Lucene search
K
GithubMost viewed

33187 matches found

Github Security Blog
Github Security Blog
added 2023/06/22 9:30 p.m.117 views

Dynamic Linq vulnerable to remote code execution

Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including Where, Select, OrderBy is parsed...

9.8CVSS8.1AI score0.34904EPSS
Exploits4References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/20 9:19 p.m.117 views

Nunjucks autoescape bypass leads to cross site scripting

Impact In Nunjucks versions prior to version 3.2.4, it was possible to bypass the restrictions which are provided by the autoescape functionality. If there are two user-controlled parameters on the same line used in the views, it was possible to inject cross site scripting payloads using the...

6.1CVSS5.6AI score0.00354EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/20 1:36 a.m.117 views

Java Melody vulnerable to cross-site scripting

JavaMelody is a monitoring tool for JavaEE applications. Versions prior to 1.61.0 are vulnerable to a cross-site scripting XSS attack. This issue was patched in version 1.61.0, and users are recommended to upgrade to the latest version. There are no known workarounds...

3.5AI score0.0227EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 12:54 a.m.117 views

Arbitrary code execution in Apache Struts 2

The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression...

9.8CVSS7.8AI score0.17171EPSS
Exploits2References10Affected Software2
Github Security Blog
Github Security Blog
added 2021/05/06 4:11 p.m.117 views

Regular Expression Denial of Service (ReDoS) in ua-parser-js

ua-parser-js = 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time...

7.5CVSS3.7AI score0.03366EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/12/10 7:7 p.m.117 views

Write to immutable memory region in TensorFlow

Impact The tf.rawops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the memory area: python import...

4.4CVSS0.9AI score0.00203EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
added 2020/09/10 5:46 p.m.117 views

The `size` option isn't honored after following a redirect in node-fetch

Impact Node Fetch did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no impact. However, if you are relyin...

5.3CVSS0.8AI score0.01692EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/04/10 6:19 p.m.117 views

Information disclosure through error object in auth0.js

Overview Between versions 8.0.0 and 9.13.1inclusive, in the case of an authentication error, the error object returned by the library contains the original request of the user, which may include the plaintext password the user entered. If the error object is exposed or logged without modification...

5.5CVSS1.7AI score0.00871EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/26 10:26 p.m.116 views

Nodemailer has SMTP command injection due to unsanitized `envelope.size` parameter

Summary When a custom envelope object is passed to sendMail with a size property containing CRLF characters \r\n, the value is concatenated directly into the SMTP MAIL FROM command without sanitization. This allows injection of arbitrary SMTP commands, including RCPT TO — silently adding...

6.1AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/10 5:21 p.m.116 views

Authentication bypass in SilverStripe GraphQL

The GraphQL module accepts basic-auth as an authentication method by default. This can be used to bypass MFA authentication if the silverstripe/mfa module is installed, which is now a commonly installed module. A users password is still required though. Basic-auth has been removed as a default...

6.5CVSS6.6AI score0.01157EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/25 9:26 p.m.116 views

Improper Input Validation in PyYAML

A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be...

10CVSS3.4AI score0.05984EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 10:29 p.m.115 views

October Rain has Stored XSS via SVG Filter Bypass

A stored cross-site scripting XSS vulnerability was identified in the SVG sanitization logic. The regex pattern used to strip on event handler attributes could be bypassed using a crafted payload that exploits how the pattern matches attribute boundaries. Impact - Stored XSS via malicious SVG fil...

4.8CVSS5.5AI score0.00217EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/18 6:45 p.m.115 views

tinacms is vulnerable to arbitrary code execution

Summary tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. Details The gray-matter package executes by default the code in the markdown file's front matter. tinacms...

8.8CVSS8.3AI score0.00393EPSS
Exploits1References4Affected Software3
Github Security Blog
Github Security Blog
added 2023/10/06 8:46 p.m.115 views

Vulnerable version of libwebp and can be exploited with a malicious source image

Impact This vulnerability affects deployments of FreeImage that involve decoding or processing malicious source .webp files. If you only process your own trusted files, this should not affect you, but you should remove FreeImage from your project, as it is not maintained and presents a massive...

8.8CVSS8.4AI score0.99735EPSS
Exploits9References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/13 3:30 a.m.115 views

Cross-realm object access in Webpack 5

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object...

9.8CVSS8.8AI score0.01421EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/09/23 4:32 p.m.115 views

Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console

An issue was discovered in Keycloak allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...

7.2CVSS2.5AI score0.00834EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/21 11:25 p.m.115 views

Security Advisory for "Log4Shell"

Impact A highly critical 0-day exploit CVE-2021-44228 is found in Apache log4j 2 library on December 9, 2021. This affects Apache log4j versions from 2.0-beta9 to 2.14.1 inclusive. This vulnerability allows a remote attacker to execute code on the server if the system logs an attacker-controlled...

