Lucene search
K
GithubMost viewed

33225 matches found

Github Security Blog
Github Security Blog
•added 2024/05/01 4:40 p.m.•76 views

XMLUnit for Java has Insecure Defaults when Processing XSLT Stylesheets

Impact When performing XSLT transformations XMLUnit for Java did not disable XSLT extension functions by default. Depending on the XSLT processor being used this could allow arbitrary code to be executed when XMLUnit is used to transform data with a stylesheet who's source can not be trusted. If...

4CVSS8.1AI score0.00216EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2024/01/19 9:30 p.m.•76 views

Arbitrary Code Execution in Pillow

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 which was about the expression parameter...

8.1CVSS7AI score0.01703EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
•added 2023/11/23 6:30 p.m.•76 views

Bouncy Castle Denial of Service (DoS)

Bouncy Castle for Java before 1.73 contains a potential Denial of Service DoS issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafte...

5.5CVSS7.1AI score0.00932EPSS
Exploits1References6Affected Software9
Github Security Blog
Github Security Blog
•added 2023/10/14 3:31 a.m.•76 views

pyminizip affected by zlib's integer overflow/heap based buffer overflow vulnerability due to vulnerable dependency

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. pyminizip uses version 1.2.11 of zlib's code...

9.8CVSS7.7AI score0.02918EPSS
Exploits0References15Affected Software1
Github Security Blog
Github Security Blog
•added 2023/09/26 7:35 p.m.•76 views

sing-box vulnerable to improper authentication in the SOCKS inbound

Impact This vulnerability allows specially crafted requests to bypass authentication, affecting all SOCKS inbounds with user authentication. Patches Update to sing-box 1.4.5 or 1.5.0-rc.5 and later versions. Workarounds Don't expose the SOCKS5 inbound to insecure environments...

9.8CVSS6.9AI score0.00679EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
•added 2023/03/23 7:49 p.m.•76 views

Argo CD authenticated but unauthorized users may enumerate Application names via the API

Impact All versions of Argo CD starting with v0.5.0 are vulnerable to an information disclosure bug allowing unauthorized users to enumerate application names by inspecting API error messages. An attacker could use the discovered application names as the starting point of another attack. For...

4.3CVSS5.3AI score0.00643EPSS
Exploits0References9Affected Software2
Github Security Blog
Github Security Blog
•added 2023/02/24 6:30 p.m.•76 views

RestEasy Reactive implementation of Quarkus allows Creation of Temporary File With Insecure Permissions

In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user...

3.3CVSS4.4AI score0.00206EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2023/02/22 7:15 p.m.•76 views

GeoServer OGC Filter SQL Injection Vulnerabilities

Impact GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols. CQL is also supported through the Web Coverage Service WCS protocol for ImageMosaic coverages. SQL Injection...

9.8CVSS9.7AI score0.85247EPSS
Exploits2References4Affected Software1
Github Security Blog
Github Security Blog
•added 2023/02/08 10:22 p.m.•76 views

openssl-src contains Double free after calling `PEM_read_bio_ex`

The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the "name" e.g. "CERTIFICATE", any header data and the payload data. If the function succeeds then the "nameout", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data...

7.5CVSS7.8AI score0.20444EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2023/01/20 7:33 p.m.•76 views

ExifTool vulnerable to arbitrary code execution

Impact Arbitrary code execution can occur when running exiftool against files with hostile metadata payloads Patches ExifTool has already been patched in version 12.24. exiftoolvendored.rb, which vendors ExifTool, includes this patch in v12.25.0. Workarounds No References...

7.8CVSS2.6AI score0.99981EPSS
Exploits39References3Affected Software1
Github Security Blog
Github Security Blog
•added 2022/12/29 1:48 a.m.•76 views

XStream can cause Denial of Service via stack overflow

Impact The vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream. Patches XStream 1.4.20 handles the stack overflow and raises an InputManipulationException instead...

8.2CVSS7.7AI score0.08689EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/14 12:58 a.m.•76 views

Cross-site Scripting in wicket-jquery-ui

In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier, a security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to WYSIWYG editor...

