Lucene search
K
GithubMost viewed

33225 matches found

Github Security Blog
Github Security Blog
added 2021/06/09 5:14 p.m.71 views

Header injection possible in Django

In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 with Python 3.9.5+, URLValidator does not prohibit newlines and tabs unless the URLField form field is used. If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffecte...

6.1CVSS0.8AI score0.03146EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/01 9:57 p.m.71 views

Kiali Authentication Bypass vulnerability

An authentication bypass vulnerability was found in Kiali in versions before 1.31.0 when the authentication strategy OpenID is used. When RBAC is enabled, Kiali assumes that some of the token validation is handled by the underlying cluster. When OpenID implicit flow is used with RBAC turned off,...

6.5CVSS3.9AI score0.00763EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/27 7:0 p.m.71 views

Weave Net clusters susceptible to MitM attacks via IPv6 rogue router advertisements

Impact An attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. In a cluster with an IPv4 internal network, if IPv6 is not totally disabled on the host via ipv6.disable=1 on the kernel cmdline, it wi...

5.8CVSS0.7AI score0.0086EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/25 6:44 p.m.71 views

Arbitrary code execution due to an uncontrolled search path for the git binary

Impact The go language recently addressed a security issue in the way that binaries are found before being executed. Some operating systems like Windows persist to have the current directory being part of the default search path, and having priority over the system-wide path. This means that it's...

9.8CVSS3AI score0.01719EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/24 4:56 p.m.71 views

Local Privilege Escalation in cloudflared

In cloudflared versions 2020.8.1 corresponding to 0.0.0-20200820025921-9323844ea773 on pkg.go.dev on Windows, if an administrator has started cloudflared and set it to read configuration files from a certain directory, an unprivileged user can exploit a misconfiguration in order to escalate...

7.8CVSS7.3AI score0.00348EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/18 1:52 a.m.71 views

Credential leak in react-native-fast-image

This affects all versions before version 8.3.0 of package react-native-fast-image. When an image with source=uri: "...", headers: host: "somehost.com", authorization: "..." is loaded, all other subsequent images will use the same headers, this can lead to signing credentials or other session toke...

5.3CVSS5.5AI score0.0158EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/17 9:0 p.m.71 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes in casperjs

Overview casperjs is a navigation scripting & testing utility for PhantomJS and SlimerJS. Affected versions of this package are vulnerable to Prototype Pollution via the mergeObjects utility function. PoC js var payload = JSON.parse'"proto": "a": "pwned"'; mergeObjects, payload; console.log.a; //...

9.8CVSS8.7AI score0.01956EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/07 4:16 p.m.71 views

OS Command Injection in closure-compiler-stream

closure-compiler-stream through 0.1.15 allows execution of arbitrary commands. The argument options of the exports function in index.js can be controlled by users without any sanitization...

9.8CVSS9.1AI score0.02512EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/06 6:53 p.m.71 views

SQL Injection in pimcore

"The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable to SQL Injection in data classification functionality in ClassificationstoreController. This can be exploited by sending a specifically-crafted input in the relationIds parameter as demonstrated by the following request:...

7.2CVSS7.4AI score0.01345EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/30 5:28 p.m.71 views

HTTP Request Smuggling in Undertow

A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling...

6.5CVSS2.6AI score0.01005EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/22 4:20 p.m.71 views

Directory Traversal in Archive_Tar

Tar.php in ArchiveTar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948. :exclamation: Note: There was an initial fix for this vulnerability made in version 1.4.12. That fix introduced a bug which was...

7.5CVSS7.4AI score0.70595EPSS
Exploits0References19Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/20 4:30 p.m.71 views

Asyncpg Arbitrary Code Execution Via Access to an Uninitialized Pointer

asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code on a database client via a crafted server response, because of access to an uninitialized pointer in the array data decoder...

9.8CVSS9.2AI score0.02417EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/29 8:57 p.m.71 views

Chakra Scripting Engine Out-of-bounds write

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...

7.6CVSS6.7AI score0.02474EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/11 3:9 a.m.71 views

Generator Web Application: Local Privilege Escalation Vulnerability via System Temp Directory

Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. This...

7CVSS6.5AI score0.00414EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/02/25 4:32 p.m.71 views

NanoHTTPD Cross-site Scripting vulnerability

An issue was discovered in RouterNanoHTTPD.java in NanoHTTPD through 2.3.1. The GeneralHandler class implements a basic GET handler that prints debug information as an HTML page. Any web server that extends this class without implementing its own GET handler is vulnerable to reflected XSS, becaus...

6.1CVSS6AI score0.00751EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/02/18 8:51 p.m.71 views

Path traversal in bolt/core

Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Directory Traversal...

7.5CVSS3.8AI score0.01747EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/02/01 3:1 p.m.71 views

Prototype pollution in nested-object-assign

The package nested-object-assign before 1.0.4 is vulnerable to Prototype Pollution via the default function...

