33100 matches found
Serena: Unauthenticated Flask dashboard on fixed port enables DNS rebinding → memory poisoning → RCE
Summary Serena's built-in web dashboard exposes an unauthenticated Flask API on a fixed, predictable port TCP 24282, hardcoded as 0x5EDA in constants.py. The server has no authentication, no CSRF protection, and no Host header validation. A DNS rebinding attack allows a malicious webpage to reach...
NL Portal: IDOR allows any authenticated user to complete and tamper with another user's taak
Impact In versions from 1.5.0 up to and including 3.0.0, any authenticated portal user could complete and tamper with another user's open task by submitting it on their behalf. The task submission endpoint accepted a task ID and a payload, but it never checked whether the task actually belonged t...
NL Portal: Missing per-user authorization on document and decision GraphQL queries in nl-portal-backend-libraries
Impact In versions up to and including 3.0.0, two parts of the GraphQL API returned data without checking whether the data belonged to the logged-in user: - Document content. A logged-in user could download the raw content of any document by its ID, regardless of who owned it. The resolver has...
Waku has an Open Redirect via `unstable_redirect` Helper
Summary The unstableredirect helper exported from waku/router/server packages/waku/src/router/define-router.tsx:156–161 accepts an arbitrary string and reflects it unchanged into the HTTP Location response header with no URL validation, scheme restriction, or path-only enforcement. Any applicatio...
Waku: Cross-Origin CSRF on RSC Server Action Dispatch
Summary Waku's RSC request dispatcher invokes server actions without validating the request's Origin or Sec-Fetch-Site header. A cross-origin web attacker can therefore cause a victim browser to issue an authenticated POST to a registered server action endpoint using a CORS-safelisted content typ...
Joro: Unauthenticated Cross-Origin Plugin Upload Leads to RCE
Unauthenticated Cross-Origin Plugin Upload Leads to RCE Joro ≤ v1.1.0 Severity: Critical CVSS v3.1: 9.6 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Affected versions: Joro ≤ v1.1.0, proxy mode default, Linux/macOS Reporter: cstover Date: 2026-05-27 --- Summary Joro's default proxy mode in versions = 1.1....
OneRingBuf has a Use After Free Vulnerability
Affected versions of oneringbuf exposed the obsolete IntoRef::intoref method through the public IntoRef trait. For heap-backed ring buffers, this method returned a DroppableRef handle. DroppableRef stored an owning raw pointer created from Box::intoraw. Its Clone implementation copied this raw...
DSpace: Path Traversal is possible through LDN message generation
Overview A path traversal vulnerability is possible via the COAR Notify / LDN service in DSpace. This vulnerability impacts DSpace versions 8.0 = 8.3, 9.0 = 9.2. The attacker MUST already have DSpace administrator credentials in order to perform the attack. When reading a file input stream of an...
DSpace: ORE resource URI does not validate scheme for non-web resources
Overview When ingesting an aggregated ORE resource by URI using the OAI-ORE Harvester, the ORE Ingestion Crosswalk does not validate the URI scheme. This may allow for local file inclusion via malicious paths like file:///etc/passwd. This vulnerability impacts DSpace versions = 7.6.6, 8.0 = 8.3,...
DSpace has a possible Path Traversal Vulnerability in its Curation Task Reporter output path
Overview The Curation Task feature allows an output path to be used by the reporter -r parameter, typically used to stream results and status of curation task operations. It is not restricted to any particular base path, meaning that any path writable by the DSpace often 'tomcat' user is allowed...
DSpace has possible Remote Code Execution (RCE) through Velocity Templates used by LDN
Overview Remote Code Execution RCE is possible via Velocity Templates used by DSpace for COAR Notify/LDN messages. This vulnerability impacts DSpace versions 8.0 = 8.3, 9.0 = 9.2. The attacker MUST already have DSpace administrator credentials in order to perform the attack. This attack is relate...
Trapster Community: Unauthenticated malformed DNS compression pointers crash per-packet honeypot handler
Summary trapster.libs.dns.decodelabels decodes DNS names from attacker-supplied UDP packets and recurses once per RFC 1035 compression pointer with no cycle detection and no depth bound. A single unauthenticated UDP datagram sent to the DNS honeypot drives the function past CPython's recursion...
Sharp Missing Authorization Check in Quick Creation Command Endpoints
Impact The create and store endpoints of the Quick Creation Command feature did not enforce any authorization check. An authenticated Sharp user without create permission on a given entity could bypass the authorization layer and either retrieve the creation form or submit new records for that...
