Lucene search
K
GithubMost viewed

33225 matches found

Github Security Blog
Github Security Blog
•added 2025/04/16 7:22 p.m.•80 views

golang.org/x/net vulnerable to Cross-site Scripting

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

6.5CVSS6.8AI score0.00478EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2024/05/16 9:33 a.m.•80 views

RunGptLLM class in LlamaIndex has a command injection

A command injection vulnerability exists in the RunGptLLM class of the llamaindex library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models LLMs. The vulnerability arises from the improper use of the eval function, allowing a malicious or compromised...

8.8CVSS8AI score0.02118EPSS
Exploits1References4Affected Software2
Github Security Blog
Github Security Blog
•added 2024/03/22 11:54 p.m.•80 views

SSRF Vulnerability on assetlinks_check(act_name, well_knowns)

Summary While examining the "App Link assetlinks.json file could not be found" vulnerability detected by MobSF, we, as the Trendyol Application Security team, noticed that a GET request was sent to the "/.well-known/assetlinks.json" endpoint for all hosts written with "android:host". In the...

7.5CVSS7.2AI score0.00712EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
•added 2024/02/21 11:33 p.m.•80 views

org.postgresql:postgresql vulnerable to SQL Injection via line comment generation

Impact SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value. There is no vulnerability in the driver when using the default query mode. Users that do not overri...

10CVSS8.1AI score0.0481EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2024/02/10 6:30 a.m.•80 views

angular vulnerable to super-linear runtime due to backtracking

This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of...

7.5CVSS6.9AI score0.01891EPSS
Exploits1References8Affected Software3
Github Security Blog
Github Security Blog
•added 2023/10/25 6:32 p.m.•80 views

Command Injection in pip when used with Mercurial

When installing a package from a Mercurial VCS URL, e.g. pip install hg+..., with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the hg clone call e.g. --config. Controlling the Mercurial configuration can modify how and which...

5.5CVSS7.1AI score0.00476EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
•added 2023/10/17 12:41 p.m.•80 views

github.com/kumahq/kuma affected by CVE-2023-44487

Impact Envoy and Go HTTP/2 protocol stack is vulnerable to the "Rapid Reset" class of exploits, which send a sequence of HEADERS frames optionally followed by RSTSTREAM frames. This can be exercised if you use the builtin gateway and receive untrusted http2 traffic. Patches...

7.5CVSS6.8AI score0.99999EPSS
Exploits19References11Affected Software1
Github Security Blog
Github Security Blog
•added 2023/06/13 6:30 p.m.•80 views

nuxt Code Injection vulnerability

he Nuxt dev server between versions 3.4.0 and 3.4.3 is vulnerable to code injection when it is exposed publicly...

9.8CVSS7.4AI score0.58648EPSS
Exploits2References7Affected Software1
Github Security Blog
Github Security Blog
•added 2023/05/23 7:55 p.m.•80 views

Insufficient validation when decoding a Socket.IO packet

Impact A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. TypeError: Cannot convert object to primitive value at Socket.emit node:events:507:25 at .../nodemodules/socket.io/lib/socket.js:531:14 Patches A fix has been...

7.5CVSS7.2AI score0.01059EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2023/05/16 6:30 p.m.•80 views

Jenkins HashiCorp Vault Plugin has improper masking of credentials

Jenkins HashiCorp Vault Plugin 360.v0a1c04cf807d and earlier does not properly mask i.e., replace with asterisks credentials printed in the build log from Pipeline steps like sh and bat, when both of the following conditions are met: - The credentials are printed in build steps executing on an...

7.5CVSS6.6AI score0.00601EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/14 1:41 a.m.•80 views

Denial of service in ASP.NET Core

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548...

7.5CVSS2.6AI score0.08386EPSS
Exploits0References7Affected Software6
Github Security Blog
Github Security Blog
•added 2022/05/14 12:58 a.m.•80 views

Cross-site Scripting in wicket-jquery-ui

In wicket-jquery-ui = 6.29.0, = 7.10.1, = 8.0.0-M9.1, JS code created in WYSIWYG editor will be executed on display...