10CVSS1AI score0.99999EPSS
Exploits355References2Affected Software2
Github Security Blog
Github Security Blog
added 2021/09/20 8:20 p.m.115 views

Inefficient Regular Expression Complexity in chalk/ansi-regex

ansi-regex is vulnerable to Inefficient Regular Expression Complexity which could lead to a denial of service when parsing invalid ANSI escape codes. Proof of Concept js import ansiRegex from 'ansi-regex'; forvar i = 1; i = 50000; i++ var time = Date.now; var attackstr = "\u001B"+";".repeati10000...

7.8CVSS8.4AI score0.03304EPSS
Exploits1References13Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/16 6:3 p.m.115 views

Improper Check for Unusual or Exceptional Conditions in json-smart

An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive...

5.9CVSS1.2AI score0.02886EPSS
Exploits1References13Affected Software2
Github Security Blog
Github Security Blog
added 2021/05/18 6:26 p.m.115 views

Infinite Loop in jsonparser

The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service infinite loop via a Delete call...

7.5CVSS4.7AI score0.02473EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 8:28 p.m.114 views

Renovate vulnerable to arbitrary command injection via npm manager and malicious Renovate configuration

Summary The user-provided string packageName in the npm manager is appended to the npm install command during lock maintenance without proper sanitization. Details Adversaries can provide a maliciously crafted Renovate configuration file to trick Renovate to execute arbitrary code. The...

8.1AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/22 9:35 p.m.114 views

Minerva timing attack on P-256 in python-ecdsa

python-ecdsa has been found to be subject to a Minerva timing attack on the P-256 curve. Using the ecdsa.SigningKey.signdigest API function and timing signatures an attacker can leak the internal nonce which may allow for private key discovery. Both ECDSA signatures, key generation, and ECDH...

7.4CVSS6.8AI score0.00977EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/03 3:30 p.m.114 views

Django has regular expression denial of service vulnerability in EmailValidator/URLValidator

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS regular expression denial of service attack via a very large number of domain name labels of emails and URLs...

7.5CVSS6.7AI score0.02978EPSS
Exploits0References19Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/19 6:25 p.m.114 views

Improper header name validation in guzzlehttp/psr7

Impact Improper header parsing. An attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. Patches The issue is patched in 1.9.1 and 2.4.5...

7.5CVSS5.7AI score0.01216EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2022/08/27 12:0 a.m.114 views

Keycloak XSS via use of malicious payload as group name when creating new group from admin console

A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting XSS attack...

5.4CVSS3.4AI score0.02731EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/24 12:0 a.m.114 views

Cross-site Scripting in Apache Tomcat

In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability...

6.1CVSS6.3AI score0.06156EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:10 a.m.114 views

Improper Certificate Validation in Apache Commons HttpClient

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle...

5.8CVSS6.9AI score0.09254EPSS
Exploits0References17Affected Software1
Github Security Blog
Github Security Blog
added 2022/04/29 12:0 a.m.114 views

Improper Input Validation in httpx

Encode OSS httpx =1.0.0.beta0 is affected by improper input validation in httpx.URL, httpx.Client and some functions using httpx.URL.copywith...

9.1CVSS1.4AI score0.02026EPSS
Exploits1References12Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/21 12:0 a.m.114 views

Authorization Bypass Through User-Controlled Key in url-parse

url-parse prior to version 1.5.8 is vulnerable to Authorization Bypass Through User-Controlled Key...

9.1CVSS3.9AI score0.01827EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/12/14 7:49 p.m.114 views

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in...

7.5CVSS4.7AI score0.81147EPSS
Exploits9References16Affected Software2
Github Security Blog
Github Security Blog
added 2021/05/17 8:57 p.m.114 views

Prototype pollution in 101

Prototype pollution vulnerability in '101' versions 1.0.0 through 1.6.3 allows an attacker to cause a denial of service and may lead to remote code execution...

9.8CVSS6.8AI score0.03299EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/07 4:29 p.m.114 views

Cross-site Scripting in Joplin

An XSS issue in Joplin desktop allows arbitrary code execution via a malicious HTML embed tag...

6.1CVSS6.5AI score0.04377EPSS
Exploits3References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/02/14 11:9 p.m.114 views

Command Injection in node-df

All versions of node-df are vulnerable to Command Injection. The package fails to sanitize filenames passed to the file option. If this value is user-controlled it may allow attackers to run arbitrary commands in the server. Recommendation No fix is currently available. Consider using an...

