Wall of Fame
Vulnerabilities discovered by Tachyon that are making the internet safer. Every CVE represents real threats we helped neutralize.
SSRF via Malicious proxy_url Injection in gr.load() Config Processing
A Server-Side Request Forgery vulnerability in Gradio allows attackers to conduct arbitrary HTTP requests through victim servers. When applications use gr.load() to import external Spaces, untrusted proxy_url fields from remote Spaces are automatically added to an allowlist without validation, enabling access to cloud metadata endpoints, internal databases, and private network infrastructure.
Open Redirect in OAuth Flow
A validation flaw in Gradio's OAuth implementation allows attackers to redirect users to arbitrary external sites through an unvalidated _target_url parameter in the /logout and /login/callback endpoints. Attackers can craft malicious URLs that exploit users' trust in the legitimate hf.space domain to conduct phishing attacks.
Path Traversal in Plugin Installation
A path traversal issue in OpenClaw plugin installation allows a malicious plugin package name to escape the intended extensions directory and write files outside of it, enabling arbitrary file writes on the system.
Server-Side Request Forgery (SSRF) in Multiple Places
Indico makes outgoing requests to user-provided URLs in various places without properly blocking access to localhost or cloud metadata endpoints, allowing SSRF attacks to exfiltrate sensitive data.
Authenticated RCE via Policy/Property Mapping Test Endpoint
Users with "Can view Property Mapping" or "Can view Expression Policy" permissions can exploit the test endpoint to run arbitrary code within the authentik container, accessing the entire database and environment variables.
Remote Code Execution via Disabled Block Execution
A critical authorization flaw in AutoGPT Platform allows authenticated users to bypass security controls and achieve remote code execution by exploiting endpoints that fail to validate the disabled flag on blocks.
Authorization Bypass in MLflow Basic Auth
Authenticated non-admin users can bypass per-object authorization and access or modify restricted resources via unprotected Flask routes and GraphQL endpoints when basic-auth is enabled.