Lucene search
K

52 matches found

Github Security Blog
Github Security Blog
added 2026/06/19 4:35 p.m.8 views

OpenTofu: Possible arbitrary file read during certain git operations via a maliciously crafted URL

Impact Possible data exposure. Summary While downloading packages from a maliciously crafted URL, some git operations against that URL could allow arbitrary file read. This might allow disclosure of confidential information. Details OpenTofu relies on go-getter for downloading packages like...

7.5CVSS6AI score0.00583EPSS
Exploits1References9Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 a.m.12 views

CVE-2026-44746

Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver JAVA JDBC Test Servlet, an unauthenticated attacker could craft a URL that embeds a malicious script. If a victim clicks this link, the injected input is processed during web page generation, resulting in the execution of...

6.1CVSS5.4AI score0.00199EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 6:30 p.m.13 views

EUVD-2026-35635

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write...

3.5CVSS5.4AI score0.00299EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.8 views

Tautulli 安全漏洞

Tautulli is an open-source application developed by Tautulli for monitoring Plex Media Server. Versions of Tautulli prior to 2.17.1 contained security vulnerabilities. These vulnerabilities stemmed from the exposure of the /image/ route, allowing attackers to control the entries and trigger...

9.9CVSS5.4AI score0.00262EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/06 6:33 p.m.6 views

EUVD-2025-209233

An open redirect in Ascertia SigningHub User v10.0 allows attackers to redirect users to a malicious site via a crafted URL...

6.1CVSS5.8AI score0.00175EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/20 9:17 p.m.5 views

CVE-2026-4519

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

7.1CVSS5.9AI score0.00308EPSS
Exploits0References6
Mageia
Mageia
added 2026/03/10 4:47 p.m.8 views

Updated yt-dlp packages fix security vulnerability

When yt-dlp's --netrc-cmd command-line option or netrccmd Python API parameter is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously crafted URL...

8.8CVSS5.9AI score0.01596EPSS
Exploits2References3
Snyk
Snyk
added 2026/03/02 10:4 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the downloadFile function via the update-cache command. An attacker can cause disk exhaustion by supplying a malicious URI in the configuration, leading to unbounded downloads and...

6.9CVSS5.8AI score0.00177EPSS
Exploits0References2
OSV
OSV
added 2026/02/23 10:13 p.m.4 views

GHSA-G3GW-Q23R-PGQM yt-dlp: Arbitrary Command Injection when using the `--netrc-cmd` option

Summary When yt-dlp's --netrc-cmd command-line option or netrccmd Python API parameter is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously crafted URL. Impact yt-dlp maintainers assume the impact of this vulnerability to be high for anyone who us...

8.8CVSS5.8AI score0.01596EPSS
Exploits2References5
OSV
OSV
added 2026/02/12 10:6 p.m.4 views

GHSA-WJ8P-JJ64-H7FF Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC

Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC This vulnerability exists in the Air Traffic Controller ATC component of Yoke, a Kubernetes deployment tool. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller...

8.8CVSS6.9AI score0.004EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/01/23 11:18 p.m.4 views

CVE-2026-24128

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 7.0-milestone-2 through 16.10.11, 17.0.0-rc-1 through 17.4.4, and 17.5.0-rc-1 through 17.7.0 contain a reflected Cross-site Scripting XSS vulnerability, which allows an attacker to...

6.5CVSS6AI score0.00503EPSS
Exploits0References7Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/21 3:27 p.m.5 views

CVE-2025-53854

A reflected cross-site scripting xss vulnerability exists in the modifyHL7Route functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

6.1CVSS5.6AI score0.00286EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/01/20 12:11 p.m.18 views

CVE-2025-41081 Reflected Cross-Site Scripting (XSS) in IsMyGym

Reflected Cross-Site Scripting XSS vulnerability in IsMyGym by Zuinq Studio. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL with '/.php/'. This vulnerability can be exploited to steal sensitive user data, such as session...

5.1CVSS0.00272EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/01 10:43 p.m.13 views

CVE-2025-66401 MCP Watch has a Critical Command Injection in cloneRepo allows Remote Code Execution (RCE) via malicious URL

MCP Watch is a comprehensive security scanner for Model Context Protocol MCP servers. In 0.1.2 and earlier, the MCPScanner class contains a critical Command Injection vulnerability in the cloneRepo method. The application passes the user-supplied githubUrl argument directly to a system shell via...

9.8CVSS0.02004EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/11/24 12:0 a.m.4 views

Google Cloud Looker 安全漏洞

Google Cloud Looker is an online tool from Google USA for converting data into customizable and informative reports and dashboards. A security vulnerability exists in Google Cloud Looker that stems from a malicious URL construction issue that could lead to the execution of attacker-supplied scrip...

7.3CVSS6.7AI score0.00268EPSS
Exploits0References2
CNVD
CNVD
added 2025/10/13 12:0 a.m.2 views

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23568)

AndSoft e-TMS is a logistics management software from AndSoft Spain. A cross-site scripting vulnerability exists in AndSoft e-TMS, which originates from a lack of effective filtering and escaping of user-supplied data in parameter l of the /clt/TRACKREQUEST.ASP file, which can be exploited by an...

6.9CVSS6.5AI score0.00221EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-32144

Malicious code in bioql PyPI...

6.1CVSS6.6AI score0.00181EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-24161

Malicious code in bioql PyPI...

8CVSS6.5AI score0.00708EPSS
Exploits1References3
OSV
OSV
added 2025/10/02 3:15 p.m.5 views

CVE-2025-59767

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...

6.1CVSS5.9AI score0.00181EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/02 12:0 a.m.5 views

PT-2025-40395

Name of the Vulnerable Software and Affected Versions AndSoft e-TMS version 25.03 Description A cross-site scripting issue exists that allows an attacker to execute JavaScript code in a victim's browser. This is achieved by sending a malicious URL. The vulnerability is reflected in the...

6.1CVSS6.5AI score0.00193EPSS
Exploits0References4
Rows per page
Query Builder