Lucene search
K
GithubMost viewed

33122 matches found

Github Security Blog
Github Security Blog
•added 2021/09/08 8:14 p.m.•386 views

HashiCorp Consul Privilege Escalation Vulnerability

HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.8.15, 1.9.9 and 1.10.2...

8.8CVSS8.2AI score0.01149EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
•added 2020/09/02 6:25 p.m.•386 views

Use-After-Free in puppeteer

Versions of puppeteer prior to 1.13.0 are vulnerable to the Use-After-Free vulnerability in Chromium CVE-2019-5786. The Chromium FileReader API is vulnerable to Use-After-Free which may lead to Remote Code Execution. Recommendation Upgrade to version 1.13.0 or later...

6.5CVSS5.5AI score0.61537EPSS
Exploits10References8Affected Software1
Github Security Blog
Github Security Blog
•added 2020/09/01 4:41 p.m.•386 views

Cross-Site Scripting in jquery

Affected versions of jquery are vulnerable to cross-site scripting. This occurs because the main jquery function uses a regular expression to differentiate between HTML and selectors, but does not properly anchor the regular expression. The result is that jquery may interpret HTML as selectors wh...

6.1CVSS2.4AI score0.08632EPSS
Exploits6References22Affected Software3
Github Security Blog
Github Security Blog
•added 2018/10/17 4:32 p.m.•384 views

The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins

The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their...

9.8CVSS3.6AI score0.21979EPSS
Exploits0References63Affected Software1
Github Security Blog
Github Security Blog
•added 2025/02/12 7:47 p.m.•374 views

Elliptic's private key extraction in ECDSA upon signing a malformed input (e.g. a string)

Summary Private key can be extracted from ECDSA signature upon signing a malformed input e.g. a string or a number, which could e.g. come from JSON network input Note that elliptic by design accepts hex strings as one of the possible input types Details In this code:...

7.2AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2023/06/26 9:30 p.m.•373 views

Duplicate Advisory: jQuery Cross Site Scripting vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jpcq-cgw6-v4j6. This link is maintained to preserve external references. Original Description Cross Site Scripting vulnerability in jQuery v.2.2.0 until v.3.5.0 allows a remote attacker to execute arbitrary code...

6.5AI score
Exploits5References12Affected Software3
Github Security Blog
Github Security Blog
•added 2021/04/26 4:4 p.m.•371 views

Path Traversal and Improper Input Validation in Apache Commons IO

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path traversal,...

5.8CVSS3.6AI score0.10608EPSS
Exploits1References51Affected Software10
Github Security Blog
Github Security Blog
•added 2023/06/22 6:30 a.m.•369 views

word-wrap vulnerable to Regular Expression Denial of Service

All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of an insecure regular expression within the result variable...

7.5CVSS7AI score0.01709EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/13 1:23 a.m.•369 views

elFinder command injection vulnerability in the PHP connector

elFinder before 2.1.48 has a command injection vulnerability in the PHP connector...

9.8CVSS7.7AI score0.96633EPSS
Exploits11References9Affected Software1
Github Security Blog
Github Security Blog
•added 2022/12/29 1:51 a.m.•361 views

Prototype Pollution in JSON5 via Parse Method

The parse method of the JSON5 library before and including version 2.2.1 does not restrict parsing of keys named proto, allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by JSON5.parse and not the...

8.8CVSS9.1AI score0.09304EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/13 1:17 a.m.•359 views

Jenkins veracode-scanner Plugin stores credentials in plain text

Jenkins veracode-scanner Plugin stores credentials unencrypted in its global configuration file org.jenkinsci.plugins.veracodescanner.VeracodeNotifier.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...

8.8CVSS6.8AI score0.01365EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2023/04/05 9:30 p.m.•355 views

xml2js is vulnerable to prototype pollution

xml2js versions before 0.5.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited...

5.3CVSS5.9AI score0.01404EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/21 12:0 a.m.•355 views

Crash in HeaderParser in dicer

This affects all versions of the package dicer. A malicious attacker can send a modified form to the server and crash the Node.js service. A complete denial of service can be achieved by sending the malicious form in a loop...

7.5CVSS7.2AI score0.03035EPSS
Exploits2References7Affected Software2
Github Security Blog
Github Security Blog
•added 2023/02/27 9:30 p.m.•354 views

laravel-admin has Arbitrary File Upload vulnerability

An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file...

