Lucene search
K
GithubMost viewed

33190 matches found

Github Security Blog
Github Security Blog
•added 2020/06/15 8:35 p.m.•89 views

Denial of Service in Google Guava

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class when serialized with Java serialization...

5.9CVSS4.3AI score0.05119EPSS
Exploits0References56Affected Software6
Github Security Blog
Github Security Blog
•added 2020/02/26 7:54 p.m.•89 views

Information disclosure in Apache Superset

An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Authenticated Apache Superset users are able to retrieve other users' information, including hashed passwords, by accessing an unused and undocumented API endpoint on Apache Superset...

6.5CVSS1.8AI score0.01351EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2019/11/13 12:32 a.m.•89 views

jackson-databind polymorphic typing issue

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the p6spy 3.8.6 jar in the classpath, and a...

9.8CVSS9.1AI score0.04861EPSS
Exploits0References30Affected Software1
Github Security Blog
Github Security Blog
•added 2019/07/26 4:9 p.m.•89 views

Deserialization of Untrusted Data and Code Injection in xstream

It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON...

9.8CVSS9.7AI score0.94774EPSS
Exploits4References13Affected Software1
Github Security Blog
Github Security Blog
•added 2019/06/05 2:7 p.m.•89 views

Prototype Pollution in handlebars

Versions of handlebars prior to 4.0.14 are vulnerable to Prototype Pollution. Templates may alter an Objects' prototype, thus allowing an attacker to execute arbitrary code on the server. Recommendation For handlebars 4.1.x upgrade to 4.1.2 or later. For handlebars 4.0.x upgrade to 4.0.14 or late...

6.4AI score
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2024/09/03 8:55 p.m.•88 views

@actions/download-artifact has an Arbitrary File Write via artifact extraction

Impact Versions of actions/download-artifact before 4.1.3 are vulnerable to arbitrary file write when downloading and extracting a specifically crafted artifact that contains path traversal filenames. Patches Upgrade to version 4.1.3 or higher. Alternatively use 'v4' tag which points to the lates...

7.5CVSS7.3AI score0.03037EPSS
Exploits4References5Affected Software1
Github Security Blog
Github Security Blog
•added 2024/02/28 9:30 p.m.•88 views

Mezzanine allows attackers to bypass access control mechanisms

An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel via a crafted request...

9.8CVSS7AI score0.01096EPSS
Exploits2References7Affected Software1
Github Security Blog
Github Security Blog
•added 2023/12/08 3:38 p.m.•88 views

dbt-core's secret env vars written to package-lock.json in plaintext

Impact When used to pull source code from a private repository using a Personal Access Token PAT, some versions of dbt-core write a URL with the PAT in plaintext to the package-lock.yml file. Patches The bug has been fixed in dbt-core v1.7.3. Mitigations Remove any git URLs with plaintext secrets...

7.4AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2023/03/21 10:31 p.m.•88 views

Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True`

Impact When using the Django integration of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitive cookies could then be used by someone with access to your Sentry issues to impersonate or escalate their...

7.6CVSS6.3AI score0.00641EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2022/08/06 5:51 a.m.•88 views

PostgreSQL JDBC Driver SQL Injection in ResultSet.refreshRow() with malicious column names

Impact What kind of vulnerability is it? Who is impacted? The PGJDBC implementation of the java.sql.ResultRow.refreshRow method is not performing escaping of column names so a malicious column name that contains a statement terminator, e.g. ;, could lead to SQL injection. This could lead to...

8CVSS7.4AI score0.0167EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
•added 2022/06/17 1:11 a.m.•88 views

Configuration API in EdgeXFoundry 2.1.0 and earlier exposes message bus credentials to local unauthenticated users

Impact The /api/v2/config endpoint exposes message bus credentials to local unauthenticated users. In security-enabled mode, message bus credentials are supposed to be kept in the EdgeX secret store and require authentication to access. This vulnerability bypasses the access controls on message b...

5.9CVSS5.1AI score0.00308EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
•added 2022/05/17 12:47 a.m.•88 views

CodeIgniter and Kohana vulnerable to PHP Object Injection

CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by leveraging use of standard string comparison operators to compare cryptographic hashes...

