#web

A Denial of Service (DoS) vulnerability exists in open-webui/open-webui version 0.3.21. This vulnerability affects multiple endpoints, including `/ollama/models/upload`, `/audio/api/v1/transcriptions`, and `/rag/api/v1/doc`. The application processes multipart boundaries without authentication, leading to resource exhaustion. By appending additional characters to the multipart boundary, an attacker can cause the server to parse each byte of the boundary, ultimately leading to service unavailability. This vulnerability can be exploited remotely, resulting in high CPU and memory usage, and rendering the service inaccessible to legitimate users.

A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.2, specifically in the /api/actions/execute/WEBTOOL_SCRAPE_WEBSITE_CONTENT endpoint. This vulnerability allows an attacker to read files, access AWS metadata, and interact with local services on the system.

A Cross-Origin Resource Sharing (CORS) vulnerability exists in modelscope/agentscope version v0.0.4. The CORS configuration on the agentscope server does not properly restrict access to only trusted origins, allowing any external domain to make requests to the API. This can lead to unauthorized data access, information disclosure, and potential further exploitation, thereby compromising the integrity and confidentiality of the system.

In version v0.3.8 of open-webui/open-webui, improper access control vulnerabilities allow an attacker to view any prompts. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the /api/v1/prompts/ interface to retrieve all prompt information created by the admin, which includes the ID values. Subsequently, the attacker can exploit the /api/v1/prompts/command/{command_id} interface to obtain arbitrary prompt information.

Horovod versions up to and including v0.28.1 are vulnerable to unauthenticated remote code execution. The vulnerability is due to improper handling of base64-encoded data in the `ElasticRendezvousHandler`, a subclass of `KVStoreHandler`. Specifically, the `_put_value` method in `ElasticRendezvousHandler` calls `codec.loads_base64(value)`, which eventually invokes `cloudpickle.loads(decoded)`. This allows an attacker to send a malicious pickle object via a PUT request, leading to arbitrary code execution on the server.

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: Low Attack Complexity Vendor: Siemens Equipment: Simcenter Femap Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute code within the current process of the product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Simcenter Femap V2401: Versions prior to V2401.0003 Simcenter Femap V2406: Versions prior to V2406.0002 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119 Siemens Simcenter Fe...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Enerlin'X IFE interface and Enerlin'X eIFE Vulnerabilities: Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition which would require the device to need to be manually rebooted. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Enerlin'X IFE interface and Enerlin'X eIFE are affected: Enerlin'X IFE interface: All versions Enerlin'X eIFE: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER INPUT VALIDATION CWE-20 An improper input validation vulnerability exists that could cause a denial of service of the product when malicious IPV6 packets are sent to the device. CVE-2025-0816 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.5 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure™ Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a local privilege escalation, which could result in loss of confidentiality, integrity and availability of the engineering workstation. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of EcoStruxure™ are affected: EcoStruxure™ Process Expert: Versions 2020R2, 2021 & 2023 (prior to v4.8.0.5715) EcoStruxure™ Process Expert for AVEVA System Platform: Versions 2020R2, 2021 & 2023 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER PRIVILEGE MANAGEMENT CWE-269 An improper privilege management vulnerability exists for two services, one managing audit trail data and the other acting as server managing client request, that could cause a loss of confidentiality, integrity, and availability of engineering workstation when ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: SMA Equipment: Sunny Portal Vulnerability: Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to upload and remotely execute code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of SMA Sunny Portal are affected: Sunny Portal: All versions before December 19, 2024 3.2 VULERABILITY OVERVIEW 3.2.1 UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434 The SMA Sunny Portal is vulnerable to an unauthenticated remote attacker who can upload a .aspx file instead of a PV system picture through the demo account. The code can only be executed in the security context of the user. CVE-2025-0731 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L). A CVSS v4 score has also been calculated f...

UAT-5918, a threat actor believed to be motivated by establishing long-term access for information theft, uses a combination of web shells and open-sourced tooling to conduct post-compromise activities to establish persistence in victim environments for information theft and credential harvesting.