Nuclio: Unsanitized cron trigger event headers/body injected into CronJob shell command leads to persistent RCE
Summary Nuclio controller builds a curl invocation string for each cron trigger and stores it as the args of a Kubernetes CronJob container /bin/sh, -c, . Two fields in the trigger specification flow into this string without adequate sanitization: - event.headers keys — interpolated verbatim insi...
async-tar PAX extension-header desync enables tar entry/content smuggling
Summary async-tar v0.6.0 mis-applies a buffered PAX size extension to an intermediary extension header a GNU longname L, a GNU longlink K, or a PAX x/g header instead of to the next file entry. POSIX requires a PAX extended-header record set to describe the next file entry, never an intervening...
Skipper: opaAuthorizeRequestWithBody filter bypasses OPA policy on Transfer-Encoding — chunked / HTTP/2 requests
Summary zalando/skipper's OpenPolicyAgent integration silently bypasses request-body inspection on HTTP/1.1 Transfer-Encoding: chunked and HTTP/2 requests that omit the content-length pseudo-header. When the opaAuthorizeRequestWithBody filter is configured, the...
`lxml_html_clean.Cleaner` does not strip `javascript:` URLs from namespaced URL attributes
lxmlhtmlclean.Cleaner does not strip javascript: URLs from namespaced URL attributes xlink:href Reporter: Guillem Lefait · Date: 2026-05-10 Affected: lxml ≤ 6.1.0 and lxmlhtmlclean ≤ 0.4.4 latest stable Confirmed against: lxml 6.1.0 + lxmlhtmlclean 0.4.4 on Python 3.13.5, 3.14.4, and 3.15.0a8...
Weblate SSRF: outbound URL guard misses some private ranges
Impact Weblate's VCSRESTRICTPRIVATE did not properly account for some transitional IPv6 ranges, multicast addresses, or some semi-private IPv4 ranges, which allowed some addresses to bypass private range restrictions. Patches https://github.com/WeblateOrg/weblate/pull/19768 Resources The issue wa...
oasdiff does not enforce --allow-external-refs=false on the git-revision load path (SSRF / local file read)
Summary From v1.13.2 through v1.18.0, oasdiff did not enforce --allow-external-refs=false library: openapi3.Loader.IsExternalRefsAllowed = false when loading a spec from a git revision the rev:path form, e.g. main:openapi.yaml. External $refs were resolved on that load path even when external ref...
KEDA has PostgreSQL connection string parameter injection via incomplete whitespace escaping
Summary pkg/scalers/postgresqlscaler.go builds libpq-style connection strings by concatenating key=value pairs separated by spaces. Each tenant-controllable field host, port, userName, dbName, sslmode is passed through escapePostgreConnectionParameter: go func escapePostgreConnectionParameterstr...
Flask-Security-Too: WebAuthn reauthentication freshness bypass via cross-user assertion
Summary Flask-Security-Too 5.8.0 and 5.8.1 mark a session as reauthentication-fresh after processing a WebAuthn assertion whose proven credential belongs to a different user than the currently authenticated session user. The check that GHSA-97r5-pg8x-p63p added on the OAuth reauthentication path...
Goploy: Arbitrary File Read via Path Traversal in /deploy/fileDiff allows Remote Server Compromise
Click here to jump to the Simplified Chinese version 点击跳转到简体中文版本 Goploy System Arbitrary File Read Vulnerability Basic Information - Vulnerability Name: Goploy Endpoints Arbitrary File Read via Path Traversal - Vulnerability Type: Path Traversal CWE-22 / Arbitrary File Read - Affected Product:...
Goploy: Cross-namespace IDOR and RCE via body-supplied row id in project and project_file handlers
Summary Project.AddFile, Project.EditFile, Project.RemoveFile, and Project.Edit in cmd/server/api/project/handler.go accept a project or project-file row id from the JSON body and act on it without checking that the project belongs to the caller's namespace. The corresponding...
ha-mcp: Add-on settings and policy routes are reachable without authentication at the bare root path
Summary In add-on mode, the ha-mcp settings UI routes are mounted both under the MCP secret path and at the bare root of the published port :9583, so Home Assistant ingress can serve the "Open Web UI" button. The root-mounted routes perform no authentication — no secret, no Origin check, no CSRF...
