Lucene search
K
GithubMost viewed

33123 matches found

Github Security Blog
Github Security Blog
•added 2019/12/30 7:30 p.m.•135 views

Remote Code Execution Vulnerability in NPM mongo-express

Impact Remote code execution on the host machine by any authenticated user. Proof Of Concept Launching mongo-express on a Mac, pasting the following into the "create index" field will pop open the Mac calculator: javascript this.constructor.constructor"return...

9.9CVSS9.4AI score0.84845EPSS
Exploits3References9Affected Software1
Github Security Blog
Github Security Blog
•added 2023/09/12 3:30 p.m.•134 views

libwebp: OOB write in BuildHuffmanTable

Heap buffer overflow in libwebp allow a remote attacker to perform an out of bounds memory write via a crafted HTML page...

8.8CVSS7.3AI score0.99735EPSS
Exploits9References63Affected Software13
Github Security Blog
Github Security Blog
•added 2022/10/12 7:0 p.m.•134 views

Dolibarr vulnerable to Eval Injection

Dolibarr ERP & CRM =15.0.3 are vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval...

9.8CVSS9.5AI score0.33371EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2022/08/18 7:0 p.m.•134 views

OpenZeppelin Contracts vulnerable to ECDSA signature malleability

Impact The functions ECDSA.recover and ECDSA.tryRecover are vulnerable to a kind of signature malleability due to accepting EIP-2098 compact signatures in addition to the traditional 65 byte signature format. This is only an issue for the functions that take a single bytes argument, and not the...

7.9CVSS6.3AI score0.00336EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
•added 2021/06/15 3:54 p.m.•133 views

Uncontrolled memory consumption

In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions...

5.5CVSS4.4AI score0.03445EPSS
Exploits0References20Affected Software2
Github Security Blog
Github Security Blog
•added 2021/05/04 8:18 p.m.•133 views

Prototype Pollution in merge

All versions of package merge 2.1.1 are vulnerable to Prototype Pollution via recursiveMerge...

9.8CVSS8.9AI score0.01443EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/27 3:56 p.m.•133 views

Node-Redis potential exponential regex in monitor mode

Impact When a client is in monitoring mode, the regex begin used to detected monitor messages could cause exponential backtracking on some strings. This issue could lead to a denial of service. Patches The problem was fixed in commit 2d11b6d and was released in version 3.1.1. References 1569...

7.5CVSS5.2AI score0.01674EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2020/12/21 4:28 p.m.•133 views

XStream vulnerable to an Arbitrary File Deletion on the local host when unmarshalling

Impact The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executing process has sufficient rights only by manipulating the processed input stream. Patches If you rely on XStream's default blacklist of the Security Framework, you will have to use...

6.8CVSS8.4AI score0.82392EPSS
Exploits5References11Affected Software1
Github Security Blog
Github Security Blog
•added 2018/10/16 7:37 p.m.•133 views

REST Plugin in Apache Struts uses an XStreamHandler with an instance of XStream for deserialization without any type filtering

The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads...

8.1CVSS8.5AI score0.99461EPSS
Exploits23References19Affected Software1
Github Security Blog
Github Security Blog
•added 2026/06/15 5:24 p.m.•132 views

@angular/common: Weak 32-Bit Cache Key Hashing in `HttpTransferCache` Leading to Cross-Request Data Leakage and State Poisoning

Angular's HttpTransferCache caches HTTP requests made during Server-Side Rendering SSR so that they can be reused during client-side hydration. This avoids repeating the same HTTP requests on the client. The cached responses are stored in TransferState using a cache key generated by hashing reque...

8.8CVSS5.3AI score0.0009EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/05/12 3:1 p.m.•133 views

protobuf.js: Code generation gadget after prototype pollution

Summary protobufjs used plain objects with inherited prototypes for internal type lookup tables used by generated encode and decode functions. If Object.prototype had already been polluted, those lookup tables could resolve attacker-controlled inherited properties as valid protobuf type...

