Lucene search
K
GithubMost viewed

33225 matches found

Github Security Blog
Github Security Blog
added 2020/03/24 3:7 p.m.78 views

Malicious package may avoid detection in python auditing

Python Auditing Vulnerability Demonstrates how a malicious package can insert a load-time poison pill to avoid detection by tools like Safety. Tools that are designed to find vulnerable packages can not ever run in the same python environment that they are trying to protect. Usage Install safety,...

5CVSS1.5AI score0.00366EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/03/05 10:9 p.m.78 views

SMTP Injection in PHPMailer

Impact Attackers could inject arbitrary SMTP commands via by exploiting the fact that valid email addresses may contain line breaks, which are not handled correctly in some contexts. Patches Fixed in 5.2.14 in this commit. Workarounds Manually strip line breaks from email addresses before passing...

5CVSS9AI score0.01988EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
added 2020/02/04 10:38 p.m.78 views

Deserialization of Untrusted Data in Apache Olingo

Apache Olingo versions 4.0.0 to 4.6.0 provide the AbstractService class, which is public API, uses ObjectInputStream and doesn't check classes being deserialized. If an attacker can feed malicious metadata to the class, then it may result in running attacker's code in the worse case...

10CVSS4.8AI score0.03621EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/01/28 10:26 p.m.78 views

Unrestricted upload of file with dangerous type in Apache Solr

The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLEREMOTEJMXOPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file from the affected releases, then JMX monitoring will be enabled and...

9.8CVSS1.2AI score0.21866EPSS
Exploits4References11Affected Software1
Github Security Blog
Github Security Blog
added 2019/12/18 7:1 p.m.78 views

Possible Information Leak / Session Hijack Vulnerability in Rack

There's a possible information leak / session hijack vulnerability in Rack. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that...

6.3CVSS0.5AI score0.03687EPSS
Exploits0References13Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/18 6:6 p.m.78 views

Spring Security OAuth vulnerable to remote code execution (RCE) via specially crafted request using whitelabel views

When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the responsetype parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for responsetype...

8.8CVSS3.9AI score0.79176EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 7:2 p.m.77 views

Traefik: SNICheck ignores wildcard TLSOptions mappings, allowing domain-fronted mTLS bypass

Summary There is a high severity vulnerability in Traefik's domain-fronting protection SNICheck that allows an unauthenticated client to bypass mutual TLS enforced through wildcard router TLSOptions. When a router uses a wildcard host rule such as Host.example.com with stricter TLS options for...

10CVSS5.1AI score0.00245EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/09 5:46 p.m.77 views

Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig

Denial of Service via proto Key in mergeConfig Summary The mergeConfig function in axios crashes with a TypeError when processing configuration objects containing proto as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse, causing...

7.5CVSS5.8AI score0.02591EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2025/06/13 9:30 a.m.77 views

Salt allows arbitrary directory creation or file deletion

Arbitrary directory creation or file deletion. In the findfile method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgtenv” variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to...

6.3CVSS7AI score0.00143EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/10/11 3:30 p.m.77 views

JSONPath Plus Remote Code Execution (RCE) Vulnerability

Versions of the package jsonpath-plus before 10.0.7 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node. Note: There were several attempts to fix it in versions...

9.8CVSS9.7AI score0.09076EPSS
Exploits4References11Affected Software2
Github Security Blog
Github Security Blog
added 2024/07/08 9:31 p.m.77 views

Undertow Denial of Service vulnerability

A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource...

7.5CVSS6.8AI score0.02716EPSS
Exploits0References16Affected Software1
Github Security Blog
Github Security Blog
added 2024/07/05 8:6 p.m.77 views

Certifi removes GLOBALTRUST root certificate

Certifi 2024.07.04 removes root certificates from "GLOBALTRUST" from the root store. These are in the process of being removed from Mozilla's trust store. GLOBALTRUST's root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues...

7.5CVSS6.8AI score0.01049EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2024/07/01 3:32 p.m.77 views

ag-grid packages vulnerable to Prototype Pollution

ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

6.3CVSS8.2AI score0.00827EPSS
Exploits1References10Affected Software3
Github Security Blog
Github Security Blog
added 2023/10/26 6:30 p.m.77 views

Elasticsearch vulnerable to stack overflow in the search API

A flaw was discovered in Elasticsearch affecting the search API that allowed a specially crafted query string to cause a stack overflow and ultimately a denial of service...

7.5CVSS7.4AI score0.60679EPSS
Exploits4References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/08/24 3:31 p.m.77 views

Spring-Kafka has Java Deserialization vulnerability When Improperly Configured

In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deserialization exception record headers...

7.8CVSS6.7AI score0.02162EPSS
Exploits2References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/26 4:3 p.m.77 views

Arbitrary file read via SQL injection

Impact It is possible for a user having access to the SQL Manager Advanced Options - Database to arbitrary read any file on the Operating system when using SQL function LOADFILE in a SELECT request. So It can access to critical information. Patches The patch will be on PS 8.0.4 and PS 1.7.8.9...

