Lucene search
K
GithubMost viewed

33225 matches found

Github Security Blog
Github Security Blog
added 2021/03/26 7:52 p.m.72 views

Cross-site scripting (XSS) vulnerability in the password reset endpoint

Impact The password reset endpoint served via Synapse was vulnerable to cross-site scripting XSS attacks. The impact depends on the configuration of the domain that Synapse is deployed on, but may allow access to cookies and other browser data, CSRF vulnerabilities, and access to other resources...

8.2CVSS1.3AI score0.01221EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/12 8:24 p.m.72 views

Cross-site scripting (XSS) in Apache Velocity Tools

The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to...

6.1CVSS1.7AI score0.06357EPSS
Exploits0References10Affected Software2
Github Security Blog
Github Security Blog
added 2021/02/02 9:42 p.m.72 views

Unbounded connection acceptance in http4s-blaze-server

Impact blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its selector pool. This has the net effect of amplifying degradation in services that are unable to handle their current request load, since incoming connections are still accepted and added to an...

7.5CVSS0.1AI score0.02146EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2020/10/27 8:33 p.m.72 views

RSA decryption vulnerable to Bleichenbacher timing vulnerability

RSA decryption was vulnerable to Bleichenbacher timing vulnerabilities, which would impact people using RSA decryption in online scenarios. This is fixed in cryptography 3.2...

5.9CVSS3.3AI score0.02454EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2020/05/13 11:18 p.m.72 views

Cross-Site Scripting in TYPO3 CMS Link Handling

It has been discovered that link tags generated by typolink functionality are vulnerable to cross-site scripting - properties being assigned as HTML attributes have not been parsed correctly. Update to TYPO3 versions 9.5.17 or 10.4.2 that fix the problem described. References...

5.4CVSS1.1AI score0.0054EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2020/05/06 7:51 p.m.72 views

XSS in Apache Airflow

In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new "RBAC" UI is unaffected...

4.8CVSS2.7AI score0.01871EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/04/16 3:14 a.m.72 views

Insecure Entropy Source - Math.random() in node-uuid

Affected versions of node-uuid consistently fall back to using Math.random as an entropy source instead of crypto, which may result in guessable UUID's. Recommendation Update to version 1.4.4 or later...

7.5CVSS7.3AI score0.02257EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2020/01/16 10:17 p.m.72 views

Remote code execution in verot/class.upload.php

class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions...

9.8CVSS2.9AI score0.26184EPSS
Exploits7References12Affected Software1
Github Security Blog
Github Security Blog
added 2019/12/26 4:34 p.m.72 views

HTTP Request Smuggling: Invalid whitespace characters in headers in Waitress

Impact If a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Content-Length: 10 Transfer-Encoding: \x0bchunked For clarity: 0x0b == vertical...

6.6AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2019/12/02 6:16 p.m.72 views

Pomelo allows external control of critical state data

Pomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js because certain internal attributes can be overwritten via a conflicting name. Hence, a malicious...

5.3CVSS5.6AI score0.01157EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/17 8:5 p.m.72 views

Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted...

8.8CVSS3.6AI score0.02427EPSS
Exploits0References19Affected Software1
Github Security Blog
Github Security Blog
added 2018/07/27 5:4 p.m.72 views

Denial of Service in https-proxy-agent

Versions of https-proxy-agent before 2.2.0 are vulnerable to denial of service. This is due to unsanitized options proxy.auth being passed to Buffer. Recommendation Update to version 2.2.0 or later...

9.1CVSS4.1AI score0.02012EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 4:34 p.m.71 views

ws: Memory exhaustion DoS from tiny fragments and data chunks

Impact A high volume of exceptionally small fragments and data chunks can be sent by a peer, with modest network traffic, to force the remote peer into allocating and holding structural wrappers that consume far more memory than the default documented message-size limit, leading to process...

7.5CVSS5.3AI score0.00782EPSS
Exploits1References21Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 4:50 p.m.71 views

Symfony Vulnerable to Identity Spoofing via Unanchored DN Regex in X509Authenticator

Description X509Authenticator implements client-certificate mTLS authentication: the web server validates the client's certificate against a trusted CA, then passes the certificate's Subject DN Distinguished Name: a string like CN=Alice,O=Example,[email protected] to Symfony via...

5.8AI score0.00069EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2025/12/10 6:30 p.m.71 views

Jenkins Coverage Plugin has a stored cross-site scripting (XSS) vulnerability

Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and earlier does not validate the configured coverage results ID when creating coverage results, only when submitting the job configuration through the UI, allowing attackers with Item/Configure permission to use a javascript: scheme URL as identifier ...

8CVSS6AI score0.00262EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/10 6:30 p.m.71 views

Jenkins's build authorization token is stored and displayed in plain text

Jenkins 2.540 and earlier, LTS 2.528.2 and earlier does not mask build authorization tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

4.3CVSS6.8AI score0.00139EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/06/18 12:30 p.m.71 views

Grafana long dashboard title or panel name causes unresponsives

In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana. This issue affects Grafana: before 11.6.2 and is fixed in 11.6.2 and higher...

