Lucene search
K

526414 matches found

Github Security Blog
Github Security Blog
added yesterday4 views

9router has an Incomplete Fix: Local-Only Access Gate Bypass in 9router via Host Header SpoofING

Summary The fix for CVE-2026-46339 unauthenticated RCE via unprotected MCP plugin routes introduced a local-only access gate in src/dashboardGuard.js that restricts spawn-capable routes /api/mcp/, /api/tunnel/, /api/cli-tools/ to loopback requests. The gate determines "local" by inspecting the Ho...

6.6AI score0.00147EPSS
Exploits0References4Affected Software1
OSV
OSV
added yesterday1 views

GHSA-6G2F-W7G3-77VF 9router has an Incomplete Fix: Local-Only Access Gate Bypass in 9router via Host Header SpoofING

Summary The fix for CVE-2026-46339 unauthenticated RCE via unprotected MCP plugin routes introduced a local-only access gate in src/dashboardGuard.js that restricts spawn-capable routes /api/mcp/, /api/tunnel/, /api/cli-tools/ to loopback requests. The gate determines "local" by inspecting the Ho...

7.5CVSS6.6AI score0.00058EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added yesterday3 views

9router's Hardcoded Default fallback JWT Secret Allows Authentication Bypass

Summary 9router uses a publicly known hardcoded string "9router-default-secret-change-me" as the fallback of JWT secret for all Dashboard session JWTs when the JWTSECRET environment variable is not set. Because this secret is committed in the public repository and unchanged across all releases, a...

5.8AI score0.0019EPSS
Exploits0References2Affected Software1
OSV
OSV
added yesterday1 views

GHSA-JPHH-M39H-6GWX 9router's Hardcoded Default fallback JWT Secret Allows Authentication Bypass

Summary 9router uses a publicly known hardcoded string "9router-default-secret-change-me" as the fallback of JWT secret for all Dashboard session JWTs when the JWTSECRET environment variable is not set. Because this secret is committed in the public repository and unchanged across all releases, a...

9.8CVSS5.8AI score0.0019EPSS
Exploits0References2
OSV
OSV
added yesterday0 views

GHSA-5G75-477J-2C2F LaunchServer FileServerHandler has an unauthenticated path traversal issue

Summary An unauthenticated path traversal in the LaunchServer HTTP file server FileServerHandler lets any remote actor read any file readable by the LaunchServer process e.g. ../../../../etc/passwd. This is a generic arbitrary-file-read primitive, so the fix must address the traversal itself, not...

9.8CVSS6AI score
Exploits0References2
Github Security Blog
Github Security Blog
added yesterday3 views

LaunchServer FileServerHandler has an unauthenticated path traversal issue

Summary An unauthenticated path traversal in the LaunchServer HTTP file server FileServerHandler lets any remote actor read any file readable by the LaunchServer process e.g. ../../../../etc/passwd. This is a generic arbitrary-file-read primitive, so the fix must address the traversal itself, not...

6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added yesterday3 views

Algernon vulnerable to server-side script source disclosure on Windows via NTFS filename

Summary Algernon selects its file handler from filepath.Ext engine/handlers.go:134, which does not treat the NTFS-equivalent names x.lua::$DATA, x.lua., or x.lua as .lua. On Windows, an unauthenticated client appends one of these suffixes to any server-side script on a public path and receives it...

5.9AI score0.00077EPSS
Exploits0References2Affected Software1
OSV
OSV
added yesterday0 views

GHSA-MM6C-5J6X-HQ8M Algernon vulnerable to server-side script source disclosure on Windows via NTFS filename

Summary Algernon selects its file handler from filepath.Ext engine/handlers.go:134, which does not treat the NTFS-equivalent names x.lua::$DATA, x.lua., or x.lua as .lua. On Windows, an unauthenticated client appends one of these suffixes to any server-side script on a public path and receives it...

8.7CVSS5.9AI score0.00077EPSS
Exploits0References2
OSV
OSV
added yesterday1 views

GHSA-4J9M-H44M-2HV8 Steeltoe: OAEP setting silently selects PKCS#1 v1.5 padding

Summary Configuring encrypt:rsa:algorithm=OAEP does not enable OAEP encryption. Due to an incorrect BouncyCastle transformation string, the OAEP setting selects PKCS1 v1.5, which is the same algorithm as the DEFAULT setting. Impact Operators who configure encrypt:rsa:algorithm=OAEP to obtain...

1.9CVSS5.8AI score0.00046EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added yesterday3 views

Steeltoe: OAEP setting silently selects PKCS#1 v1.5 padding

Summary Configuring encrypt:rsa:algorithm=OAEP does not enable OAEP encryption. Due to an incorrect BouncyCastle transformation string, the OAEP setting selects PKCS1 v1.5, which is the same algorithm as the DEFAULT setting. Impact Operators who configure encrypt:rsa:algorithm=OAEP to obtain...

