Lucene search
K
GithubMost viewed

33225 matches found

Github Security Blog
Github Security Blog
added 2023/02/17 2:0 p.m.75 views

golang.org/x/net vulnerable to Uncontrolled Resource Consumption

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests...

7.5CVSS7.4AI score0.04561EPSS
Exploits0References17Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/17 1:16 a.m.75 views

Ghost vulnerable to remote code execution in locale setting change

Impact A vulnerability in an upstream library means an authenticated attacker can abuse locale input to execute arbitrary commands from a file that has previously been uploaded using the file upload functionality in the post editor. Patches Fixed in 5.2.3, all 5.x sites should update as soon as...

7.5CVSS1.3AI score0.05664EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:33 p.m.75 views

XXE vulnerability in Jenkins Visualworks Store Plugin

Jenkins Visualworks Store Plugin 1.1.3 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with the ability to control the output of a script that run Visualworks with StoreCI, or able to control an agent process, to have Jenkins parse a...

6.5CVSS6.2AI score0.01076EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/04/12 12:7 a.m.75 views

Improper Certificate Validation

.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka ".NET COR...

7.5CVSS5.1AI score0.05423EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2022/01/27 4:13 p.m.75 views

Infinite Loop in Apache Xerces Java

There's a vulnerability within the Apache Xerces Java XercesJ XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present withi...

7.1CVSS3AI score0.0444EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/11/23 5:53 p.m.75 views

Code injection in spring-cloud-netflix-hystrix-dashboard

Applications using the spring-cloud-netflix-hystrix-dashboard expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at /hystrix/monitor;user-provided data, the path elements following hystrix/monitor are being evaluated ...

8.8CVSS3AI score0.13035EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/09 8:44 p.m.75 views

ReDOS in Mpmath

A Regular Expression Denial of Service ReDOS vulnerability was discovered in Mpmath v1.0.0 when the mpmathify function is called...

7.5CVSS3.4AI score0.041EPSS
Exploits1References16Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/02 5:26 p.m.75 views

Out-of-bounds write in ChakraCore

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829...

7.6CVSS5.2AI score0.09363EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/28 6:58 p.m.75 views

Out-of-bounds Write in ChakraCore

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0829,...

7.6CVSS2.8AI score0.09363EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/26 9:16 p.m.75 views

Information Disclosure in User Authentication

Meta CVSS: AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C 4.9 Problem It has been discovered that user credentials have been logged as plaintext when explicitly using log level debug, which is not the default configuration. Solution Update to TYPO3 versions 7.6.52 ELTS, 8.7.41 ELTS, 9.5.28,...

6.5CVSS1.4AI score0.00829EPSS
Exploits0References9Affected Software2
Github Security Blog
Github Security Blog
added 2021/06/29 9:14 p.m.75 views

Denial of service in github.com/ethereum/go-ethereum

Impact A DoS vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. Patches The vulnerability was patched in https://github.com/ethereum/go-ethereum/pull/21896. Workarounds This vulnerability only concerns users explicitly enabling les server;...

6.5CVSS6.3AI score0.01864EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/16 5:40 p.m.75 views

Code injection in Apache Druid

Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a...

9CVSS1.5AI score0.99301EPSS
Exploits7References18Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/18 9:7 p.m.75 views

github.com/pires/go-proxyproto denial of service vulnerability

The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service DoS via the parseVersion1 function. The reader in this package is a default bufio.Reader wrapping a net.Conn. It will read from the connection until it finds a newline. Since no limits are implemented in t...

4.9CVSS5.4AI score0.01871EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/18 6:36 p.m.75 views

XStream is vulnerable to a Remote Command Execution attack

Impact The vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...

8.8CVSS8.3AI score0.77735EPSS
Exploits1References21Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/18 1:52 a.m.75 views

Path traversal in rollup-plugin-serve

Path traversal in npm package rollup-plugin-serve before version 1.0.2. There is no path sanitization in readFile operation...

9.8CVSS9AI score0.01474EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/10 7:15 p.m.75 views

Arbitrary Code Execution in json-ptr

npm json-ptr before 2.1.0 has an arbitrary code execution vulnerability. The issue occurs in the set operation when the force flag is set to true. The function recursively set the property in the target object, however it does not properly check the key being set, leading to a prototype pollution...

9.8CVSS9.3AI score0.01879EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/07 4:18 p.m.75 views

Regular Expression Denial of Service in ua-parser-js

The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service ReDoS via the regex for Redmi Phones and Mi Pad Tablets UA...

7.5CVSS7.5AI score0.04483EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/05 7:49 p.m.75 views

Action Pack contains Information Disclosure / Unintended Method Execution vulnerability

Impact ------ There is a possible information disclosure / unintended method execution vulnerability in Action Pack when using the redirectto or polymorphicurl helper with untrusted user input. Vulnerable code will look like this. redirecttoparams:someparam All users running an affected release...