2.7CVSS3.7AI score0.00394EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/09/13 6:31 p.m.71 views

LiteLLM Server-Side Request Forgery (SSRF) vulnerability

A Server-Side Request Forgery SSRF vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the apibase parameter when making requests to POST /chat/completions, causing the application to send the request to the domain specified by apibase. This request...

7.5CVSS6.7AI score0.37197EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/07/11 6:31 p.m.71 views

Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability

Withdrawn Advisory This advisory is withdrawn because it was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security model, and the associated CVE ha...

6.5AI score
Exploits0References5Affected Software5
Github Security Blog
Github Security Blog
added 2024/07/11 5:42 p.m.71 views

Mimekit has vulnerable dependency that can lead to denial of service

Summary Denial of service vulnerability. Details See: https://github.com/advisories/GHSA-447r-wph3-92pm and https://github.com/dotnet/announcements/issues/312 PoC Update System.Security.Cryptography.Pkcs to 8.0.1 so that the transitive dependency with the issue gets updated Impact Denial of servi...

7.2AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/07/09 9:14 p.m.71 views

Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulnerability

Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0. This advisory also provides guidance on what developers can do to update their applicatio...

8.1CVSS8AI score0.02565EPSS
Exploits0References5Affected Software12
Github Security Blog
Github Security Blog
added 2024/05/13 4:4 p.m.71 views

@valtimo/components exposes access token to form.io

Impact When opening a form in Valtimo, the access token JWT of the user is exposed to api.form.io via the the x-jwt-token header. An attacker can retrieve personal information from this token, or use it to execute requests to the Valtimo REST API on behalf of the logged-in user. This issue is...

9.8CVSS7.1AI score0.01057EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2024/02/21 12:10 a.m.71 views

MeshCentral cross-site websocket hijacking (CSWSH) vulnerability

We have identified a cross-site websocket hijacking CSWSH vulnerability within the control.ashx endpoint of MeshCentral. This component is the primary mechanism used within MeshCentral to perform administrative actions on the server. To demonstrate the impact of the vulnerability we developed a...

8.8CVSS6.7AI score0.00464EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/24 6:31 p.m.71 views

Cross-site WebSocket hijacking vulnerability in the Jenkins CLI

Jenkins has a built-in command line interface CLI to access Jenkins from a script or shell environment. Since Jenkins 2.217 and LTS 2.222.1, one of the ways to communicate with the CLI is through a WebSocket endpoint. This endpoint relies on the default Jenkins web request authentication...

8.8CVSS7.1AI score0.66921EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/10 3:37 p.m.71 views

Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients

Impact A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the...

9.8CVSS8AI score0.01523EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2023/11/14 8:33 p.m.71 views

Bypassing Cross-Site Scripting Protection in TYPO3 HTML Sanitizer

CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 4.4 Problem DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. Solution Update to typo3/html-sanitizer versions 1.5.3 or 2.1.4 that fix the proble...

6.1CVSS4.7AI score0.00574EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/04 9:13 p.m.71 views

Docker Swarm encrypted overlay network may be unauthenticated

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component dockerd, which is developed as moby/moby is commonly referred to as Docker. Swarm Mode, which is...

8.7CVSS7.4AI score0.02733EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/31 10:44 p.m.71 views

Karate has vulnerable dependency on json-smart package (CVE-2023-1370)

Summary The CVE How to fix it Very simple, just upgrade json-path package to 2.8.0 from 2.7.0 inside karate-core pom.xml ;...

7.5CVSS7.6AI score0.01119EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/01/27 1:4 a.m.71 views

safeurl-python contains Server-Side Request Forgery

Description In SafeURL it is possible to specify a list of domains that should be matched before a request is sent out. The regex used to compare domains did not work as intended. Impact The regex used was: re.match"?i^%s" % domain, value This has two problems, first that only the beginning and n...

5.3CVSS5.5AI score0.00558EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/23 12:30 a.m.71 views

pypa/setuptools vulnerable to Regular Expression Denial of Service (ReDoS)

Python Packaging Authority PyPA's setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerabl...

5.9CVSS6AI score0.02617EPSS
Exploits1References17Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/22 3:32 a.m.71 views

jsonwebtoken unrestricted key type could lead to legacy keys usage

Overview Versions =8.5.1 of jsonwebtoken library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. Am I affected? You are affected if you are using an algorithm and a key type other than the...

8.1CVSS6.6AI score0.00479EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/11 9:6 p.m.71 views

DoS in KubeEdge's Websocket Client in package Viaduct

Impact A large response received by the viaduct WSClient can cause a DoS from memory exhaustion. The entire body of the response is being read into memory which could allow an attacker to send a request that returns a response with a large body. The consequence of the exhaustion is that the proce...

6.5CVSS6.2AI score0.00672EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 12:47 p.m.71 views

Use of a Broken or Risky Cryptographic Algorithm in XWiki Crypto API

Impact XWiki Crypto API will generate X509 certificates signed by default using SHA1 with RSA, which is not considered safe anymore for use in certificate signatures, due to the risk of collisions with SHA1. Note that this API is never used in XWiki Standard but it might be used in some extension...

