Lucene search
K
GithubMost viewed

33187 matches found

Github Security Blog
Github Security Blog
added 2023/01/14 3:30 a.m.102 views

Code Injection in pyload-ng

Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31...

9.8CVSS9.4AI score0.95845EPSS
Exploits13References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:27 p.m.102 views

Access of Resource Using Incompatible Type in Facebook Hermes

A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only...

9.8CVSS9.4AI score0.02003EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/21 4:23 p.m.102 views

Crash due to malformed relay protocol message

Impact 1. syncthing can be caused to crash and exit if sent a malformed relay protocol message message with a negative length field. 2. The relay server strelaysrv can be caused to crash and exit if sent a malformed relay protocol message with a negative length field. At no point is sensitive dat...

7.5CVSS0.7AI score0.0197EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/13 10:30 p.m.102 views

Server Side Request Forgery (SSRF) in org.mitre:openid-connect-server

The OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Server Side Request Forgery SSRF vulnerability. The vulnerability arises due to unsafe usage of the logouri parameter in the Dynamic Client Registration request. An unauthenticated attacker can make a HTTP reque...

9.1CVSS1.2AI score0.01494EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/07 4:16 p.m.102 views

OS Command Injection in node-prompt-here

node-prompt-here through 1.0.1 allows execution of arbitrary commands. The runCommand is called by getDevices function in file linux/manager.js, which is required by the index. process.env.NMCLI in the file linux/manager.js. This function is used to construct the argument of function execSync,...

9.8CVSS9AI score0.02534EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/19 9:24 p.m.102 views

Regular Expression Denial of Service (ReDoS)

npm ssri 5.2.2-6.0.1 and 7.0.0-8.0.0, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option...

7.5CVSS4.7AI score0.0472EPSS
Exploits1References12Affected Software1
Github Security Blog
Github Security Blog
added 2018/07/26 2:47 p.m.102 views

Path Traversal in angular-http-server

Affected versions of angular-http-server are vulnerable to path traversal allowing a remote attacker to read files from the server that uses angular-http-server. Recommendation Update to version 1.6.0 or later. :exclamation: Note: This was originally thought to be fixed in version 1.4.3, though...

6.5CVSS5.3AI score0.01474EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2024/10/03 6:26 p.m.101 views

Sentry SDK Prototype Pollution gadget in JavaScript SDKs

Impact In case a Prototype Pollution vulnerability is present in a user's application or bundled libraries, the Sentry SDK could potentially serve as a gadget to exploit that vulnerability. The exploitability depends on the specific details of the underlying Prototype Pollution issue. !NOTE This...

7.2AI score
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/25 9:17 p.m.101 views

gRPC-Go HTTP/2 Rapid Reset vulnerability

Impact In affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/14 9:57 p.m.101 views

Potential leak of NuGet.org API key

Description Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0 and .NET Core 3.1, NuGet NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.CommandLine.XPlat version range from 3.5.0 to 6.2.0. This advisory also provides guidance on what...

5.5CVSS5.7AI score0.05327EPSS
Exploits0References11Affected Software3
Github Security Blog
Github Security Blog
added 2021/11/08 6:13 p.m.101 views

XSS vulnerability allowing arbitrary JavaScript execution

Today we are releasing Grafana 8.2.3. This patch release includes an important security fix for an issue that affects all Grafana versions from 8.0.0-beta1. Grafana Cloud instances have already been patched and an audit did not find any usage of this attack vector. Grafana Enterprise customers we...

6.9CVSS0.2AI score0.84607EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/02 4:55 p.m.101 views

Excessive Iteration in Compress

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package...

7.5CVSS7.2AI score0.11879EPSS
Exploits0References23Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/24 5:0 p.m.101 views

OAuth2 Redirect URL validity does not respect query parameters and character casing for loopback addresses

Impact fosite400 released as v0.30.2 introduced a new feature for handling redirect URLs pointing to loopback interfaces rfc8252section-7.3. As part of that change new behavior was introduced which failed to respect the redirect URL's only for loopback interfaces! query parameters 1. Registering ...

6.1CVSS0.9AI score0.008EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/10 7:17 p.m.101 views

Prototype pollution in json8

This affects the package json8 before 1.0.3. The function adds in the target object the property specified in the path, however it does not properly check the key being set, leading to a prototype pollution...

9.8CVSS8.8AI score0.0187EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/04 5:43 p.m.101 views

Arbitrary code execution in ExifTool

Impact Arbitrary code execution can occur when running exiftool against files with hostile metadata payloads. Patches ExifTool has already been patched in version 12.24. exiftool-vendored, which vendors ExifTool, includes this patch in v14.3.0. Workarounds No. References...

7.8CVSS2.6AI score0.99981EPSS
Exploits39References2Affected Software1
Github Security Blog
Github Security Blog
added 2021/02/08 9:17 p.m.101 views

Local Information Disclosure Vulnerability in Netty on Unix-Like systems

Impact When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. The CVSSv3.1 score of this vulnerability is calculated to be a 6.2/10 Vulnerability Details On unix-like systems, th...