8.1CVSS6AI score0.00499EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/30 6:34 p.m.•132 views

OpenTelemetry's disk retry default temp path enables local blob injection via OTLP Exporter

Summary The OTLP disk retry feature in OpenTelemetry.Exporter.OpenTelemetryProtocol silently fell back to Path.GetTempPath when OTELDOTNETEXPERIMENTALOTLPRETRY=disk was set but OTELDOTNETEXPERIMENTALOTLPDISKRETRYDIRECTORYPATH was not configured. The exporter stored and loaded .blob files under...

7.8CVSS5.4AI score0.00108EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2024/04/24 9:16 p.m.•132 views

pyLoad allows upload to arbitrary folder lead to RCE

Summary An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution Details example version: 0.5 file:src/pyload/webui/app/blueprints/appblueprint.py python @bp.route"/render/", endpoint="render" def renderfilename:...

9.1CVSS7.1AI score0.01354EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2022/11/23 3:44 p.m.•132 views

sweetalert2 v9.17.4 and above contains hidden functionality

sweetalert2 versions 9.17.4 and up until 10.0.0 are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions 9.0.0 - 9.17.3. Workaround Users wh...

7AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2022/01/05 3:1 p.m.•132 views

Prototype Pollution in dojo

All versions of package dojo are vulnerable to Prototype Pollution via the setObject function...

9.8CVSS4.9AI score0.30367EPSS
Exploits1References11Affected Software1
Github Security Blog
Github Security Blog
•added 2021/10/21 5:49 p.m.•132 views

Directory Traversal in Babel

Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files containing serialized Python objects via directory traversal, leading to code execution...

7.8CVSS6.5AI score0.00716EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
•added 2021/08/30 4:11 p.m.•132 views

Cachet configuration leak

Impact Authenticated users, regardless of their privileges User or Admin, can leak the value of any configuration entry of the dotenv file, e.g. the application secret APPKEY and various passwords email, database, etc. Patches This issue was addressed by improving UpdateConfigCommandHandler and...

8.8CVSS8.3AI score0.03894EPSS
Exploits2References5Affected Software1
Github Security Blog
Github Security Blog
•added 2020/12/10 7:7 p.m.•132 views

Uninitialized memory access in TensorFlow

Impact Under certain cases, a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to default initialize the quantized floating point types in Eigen: cc struct QUInt8 QUInt8 /...

5.3CVSS3.4AI score0.00243EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
•added 2026/05/27 6:24 p.m.•131 views

LiquidJS is Vulnerable to Remote Code Execution

Summary It is possible to execute arbitrary code with crafted templates Details 1|valueOf - this when evaluating the filter liquid %assign r=1|valueOf% r|inspect json...

6.2AI score0.00089EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2024/11/12 10:8 p.m.•131 views

Laravel environment manipulation via query string

Description When the registerargcargv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. Resolution The framework now ignores argv values for environment detection on...

8.7CVSS6.7AI score0.37981EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2024/01/09 6:30 p.m.•131 views

Microsoft.Data.SqlClient and System.Data.SqlClient vulnerable to SQL Data Provider Security Feature Bypass

Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability...

8.7CVSS8.8AI score0.0118EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
•added 2022/02/15 1:57 a.m.•131 views

Symlink Attack in kubectl cp

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could r...

6.4CVSS1.5AI score0.13164EPSS
Exploits2References13Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/24 7:53 p.m.•131 views

Prototype Pollution in jquery-deparam

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' in jquery-deparam allows a malicious user to inject properties into Object.prototype...

8.8CVSS4.1AI score0.0213EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/03/22 11:27 p.m.•131 views

XStream can cause a Denial of Service.

Impact The vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected, who followed the recommendation ...