9.8CVSS8.8AI score0.00385EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/04/13 12:0 a.m.71 views

Expression Language Injection in Apache Struts

The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %... syntax. Using forced OGNL evaluation on untrusted user input can lead to a...

9.8CVSS2.1AI score0.95922EPSS
Exploits16References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/04/12 10:41 p.m.71 views

go.etcd.io/etcd Authentication Bypass

etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control RBAC is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name CN which matches a valid RBAC username, a remot...

8.1CVSS8AI score0.04031EPSS
Exploits0References14Affected Software2
Github Security Blog
Github Security Blog
added 2022/02/15 1:57 a.m.71 views

Access Restriction Bypass in kubernetes

The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object. Specific Go Packages Affected github.com/kubernetes/kubernetes/pkg/apiserver...

7.7CVSS7.1AI score0.01583EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/10 11:5 p.m.71 views

Improper Authentication in Apache Spark

In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication spark.authenticate via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even...

9.8CVSS9.3AI score0.29157EPSS
Exploits0References9Affected Software2
Github Security Blog
Github Security Blog
added 2022/01/06 5:36 p.m.71 views

Unprivileged pod using `hostPath` can side-step active LSM when it is SELinux

Impact Containers launched through containerd’s CRI implementation on Linux systems which use the SELinux security module and containerd versions since v1.5.0 can cause arbitrary files and directories on the host to be relabeled to match the container process label through the use of...

9.1CVSS0.7AI score0.0169EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/12/09 7:9 p.m.71 views

HTTP request smuggling in netty

Impact Netty currently just skips control chars when these are present at the beginning / end of the header name. We should better fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names...

6.5CVSS7.8AI score0.02682EPSS
Exploits0References10Affected Software3
Github Security Blog
Github Security Blog
added 2021/10/19 8:14 p.m.71 views

Client metadata path-traversal

Impact In both clients tuf/client and tuf/ngclient, there is a path traversal vulnerability that in the worst case can overwrite files ending in .json anywhere on the client system on a call to getonevalidtargetinfo. It occurs because the rolename is used to form the filename, and may contain pat...

8.8CVSS1.8AI score0.01404EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/01 6:23 p.m.72 views

axios Inefficient Regular Expression Complexity vulnerability

axios before v0.21.2 is vulnerable to Inefficient Regular Expression Complexity...

7.8CVSS7.5AI score0.08515EPSS
Exploits2References17Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/30 4:13 p.m.71 views

October CMS auth bypass and account takeover

Impact An attacker can exploit this vulnerability to bypass authentication using a specially crafted persist cookie. - To exploit this vulnerability, an attacker must obtain a Laravel’s secret key for cookie encryption and signing. - Due to the logic of how this mechanism works, a targeted user...

9.1CVSS0.4AI score0.90418EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/02 5:29 p.m.71 views

Remote code execution in ChakraCore

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1057, CVE-2020-1180...

7.6CVSS2.5AI score0.02125EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/26 9:34 p.m.71 views

Missing Authorization in TYPO3 extension

The directmail extension through 5.2.3 for TYPO3 has Broken Access Control for newsletter subscriber tables...

4.3CVSS3.4AI score0.00778EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/23 6:14 p.m.71 views

Plugin archive directory traversal in Helm

The Helm core maintainers have identified an information disclosure vulnerability in Helm 3.0.0-3.2.3. Impact A traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and...

8.5CVSS6.6AI score0.01458EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/23 5:28 p.m.71 views

Hugo can execute a binary from the current directory on Windows

Impact Hugo depends on Go's os/exec for certain features, e.g. for rendering of Pandoc documents if these binaries are found in the system %PATH% on Windows. However, if a malicious file with the same name exe or bat is found in the current working directory at the time of running hugo, the...

8.5CVSS8.3AI score0.01451EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/22 3:24 p.m.71 views

SQL Injection in NukeViet

modules/banners/funcs/click.php in NukeViet before 4.3.04 has a SQL INSERT statement with raw header data from an HTTP request e.g., Referer and User-Agent...

9.8CVSS9.3AI score0.02282EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/18 6:31 p.m.71 views

Deserialization of Untrusted Data in Tendenci

Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py...

9.8CVSS3.5AI score0.01338EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/09 5:14 p.m.71 views

Header injection possible in Django

In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 with Python 3.9.5+, URLValidator does not prohibit newlines and tabs unless the URLField form field is used. If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffecte...

6.1CVSS0.8AI score0.03146EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/01 9:57 p.m.71 views

Kiali Authentication Bypass vulnerability

An authentication bypass vulnerability was found in Kiali in versions before 1.31.0 when the authentication strategy OpenID is used. When RBAC is enabled, Kiali assumes that some of the token validation is handled by the underlying cluster. When OpenID implicit flow is used with RBAC turned off,...

6.5CVSS3.9AI score0.00763EPSS
Exploits0References4Affected Software1
Total number of security vulnerabilities5000