rama has Stored XSS in ServeDir HTML directory listing via unescaped file names and URI path
Resolved: https://github.com/plabayo/rama/commit/89ddff578fd78bbebec99482d7030f28c07757a3 Summary plabayo/rama contains a stored/reflected cross-site scripting issue in the ServeDir HTML directory listing feature. When ServeDir is configured with DirectoryServeMode::HtmlFileList, file names and U...
aiosmtplib vulnerable to SMTP command injection via CR/LF in sender/recipient address
Summary aiosmtplib's SMTP.mail, SMTP.rcpt, SMTP.vrfy and SMTP.expn send the caller-supplied email address to the server without rejecting embedded CR/LF \r\n bytes. An address that contains a CR/LF is written verbatim onto the SMTP control connection, so the bytes after the CRLF are framed by the...
Kite has an authenticated cluster RBAC bypass in /api/v1/overview
Summary Authenticated Kite users with any role can request /api/v1/overview for a cluster that their roles do not permit by selecting that cluster with x-cluster-name. The overview route is registered before middleware.RBACMiddleware and GetOverview only checks lenuser.Roles 0, so it returns...
Webauthn: SimpleFakeCredentialGenerator with an empty secret produces predictable fake credentials, weakening username enumeration protection
Impact Webauthn\SimpleFakeCredentialGenerator is the library-provided default implementation of the FakeCredentialGenerator interface. It returns a stable list of decoy PublicKeyCredentialDescriptor objects for a given username so that an assertion request for an unknown user looks the same as a...
ratex-parser has unbounded parser recursion that leads to stack overflow (process abort)
Summary RaTeX’s recursive-descent parser recurses one or more native stack frame per nesting level at , \left, \sqrt, ^, etc, with no maximum depth limit. A short, 10 KB input of nested groups overflows the 8 MB main-thread stack and aborts the process. With panic = "abort" Cargo.toml:48, and...
ratex-parser panics on `\verb` with a multibyte delimiter (UTF-8 byte-boundary slice)
Summary The public parser entrypoint ratexparser::parse&str panics on the 9-byte input \verbéxé i.e. \verb followed by the non-ASCII delimiter é. When handling a \verb command, the parser slices the verbatim argument with byte indices arg1..arg.len - 1; if the delimiter character is multibyte...
@better-auth/scim: Account/provider takeover via missing owner binding on non-org SCIM providers
Am I affected? Users are affected if all of these hold: - They install and register the @better-auth/scim plugin plugins: scim. - They create SCIM providers without an organizationId, that is, non-organization "personal" providers. Organization-scoped providers are not affected because they enfor...
Better Auth: Stale sessions persist after user deletion across admin, anonymous, and SCIM flows
Am I affected? Users are affected if all of the following are true: - They configure secondaryStorage on betterAuth... Redis, KV, or any external session cache. - session.storeSessionInDatabase is left unset or set to false the default. - Their application's deployment uses one or more of: - The...
@better-auth/oauth-provider's OAuth authorization-code grant allows concurrent redemption when two token requests race the find-then-delete primitive
Am I affected? Users are affected if all of the following are true: - Their project depends on @better-auth/oauth-provider at a version = 1.6.0, = 1.4.8-beta.7, 1.6.0, or enables the legacy oidc-provider or mcp plugins from better-auth/plugins. - Their application exposes /api/auth/oauth2/token o...
@better-auth/sso provider registration has server-side request forgery via unvalidated OIDC endpoints
Am I affected? Users are affected if all of the following are true: - Their application uses @better-auth/sso at a version = 0.1.0, 1.6.11 on the stable line, or any 1.7.0-beta.x on the pre-release line. - The sso plugin is added to their application's betterAuth plugins: ... array. - Any user wi...
Better Auth: OAuth refresh-token rotation forks the token family on concurrent redemption
Am I affected? Users are affected if all of the following are true: - Their project depends on @better-auth/oauth-provider at a version = 1.6.0, = 1.4.8-beta.7, 1.6.0. - At least one OAuth client served by their application's authorization server requests the offlineaccess scope, so refresh token...
Better Auth has insecure cryptographic defaults in oidcProvider: alg=none advertised and plain PKCE accepted by default
Am I affected? Users are affected if all of the following are true: - Their application uses better-auth at a version below the patched release. - Their application enables oidcProvider from better-auth/plugins/oidc-provider or mcp from better-auth/plugins/mcp the mcp plugin delegates to...