7.2CVSS7.4AI score0.02382EPSS
Exploits3References5Affected Software1
Github Security Blog
Github Security Blog
•added 2024/11/18 8:1 p.m.•351 views

XXE in PHPSpreadsheet's XLSX reader

Summary The XmlScanner class has a scan method which should prevent XXE attacks. However, we found another bypass than the previously reported CVE-2024-47873, the regexes from the findCharSet method, which is used for determining the current encoding can be bypassed by using a payload in the...

7.5CVSS7.5AI score0.00718EPSS
Exploits1References5Affected Software2
Github Security Blog
Github Security Blog
•added 2020/08/11 5:21 p.m.•351 views

Insecure serialization leading to RCE in serialize-javascript

serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js". An object such as "foo": /1"/, "bar": "a"@R--0@" was serialized as "foo": /1"/, "bar": "a/1"/, which allows an attacker to escape the bar key. This requires...

8.1CVSS4.3AI score0.03009EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2021/06/08 11:2 p.m.•344 views

keycloak Self Stored Cross-site Scripting vulnerability

A flaw was found in keycloak in versions before 13.0.0. A Self Stored XSS attack vector escalating to a complete account takeover is possible due to user-supplied data fields not being properly encoded and Javascript code being used to process the data. The highest threat from this vulnerability ...

9.6CVSS2.2AI score0.01249EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2020/04/14 3:27 p.m.•342 views

Nexus Repository Manager 3 - Remote Code Execution

Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection issue 1 of 2...

9CVSS2.8AI score0.99064EPSS
Exploits10References8Affected Software1
Github Security Blog
Github Security Blog
•added 2023/07/13 5:1 p.m.•339 views

vm2 Sandbox Escape vulnerability

In vm2 for versions up to 3.9.19, Node.js custom inspect function allows attackers to escape the sandbox and run arbitrary code. Impact Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox. Patches None. Workarounds None. References...

10CVSS7.2AI score0.0279EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2020/06/15 6:51 p.m.•337 views

Improper Privilege Management in Tomcat

When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that...

9.8CVSS9.3AI score0.9927EPSS
Exploits45References92Affected Software1
Github Security Blog
Github Security Blog
•added 2021/11/03 5:34 p.m.•336 views

Inefficient Regular Expression Complexity in validator.js

validator.js prior to 13.7.0 is vulnerable to Inefficient Regular Expression Complexity...

7.5CVSS7.5AI score0.01666EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2023/11/08 9:30 p.m.•335 views

Axios Cross-Site Request Forgery Vulnerability

An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information...

6.5CVSS6.7AI score0.00556EPSS
Exploits1References12Affected Software1
Github Security Blog
Github Security Blog
•added 2022/12/25 9:30 p.m.•335 views

flat vulnerable to Prototype Pollution

flat helps flatten/unflatten nested Javascript objects. A vulnerability, which was classified as critical, was found in hughsk flat up to 5.0.0. This affects the function unflatten of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes...

9.8CVSS9.1AI score0.01107EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
•added 2020/04/03 9:48 p.m.•333 views

Prototype Pollution in minimist

Affected versions of minimist are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of Object, causing the addition or modification of an existing property that will exist on all objects. Parsing the argument --proto.y=Polluted...

6.8CVSS7.1AI score0.01884EPSS
Exploits2References9Affected Software1
Github Security Blog
Github Security Blog
•added 2023/04/04 9:20 p.m.•325 views

SvelteKit vulnerable to Cross-Site Request Forgery

Summary The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protection to it’s users. The protection i...

8.8CVSS8.6AI score0.00557EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2023/01/31 6:30 a.m.•325 views

http-cache-semantics vulnerable to Regular Expression Denial of Service

http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache poli...

7.5CVSS7.9AI score0.01613EPSS
Exploits1References7Affected Software2
Github Security Blog
Github Security Blog
•added 2021/06/18 6:46 p.m.•325 views

CRLF injection in urllib3

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest. NOTE: this is similar to CVE-2020-26116...

6.5CVSS7.5AI score0.02269EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
•added 2020/03/13 8:36 p.m.•325 views

Withdrawn: ESLint dependencies are vulnerable (ReDoS and Prototype Pollution)

Withdrawn GitHub has withdrawn this advisory in place of GHSA-vh95-rmgr-6w4m and GHSA-6chw-6frg-f759. The reason for withdrawing is that some mistakes were made during the ingestion of CVE-2020-7598 which caused this advisory to be published with incorrect information. In order to provide accurat...