6.1CVSS6.4AI score0.00905EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/10/12 9:59 p.m.•76 views

Electron's sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API

Impact This vulnerability allows a sandboxed renderer to request a "thumbnail" image of an arbitrary file on the user's system. The thumbnail can potentially include significant parts of the original file, including textual data in many cases. All current stable versions of Electron are affected...

8.6CVSS8.4AI score0.01017EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/06/18 6:43 p.m.•76 views

Path traversal in impacket

Multiple path traversal vulnerabilities exist in smbserver.py in Impacket before 0.9.23. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing...

9.8CVSS6.3AI score0.1926EPSS
Exploits1References14Affected Software1
Github Security Blog
Github Security Blog
•added 2021/06/01 9:53 p.m.•76 views

Improper Verification of Cryptographic Signature in Apache Pulsar in TensorFlow

If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens JWT, the signature of the token is not validated if the algorithm of the presented token is set to "none". This allows an attacker to connect to Pulsar instances as any user incl. admins...

9.8CVSS3AI score0.52926EPSS
Exploits0References14Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/28 7:18 p.m.•76 views

Cross-site scripting vulnerability in TinyMCE

Impact A cross-site scripting XSS vulnerability was discovered in the URL sanitization logic of the core parser for form elements. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor using the clipboard or APIs, and then...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/24 4:56 p.m.•76 views

Insecure permissions on build temporary rootfs in Singularity

Impact Insecure permissions on temporary directories used in explicit and implicit container build operations. When a Singularity command that results in a container build operation is executed, it is possible for a user with access to the system to read the contents of the image during the build...

8.8CVSS8.7AI score0.0204EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/18 3:29 p.m.•76 views

Improper Verification of Cryptographic Signature in golang.org/x/crypto

golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client...

7.5CVSS7.5AI score0.21052EPSS
Exploits6References13Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/06 6:11 p.m.•76 views

Prototype Pollution in arr-flatten-unflatten

All versions of package arr-flatten-unflatten up to and including version 1.1.4 are vulnerable to Prototype Pollution via the constructor...

9.8CVSS9AI score0.01916EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/20 4:44 p.m.•76 views

OS Command Injection and Improper Input Validation in ansible

A flaw was found in the solariszone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the na...

7.3CVSS3.7AI score0.00418EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/19 2:57 p.m.•76 views

Padding Oracle Attack due to Observable Timing Discrepancy in jose

jose is an npm library providing a number of cryptographic operations. Impact AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed JWEDecryptionFailed would be thrown. But a possibly...

5.9CVSS0.9AI score0.01167EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/02/08 5:43 p.m.•76 views

Key Caching behavior in the DynamoDB Encryption Client.

Impact This advisory concerns users of MostRecentProvider in the DynamoDB Encryption Client with a key provider like AWS Key Management Service that allows for permissions on keys to be modified. When key usage permissions were changed at the key provider, time-based key reauthorization logic in...

2.3AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/01/20 9:33 p.m.•76 views

Blind SQL injection in PrestaShop productcomments module

Impact An attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. Patches The problem is fixed in 4.2.1...

8.2CVSS8.5AI score0.12388EPSS
Exploits3References7Affected Software1
Github Security Blog
Github Security Blog
•added 2020/05/26 2:49 p.m.•76 views

ActiveSupport potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore

In ActiveSupport, there is potentially unexpected behaviour in the MemCacheStore and RedisCacheStore where, when untrusted user input is written to the cache store using the raw: true parameter, re-reading the result from the cache can evaluate the user input as a Marshalled object instead of pla...

9.8CVSS9AI score0.45732EPSS
Exploits5References13Affected Software1
Github Security Blog
Github Security Blog
•added 2020/05/07 9:16 p.m.•76 views

Improper Restriction of Excessive Authentication Attempts in Sorcery

Impact Brute force vulnerability when using password authentication via Sorcery. The brute force protection submodule will prevent a brute force attack for the defined lockout period, but once expired protection will not be re-enabled until a user or malicious actor logs in successfully. This doe...

9.8CVSS3.7AI score0.01598EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2020/04/23 8:9 p.m.•76 views

Command Injection in npm-programmatic

All versions of npm-programmatic are vulnerable to Command Injection. The package fails to sanitize input rules and passes it directly to an exec call on the install, uninstall and list functions . This may allow attackers to execute arbitrary code in the system if the package name passed to the...

