Lucene search
K
GithubMost viewed

33187 matches found

Github Security Blog
Github Security Blog
added 2020/04/03 3:23 p.m.112 views

Improper Neutralization of CRLF Sequences in HTTP Headers in Jooby ('HTTP Response Splitting)

Impact - Cross Site Scripting - Cache Poisoning - Page Hijacking Patches This was fixed in version 2.2.1. Workarounds If you are unable to update, ensure that user supplied data isn't able to flow to HTTP headers. If it does, pre-sanitize for CRLF characters. References CWE-113: Improper...

9.8CVSS0.1AI score0.01563EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/27 7:54 p.m.111 views

AWS SDK for PHP has CloudFront Policy Document Injection via Special Characters

Summary This notification is related to the CloudFront signing utilities in the AWS SDK for PHP, which are used to generate Amazon CloudFront signed URLs and signed cookies. A defense-in-depth enhancement has been implemented to improve handling of special characters, such as double quotes and...

5.8AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/03/16 6:30 a.m.111 views

Spring Framework URL Parsing with Host Validation Vulnerability

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF...

8.1CVSS5.9AI score0.02573EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/04/01 4:36 p.m.111 views

Uncontrolled Resource Consumption in Pillow

There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux...

7.5CVSS1.8AI score0.02118EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2020/02/24 7:12 p.m.111 views

libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. The Nokogiri RubyGem has patched its vendored copy of libxml2 in order to prevent this issue from affecting nokogiri...

7.5CVSS1.8AI score0.07836EPSS
Exploits0References19Affected Software1
Github Security Blog
Github Security Blog
added 2019/12/04 9:26 p.m.111 views

Django allows unintended model editing

Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests,...

6.5CVSS1.7AI score0.01656EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
added 2024/02/19 9:30 a.m.110 views

Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file

Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress. This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue...

5.5CVSS6.7AI score0.00898EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/14 8:36 p.m.110 views

Aiohttp has inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` differing in C and Python fallbacks

Impact Aiohttp has a security vulnerability regarding the inconsistent interpretation of the http protocol. As we know that HTTP/1.1 is persistent, if we have both Content-LengthCL and Transfer-EncodingTE it can lead to incorrect interpretation of two entities that parse the HTTP and we can poiso...

6.5CVSS6.4AI score0.00827EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/08 4:11 p.m.110 views

Traefik may display authorization header in the debug logs

Impact There is a potential vulnerability in Traefik displaying the Authorization header in its debug logs. Traefik uses oxy to provide the following features: - Round Robin: https://doc.traefik.io/traefik/routing/services/weighted-round-robin-service - Buffering:...

6.5CVSS0.00977EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/05 8:41 p.m.110 views

opensearch-ruby 2.x before 2.0.2 vulnerable to unsafe YAML deserialization

Impact A YAML deserialization in opensearch-ruby 2.0.0 can lead to unsafe deserialization using YAML.load if the response is of type YAML. Patches The problem has been patched in opensearch-ruby gem version 2.0.2. Workarounds No viable workaround. Please upgrade to 2.0.2 References...

8.8CVSS8.4AI score0.01501EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/02 5:9 p.m.110 views

Prototype Pollution in mootools

This affects all versions of package mootools. This is due to the ability to pass untrusted input to Object.merge...

9.8CVSS4.5AI score0.00889EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/04 9:3 p.m.110 views

Regular Expression Denial of Service in System.Text.RegularExpressions

A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981...

7.5CVSS3.8AI score0.05719EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/29 9:51 p.m.110 views

Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI Generator Maven plugin

Impact Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to attacks. This vulnerability only impacts unix-like systems where the local system temporary directory is shared between all users. This...

4CVSS1.3AI score0.00296EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/02/10 1:32 a.m.110 views

PyCA Cryptography symmetrically encrypting large values can lead to integer overflow

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. When certain sequences of update calls with large values multiple GBs for symetric encryption or decryption occur, it's possible for an integer overflow to happen, leading to mishandling of...

9.1CVSS8.9AI score0.06718EPSS
Exploits1References12Affected Software1
Github Security Blog
Github Security Blog
added 2020/08/31 10:46 p.m.110 views

Potential Command Injection in hubot-scripts

Versions 2.4.3 and earlier of hubot-scripts are vulnerable to a command injection vulnerablity in the hubot-scripts/package/src/scripts/email.coffee module. Mitigating Factors The email script is not enabled by default, it has to be manually added to hubot's list of loaded scripts. Recommendation...

9.8CVSS2.5AI score0.02685EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/02/14 11:9 p.m.110 views

OS command injection in aws-lambda

In aws-lambda versions prior to version 1.0.5, the "config.FunctioName" is used to construct the argument used within the "exec" function without any sanitization. It is possible for a user to inject arbitrary commands to the "zipCmd" used within "config.FunctionName"...