7.5CVSS4.2AI score0.0152EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/01/29 8:51 p.m.71 views

XSS in Mautic

Impact This is a cross-site scripting vulnerability relating to creating/editing a company which requires the user to be logged in as an administrator to be executed. This vulnerability was reported by Dardan Prebreza at Bishop Fox. Patches Upgrade to 3.2.4 or 2.16.5. Link to patch for 2.x...

0.6AI score
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/01 3:29 p.m.71 views

Cross-Site Scripting in bootstrap-tagsinput

All versions of bootstrap-tagsinput are vulnerable to cross-site scripting when user input is passed into the itemTitle parameter unmodified, as the package fails to properly sanitize or encode user input for that parameter. Recommendation This package is not actively maintained, and has not seen...

1.4AI score0.0067EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/05 2:21 p.m.71 views

Regular Expression Denial of Service in websocket-extensions (RubyGem)

Impact The ReDoS flaw allows an attacker to exhaust the server's capacity to process incoming requests by sending a WebSocket handshake request containing a header of the following form: Sec-WebSocket-Extensions: a; b="\c\c\c\c\c\c\c\c\c\c ... That is, a header containing an unclosed string...

7.5CVSS7.4AI score0.04404EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2020/05/21 9:9 p.m.71 views

Information disclosure issue in Active Resource

There is a possible information disclosure issue in Active Resource v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak information...

7.5CVSS3.2AI score0.02224EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/05/13 10:19 p.m.71 views

Information Disclosure in Password Reset

In TYPO3 CMS 10.4.0 through 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts. This has been fixed in 10.4.2...

4.3CVSS3.2AI score0.01188EPSS
Exploits0References8Affected Software2
Github Security Blog
Github Security Blog
added 2020/04/29 5:41 p.m.71 views

Authentication and extension bypass in Faye

On 20 April 2020 it was reported to me that the potential for authentication bypass exists in Faye1's extension system. This vulnerability has existed in the Node.js and Ruby versions of the server since version 0.5.0, when extensions were first introduced, in July 2010. It is patched in versions...

9.8CVSS9.2AI score0.01534EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/04/15 9:8 p.m.71 views

Exposure of Sensitive Information to an Unauthorized Actor in Keycloak

It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information...

4.3CVSS5.1AI score0.00717EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2020/02/24 5:34 p.m.71 views

discord-html not escaping HTML code blocks when lacking a language identifier

Impact Any website using discord-markdown with user-generated markdown is vulnerable to having code injected into the page where the markdown is displayed. Patches This has been patched in version 2.3.1 Workarounds Escape the characters & before sending plain code blocks to discord-markdown...

1.2AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/02/12 6:45 p.m.71 views

Improper authentication in Symfony

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled. This is related to symfony/securit...

7.5CVSS4.6AI score0.01243EPSS
Exploits0References9Affected Software3
Github Security Blog
Github Security Blog
added 2020/01/30 9:22 p.m.71 views

Unauthenticated Access Via OAI-PMH

Impact Media publication via OAI-PMH allows unauthenticated public access to all media and metadata by default. OAI-PMH is part of the default workflow and is activated by default, requiring active user intervention of users to protect media. This leads to users unknowingly handing out public...

7.6CVSS3.9AI score0.00977EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2019/11/20 1:38 a.m.71 views

XXE in PHPSpreadsheet due to encoding issue

securityScan in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file...

8.8CVSS3.1AI score0.07791EPSS
Exploits4References12Affected Software2
Github Security Blog
Github Security Blog
added 2019/08/27 5:36 p.m.71 views

Cross-Site Scripting in cyberchef

Versions of cyberchef prior to 8.31.3 are vulnerable to Cross-Site Scripting. In Text Encoding Brute Force the table rows are created by concatenating the value variable unsanitized in the HTML code. If this variable is controlled by user input it allows attackers to execute arbitrary JavaScript ...

6.1CVSS4.2AI score0.01311EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2019/06/13 8:2 p.m.71 views

Credential exposure through log files in Undertow

A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUESTLOGGER.undertowRequestFailedt, exchange...

9.8CVSS0.3AI score0.03412EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2018/11/01 2:48 p.m.71 views

Unrestricted Upload of File with Dangerous Type in mingsoft:ms-mcms

An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Since the upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First, start an upload of JSP code with a .png filename, and then intercep...

9.8CVSS2.1AI score0.01205EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/18 5:42 p.m.71 views

jackson-databind vulnerable to deserialization flaw leading to unauthenticated remote code execution

jackson-databind in versions prior to 2.8.11 and 2.9.4 contain a deserialization flaw which allows an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525, blacklisting...

9.8CVSS9.4AI score0.08411EPSS
Exploits2References40Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 5:15 p.m.70 views

JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases

Summary A crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size and can block a Node.js worker/event loop for seconds with a relative...

