Lucene search
K
GithubMost viewed

33187 matches found

Github Security Blog
Github Security Blog
added 2024/03/16 9:30 a.m.126 views

Improper Privilege Management in djangorestframework-simplejwt

djangorestframework-simplejwt before version 5.5.1 is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the foruser method...

5.5CVSS5.2AI score0.00804EPSS
Exploits4References11Affected Software1
Github Security Blog
Github Security Blog
added 2024/02/03 12:47 a.m.126 views

.NET Information Disclosure Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 3.1 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. An information disclosure vulnerability exists in .NE...

5.9CVSS6.2AI score0.0192EPSS
Exploits0References7Affected Software13
Github Security Blog
Github Security Blog
added 2023/07/19 3:30 p.m.126 views

Access Control Bypass in Spring Security

Using "" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass...

9.8CVSS8.9AI score0.03465EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/10 10:15 p.m.126 views

HL7 FHIR Partial Path Zip Slip due to bypass of CVE-2023-24057

Impact Zip Slip protections implemented in CVE-2023-24057 GHSA-jqh6-9574-5x22 can be bypassed due a partial path traversal vulnerability. This issue allows a malicious actor to potentially break out of the TerminologyCacheManager cache directory. The impact is limited to sibling directories. To...

8.1CVSS0.5AI score0.013EPSS
Exploits1References8Affected Software6
Github Security Blog
Github Security Blog
added 2020/06/05 4:24 p.m.126 views

XSS in Django

An issue was discovered in Django version 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack...

6.1CVSS3.3AI score0.02873EPSS
Exploits0References14Affected Software1
Github Security Blog
Github Security Blog
added 2020/05/15 6:59 p.m.126 views

jackson-databind mishandles the interaction between serialization gadgets and typing

FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef aka caucho-quercus...

8.8CVSS8.9AI score0.07963EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
added 2020/05/15 6:58 p.m.126 views

Polymorphic deserialization of malicious object in jackson-databind

A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5, and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code...

9.8CVSS9.2AI score0.0544EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2023/05/22 8:36 p.m.125 views

Unintended leak of Proxy-Authorization header in requests

Impact Since Requests v2.3.0, Requests has been vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuildproxies is used to recompute and reattach the Proxy-Authorization header to...

6.1CVSS6.6AI score0.02974EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/03 12:0 a.m.125 views

Regular expression denial of service in jquery-validation

An exponential ReDoS Regular Expression Denial of Service can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method...

7.5CVSS4.5AI score0.01327EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/10 8:3 p.m.125 views

SQL Injection in Geocoder

sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection when withinboundingbox is used in conjunction with untrusted swlat, swlng, nelat, or nelng data...

9.8CVSS9.7AI score0.01484EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/26 11:49 p.m.124 views

Kirby CMS vulnerable to cross-site scripting (XSS) from list field content in the site frontend

TL;DR This vulnerability affects all Kirby sites that use the list field or list block, when content is authored by users who may not be fully trusted. The attack requires an authenticated Panel user with update permission to any list field or list block. This vulnerability is of high severity fo...

5.7AI score0.0004EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/15 10:16 p.m.124 views

Laravel RCE vulnerability in "cookie" session driver

Applications using the "cookie" session driver that were also exposing an encryption oracle via their application were vulnerable to remote code execution. An encryption oracle is a mechanism where arbitrary user input is encrypted and the encrypted string is later displayed or exposed to the use...

8.2AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/11/21 11:55 p.m.124 views

Uncaught exception in engine.io

Impact A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. events.js:292 throw er; // Unhandled 'error' event ^ Error: read ECONNRESET at TCP.onStreamRead internal/streambasecommons.js:209:20 Emitted 'error' event on Socket...

7.1CVSS6.6AI score0.01939EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:36 p.m.124 views

Keycloak vulnerable to Server-Side Request Forgery

A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter requesturi. This flaw allows an attacker to use this parameter to execute a Server-side request forgery SSRF attack...

5.3CVSS3.8AI score0.69724EPSS
Exploits5References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/07 12:21 a.m.124 views

Regular Expression Denial of Service in postcss

The package postcss versions before 7.0.36 or between 8.0.0 and 8.2.13 are vulnerable to Regular Expression Denial of Service ReDoS via getAnnotationURL and loadAnnotation in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern regex /\s sourceMappingURL=. PoC js var...

7.5CVSS6.7AI score0.02508EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/11/17 9:58 p.m.124 views

HTML comments vulnerability allowing to execute JavaScript code

Affected packages The vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. Impact A potential vulnerability has been discovered in CKEditor 4 HTML processing core module. The vulnerability allowed to inject malformed comments HTML...

8.2CVSS2.7AI score0.0147EPSS
Exploits0References8Affected Software2
Github Security Blog
Github Security Blog
added 2019/05/23 9:32 a.m.124 views

Information exposure in FasterXML jackson-databind

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint, the service has the mysql-connector-java jar 8.0.14 or earlier in the classpath, and an...

7.5CVSS1.2AI score0.21949EPSS
Exploits2References46Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/01 7:45 a.m.123 views

Cross-site scripting in Apache Tomcat

Cross-site scripting XSS vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly...