6.8CVSS1AI score0.01884EPSS
Exploits2References3Affected Software2
Github Security Blog
Github Security Blog
•added 2023/03/23 8:32 p.m.•322 views

json-smart Uncontrolled Recursion vulnerability

Impact Affected versions of net.minidev:json-smart are vulnerable to Denial of Service DoS due to a StackOverflowError when parsing a deeply nested JSON array or object. When reaching a ‘‘ or ‘‘ character in the JSON input, the code parses an array or an object respectively. It was discovered tha...

7.5CVSS7.7AI score0.01119EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
•added 2026/01/16 9:15 p.m.•320 views

REC in MCPJam inspector due to HTTP Endpoint exposes

Summary MCPJam inspector is the local-first development platform for MCP servers. The Latest version Versions 1.4.2 and earlier are vulnerable to remote code execution RCE vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leadi...

9.8CVSS8.2AI score0.43671EPSS
Exploits32References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/08/25 2:48 p.m.•318 views

XStream is vulnerable to an Arbitrary Code Execution attack

Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...

8.5CVSS8.8AI score0.16118EPSS
Exploits2References13Affected Software1
Github Security Blog
Github Security Blog
•added 2026/06/04 2:15 p.m.•314 views

Axios: Proxy-Authorization header leaks to redirect target when proxy is re-evaluated to direct connection

Summary Axios’ Node.js HTTP adapter can leak proxy credentials to a redirect target in affected versions. When a request is sent through an authenticated proxy, Axios may add a Proxy-Authorization header. If Axios then follows a redirect and the redirected request is no longer sent through that...

7.5CVSS5.9AI score0.00552EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/04 5:43 p.m.•311 views

cumulative-distribution-function Infinite Loop vulnerability

Impact Apps using this library on improper data may crash or go into an infinite-loop In the case of a nodejs server-app using this library to act on invalid non-numeric data, the nodejs server may crash. This may affect other users of this server and/or require the server to be rebooted for prop...

7.5CVSS0.3AI score0.01979EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2018/10/19 4:16 p.m.•309 views

Jetty vulnerable to authorization bypass due to inconsistent HTTP request handling (HTTP Request Smuggling)

Eclipse Jetty Server versions 9.2.x and older, 9.3.x all non HTTP/1.x configurations, and 9.4.x all HTTP/1.x configurations, are vulnerable to HTTP Request Smuggling when presented with two content-lengths headers, allowing authorization bypass. When presented with a content-length and a chunked...

9.8CVSS1.5AI score0.20985EPSS
Exploits0References18Affected Software1
Github Security Blog
Github Security Blog
•added 2022/10/03 12:0 a.m.•308 views

Uncontrolled Resource Consumption in FasterXML jackson-databind

In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer.deserializeFromArray to prevent use of deeply nested arrays. This issue can only happen when the UNWRAPSINGLEVALUEARRAYS feature is explicitly...

7.5CVSS7.8AI score0.02656EPSS
Exploits1References12Affected Software1
Github Security Blog
Github Security Blog
•added 2024/09/18 3:47 p.m.•306 views

Camaleon CMS vulnerable to remote code execution through code injection (GHSL-2024-185)

The actions defined inside of the MediaController class do not check whether a given path is inside a certain path e.g. inside the media folder. If an attacker performed an account takeover of an administrator account See: GHSL-2024-184 they could delete arbitrary files or folders on the server...

7.3AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2024/04/05 6:30 a.m.•306 views

SheetJS Regular Expression Denial of Service (ReDoS)

SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expression Denial of Service ReDoS. A non-vulnerable version cannot be found via npm, as the repository hosted on GitHub and the npm package xlsx are no longer maintained. Version 0.20.2 can be downloaded via https://cdn.sheetjs.com...

7.5CVSS7.4AI score0.00843EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/04 4:17 a.m.•305 views

Jackson Core: Document length constraint bypass in blocking, async, and DataInput parsers

Summary Jackson Core 3.x does not consistently enforce StreamReadConstraints.maxDocumentLength. Oversized JSON documents can be accepted without a StreamConstraintsException in multiple parser entry points, which allows configured size limits to be bypassed and weakens denial-of-service...

