Lucene search
K
GithubMost viewed

33225 matches found

Github Security Blog
Github Security Blog
added 2022/01/12 11:4 p.m.70 views

Log entry injection in Spring Framework

In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more...

4.3CVSS3.2AI score0.00855EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/11/18 8:14 p.m.70 views

Spree Auth Devise vulnerability allows for authentication bypass through CSRF weakness

Impact CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of spreeauthdevise are affected if protectfromforgery method is both: Executed whether as: A beforeaction callback the default A prependbeforeaction option prepend: true given...

9.3CVSS8.7AI score0.0052EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/02 10:2 p.m.70 views

Type confusion in mpath

This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOfpartsi !== -1 returns -1 if partsi is 'proto'. This is because the method that has been called if the input is an array is...

9.8CVSS7.9AI score0.01723EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/09 8:41 p.m.70 views

Denial of Service in Elasticsearch

In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that...

6.5CVSS3.9AI score0.0166EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/28 6:57 p.m.70 views

Out-of-bounds write in ChakraCore

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827,...

7.6CVSS2.5AI score0.09363EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/26 9:22 p.m.70 views

Missing Authorization in TeamPass

Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. NOTE: the API is not available by default...

8.1CVSS4AI score0.0111EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/12 4:58 p.m.70 views

Regular Expression Denial of Service in Addressable templates

Impact Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless,...

7.5CVSS7AI score0.02199EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/23 6:2 p.m.70 views

Helm uses crypto package vulnerable to panic from malformed X.509 certificate

The Helm core maintainers have identified a high severity security vulnerability in Go's crypto package affecting all versions prior to Helm 2.16.8 and Helm 3.1.0. Thanks to @ravin9249 for identifying the vulnerability. Impact Go before 1.12.16 and 1.13.x before 1.13.7 and the crypto/cryptobyte...

7.8CVSS7.3AI score0.02582EPSS
Exploits0References16Affected Software3
Github Security Blog
Github Security Blog
added 2021/06/23 5:27 p.m.70 views

Path traversal in github.com/ipfs/go-ipfs

Impact It is currently possible for path traversal to occur with DAGs containing relative paths during retrieval. This can cause files to be overwritten, or written to incorrect output directories. The issue can only occur when ipfs get is done on an affected DAG. 1. The only affected command is...

8.1CVSS7.9AI score0.01699EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/21 2:28 p.m.70 views

Incomplete validation in `tf.raw_ops.CTCLoss`

Impact Incomplete validation in tf.rawops.CTCLoss allows an attacker to trigger an OOB read from heap: python import tensorflow as tf inputs = tf.constant, shape=10, 16, 0, dtype=tf.float32 labelsindices = tf.constant, shape=8, 0, dtype=tf.int64 labelsvalues = tf.constant-100 8, shape=8,...

7.1CVSS1.6AI score0.0024EPSS
Exploits1References8Affected Software3
Github Security Blog
Github Security Blog
added 2021/05/21 2:28 p.m.70 views

Heap OOB and null pointer dereference in `RaggedTensorToTensor`

Impact Due to lack of validation in tf.rawops.RaggedTensorToTensor, an attacker can exploit an undefined behavior if input arguments are empty: python import tensorflow as tf shape = tf.constant-1, -1, shape=2, dtype=tf.int64 values = tf.constant, shape=0, dtype=tf.int64 defaultvalue =...

7.8CVSS0.5AI score0.00234EPSS
Exploits1References9Affected Software3
Github Security Blog
Github Security Blog
added 2021/05/19 11:2 p.m.70 views

Navigate endpoint is vulnerable to regex injection that may lead to Denial of Service.

Impact The regex injection that may lead to Denial of Service. Patches Will be patched in 2.4 and 3.0 Workarounds Versions lower than 2.x are only affected if the navigation module is added References See this pull request for the fix: https://github.com/graphhopper/graphhopper/pull/2304 If you...