7.7CVSS6.9AI score0.00856EPSS
Exploits2References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/01/25 10:2 p.m.77 views

JWT audience claim is not verified

Impact All versions of Argo CD starting with v1.8.2 are vulnerable to an improper authorization bug causing the API to accept certain invalid tokens. OIDC providers include an aud audience claim in signed tokens. The value of that claim specifies the intended audiences of the token i.e. the servi...

9CVSS8.7AI score0.00879EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/01/14 12:30 a.m.77 views

golang.org/x/net/http2/h2c vulnerable to request smuggling attack

A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be...

7.5CVSS7.5AI score0.01814EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/14 9:42 p.m.77 views

.NET Remote Code Execution Vulnerability

Microsoft Security Advisory CVE-2022-41089: .NET Remote Code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 3.1, .NET 6.0., and .NET 7.0. This advisory also provides guidance on what developers can ...

7.8CVSS9.2AI score0.0113EPSS
Exploits0References7Affected Software3
Github Security Blog
Github Security Blog
added 2022/07/06 7:27 p.m.77 views

Improper handling of email input

Impact An attacker can pass a compromised input to the e-mail signin endpoint that contains some malicious HTML, tricking the e-mail server to send it to the user, so they can perform a phishing attack. Eg.: [email protected], Before signing in, claim your money!. This was previously sent to...

7.1CVSS6.1AI score0.01051EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/16 12:8 a.m.77 views

pgjdbc Arbitrary File Write Vulnerability

Overview The connection properties for configuring a pgjdbc connection are not meant to be exposed to an unauthenticated attacker. While allowing an attacker to specify arbitrary connection properties could lead to a compromise of a system, that's a defect of an application that allows...

8.1AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/15 12:41 a.m.77 views

Directory Traversal in Docker

Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a 1 "docker load" operation or 2 "registry communications."...

6.4CVSS8.1AI score0.02527EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/10 11:6 p.m.77 views

Expression Language Injection in Netflix Conductor

Netflix Conductor uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being...

9.8CVSS8.9AI score0.02006EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/12 10:33 p.m.77 views

Unbounded memory usage on exposed HTTP/2 (non-gRPC) endpoints

Impact The net/http Go package has a reported vulnerability tracked under CVE-2021-44716 which allows attacker controlled HTTP/2 requests to trigger unbounded memory usage in HTTP/2 endpoints. gRPC endpoints are not vulnerable as they rely on their own HTTP/2 implementation instead of the net/htt...

7.5CVSS0.1AI score0.03958EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/06 10:48 p.m.77 views

jquery.terminal self XSS on user input

Impact This is low impact and limited XSS, because code for XSS payload is always visible, but attacker can use other techniques to hide the code the victim sees. Also if the application use execHash option and execute code from URL the attacker can use this URL to execute his code. The scope is...

5.4CVSS0.7AI score0.01037EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/04 4:14 p.m.77 views

Improper Input Validation and Injection in Apache Log4j2

Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to an attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JN...

8.5CVSS4.7AI score0.97906EPSS
Exploits9References17Affected Software2
Github Security Blog
Github Security Blog
added 2021/09/02 10:1 p.m.77 views

Prototype Pollution in Proto

This affects all versions of package Proto. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function...

7.5CVSS4.7AI score0.00861EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/02 5:28 p.m.77 views

Remote code execution in ChakraCore

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1172, CVE-2020-1180...

9.3CVSS2.5AI score0.02062EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/02 5:2 p.m.77 views

OS Command Injection in OpenTSDB

A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. tsd/GraphHandler.java attempted to prevent comma...

9.8CVSS9.8AI score0.8533EPSS
Exploits5References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/26 9:23 p.m.77 views

Cross-site scripting in anchorme

All versions of package anchorme are vulnerable to Cross-site Scripting XSS via the main functionality...

6.1CVSS4.1AI score0.01164EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/23 5:53 p.m.77 views

Inconsistent Interpretation of HTTP Requests in github.com/gin-gonic/gin

When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header. This affects all versions of package github.com/gin-gonic/gin under 1.7.7...

7.1CVSS6.6AI score0.01316EPSS
Exploits0References18Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/10 5:22 p.m.77 views

Duplicate Advisory: Path Traversal in Zope

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5pr9-v234-jw36. This link is maintained to preserve external references. Original Description Zope is an open-source web application server. This advisory extends the previous advisory at...

8.8CVSS8.8AI score0.01574EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/28 3:54 p.m.77 views

StaticFile.fromUrl can leak presence of a directory

Impact StaticFile.fromUrl can leak the presence of a directory on a server when the URL scheme is not file://, and the URL points to a fetchable resource under its scheme and authority. The function returns FNone, indicating no resource, if url.getFile is a directory, without first checking the...

5.8CVSS1.6AI score0.01395EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/27 6:44 p.m.77 views

Denial of service in Tendermint

Description Denial of Service 1 Tendermint 0.33.2 and earlier does not limit the number of P2P connection requests. For each p2p connection, Tendermint allocates XXX bytes. Even though this memory is garbage collected once the connection is terminated due to duplicate IP or reaching a maximum...

