Lucene search
K
GithubMost viewed

33227 matches found

Github Security Blog
Github Security Blog
added 2020/04/14 11:9 p.m.68 views

Possible XSS attack in Wagtail

Impact A cross-site scripting XSS vulnerability exists on the page revision comparison view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft a page revision history that, when viewed by a user with higher privileges,...

6.8CVSS1.4AI score0.01273EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/03/31 3:40 p.m.68 views

HTTP Request Smuggling in Twisted

In Twisted Web through 20.3.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request...

9.8CVSS0.3AI score0.03298EPSS
Exploits1References15Affected Software1
Github Security Blog
Github Security Blog
added 2020/03/30 8:9 p.m.68 views

Exceptions displayed in non-debug configurations in Symfony

Description ----------- When ErrorHandler renders an exception HTML page, it uses un-escaped properties from the related Exception class to render the stacktrace. The security issue comes from the fact that the stacktraces were also displayed in non-debug environments. Resolution ---------- The...

5.5CVSS0.3AI score0.01197EPSS
Exploits0References8Affected Software2
Github Security Blog
Github Security Blog
added 2019/12/11 2:1 a.m.69 views

Sandbox Breakout / Arbitrary Code Execution in safer-eval

All versions of safer-eval are vulnerable to Sandbox Escape leading to Remote Code Execution. The package fails to restrict access to the main context and is not suited to process arbitrary user input. This may allow attackers to execute arbitrary code in the system. Recommendation The package is...

9.8CVSS6AI score0.02574EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2019/12/02 6:14 p.m.68 views

Cross-Site Scripting in iobroker.web

Versions of iobroker.web prior to 2.4.10 are vulnerable to Cross-Site Scripting. The package fails to escape URL parameters that may be reflected in the server response. This can be used by attackers to execute arbitrary JavaScript in the victim's browser. Recommendation Upgrade to version 2.4.10...

6.1CVSS5AI score0.00679EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2019/12/02 6:5 p.m.68 views

Data leakage via SQL Injection in Pimcore

pimcore/pimcore before 6.3.0 is vulnerable to SQL Injection. An attacker with limited privileges classes permission can achieve a SQL injection that can lead in data leakage. The vulnerability can be exploited via 'id', 'storeId', 'pageSize' and 'tables' parameters, using a payload for trigger a...

6.5CVSS6AI score0.00866EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2018/08/29 11:20 p.m.68 views

smb is malware

The smb package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security concern is...

7.5CVSS7.3AI score0.01123EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2018/07/13 3:17 p.m.68 views

Mercurial has Incorrect Permission Assignment for Critical Resource

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name...

9CVSS8.6AI score0.21512EPSS
Exploits1References11Affected Software1
Github Security Blog
Github Security Blog
added 2025/08/12 8:20 p.m.67 views

svg-sanitizer Bypasses Attribute Sanitization

Problem The sanitization logic at https://github.com/darylldoyle/svg-sanitizer/blob/0.21.0/src/Sanitizer.phpL454-L481 only searches for lower-case attribute names e.g. xlink:href instead of xlink:HrEf, which allows to by-pass the isHrefSafeValue check. As a result this allows cross-site scripting...

5.1CVSS6.6AI score0.00423EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2024/10/28 9:30 a.m.67 views

Spring Security vulnerable to Authorization Bypass of Static Resources in WebFlux Applications

Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances. For this to impact an application, all of the following must be true: It must be a WebFlux application It must be using Spring's static resources support It...

9.1CVSS6.8AI score0.01726EPSS
Exploits2References6Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/20 3:31 p.m.67 views

Undertow's url-encoded request path information can be broken on ajp-listener

A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processe...

7.5CVSS7.5AI score0.01702EPSS
Exploits0References15Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/28 6:30 p.m.67 views

ejs lacks certain pollution protection

The ejs aka Embedded JavaScript templates package before 3.1.10 for Node.js lacks certain pollution protection...

4CVSS7.1AI score0.00619EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/29 10:30 p.m.67 views

aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators

Summary Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger...

