Lucene search
K
GithubMost viewed

33100 matches found

Github Security Blog
Github Security Blog
added 2023/03/31 9:30 p.m.4095 views

request-baskets vulnerable to Server-Side Request Forgery

request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery SSRF via the component /api/baskets/name. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request...

6.5CVSS6.2AI score0.07497EPSS
Exploits29References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:30 p.m.3486 views

WEBRick vulnerable to HTTP Request/Response Smuggling

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy which also has a po...

7.5CVSS7.6AI score0.03849EPSS
Exploits0References16Affected Software1
Github Security Blog
Github Security Blog
added 2020/04/29 10:18 p.m.3134 views

Potential XSS vulnerability in jQuery

Impact Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. Patches This problem is patched in jQuery 3.5.0. Workarounds To workaround the issue without upgrading, adding the...

6.9CVSS7AI score0.99019EPSS
Exploits7References49Affected Software6
Github Security Blog
Github Security Blog
added 2025/02/10 5:48 p.m.3035 views

esbuild enables any website to send any requests to the development server and read the response

Summary esbuild allows any websites to send any request to the development server and read the response due to default CORS settings. Details esbuild sets Access-Control-Allow-Origin: header to all requests, including the SSE connection, which allows any websites to send any request to the...

6.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2019/11/20 3:29 p.m.2636 views

angular Prototype Pollution vulnerability

Versions of angular prior to 1.7.9 are vulnerable to prototype pollution. The deprecated API function merge does not restrict the modification of an Object's prototype in the , which may allow an attacker to add or modify an existing property that will exist on all objects. Recommendation Upgrade...

7.5CVSS7AI score0.02179EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/06 8:47 p.m.2492 views

Graylog user session is still usable after logout

Summary In a multi-node Graylog cluster, after a user has explicitly logged out, a user session may still be used for API requests until it has reached its original expiry time. Details Each node maintains an in-memory cache of user sessions. Upon a cache-miss, the session is loaded from the...

3.1CVSS6.7AI score0.00411EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/11 10:46 p.m.2482 views

Vendure Cross Site Request Forgery vulnerability impacting all API requests

Impact Vendure is an e-commerce GraphQL framework with a number of APIs and different levels of authorization. By default the Cookie settings are insecure, having the SameSite setting as false which results in not having one originates from the cookie-session npm package’s default settings. Patch...

6.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/06 8:53 p.m.2481 views

Graylog server has partial path traversal vulnerability in Support Bundle feature

A partial path traversal vulnerability exists in Graylog's Support Bundle feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Thanks to weiweiwei9811 for reporting this vulnerability and providing detailed information. Impact Graylog's Support Bundle...

3.8CVSS6.5AI score0.00569EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/25 1:53 p.m.2466 views

Hard-coded System User Credentials in Folio Data Export Spring module

Impact The module creates a system user that is used to perform internal module-to-module operations. Credentials for this user are hard-coded in the source code. This makes it trivial to authenticate as this user, resulting in unauthorized access to potentially dangerous APIs, allowing to view a...

9.1CVSS6.5AI score0.00646EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/31 6:30 p.m.1635 views

Remote Code Execution in Spring Framework

Spring Framework prior to versions 5.2.20 and 5.3.18 contains a remote code execution vulnerability known as Spring4Shell. Impact A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution RCE via data binding. The specific exploit requires the...

9.8CVSS1.8AI score0.99677EPSS
Exploits102References18Affected Software5
Github Security Blog
Github Security Blog
added 2020/04/29 10:19 p.m.1466 views

Potential XSS vulnerability in jQuery

Impact Passing HTML containing elements from untrusted sources - even after sanitizing them - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. Patches This problem is patched in jQuery 3.5.0. Workarounds To workaround this issue without...

6.9CVSS0.8383EPSS
Exploits6References121Affected Software4
Github Security Blog
Github Security Blog
added 2022/04/26 12:0 a.m.1429 views

ejs template injection vulnerability

The ejs aka Embedded JavaScript templates package 3.1.6 for Node.js allows server-side template injection in settingsview optionsoutputFunctionName. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command which is executed upon template...

