Lucene search
K
GithubMost viewed

33190 matches found

Github Security Blog
Github Security Blog
added 2023/03/01 5:38 p.m.84 views

Keycloak Cross-site Scripting on OpenID connect login service

A reflected cross-site scripting XSS vulnerability was found in the oob OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page...

8.1CVSS1.3AI score0.01149EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2023/02/23 10:10 p.m.84 views

Update share links to use FRP instead of SSH tunneling

Impact This is a vulnerability which affects anyone using Gradio's share links i.e. creating a Gradio app and then setting share=True with Gradio versions older than 3.13.1. In these older versions of Gradio, a private SSH key is sent to any user that connects to the Gradio machine, which means...

9.8CVSS8.9AI score0.00553EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/02/21 9:30 p.m.84 views

MongoDB .NET/C# Driver vulnerable to Deserialization of Untrusted Data

Under very specific circumstances, a privileged user is able to cause arbitrary code to be executed which may cause further disruption to services. This is specific to applications written in C. This affects all MongoDB .NET/C Driver versions prior to and including v2.18.0...

7.2CVSS6.9AI score0.01049EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/02/06 9:30 p.m.84 views

Withdrawn: Fortra GoAnywhere MFT Deserialization of Untrusted Data vulnerability affects metasploit-framework

Withdrawn This advisory has been withdrawn because it was incorrectly associated with the metasploit-framework package, which is not affected by this CVE, and the actual vulnerable component does not fit within our supported ecosystems. This link is maintained to preserve external references...

7.2CVSS7.5AI score0.99999EPSS
Exploits12References10Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/23 12:0 a.m.84 views

Prototype Pollution in simple-plist

simple-plist v1.3.0 was discovered to contain a prototype pollution vulnerability via .parse...

9.8CVSS3.2AI score0.01295EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/09 12:54 a.m.85 views

Denial of service in Undertow

A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This...

7.8CVSS7.2AI score0.01269EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/19 3:28 p.m.84 views

Prototype Pollution in vm2

This affects the package vm2 before 3.9.4. Prototype Pollution attack vector can lead to sandbox escape and execution of arbitrary code on the host machine...

10CVSS3AI score0.03476EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/08 8:14 p.m.84 views

Hessian protocol configuration vulnerability in Apache Dubbo

In Apache Dubbo, users may choose to use the Hessian protocol. The Hessian protocol is implemented on top of HTTP and passes the body of a POST request directly to a HessianSkeleton: New HessianSkeleton are created without any configuration of the serialization factory and therefore without...

9.8CVSS8.7AI score0.02905EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/03 7:0 p.m.84 views

Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning

Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in...

8.2CVSS1.3AI score0.07795EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/02 6:33 p.m.84 views

Resource Exhaustion in Spring Security

Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker c...

7.5CVSS2.6AI score0.06001EPSS
Exploits0References12Affected Software2
Github Security Blog
Github Security Blog
added 2021/06/29 3:13 a.m.84 views

Time-of-check Time-of-use (TOCTOU) Race Condition in league/flysystem

Impact The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions: - A user is allowed to supply the path or filename of an uploaded file. - The supplied...

9.8CVSS3.5AI score0.03486EPSS
Exploits2References9Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/28 4:55 p.m.84 views

Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19

Improper sanitization of path in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.14 Vaadin 10.0.0 through 10.0.18, 1.1.0 prior to 2.0.0 Vaadin 11 prior to 14, 2.0.0 through 2.6.1 Vaadin 14.0.0 through 14.6.1, and 3.0.0 through 6.0.9 Vaadin 15.0.0 through 19.0....

5.3CVSS2AI score0.01318EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/29 9:52 p.m.84 views

Insecure Deserialization of untrusted data in rmccue/requests

Impact Unserialization of untrusted data. Patches The issue has been patched and users of Requests 1.6.0, 1.6.1 and 1.7.0 should update to version 1.8.0. References Publications about the vulnerability:...