6.5CVSS7.2AI score0.0102EPSS
Exploits1References12Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/08 3:56 p.m.67 views

Puma HTTP Request/Response Smuggling vulnerability

Impact Prior to versions 6.4.2 and 5.6.8, puma exhibited dangerous behavior when parsing chunked transfer encoding bodies. Fixed versions limit the size of chunk extensions. Without this limit, an attacker could cause unbounded resource CPU, network bandwidth consumption. Patches The vulnerabilit...

7.5CVSS5.7AI score0.00958EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2023/12/05 10:46 p.m.67 views

Test code in published microsoft-graph-core package exposes phpinfo()

Impact The Microsoft Graph Core PHP SDK published packages which contained test code that enabled the use of the phpInfo function from any application that could access and execute the file at vendor/microsoft/microsoft-graph-core/tests/GetPhpInfo.php. The phpInfo function exposes system...

10CVSS6.2AI score0.78428EPSS
Exploits5References9Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/09 12:42 a.m.68 views

mXSS in AntiSamy

Impact There is a potential for a mutation XSS mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the preserveComments directive must be enabled in your policy file and also allow for certain tags at the same time. As a result,...

6.1CVSS6AI score0.00473EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/08/29 5:36 p.m.67 views

Cleartext Signed Message Signature Spoofing in openpgp

Impact OpenPGP Cleartext Signed Messages are cryptographically signed messages where the signed text is readable without special tools: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 This text is signed. -----BEGIN PGP SIGNATURE----- wnUEARMIACcFgmTkrNAJkInXCgj0fgcIFiEE1JlKzzDGQxZmmHkYidcKCPR+...

4.3CVSS6.6AI score0.00309EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/11 10:8 p.m.67 views

Commonmarker vulnerable to to several quadratic complexity bugs that may lead to denial of service

Impact Several quadratic complexity bugs in commonmarker's underlying cmark-gfm library may lead to unbounded resource exhaustion and subsequent denial of service. The following vulnerabilities were addressed: CVE-2023-24824 CVE-2023-26485 For more information, consult the release notes for versi...

7.5CVSS7.6AI score0.01029EPSS
Exploits3References8Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/30 8:19 p.m.67 views

Prototype pollution in matrix-js-sdk (part 2)

Impact In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the Object.prototype, disrupting matrix-js-sdk functionality, causing denial of service and potentially affecting program logic. This is part 2, where...

8.2CVSS6.6AI score0.01185EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2023/02/28 11:25 p.m.67 views

api-platform/core's secured properties may be accessible within collections

Impact Resource properties secured with the security option of the ApiPlatform\Metadata\ApiProperty attribute can be disclosed to unauthorized users. The problem affects most serialization formats, including raw JSON, which is enabled by default when installing API Platform. Custom serialization...

7.7CVSS6.2AI score0.00604EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2023/01/03 9:30 p.m.67 views

Apache Tomcat improperly escapes input from JsonErrorReportValve

The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 does not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or...

7.5CVSS7.5AI score0.02505EPSS
Exploits0References7Affected Software3
Github Security Blog
Github Security Blog
added 2022/05/24 5:43 p.m.67 views

Keycloak discloses information without authentication

A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients like client secret without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this...

6.5CVSS6.5AI score0.17943EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:19 a.m.67 views

golang.org/x/net/html has Improper Restriction of Operations within the Bounds of a Memory Buffer

The html package aka x/net/html through 2018-09-17 in Go mishandles , leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call...

7.5CVSS7.3AI score0.02772EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/09 10:43 p.m.67 views

Path Traversal in Yarn

Arbitrary filesystem write vulnerability in Yarn 1.21.1 and earlier allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package...

7.5CVSS8AI score0.05159EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/21 11:57 p.m.67 views

Exposure of Sensitive Information to an Unauthorized Actor in nanoid

The package nanoid from 3.0.0, before 3.1.31, are vulnerable to Information Exposure via the valueOf function which allows to reproduce the last id generated...

