Lucene search
K
GithubMost viewed

33187 matches found

Github Security Blog
Github Security Blog
added 2021/06/10 5:21 p.m.94 views

Path Traversal in Django

Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if and only if the default admindocs templates have been...

4.9CVSS4.4AI score0.02737EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/24 4:57 p.m.94 views

github.com/russellhaering/goxmldsig vulnerable to Signature Validation Bypass

Impact With a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. Patches A patch is available, all users of goxmldsig should upgrade to v1.1.0. For more information If you have any questions or comments about this...

6.5CVSS6.7AI score0.00898EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/13 3:23 p.m.94 views

Prototype pollution in multi-ini

This affects the package multi-ini before 2.1.2. It is possible to pollute an object's prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448...

8.1CVSS8.7AI score0.01517EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/10/12 5:33 p.m.94 views

TemporaryFolder on unix-like systems does not limit access to created files

Vulnerability The JUnit4 test rule TemporaryFolder contains a local information disclosure vulnerability. Example of vulnerable code: java public static class HasTempFolder @Rule public TemporaryFolder folder = new TemporaryFolder; @Test public void testUsingTempFolder throws IOException...

5.5CVSS6.5AI score0.01695EPSS
Exploits1References41Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/01 4:40 p.m.94 views

XSS via Angular Expression in ag-grid

Affected versions of ag-grid are vulnerable to Cross-site Scripting XSS via Angular Expressions, if used in combination with AngularJS. Recommendation Avoid using ag-grid in combination with AngularJS until a fix is available...

6.1CVSS4.2AI score0.01185EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/05 4:20 p.m.94 views

Data leakage via cache key collision in Django

An issue was discovered in Django version 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage...

5.9CVSS3.9AI score0.0609EPSS
Exploits0References15Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/05 4:16 p.m.94 views

Regular Expression Denial of Service in websocket-extensions (NPM package)

Impact The ReDoS flaw allows an attacker to exhaust the server's capacity to process incoming requests by sending a WebSocket handshake request containing a header of the following form: Sec-WebSocket-Extensions: a; b="\c\c\c\c\c\c\c\c\c\c ... That is, a header containing an unclosed string...

7.5CVSS1.7AI score0.03012EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2019/12/13 3:39 p.m.94 views

Arbitrary File Write in npm

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to create files on ...

7.7CVSS2.2AI score0.03266EPSS
Exploits0References14Affected Software1
Github Security Blog
Github Security Blog
added 2019/12/12 10:50 p.m.94 views

Object injection in cookie driver in phpfastcache

Impact An possible object injection has been discovered in cookie driver prior 5.0.13 versions of 5.x releases. Patches The issue has been addressed by enforcing JSON conversion when deserializing Workarounds If you can't fix it, use another driver such as "Files" Filesystem References Fixing...

9.8CVSS1.7AI score0.01228EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2019/07/16 5:42 p.m.94 views

Deserialization of Untrusted Data in jackson-databind

An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6...

9.8CVSS3.3AI score0.05683EPSS
Exploits0References26Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/14 8:39 p.m.93 views

Microsoft Security Advisory CVE-2023-36049: .NET Elevation of Privilege Vulnerability

Microsoft Security Advisory CVE-2023-36049: .NET Elevation of Privilege Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 7.0 and .NET 8.0 RC2. This advisory also provides guidance on what developers can do...

9.8CVSS6.7AI score0.12512EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/11/23 3:49 p.m.93 views

sweetalert2 v8.19.1 and above contains hidden functionality

sweetalert2 versions 8.19.1 and up until 9.0.0 are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions below 8.19.1. Workaround Users who a...

7AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/09/16 5:43 p.m.93 views

cruddl vulnerable to ArangoDB Query Language (AQL) injection through flexSearch

Impact If a vunerable version of cruddl is used to generate a schema that uses @flexSearchFulltext, users of that schema may be able to inject arbitrary AQL queries that will be forwarded to and executed by ArangoDB. Schemas that do not use @flexSearchFulltext are not affected. The attacker needs...

9.9CVSS8.3AI score0.01177EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/14 12:0 a.m.93 views

Apache Hadoop heap overflow before v2.10.2, v3.2.3, v3.3.2

There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher...

9.8CVSS9.6AI score0.02885EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/10 8:38 p.m.93 views

Regular Expression Denial of Service in Handlebars

Handlebars before 4.4.5 allows Regular Expression Denial of Service ReDoS because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow attackers to exhaust system resources...

7.8CVSS4.7AI score0.03793EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/12 2:51 p.m.93 views

Open Redirect in Next.js

Next.js is an open source website development framework to be used with the React library. In affected versions specially encoded paths could be used when pages/error.js was statically generated, allowing an open redirect to occur to an external site. In general, this redirect does not directly...