9.8CVSS9.4AI score0.32386EPSS
Exploits5References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/30 12:31 a.m.1421 views

PostCSS line return parsing error

An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets CSS. There may be \r discrepancies, as demonstrated by @font-face font:\r/; in a rule. This vulnerability affects linters using PostCSS to parse external untrusted CSS. An...

5.3CVSS6.2AI score0.00822EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/20 8:47 p.m.1372 views

Inefficient Regular Expression Complexity in nth-check

There is a Regular Expression Denial of Service ReDoS vulnerability in nth-check that causes a denial of service when parsing crafted invalid CSS nth-checks. The ReDoS vulnerabilities of the regex are mainly due to the sub-pattern \s?:+-?\s\d+? with quantified overlapping adjacency and can be...

7.5CVSS7.4AI score0.02014EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/21 11:55 p.m.1180 views

node-fetch forwards secure headers to untrusted sites

node-fetch forwards secure headers such as authorization, www-authenticate, cookie, & cookie2 when redirecting to a untrusted site...

8.8CVSS7.7AI score0.01646EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2019/04/26 4:29 p.m.1171 views

XSS in jQuery as used in Drupal, Backdrop CMS, and other products

jQuery from 1.1.4 until 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype...

6.1CVSS6.6AI score0.87218EPSS
Exploits4References110Affected Software5
Github Security Blog
Github Security Blog
added 2020/05/21 6:52 p.m.1095 views

Potential remote code execution in Apache Tomcat

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an attacker is able to control the contents and name of a file on the server; and b the server is configured to use the PersistenceManager with a FileStore; and c the...

7CVSS5.9AI score0.56636EPSS
Exploits15References55Affected Software2
Github Security Blog
Github Security Blog
added 2021/05/10 3:38 p.m.1092 views

Cross-site Scripting in quill

A vulnerability in the HTML editor of Slab Quill allows an attacker to execute arbitrary JavaScript by storing an XSS payload a crafted onloadstart attribute of an IMG element in a text field. No patch exists and no further releases are planned. This CVE is disputed. Researchers have claimed that...

6.1CVSS2.3AI score0.01311EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 8:53 p.m.1050 views

uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided

Summary The v3, v5, and v6 API methods not uuid release versions accept external output buffers but do not reject out-of-range writes small buf or large offset. By contrast, v4, v1, and v7 API methods explicitly throw RangeError on invalid bounds. This inconsistency allows silent partial writes...

9.3CVSS5.9AI score0.00337EPSS
Exploits1References11Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/16 3:30 p.m.986 views

Server-Side Request Forgery in Request

The request package through 2.88.2 for Node.js and the @cypress/request package prior to 3.0.0 allow a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: The request package is no longer supported by the maintain...

6.1CVSS6.6AI score0.00719EPSS
Exploits1References12Affected Software2
Github Security Blog
Github Security Blog
added 2021/06/07 9:56 p.m.978 views

glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex

This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator...

7.5CVSS8.4AI score0.04456EPSS
Exploits1References11Affected Software1
Github Security Blog
Github Security Blog
added 2018/07/27 2:47 p.m.951 views

High severity vulnerability that affects jquery-ui

Withdrawn, accidental duplicate publish. Cross-site scripting XSS vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function...

6.1CVSS6AI score0.2258EPSS
Exploits1References2Affected Software4
Github Security Blog
Github Security Blog
added 2020/06/18 2:19 p.m.913 views

Angular vulnerable to Cross-site Scripting

angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping elements in ones changes parsing behavior, leading to possibly unsanitizing code...

5.4CVSS5.9AI score0.02142EPSS
Exploits0References25Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/06 3:57 p.m.884 views

Remote code execution in handlebars when compiling templates

The package handlebars before 4.7.7 are vulnerable to Remote Code Execution RCE when selecting certain compiling options to compile templates coming from an untrusted source...

9.8CVSS3.7AI score0.07028EPSS
Exploits2References9Affected Software4
Github Security Blog
Github Security Blog
added 2023/04/24 9:30 a.m.883 views

Prototype Pollution in sheetJS

All versions of SheetJS CE through 0.19.2 are vulnerable to "Prototype Pollution" when reading specially crafted files. Workflows that do not read arbitrary files for example, exporting data to spreadsheet files are unaffected. A non-vulnerable version cannot be found via npm, as the repository...