6.5CVSS2.6AI score0.01404EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/18 1:53 a.m.70 views

Prototype pollution in controlled-merge

Prototype pollution vulnerability in 'controlled-merge' versions 1.0.0 through 1.2.0 allows attacker to cause a denial of service and may lead to remote code execution...

7.5CVSS7.6AI score0.03422EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/10 6:44 p.m.70 views

Regular Expression Denial of Service in dat.gui

All versions of package dat.gui are vulnerable to Regular Expression Denial of Service ReDoS via specifically crafted rgb and rgba values...

7.5CVSS7.3AI score0.02073EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/07 3:54 p.m.70 views

Man-in-the-middle attack in Apache Cassandra

In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and...

5.9CVSS4AI score0.02951EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/06 6:54 p.m.70 views

Reflected cross-site scripting in francoisjacquet/rosariosis

Reflected Cross-Site Scripting vulnerability in Modules.php in RosarioSIS Student Information System 6.5.1 allows remote attackers to execute arbitrary web script via embedding javascript or HTML tags in a GET request...

6.1CVSS5.6AI score0.0143EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/04 5:42 p.m.70 views

Regular expression Denial of Service (ReDoS) in EmailValidator class in V7 compatibility module in Vaadin 8

Unsafe validation RegEx in EmailValidator component in com.vaadin:vaadin-compatibility-server versions 8.0.0 through 8.12.4 Vaadin versions 8.0.0 through 8.12.4 allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses...

7.5CVSS5.7AI score0.01672EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/22 4:13 p.m.70 views

Authentication bypass in Apache Shiro

Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass...

9.8CVSS9AI score0.09056EPSS
Exploits0References13Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/22 3:53 p.m.70 views

Code Injection in oauth2-server

"oauth2-server aka node-oauth2-server through 3.1.1 implements OAuth 2.0 without PKCE. It does not prevent authorization code injection. This is similar to CVE-2020-7692. NOTE: the vendor states 'As RFC7636 is an extension, I think the claim in the Readme of "RFC 6749 compliant" is valid and not...

7.5CVSS8.6AI score0.0219EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/20 4:44 p.m.70 views

Improper Verification of Cryptographic Signature in ansible

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disablegpgcheck is set to False, which is the default behavior. This flaw...

7.1CVSS7.2AI score0.00233EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/22 4:53 p.m.70 views

lxml vulnerable to Cross-Site Scripting

An XSS vulnerability was discovered in the python lxml clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run...

6.1CVSS6.5AI score0.04002EPSS
Exploits1References16Affected Software1
Github Security Blog
Github Security Blog
added 2021/02/10 2:32 a.m.70 views

Leak of information via Store-API

Impact Leak of information via Store-API Patches We recommend to update to the current version 6.3.5.1. You can get the update to 6.3.5.1 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/shopware-6 The vulnerability could only be fixed by...

1.9AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/02/08 9:17 p.m.70 views

Regular Expression Denial of Service (REDoS) in Marked

Impact What kind of vulnerability is it? Who is impacted? Regular expression Denial of Service A Denial of Service attack can affect anyone who runs user generated code through marked. Patches Has the problem been patched? What versions should users upgrade to? patched in v2.0.0 Workarounds Is...

7.5CVSS2.2AI score0.02462EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/01/14 7:15 p.m.70 views

Kirby .dev domains and some reverse proxy setups were treated as local

Impact About our registration block In order to protect new installations on public servers that don't have an admin account for the Panel yet, we block account registration there by default. This is a security feature, which we implemented years ago in Kirby 2. It helps to avoid that you forget...

6.8CVSS5.7AI score0.00561EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2020/08/31 10:50 p.m.70 views

Potential Command Injection in libnotify

Versions 1.0.3 and earlier of libnotify are affected by a shell command injection vulnerability. This may result in execution of arbitrary shell commands, if user input is passed into libnotify.notify. Untrusted input passed in the call to libnotify.notify could result in execution of shell...