1.9CVSS5.8AI score0.00046EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added yesterday4 views

Zebra Address Book Aborted by IPv4-Mapped Mempool Misbehavior Update

Am I affected You are affected if: 1. You run zebrad up to and including v4.4.1. 2. Your node listens on the default :: address on a Linux host the standard deployment configuration — net.ipv6.bindv6only=0 is the default on all common Linux distributions. 3. Your node is synced near the chain tip...

5.8AI score
Exploits0References2Affected Software2
Github Security Blog
Github Security Blog
added yesterday3 views

Linuxfabrik Monitoring Plugins: Sudoers may be able to obtain privilege escalation via /usr/bin/apt-get arguments

Summary In the Debian.sudoers file, apt-get is allowed for the nagios user. The full command including the arguments are not enforced and can therefore be choosen arbitrarily. This allows to easily get a root shell as the nagios user: PoC By choosing a particular argument, you can get as a nagios...

5.8AI score
Exploits0References2Affected Software1
OSV
OSV
added yesterday1 views

GHSA-8W6W-23MQ-H8RG Linuxfabrik Monitoring Plugins: Sudoers may be able to obtain privilege escalation via /usr/bin/apt-get arguments

Summary In the Debian.sudoers file, apt-get is allowed for the nagios user. The full command including the arguments are not enforced and can therefore be choosen arbitrarily. This allows to easily get a root shell as the nagios user: PoC By choosing a particular argument, you can get as a nagios...

8.4CVSS5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added yesterday2 views

@asymmetric-effort/nogginlessdom vulnerable to ReDoS via user-controlled regex in HTMLInputElement pattern validation

Summary The HTMLInputElement.checkValidity method constructed a RegExp directly from the user-controlled pattern property without any sanitization or timeout protection. This allowed an attacker to inject a regex with catastrophic backtracking, freezing the event loop. Fix Fixed in commit...

5.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added yesterday3 views

@asymmetric-effort/nogginlessdom's Path Traversal in matchFileSnapshot allows arbitrary file write

Summary The matchFileSnapshot function in src/assertions/snapshots.ts accepted a filePath parameter with zero validation. When snapshot update mode was active UPDATESNAPSHOTS=1 or setUpdateMode'all', an attacker who controls test input could write arbitrary content to any filesystem path the...

6AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added yesterday2 views

zebrad has unbounded memory leak in mempool download pipeline via timeout path cancel_handles retention

Am I affected You are affected if: 1. You run zebrad up to and including v4.4.1. 2. Your node accepts inbound P2P connections network.listenaddr is set, which is the default. 3. Your node's mempool is active node is synced near the chain tip. All default configurations are affected. Summary The...

5.7AI score
Exploits0References4Affected Software1
OSV
OSV
added yesterday0 views

GHSA-65JJ-FMW8-468Q zebrad has unbounded memory leak in mempool download pipeline via timeout path cancel_handles retention

Am I affected You are affected if: 1. You run zebrad up to and including v4.4.1. 2. Your node accepts inbound P2P connections network.listenaddr is set, which is the default. 3. Your node's mempool is active node is synced near the chain tip. All default configurations are affected. Summary The...

5.3CVSS
Exploits0References4
Github Security Blog
Github Security Blog
added yesterday3 views

zebrad has persistent on-disk corruption of Sapling/Orchard subtree roots after chain fork via pop_tip

Am I affected You are affected if: 1. You run zebrad up to and including v4.4.1. 2. Your node participates in a network where chain forks occur mainnet, testnet, or any network with multiple miners. All default configurations are affected. The corruption persists across restarts because it is...

5.8AI score
Exploits0References2Affected Software2
Github Security Blog
Github Security Blog
added yesterday2 views

Mautic has Server-Side Template Injection (SSTI) in Theme Templates

Summary A Server-Side Template Injection SSTI vulnerability exists in Mautic's theme engine. The platform renders uploaded Twig templates without a sandbox or strict function restrictions. Authenticated users with permissions to create or upload themes can abuse this to execute arbitrary code...

9.9CVSS6.1AI score0.00439EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added yesterday2 views

Zebra: Finalized address balance credit-first overflow on consensus-valid blocks

Am I affected You are affected if: 1. You run zebrad up to and including v4.4.1. 2. Your node processes blocks on any Zcash network. Summary The finalized transparent address balance writer processes all newly-created outputs credits before processing spent outputs debits within the same block. A...

5.9AI score
Exploits0References2Affected Software2
Rows per page
Query Builder