7.8CVSS7.8AI score0.00988EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/22 3:23 p.m.868 views

Croos-site scripting in Croogo

Croogo before 3.0.7 allows XSS via the title to admin/menus/menus or admin/taxonomy/vocabularies...

4.8CVSS3.4AI score0.00733EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/11/01 5:29 p.m.842 views

xmldom allows multiple root nodes in a DOM

Impact xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the childNodes collection of the Document, without reporting any error or throwing. This breaks the assumption that there is only a single root node in the tree, which led ...

9.8CVSS8.8AI score0.01182EPSS
Exploits1References11Affected Software2
Github Security Blog
Github Security Blog
added 2021/11/19 8:16 p.m.838 views

json-schema is vulnerable to Prototype Pollution

json-schema before version 0.4.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...

9.8CVSS9AI score0.03563EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.805 views

jQuery-UI vulnerable to Cross-site Scripting in dialog closeText

Affected versions of jquery-ui are vulnerable to a cross-site scripting vulnerability when arbitrary user input is supplied as the value of the closeText parameter in the dialog function. jQuery-UI is a library for manipulating UI elements via jQuery. Version 1.11.4 has a cross site scripting XSS...

6.1CVSS3.4AI score0.2258EPSS
Exploits1References39Affected Software4
Github Security Blog
Github Security Blog
added 2018/01/22 1:32 p.m.780 views

Cross-Site Scripting (XSS) in jquery

Affected versions of jquery interpret text/javascript responses from cross-origin ajax requests, and automatically execute the contents in jQuery.globalEval, even when the ajax request doesn't contain the dataType option. Recommendation Update to version 3.0.0 or later...

6.1CVSS7.1AI score0.29726EPSS
Exploits2References47Affected Software3
Github Security Blog
Github Security Blog
added 2022/03/26 12:19 a.m.777 views

Code Injection in PHPUnit

Util/PHP/eval-stdin.php in PHPUnit starting with 4.8.19 and before 4.8.28, as well as 5.x before 5.6.3, allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a ?php substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external...

9.8CVSS6.6AI score0.99999EPSS
Exploits19References13Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/21 8:6 p.m.765 views

Improper Handling of `callbackUrl` parameter in next-auth

Impact An attacker can send a request to an app using NextAuth.js with an invalid callbackUrl query parameter, which internally we convert to a URL object. The URL instantiation would fail due to a malformed URL being passed into the constructor, causing it to throw an unhandled error which led t...

7.5CVSS7.2AI score0.01571EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/04 5:19 p.m.762 views

Command Injection in gnuplot

All versions of gnuplot are vulnerable to Command Injection. The package fails to sanitize plot titles, which may allow attackers to execute arbitrary code in the system if the title value is supplied by a user. The following proof-of-concept creates a testing file in the current directory: var...

5AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/02 10:29 p.m.739 views

ip SSRF improper categorization in isPublic

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1 are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282...

8.1CVSS6.2AI score0.08279EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2019/02/22 8:54 p.m.734 views

Moderate severity vulnerability that affects Bootstrap.Less, bootstrap, and bootstrap.sass

In Bootstrap 4 before 4.3.1 and Bootstrap 3 before 3.4.1, XSS is possible in the tooltip or popover data-template attribute. For more information, see: https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/...

6.1CVSS1.1AI score0.1686EPSS
Exploits1References1Affected Software3
Github Security Blog
Github Security Blog
added 2021/04/21 7:38 p.m.710 views

.NET Core Remote Code Execution Vulnerability

.NET Core Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24112. Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0, .NET Core 3.1, and .NET Core 2.1. This advisory also provides guidance on what...

9.8CVSS4.3AI score0.30315EPSS
Exploits0References16Affected Software1
Github Security Blog
Github Security Blog
added 2020/02/14 11:8 p.m.707 views

AngularJS Cross-site Scripting due to failure to sanitize `xlink.href` attributes

Versions of angular prior to 1.5.0-beta.1 are vulnerable to Cross-Site Scripting. The package fails to sanitize xlink:href attributes, which may allow attackers to execute arbitrary JavaScript in a victim's browser if the value is user-controlled. Recommendation Upgrade to version 1.5.0-beta.1 or...