6.9CVSS6.5AI score0.01198EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/02 6:36 p.m.93 views

Craft CMS Remote Code Injection

An issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes if an attacker were somehow able to hijack an administrator's session...

9.8CVSS9.2AI score0.02819EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/18 6:38 p.m.93 views

Cross-site scripting in LocalStack

A Cross-site scripting XSS vulnerability exists in StackLift LocalStack...

6.1CVSS1.7AI score0.00846EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/02 9:45 p.m.93 views

OS Command Injection in jw.util

An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safeload is not used...

9.8CVSS3.6AI score0.04422EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/30 4:14 p.m.93 views

Logic error in Legion of the Bouncy Castle BC Java

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different...

8.1CVSS7.8AI score0.0714EPSS
Exploits1References29Affected Software7
Github Security Blog
Github Security Blog
added 2021/02/16 4:51 p.m.93 views

Command Injection Vulnerability

Impact command injection vulnerability Patches Problem was fixed with a parameter check. Please upgrade to version = 5.3.1 Workarounds If you cannot upgrade, be sure to check or sanitize service parameters that are passed to si.inetLatency, si.inetChecksite, si.services, si.processLoad ... do onl...

7.8CVSS4.7AI score0.9024EPSS
Exploits4References9Affected Software1
Github Security Blog
Github Security Blog
added 2021/02/11 9:20 p.m.93 views

vrana/adminer vulnerable to SSRF by connecting to privileged ports

Impact All users are affected. Patches Unsuccessfully patched by 0fae40fb, included in version 4.4.0. Patched by 35bfaa75, included in version 4.7.8. Workarounds Protect access to Adminer also by other means, e.g. by HTTP password, IP address limiting or by OTP plugin. References...

9.8CVSS8.9AI score0.04603EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/05/22 2:55 p.m.93 views

HTTP Smuggling via Transfer-Encoding Header in Puma

Impact This is a similar but different vulnerability to the one patched in 3.12.5 and 4.3.4. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via...

7.5CVSS1.2AI score0.02806EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2019/12/05 6:40 p.m.93 views

Low severity vulnerability that affects com.linecorp.armeria:armeria

Multiple timing attack vulnerabilities leading to the recovery of secrets based on the use of non-constant time compare function Impact String comparison method in multiple authentication validation in Armeria were known to be vulnerable to timing attacks. This vulnerability is caused by the...

6.5CVSS1.9AI score0.00982EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2019/01/04 7:7 p.m.93 views

Server-Side Request Forgery (SSRF) in jackson-databind

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...

10CVSS5.3AI score0.10458EPSS
Exploits0References31Affected Software1
Github Security Blog
Github Security Blog
added 2024/12/09 8:42 p.m.93 views

league/commonmark's quadratic complexity bugs may lead to a denial of service

Impact Several polynomial time complexity issues in league/commonmark may lead to unbounded resource exhaustion and subsequent denial of service. Malicious users could trigger that inefficient code with carefully crafted Markdown inputs that are specifically designed to ensure the worst-case...

7.5AI score
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/10 3:29 p.m.92 views

lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability

Summary The latest version of lobe-chatby now v0.141.2 has an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. Details visit https://chat-preview.lobehub.com/settings/agent you...

9CVSS6.9AI score0.52683EPSS
Exploits2References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/07 8:32 p.m.92 views

Stylelint has vulnerability in semver dependency

Summary Our meow dependency which we use for our CLI depended on [email protected] . A vulnerability in this version of semver was recently identified and surfaced by npm audit: Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw Details Original post by the...

7.5CVSS6.7AI score0.02761EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/19 9:30 p.m.92 views

Spring Security logout not clearing security context

In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the...

6.3CVSS6.7AI score0.00648EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/30 12:58 a.m.92 views

gotify/server vulnerable to Cross-site Scripting in the application image file upload

Impact The XSS vulnerability allows authenticated users to upload .html files. With that, an attacker could execute client side scripts if another user opened a link, such as: https://push.example.org/image/alphanumeric string.html An attacker could potentially take over the account of the user...

6.1CVSS5.3AI score0.00502EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/11/30 3:30 p.m.92 views

Zenario CMS is vulnerable to Remote Code Execution (RCE).

Zenario CMS 9.3.57186 is vulnerable to RCE...

9.8CVSS8.9AI score0.01114EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/10/31 7:0 p.m.92 views

kangax html-minifier REDoS vulnerability

A Regular Expression Denial of Service ReDoS flaw was found in kangax html-minifier 4.0.0 because of the reCustomIgnore regular expression...

7.5CVSS7.4AI score0.01101EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/09 11:1 p.m.92 views

Uncontrolled Resource Consumption in Apache Tomcat

A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become...