9.8CVSS7.4AI score0.71515EPSS
Exploits5References8Affected Software2
Github Security Blog
Github Security Blog
•added 2022/05/14 1:17 a.m.•88 views

Authentication Bypass in Apache Tomcat

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the...

5CVSS2.2AI score0.0854EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2022/03/18 12:1 a.m.•88 views

Code injection in npm git

All versions of package git are vulnerable to Remote Code Execution RCE due to missing sanitization in the Git.git method, which allows execution of OS commands rather than just git commands. At this time, there is no known workaround. There has been no patch released...

9.8CVSS5.2AI score0.02201EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2021/06/22 3:17 p.m.•88 views

Remote Code Execution vulnerability in PHPMailer 6.4.1 running on Windows

PHPMailer 6.4.1 contains a possible remote code execution vulnerability through the $langpath parameter of the setLanguage method. If the $langpath parameter is passed unfiltered from user input, it can be set to a UNC path, and if an attacker is also able to create a remote mount on the server...

8.1CVSS8.3AI score0.02803EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
•added 2021/06/01 9:19 p.m.•88 views

Catastrophic backtracking in URL authority parser when passed URL containing many @ characters

Impact When provided with a URL containing many @ characters in the authority component the authority regular expression exhibits catastrophic backtracking causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. Patches The issue has been fixed in...

7.5CVSS6.8AI score0.03273EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
•added 2020/09/25 6:28 p.m.•88 views

Out of bounds access in tensorflow-lite

Impact In TensorFlow Lite, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into an array of...

5.8CVSS5.3AI score0.00905EPSS
Exploits1References27Affected Software3
Github Security Blog
Github Security Blog
•added 2020/06/15 7:57 p.m.•88 views

Privilege Escalation in Hibernate Validator

In Hibernate Validator 5.2.x before 5.2.5.Final, 5.3.x before 5.3.6.Final, and 5.4.x before 5.4.2.Final, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege...

7CVSS5.6AI score0.00482EPSS
Exploits0References23Affected Software1
Github Security Blog
Github Security Blog
•added 2020/04/01 4:36 p.m.•88 views

Cross-Site Scripting in seeftl

All versions of seeftl are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation No fix is currently available. Consider using a...

6.1CVSS5AI score0.00752EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2019/12/02 6:18 p.m.•88 views

Apache NiFi process group information disclosure

When updating a Process Group via the API in NiFi versions 1.3.0 to 1.9.2, the response to the request includes all of its contents at the top most level, not recursively. The response included details about processors and controller services which the user may not have had read access to...

5.3CVSS3AI score0.02751EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
•added 2019/04/23 4:3 p.m.•88 views

Billion laughs attack in c3p0

c3p0 version 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration...

7.5CVSS4.1AI score0.04882EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
•added 2024/02/11 6:30 a.m.•87 views

Denial of Service in Connect2id Nimbus JOSE+JWT

In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service resource consumption via a large JWE p2c header value aka iteration count for the PasswordBasedDecrypter PBKDF2 component...

7.5CVSS7AI score0.00814EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2023/09/27 9:16 p.m.•87 views

Imageflow affected by libwebp zero-day and should not be used with malicious source images.

Impact This vulnerability affects deployments of Imageflow that involve decoding or processing malicious source .webp files. If you only process your own trusted files, this should not affect you but you should update anyway. Imageflow relies on Google's libwebp library to decode .webp images, an...

8.8CVSS6.7AI score0.99735EPSS
Exploits9References3Affected Software21
Github Security Blog
Github Security Blog
•added 2022/09/23 6:11 p.m.•87 views

Rancher API and cluster.management.cattle.io object vulnerable to plaintext storage and exposure of credentials

Impact An issue was discovered in Rancher versions up to and including 2.5.15 and 2.6.6 where sensitive fields, like passwords, API keys and Rancher's service account token used to provision clusters, were stored in plaintext directly on Kubernetes objects like Clusters, for example...

9.9CVSS8.6AI score0.03105EPSS
Exploits3References4Affected Software1
Github Security Blog
Github Security Blog
•added 2022/04/03 12:0 a.m.•87 views

Spring Cloud Function Code Injection with a specially crafted SpEL as a routing expression

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources...

