Lucene search
K
GithubMost viewed

33225 matches found

Github Security Blog
Github Security Blog
added 2021/07/26 9:21 p.m.79 views

OS Command Injection in Locutus

php/exec/escapeshellarg in Locutus PHP through 2.0.11 allows an attacker to achieve code execution...

9.8CVSS4AI score0.02931EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/19 9:21 p.m.79 views

HashiCorp Consul L7 deny intention results in an allow action

In HashiCorp Consul before 1.10.1 and Consul Enterprise, xds can generate a situation where a single L7 deny intention with a default deny policy results in an allow action...

7.5CVSS7.2AI score0.0174EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/01 9:38 p.m.79 views

Insertion of Sensitive Information into Log File in ansible

A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by nolog feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to dat...

5.5CVSS1.2AI score0.00347EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/24 4:57 p.m.79 views

Improper Sanitizing of plugin names in helm

Impact Security researchers at Trail of Bits discovered that plugin names are not sanitized properly. As a result, a malicious plugin author could use characters in a plugin name that would result in unexpected behavior, such as duplicating the name of another plugin or spoofing the output to hel...

4CVSS5.1AI score0.00962EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2021/05/18 1:27 a.m.79 views

Puma's Keepalive Connections Causing Denial Of Service

This vulnerability is related to CVE-2019-16770. Impact The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same process...

7.5CVSS1.1AI score0.01599EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/07 4:47 p.m.79 views

Cross-site scripting in bootstrap-select

bootstrap-select before 1.13.6 allows Cross-Site Scripting XSS. It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser...

6.1CVSS5.4AI score0.01738EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/06 6:54 p.m.79 views

Authentication bypass in MAGMI

MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. A remote attacker can trigger this connection failure if the Mysql setting maxconnections default 151 is lower than Apache or...

9.8CVSS9.1AI score0.23897EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/05 7:48 p.m.79 views

Possible Open Redirect Vulnerability in Action Pack

There is a possible Open Redirect Vulnerability in Action Pack. Versions Affected: = v6.1.0.rc2 Not affected: v6.1.0.rc2 Fixed Versions: 6.1.3.2 Impact ------ This is similar to CVE-2021-22881. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host...

6.1CVSS6.1AI score0.01224EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/27 8:9 p.m.79 views

Authentication bypass for specific endpoint

The ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the @Secured annotation, the /derby endpoint is not protected and can be openly accessed by unauthenticated users. For...

8.6CVSS1.5AI score0.64697EPSS
Exploits2References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/22 4:22 p.m.79 views

Improper Certificate Validation in oauth ruby gem

lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby does not verify server X.509 certificates if a certificate bundle cannot be found, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information...

7.4CVSS5.2AI score0.00746EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/11 10:26 p.m.79 views

react-dev-utils OS Command Injection in function `getProcessForPort`

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...

6.8CVSS3.2AI score0.03289EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/02/03 7:16 p.m.79 views

Code injection in Apache Ant

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the...

7.5CVSS2.7AI score0.08235EPSS
Exploits0References22Affected Software1
Github Security Blog
Github Security Blog
added 2020/11/23 7:48 p.m.79 views

Local File Inclusion by unauthenticated users

Impact An attacker can exploit this vulnerability to read local files on an October CMS server. The vulnerability is exploitable by unauthenticated users via a specially crafted request. Patches Issue has been patched in Build 469 v1.0.469 and v1.1.0. Workarounds Apply...

7.5CVSS1.5AI score0.01678EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/10/16 12:51 a.m.79 views

Ciphertext Malleability Issue in Tink Java

Impact Tink's Java version before 1.5 under some circumstances allowed attackers to change the key ID part of the ciphertext, resulting in the attacker creating a second ciphertext that will decrypt to the same plaintext. This can be a problem in particular in the case of encrypting with a...

5.3CVSS1.2AI score0.0047EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/10/08 9:38 p.m.79 views

Command Injection in jison

Withdrawn: This vulnerability is not present in the released npm package. Rather the vulnerable code is part of the repo, but not part of the package. See linked hackerone report for more details. Insufficient input validation in npm package jison = 0.4.18 may lead to OS command injection attacks...

10CVSS2AI score0.03633EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/18 2:44 p.m.79 views

Deserialization of untrusted data in Jackson Databind

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool aka xalan2...

8.1CVSS3.2AI score0.08072EPSS
Exploits0References15Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/05 4:9 p.m.79 views

Django Rest Framework jwt allows obtaining new token from notionally invalidated token

An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows attackers with access to a notionally invalidated token to obtain a new, working token via the refresh endpoint, because the blacklist protection mechanism is incompatible with the token-refresh feature. NOTE: drf-jwt is a fork of...

