Lucene search
K
GithubMost viewed

33190 matches found

Github Security Blog
Github Security Blog
added 2022/04/07 1:59 p.m.86 views

HTTP Proxy header vulnerability

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP...

8.1CVSS1.9AI score0.50427EPSS
Exploits0References50Affected Software7
Github Security Blog
Github Security Blog
added 2021/07/13 5:43 p.m.86 views

Allocation of resources without limits or throttling in keycloak-model-infinispan

A flaw was found in keycloak-model-infinispan in keycloak versions before 14.0.0 where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack...

7.5CVSS7.1AI score0.01129EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/18 6:30 p.m.86 views

Improper Authentication in Apache Airflow

The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can jus...

5.3CVSS4.1AI score0.04555EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/18 6:29 p.m.86 views

Apache Airflow Cross-site Scripting

In Apache Airflow 1.10.12, the origin parameter passed to some of the endpoints like /trigger and was vulnerable to a XSS exploit...

6.1CVSS2.5AI score0.25076EPSS
Exploits0References13Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/04 9:46 p.m.86 views

django-celery-results Stores Sensitive Information In Cleartext

django-celery-results prior to 2.4.0 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database. In version 2.4.0 this is no longer the default...

7.5CVSS7.1AI score0.00863EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/21 7:20 p.m.86 views

Improper Input Validation in Apache Camel

Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel users should upgrade to 3.2.0...

7.5CVSS4.3AI score0.14331EPSS
Exploits0References19Affected Software3
Github Security Blog
Github Security Blog
added 2021/05/06 6:28 p.m.86 views

Server-side request forgery in Ghost CMS

Server-side request forgery SSRF vulnerability in Ghost CMS 3.10.0 allows an attacker to scan local or external network or otherwise interact with internal systems...

8.1CVSS7.6AI score0.0122EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/11 3:9 a.m.86 views

Generated Code Contains Local Information Disclosure Vulnerability

Impact This vulnerability impacts generated code. If this code was generated as a one-off occasion, not as a part of an automated CI/CD process, this code will remain vulnerable until fixed manually! On Unix-Like systems, the system temporary directory is shared between all local users. When...

5.5CVSS5.6AI score0.00282EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/10 3:46 a.m.86 views

DOS vulnerability for Quoted Quality CSV headers

Impact When Jetty handles a request containing request headers with a large number of “quality” i.e. q parameters such as what are seen on the Accept, Accept-Encoding, and Accept-Language request headers, the server may enter a denial of service DoS state due to high CPU usage while sorting the...

5.3CVSS6.1AI score0.7795EPSS
Exploits0References66Affected Software1
Github Security Blog
Github Security Blog
added 2020/07/27 6:8 p.m.86 views

Unsafe object creation in json RubyGem

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269/GHSA-x457-cw4h-hq5f, but does not rely on poor garbage-collection behavior within Ruby. Specificall...

7.5CVSS2.3AI score0.06811EPSS
Exploits0References23Affected Software1
Github Security Blog
Github Security Blog
added 2020/03/11 8:56 p.m.86 views

Link Following in rply

python-rply before 0.7.4 insecurely creates temporary files...

5.5CVSS5.6AI score0.00396EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2020/02/28 4:53 p.m.86 views

HTTP Response Splitting in Puma

In Puma RubyGem before 4.3.2 and 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters i.e. CR, LF or/r, /n to end the header and inject malicious content, such as additional headers or an entirely new response body. This...

7.5CVSS6.5AI score0.02487EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2019/12/16 8:17 p.m.86 views

Heap buffer overflow in `UnsortedSegmentSum` in TensorFlow

Impact A heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case datasize and numsegments fields are truncated from int64 to int32 and can produce negative numbers, resulting in accessing out of bounds heap memory. This is unlikely to be...

9.8CVSS3.4AI score0.00777EPSS
Exploits0References8Affected Software3
Github Security Blog
Github Security Blog
added 2019/12/02 6:19 p.m.86 views

Apache NiFi user log out issue

When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi versions 1.0.0 to 1.9.2, NiFi invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging out t...

8.8CVSS2.4AI score0.01846EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2019/07/19 4:13 p.m.86 views

Regular Expression Denial of Service (ReDoS) in lodash

lodash prior to 4.7.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is:...

6.5CVSS5.3AI score0.03076EPSS
Exploits1References9Affected Software4
Github Security Blog
Github Security Blog
added 2019/04/10 2:30 p.m.86 views

Jinja2 sandbox escape via string formatting

In Pallets Jinja before 2.10.1, str.formatmap allows a sandbox escape. The sandbox is used to restrict what code can be evaluated when rendering untrusted, user-provided templates. Due to the way string formatting works in Python, the str.formatmap method could be used to escape the sandbox. This...