6.1AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/06/15 5:26 p.m.•304 views

form-data: CRLF injection in form-data via unescaped multipart field names and filenames

Summary form-data builds multipart/form-data request bodies. Through v4.0.5, the field name passed to FormDataappend and the filename option are concatenated directly into the Content-Disposition header with no escaping of CR \r, LF \n, or ". An application that uses untrusted input as a field na...

8.7CVSS5.5AI score0.00409EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/24 5:33 p.m.•303 views

Magento 2 Community Edition RCE via Unsafe File Upload

Magento versions 2.4.0 and 2.3.5p1 and earlier are affected by an unsafe file upload vulnerability that could result in arbitrary code execution. This vulnerability could be abused by authenticated users with administrative permissions to the System/Data and Transfer/Import components...

9.1CVSS7.5AI score0.0552EPSS
Exploits1References3Affected Software2
Github Security Blog
Github Security Blog
•added 2023/09/13 3:44 p.m.•298 views

Craft CMS Remote Code Execution vulnerability

Impact This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. Mitigations This has been fixed in Craft 4.4.15. You should ensure you’re running at least that version. Refresh you...

10CVSS9AI score0.92918EPSS
Exploits10References9Affected Software1
Github Security Blog
Github Security Blog
•added 2024/10/11 5:27 p.m.•297 views

DOMpurify has a nesting-based mXSS

DOMpurify was vulnerable to nesting-based mXSS fixed by 0ef5e537 2.x and merge 943 Backporter should be aware of GHSA-mmhx-hmjr-r674 CVE-2024-45801 when cherry-picking POC is avaible under test...

10CVSS6.6AI score0.01093EPSS
Exploits2References8Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/13 8:57 p.m.•296 views

AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion

Summary AutoMapper is vulnerable to a Denial of Service DoS attack. When mapping deeply nested object graphs, the library uses recursive method calls without enforcing a default maximum depth limit. This allows an attacker to provide a specially crafted object graph that exhausts the thread's sta...

7.5CVSS5.9AI score0.00542EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
•added 2023/09/25 6:37 p.m.•294 views

Searchor CLI's Search vulnerable to Arbitrary Code using Eval

An issue in Arjun Sharda's Searchor before version v.2.4.2 allows an attacker to execute arbitrary code via a crafted script to the eval function in Searchor's src/searchor/main.py file, affecting the search feature in Searchor's CLI Command Line Interface. Impact Versions equal to, or below 2.4....

9.8CVSS7.2AI score0.02565EPSS
Exploits3References8Affected Software1
Github Security Blog
Github Security Blog
•added 2022/02/09 10:29 p.m.•291 views

Resource exhaustion in engine.io

Engine.IO before 4.0.0 and 3.6.0 allows attackers to cause a denial of service resource consumption via a POST request to the long polling transport...

7.5CVSS7.2AI score0.03237EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2021/10/26 2:55 p.m.•289 views

XSS in `*Text` options of the Datepicker widget in jquery-ui

Impact Accepting the value of various Text options of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: js $ "datepicker" .datepicker showButtonPanel: true, showOn: "both", closeText: "doEvilThing 'closeText XSS...

6.5CVSS0.7AI score0.07948EPSS
Exploits1References25Affected Software4
Github Security Blog
Github Security Blog
•added 2021/12/14 6:1 p.m.•288 views

Incomplete fix for Apache Log4j vulnerability

Impact The fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allow attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup for...

10CVSS2.2AI score0.99999EPSS
Exploits353References29Affected Software2
Github Security Blog
Github Security Blog
•added 2021/10/26 2:55 p.m.•286 views

XSS in the `of` option of the `.position()` util in jquery-ui

Impact Accepting the value of the of option of the .position util from untrusted sources may execute untrusted code. For example, invoking the following code: js $ "element" .position my: "left top", at: "right bottom", of: "", collision: "none" ; will call the doEvilThing function. Patches The...

6.5CVSS0.6AI score0.44515EPSS
Exploits2References22Affected Software4
Github Security Blog
Github Security Blog
•added 2019/01/17 1:57 p.m.•284 views

bootstrap Cross-site Scripting vulnerability

In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property...

6.1CVSS1.6AI score0.03984EPSS
Exploits1References18Affected Software4
Github Security Blog
Github Security Blog
•added 2023/08/09 12:56 p.m.•283 views

.NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2023-38180: .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.1, .NET 6.0, and .NET 7.0. This advisory also provides guidance on what developers can do...

7.5CVSS6.6AI score0.15519EPSS
Exploits0References8Affected Software5
Total number of security vulnerabilities5000