9.8CVSS9.5AI score0.02685EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/08/28 9:45 p.m.70 views

Cross Site Scripting and RCE in baserCMS

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting XSS and Remote Code Execution RCE. Impact: XSS to RCE via Arbitrary file upload. Attack vector is: Administrator must be logged in. Components are: ThemeFilesController.php, UploaderFilesController.php. Tested baserCMS Version : 4.3.6...

7.6CVSS1.4AI score0.02152EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/07/29 8:56 p.m.70 views

dot-prop Prototype Pollution vulnerability

Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects...

7.5CVSS4.8AI score0.03079EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/03/12 4:54 p.m.70 views

Improper Access Control in novajoin

A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens...

8.8CVSS4.1AI score0.00999EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/03/10 6:2 p.m.70 views

Denial of Service in uap-core when processing crafted User-Agent strings

Impact Some regexes are vulnerable to regular expression denial of service REDoS due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTPS request to maliciously crafted long strings. Patches Please update uap-ruby to = v2.6....

3.1AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2018/11/21 10:19 p.m.70 views

Ckeditor XSS Vulnerability

CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste. It was possible to execute XSS inside the CKEditor source area after persuading the victim to: i switch CKEditor to source mode, then ii paste a specially crafted HTML code, prepared by the attacker, into the opene...

6.1CVSS6.4AI score0.01954EPSS
Exploits1References9Affected Software3
Github Security Blog
Github Security Blog
added 2018/10/17 4:27 p.m.70 views

In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode

In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...

7.4CVSS5.1AI score0.02208EPSS
Exploits0References7Affected Software3
Github Security Blog
Github Security Blog
added 2026/06/15 5:36 p.m.69 views

Nodemailer: CRLF injection in Nodemailer List-* header comments allows arbitrary message header injection

Summary Nodemailer constructs List- headers from the caller-provided list message option using internally prepared header values. The list..comment field is inserted into those prepared values without removing CR \r or LF \n characters. Because prepared headers bypass the normal header-value...

6.1AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/02 8:1 p.m.69 views

OpenList vulnerable to Path Traversal in file copy and remove handlers

Summary The application contains a Path Traversal vulnerability CWE-22 in multiple file operation handlers. An authenticated attacker can bypass directory-level authorisation by injecting traversal sequences into filename components, enabling unauthorised file removal and copying across user...

8.8CVSS5.7AI score0.00598EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/02/11 6:31 p.m.69 views

Improper Authorization vulnerability in Magento and Adobe Commerce

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access...

9.1CVSS9.3AI score0.16505EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2025/01/15 6:30 a.m.69 views

Mongoose search injection vulnerability

Mongoose versions prior to 8.9.5, 7.8.4, and 6.13.6 are vulnerable to improper use of the $where operator. This vulnerability arises from the ability of the $where clause to execute arbitrary JavaScript code in MongoDB queries, potentially leading to code injection attacks and unauthorized access...

9.8CVSS9.4AI score0.07025EPSS
Exploits1References12Affected Software1
Github Security Blog
Github Security Blog
added 2024/10/08 8:24 p.m.69 views

Microsoft Security Advisory CVE-2024-43483 | .NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2024-43483 | .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in System.Security.Cryptography.Cose, System.IO.Packaging, Microsoft.Extensions.Caching.Memory. This...

7.5CVSS7.6AI score0.02833EPSS
Exploits0References4Affected Software3
Github Security Blog
Github Security Blog
added 2024/07/05 8:7 p.m.69 views

Server Side Request Forgery (SSRF) attack in Fedify

Summary At present, when Fedify needs to retrieve an object or activity from a remote activitypub server, it makes a HTTP request to the @id or other resources present within the activity it has received from the web. This activity could reference an @id that points to an internal IP address,...

7.2CVSS6.9AI score0.006EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/19 3:7 p.m.69 views

TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option

Impact A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content extraction code. When using the noneditableregexp option, specially crafted HTML attributes containing malicious code were able to be executed when content was extracted from the editor. Patches This vulnerability...