7.5CVSS1.5AI score0.26699EPSS
Exploits0References32Affected Software2
Github Security Blog
Github Security Blog
added 2021/12/10 6:58 p.m.92 views

Cross-site scripting in react-bootstrap-table

All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting XSS via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output...

6.1CVSS2.4AI score0.01341EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/03 7:22 p.m.92 views

Inadequate Encryption Strength

Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution...

9.8CVSS4.2AI score0.94104EPSS
Exploits6References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/07/07 4:34 p.m.92 views

CSRF Vulnerability in rails-ujs

There is a vulnerability in rails-ujs that allows attackers to send CSRF tokens to wrong domains. Versions Affected: rails = 5.2.4.3, rails = 6.0.3.1 Impact ------ This is a regression of CVE-2015-1840. In the scenario where an attacker might be able to control the href attribute of an anchor tag...

6.5CVSS6.7AI score0.01485EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/15 7:36 p.m.92 views

Denial of Service in Netty

The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder...

7.5CVSS5AI score0.09438EPSS
Exploits0References47Affected Software1
Github Security Blog
Github Security Blog
added 2020/05/27 4:37 p.m.92 views

Insufficient output escaping of attachment names in PHPMailer

Impact CWE-116: Incorrect output escaping. An attachment added like this note the double quote within the attachment name, which is entirely valid: $mail-addAttachment'/tmp/attachment.tmp', 'filename.html";.jpg'; Will result in a message containing these headers: Content-Type:...

7.5CVSS1.2AI score0.0378EPSS
Exploits1References12Affected Software1
Github Security Blog
Github Security Blog
added 2020/04/01 4:35 p.m.92 views

XSS in MITREid Connect

The OpenID Connect reference implementation for MITREid Connect through 1.3.3 allows XSS due to userInfoJson being included in the page unsanitized. This is related to header.tag. The issue can be exploited to execute arbitrary JavaScript...

6.1CVSS1.8AI score0.02133EPSS
Exploits2References8Affected Software1
Github Security Blog
Github Security Blog
added 2020/03/13 9:5 p.m.92 views

Sort order SQL injection in Administrate

In Administrate rubygem before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the direction parameter and bypass ActiveRecord...

8.1CVSS4.1AI score0.009EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2019/12/02 6:8 p.m.92 views

Argument injection in a MimeTypeGuesser in Symfony

An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command...

7.5CVSS3AI score0.02248EPSS
Exploits0References15Affected Software3
Github Security Blog
Github Security Blog
added 2019/11/22 1:45 p.m.92 views

Apache Airflow vulnerable to XSS and local file disclosure

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process...

4.8CVSS5.9AI score0.01345EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2019/05/30 3:30 a.m.92 views

Cross-site scripting in Apache Tomcat

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a...

6.1CVSS1.7AI score0.45571EPSS
Exploits3References47Affected Software3
Github Security Blog
Github Security Blog
added 2018/03/26 4:41 p.m.92 views

Electron protocol handler browser vulnerable to Command Injection

Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to hav...

9.3CVSS5.5AI score0.02441EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/02/06 6:31 a.m.91 views

Netplex Json-smart Uncontrolled Recursion vulnerability

A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service DoS. This issue exists because of an incomplete fix for...

7.5CVSS7.6AI score0.00566EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2024/03/27 9:30 a.m.91 views

Eclipse Vert.x memory leak

A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge,...

6.5CVSS6.8AI score0.01639EPSS
Exploits0References16Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/24 6:31 p.m.91 views

Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE

Jenkins has a built-in command line interface CLI to access Jenkins from a script or shell environment. Jenkins uses the args4j library to parse command arguments and options on the Jenkins controller when processing CLI commands. This command parser has a feature that replaces an @ character...

9.8CVSS8.5AI score0.99999EPSS
Exploits46References11Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/17 12:41 p.m.91 views

Go Fiber CSRF Token Validation Vulnerability

A Cross-Site Request Forgery CSRF vulnerability has been identified in the application, which allows an attacker to obtain tokens and forge malicious requests on behalf of a user. This can lead to unauthorized actions being taken on the user's behalf, potentially compromising the security and...

8.8CVSS8.9AI score0.00265EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/02 9:33 p.m.91 views

containerd CRI plugin: Insecure handling of image volumes

Impact A bug was found in containerd where containers launched through containerd’s CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup...

7.5CVSS0.7AI score0.27392EPSS
Exploits4References16Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/02 5:19 p.m.91 views

Attack on Kubernetes via Misconfigured Argo Workflows

Impact Users running using the Argo Server with --auth-mode=server which is the default v3.0.0 AND have exposed their UI to the Internet may allow remote users to execute arbitrary code on their cluster, e.g. crypto-mining. Resolution Do not expose your user interface to the Internet. Change...

5.1AI score
Exploits0References3Affected Software1
Total number of security vulnerabilities5000