6.1CVSS1.3AI score0.0084EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2022/04/13 12:0 a.m.•80 views

Stored XSS vulnerability in Jenkins Git Parameter Plugin

Jenkins Git Parameter Plugin 0.9.15 and earlier does not escape the name and description of Git parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS5.3AI score0.00802EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2022/02/10 11:32 p.m.•80 views

DOM-based cross-site scripting in Froala Editor

Froala WYSIWYG HTML Editor is a lightweight WYSIWYG HTML Editor written in JavaScript that enables rich text editing capabilities for web applications. A DOM-based cross-site scripting XSS vulnerability exists in versions before 3.2.3 because HTML code in the editor is not correctly sanitized whe...

6.1CVSS1.2AI score0.01847EPSS
Exploits3References8Affected Software1
Github Security Blog
Github Security Blog
•added 2022/02/09 12:45 a.m.•80 views

Server-side request forgery (SSRF) in Apache XmlGraphics Commons

Apache XmlGraphics Commons 2.4 is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests...

8.2CVSS4.6AI score0.0665EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
•added 2021/12/02 5:52 p.m.•80 views

Unsafe HTTP Redirect in Puppet Agent and Puppet Server

A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007...

9.8CVSS0.3AI score0.01328EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/08/23 7:42 p.m.•80 views

CKEditor 4 vulnerabilities in versions <4.16.1

Details see: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc CVE-2021-37695 https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-6226-h7ff-ch6c CVE-2021-32808 https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7889-rm5j-hpgg CVE-2021-32809 Patch...

5.4CVSS1.6AI score0.01188EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2021/08/02 5:26 p.m.•80 views

Out-of-bounds Write in ChakraCore

Chakra Scripting Engine Memory Corruption Vulnerability This CVE ID is unique from CVE-2020-17054...

8.1CVSS7.4AI score0.01525EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/06/29 9:13 p.m.•80 views

Shallow copy bug in geth

Impact This is a Consensus vulnerability, which can be used to cause a chain-split where vulnerable nodes reject the canonical chain. Geth’s pre-compiled dataCopy at 0x00...04 contract did a shallow copy on invocation. An attacker could deploy a contract that - writes X to an EVM memory region R,...

7.1CVSS6.8AI score0.01081EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/06/18 6:44 p.m.•80 views

Remote Code Execution via traversal in TAL expressions

Impact Most Python modules are not available for using in TAL expressions that you can add through-the-web, for example in Zope Page Templates. This restriction avoids file system access, for example via the 'os' module. But some of the untrusted modules are available indirectly through Python...

8.8CVSS2.4AI score0.01843EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
•added 2021/06/16 5:51 p.m.•80 views

Arbitrary code execution in Apache Druid

Apache Druid allows users to read data from other database systems using JDBC. This functionality is to allow trusted users with the proper permissions to set up lookups or submit ingestion tasks. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker...

8.8CVSS4.4AI score0.22588EPSS
Exploits1References13Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/18 1:53 a.m.•80 views

Cross-site Scripting in docsify

docsify prior to 4.11.4 is susceptible to Cross-site Scripting XSS. Docsify.js uses fragment identifiers parameters after sign to load resources from server-side .md files. Due to lack of validation here, it is possible to provide external URLs after the // domain.com///attacker.com and render...

6.1CVSS6.1AI score0.045EPSS
Exploits5References8Affected Software1
Github Security Blog
Github Security Blog
•added 2020/07/22 11:7 p.m.•80 views

Possible pod name collisions in jupyterhub-kubespawner

Impact What kind of vulnerability is it? Who is impacted? JupyterHub deployments using: - KubeSpawner = 0.11.1 e.g. zero-to-jupyterhub 0.9.0 and - enabled namedservers not default, and - an Authenticator that allows: - usernames with hyphens or other characters that require escape e.g. user-hyphe...

8.1CVSS0.3AI score0.00889EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2020/07/13 9:34 p.m.•80 views

Command Injection in standard-version

GitHub Security Lab GHSL Vulnerability Report: GHSL-2020-111 The GitHub Security Lab team has identified a potential security vulnerability in standard-version. Summary The standardVersion function has a command injection vulnerability. Clients of the standard-version library are unlikely to be...

1.3AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2020/05/26 3:11 p.m.•80 views

Ability to forge per-form CSRF tokens in Rails

It is possible to, given a global CSRF token such as the one present in the authenticitytoken meta tag, forge a per-form CSRF token for any action for that session. Impact ------ Given the ability to extract the global CSRF token, an attacker would be able to construct a per-form CSRF token for...

