Lucene search
K
GithubMost viewed

33225 matches found

Github Security Blog
Github Security Blog
added 2021/06/04 7:9 p.m.74 views

Path traversal

Impact A malicious actor could read sensitive files from the environment where TechDocs documentation is built and published by setting a particular path for docsdir in mkdocs.yml. These files would then be available over the TechDocs backend API. This vulnerability is mitigated by the fact that ...

6.5CVSS1.3AI score0.0128EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/10 3:17 p.m.74 views

HTTP Request Smuggling in akka-http-core

A vulnerable Akka HTTP server will accept a malformed message and hand it over to the user. If the user application proxies this message to another server unchanged and that server also accepts that message but interprets it as two HTTP messages, the second message has reached the second server...

6.5CVSS0.2AI score0.00705EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/07 3:54 p.m.74 views

Open Redirect in Liferay Portal

The redirect module in Liferay Portal before 7.3.3 does not limit the number of URLs resulting in a 404 error that is recorded, which allows remote attackers to perform a denial of service attack by making repeated requests for pages that do not exist...

7.5CVSS7.1AI score0.01759EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/06 6:54 p.m.74 views

Improper Input Validation in Laravel

An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24.0. The $guarded property is mishandled in some situations involving requests with JSON column nesting expressions...

7.5CVSS7.3AI score0.0109EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/06 6:11 p.m.74 views

trentm/json vulnerable to command injection

This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function...

7.2CVSS8.3AI score0.03727EPSS
Exploits1References24Affected Software2
Github Security Blog
Github Security Blog
added 2021/05/06 4:11 p.m.74 views

Withdrawn: Arbitrary Code Execution in static-eval

All versions of package static-eval are vulnerable to Arbitrary Code Execution using FunctionExpressions and TemplateLiterals. PoC: var evaluate = require'static-eval'; var parse = require'esprima'.parse; var src="function x return...

5AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/04 5:42 p.m.74 views

Bypass of fix for CVE-2020-26231, Twig sandbox escape

Impact A bypass of CVE-2020-26231 fixed in 1.0.470/471 and 1.1.1 was discovered that has the same impact as CVE-2020-26231 & CVE-2020-15247: An authenticated backend user with the cms.managepages, cms.managelayouts, or cms.managepartials permissions who would normally not be permitted to provide...

5.2CVSS1AI score0.00262EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/29 9:53 p.m.74 views

Lack of Input Validation in zendesk_api_client_php for Zendesk Subdomain

Impact Lack of input validation of the Zendesk subdomain could expose users of the library to Server Side Request Forgery SSRF. Resolution Validate the provided Zendesk subdomain to be a valid subdomain in: getAuthUrl getAccessToken...

3.9AI score0.00393EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/19 2:51 p.m.74 views

Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18

Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.13 Vaadin 10.0.0 through 10.0.16, 1.1.0 prior to 2.0.0 Vaadin 11 through 13, 2.0.0 through 2.4.6 Vaadin 14.0.0 through 14.4.6, 3.0.0 prior to 5.0.0 Vaadin 15 prior to 18, and...

4CVSS3.7AI score0.0021EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/19 8:11 p.m.74 views

Potential remote code execution in Apache Tomcat

The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the...

7CVSS2.4AI score0.56636EPSS
Exploits15References21Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/11 10:50 p.m.74 views

ansi_up cross-site scripting vulnerability

The npm package ansiup converts ANSI escape codes into HTML. In ansiup v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting XSS vulnerability. This issue is fixed in v5.0.0...

6.1CVSS5.7AI score0.08EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/02/25 4:32 p.m.74 views

Path traversal in pimcore/pimcore

This affects the package pimcore/pimcore before 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class bundles/AdminBundle/Controller/Reports/CustomReportController.php. An authenticated user can reach this function with a GET...

7.1CVSS4.6AI score0.01316EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/01/20 9:22 p.m.74 views

CORS misconfiguration in socket.io

The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default...

5.3CVSS5.1AI score0.0073EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/11/13 5:13 p.m.74 views

Segfault in `tf.quantization.quantize_and_dequantize`

Impact An attacker can pass an invalid axis value to tf.quantization.quantizeanddequantize: python tf.quantization.quantizeanddequantize input=2.5, 2.5, inputmin=0,0, inputmax=1,1, axis=10 This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation:...

7.5CVSS1.4AI score0.00886EPSS
Exploits1References8Affected Software3
Github Security Blog
Github Security Blog
added 2020/07/10 8:55 p.m.74 views

User passwords are stored in clear text in the Django session

Impact django-two-factor-auth versions 1.11 and before store the user's password in clear text in the user session base64-encoded. The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor...

5.4CVSS0.8AI score0.00579EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/05 2:47 p.m.74 views

Arbitrary shell command execution in logkitty

Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1...

9.8CVSS6.5AI score0.0201EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/05/13 11:17 p.m.74 views

Cross-Site Scripting in TYPO3 CMS Form Engine

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, it has been discovered that HTML placeholder attributes containing data of other database records are vulnerable to cross-site scripting. A valid backend user account is need...