9.1CVSS4.6AI score0.01257EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/05 4:9 p.m.79 views

django-nopassword stores secrets in cleartext

django-nopassword before 5.0.0 stores cleartext secrets in the database...

7.5CVSS1.6AI score0.00953EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/05/06 7:32 p.m.79 views

Command Injection in hot-formula-parser

Versions of hot-formula-parser prior to 3.0.1 are vulnerable to Command Injection. The package fails to sanitize values passed to the parse function and concatenates it in an eval call. If a value of the formula is supplied by user-controlled input it may allow attackers to run arbitrary commands...

9.8CVSS4.9AI score0.02148EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/01/31 6:0 p.m.79 views

Ability to switch channels via GET parameter enabled in production environments

Impact This vulnerability gives the ability to switch channels via the channelcode GET parameter in production environments. This was meant to be enabled only when %kernel.debug% is set to true. However, if no syliuschannel.debug is set explicitly in the configuration, the default value which is...

4.4CVSS2.9AI score0.00595EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.79 views

Arbitrary JavaScript Execution in bassmaster

A vulnerability exists in bassmaster = 1.5.1 that allows for an attacker to provide arbitrary JavaScript that is then executed server side via eval. Recommendation Update to bassmaster version 1.5.2 or greater...

10CVSS6.3AI score0.78582EPSS
Exploits6References8Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.79 views

Aescrypt does not sufficiently use random values

The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack...

7.5CVSS4.8AI score0.01148EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/25 11:30 p.m.78 views

Heimdall has an authorization bypass via path normalization mismatch

Summary Heimdall performs rule matching on the raw non-normalized request path, while downstream components may normalize dot-segments according to RFC 3986, Section 6.2.2.3. This discrepancy can result in heimdall authorizing a request for one path e.g., /user/../admin, or URL-encoded variants...

7.8CVSS5.4AI score0.00368EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2024/09/17 6:44 p.m.78 views

Vite's `server.fs.deny` is bypassed when using `?import&raw`

Summary The contents of arbitrary files can be returned to the browser. Details @fs denies access to files outside of Vite serving allow list. Adding ?import&raw to the URL bypasses this limitation and returns the file content if it exists. PoC sh $ npm create vite@latest $ cd vite-project/ $ npm...

4.8CVSS7AI score0.0103EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/08 4:45 p.m.78 views

CIRCL's Kyber: timing side-channel (kyberslash2)

Impact On some platforms, when an attacker can time decapsulation of Kyber on forged cipher texts, they could possibly learn parts of the secret key. Does not apply to ephemeral usage, such as when used in the regular way in TLS. Patches Patched in 1.3.7. References - kyberslash.cr.yp.to...

7.1AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/08/09 2:36 p.m.78 views

PrestaShop SQL manager vulnerability

Impact Remote code execution through SQL injection and arbitrary file write in back office Patches 1.7.8.10 8.0.5 8.1.1 Found by Truff via yeswehack Workarounds none References none...

9.8CVSS8.8AI score0.01342EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/10/13 12:0 p.m.78 views

Prototype pollution in webpack loader-utils

Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils prior to version 2.0.3 via the name variable in parseQuery.js...

9.8CVSS8.9AI score0.02601EPSS
Exploits1References16Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/18 11:10 p.m.78 views

Improper Verification of Cryptographic Signature in `node-forge`

Impact RSA PKCS1 v1.5 signature verification code is not properly checking DigestInfo for a proper ASN.1 structure. This can lead to successful verification with signatures that contain invalid structures but a valid digest. Patches The issue has been addressed in node-forge 1.3.0. For more...

5.3CVSS2.6AI score0.00875EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/16 12:0 a.m.78 views

CSRF vulnerability and missing permission checks in Jenkins Extended Choice Parameter Plugin allow SSRF

Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier does not perform a permission check on form validation methods. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, these form validation methods do not require POST requests,...

8.8CVSS3.7AI score0.00555EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/21 6:53 p.m.78 views

Incorrect Default Permissions in log4js

Impact Default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable in unix. This could cause problems if log files contain sensitive information. This would affect any users that have not supplied their own permissions for the files via the mode...

5.5CVSS0.3AI score0.00302EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/02 6:37 p.m.78 views

XML2Dict XML Entity Expansion Vulnerability

XXE vulnerability in 'XML2Dict' version 0.2.2 allows an attacker to cause a denial of service. The parse function does not properly restrict recursive entity references...

7.5CVSS7AI score0.01172EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/02 6:36 p.m.78 views

Craft CMS Cross-site Scripting Vulnerability

An issue was discovered in Craft CMS before 3.6.0. In some circumstances, a potential XSS vulnerability existed in connection with front-end forms that accepted user uploads...