4.3CVSS5.3AI score0.01673EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
•added 2020/05/13 11:29 p.m.•80 views

Insecure Deserialization in Backend User Settings in TYPO3 CMS

It has been discovered that backend user settings in $BEUSER-uc are vulnerable to insecure deserialization. In combination with vulnerabilities of 3rd party components this can lead to remote code execution. A valid backend user account is needed to exploit this vulnerability. Update to TYPO3...

8.8CVSS3.3AI score0.0199EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
•added 2020/02/18 6:59 p.m.•80 views

Relative Path Traversal (CWE-23) in chunked uploads in oneup/uploader-bundle

Impact The vulnerability was identified in the web service for a chunked file upload. While the names of the POST parameters vary with the used frontend, their values are always used in the same way to build a path where the chunks are stored and assembled temporarily. By not validating these...

8.8CVSS0.9AI score0.03929EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2020/01/31 6:0 p.m.•80 views

XML external entity (XXE) processing ('external-parameter-entities' feature was not fully disabled))

Due to an incomplete fix for CVE-2019-9658, checkstyle was still vulnerable to XML External Entity XXE Processing. Impact User: Build Maintainers This vulnerability probably doesn't impact Maven/Gradle users as, in most cases, these builds are processing files that are trusted, or pre-vetted by a...

5.3CVSS0.6AI score0.03676EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
•added 2020/01/30 9:21 p.m.•80 views

Password Hashing: Do not use MD5

Impact User passwords are stored in the database using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore, the hashes are salted using the username instead of a random salt, causing hashes for users with the same username and password to collide which is problemati...

8.1CVSS0.7AI score0.00626EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2020/01/27 7:28 p.m.•80 views

Request smuggling is possible when both chunked TE and content length specified

Impact Request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle alone \n as a headers separator. Patches https://github.com/ktorio/ktor/pull/1547 Workarounds None except migrating to a better proxy. References...

7.5CVSS0.7AI score0.00762EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
•added 2019/12/02 6:15 p.m.•80 views

Duplicate Advisory: possible DoS caused by malformed signature decoding in Pure-Python ECDSA

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pwfw-mgfj-7g3g. This link is maintained to preserve external references...

7.5CVSS7.7AI score0.02505EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2019/12/02 6:9 p.m.•80 views

User enumeration leak using switch user functionality in Symfony

An issue was discovered in Symfony 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7. The ability to enumerate users was possible due to different handling depending on whether the user existed when making unauthorized attempts to use the switch users functionality. This is related to symfony/security...

5.3CVSS1.4AI score0.01552EPSS
Exploits0References8Affected Software2
Github Security Blog
Github Security Blog
•added 2018/12/12 3:52 p.m.•80 views

Exposure of Sensitive Information to an Unauthorized Actor in urllib3

urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect i.e., a redirect that differs in host, port, or scheme. This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext...

9.8CVSS8.8AI score0.04488EPSS
Exploits0References19Affected Software1
Github Security Blog
Github Security Blog
•added 2018/07/12 8:29 p.m.•80 views

Paramiko not properly checking authentication before processing other requests

transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as...

9.8CVSS9.1AI score0.27065EPSS
Exploits10References24Affected Software1
Github Security Blog
Github Security Blog
•added 2024/03/20 5:59 p.m.•79 views

Moby's external DNS requests from 'internal' networks could lead to data exfiltration

Moby is an open source container framework originally developed by Docker Inc. as Docker. It is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. As a batteries-included container runtime, Moby comes with a built-in networking implementati...

7.5CVSS6.6AI score0.0075EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2023/11/28 6:30 p.m.•79 views

Apache Tomcat Improper Input Validation vulnerability

Improper Input Validation vulnerability in Apache Tomcat. Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82, and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could...

7.5CVSS7.5AI score0.02651EPSS
Exploits0References15Affected Software2
Github Security Blog
Github Security Blog
•added 2023/06/06 2:1 a.m.•79 views

Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//)

The issue involves a security vulnerability in Vite where the server options can be bypassed using a double forward slash //. This vulnerability poses a potential security risk as it can allow unauthorized access to sensitive directories and files. Steps to Fix. Update Vite: Ensure that you are...