9.8CVSS4.8AI score0.99939EPSS
Exploits36References9Affected Software1
Github Security Blog
Github Security Blog
•added 2022/03/10 5:28 p.m.•87 views

Shopware guest session is shared between customers

Impact Guest sessions are shared between customers when HTTP cache is enabled. Setups with Varnish are not affected by this issue Patches We recommend updating to the current version 6.4.8.2. You can get the update to 6.4.8.2 regularly via the Auto-Updater or directly via the download overview...

6.5CVSS1.7AI score0.00524EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
•added 2022/03/07 12:0 a.m.•87 views

OS Command Injection in GenieACS

In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument lib/ui/api.ts and lib/ping.ts. The vulnerability arises from insufficient input validation combined with a missing authorization check...

9.8CVSS3.8AI score0.21901EPSS
Exploits2References4Affected Software1
Github Security Blog
Github Security Blog
•added 2022/02/15 1:57 a.m.•87 views

Server Side Request Forgery in Grafana

The avatar feature in Grafana github.com/grafana/grafana/pkg/api/avatar 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue that allows remote code execution. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result t...

8.2CVSS8.6AI score0.99856EPSS
Exploits5References32Affected Software1
Github Security Blog
Github Security Blog
•added 2021/06/08 8:12 p.m.•87 views

Predictable CSRF tokens in centreon/centreon

An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user...

6.5CVSS2.3AI score0.00823EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/21 7:21 p.m.•87 views

Server-Side Request Forgery in yoast_seo

The yoastseo aka Yoast SEO extension before 7.2.1 for TYPO3 allows SSRF via a backend user account...

6.4CVSS4.9AI score0.00474EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/30 5:34 p.m.•87 views

Plaintext password leak in Apache Superset

In the course of work on the open source project it was discovered that authenticated users running queries against Hive and Presto database engines could access information via a number of templated fields including the contents of query description metadata database, the hashed version of the...

8.1CVSS1.6AI score0.02001EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/03/01 7:38 p.m.•87 views

SSRF in Rendertron

Rendertron versions prior to 3.0.0 are are susceptible to a Server-Side Request Forgery SSRF attack. An attacker can use a specially crafted webpage to force a rendertron headless chrome process to render internal sites it has access to, and display it as a screenshot. Suggested mitigations are t...

4.3CVSS5AI score0.00325EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2020/12/24 8:49 p.m.•88 views

Server-Side Template Injection

Impact A Server-Side Template Injection was identified in BrowserUp Proxy enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution RCE vulnerability. This has been assigned CVE-2020-26282. Patches Effective Immediately, all users should upgrade ...

10CVSS9.9AI score0.04629EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2020/05/20 3:55 p.m.•87 views

CRLF injection in httplib2

Impact Attacker controlling unescaped part of uri for httplib2.Http.request could change request headers and body, send additional hidden requests to same server. Impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping...

6.8CVSS0.8AI score0.02593EPSS
Exploits0References14Affected Software1
Github Security Blog
Github Security Blog
•added 2020/05/12 12:39 a.m.•87 views

Exposure of Sensitive Information to an Unauthorized Actor in Apache Kafka

When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value,...

7.5CVSS3.2AI score0.03915EPSS
Exploits0References27Affected Software1
Github Security Blog
Github Security Blog
•added 2020/03/16 10:46 p.m.•87 views

Potential buffer overflow in psd-tools

Impact An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malformed PSD input data during decoding to the PIL.Image or NumPy format, leading to a Buffer Overflow. Patches Users of psd-tools version v1.8.37 to v1.9.3 should upgrade to...

9.8CVSS9.3AI score0.01736EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2020/01/21 9:18 p.m.•87 views

Improper implementation of the session fixation protection in Infinispan

A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling...

9.8CVSS3.1AI score0.01957EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
•added 2019/12/02 6:17 p.m.•87 views

Apache NiFi information disclosure by XXE

The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services via XXE and reveal information such as the versions of Java, Jersey, and Apache that the NiFI...