7.1CVSS4.2AI score0.01382EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/10/13 7:0 p.m.691 views

Arbitrary code execution in Apache Commons Text

Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation...

9.8CVSS9.9AI score0.99931EPSS
Exploits41References13Affected Software2
Github Security Blog
Github Security Blog
added 2020/05/20 4:18 p.m.691 views

Cross-Site Scripting in jquery

Versions of jquery prior to 1.9.0 are vulnerable to Cross-Site Scripting. The load method fails to recognize and remove HTML tags that contain a whitespace character, i.e: , which results in the enclosed script logic to be executed. This allows attackers to execute arbitrary JavaScript in a...

6.1CVSS6.2AI score0.06273EPSS
Exploits4References12Affected Software3
Github Security Blog
Github Security Blog
added 2021/04/13 3:16 p.m.670 views

Improper neutralization of arguments in freediskspace

This affects all versions of package freediskspace. The vulnerability arises out of improper neutralization of arguments in line 71 of freediskspace.js...

9.8CVSS8.9AI score0.0126EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/07 7:23 p.m.669 views

SvelteKit framework has Insufficient CSRF protection for CORS requests

Summary The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protection to its users. The protection is...

8.8CVSS8.8AI score0.00373EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2019/05/14 4:2 a.m.658 views

Server Side Request Forgery in Apache Axis

A Server Side Request Forgery SSRF vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2...

7.5CVSS3.9AI score0.86503EPSS
Exploits7References17Affected Software2
Github Security Blog
Github Security Blog
added 2020/06/05 4:13 p.m.653 views

dom4j allows External Entities by default which might enable XXE attacks

dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to dom4j:dom4j...

9.8CVSS3.9AI score0.07269EPSS
Exploits0References23Affected Software2
Github Security Blog
Github Security Blog
added 2024/02/08 6:30 p.m.640 views

NPM IP package incorrectly identifies some private IP addresses as public

The isPublic function in the NPM package ip doesn't correctly identify certain private IP addresses in uncommon formats such as 0x7F.1 as private. Instead, it reports them as public by returning true. This can lead to security issues such as Server-Side Request Forgery SSRF if isPublic is used to...

9.8CVSS9.6AI score0.01613EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/16 6:30 a.m.628 views

Spring Framework URL Parsing with Host Validation

Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is...

8.1CVSS6AI score0.01191EPSS
Exploits2References5Affected Software1
Github Security Blog
Github Security Blog
added 2019/12/26 5:58 p.m.626 views

Prototype Pollution in handlebars

Versions of handlebars prior to 3.0.8 or 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Objects' proto and defineGetter properties, which may allow an attacker to execute arbitrary code through crafted payloads. Recommendation Upgrade to versi...

9.8CVSS6.7AI score0.07066EPSS
Exploits0References11Affected Software2
Github Security Blog
Github Security Blog
added 2024/05/07 10:25 a.m.624 views

PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF

Impact If pdf.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true which is the default value, unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. Patches The patch removes the use of eval:...

8.8CVSS6.8AI score0.72648EPSS
Exploits15References17Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/11 9:20 p.m.623 views

Cross-Site Scripting in swagger-ui

Versions of swagger-ui prior to 3.20.9 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize URLs used in the OAuth auth flow, which may allow attackers to execute arbitrary JavaScript. Recommendation Upgrade to version 3.20.9 or later...

5AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2019/02/22 8:54 p.m.618 views

Moderate severity vulnerability that affects bootstrap and bootstrap-sass

In Bootstrap 4 before 4.3.1 and Bootstrap 3 before 3.4.1, XSS is possible in the tooltip or popover data-template attribute. For more information, see: https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/...

6.1CVSS1.1AI score0.1686EPSS
Exploits1References1Affected Software2
Github Security Blog
Github Security Blog
added 2019/04/23 3:59 p.m.615 views

Duplicate Advisory: Prototype Pollution in jquery

Duplicate Advisory This advisory is a duplicate of GHSA-6c3j-c64m-qhgq. This link is maintained to preserve external references. Original Description Versions of jquery prior to 3.4.0 are vulnerable to Prototype Pollution. The extend method allows an attacker to modify the prototype for Object...

3.9AI score
Exploits3References6Affected Software3
Total number of security vulnerabilities5000