4.3CVSS4.1AI score0.72168EPSS
Exploits0References31Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/02 5:17 p.m.123 views

Prototype Pollution in immer

This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition p === "proto" || p === "constructor" in applyPatches...

9.8CVSS8.4AI score0.0178EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/23 7:42 p.m.123 views

Uncaught Exception in jsoup

Impact What kind of vulnerability is it? Who is impacted? Those using jsoup to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck loop indefinitely until cancelled, to comple...

7.5CVSS7.3AI score0.06873EPSS
Exploits0References16Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/16 7:53 p.m.123 views

Grav's Twig processing allowing dangerous PHP functions by default

Impact Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Patches The issue was...

8.4CVSS2.2AI score0.30623EPSS
Exploits5References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/01/14 7:18 p.m.123 views

Denial of Service in Apache POI

Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: - Infinite Loops while parsing crafted WMF, EMF, MSG and macros POI bugs 61338 and 61294 - Out of Memory Exceptions while parsing crafted DOC, PPT and XLS POI bugs 52372 and 61295...

7.5CVSS4.2AI score0.10248EPSS
Exploits3References15Affected Software1
Github Security Blog
Github Security Blog
added 2019/12/26 6:22 p.m.123 views

Insufficiently Protected Credentials in Apache Tomcat

When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user...

7CVSS3.5AI score0.01221EPSS
Exploits0References19Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 7:36 p.m.122 views

Caddy: Remote Admin Authorization Bypass on PKI Endpoints via Prefix-Based Path Matching

AI Disclosure I used an LLM to help review the source code, reason about attack surface, and help draft and refine this report. I manually validated the finding by reproducing it locally, confirming the vulnerable code path, and verifying the HTTP behavior with curl -v. Summary Caddy's remote adm...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/27 8:43 p.m.122 views

AWS SDK for Java 2.0: Improper Handling of Special Characters in CloudFront Signing Utilities

Summary This notification is related to the CloudFront signing utilities in the AWS SDK for Java v2, which are used to generate Amazon CloudFront signed URLs and signed cookies. A defense-in-depth enhancement has been implemented to improve handling of special characters, such as double quotes an...

5.8AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/04/20 9:31 p.m.122 views

SQL injection in Tortoise ORM

Impact Various forms of SQL injection has been found, for MySQL and when filtering or doing mass-updates on char/text fields. SQLite & PostgreSQL was only affected when filtering with contains, startswith or endswith filters and their case-insensitive counterparts Patches Please upgrade to 0.15.2...

8.8CVSS3AI score0.01038EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/03/05 7:9 p.m.121 views

Laravel has a File Validation Bypass

When using wildcard validation to validate a given file or image field array files., a user-crafted malicious request could potentially bypass the validation rules...

9.8CVSS7.1AI score0.00685EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/12/09 7:9 p.m.121 views

Potential bypass of an upstream access control based on URL paths in Django

In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. This issue has low severity, according to the Django security policy...

7.5CVSS1.6AI score0.02295EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/27 6:41 p.m.121 views

opencontainers runc contains procfs race condition with a shared volume mount

Impact By crafting a malicious root filesystem with /proc being a symlink to a directory which was inside a volume shared with another running container, an attacker in control of both containers can trick runc into not correctly configuring the container's security labels and not correctly maski...

7CVSS6.8AI score0.00457EPSS
Exploits0References21Affected Software1
Github Security Blog
Github Security Blog
added 2020/11/04 5:50 p.m.121 views

Local Temp Directory Hijacking Vulnerability

Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the...

7CVSS7.7AI score0.043EPSS
Exploits1References147Affected Software2
Github Security Blog
Github Security Blog
added 2022/07/12 7:39 p.m.120 views

Active Record RCE bug with Serialized Columns

When serialized columns that use YAML the default are deserialized, Rails uses YAML.unsafeload to convert the YAML data in to Ruby objects. If an attacker can manipulate data in the database via means like SQL injection, then it may be possible for the attacker to escalate to an RCE. There are no...

9.8CVSS9.3AI score0.02386EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/27 7:2 p.m.120 views

XML External Entity (XXE) Injection in JDOM

An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. As a workaround, to avoid external entities being expanded, one can call builder.setExpandEntitiesfalse and they won't be expanded...

7.5CVSS7.2AI score0.19442EPSS
Exploits1References22Affected Software2
Github Security Blog
Github Security Blog
added 2021/06/18 6:43 p.m.120 views

Cross-site Scripting in Apache Airflow

The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions 1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fi...

6.1CVSS6.5AI score0.14389EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/02/05 8:43 p.m.120 views

Command injection in total.js

There is a command injection vulnerability that affects the package total.js before version 3.4.7. The issue occurs in the image.pipe and image.stream functions. The type parameter is used to build the command that is then executed using childprocess.spawn. The issue occurs because...

8.6CVSS8.8AI score0.01702EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/01/19 7:36 p.m.120 views

Query Binding Exploitation

Description Laravel versions 6.20.12, 7.30.3 & 8.22.1 contain a query binding exploitation. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to its expected type before being passed to the query builder, an unexpected...