9.8CVSS4.6AI score0.01644EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2019/12/05 7:57 p.m.110 views

Internal exception message exposure for login action in Sylius

Internal exception message exposure for login action Impact Exception messages from internal exceptions like database exception are wrapped by \Symfony\Component\Security\Core\Exception\AuthenticationServiceException and propagated through the system to UI. Therefore, some internal system...

4.3CVSS0.3AI score0.00749EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2019/12/02 6:10 p.m.110 views

Invalid HTTP method overrides allow possible XSS or other attacks in Symfony

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS. This is related to...

9.8CVSS1.3AI score0.01854EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2026/02/24 3:27 p.m.110 views

ImageMagick has Possible Heap Information Disclosure in PSD ZIP Decompression

Description A heap information disclosure vulnerability exists in ImageMagick's PSD Adobe Photoshop format handler. When processing a maliciously crafted PSD file containing ZIP-compressed layer data that decompresses to less than the expected size, uninitialized heap memory is leaked into the...

7.5CVSS5.3AI score0.00348EPSS
Exploits0References5Affected Software17
Github Security Blog
Github Security Blog
added 2024/02/26 8:1 p.m.109 views

es5-ext vulnerable to Regular Expression Denial of Service in `function#copy` and `function#toStringTokens`

Impact Passing functions with very long names or complex default argument names into functioncopy orfunctiontoStringTokens may put script to stall Patches Fixed with https://github.com/medikoo/es5-ext/commit/3551cdd7b2db08b1632841f819d008757d28e8e2 and...

5.5CVSS6.8AI score0.00535EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/15 3:30 p.m.109 views

xxl-job-admin vulnerable to Remote Code Execution

xxl-job-admin 2.4.0 is vulnerable to Remote Code Execution RCE via /xxl-job-admin/jobcode/save...

8.8CVSS7.6AI score0.01262EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/14 4:44 p.m.109 views

NuGet Client Remote Code Execution Vulnerability

Description Microsoft is releasing this security advisory to provide information about a vulnerability in .NET and NuGet on Linux. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET 6.0, .NET 7.0...

7.1CVSS7.2AI score0.01148EPSS
Exploits0References5Affected Software6
Github Security Blog
Github Security Blog
added 2023/05/03 9:57 p.m.109 views

Tauri Open Redirect Vulnerability Possibly Exposes IPC to External Sites

Impact The Tauri IPC is usually strictly isolated from external websites but the isolation can be bypassed by redirecting an existing Tauri window to an external website. This is either possible by an application implementing a feature for users to visit arbitrary websites or due to a bug allowin...

5.4CVSS6.4AI score0.00524EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2022/04/12 8:45 p.m.109 views

Persistent Cross-site Scripting vulnerability in PrivateBin

In PrivateBin polygon id="triangle" points="0,0 0,50 50,0" fill="00990...

8.2CVSS7.7AI score0.01271EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/05/21 7:8 p.m.109 views

Remote code execution in Apache Commons Configuration

Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this library. So if a YAML...

10CVSS4.7AI score0.06684EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2019/09/23 6:33 p.m.109 views

Polymorphic Typing issue in FasterXML jackson-databind

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10, 2.8.11.5, and 2.6.7.3. It is related to com.zaxxer.hikari.HikariConfig...

9.8CVSS9AI score0.10676EPSS
Exploits1References39Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/19 4:15 p.m.109 views

Jetty vulnerable to exposure of sensitive information due to observable discrepancy

Jetty through 9.4.x contains a timing channel attack in util/security/Password.java, which allows attackers to obtain access by observing elapsed times before rejection of incorrect passwords...

7.5CVSS7.3AI score0.05795EPSS
Exploits0References16Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/25 12:30 p.m.108 views

Gevent allows remote attacker to escalate privileges

An issue in Gevent before version 23.9.0 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component...

9.8CVSS8.7AI score0.01334EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/10/26 12:0 p.m.108 views

feathers-sequelize vulnerable to SQL injection due to improper parameter filtering

feathers-sequelize is vulnerable to improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection...

10CVSS9.6AI score0.00729EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/04/23 12:3 a.m.108 views

Denial of service in HtmlUnit-Neko

Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction PI input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 also...

7.5CVSS6.3AI score0.02082EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/08 10:5 p.m.108 views

Infinite Loop in Apache Tomcat

The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of...

7.5CVSS1.9AI score0.87553EPSS
Exploits1References28Affected Software3
Github Security Blog
Github Security Blog
added 2021/08/31 4:5 p.m.108 views

Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization

Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is, in part, accomplished by sanitizing absolute paths of entries within the archiv...

8.6CVSS6.7AI score0.01263EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/19 3:21 p.m.108 views

Basic-auth app bundle credential exposure in gatsby-source-wordpress

Impact The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js are not affected. Example affected...

7.5CVSS1.4AI score0.01414EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2020/05/18 5:41 p.m.108 views

Pillow Temporary file name leakage

The 1 JpegImagePlugin.py and 2 EpsImagePlugin.py scripts in Python Image Library PIL 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes...