5.4CVSS1AI score0.0054EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2020/04/07 3:52 p.m.74 views

confinit vulnerable to prototype pollution

confinit through 0.3.0 is vulnerable to Prototype Pollution.The 'setDeepProperty' function could be tricked into adding or modifying properties of 'Object.prototype' using a 'proto' payload...

5.3CVSS2.7AI score0.01022EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2019/07/05 9:8 p.m.74 views

Inadequate Encryption Strength in DotNetNuke

DNN aka DotNetNuke 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811...

7.5CVSS3.9AI score0.74048EPSS
Exploits4References6Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/18 4:49 p.m.74 views

keycloak-core discloses system properties

It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML...

6.5CVSS6.6AI score0.02457EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/17 4:23 p.m.74 views

In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate

In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of...

7.5CVSS3.1AI score0.0186EPSS
Exploits0References11Affected Software3
Github Security Blog
Github Security Blog
added 2018/10/16 5:45 p.m.74 views

FasterXML jackson-databind allows unauthenticated remote code execution

FasterXML jackson-databind before before 2.6.7.5, 2.7.x before 2.7.9.3, 2.8.x before 2.8.11.1, and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input...

9.8CVSS9.3AI score0.20135EPSS
Exploits0References32Affected Software1
Github Security Blog
Github Security Blog
added 2018/03/13 8:38 p.m.74 views

pym.js CSRF Vulnerability

NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross Site Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 can result in Arbitrary javascript code execution. This attack appears to be...

8.8CVSS8.8AI score0.0104EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.74 views

OpenSSL gem for Ruby using inadequate encryption strength

The OpenSSL gem for Ruby uses the same initialization vector IV in GCM Mode aes--gcm when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism...

7.5CVSS4.7AI score0.03167EPSS
Exploits1References11Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 5:22 p.m.73 views

@angular/compiler: Two-Way Property Binding Sanitization Bypass (XSS)

An issue in the @angular/compiler package allows bypassing DOM property sanitization through the use of two-way property bindings. Specifically, when a native DOM property that requires sanitization such as innerHTML, srcdoc, src, href, data, or sandbox is bound using the two-way binding syntax...

6.1CVSS5.7AI score0.00195EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 3:49 p.m.73 views

Nuxt: Reflected XSS in `navigateTo()` external redirect

Summary navigateTo with external: true generates a server-side HTML redirect body containing a tag. The destination URL is only sanitized by replacing " with %22, leaving , &, and ' unencoded. An attacker who can influence the URL passed to navigateTourl, external: true can break out of the...

5.4CVSS5.4AI score0.00164EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 3:31 p.m.73 views

ImageMagick: Heap Buffer Over-Read in IPTC encoder

When writing an IPTC output file a malicious input file could cause an out of bounds read of a single byte...

5.1CVSS5.8AI score0.0012EPSS
Exploits0References3Affected Software18
Github Security Blog
Github Security Blog
added 2025/11/19 8:9 p.m.73 views

Astro Cloudflare adapter has Stored Cross-site Scripting vulnerability in /_image endpoint

Summary A Cross-Site Scripting XSS vulnerability exists in Astro when using the @astrojs/cloudflare adapter with output: 'server'. The built-in image optimization endpoint /image uses isRemoteAllowed from Astro’s internal helpers, which unconditionally allows data: URLs. When the endpoint receive...

6.1CVSS6.3AI score0.00223EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/05/15 4:15 p.m.73 views

Reflex vulnerable to private state fields modification

Summary A user on the website can modify any private field on their own state. Details An event meant to modify client side storage had access to modify any field on the state for the given user. This includes non-client side ones and most importantly private fields. This still requires the actor...

6.6AI score0.00439EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/03/25 7:40 p.m.73 views

Netty's HttpPostRequestDecoder can OOM

Summary The HttpPostRequestDecoder can be tricked to accumulate data. I have spotted currently two attack vectors Details 1. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consistin...

5.3CVSS6.7AI score0.0138EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/25 6:30 p.m.73 views

snappy-java's missing upper bound check on chunk length can lead to Denial of Service (DoS) impact

Summary snappy-java is a data compression library in Java. Its SnappyInputStream was found to be vulnerable to Denial of Service DoS attacks when decompressing data with a too-large chunk size. Due to missing upper bound check on chunk length, an unrecoverable fatal error can occur. Scope All...

7.5CVSS6.8AI score0.0104EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/08/14 9:34 p.m.73 views

Tornado vulnerable to HTTP request smuggling via improper parsing of `Content-Length` fields and chunk lengths

Summary Tornado interprets -, +, and in chunk length and Content-Length values, which are not allowed by the HTTP RFCs. This can result in request smuggling when Tornado is deployed behind certain proxies that interpret those non-standard characters differently. This is known to apply to older...

6.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/08/11 8:54 p.m.73 views

.NET Information Disclosure Vulnerability

Microsoft Security Advisory CVE-2023-35391: .NET Information Disclosure Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET core 2.1, .NET 6.0 and, .NET 7.0. This advisory also provides guidance on what developers c...

7.5CVSS6.4AI score0.01937EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2023/06/20 4:48 p.m.73 views

XWiki Platform vulnerable to cross-site scripting in target parameter via share page by email

Impact Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. For instance, the following URL execute an alter on the browser:...