7.5CVSS1AI score0.77801EPSS
Exploits1References17Affected Software1
Github Security Blog
Github Security Blog
•added 2021/01/13 6:21 p.m.•131 views

Regular Expression Denial of Service in jquery-validation

The GitHub Security Lab team has identified potential security vulnerabilities in jquery.validation. The project contains one or more regular expressions that are vulnerable to ReDoS Regular Expression Denial of Service This issue was discovered and reported by GitHub team member @erik-krogh Erik...

7.5CVSS2.8AI score0.03532EPSS
Exploits0References11Affected Software2
Github Security Blog
Github Security Blog
•added 2023/03/02 11:21 p.m.•130 views

keycloak-connect contains Open redirect vulnerability in the Node.js adapter

There is an Open Redirect vulnerability in the Node.js adapter when forwarding requests to Keycloak using checkSSO with query param prompt=none...

6.1CVSS3AI score0.00399EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/12/07 9:23 p.m.•130 views

SQL injection in prestashop/prestashop

Impact Blind SQLi using Search filters with orderBy and sortOrder parameters Patches The problem is fixed in 1.7.8.2...

9.8CVSS3.9AI score0.04133EPSS
Exploits2References7Affected Software1
Github Security Blog
Github Security Blog
•added 2021/06/07 10:11 p.m.•130 views

Denial of service in css-what

The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input...

7.5CVSS7.5AI score0.02267EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2021/03/22 11:28 p.m.•130 views

A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host

Impact The processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in a...

9.1CVSS0.9AI score0.4999EPSS
Exploits1References17Affected Software1
Github Security Blog
Github Security Blog
•added 2020/03/05 10:9 p.m.•130 views

Local file disclosure in PHPMailer

An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base...

5.5CVSS0.1AI score0.02161EPSS
Exploits6References9Affected Software1
Github Security Blog
Github Security Blog
•added 2020/02/14 11:10 p.m.•130 views

BibTeX-Ruby vulnerable to OS command injection

BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open...

10CVSS9.4AI score0.0281EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2020/02/14 11:9 p.m.•130 views

OS command injection in git-diff-apply

In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2...

9.8CVSS5.9AI score0.02147EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2023/07/11 10:45 p.m.•129 views

A stored XSS in jaeger UI might allow an attacker who controls a trace to perform arbitrary jaeger queries

Related UI vulnerability advisory: https://github.com/jaegertracing/jaeger-ui/security/advisories/GHSA-vv24-rm95-q56r Summary Jaeger UI is using the json-markup dependency to display span attributes and resources. This dependency is not sanitising keys of an object though, thus the KeyValuesTable...

6.2AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/06/10 3:43 p.m.•129 views

Jetty Utility Servlets ConcatServlet Double Decoding Information Disclosure Vulnerability

Requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory. For example a request to the ConcatServlet with a URI of /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the...

5.3CVSS1.6AI score0.7848EPSS
Exploits2References26Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/18 9:8 p.m.•129 views

Authorization bypass in github.com/dgrijalva/jwt-go

jwt-go allows attackers to bypass intended access restrictions in situations with string for m"aud" which is allowed by the specification. Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience...

7.5CVSS7.4AI score0.02158EPSS
Exploits0References8Affected Software2
Github Security Blog
Github Security Blog
•added 2020/02/14 11:10 p.m.•129 views

Yarn Improper link resolution before file access (Link Following)

In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted "bin" keys. Existing files could be overwritten depending on the current user permission set...

7.8CVSS7.4AI score0.01505EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
•added 2019/12/20 11:4 p.m.•129 views

HTTP Request Smuggling: Content-Length Sent Twice in Waitress

Impact Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. So a request with: Content-Length: 10 Content-Length: 10 would get transformed to: Content-Length: 10, 10 Whic...

7.5CVSS6.8AI score0.02122EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2024/02/16 3:59 p.m.•128 views

fetch(url) leads to a memory leak in undici

Impact Calling fetchurl and not consuming the incoming body or consuming it very slowing will lead to a memory leak. Patches Patched in v6.6.1 Workarounds Make sure to always consume the incoming body...