6.5CVSS4.1AI score0.02258EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
•added 2018/10/19 4:40 p.m.•87 views

Apache CXF TLS hostname verification does not work correctly with com.sun.net.ssl.*

It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty"java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol";'. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old...

8.1CVSS7.8AI score0.10348EPSS
Exploits0References27Affected Software2
Github Security Blog
Github Security Blog
•added 2018/10/19 4:16 p.m.•87 views

Jetty vulnerable to cache poisoning due to inconsistent HTTP request handling (HTTP Request Smuggling)

Eclipse Jetty, versions 9.2.x and older, 9.3.x all configurations, and 9.4.x non-default configuration with RFC2616 compliance enabled, contain an HTTP Request Smuggling Vulnerability that can result in cache poisoning...

7.5CVSS1.3AI score0.06411EPSS
Exploits0References13Affected Software1
Github Security Blog
Github Security Blog
•added 2025/01/14 7:46 p.m.•86 views

Microsoft Security Advisory CVE-2025-21176 | .NET and Visual Studio Remote Code Execution Vulnerability

Microsoft Security Advisory CVE-2025-21176 | .NET and Visual Studio Remote Code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0 and .NET 9.0. This advisory also provides guidance on what developers ca...

8.8CVSS7.1AI score0.02262EPSS
Exploits0References5Affected Software12
Github Security Blog
Github Security Blog
•added 2024/05/14 10:22 p.m.•86 views

Grafana Plugin signature bypass

Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-31123 We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues. Release 9.2, latest release, also...

7.8CVSS6.7AI score0.00249EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2023/12/05 11:31 p.m.•86 views

Vite XSS vulnerability in `server.transformIndexHtml` via URL payload

Summary When Vite's HTML transformation is invoked manually via server.transformIndexHtml, the original request URL is passed in unmodified, and the html being transformed contains inline module scripts ..., it is possible to inject arbitrary HTML into the transformed output by supplying a...

6.1CVSS6.7AI score0.00997EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2023/03/30 8:17 p.m.•86 views

rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc

Impact It was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not specify the cgroup namespace to be unshared e.g.., docker|podman|nerdctl run --cgroupns=host, with Rootless...

6.3CVSS6.5AI score0.00327EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2022/12/23 12:30 a.m.•86 views

Python Charmers Future denial of service vulnerability

An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server. This issue has been patched in version 0.18.3...

7.5CVSS7AI score0.01804EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
•added 2022/12/13 3:30 p.m.•87 views

Apache CXF vulnerable to Exposure of Sensitive Information

A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes...

7.5CVSS8.5AI score0.01193EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2022/09/16 5:21 p.m.•87 views

XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection

Impact The tags document Main.Tags in XWiki didn't sanitize user inputs properly, allowing users with view rights on the document default in a public wiki or for authenticated users on private wikis to execute arbitrary Groovy, Python and Velocity code with programming rights. This allows bypassi...

9.9CVSS8.8AI score0.73608EPSS
Exploits1References5Affected Software2
Github Security Blog
Github Security Blog
•added 2022/08/18 7:3 p.m.•86 views

CodeIgniter Shield Vulnerable to SameSite Attackers Bypassing the CSRF Protection

Impact This vulnerability may allow SameSite Attackers to bypass the CodeIgniter4 CSRF protection mechanism with CodeIgniter Shield. For this attack to succeed, the attacker must have direct or indirect, e.g., XSS control over a subdomain site e.g., https://a.example.com/ of the target site e.g.,...

8.8CVSS8.5AI score0.00474EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/14 3:41 a.m.•86 views

Canvs Canvas XSS Vulnerability

Canvs Canvas version 3.4.2 contains a Cross Site Scripting XSS vulnerability in User's details that can result in denial of service and execution of javascript code...

5.4CVSS6.2AI score0.00785EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2022/04/20 12:0 a.m.•86 views

Command injection in ruby-git

The package prior to v1.11.0 is vulnerable to Command Injection via git argument injection. When calling the fetchremote = 'origin', opts = function, the remote parameter is passed to the git fetch subcommand in a way such that additional flags can be set. The additional flags can be used to...

9.8CVSS9.6AI score0.04871EPSS
Exploits1References10Affected Software1
Total number of security vulnerabilities5000