5.3CVSS5.5AI score0.00259EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 4:17 p.m.70 views

n8n: Credential exfiltration via Allowed HTTP Request Domains Bypass

Impact The POST /rest/dynamic-node-parameters/options endpoint allowed any authenticated user to cause the n8n server to issue HTTP requests including credentials bypassing the intended restrictions on which hosts could be contacted for that credential Allowed HTTP Request Domains. The user neede...

9.9CVSS5.8AI score0.00262EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/25 11:27 p.m.70 views

LiteLLM: Authenticated command execution via MCP stdio test endpoints

Impact Two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration in the request body, including the command, args, and env fields used by the stdio transport. When called with a stdio...

8.8CVSS5.7AI score0.80188EPSS
Exploits2References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/02/11 6:6 p.m.70 views

Vulnerable OpenSSL included in cryptography wheels

pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue. More details about the vulnerability itself can be found in https://openssl-library.org/news/secadv/20250211.txt. If you are...

6.3CVSS4.2AI score0.02439EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/31 6:30 a.m.70 views

Ollama does not validate the format of the digest (sha256 with 64 hex digits)

Ollama before 0.1.34 does not validate the format of the digest sha256 with 64 hex digits when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../ substring...

8.8CVSS6.6AI score0.89633EPSS
Exploits4References8Affected Software1
Github Security Blog
Github Security Blog
added 2024/03/18 3:30 p.m.70 views

Erroneous authentication pass in Spring Security

In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVotervote passing a null...

8.2CVSS8.3AI score0.00948EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/12/05 6:11 p.m.70 views

Traefik incorrectly processes fragment in the URL, leads to Authorization Bypass

Summary When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates the RFC because in the origin-form the URL should only contain the absolute path and the query. When this is combined with another fronte...

6.5CVSS7AI score0.00625EPSS
Exploits1References6Affected Software2
Github Security Blog
Github Security Blog
added 2023/08/23 8:42 p.m.70 views

Alertmanager UI is vulnerable to stored XSS via the /api/v1/alerts endpoint

Impact An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. Patches Users can upgrade to Alertmanager v0.2.51. Workarounds Users can setup a reverse proxy in front of the...

7.5CVSS7.3AI score0.00568EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/04 9:12 p.m.70 views

Docker Swarm encrypted overlay network traffic may be unencrypted

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component dockerd, which is developed as moby/moby is commonly referred to as Docker. Swarm Mode, which is...

6.8CVSS6.8AI score0.00696EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/09 12:30 a.m.70 views

builderio/qwik is vulnerable to code injection

Code Injection in GitHub repository builderio/qwik prior to 0.21.0. The Function deserializer can be accessed using the pureServerFunction feature. This allows any Javascript code to be run by node.js...

10CVSS9.5AI score0.01149EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 4:57 p.m.70 views

Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl

A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist...

9.8CVSS3.1AI score0.49727EPSS
Exploits3References19Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 1:14 a.m.70 views

Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ

The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting XSS attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a...

5.4CVSS5AI score0.06068EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:14 a.m.70 views

Improper Input Validation in BeanShell

BeanShell bsh before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler...

8.1CVSS7.5AI score0.70425EPSS
Exploits1References19Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 12:1 a.m.70 views

Exposure of Sensitive Information in eventsource

When fetching an url with a link to an external site Redirect, the users Cookies & Autorisation headers are leaked to the third party application. According to the same-origin-policy, the header should be "sanitized."...

9.3CVSS1.5AI score0.01799EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/10 8:46 a.m.70 views

Local Information Disclosure Vulnerability in io.netty:netty-codec-http

Description GHSA-5mcr-gq6c-3hq2 CVE-2021-21290 contains an insufficient fix for the vulnerability identified. Impact When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This...

5.5CVSS1AI score0.01044EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/04/13 12:0 a.m.70 views

Prototype Pollution in nconf

nconf before 0.11.4. When using the memory engine, it is possible to store a nested JSON representation of the configuration. The .set function, that is responsible for setting the configuration properties, is vulnerable to Prototype Pollution. By providing a crafted property, it is possible to...

7.5CVSS2.6AI score0.01753EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/12 12:0 a.m.70 views

Hard coded credentials in FreeTAKServer

FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges...

8.8CVSS5.5AI score0.01035EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/11 11:23 p.m.70 views

In-band key negotiation issue in AWS S3 Crypto SDK for golang

Summary The golang AWS S3 Crypto SDK is impacted by an issue that can result in loss of confidentiality and message forgery. The attack requires write access to the bucket in question, and that the attacker has access to an endpoint that reveals decryption failures without revealing the plaintext...

2.5CVSS5.7AI score0.00231EPSS
Exploits1References10Affected Software1
Total number of security vulnerabilities5000