Lucene search
K
GithubMost viewed

33190 matches found

Github Security Blog
Github Security Blog
added 2023/10/06 9:30 p.m.82 views

Code injection in fsevents

fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project that depends on fsevents distributes code that was obtained from that URL at a time when it was controlled by an...

9.8CVSS7.8AI score0.01535EPSS
Exploits1References11Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/13 5:2 p.m.82 views

vm2 Sandbox Escape vulnerability

In vm2 for versions up to 3.9.19, Promise handler sanitization can be bypassed, allowing attackers to escape the sandbox and run arbitrary code. Impact Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox. Patches None. Workarounds...

10CVSS9.6AI score0.02342EPSS
Exploits4References8Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/22 9:30 p.m.82 views

Moodle vulnerable to SQL Injection

A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions...

6.3CVSS8AI score0.00802EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/30 6:30 a.m.82 views

angular vulnerable to regular expression denial of service via the <input type="url"> element

All versions of the package angular are vulnerable to Regular Expression Denial of Service ReDoS via the element due to the usage of an insecure regular expression in the inputurl functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in...

5.3CVSS5.3AI score0.01695EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2023/02/08 6:19 p.m.82 views

Pterodactyl Wings contains UNIX Symbolic Link (Symlink) Following

Impact This vulnerability impacts anyone running the affected versions of Wings. The vulnerability can be used to create new files and on the host system that previously did not exist, potentially allowing attackers to change their resource allocations, promote their containers to privileged mode...

8.8CVSS8.1AI score0.00682EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/22 8:3 p.m.82 views

Tauri Filesystem Scope Glob Pattern is too Permissive

Impact The filesystem glob pattern wildcards , ?, and ... match file path literals and leading dots by default, which unintentionally exposes sub folder content of allowed paths. Example: The fs scope $HOME/.key would also allow $HOME/.ssh/secret.key to be read even though it is in a sub director...

7.7CVSS7.1AI score0.01006EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/09 8:8 p.m.82 views

Akeneo PIM Community Edition vulnerable to remote php code execution

Impact Akeneo PIM Community Edition versions before v5.0.119 and v6.0.53 allows remote authenticated users to execute arbitrary PHP code on the server by uploading a crafted image. Patches Akeneo PIM Community Edition after the versions aforementioned provides patched Apache HTTP server...

8.8CVSS8.7AI score0.01406EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/12 10:20 p.m.82 views

Uncontrolled Resource Consumption in markdown-it

Impact Special patterns with length 50K chars can slow down parser significantly. js const md = require'markdown-it'; md.renderx $' '.repeat150000 x \nx; Patches Upgrade to v12.3.2+ Workarounds No. References Fix + test sample:...

5.3CVSS1.8AI score0.02152EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/02 4:52 p.m.82 views

Default CORS config allows any origin with credentials

Impact Origin reflection attack The default CORS configuration is vulnerable to an origin reflection attack. Take the following http4s app app, using the default CORS config, running at https://vulnerable.example.com: scala val routes: HttpRoutesF = HttpRoutes.of case req if req.pathInfo ===...

9.1CVSS8.4AI score0.00594EPSS
Exploits0References4Affected Software6
Github Security Blog
Github Security Blog
added 2021/07/22 7:47 p.m.82 views

Denial of Service in SheetJS Pro

SheetJS Pro through 0.16.9 allows attackers to cause a denial of service CPU consumption via a crafted .xlsx document that is mishandled when read by xlsx.js...

5.5CVSS4.8AI score0.0088EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2021/05/10 6:43 p.m.82 views

Injection and Cross-site Scripting in osm-static-maps

This affects all versions of package osm-static-maps under 3.9.0. User input given to the package is passed directly to a template without escaping ... . As such, it is possible for an attacker to inject arbitrary HTML/JS code and depending on the context. It will be outputted as an HTML on the...

7.6CVSS7.1AI score0.01581EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/07 4:46 p.m.82 views

TypeORM vulnerable to MAID and Prototype Pollution

Prototype pollution vulnerability in the TypeORM package 0.2.25 may allow attackers to add or modify Object properties leading to further denial of service or SQL injection attacks...

9.8CVSS9.4AI score0.0212EPSS
Exploits2References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/27 8:9 p.m.82 views

Authentication Bypass

When configured to use authentication -Dnacos.core.auth.enabled=true Nacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor that enables Nacos servers to bypass this filter and therefore skip authentication checks. This mechanism relies on the user-agent HT...

9.8CVSS0.3AI score0.74242EPSS
Exploits2References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/20 4:32 p.m.83 views

Duplicate Advisory: XML Injection in petl

Duplicate Advisory This advisoerey has been withdrawn because it is a duplicate of GHSA-f5gc-p5m3-v347. This link is maintained to preserve external references. Original Description petl before 1.68, in some configurations, allows resolution of entities in an XML document...

9.8CVSS9.6AI score0.02275EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/06 5:32 p.m.82 views

Directory exposure in jetty

Impact If the $jetty.base directory or the $jetty.base/webapps directory is a symlink soft link in Linux, the contents of the $jetty.base/webapps directory may be deployed as a static web application, exposing the content of the directory for download. For example, the problem manifests in the...