6.1CVSS6.7AI score0.00529EPSS
Exploits0References9Affected Software3
Github Security Blog
Github Security Blog
added 2024/03/29 6:30 p.m.69 views

Winter CMS Server-Side Template Injection (SSTI) vulnerability

Server-side Template Injection SSTI vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components...

7.2CVSS8.3AI score0.01821EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/03 10:4 p.m.69 views

Ion Java StackOverflow vulnerability

Impact A potential denial-of-service issue exists in ion-java for applications that use ion-java to: Deserialize Ion text encoded data, or Deserialize Ion text or binary encoded data into the IonValue model and then invoke certain IonValue methods on that in-memory representation. An actor could...

7.5CVSS7AI score0.0082EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2023/11/14 8:28 p.m.69 views

Fabric vulnerable to crosslinking transaction attack

Short summary Combining two molecules to one another, called "cross-linking" results in a molecule with a chemical formula that is composed of all atoms of the original two molecules. In Fabric, one can take a block of transactions and cross-link the transactions in a way that alters the way the...

7.1CVSS6.6AI score0.00519EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/12 9:10 p.m.69 views

Keycloak vulnerable to Plaintext Storage of User Password

A flaw was discovered in Keycloak Core package. When a user registers itself through registration flow, the "password" and "password-confirm" field from the form will occur as regular attributes in the users attributes. The password is also created, but the user attributes must not be there. This...

8.8CVSS6.3AI score0.00466EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/01/04 12:30 a.m.69 views

Gravitee API Management contains Path Traversal

This CVE addresses the partial fix for CVE-2019-25075 Gravitee API Management before 3.15.13 allows path traversal through HTML injection. A certain HTML injection combined with path traversal in the Email service in Gravitee API Management before 3.15.13 allows anonymous users to read arbitrary...

8.6CVSS6.9AI score0.00759EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 12:0 a.m.69 views

Denial of service in Spring Framework

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object...

5.3CVSS3.4AI score0.01978EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/12 12:0 a.m.69 views

Spoofing attack in swagger-ui

Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions...

4.3CVSS5.4AI score0.42326EPSS
Exploits4References7Affected Software2
Github Security Blog
Github Security Blog
added 2022/02/12 12:0 a.m.69 views

Apache Cassandra vulnerable to Code Injection due to unsafe configuration

When running Apache Cassandra with the following configuration: enableuserdefinedfunctions: true enablescripteduserdefinedfunctions: true enableuserdefinedfunctionsthreads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissio...

9.1CVSS2.5AI score0.54889EPSS
Exploits7References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/11 11:39 p.m.69 views

Git LFS can execute a Git binary from the current directory

Impact On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program would be executed, permitting the attacker to execute arbitrary code. This does not affect Unix systems. This occurs because on Windows, Go includes and prefers t...

10CVSS9AI score0.82715EPSS
Exploits14References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/01 12:44 a.m.69 views

Cross-site Scripting in showdoc

Stored XSS via upload attachment with format .svg in File Library...

6.5CVSS2.2AI score0.00642EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/07 10:31 p.m.69 views

A potential Denial of Service issue in protobuf-java

Summary A potential Denial of Service issue in protobuf-java was discovered in the parsing procedure for binary data. Reporter: OSS-Fuzz Affected versions: All versions of Java Protobufs including Kotlin and JRuby prior to the versions listed below. Protobuf "javalite" users typically Android are...

7.5CVSS2.2AI score0.01655EPSS
Exploits1References8Affected Software3
Github Security Blog
Github Security Blog
added 2021/10/19 8:16 p.m.69 views

Improper sanitization of target names

Impact The tough library, prior to 0.12.0, does not properly sanitize target names when caching a repository, or when saving specific targets to an output directory. When targets are cached or saved, files could be overwritten with arbitrary content anywhere on the system. AWS would like to thank...

8.5CVSS0.2AI score0.01077EPSS
Exploits0References4Affected Software1
Total number of security vulnerabilities5000