All topics

python

8 pieces of writing

full-stack-ai-agent-template's webhook service had a full read SSRF with response exfiltration
vulnerability8 min read

full-stack-ai-agent-template's webhook service had a full read SSRF with response exfiltration

The webhook service in vstorm-co's full-stack-ai-agent-template accepted arbitrary URLs and stored HTTP responses in the database, creating a full read SSRF that could exfiltrate cloud metadata credentials. The fix adds DNS-aware URL validation at every code path.

Edict's file:// handler let anyone read files outside the project directory (CWE-22)
vulnerability5 min read

Edict's file:// handler let anyone read files outside the project directory (CWE-22)

LightRAG's Memgraph backend had a Cypher injection vulnerability hiding in plain sight
vulnerability7 min read

LightRAG's Memgraph backend had a Cypher injection vulnerability hiding in plain sight

A single index change bypassed daily_stock_analysis's entire rate limiter
vulnerability7 min read

A single index change bypassed daily_stock_analysis's entire rate limiter

A self-hosted stock analysis platform trusted the leftmost X-Forwarded-For entry for rate limiting, letting attackers rotate IPs and brute-force the admin login at will.

TeamPCP compromised the AI proxy that holds everyone's API keys
security9 min read

TeamPCP compromised the AI proxy that holds everyone's API keys

vulnerability7 min read

PraisonAI let YAML config files set LD_PRELOAD and nobody checked

vulnerability8 min read

gptme was passing API keys on the command line where any user could read them

gptme's evaluation runner passed API keys as Docker CLI arguments, exposing them to every user on the system via ps or /proc. The fix took one file and five tests.

I found SQL injection in Hugging Face's AI skills framework and got it fixed in nine days
vulnerability7 min read

I found SQL injection in Hugging Face's AI skills framework and got it fixed in nine days