자로 오는 path를 concat해주는 함수다.단순히 문자열을 이어붙여주는 것이 아니라 os 해석에 맞게 normalize 해준다.import osBASE_DIR = "/tmp"SUB_DIR = "../etc/passwd"full_pat..
-
Flowise RCE via File UploadBug Bounty 2025. 3. 15. 01:08
https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-8vvx-qvq9-5948 Arbitrary file write to RCE### Summary An attacker could write files with arbitrary content to the filesystem via the `/api/v1/document-store/loader/process` API. An attacker can reach RCE(Remote Code Execution) via file w...github.comhttps://flowiseai.com/ Flowise - Low code LLM Apps BuilderOpen source low-code tool fo..
-
CVE-2024-7773/CVE-2024-45436 in Ollama RCEBug Bounty 2024. 10. 8. 00:13
Remote Code Execution via Zipsliphttps://huntr.com/bounties/aeb82e05-484f-4431-9ede-25a3478d8dbb huntr - The world’s first bug bounty platform for AI/ML huntr.com zipslip -> create /etc/ld.so.preload(/etc/vuln.so in content) AND /etc/vuln.so -> generate new process -> sprintf() hooked -> RCE 이상하게 꼬여서 같은 취약점에 CVE 두개 발급됨.. 더보기#!/usr/bin/env python3## Copyright (c) 2009, Neohapsis, Inc.# All righ..
-
CVE-2023-50718 in nocoDB SQL injectionBug Bounty 2024. 5. 14. 01:33
https://github.com/nocodb/nocodb/security/advisories/GHSA-8fxg-mr34-jqr8 Improper Neutralization of Special Elements used in an SQL Command### Summary --- An authenticated attacker with create access could conduct a SQL Injection attack on MySQL DB using unescaped table_name. ### Details --- ### SQL Injection vulnerability occu...github.com https://github.com/nocodb/nocodb GitHub - nocodb/nocodb..
-
CVE-2023-50717 in nocoDB XSSBug Bounty 2024. 5. 14. 01:31
https://github.com/nocodb/nocodb/security/advisories/GHSA-qg73-g3cf-vhhh Allow Preview of File with Dangerous Content### Summary --- Attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading Stored XSS(Cross-Site Script) attack....github.com https://github.com/nocodb/nocodb GitHub - nocodb/nocodb: 🔥 🔥 🔥 Open So..