9.8CVSS6AI score0.03516EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2020/04/15 9:9 p.m.•76 views

Improper Restriction of Rendered UI Layers or Frames in Keycloak

A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other...

5.8CVSS1.2AI score0.00764EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2020/04/14 11:9 p.m.•76 views

OS Command Injection in devcert-sanscache

devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable commonName controlled by user input is used as part of the exec function without any sanitization...

9.8CVSS7.4AI score0.03453EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2020/03/24 3:6 p.m.•76 views

Bleach vulnerable to mutation XSS via whitelisted math or svg and raw tag

Impact A mutation XSS affects users calling bleach.clean with all of: the svg or math in the allowed/whitelisted tags an RCDATA tag see below in the allowed/whitelisted tags the keyword argument strip=False Patches Users are encouraged to upgrade to bleach v3.1.2 or greater. Workarounds modify...

6.1CVSS6.3AI score0.01301EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
•added 2020/02/26 7:55 p.m.•76 views

Users can view database names in Apache Superset

In Apache Incubator Superset before 0.32, a user can view database names that he has no access to on a dropdown list in SQLLab...

5.3CVSS4AI score0.02707EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2020/02/04 10:37 p.m.•76 views

Improper Restriction of XML External Entity Reference in Apache Olingo

The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. Request with content type "application/xml", which trigger the deserialization of entities, can be used to trigger XXE attacks...

5.5CVSS4.9AI score0.12245EPSS
Exploits5References9Affected Software2
Github Security Blog
Github Security Blog
•added 2020/02/04 10:36 p.m.•76 views

Improper input validation in Apache Shiro

Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack...

7.5CVSS2.9AI score0.09101EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2020/01/06 6:44 p.m.•76 views

HTTP Request Smuggling in Waitress: Invalid whitespace characters in headers (Follow-up)

Impact The patches introduced to fix https://github.com/Pylons/waitress/security/advisories/GHSA-m5ff-3wj3-8ph4 were not complete and still would allow an attacker to smuggle requests/split a HTTP request with invalid data. This updates the existing CVE with ID: CVE-2019-16789 Patches Waitress...

8.2CVSS0.5AI score0.02587EPSS
Exploits0References13Affected Software1
Github Security Blog
Github Security Blog
•added 2019/08/01 7:17 p.m.•76 views

XML External Entity (XXE) Injection in Apache Solr

In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debuggi...

9CVSS1.1AI score0.83547EPSS
Exploits3References46Affected Software1
Github Security Blog
Github Security Blog
•added 2018/10/19 4:15 p.m.•76 views

Critical severity vulnerability that affects org.eclipse.jetty:jetty-server

In Eclipse Jetty, versions 9.2.x and older, 9.3.x, transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined...

9.8CVSS3.4AI score0.16154EPSS
Exploits0References17Affected Software1
Github Security Blog
Github Security Blog
•added 2018/10/18 5:43 p.m.•76 views

jackson-dataformat-xml vulnerable to XML external entity (XXE)

XML external entity XXE vulnerability in XmlMapper in the Data format extension for Jackson aka jackson-dataformat-xml allows attackers to have unspecified impact via unknown vectors...

9.8CVSS6.9AI score0.0278EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2018/10/17 8:27 p.m.•76 views

Possible privilege escalation in org.springframework:spring-core

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application server A receives input from a remote client, and then uses that input to make a...

7.5CVSS3.3AI score0.03085EPSS
Exploits0References14Affected Software1
Github Security Blog
Github Security Blog
•added 2018/10/17 4:30 p.m.•76 views

When running Apache Tomcat on Windows with HTTP PUTs enabled it was possible to upload a JSP file to the server

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default to false it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it containe...

8.1CVSS1.7AI score0.99607EPSS
Exploits18References28Affected Software1
Github Security Blog
Github Security Blog
•added 2026/05/14 4:37 p.m.•75 views

TanStack Start - Server Core: Inbound server-function request deserialization could invoke a sibling client-referenced server function

Summary A type-confusion bug in seroval ≤ 1.5.2 upstream advisory allowed a crafted JSON body sent to one TanStack Start server function to trigger invocation of a different client-referenced server function as a side effect of deserializing the request payload. This is not an authentication bypa...