9.8CVSS1.8AI score0.02142EPSS
Exploits0References14Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/22 4:14 p.m.84 views

Missing Authentication for Critical Function in Apache Calcite

"HttpUtilsgetURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses this method internally to connect with Druid and Splunk so information leakage may happen when using the respective Calcite...

5.9CVSS0.4AI score0.02141EPSS
Exploits0References5Affected Software3
Github Security Blog
Github Security Blog
added 2020/03/13 8:5 p.m.84 views

Duplicate Advisory: python-gnupg allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended

Withdrawn: Duplicate of GHSA-2fch-jvg5-crf6...

7.5CVSS7.8AI score0.08548EPSS
Exploits2References17Affected Software1
Github Security Blog
Github Security Blog
added 2020/03/12 5:2 p.m.84 views

Double Free in psutil

psutil aka python-psutil through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object...

7.5CVSS2.1AI score0.03522EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2019/11/08 8:6 p.m.84 views

Signature validation bypass in XmlSecLibs

Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message...

8.8CVSS4.6AI score0.03024EPSS
Exploits0References18Affected Software1
Github Security Blog
Github Security Blog
added 2018/07/12 8:29 p.m.84 views

Eve allows execution of arbitrary code

io/mongo/parser.py in Eve aka pyeve before 0.7.5 allows remote attackers to execute arbitrary code via Code Injection in the where parameter...

9.8CVSS9.9AI score0.05651EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/09 3:50 p.m.83 views

Contao: Possible cookie sharing with external domains while checking protected pages for broken links

Impact If the crawler is set to crawl protected pages, it sends the cookie header to externals URLs. Patches Update to Contao 4.13.40 or 5.3.4. Workarounds Disable crawling protected pages. References https://contao.org/en/security-advisories/session-cookie-disclosure-in-the-crawler For more...

8.3CVSS6.9AI score0.00708EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2024/02/27 9:47 p.m.83 views

Magento LTS vulnerable to stored XSS in admin file form

Summary OpenMage is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Details MageAdminhtmlBlockSystemConfigFormFieldFile does not escape filename value in certain situations. Same...

5.4CVSS5.4AI score0.00442EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/12/21 6:25 p.m.83 views

The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted

An issue was found in the redirecturi validation logic that allows for a bypass of otherwise explicitly allowed hosts. The problem arises in the verifyRedirectUri method, which attempts to enforce rules on user-controllable input, but essentially causes a desynchronization in how Keycloak and...

7.1CVSS7AI score0.0095EPSS
Exploits0References13Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/30 8:30 p.m.83 views

Keycloak vulnerable to cross-site scripting when validating URI-schemes on SAML and OIDC

AssertionConsumerServiceURL is a Java implementation for SAML Service Providers org.keycloak.protocol.saml. Affected versions of this package are vulnerable to Cross-site Scripting XSS. AssertionConsumerServiceURL allows XSS when sending a crafted SAML XML request...

10CVSS5.9AI score0.00626EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/02/08 10:36 p.m.83 views

Helm vulnerable to information disclosure via getHostByName Function

A Helm contributor discovered an information disclosure vulnerability using the getHostByName template function. Impact getHostByName is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the...

4.3CVSS4.5AI score0.00762EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/10/04 10:17 p.m.83 views

protobuf-java has a potential Denial of Service issue

Summary A potential Denial of Service issue in protobuf-java core and lite was discovered in the parsing procedure for binary and text format data. Input streams containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted...

7.5CVSS7.5AI score0.01048EPSS
Exploits0References12Affected Software5
Github Security Blog
Github Security Blog
added 2022/07/16 12:0 a.m.83 views

Terser insecure use of regular expressions leads to ReDoS

The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure usage of regular expressions...

7.5CVSS4.5AI score0.0232EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:11 p.m.83 views

OpenStack Manila Unprivileged users can retrieve, use and manipulate share networks

OpenStack Manila =8.0.0 =9.0.0 9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks...