6.1CVSS5.8AI score0.00987EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/24 8:16 p.m.78 views

Incorrect Authorization in ORY Oathkeeper

ORY Oathkeeper is an Identity & Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. When you make a request to an endpoint that requires the scope foo using an access token granted with that foo scope, introspection will be valid and that...

7.5CVSS0.4AI score0.01298EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/18 9:9 p.m.78 views

Path Traversal in Docker

Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an 1 image or 2 build in a Dockerfile...

8.6CVSS8.4AI score0.04923EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/11 12:4 a.m.78 views

Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI-Generator online generator

Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. This...

9.3CVSS0.5AI score0.00351EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/10 3:36 p.m.78 views

Prototype Pollution in swiper

Versions of the package swiper before 6.5.1 are susceptible to prototype pollution...

9.8CVSS2.5AI score0.022EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/07 4:6 p.m.78 views

Command Injection in ps-visitor

This affects all versions up to and including version 0.0.2 of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

9.8CVSS5.8AI score0.01336EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/22 4:16 p.m.78 views

Cross-Site Request Forgery in Vert.x-Web framework

Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of comparing the CSRF token in the request with the CSRF token in the cookie, it compares the CSRF token in the cookie against a CSRF token that is stored in the session. An attacker does not even need t...

8.8CVSS8.3AI score0.0058EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/18 7:55 p.m.78 views

Pillow Out-of-bounds Read

In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations...

7.1CVSS7.7AI score0.01498EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/02/10 2:31 a.m.78 views

Remote Code Execution in SCIMono

Impact It is possible for attacker to inject and execute java expression and compromising the availability and integrity of the system. Patches The issue was fixed on 0.0.19 version...

9.1CVSS6AI score0.09993EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/28 7:5 p.m.78 views

Potential DoS with NumberFilter conversion to integer values.

Impact Automatically generated NumberFilter instances, whose value was later converted to an integer, were subject to potential DoS from maliciously input using exponential format with sufficiently large exponents. Patches Version 2.4.0+ applies a MaxValueValidator with a a default limitvalue of...

7.5CVSS3.5AI score0.01797EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/04 6:1 p.m.78 views

DLL Injection in kerberos

Version of kerberos prior to 1.0.0 are vulnerable to DLL Injection. The package loads DLLs without specifying a full path. This may allow attackers to create a file with the same name in a folder that precedes the intended file in the DLL path search. Doing so would allow attackers to execute...

7.8CVSS5.8AI score0.00737EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/03 5:19 p.m.78 views

Reverse Tabnabbing in quill

Versions of quill prior to 1.3.7 are vulnerable to Reverse Tabnabbing. The package uses target='blank' in anchor tags, allowing attackers to access window.opener for the original page when opening links. This is commonly used for phishing attacks. Recommendation No fix is currently available...

4.8AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/08/28 9:24 p.m.78 views

Cross-Site Scripting in @novnc/novnc

Versions of @novnc/novnc prior to 0.6.2 are vulnerable to Cross-Site Scripting XSS. The package fails to validate input from the remote VNC server such as the VNC server name. This allows an attacker in control of the remote server to execute arbitrary JavaScript in the noVNC web page. It affects...

6.1CVSS6.1AI score0.0481EPSS
Exploits1References14Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/15 6:44 p.m.78 views

Improper Input Validation in jackson-databind

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10 and 2.8.11.5. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup...

9.8CVSS8.9AI score0.0459EPSS
Exploits0References23Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/10 8:2 p.m.78 views

Insecure Deserialization in Apache XML-RPC

An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC aka ws-xmlrpc library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issu...

9.8CVSS4.6AI score0.49285EPSS
Exploits2References15Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/05 4:13 p.m.78 views

Signature wrapping vulnerability in Spring Security

Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify an otherwise valid SAML response and append an...

8.8CVSS2.9AI score0.01199EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2020/05/13 11:40 p.m.78 views

Backend Same-Site Request Forgery in TYPO3 CMS

Meta CVSS v3.1: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C CWE-352 CWE-346 Problem It has been discovered that backend user interface and install tool are vulnerable to same-origin request forgery. A backend user can be tricked into interacting with a malicious resource an attacker...

8.8CVSS0.4AI score0.00699EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2020/05/06 8:49 p.m.78 views

Improper Certificate Validation in Apache Beam

The Apache Beam MongoDB connector in versions 2.10.0 to 2.16.0 has an option to disable SSL trust verification. However this configuration is not respected and the certificate verification disables trust verification in every case. This exclusion also gets registered globally which disables trust...

7.5CVSS2.4AI score0.01025EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/04/23 4:32 p.m.78 views

jackson-databind mishandles the interaction between serialization gadgets and typing

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory aka aries.transaction.jms...

8.8CVSS3.5AI score0.02959EPSS
Exploits0References13Affected Software1
Total number of security vulnerabilities5000