Better Auth has stored XSS in the auth-server origin via javascript: redirect_uri in oidc-provider and mcp
Am I affected? Check each condition. Users are affected when all of the first three hold. - Their application enables the oidc-provider plugin or the mcp plugin from better-auth/plugins. The mcp plugin wraps the same provider and carries the same defect. Both are on the migration path to...
Better Auth has an account takeover issue via OAuth auto-link to unverified pre-registered email
Am I affected? Users are affected if all of the following are true: - Their application uses better-auth at a version 1.6.11 on the stable line, or any current next pre-release. - emailAndPassword.enabled: true is set in their application's betterAuth ... configuration. - At least one OAuth or SS...
Better Auth vulnerable to unauthorized invitation acceptance via unverified email match in organization plugin
Am I affected? Users are affected if all of the following are true: - Their application uses better-auth with the organization plugin import organization from "better-auth/plugins/organization". - Their application enables a sign-up surface that allows arbitrary unverified email registration. Mos...
@better-auth/oauth-provider may provide access tokens for unauthorized audiences via unbound resource indicators
Am I affected? Users are affected if all of the following hold: - Their application depends on @better-auth/oauth-provider on any stable 1.6.x release the stable line is not patched or on a pre-release before 1.7.0-beta.4. - Their application either configures validAudiences with more than one...
Better Auth: OAuth refresh-token replay via missing client authentication on oidc-provider and mcp plugins
Am I affected? Users are affected if all of the following are true: - Their application uses better-auth and has enabled at least one of: oidcProvider imported from better-auth/plugins/oidc-provider, or mcp imported from better-auth/plugins/mcp. - Their application has at least one confidential...
netfoil: Attacker controlled data written to logs
Summary Domain names were written to the log without first being validated to contain allowed characters. Impact Depends on how the logs were used...
netfoil has a resource leak in LRU cache
Summary When an entry was removed from the LRU cache, a pointer to the removed element was not properly cleaned up. Impact A local attacker can get netfoil to use more memory. By default this is limited to 100MB via systemd, which would trigger service restarts when reached...
netfoil has a domain name filter bypass via multiple questions
Summary Potential bypass of domain name filter by crafting a DNS request with multiple questions, with the first question being legitimate. Impact Depends on a local attackers ability to craft multiple questions and the remote DoH server supporting them...
uutils coreutils: cp/install/mv/ln --suffix alone does not enable backup mode (silent data loss vs GNU)
determinebackupmode in src/uucore/src/lib/features/backupcontrol.rs only checks --backup/-b and returns BackupMode::None when only --suffix is given. GNU enables backup mode when --suffix is used alone defaulting to existing/numbered, or $VERSIONCONTROL. Affects cp, install, mv, ln which share th...
@aborruso/ckan-mcp-server: SSRF via base_url allows access to internal networks (Potential fix bypass of CVE-2026-33060)
Summary A known vulnerability CVE-2026-33060 indicated tools including ckanpackagesearch and sparqlquery that accept a baseurl parameter had the risk of making HTTP requests to arbitrary endpoints without restriction. A fix was applied to filter out ip addresses. However, a method to bypass exist...
Open WebUI has Blind Server Side Request Forgery in its Image Edit Functionality
Summary There is a blind server side request forgery in the functionality that allows editing an image via a prompt. The affected function will perform a GET request on the URL provided by the user. There is no restriction on the domain of the provided URL allowing the local address space to be...
Open WebUI vulnerable to Stored XSS via iFrame embeds in response messages
Summary Manually modifying chat history allows setting the embeds property on a response message, the content of which is loaded into an iFrame with a sandbox that has allow-scripts and allow-same-origin set, ignoring the "iframe Sandbox Allow Same Origin" configuration. This enables stored XSS o...
Open WebUI vulnerable to Stored XSS via iFrame in citations model
Summary Manually modifying chat history allows setting the html property within document metadata. This causes the frontend to enter a code path that treats document contents as HTML, and render them in an iFrame when the citation is previewed. This allows stored XSS via a weaponised document...
Open WebUI vulnerable to stored XSS via unescaped markdown token in MarkdownTokens.svelte leading to full account takeover and RCE via functions
Summary A vulnerability in the way certain html tags in chat messages are rendered allows attackers to inject JavaScript code into a chat transcript. The JavaScript code will be executed in the user's browser every time that chat transcript is opened, allowing attackers to retrieve the user's...