8.3CVSS6.6AI score0.01153EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/24 12:12 a.m.83 views

Path traversal allows leaking out-of-bound files from Argo CD repo-server

Impact All unpatched versions of Argo CD starting with v1.5.0 are vulnerable to a path traversal vulnerability allowing a malicious user with read/write access to leak sensitive files from Argo CD's repo-server. A malicious Argo CD user who has been granted create or update access to Applications...

6.8CVSS1.6AI score0.00923EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/07 10:56 p.m.83 views

Bash command injection in Apache Zeppelin

bash command injection vulnerability in Apache Zeppelin allows an attacker to inject system commands into Spark interpreter settings. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions...

10CVSS5.5AI score0.05747EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/09 8:40 p.m.83 views

Directory Traversal in Archive_Tar

In ArchiveTar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193...

7.1CVSS4AI score0.73377EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/02 7:20 p.m.83 views

Utils.readChallengeTx does not verify the server account signature

The Utils.readChallengeTx function used in SEP-10 Stellar Web Authentication states in its function documentation that it reads and validates the challenge transaction including verifying that the serverAccountID has signed the transaction. The function does not verify that the server has signed...

6.5CVSS2.2AI score0.00514EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/27 6:44 p.m.83 views

Lookup function information discolosure in helm

The Helm core maintainers have identified an information disclosure vulnerability in Helm 3.0.0-3.1.2. Impact lookup is a Helm template function introduced in Helm v3. It is able to lookup resources in the cluster to check for the existence of specific resources and get details about them. This c...

8.5CVSS5.2AI score0.0126EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/05 7:49 p.m.83 views

Possible DoS Vulnerability in Action Controller Token Authentication

There is a possible DoS vulnerability in the Token Authentication logic in Action Controller. Versions Affected: = 4.0.0 Not affected: 4.0.0 Fixed Versions: 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 Impact ------ Impacted code uses authenticateorrequestwithhttptoken or authenticatewithhttptoken for reques...

7.5CVSS7.6AI score0.04808EPSS
Exploits1References11Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/18 8:29 p.m.83 views

Django Directory Traversal via archive.extract

In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method used by "startapp --template" and "startproject --template" allows directory traversal via an archive with absolute paths or relative paths with dot segments...

5.3CVSS5.9AI score0.07605EPSS
Exploits1References13Affected Software1
Github Security Blog
Github Security Blog
added 2021/01/14 7:17 p.m.83 views

rails_admin ruby gem XSS vulnerability

RailsAdmin aka railsadmin before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms...

6.1CVSS6.3AI score0.01278EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/12/02 6:28 p.m.83 views

UNEDITABLE_SCHEMAS and UNEDITABLE_TABLE_DESCRIPTION_MATCH_RULES not respected by frontend service backend

Impact Any install that has UNEDITABLESCHEMAS and/or UNEDITABLETABLEDESCRIPTIONMATCHRULES set in the front-end, is being impacted. The value of these properties is ignored if set, allowing any user to modify table and column descriptions, even though the properties imply they shouldn't be. Patche...

7.1AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2020/10/16 5:3 p.m.83 views

Memory exhaustion in http4s-async-http-client with large or malicious compressed responses

Impact A server we connect to with http4s-async-http-client could theoretically respond with a large or malicious compressed stream and exhaust memory in the client JVM. It does not affect http4s servers, other client backends, or clients that speak only to trusted servers. This is related to a...

7.5CVSS1.2AI score0.09438EPSS
Exploits0References2Affected Software2
Github Security Blog
Github Security Blog
added 2020/10/02 4:22 p.m.83 views

Potential Remote Code Execution vulnerability

Packages nette/application versions prior to 2.2.10, 2.3.14, 2.4.16, 3.0.6 and nette/nette versions prior to 2.0.19 and 2.1.13 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Reported by Cyku Hong from DEVCORE...