8.8CVSS6.9AI score0.01496EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/12 8:9 p.m.73 views

Grafana has Broken Access Control in Alert manager: Viewer can send test alerts

Summary Grafana allows an attacker in the Viewer role, send alerts by API Alert - Test. The option is not available from the user panel UI for in the Viewer role. Reason for the error: The API does not check access to this function and allows it by users with the least rights, for example, the...

6.4CVSS7AI score0.01027EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/05/24 6:30 p.m.73 views

SQL injection in Liferay Portal

SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. This vulnerability is...

8.1CVSS8.5AI score0.00549EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/27 9:30 p.m.73 views

Lightbend Alpakka Kafka logs credentials on debug level

Lightbend Alpakka Kafka before 4.0.2 logs its configuration as debug information, and thus log files may contain credentials if plain cleartext login is configured. This occurs in akka.kafka.internal.KafkaConsumerActor...

5.5CVSS6.9AI score0.00152EPSS
Exploits0References5Affected Software4
Github Security Blog
Github Security Blog
added 2023/01/26 9:30 p.m.73 views

Sandbox bypass in Jenkins Script Security Plugin

A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a2fb25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the...

8.8CVSS9.1AI score0.00585EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/01/18 6:31 a.m.73 views

cookiejar Regular Expression Denial of Service via Cookie.parse function

Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service ReDoS via the Cookie.parse function and other aspects of the API, which use an insecure regular expression for parsing cookie values. Applications could be stalled for extended periods of time if...

7.5CVSS4.4AI score0.01546EPSS
Exploits1References9Affected Software2
Github Security Blog
Github Security Blog
added 2022/11/14 7:0 p.m.73 views

Apache SOAP contains unauthenticated RPCRouterServlet

UNSUPPORTED WHEN ASSIGNED In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. This gives an attacker the possibility to invoke methods on the classpath that meet certain criteria. Depending on what classes are available on the classpath this might...

9.8CVSS9.5AI score0.02251EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/09/17 12:0 a.m.73 views

Denial of Service due to parser crash

Those using FasterXML/woodstox to seralize XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. This...

7.5CVSS7.5AI score0.19653EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/20 12:0 a.m.73 views

Apache Xalan Java XSLT library integer truncation issue when processing malicious XSLT stylesheets

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. A fix for this issue was published in September 20...

7.5CVSS8.2AI score0.17673EPSS
Exploits2References37Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/07 8:55 p.m.73 views

Jetty vulnerable to Invalid HTTP/2 requests that can lead to denial of service

Description Invalid HTTP/2 requests for example, invalid URIs are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying ...

7.5CVSS0.5AI score0.0227EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/16 11:13 p.m.73 views

Jupyter server Token bruteforcing

Affects: Notebook and Lab between 6.4.0?potentially earlier and 6.4.11 currently latest. Jupyter Server =1.16.0. If I am correct about the responsible code it will affect Jupyter-Server 1.17.0 and 2.0.0a0 as well. Description: If notebook server is started with a value of rootdir that contains th...

9CVSS8.9AI score0.00846EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/18 5:55 p.m.73 views

Open Redirect

Impact In some situations, it is possible to have open redirects where users can be redirected from your site to any other site using a specially crafted URL. This is only the case for installations where the default Hostname Identification is used and the environment uses tenants that have...

6.1CVSS0.9AI score0.0102EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/14 10:45 p.m.73 views

HTTP/2 DoS Attacks: Ping, Reset, and Settings Floods

Impact Twisted web servers that utilize the optional HTTP/2 support suffer from the following flow-control related vulnerabilities: Ping flood: https://vulners.com/cve/CVE-2019-9512 Reset flood: https://vulners.com/cve/CVE-2019-9514 Settings flood: https://vulners.com/cve/CVE-2019-9515 A Twisted...

7.8CVSS0.2AI score0.87806EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/10 11:4 p.m.73 views

Cross-site scripting in json-sanitizer

OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls a substring of the input JSON, and controls another substring adjacent to a SCRIPT element in which the output is embedded as JavaScript, may be able to confuse the HTML parser as to where the SCRIPT element ends, and cause...

6.1CVSS1.6AI score0.01119EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/19 8:15 p.m.73 views

Policies not properly enforced in bluemonday

The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python in pybluemonday, does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements...

9.8CVSS2.1AI score0.01514EPSS
Exploits1References7Affected Software2
Github Security Blog
Github Security Blog
added 2021/09/07 10:55 p.m.73 views

Cross-site Scripting in Apache Zeppelin

Cross Site Scripting vulnerability in markdown interpreter of Apache Zeppelin allows an attacker to inject malicious scripts. This issue affects Apache Zeppelin Apache Zeppelin versions prior to 0.9.0...

6.1CVSS4.3AI score0.03232EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/09 10:24 p.m.73 views

vercel/serve allows access to restricted files if filename is URL encoded.

serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded...

5.3CVSS5.4AI score0.01316EPSS
Exploits1References3Affected Software1
Total number of security vulnerabilities5000