5.5CVSS4AI score0.0044EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/06 6:31 p.m.67 views

Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library

Summary The version used of Log4j, the library used for logging by PowerNukkit, is subject to a remote code execution vulnerability via the ldap JNDI parser. It's well detailed at CVE-2021-44228 and CVE-2021-45105https://github.com/advisories/GHSA-p6xc-xr62-6r2g. Impact Malicious client code coul...

3AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2021/12/10 8:15 p.m.67 views

Remote code injection in Log4j (through pax-logging-log4j2)

Impact Remote Code Execution. Patches Users of pax-logging 1.11.9 should update to 1.11.10. Users of pax-logging 2.0.10 should update to 2.0.11. Workarounds Set system property -Dlog4j2.formatMsgNoLookups=true References https://github.com/advisories/GHSA-jfh8-c2jp-5v3q...

3.3AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/19 8:16 p.m.67 views

Improper sanitization of delegated role names

Impact The tough library, prior to 0.12.0, does not properly sanitize delegated role names when caching a repository, or when loading a repository from the filesystem. When the repository is cached or loaded, files ending with the .json extension could be overwritten with role metadata anywhere o...

8.2CVSS7.2AI score0.0124EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/26 9:23 p.m.67 views

github.com/pires/go-proxyproto vulnerable to DoS via Connection descriptor exhaustion

The package github.com/pires/go-proxyproto before 0.6.1 is vulnerable to Denial of Service DoS via creating connections without the proxy protocol header. While this issue was patched in 0.6.0, the fix introduced additional issues which were subsequently patched in 0.6.1...

7.5CVSS7.3AI score0.01648EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/26 9:15 p.m.67 views

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in micronaut-core

With a basic configuration like yaml router: static-resources: assets: enabled: true mapping: /.assets/public/ paths: file:/home/lstrmiska/test/ it is possible to access any file from a filesystem, using "/../../" in URL, as Micronaut does not restrict file access to configured paths. Repro Steps...

7.5CVSS7.5AI score0.01732EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/02 6:32 p.m.67 views

XSS Injection in Media Collection Title was possible

Impact A logged in admin user was possible to add a script injection XSS in the collection title which was executed. Workarounds Manual patching the js files. For more information If you have any questions or comments about this advisory:' - Email us at [email protected]...

8.4CVSS1.5AI score0.00665EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/01 9:56 p.m.67 views

Exposure of sensitive information to an unauthorized actor in HyperKitty

An issue was discovered in management/commands/hyperkittyimport.py in HyperKitty prior to 1.3.5. When importing a private mailing list's archives, these archives are publicly visible for the duration of the import. For example, sensitive information might be available on the web for an hour durin...

7.5CVSS0.8AI score0.01846EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/28 7:18 p.m.67 views

constructEvent does not verify header

Impact Anyone verifying a Stripe webhook request via this library's constructEvent function. Patches Upgrade to 1.1.4. Workarounds Use await verifyHeader... directly instead of constructEvent. References https://github.com/worker-tools/stripe-webhook/issues/1...

1.5AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/27 6:38 p.m.67 views

Observable Response Discrepancy in Flask-AppBuilder

Impact User enumeration in database authentication in Flask-AppBuilder = 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Patches Upgrade to 3.3.0 For more information If you have any questions or commen...

5.3CVSS5AI score0.03404EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/17 9:1 p.m.67 views

Cross-site scripting in @shopify/koa-shopify-auth

A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.61-v3.1.62 that allows an attacker to inject JS payloads into the shop parameter on the /shopify/auth/enablecookies endpoint...

6.1CVSS5.6AI score0.00984EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/10 3:18 p.m.67 views

Incorrect Authorization in Spring Cloud Netflix Zuul

Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall...

5.3CVSS2.4AI score0.00819EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/07 4:20 p.m.67 views

OS Command Injection in pulverizr

pulverizr through 0.7.0 allows execution of arbitrary commands. Within lib/job.js, the variable filename can be controlled by the attacker. This function uses the variable "filename" to construct the argument of the exec call without any sanitization. In order to successfully exploit this...