9.8CVSS5.7AI score0.02742EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/05/05 6:30 a.m.113 views

Path Traversal in Ghost

Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js...

7.5CVSS7.3AI score0.39078EPSS
Exploits3References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/24 7:51 p.m.113 views

Prototype Pollution in jquery-bbq

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' in jquery-bbq 1.2.1 allows a malicious user to inject properties into Object.prototype...

8.8CVSS4.1AI score0.06104EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/30 10:48 p.m.113 views

XML External Entity Injection in XStream

Multiple XML external entity XXE vulnerabilities in the 1 Dom4JDriver, 2 DomDriver, 3 JDomDriver, 4 JDom2Driver, 5 SjsxpDriver, 6 StandardStaxDriver, and 7 WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document...

7.5CVSS6.7AI score0.08179EPSS
Exploits0References14Affected Software1
Github Security Blog
Github Security Blog
added 2020/03/13 9:18 p.m.113 views

2FA bypass through deleting devices in wagtail-2fa

Impact Any user with access to the CMS can view and delete other users' 2FA devices by going to the correct path. The user does not require special permissions in order to do so. By deleting the other user's device they can disable the target user's 2FA devices and potentially compromise the...

8.5CVSS3.8AI score0.00805EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/01/28 9:32 p.m.113 views

Segmentation faultin TensorFlow when converting a Python string to `tf.float16`

Impact Converting a string from Python to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. This issue can lead to denial of service in inference/training where a malicious attacker can send a data point which...

7.5CVSS1.2AI score0.00581EPSS
Exploits1References9Affected Software3
Github Security Blog
Github Security Blog
added 2019/01/04 7:7 p.m.113 views

Deserialization of Untrusted Data in jackson-databind

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization...

9.8CVSS5.8AI score0.10599EPSS
Exploits0References39Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/17 4:31 p.m.113 views

Apache Tomcat Open Redirect vulnerability

When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory e.g. redirecting to '/foo/' when the user requested '/foo' a specially crafted URL could be used to cause the redirect to be generated to any URI of the...

4.3CVSS5.1AI score0.94494EPSS
Exploits3References62Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/19 8:15 p.m.112 views

Hono added timing comparison hardening in basicAuth and bearerAuth

Summary The basicAuth and bearerAuth middlewares previously used a comparison that was not fully timing-safe. The timingSafeEqual function used normal string equality === when comparing hash values. This comparison may stop early if values differ, which can theoretically cause small timing...

5.4AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/14 9:34 p.m.112 views

jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch

Impact Attempting to parse a patch whose filename headers contain the line break characters \r, \u2028, or \u2029 can cause the parsePatch method to enter an infinite loop. It then consumes memory without limit until the process crashes due to running out of memory. Applications are therefore...

7.5CVSS5.7AI score0.00562EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2024/12/02 3:31 p.m.112 views

Spring Framework has Authorization Bypass for Case Sensitive Comparisons

The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in authorization rules not working properly...

4.8CVSS6.8AI score0.00385EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/10 6:31 p.m.112 views

Azure Identity SDK Remote Code Execution Vulnerability

Azure Identity SDK is vulnerable to remote code execution...

8.8CVSS9.5AI score0.02243EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/11/27 12:30 a.m.112 views

qs vulnerable to Prototype Pollution

qs before 6.10.3 allows attackers to cause a Node process hang because an proto key can be used. In many typical web framework use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as...

7.5CVSS4.3AI score0.14663EPSS
Exploits2References16Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 2:3 a.m.112 views

WEBrick RCE Vulnerability

The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name...

9.3CVSS7.9AI score0.16412EPSS
Exploits0References21Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/16 5:47 p.m.112 views

HTTP request smuggling in Undertow

A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS...

5.8CVSS2.9AI score0.01119EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/15 3:54 p.m.112 views

Infinite Loop in Apache PDFBox

In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions...

5.5CVSS3.1AI score0.03054EPSS
Exploits0References19Affected Software2
Github Security Blog
Github Security Blog
added 2021/05/06 6:53 p.m.112 views

Cross-site scripting in phpoffice/phpspreadsheet

This affects the package phpoffice/phpspreadsheet. The library is vulnerable to XSS when creating an html output from an excel file by adding a comment on any cell. The root cause of this issue is within the HTML writer where user comments are concatenated as part of link and this is returned as...

7.1CVSS5.7AI score0.01301EPSS
Exploits1References7Affected Software2
Github Security Blog
Github Security Blog
added 2020/05/15 6:58 p.m.112 views

jackson-databind mishandles the interaction between serialization gadgets and typing

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq. aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms...

8.8CVSS3.5AI score0.03489EPSS
Exploits0References10Affected Software1
Total number of security vulnerabilities5000