7.2CVSS0.5AI score0.01605EPSS
Exploits0References10Affected Software2
Github Security Blog
Github Security Blog
added 2020/05/15 6:58 p.m.120 views

jackson-databind mishandles the interaction between serialization gadgets and typing

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider aka bus-proxy...

8.8CVSS3.5AI score0.03538EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/30 3:25 p.m.119 views

/sys/devices/virtual/powercap accessible by default to containers

Intel's RAPL Running Average Power Limit feature, introduced by the Sandy Bridge microarchitecture, provides software insights into hardware energy consumption. To facilitate this, Intel introduced the powercap framework in Linux kernel 3.13, which reads values via relevant MSRs model specific...

5.5CVSS7.2AI score0.00462EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/10/07 7:29 a.m.119 views

Flask-Security vulnerable to Open Redirect

This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only...

6.1CVSS3.6AI score0.00913EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/09 12:0 a.m.119 views

Authorization Bypass Through User-Controlled Key in go-restful

Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0...

9.3CVSS2.2AI score0.02737EPSS
Exploits1References17Affected Software3
Github Security Blog
Github Security Blog
added 2026/05/14 8:18 p.m.119 views

Open WebUI has a full SSRF Vulnerability in the RAG Web Search Feature

SSRF Bypass via IPv6/IPv4-mapped IPv6/IPv4-reserved-ranges in validateurl Summary validateurl in backend/openwebui/retrieval/web/utils.py calls validators.ipv6ip, private=True, but the validators library does NOT implement the private keyword for IPv6 — the call raises a ValidationError which is...

8.5CVSS5.8AI score0.00286EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/12/05 10:46 p.m.118 views

Test code in published microsoft-graph package exposes phpinfo()

Impact The Microsoft Graph PHP SDK published packages which contained test code that enabled the use of the phpInfo function from any application that could access and execute the file at vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php. The phpInfo function exposes system information. The...

5.4CVSS6.2AI score0.02203EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2023/02/08 12:35 a.m.118 views

Kubernetes apimachinery packages vulnerable to unbounded recursion in JSON or YAML parsing

CVE-2019-11253 is a denial of service vulnerability in the kube-apiserver, allowing authorized users sending malicious YAML or JSON payloads to cause kube-apiserver to consume excessive CPU or memory, potentially crashing and becoming unavailable. When creating a ConfigMap object which has...

7.5CVSS8.5AI score0.25939EPSS
Exploits2References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/09 11:3 p.m.118 views

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it was possible that a subsequent request made on that connection could...

4.3CVSS0.3AI score0.57286EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/21 11:27 p.m.118 views

Deserialization of Untrusted Data in Log4j 1.x

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName...

8.8CVSS5.2AI score0.61785EPSS
Exploits0References10Affected Software2
Github Security Blog
Github Security Blog
added 2021/06/28 6:20 p.m.118 views

Private files publicly accessible with Cloud Storage providers

Impact Private files publicly accessible with Cloud Storage providers when the hashed URL is known Patches We recommend first changing your configuration to set the correct visibility according to the documentation. The visibility must be at the same level as type. When the Storage is saved on...

1AI score
Exploits0References2Affected Software2
Github Security Blog
Github Security Blog
added 2021/06/08 8:11 p.m.118 views

Remote code execution in zendframework and laminas-http

Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the destruct method of the Zend\Http\Response\Stream class in Stream.php. NOTE: Zend Framework is no longer...

9.8CVSS9.5AI score0.75313EPSS
Exploits3References7Affected Software2
Github Security Blog
Github Security Blog
added 2020/10/13 5:29 p.m.118 views

Cross-site Scripting in Joplin

Joplin through 1.0.184 allows Arbitrary File Read via Cross-site Scripting XSS...

5.4CVSS3.4AI score0.03566EPSS
Exploits5References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/04/07 3:47 p.m.118 views

Prototype pollution in class-transformer

class-transformer through 0.2.3 is vulnerable to Prototype Pollution. The 'classToPlainFromExist' function could be tricked into adding or modifying properties of 'Object.prototype' using a 'proto' payload...

5.3CVSS3.2AI score0.01159EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/06 9:46 p.m.117 views

Tornado has a CRLF injection in CurlAsyncHTTPClient headers

Summary Tornado’s curlhttpclient.CurlAsyncHTTPClient class is vulnerable to CRLF carriage return/line feed injection in the request headers. Details When an HTTP request is sent using CurlAsyncHTTPClient, Tornado does not reject carriage return \r or line feed \n characters in the request headers...

7.5AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/14 9:50 p.m.117 views

PocketMine-MP vulnerable to server crash using badly formatted sign NBT in BlockActorDataPacket

Summary A player sending a packet can cause the server to crash by providing incorrect sign data in NBT in BlockActorDataPacket. Details This vulnerability was discovered using the BlockActorDataPacket, but other packets may also be affected. The player would seem to just need to send an NBT with...

6.7AI score
Exploits0References3Affected Software1
Total number of security vulnerabilities5000