4CVSS1.7AI score0.0418EPSS
Exploits1References28Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/26 4:49 p.m.82 views

Weak JSON Web Token in yapi-vendor

Weak JSON Web Token JWT signing secret generation in YMFE YApi through 1.9.2 allows recreation of other users' JWT tokens. This occurs because Math.random in Node.js is used as a source of randomness in jwt signing. Math.random does not provide cryptographically secure random numbers. This has be...

5.1CVSS2.6AI score0.00338EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/23 1:54 a.m.82 views

Denial of Service in Page Error Handling

Meta CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C 5.5 CWE-405, CWE-674 Status: DRAFT Problem Requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as error message from another page. This leads to a...

7.5CVSS1.1AI score0.01731EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2021/03/12 10:39 p.m.82 views

Misinterpretation of malicious XML input

Impact xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpected syntactic changes during XML processing in some downstream applications. Patches Update to 0.5...

4.3CVSS1.3AI score0.01328EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/01 5:37 p.m.82 views

Directory Traversal in tencent-server

Affected versions of tencent-server resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...

7.5CVSS7.1AI score0.02005EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/07/16 7:32 p.m.81 views

Fiona affected by CVE-2023-45853 related to MiniZip madler-zlib

Summary Vulnerability scan of fiona shows CVE-2023-45853. The vulnerability is in GDAL, a dependency of fiona. Details Fiona depends on GDAL and GDAL has a port of minizip. MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a...

9.8CVSS9.5AI score0.02918EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/01/25 7:31 p.m.81 views

Rancher cattle-token is predictable

Impact An issue was discovered in Rancher versions up to and including 2.6.9 and 2.7.0, where the cattle-token secret, used by the cattle-cluster-agent, is predictable. Even after the token is regenerated, it will have the same value. This issue is not present in Rancher 2.5 releases. The...

9.8CVSS8.6AI score0.0172EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/11/08 5:29 p.m.81 views

Remote code execution via MongoDB BSON parser through prototype pollution

Impact An attacker can use this prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. Patches Prevent prototype pollution in MongoDB database adapter. Workarounds Disable remote code execution through the MongoDB BSON parser. Collaborators Mikhail Shcherbako...

9.8CVSS9.4AI score0.38717EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/09/30 10:59 p.m.81 views

isolated-vm has vulnerable CachedDataOptions in API

Impact If the untrusted v8 cached data is passed to the API through CachedDataOptions, the attackers can bypass the sandbox and run arbitrary code in the nodejs process. Version 4.3.7 changes the documentation to warn users that they should not accept cachedData payloads from a user...

9.8CVSS9.2AI score0.01088EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/08/18 6:59 p.m.81 views

`undici.request` vulnerable to SSRF using absolute URL on `pathname`

Impact undici is vulnerable to SSRF Server-side Request Forgery when an application takes in user input into the path/pathname option of undici.request. If a user specifies a URL such as http://127.0.0.1 or //127.0.0.1 js const undici = require"undici" undici.requestorigin: "http://example.com",...

9.8CVSS8.9AI score0.01388EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/21 8:31 p.m.81 views

undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect

Impact Authorization headers are already cleared on cross-origin redirect in https://github.com/nodejs/undici/blob/main/lib/handler/redirect.jsL189, based on https://github.com/nodejs/undici/issues/872. However, cookie headers which are sensitive headers and are official headers found in the spec...

6.5CVSS8.1AI score0.00584EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:25 a.m.81 views

Deserialization of Untrusted Data in Groovy

When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized...

9.8CVSS5.2AI score0.17239EPSS
Exploits1References16Affected Software2
Github Security Blog
Github Security Blog
added 2022/05/13 1:11 a.m.81 views

OS Command Injection in Plexus-utils

Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings...

9.8CVSS3AI score0.06543EPSS
Exploits0References17Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/10 11:5 p.m.81 views

SQL Injection in Hibernate ORM

A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access...

6.5CVSS4.7AI score0.02126EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2021/12/13 6:14 p.m.81 views

lxml's HTML Cleaner allows crafted and SVG embedded scripts to pass through

Impact The HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5. Patches The issue has been resolved in lxml 4.6.5...

8.2CVSS7.5AI score0.02456EPSS
Exploits0References17Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/10 3:33 p.m.81 views

Regular Expression Denial of Service in path-parse

Affected versions of npm package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...

7.5CVSS5.1AI score0.02218EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/02 4:55 p.m.81 views

Improper Handling of Length Parameter Inconsistency in Compress

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package...

7.5CVSS7.4AI score0.13292EPSS
Exploits0References36Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/02 6:36 p.m.81 views

Code injection in Narou

Narou aka Narou.rb before 3.8.0 allows Ruby Code Injection via the title name or author name of a novel...

9.8CVSS9.4AI score0.01441EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/22 3:24 p.m.81 views

Deserialization of Untrusted Data in NukeViet

includes/core/isuser.php in NukeViet before 4.3.04 deserializes the untrusted nvloginhash cookie i.e., the code relies on PHP's serialization format when JSON can be used to eliminate the risk...