4.3CVSS4.8AI score0.01336EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/13 10:30 p.m.77 views

Apache Livy Cross-site scripting (XSS) in session names

Livy server version 0.7.0-incubating only is vulnerable to a cross site scripting issue in the session name. A malicious user could use this flaw to access logs and results of other users' sessions and run jobs with their privileges. This issue is fixed in Livy 0.7.1-incubating...

5.4CVSS5AI score0.02816EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/22 4:20 p.m.77 views

Deserialization of Untrusted Data in Archive_Tar

ArchiveTar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. See: https://github.com/pear/ArchiveTar/issues/33...

7.8CVSS7.6AI score0.47493EPSS
Exploits2References14Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/12 9:33 p.m.77 views

Uncontrolled Resource Consumption in Apache Thrift

In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service...

7.5CVSS2.8AI score0.06779EPSS
Exploits0References111Affected Software1
Github Security Blog
Github Security Blog
added 2020/12/02 6:28 p.m.77 views

Buffer not correctly recycled in Gzip Request inflation

Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see...

5.8CVSS1.4AI score0.08113EPSS
Exploits0References228Affected Software1
Github Security Blog
Github Security Blog
added 2020/10/27 7:47 p.m.77 views

Heap buffer overflow in CefSharp

Impact A memory corruption bugHeap overflow in the FreeType font rendering library. This can be exploited by attackers to execute arbitrary code by using specially crafted fonts with embedded PNG images . As per https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/ Goog...

9.6CVSS1AI score0.5063EPSS
Exploits2References19Affected Software4
Github Security Blog
Github Security Blog
added 2020/03/30 7:45 p.m.77 views

regular expression denial-of-service (ReDoS) in Bleach

Impact bleach.clean behavior parsing style attributes could result in a regular expression denial of service ReDoS. Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean..., attributes='a': 'style'. Patches 3.1.4 Workarounds d...

7.5CVSS0.4AI score0.00718EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/02/26 7:55 p.m.77 views

Users able to query database metadata in Apache Superset

In Apache Incubator Superset before 0.31 user could query database metadata information from a database he has no access to, by using a specially crafted complex query...

5.3CVSS3.8AI score0.02779EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/02/13 10:21 p.m.77 views

XSS in dojox due to insufficient escape in dojox.xmpp.util.xmlEncode

Impact What kind of vulnerability is it? Who is impacted? Potential XSS vulnerability for users of dojox/xmpp and dojox/dtl. Patches Has the problem been patched? What versions should users upgrade to? Yes, patches are available for the 1.11 through 1.16 versions. Users should upgrade to one of...

6.1CVSS1.3AI score0.01853EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2020/02/04 10:37 p.m.77 views

Improper input validation in Apache Olingo

The AsyncResponseWrapperImpl class in Apache Olingo versions 4.0.0 to 4.6.0 reads the Retry-After header and passes it to the Thread.sleep method without any check. If a malicious server returns a huge value in the header, then it can help to implement a DoS attack...

7.5CVSS3.4AI score0.02067EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/01/21 8:59 p.m.77 views

CSRF attack via CORS preflight requests with Spring MVC or Spring WebFlux

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not inclu...

5.3CVSS2.6AI score0.02382EPSS
Exploits1References11Affected Software2
Github Security Blog
Github Security Blog
added 2019/10/22 8:19 p.m.77 views

Improper Input Validation in Automattic Mongoose

Automattic Mongoose through 5.7.4 allows attackers to bypass access control in some applications because any query object with a bsontype attribute is ignored. For example, adding "bsontype":"a" can sometimes interfere with a query filter. NOTE: this CVE is about Mongoose's failure to work around...

9.1CVSS8.7AI score0.0166EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2019/04/18 2:27 p.m.77 views

Apache Tomcat OS Command Injection vulnerability

When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by...

9.3CVSS8.1AI score0.99652EPSS
Exploits9References50Affected Software1
Github Security Blog
Github Security Blog
added 2019/02/18 11:58 p.m.77 views

chromedriver Downloads Resources over HTTP

Affected versions of chromedriver insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. This may result in arbitrary code execution if an attacker intercepts and modifies the downloaded binary fil...

8.1CVSS8.1AI score0.01114EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 12:34 a.m.76 views

tmp has Path Traversal via unsanitized prefix/postfix that enables directory escape

Summary The tmp npm package contains a path traversal vulnerability that allows escaping the intended temporary directory when untrusted data flows into the prefix, postfix, or dir options. By embedding traversal sequences e.g., ../ or path separators in these parameters, attackers can cause file...

8.7CVSS5.7AI score0.00354EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/14 3:32 p.m.76 views

Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.

An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java BC Java before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of th...

7.5CVSS6.7AI score0.011EPSS
Exploits0References9Affected Software10
Github Security Blog
Github Security Blog
added 2024/05/03 5:29 p.m.76 views

aiohttp vulnerable to Denial of Service when trying to parse malformed POST requests

Summary An attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further requests. Impact An attacker can stop the application from serving requests after sending a single...

7.5CVSS6.9AI score0.01085EPSS
Exploits0References8Affected Software1
Total number of security vulnerabilities5000