8.6CVSS8.3AI score0.03603EPSS
Exploits1References22Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/04 2:24 p.m.85 views

Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection

Summary Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular expression from the configured XSRF cookie name without escaping regex metacharacters. In standard browser environments, an attacker who can influence the cookie name passed to axios can cause...

7.5CVSS6AI score0.00645EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/11/21 10:21 p.m.85 views

Flowise OverrideConfig security vulnerability

Impact Flowise allows developers to inject configuration into the Chainflow during execution through the overrideConfig option. This is supported in both the frontend web integration and the backend Prediction API. This has a range of fundamental issues that are a major security vulnerability...

7.7AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2024/09/09 9:31 p.m.85 views

Keycloak Open Redirect vulnerability

An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referreruri parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believing that the URL is safe, when, in fact, it...

6.1CVSS7AI score0.00546EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/06 9:30 p.m.85 views

scikit-learn sensitive data leakage vulnerability

A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the stopwords...

4.7CVSS6.5AI score0.00187EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/03/25 7:40 p.m.85 views

Express.js Open Redirect in malformed URLs

Impact Versions of Express.js prior to 4.19.2 and pre-release alpha and beta versions before 5.0.0-beta.3 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode using encodeurl on the...

6.1CVSS6.3AI score0.00786EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/14 6:30 a.m.85 views

node-qpdf vulnerable to command injection

All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt fails to sanitize its parameter input, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they can specify the...

9.8CVSS7.6AI score0.02079EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/30 9:42 p.m.85 views

mindsdb arbitrary file write when extracting a remotely retrieved Tarball

Summary An unsafe extraction is being performed using tarfile.extractall from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. Sometimes, the vulnerability is called a TarSlip or a ZipSlip variant. Details I commented the following...

7.5CVSS7.5AI score0.01EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/26 9:30 p.m.85 views

redis-py Race Condition vulnerability

redis-py before 4.5.3, as used in ChatGPT and other products, leaves a connection open after canceling an async Redis command at an inopportune time in the case of a pipeline operation, and can send response data to the client of an unrelated request in an off-by-one manner. The fixed versions fo...

3.7CVSS6AI score0.01018EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
added 2023/02/22 7:16 p.m.85 views

GeoTools OGC Filter SQL Injection Vulnerabilities

Impact GeoTools includes support for OGC Filter expression language parsing, encoding and execution against a range of datastore. SQL Injection Vulnerabilities have been found when executing OGC Filters with JDBCDataStore implementations: 1. PropertyIsLike filter Requires PostGIS DataStore with...

9.8CVSS9.6AI score0.01072EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/13 3:30 p.m.85 views

Jettison Out-of-bounds Write vulnerability

A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service DoS via crafted JSON data...

7.5CVSS7.5AI score0.01395EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/10/12 7:0 p.m.85 views

mockery is vulnerable to prototype pollution

Prototype pollution vulnerability in function enable in mockery.js in mfncooper mockery commit 822f0566fd6d72af8c943ae5ca2aa92e516aa2cf via the key variable in mockery.js...

9.8CVSS6.9AI score0.01188EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 4:51 p.m.85 views

Pallets Werkzeug vulnerable to Path Traversal

In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names such as C: in Windows pathnames...

7.5CVSS3.5AI score0.55526EPSS
Exploits7References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/12 12:14 a.m.85 views

Symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations in dbdeployer

Impact Users unpacking a tarball through dbdeployer may use a maliciously packaged tarball that contains symlinks to files external to the target. In such scenario, an attacker could induce dbdeployer to write into a system file, thus altering the computer defences. Mitigating factors For the...

6.1CVSS5.9AI score0.01186EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/10 11:30 p.m.85 views

Prototype Pollution in Ajv

An issue was discovered in ajv.validate in Ajv aka Another JSON Schema Validator 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a...

6.8CVSS7.6AI score0.02313EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/09 12:48 a.m.85 views

Apache Hive Information Exposure and Observable Timing Discrepancy

Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive 2.3.8...

5.9CVSS5.6AI score0.02458EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/02 12:4 a.m.85 views

pgjdbc Does Not Check Class Instantiation when providing Plugin Classes

Impact pgjdbc instantiates plugin instances based on class names provided via authenticationPluginClassName, sslhostnameverifier, socketFactory, sslfactory, sslpasswordcallback connection properties. However, the driver did not verify if the class implements the expected interface before...

9.8CVSS4.6AI score0.0301EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/11/17 9:55 p.m.85 views

Advanced Content Filter (ACF) vulnerability allowing to execute JavaScript code using malformed HTML

Affected packages The vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. Impact A potential vulnerability has been discovered in CKEditor 4 Advanced Content Filter ACF core module. The vulnerability allowed to inject malforme...