9.8CVSS3.8AI score0.35228EPSS
Exploits3References8Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/15 8:16 p.m.83 views

Authorization Bypass in Spring Security

When using Spring Security's CAS Proxy ticket authentication a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. This is due to the fact that the proxy ticket authentication uses the information from the HttpServletRequest which is...

9.8CVSS8.3AI score0.01808EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/15 7:34 p.m.83 views

Denial of Service in Spring Framework

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...

7.5CVSS2AI score0.09513EPSS
Exploits0References23Affected Software1
Github Security Blog
Github Security Blog
added 2020/05/22 2:55 p.m.83 views

HTTP Smuggling via Transfer-Encoding Header in Puma

Impact By using an invalid transfer-encoding header, an attacker could smuggle an HTTP response. Originally reported by @ZeddYu, who has our thanks for the detailed report. Patches The problem has been fixed in Puma 3.12.5 and Puma 4.3.4. For more information If you have any questions or comments...

7.5CVSS0.4AI score0.03977EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2020/05/21 9:8 p.m.83 views

Apache ActiveMQ webconsole admin GUI is open to XSS

In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue...

6.1CVSS2.1AI score0.06208EPSS
Exploits0References14Affected Software1
Github Security Blog
Github Security Blog
added 2020/01/21 8:32 p.m.83 views

Uncontrolled resource consumption in validators Python package

The validators package 0.12.2 through 0.12.5 for Python enters an infinite loop when validators.domain is called with a crafted domain string. This is fixed in 0.12.6...

7.8CVSS3.8AI score0.01171EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2018/12/21 5:46 p.m.83 views

Moderate severity vulnerability that affects com.fasterxml.jackson.datatype:jackson-datatype-jsr353

Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Databind that can result in Causes a denial-of-service DoS. This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the...

6.5CVSS5.4AI score0.04758EPSS
Exploits1References16Affected Software1
Github Security Blog
Github Security Blog
added 2018/11/21 10:19 p.m.83 views

Remote Code Execution in spark-core

In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts. The master itself does not, by design, execute user code. A specially-crafted request to the master can, however, cause the master to execute co...

9.8CVSS2.2AI score0.08721EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2018/07/12 8:29 p.m.83 views

Pycrypto generates weak key parameters

lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data i.e., it does not have semantic security in face of a ciphertext-only attack. The Decisional Diffie-Hellman DDH...

7.5CVSS3.7AI score0.0211EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 5:36 p.m.82 views

vLLM: OpenAI auth bypass

Summary A vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API AuthenticationMiddleware, which was discovered during @x41sec's source code audit. It allows to use the API without providing the configured VLLMAPIKEY or...

9.1CVSS5.5AI score0.01014EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/04 8:58 p.m.82 views

changedetection.io has Reflected XSS in its RSS Tag Error Response

A reflected cross-site scripting XSS vulnerability was identified in the /rss/tag/ endpoint of changedetection.io. The taguuid path parameter is reflected directly in the HTTP response body without HTML escaping. Since Flask returns text/html by default for plain string responses, the browser...

6.1CVSS5.8AI score0.00282EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2024/12/19 6:31 p.m.82 views

QOS.CH logback-core Expression Language Injection vulnerability

ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core up to and including version 1.5.12 in Java applications allows attackers to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution. Malicious...

5.9CVSS7.7AI score0.00404EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/02/22 6:15 p.m.82 views

Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCE

Summary A lack of sanitization/check in the font path returned by php-svg-lib, in the case of a inline CSS font defined, that will be used by Cpdf to open a font will be passed to a fileexists call, which is sufficient to trigger metadata unserializing on a PHAR file, through the phar:// URL...

7.5AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/14 10:20 p.m.82 views

AIOHTTP has problems in HTTP parser (the python one, not llhttp)

Summary The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTPNOEXTENSIONS is enabled or not using a prebuilt wheel. Details Bug 1: Bad parsing of Content-Length values Description RFC 9110 says this:...

7.5CVSS7.9AI score0.0085EPSS
Exploits1References10Affected Software1
Total number of security vulnerabilities5000