9.8CVSS9AI score0.02535EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/17 8:51 p.m.81 views

Open Redirect in Flask-Security-Too

Impact Flask-Security allows redirects after many successful views e.g. /login by honoring the ?next query param. There is code in FS to validate that the url specified in the next parameter is either relative OR has the same netloc network location as the requesting URL. This check utilizes...

6.1CVSS5.3AI score0.03289EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/07 4:47 p.m.81 views

OS Command Injection in ng-packagr

The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option...

6.6CVSS6.9AI score0.0239EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/19 9:25 p.m.81 views

Regular Expression Denial of Service (ReDoS)

The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service ReDoS. If an attacker provides a malicious string, is-svg will get stuck processing the input...

7.5CVSS7.9AI score0.02168EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/09 12:45 a.m.81 views

Activerecord-session_store Vulnerable to Timing Attack

The activerecord-sessionstore aka Active Record Session Store component through 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed session ID is valid. Consequently, remote attackers can leverage timing discrepancies to achieve a...

5.3CVSS5.7AI score0.01835EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/08/31 10:45 p.m.81 views

Rosetta-Flash JSONP Vulnerability in hapi

This description taken from the pull request provided by Patrick Kettner. Versions 6.1.0 and earlier of hapi are vulnerable to a rosetta-flash attack, which can be used by attackers to send data across domains and break the browser same-origin-policy. Recommendation - Update hapi to version 6.1.1...

4.3CVSS6.2AI score0.23024EPSS
Exploits4References14Affected Software1
Github Security Blog
Github Security Blog
added 2020/08/05 9:27 p.m.81 views

Reset Password / Login vulnerability in Sulu

Impact What kind of vulnerability is it? Who is impacted? This vulnerability consists of a few related issues: Forget password leaks information if the user exists When the "Forget password" feature on the login screen is used, Sulu asks the user for a username or email address. If the given stri...

5.3CVSS5.2AI score0.01112EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/05/13 11:18 p.m.81 views

Class destructors causing side-effects when being unserialized in TYPO3 CMS

Calling unserialize on malicious user-submitted content can result in the following scenarios: - trigger deletion of arbitrary directory in file system if writable for web server - trigger message submission via email using identity of web site mail relay Another insecure deserialization...

10CVSS1.4AI score0.01472EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2020/04/01 4:36 p.m.81 views

Cross-Site Scripting in fileview

All versions of fileview are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation No fix is currently available. Consider using...

6.1CVSS5AI score0.00752EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/03/30 8:54 p.m.81 views

Micronaut's HTTP client is vulnerable to HTTP Request Header Injection

Vulnerability Micronaut's HTTP client is vulnerable to "HTTP Request Header Injection" due to not validating request headers passed to the client. Example of vulnerable code: java @Controller"/hello" public class HelloController @Inject @Client"/" RxHttpClient client; @Get"/external-exploit"...

9.8CVSS9.5AI score0.01799EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/02/24 5:27 p.m.81 views

Remote Code Execution (RCE) vulnerability in dropwizard-validation

Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. Summary A server-side template injection...

9CVSS2.2AI score0.0281EPSS
Exploits1References11Affected Software1
Github Security Blog
Github Security Blog
added 2020/01/31 5:59 p.m.81 views

auth0-lock vulnerable to XSS via unsanitized placeholder property

Overview Auth0 Lock version 11.20.4 and earlier did not properly sanitize the generated HTML code. Customers using the additionalSignUpFields customization option to add a checkbox to the sign-up dialog that are passing a placeholder property obtained from an untrusted source e.g. a query paramet...

6.1CVSS5.6AI score0.00724EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/01/30 11:55 p.m.81 views

Malicious takeover of previously owned ENS names

Impact A user who owns an ENS domain can set a "trapdoor", allowing them to transfer ownership to another user, and later regain ownership without the new owner's consent or awareness. Patches A new ENS deployment is being rolled out that fixes this vulnerability in the ENS registry. The registry...

8.7CVSS3.5AI score0.01181EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/01/24 3:27 p.m.81 views

Remote Code Execution in Angular Expressions

Impact The vulnerability, reported by GoSecure Inc, allows Remote Code Execution, if you call expressions.compileuserControlledInput where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the...

8.8CVSS3.1AI score0.02393EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2019/08/21 4:15 p.m.81 views

Pallets Werkzeug Insufficient Entropy

Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id...

7.5CVSS7.3AI score0.02288EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/16 7:56 p.m.81 views

Security feature bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated

A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2...

7.5CVSS2.2AI score0.09832EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/16 5:44 p.m.81 views

Bouncy Castle has a flaw in the Low-level interface to RSA key pair generator

Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 bet...

7.5CVSS3.7AI score0.03622EPSS
Exploits0References23Affected Software3
Github Security Blog
Github Security Blog
added 2025/04/16 7:22 p.m.80 views

golang.org/x/net vulnerable to Cross-site Scripting

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

6.5CVSS6.8AI score0.00478EPSS
Exploits0References7Affected Software1
Total number of security vulnerabilities5000