2.1CVSS8.7AI score0.00448EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2020/03/13 8:21 p.m.108 views

Remote Code Execution Through Image Uploads in BookStack

Impact A user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where non-trusted users are given permission to upload images in any area o...

9CVSS2.6AI score0.01953EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2019/09/11 11:2 p.m.108 views

Cross-Site Scripting in dojo

Versions of dojo prior to 1.4.2 are vulnerable to DOM-based Cross-Site Scripting XSS. The package does not sanitize URL parameters in the testCommon.js and runner.html test files, allowing attackers to execute arbitrary JavaScript in the victim's browser. Recommendation Upgrade to version 1.4.2 o...

4.3CVSS4.7AI score0.04545EPSS
Exploits1References20Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 8:46 p.m.107 views

pgx: SQL Injection via placeholder confusion with dollar quoted string literals

Impact SQL Injection can occur when: 1. The non-default simple protocol is used. 2. A dollar quoted string literal is used in the SQL query. 3. That string literal contains text that would be would be interpreted as a placeholder outside of a string literal. 4. The value of that placeholder is...

9.8CVSS5.9AI score0.00356EPSS
Exploits0References5Affected Software3
Github Security Blog
Github Security Blog
added 2026/04/06 6:3 p.m.107 views

Vite Vulnerable to Arbitrary File Read via Vite Dev Server WebSocket

Summary server.fs check was not enforced to the fetchModule method that is exposed in Vite dev server's WebSocket. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - WebSocket is no...

8.2CVSS6.2AI score0.02907EPSS
Exploits3References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/02 3:31 p.m.107 views

Keycloak: Replay of action tokens via improper handling of single-use entries

A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete arbitrary single-use entries, which can enable the replay of consumed action tokens, such as password reset links. This...

5.3CVSS6AI score0.0025EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/17 9:30 p.m.107 views

Pytorch use-after-free vulnerability

Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp...

7.8CVSS7.6AI score0.00266EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/01/05 12:18 p.m.107 views

@mattkrick/sanitize-svg vulnerable to Cross-Site Scripting (XSS)

Impact The sanitize-svg package uses a deny-list-pattern to sanitize SVGs to prevent cross-site scripting XSS. In doing so, literal -tags and on-event handlers were detected: typescript ... const svgEl = div.firstElementChild! const attributes = Array.fromsvgEl.attributes.map name = name const...

7.6CVSS5.8AI score0.00571EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/09/30 4:54 a.m.107 views

Orckestra C1 CMS's deserialization of untrusted data allows for arbitrary code execution.

Impact This vulnerability allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS. Authentication is required to exploit this vulnerability. The authenticated user may perform the actions unknowingly by visiting a specially crafted site. Patches Patched in ...

9CVSS8.1AI score0.01233EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/01 12:45 a.m.107 views

Race condition in Apache Tomcat

The fix for bug CVE-2020-9484 introduced a time of check time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is...

7CVSS7AI score0.56636EPSS
Exploits15References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/12/17 8:42 p.m.107 views

Using JMSAppender in log4j configuration may lead to deserialization of untrusted data

Impact ClickHouse JDBC Bridge uses slf4j-log4j12 1.7.32, which depends on log4j 1.2.17. It allows a remote attacker to execute code on the server, if you changed default log4j configuration by adding JMSAppender and an insecure JMS broker. Patches The patch version 2.0.7 removed log4j dependency ...

7.5CVSS1.4AI score0.81147EPSS
Exploits9References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/11/16 9:26 p.m.107 views

Prototype Pollution via file load in aws-sdk and @aws-sdk/shared-ini-file-loader

This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This can be exploited furth...

9.8CVSS8.8AI score0.02142EPSS
Exploits1References8Affected Software2
Github Security Blog
Github Security Blog
added 2021/09/02 5:15 p.m.107 views

Uncontrolled Resource Consumption in trim-off-newlines

All versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service ReDoS via string processing...

5.3CVSS5.7AI score0.01927EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/02 4:54 p.m.107 views

Buffer Overflow in Apache Mina SSHD

A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0...

6.5CVSS5.2AI score0.03394EPSS
Exploits0References9Affected Software2
Github Security Blog
Github Security Blog
added 2021/07/19 3:15 p.m.107 views

Encoded URIs can access WEB-INF directory in Eclipse Jetty

Description URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5. Impact The default compliance mode allows requests with UR...

5.3CVSS6.6AI score0.99298EPSS
Exploits6References41Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/23 8:23 p.m.107 views

SessionListener can prevent a session from being invalidated breaking logout

Impact If an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application us...

3.6CVSS6AI score0.00963EPSS
Exploits1References14Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/04 6:2 p.m.107 views

xmlhttprequest and xmlhttprequest-ssl vulnerable to Arbitrary Code Injection

This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously async=False on xhr.open, malicious user input flowing into xhr.send could result in arbitrary code being injected and run...

8.1CVSS8AI score0.04646EPSS
Exploits2References11Affected Software2
Total number of security vulnerabilities5000