6.2CVSS7.1AI score0.01777EPSS
Exploits1References41Affected Software3
Github Security Blog
Github Security Blog
added 2020/09/01 3:24 p.m.101 views

Template Injection in jsrender

Affected versions of jsrender are susceptible to a remote code execution vulnerability when used with server delivered client-side tempates which dynamically embed user input. Proof of Concept js //POC-REQUEST for x!=1?constructor.constructor"return arguments.callee.caller":y10 :data /for js...

7.3AI score0.10431EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/05/21 9:9 p.m.101 views

Apache Camel Netty enables Java deserialization by default

Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0...

9.8CVSS4AI score0.06592EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2018/01/22 1:32 p.m.101 views

Denial of Service in jquery

Affected versions of jquery use a lowercasing logic on attribute names. When given a boolean attribute with a name that contains uppercase characters, jquery enters into an infinite recursion loop, exceeding the call stack limit, and resulting in a denial of service condition. Recommendation Upda...

7.5CVSS4.4AI score0.02886EPSS
Exploits1References8Affected Software3
Github Security Blog
Github Security Blog
added 2017/12/13 9:38 p.m.101 views

Out-of-bounds read in nokogiri

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839. GitHub is notifying ...

7.5CVSS1.8AI score0.04626EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 3:56 p.m.100 views

Next.js has a Denial of Service in the Image Optimization API

Impact When self-hosting Next.js with the default image loader, the Image Optimization API fetches local images entirely into memory without enforcing a maximum size limit. An attacker could cause out-of-memory conditions by requesting large local assets from the /next/image endpoint that match t...

7.5CVSS5.8AI score0.00657EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/20 12:31 a.m.101 views

Spring Boot has an Authentication Bypass under Actuator Health groups paths

Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under a specific path, already configured for a Health Group additional path. This issue affects Spring Boot: from 4.0 before...

8.2CVSS5.8AI score0.00334EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/12/02 9:31 p.m.100 views

Mongoose search injection vulnerability

Mongoose versions prior to 8.8.3, 7.8.3, 6.13.5, and 5.13.23 are vulnerable to improper use of the $where operator. This vulnerability arises from the ability of the $where clause to execute arbitrary JavaScript code in MongoDB queries, potentially leading to code injection attacks and unauthoriz...

9.1CVSS8.9AI score0.03988EPSS
Exploits3References13Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/11 3:20 p.m.100 views

Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter

The xmlattr filter in affected versions of Jinja accepts keys containing spaces. XML/HTML attributes cannot contain spaces, as each would then be interpreted as a separate attribute. If an application accepts keys as opposed to only values as user input, and renders these in pages that other user...

6.1CVSS6.9AI score0.00892EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2023/12/27 9:31 p.m.100 views

json-path Out-of-bounds Write vulnerability

json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse method...

5.3CVSS7.8AI score0.0067EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/09/29 12:0 a.m.100 views

Labstack Echo Open Redirect vulnerability

Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery SSRF. Version 4.9.0 contains a patch for the issue...

9.6CVSS8.9AI score0.02333EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/21 11:29 p.m.100 views

Cross-site Scripting in HTML2PDF

An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious tag in the converted HTML document...

8.8CVSS2.8AI score0.01581EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/06 11:55 p.m.100 views

RCE in H2 Console

Impact H2 Console in versions since 1.1.100 2008-10-14 to 2.0.204 2021-12-21 inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method such as security...

10CVSS1.3AI score0.63211EPSS
Exploits3References10Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/20 5:33 p.m.100 views

Regular expression denial of service in react-native

A regular expression denial of service ReDoS vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version 0.64.1...

7.5CVSS7.1AI score0.01363EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/08 11:11 p.m.100 views

ReDoS in normalize-url

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs...

7.5CVSS3.2AI score0.01705EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/10 6:46 p.m.100 views

Improper Input Validation and Code Injection in pdf-image

Lack of input validation in pdf-image npm package version = 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input...

9.8CVSS9.2AI score0.01994EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2020/04/01 4:36 p.m.100 views

Out-of-bounds Read in Pillow

libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow...

7.1CVSS8.3AI score0.02752EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2020/03/13 8:4 p.m.100 views

python-docutils allows insecure usage of temporary files

python-docutils allows insecure usage of temporary files...

9.1CVSS9.2AI score0.01116EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/03/05 10:9 p.m.100 views

Cross-site scripting in PHPMailer

PHPMailer versions prior to 5.2.24 released July 26th 2017 have an XSS vulnerability in one of the code examples, CVE-2017-11503. The codegenerator.phps example did not filter user input prior to output. This file is distributed with a .phps extension, so it it not normally executable unless it i...