9.8CVSS9AI score0.02512EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/29 9:53 p.m.67 views

DOM XSS in Theme Preview

Impact An unused endpoint added during the development of 4.0.0 has left sites vulnerable to untrusted users gaining access to Ghost Admin. Attackers can gain access by getting logged in users to click a link containing malicious code. Users do not need to enter credentials and may not know they'...

6.8CVSS0.3AI score0.07935EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/20 4:39 p.m.67 views

py vulnerable to Regular Expression Denial of Service

A denial of service via regular expression in the py.path.svnwc component of py aka python-py through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality...

7.5CVSS7.2AI score0.04607EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/20 4:37 p.m.68 views

Cross-site scripting in papermerge

Multiple cross-site scripting XSS vulnerabilities in Papermerge before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the rename, tag, upload, or create folder function. The payload can be in a folder, a tag, or a document's filename. If email consumption is configured in...

6.1CVSS5.8AI score0.01527EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/19 2:59 p.m.67 views

Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-esm-runtime

Impact AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed JWEDecryptionFailed would be thrown. But a possibly observable difference in timing when padding error would occur while...

5.9CVSS2AI score0.01238EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/19 2:47 p.m.67 views

Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18

Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.13 Vaadin 10.0.0 through 10.0.16, 1.1.0 prior to 2.0.0 Vaadin 11 prior to 14, 2.0.0 through 2.4.6 Vaadin 14.0.0 through 14.4.6, 3.0.0 prior to 5.0.0 Vaadin 15 prior to 18, and...

4CVSS3.7AI score0.0021EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/16 7:53 p.m.67 views

Sydent DoS (via resource exhaustion) due to improper input validation

Impact Missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. Patches Fixed by 3175fd3. For more information If you have any questions or comments about this advisory,...

4.3CVSS4.6AI score0.00927EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/29 9:32 p.m.67 views

netmask npm package mishandles octal input data

The netmask package before 2.0.1 for Node.js mishandles certain unexpected characters in an IP address string, such as an octal digit of 9. This in some situations allows attackers to bypass access control that is based on IP addresses. NOTE: this issue exists because of an incomplete fix for...

5.3CVSS7.2AI score0.01682EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/19 9:19 p.m.67 views

Code injection in kill-process-by-name

This affects all versions of package kill-process-by-name. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file...

9.8CVSS5.9AI score0.01146EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/09 12:38 a.m.67 views

Exposure of Sensitive Information to an Unauthorized Actor in Products.GenericSetup

Impact What kind of vulnerability is it? Who is impacted? Information disclosure vulnerability - anonymous visitors may view log and snapshot files generated by the Generic Setup Tool. Patches Has the problem been patched? What versions should users upgrade to? The problem has been fixed in versi...

5.3CVSS1.4AI score0.01525EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/01/19 9:16 p.m.67 views

CSV Injection vulnerability with exported contact lists in Mautic

Impact Mautic versions before 2.13.0 had a vulnerability that allowed a CSV injection with exported contact lists - https://www.owasp.org/index.php/CSVInjection. Patches Update to 2.13.0 or later. Workarounds None. For more information If you have any questions or comments about this advisory:...

9.8CVSS2.5AI score0.0169EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/12/28 4:33 p.m.67 views

Parse Server stores password in plain text

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in version 4.5.0 by stripping password after authentication to preven...

7.7CVSS6.4AI score0.00796EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/12/24 8:49 p.m.67 views

regular expression denial of service (ReDoS)

date-and-time is an npm package for manipulating date and time. In date-and-time before version 0.14.2, there a regular expression involved in parsing which can be exploited to to cause a denial of service. This is fixed in version 0.14.2...

7.5CVSS7.1AI score0.02146EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/11/24 9:20 p.m.67 views

Open redirect in Jupyter Server

Impact What kind of vulnerability is it? Who is impacted? Open redirect vulnerability - a maliciously crafted link to a jupyter server could redirect the browser to a different website. All jupyter servers are technically affected, however, these maliciously crafted links can only be reasonably...

5.5CVSS0.5AI score0.00823EPSS
Exploits0References6Affected Software1
Total number of security vulnerabilities5000