6.5CVSS7AI score0.007EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2022/07/02 12:0 a.m.•128 views

Command injection in git-clone

All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git. Credits Credit to @lirantal for discovering this vulnerability...

10CVSS9.4AI score0.03227EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2022/03/22 7:28 p.m.•128 views

Removal of functional code in faker.js

Faker.js helps users create large amounts of data for testing and development. The maintainer deliberately removed the functional code from this package. This appears to be a purposeful and successful attempt to make the package unusable. This is related to the colors.js CVE-2021-23567. The...

7.5CVSS3.1AI score0.01733EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
•added 2020/05/15 6:58 p.m.•128 views

jackson-databind mishandles the interaction between serialization gadgets and typing

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime aka openjpa...

8.8CVSS3.7AI score0.06278EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
•added 2024/09/19 4:6 p.m.•127 views

protobuf-java has potential Denial of Service issue

Summary When parsing unknown fields in the Protobuf Java Lite and Full library, a maliciously crafted message can cause a StackOverflow error and lead to a program crash. Reporter: Alexis Challande, Trail of Bits Ecosystem Security Team Affected versions: This issue affects all versions of both t...

8.7CVSS7.8AI score0.02772EPSS
Exploits1References12Affected Software5
Github Security Blog
Github Security Blog
•added 2024/07/01 8:34 p.m.•127 views

Remote Code Execution (RCE) vulnerability in geoserver

Summary Multiple OGC request parameters allow Remote Code Execution RCE by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. Details The GeoTools library API that GeoServer calls evaluates...

9.8CVSS9.8AI score0.99813EPSS
Exploits25References9Affected Software3
Github Security Blog
Github Security Blog
•added 2023/09/29 8:39 p.m.•127 views

Composer Remote Code Execution vulnerability via web-accessible composer.phar

Impact Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be impacted if PHP also has registerargcargv enabled in php.ini. Patches 2.6.4, 2.2.22 and 1.10.27 patch this vulnerability. Workarounds Make sure registerargcargv i...

8.8CVSS7.2AI score0.01378EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/20 7:54 p.m.•127 views

Cross site scripting via canonical tag in Contao

Impact Untrusted users can inject malicious code into the canonical tag, which is then executed on the web page front end. Patches Update to Contao 4.13.3. Workarounds Disable canonical tags in the root page settings. References...

7.2CVSS6.2AI score0.03795EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
•added 2022/04/28 9:1 p.m.•127 views

Reflected XSS on clients-registrations endpoint

A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak. When a malicious request is sent to the client registration endpoint, the error message is not properly escaped, allowing an attacker to execute malicious scripts into the user's browser. Acknowledgement...

1.6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added 2021/07/22 7:48 p.m.•127 views

Denial of Service in SheetJS Pro

SheetJS Pro through 0.16.9 allows attackers to cause a denial of service memory consumption via a crafted .xlsx document that is mishandled when read by xlsx.js issue 1 of 2...

5.5CVSS5.5AI score0.0088EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
•added 2021/06/04 9:15 p.m.•127 views

Path Traversal in Django

In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names...

7.5CVSS4.5AI score0.05291EPSS
Exploits0References17Affected Software1
Github Security Blog
Github Security Blog
•added 2018/12/21 5:47 p.m.•127 views

High severity vulnerability that affects commons-fileupload:commons-fileupload

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service CPU consumption via a long boundary string...

7.8CVSS5.7AI score0.35927EPSS
Exploits0References54Affected Software1
Github Security Blog
Github Security Blog
•added 2024/03/16 9:30 a.m.•126 views

Improper Privilege Management in djangorestframework-simplejwt

djangorestframework-simplejwt before version 5.5.1 is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the foruser method...

5.5CVSS5.2AI score0.00804EPSS
Exploits4References11Affected Software1
Total number of security vulnerabilities5000