6.1CVSS0.4AI score0.024EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2020/01/27 7:28 p.m.100 views

Default development error handler in Ratpack is vulnerable to HTML content injection (XSS)

Versions of Ratpack from 0.9.10 through 1.7.5 are vulnerable to CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' aka. XSS in the development error handler. An attacker can utilize this to perform XSS when an exception message contains untrusted data. As a...

6.1CVSS1.4AI score0.00857EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 5:55 p.m.99 views

Malicious dropper in mistralai 2.4.6 PyPI package

The mistralai PyPI package version 2.4.6 contains a malicious dropper that executes on import on Linux. No v2.4.6 tag, commit, or release workflow run exists in this repository, the legitimate latest version before the upload was 2.4.5, and the upload bypassed this repository's normal release...

6AI score
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/01 5:58 p.m.99 views

HTML Injection in Keycloak Admin REST API

The execute-actions-email endpoint of the Keycloak Admin REST API allows a malicious actor to send emails containing phishing links to Keycloak users...

5.4CVSS2.6AI score0.00692EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/21 7:20 p.m.99 views

Deserialization of Untrusted Data in Apache Camel RabbitMQ

Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0...

9.8CVSS4.1AI score0.05514EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/22 4:11 p.m.99 views

Backport for CVE-2021-21024 Blind SQLi from Magento 2

Impact This vulnerability allows an administrator unauthorized access to restricted resources. We fixed a vulnerability in the MySQL adapter to prevent SQL injection attacks. This is a backport of CVE-2021-21024 https://helpx.adobe.com/security/products/magento/apsb21-08.html. Patches Has the...

9.1CVSS3.6AI score0.02772EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/30 4:5 p.m.99 views

Authorization bypass in express-jwt

Overview Versions before and including 5.3.3, we are not enforcing the algorithms entry to be specified in the configuration. When algorithms is not specified in the configuration, with the combination of jwks-rsa, it may lead to authorization bypass. Am I affected? You are affected by this...

9.1CVSS1.6AI score0.01059EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/04/14 3:27 p.m.99 views

Remote Code Execution - JavaEL Injection (low privileged accounts) in Nexus Repository Manager

Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution...

9CVSS4.2AI score0.24318EPSS
Exploits3References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/02/24 5:33 p.m.99 views

XSS in Bleach when noscript and raw tag whitelisted

Impact A mutation XSS affects users calling bleach.clean with noscript and a raw tag see below in the allowed/whitelisted tags option. Patches v3.1.1 Workarounds modify bleach.clean calls to not whitelist noscript and one or more of the following raw tags: title textarea script style noembed...

6.1CVSS6.2AI score0.01688EPSS
Exploits1References12Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/20 3:34 a.m.98 views

Deep Merge is Vulnerable to Prototype Pollution Through Lack of Sanitization

A Prototype Pollution vulnerability was determined in brikcss merge up to 1.3.0. Executing a manipulation of the argument proto/constructor.prototype/prototype can lead to improperly controlled modification of object prototype attributes. The attack may be performed from remote. The vendor was...

7.5CVSS6.9AI score0.00336EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/17 9:37 p.m.98 views

urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects

When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidentally configure the Proxy-Authorization header even though it...

6.5CVSS5.6AI score0.01141EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/13 2:10 p.m.98 views

llama-cpp-python vulnerable to Remote Code Execution by Server-Side Template Injection in Model Metadata

Description llama-cpp-python depends on class Llama in llama.py to load .gguf llama.cpp or Latency Machine Learning Models. The init constructor built in the Llama takes several parameters to configure the loading and running of the model. Other than NUMA, LoRa settings, loading tokenizers, and...

9.6CVSS7.3AI score0.2842EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/05/08 3:30 p.m.98 views

imgproxy is vulnerable to Server-Side Request Forgery

imgproxy prior to version 3.15.0 is vulnerable to Server-Side Request Forgery SSRF due to a lack of sanitization of the imageURL parameter...

5.3CVSS6.4AI score0.02214EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/12 12:0 a.m.98 views

Sandbox bypass in vm2

The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine...

10CVSS3.7AI score0.02876EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/21 11:7 p.m.98 views

Arbitrary code execution in H2 Console

H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNOREUNKNOWNSETTINGS=TRUE;FORBIDCREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392...

10CVSS7.5AI score0.64766EPSS
Exploits4References12Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/24 7:52 p.m.98 views

Regular Expression Denial of Service in browserslist

The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service ReDoS during parsing of queries...

5.3CVSS5.2AI score0.02429EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/03 6:24 p.m.98 views

Authentication Bypass in otpauth

Versions of otpauth prior to 3.2.8 are vulnerable to Authentication Bypass. The package's totp.validate function may return positive values for single digit tokens even if they are invalid. This may allow attackers to bypass the OTP authentication by providing single digit tokens. Recommendation...

4.2AI score
Exploits0References2Affected Software1
Total number of security vulnerabilities5000