8.2CVSS2.2AI score0.01257EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/04 8:14 p.m.85 views

Expression injection in AviatorScript

AviatorScript through 5.2.7 allows code execution via an expression that is encoded with Byte Code Engineering Library BCEL...

9.8CVSS5.5AI score0.01874EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/30 5:22 p.m.85 views

ExternalName Services can be used to gain access to Envoy's admin interface

Impact Josh Ferrell @josh-ferrell from VMware has reported that a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy remotely a denial of service, o...

8.5CVSS0.1AI score0.01151EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/23 7:41 p.m.85 views

parse-server new anonymous user session acts as if it's created with password

Impact Developers that use the REST API to signup users and also allow users to login anonymously. When an anonymous user is first signed up using REST, the server creates session incorrectly, particularly the authProvider field in Session class under createdWith shows the user logged in creating...

6.5CVSS6.3AI score0.00993EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/07 4:6 p.m.85 views

Command Injection in picotts

This affects all versions up to and including version 0.1.1 of package picotts. If attacker-controlled user input is given to the say function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

9.8CVSS5.8AI score0.01943EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/30 5:28 p.m.85 views

HTTP Request Smuggling in Undertow

A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS...

5.8CVSS1.9AI score0.01147EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/02/10 2:32 a.m.85 views

October CMS Session ID not invalidated after logout

Impact When logging out, the session ID was not invalidated. This is not a problem while the user is logged out, but as soon as the user logs back in the old session ID would be valid again; which means that anyone that gained access to the old session cookie would be able to act as the logged in...

9.8CVSS8.9AI score0.02903EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2020/11/27 8:12 p.m.85 views

Inappropriate implementation in V8 in CefSharp

High CVE-2020-16013: Inappropriate implementation in V8. - https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop11.html - https://vulners.com/cve/CVE-2020-16013 Google is aware of reports that exploits for CVE-2020-16013 and CVE-2020-16017 exist in the wild. There is...

8.8CVSS0.5AI score0.02826EPSS
Exploits0References5Affected Software4
Github Security Blog
Github Security Blog
added 2020/04/23 9:8 p.m.85 views

jackson-databind mishandles the interaction between serialization gadgets and typing

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig aka shaded hikari-config...

9.8CVSS3.2AI score0.04613EPSS
Exploits0References29Affected Software1
Github Security Blog
Github Security Blog
added 2020/02/28 1:10 a.m.85 views

class.upload.php in verot.net omits .pht from the set of dangerous file extensions

class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576...

9.8CVSS2AI score0.04153EPSS
Exploits3References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/01/28 10:37 p.m.85 views

Feedgen Vulnerable to XML Denial of Service Attacks

Impact The feedgen library allows supplying XML as content for some of the available fields. This XML will be parsed and integrated into the existing XML tree. During this process, feedgen is vulnerable to XML Denial of Service Attacks e.g. XML Bomb. This becomes a concern in particular if feedge...

7.5CVSS1.9AI score0.01635EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2019/08/27 5:43 p.m.85 views

Prototype Pollution in set-value

Versions of set-value prior to 3.0.1 or 2.0.1 are vulnerable to Prototype Pollution. The set function fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects...

9.8CVSS4.6AI score0.02475EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.85 views

activesupport in Rails vulnerable to incorrect data conversion

lib/activesupport/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication v...

7.5CVSS10.3AI score0.98582EPSS
Exploits7References20Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.85 views

HTTParty does not restrict casts of string values

The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption by leveraging Action Pack support for YAML type...

7.5CVSS5.2AI score0.0441EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2024/12/02 8:3 p.m.84 views

Withdrawn Advisory: Netty vulnerability included in redis lettuce

Withdrawn Advisory This advisory has been withdrawn because users of Lettuce may independently exclude vulnerable versions of Netty from their dependencies, and those users should not receive alerts for CVE-2024-47535. This link is maintained to preserve external references. Original Description...

5.5CVSS5.1AI score0.00408EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/07/01 3:32 p.m.84 views

Prototype pollution in ag-grid-community via the _.mergeDeep function

ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the .mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties. Prior versions were also found ...

9.8CVSS9.9AI score0.01158EPSS
Exploits1References6Affected Software2
Github Security Blog
Github Security Blog
added 2023/04/05 3:30 p.m.84 views

MyBatis-Plus vulnerable to SQL injection via TenantPlugin

MyBatis-Plus below 3.5.3.1 is vulnerable to SQL injection via the tenant ID value. This may allow remote attackers to execute arbitrary SQL commands...

9.8CVSS10.1AI score0.0121EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/01 5:38 p.m.84 views

Keycloak Cross-site Scripting on OpenID connect login service

A reflected cross-site scripting XSS vulnerability was found in the oob OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page...

8.1CVSS1.3AI score0.01149EPSS
Exploits0References11Affected Software1
Total number of security vulnerabilities5000