7.5CVSS7.3AI score0.04195EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/22 4:15 p.m.75 views

Cross-site scripting in Apache CXF

By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting XSS attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This...

6.1CVSS2.6AI score0.42993EPSS
Exploits0References17Affected Software2
Github Security Blog
Github Security Blog
added 2021/04/22 4:15 p.m.75 views

Remote Code Execution and download tracking in Mintegral SDK

"This affects all versions of package com.mintegral.msdk:alphab. The Android SDK distributed by the company contains malicious functionality in this module that tracks: 1. Downloads from Google urls either within Google apps or via browser including file downloads, e-mail attachments and Google...

4.7CVSS5.1AI score0.00857EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/22 11:29 p.m.75 views

XStream is vulnerable to an Arbitrary Code Execution attack

Impact The vulnerability may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. Patches If you rely on...

9.8CVSS3AI score0.15234EPSS
Exploits1References17Affected Software1
Github Security Blog
Github Security Blog
added 2020/07/29 8:40 p.m.75 views

Signature Malleabillity in elliptic

The Elliptic package before version 6.5.3 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature...

7.7CVSS5.2AI score0.02629EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/24 5:15 p.m.75 views

Rack allows Percent-encoded cookies to overwrite existing prefixed cookie names

A reliance on cookies without validation/integrity check security vulnerability exists in rack 2.2.3, rack 2.1.4 that makes it possible for an attacker to forge a secure or host-only cookie prefix...

7.5CVSS3.6AI score0.02938EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/05 4:11 p.m.75 views

Directory traversal attack in Spring Cloud Config

Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...

6.5CVSS5AI score0.6876EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2020/04/14 11:9 p.m.75 views

Internal NCryptDecrypt method could be used externally from WindowsHello library.

Impact Every user of the library before version 1.0.4. Patches Patched in 1.0.4+. Workarounds None. References https://github.com/SeppPenner/WindowsHello/issues/3 For more information It this library is used to encrypt text and write the output to a txt file, another executable could be able to...

5.5CVSS0.6AI score0.00234EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/03/30 8:40 p.m.75 views

Directory Traversal in Next.js

Impact - Not affected: Deployments on ZEIT Now v2 https://zeit.co are not affected - Not affected: Deployments using the serverless target - Not affected: Deployments using next export - Affected: Users of Next.js below 9.3.2 We recommend everyone to upgrade regardless of whether you can reproduc...

5CVSS1.5AI score0.43426EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/03/06 1:16 a.m.75 views

Holder can (re)create authentic credentials after receiving a credential in vp-toolkit

Impact The verifyVerifiableCredential method check the cryptographic integrity of the Verifiable Credential, but it does not check if the credential.issuer DID matches the signer of the credential. The verifier is impacted by this vulnerability. Patches Patch will be available in version 0.2.2...

2.3AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/03/04 8:20 p.m.75 views

Information disclosure in parse-server

you can fetch all the users' objects, by using regex in the NoSQL query. Using the NoSQL, you can use a regex on sessionToken "SessionToken":"$regex":"r:027f" and find valid accounts this way. Using this method, it's possible to retrieve accounts without interaction from the users. GET...

7.7CVSS5.5AI score0.00849EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/02/24 5:33 p.m.75 views

Reflected XSS in SilverStripe

SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS Cross-Site Scripting on some forms buil...

6.1CVSS2.2AI score0.00685EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/01/23 2:28 a.m.75 views

Directive injection when using dynamic overrides with user input

Impact If user-supplied input was passed into append/overridecontentsecuritypolicydirectives, a semicolon could be injected leading to directive injection. This could be used to e.g. override a script-src directive. Duplicate directives are ignored and the first one wins. The directives in...

5.8CVSS0.4AI score0.01814EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2019/11/13 12:32 a.m.75 views

jackson-databind polymorphic typing issue

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the apache-log4j-extra version 1.2.x jar in...

9.8CVSS9AI score0.05329EPSS
Exploits0References22Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/08 7:42 p.m.74 views

@akoskm/create-mcp-server-stdio is vulnerable to MCP Server Command Injection through `exec` API

Command Injection in MCP Server The MCP Server at https://github.com/akoskm/create-mcp-server-stdio is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. Vulnerable tool The MCP Server exposes the to...

9.3CVSS8AI score0.01371EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2024/09/10 7:42 p.m.74 views

send vulnerable to template injection that can lead to XSS

Impact passing untrusted user input - even after sanitizing it - to SendStream.redirect may execute untrusted code Patches this issue is patched in send 0.19.0 Workarounds users are encouraged to upgrade to the patched version of express, but otherwise can workaround this issue by making sure any...

5CVSS6.9AI score0.00511EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/03/06 8:0 p.m.74 views

JWCrypto vulnerable to JWT bomb Attack in `deserialize` function

Affected version Vendor: https://github.com/latchset/jwcrypto Version: 1.5.5 Description An attacker can cause a DoS attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this Token, it will consume a lot of memory and processing time. Poc python from...