7.5CVSS7.4AI score0.03152EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2023/04/04 3:30 p.m.•79 views

Etcd-io Improper Authentication vulnerability

Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function. This has been fixed in v.3.5.8 and was also backported to 3.4 and 3.5...

9.8CVSS9AI score0.01605EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2022/12/19 9:9 p.m.•79 views

Cortex's Alertmanager can expose local files content via specially crafted config

Impact A local file inclusion vulnerability exists in Cortex versions v1.13.0, v1.13.1 and v1.14.0, where a malicious actor could remotely read local files as a result of parsing maliciously crafted Alertmanager configurations when submitted to the Alertmanager Set Configuration API. Only users o...

6.5CVSS6AI score0.00753EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2022/09/06 12:0 a.m.•79 views

snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow...

6.5CVSS7.2AI score0.01642EPSS
Exploits0References8Affected Software7
Github Security Blog
Github Security Blog
•added 2022/08/27 12:0 a.m.•79 views

Keycloak allows anyone to register new security device or key for any user by using WebAuthn password-less login flow

A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow...

7.5CVSS7.3AI score0.0091EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/24 10:1 p.m.•79 views

golang.org/x/crypto/ssh NULL Pointer Dereference vulnerability

A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers. An attacker can craft an authentication request message for the gssapi-with-mic method which will cause...

7.5CVSS7.4AI score0.03228EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/17 12:1 a.m.•79 views

Shell command injection in gitea

Gitea before 1.16.7 does not escape the shell out for git fetch remote allowing for shell command injection...

7.5CVSS8.1AI score0.87678EPSS
Exploits8References7Affected Software1
Github Security Blog
Github Security Blog
•added 2022/04/27 9:9 p.m.•79 views

Path traversal in the OWASP Enterprise Security API

Impact The default implementation of Validator.getValidDirectoryPathString, String, File, boolean may incorrectly treat the tested input string as a child of the specified parent directory. This potentially could allow control-flow bypass checks to be defeated if an attack can specify the entire...

9.8CVSS7.1AI score0.02674EPSS
Exploits2References10Affected Software1
Github Security Blog
Github Security Blog
•added 2022/04/26 9:19 p.m.•79 views

Potential Captcha Validate Bypass in flask-session-captcha

Impact flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. The captcha.validate function would return None if passed no value e.g. by submitting a request with an empty form. If implementing users were checking th...

5.3CVSS0.6AI score0.01126EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2022/04/07 12:0 a.m.•79 views

Prototype Pollution in async

A vulnerability exists in Async through 3.2.1 for 3.x and through 2.6.3 for 2.x fixed in 3.2.2 and 2.6.4, which could let a malicious user obtain privileges via the mapValues method...

7.8CVSS4.7AI score0.03346EPSS
Exploits1References15Affected Software1
Github Security Blog
Github Security Blog
•added 2022/02/22 9:51 p.m.•79 views

Use after free in Animation

CVE-2022-0609: Use after free in Animation - https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop14.html - https://vulners.com/cve/CVE-2022-0609 Google is aware of reports that exploits for CVE-2022-0609 exist in the wild. The exploitation is known to be easy. The attac...

8.8CVSS9.2AI score0.23546EPSS
Exploits0References5Affected Software9
Github Security Blog
Github Security Blog
•added 2021/11/03 5:33 p.m.•79 views

Reflected cross-site scripting in vaadin-menu-bar webjar resources in Vaadin 14

Missing output sanitization in test sources in org.webjars.bowergithub.vaadin:vaadin-menu-bar versions 1.0.0 through 1.2.0 Vaadin 14.0.0 through 14.4.4 allows remote attackers to execute malicious JavaScript in browser by opening crafted URL...

6.1CVSS6.4AI score0.00955EPSS
Exploits1References5Affected Software2
Github Security Blog
Github Security Blog
•added 2021/08/25 2:48 p.m.•79 views

XStream is vulnerable to a Remote Command Execution attack

Impact The vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...

8.5CVSS8AI score0.98124EPSS
Exploits6References18Affected Software1
Github Security Blog
Github Security Blog
•added 2021/07/28 6:58 p.m.•79 views

Out-of-bounds Write in ChakraCore

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828,...

7.6CVSS2.8AI score0.09363EPSS
Exploits0References3Affected Software1
Total number of security vulnerabilities5000