6.1AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2025/05/13 9:38 p.m.•75 views

Microsoft.Build.Tasks.Core .NET Spoofing Vulnerability

Microsoft Security Advisory CVE-2025-26646: .NET Spoofing Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 9.0.xxx and .NET 8.0.xxx SDK. This advisory also provides guidance on what developers can do to update their...

8CVSS7.6AI score0.011EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2024/12/20 6:31 p.m.•75 views

Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability

Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The mitigation for CVE-2024-50379 was incomplete. Users running Tomcat on a case insensiti...

9.8CVSS6.8AI score0.43663EPSS
Exploits13References9Affected Software3
Github Security Blog
Github Security Blog
•added 2024/05/20 8:15 p.m.•75 views

Requests `Session` object does not verify requests after making first request with verify=False

When using a requests.Session, if the first request to a given origin is made with verify=False, TLS certificate verification may remain disabled for all subsequent requests to that origin, even if verify=True is explicitly specified later. This occurs because the underlying connection is reused...

5.6CVSS6.3AI score0.0034EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2024/03/08 3:6 p.m.•75 views

JWX vulnerable to a denial of service attack using compressed JWE message

Summary This vulnerability allows an attacker with a trusted public key to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the recipient, it results in significant memory...

6.8CVSS7AI score0.0057EPSS
Exploits1References7Affected Software2
Github Security Blog
Github Security Blog
•added 2023/05/30 8:7 p.m.•75 views

Kyverno vulnerable due to usage of insecure cipher

Summary Insecure 3DES ciphers are used which may lead to exploitation of the Sweet32 vulnerability. Specifically, the ciphers TLSECDHERSAWITH3DESEDECBCSHA secp256r1 and TLSRSAWITH3DESEDECBCSHA rsa 2048 are allowed. See CVE-2016-2183. This is fixed in Kyverno v1.9.5 and v1.10.0 and no known users...

7.5CVSS6.8AI score0.95707EPSS
Exploits7References4Affected Software1
Github Security Blog
Github Security Blog
•added 2023/04/20 9:46 p.m.•75 views

XWiki vulnerable to Code Injection in template provider administration

Impact Any user with edit rights on any document e.g., the own user profile can execute code with programming rights, leading to remote code execution by following these steps: 1. Set the title of any document you can edit can be the user profile to async async="true" cached="false"...

9.9CVSS7.2AI score0.01864EPSS
Exploits1References5Affected Software3
Github Security Blog
Github Security Blog
•added 2023/03/30 6:30 a.m.•75 views

angular vulnerable to regular expression denial of service via the $resource service

All versions of the package angular are vulnerable to Regular Expression Denial of Service ReDoS via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtrackin...

5.3CVSS7.2AI score0.01695EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
•added 2023/02/24 4:22 p.m.•75 views

LiteDB may deserialize bad JSON on object type using _type

Impact LiteDB use a special field in JSON documents to cast diferent types from BsonDocument do POCO classes. When instance of an object are not the same of class, BsonMapper use a special field type string info with full class name with assembly to be loaded and fit in your model. If your end-us...

9.8CVSS0.1AI score0.00699EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2023/02/17 2:0 p.m.•75 views

golang.org/x/net vulnerable to Uncontrolled Resource Consumption

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests...

7.5CVSS7.4AI score0.04561EPSS
Exploits0References17Affected Software1
Github Security Blog
Github Security Blog
•added 2022/11/01 5:45 p.m.•75 views

X.509 Email Address 4-byte Buffer Overflow

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...

7.5CVSS8.4AI score0.9077EPSS
Exploits6References50Affected Software1
Github Security Blog
Github Security Blog
•added 2022/06/17 1:16 a.m.•75 views

Ghost vulnerable to remote code execution in locale setting change

Impact A vulnerability in an upstream library means an authenticated attacker can abuse locale input to execute arbitrary commands from a file that has previously been uploaded using the file upload functionality in the post editor. Patches Fixed in 5.2.3, all 5.x sites should update as soon as...

7.5CVSS1.3AI score0.05664EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities5000