6.8CVSS6.3AI score0.0098EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/05/17 5:7 p.m.75 views

ReactPHP's HTTP server continues parsing unused multipart parts after reaching input field and file upload limits

Summary Previous versions of ReactPHP's HTTP server component contain a potential DoS vulnerability that can cause high CPU load when processing large HTTP request bodies. This vulnerability has little to no impact on the default configuration, but can be exploited when explicitly using the...

5.3CVSS6.8AI score0.0068EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/27 11:52 p.m.74 views

Chosen Ciphertext Attack in Jose4j

Summary RSA15 in jose4j is susceptible to chosen ciphertext attacks. The attack allows to decrypt RSA15 or RSAOAEP encrypted ciphertexts. It may be feasible to sign with affected keys. Severity Moderate - exploiting this ciphertext attack could result in the ability to decrypt RSA15 or RSAOAEP...

6.6AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/10 9:30 p.m.74 views

Denial of service in Jenkins Core

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier, and prior to LTS 2.387.1 is affected by the Apache Commons FileUpload library’s vulnerability CVE-2023-24998. This library is used to process uploaded files via the Stapler web framework usually through StaplerRequestgetFile and...

7.5CVSS7.3AI score0.0098EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/06 9:30 p.m.74 views

Moodle SQL Injection vulnerability

In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses...

9.8CVSS9.6AI score0.52299EPSS
Exploits6References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/01/17 11:58 p.m.74 views

Shopware vulnerable to Improper Control of Generation of Code in Twig rendered views

Impact In Twig environment without the Sandbox extension, it is possible to refer to PHP functions in twig filters like map, filter, sort. This allows in the template to call any global PHP function. Patches The problem has been fixed with 6.4.18.1 with an override of the specified filters until...

9.9CVSS8.3AI score0.01333EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2023/01/03 12:28 p.m.74 views

Apiman has potential permissions bypass

Impact Incorrect default permissions for certain read-only resources in the Apiman 1.5.7.Final through 2.2.3.Final in the Apiman Manager REST API allows a remote authenticated attacker to access information and resources in an Apiman Organizations they are not a member of and/or do not have...

6.5CVSS5.8AI score0.00604EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 1:9 a.m.74 views

Django User Enumeration Vulnerability

The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests...

3.1CVSS7AI score0.03317EPSS
Exploits0References18Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/05 8:24 p.m.74 views

Authentication bypass for viewing and deletions of snapshots

Today we are releasing Grafana 7.5.11, and 8.1.6. These patch releases include an important security fix for an issue that affects all Grafana versions from 2.0.1. Grafana Cloud instances have already been patched and an audit did not find any usage of this attack vector. Grafana Enterprise...

9.8CVSS7.7AI score0.99888EPSS
Exploits1References13Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/22 8:36 p.m.74 views

Prototype Pollution in jointjs

This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function...

9.8CVSS3.3AI score0.01801EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/02 9:59 p.m.74 views

Path traversal in Grafana Cortex

An issue was discovered in Grafana Cortex through 1.9.0. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Cortex will attempt to parse a rules file at that...

5.3CVSS5.3AI score0.01392EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/30 4:24 p.m.74 views

Unrestricted Upload of File with Dangerous Type in django-widgy

Unrestricted Upload of File with Dangerous Type in Django-Widgy v0.8.4 allows remote attackers to execute arbitrary code via the 'image' widget in the component 'Change Widgy Page'...

9.8CVSS9.5AI score0.0289EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/13 8:16 p.m.74 views

Improper Authorization and Origin Validation Error in OneFuzz

Impact Starting with OneFuzz 2.12.0 or greater, an incomplete authorization check allows an authenticated user from any Azure Active Directory tenant to make authorized API calls to a vulnerable OneFuzz instance. To be vulnerable, a OneFuzz deployment must be: Version 2.12.0 or greater Deployed...

10CVSS8.9AI score0.02415EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/19 9:21 p.m.74 views

Cross-site Scripting in Froala WYSIWYG Editor

Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing...

5.4CVSS1.8AI score0.52037EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/29 9:14 p.m.74 views

Consensus flaw during block processing in github.com/ethereum/go-ethereum

Impact A consensus-vulnerability in Geth could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Description A flaw was repoted at 2020-08-11 by John Youngseok Yang Software Platform Lab, where a particular sequence of transactions could cause a consensus failur...

5.3CVSS5.4AI score0.00909EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/23 5:57 p.m.74 views

Access Control Bypass

An issue was discovered in Rancher 2 through 2.1.5. Any project member with access to the default namespace can mount the netes-default service account in a pod, and then use that pod to execute administrative privileged commands against the k8s cluster. This could be mitigated by isolating the...

9CVSS4.4AI score0.01799EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/10 5:23 p.m.74 views

Use of Cryptographically Weak Pseudo-Random Number Generator in Rclone

An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limi...

7.5CVSS7.3AI score0.01336EPSS
Exploits1References5Affected Software1
Total number of security vulnerabilities5000