Lucene search
K
GithubMost viewed

33227 matches found

Github Security Blog
Github Security Blog
•added 2020/07/27 10:51 p.m.•67 views

SQL Injection in Kylin

Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when building a new segment; some part of the HQL is from system configurations, while the configuration can be overwritten by certain rest api, which makes SQL injection attack is possible. Users of all previous versions after 2.0...

9.8CVSS4.3AI score0.0195EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2020/04/29 4:31 p.m.•67 views

IDOR can reveal execution data and logs to unauthorized user in Rundeck

Impact Authenticated users can craft a request that reveals Execution data and logs and Job details that they are not authorized to see. Depending on the configuration and the way that Rundeck is used, this could result in anything between a high severity risk, or a very low risk. If access is...

6.5CVSS0.2AI score0.01373EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2020/04/23 8:19 p.m.•67 views

jackson-databind mishandles the interaction between serialization gadgets and typing

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded aka commons-jelly...

8.1CVSS3.5AI score0.05594EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
•added 2020/01/30 9:21 p.m.•67 views

Hard-Coded Key Used For Remember-me Token in Opencast

Impact The security configuration in etc/security/mhdefaultorg.xml enables a remember-me cookie based on a hash created from the username, password, and an additional system key. Opencast has hard-coded this system key in the large XML file and never mentions to change this, basically ensuring th...

8.8CVSS0.6AI score0.00939EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2020/01/24 9:28 p.m.•67 views

Incorrect persistent NameID generation in SimpleSAMLphp

Background When a SimpleSAMLphp Identity Provider is misconfigured, a bug in the software when trying to build a persistent NameID to univocally identify the authenticating subject could cause different users to get the same identifier generated, depending on the attributes available for them rig...

9.8CVSS0.6AI score0.01656EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2020/01/24 7:56 p.m.•67 views

Session key exposure through session list in Django User Sessions

Impact The views provided by django-user-sessions allow users to terminate specific sessions. The session key is used to identify sessions, and thus included in the rendered HTML. In itself this is not a problem. However if the website has an XSS vulnerability, the session key could be extracted ...

8.8CVSS0.7AI score0.00439EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2020/01/06 6:44 p.m.•67 views

cookie-signature Timing Attack

Affected versions of cookie-signature are vulnerable to timing attacks as a result of using a fail-early comparison instead of a constant-time comparison. Timing attacks remove the exponential increase in entropy gained from increased secret length, by providing per-character feedback on the...

4.4CVSS4AI score0.00896EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
•added 2026/06/15 8:12 p.m.•66 views

Vulnerable OpenSSL included in cryptography wheels

pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in wheels prior to cryptograph 48.01 are vulnerable to a security issue. More details about the vulnerability itself can be found in https://openssl-library.org/news/secadv/20260609.txt. If yo...

5.3AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/05/29 7:8 p.m.•66 views

astral-tokio-tar has a PAX Header Desynchronization issue

Impact Versions of astral-tokio-tar prior to 0.6.2 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle...

5.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/14 11:30 p.m.•66 views

Microsoft Security Advisory CVE-2026-33116 – .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

Executive Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in System.Security.Cryptography.Xml. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in...

7.5CVSS6.2AI score0.02142EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2024/11/08 6:30 a.m.•66 views

Regular Expression Denial of Service (ReDoS) in cross-spawn

Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string...

8.7CVSS6.7AI score0.00873EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
•added 2024/06/11 8:22 p.m.•66 views

Keycloak's admin API allows low privilege users to use administrative functions

Users with low privileges just plain users in the realm are able to utilize administrative functionalities within Keycloak admin interface. This issue presents a significant security risk as it allows unauthorized users to perform actions reserved for administrators, potentially leading to data...

8.1CVSS6.8AI score0.02837EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
•added 2024/06/10 6:36 p.m.•66 views

go-grpc-compression has a zstd decompression bombing vulnerability

Impact A malicious user could cause a denial of service DoS when using a specially crafted gRPC request. The decompression mechanism for zstd did not respect the limits imposed by gRPC, allowing rapid memory usage increases. Versions v1.1.4 through to v1.2.2 made use of the Decoder.DecodeAll...

8.2CVSS6.8AI score0.00994EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2024/06/05 2:15 p.m.•66 views

Arbitrary JavaScript execution due to using outdated libraries

Summary gradio-pdf projects with dependencies on the pdf.js library are vulnerable to CVE-2024-4367, which allows arbitrary JavaScript execution. PoC 1. Generate a pdf file with a malicious script in the fontmatrix. This will run alert‘XSS’. poc.pdf 2. Run the app. In this PoC, I've used the demo...

8.8CVSS8.3AI score0.72648EPSS
Exploits15References3Affected Software1
Github Security Blog
Github Security Blog
•added 2024/04/10 5:7 p.m.•66 views

yt-dlp: `--exec` command injection when using `%q` in yt-dlp on Windows (Bypass of CVE-2023-40581)

Summary The patch that addressed CVE-2023-40581 attempted to prevent RCE when using --exec with %q by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment variables. Support for output template expansion in --exec, alo...

9.8CVSS7.6AI score0.01254EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
•added 2024/02/05 8:22 p.m.•66 views

Nokogiri update packaged libxml2 to v2.12.5 to resolve CVE-2024-25062

Summary Nokogiri upgrades its dependency libxml2 as follows: - Nokogiri v1.15.6 upgrades libxml2 to 2.11.7 from 2.11.6 - Nokogiri v1.16.2 upgrades libxml2 to 2.12.5 from 2.12.4 libxml2 v2.11.7 and v2.12.5 address the following vulnerability: - CVE-2024-25062 / https://vulners.com/cve/CVE-2024-250...

7.5CVSS7.5AI score0.01364EPSS
Exploits3References8Affected Software1
Github Security Blog
Github Security Blog
•added 2024/01/19 3:27 p.m.•66 views

Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation

Summary The pyload API allows any API call to be made using GET requests. Since the session cookie is not set to SameSite: strict, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery CSRF attack. This proof of concept shows how an unauthenticated user could...

9.6CVSS7.2AI score0.00948EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2023/12/27 3:6 p.m.•66 views

Maliciously crafted Git server replies can cause DoS on go-git clients

Impact A denial of service DoS vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications...

7.5CVSS6.4AI score0.00704EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
•added 2023/12/20 6:30 p.m.•66 views

transformers has a Deserialization of Untrusted Data vulnerability

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...

9.6CVSS7.1AI score0.00727EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2023/10/19 3:31 p.m.•66 views

React Developer Tools extension Improper Authorization vulnerability

The React Developer Tools extension registers a message listener with window.addEventListener'message', in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch. The URL is not...

6.5CVSS6.9AI score0.00467EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2023/09/25 5:33 p.m.•66 views

yt-dlp on Windows vulnerable to `--exec` command injection when using `%q`

Impact yt-dlp allows the user to provide shell commands to be executed at various stages in its download process through the --exec flag. This flag allows output template expansion in its argument, so that video metadata values may be used in the shell commands. The metadata fields can be combine...

8.3CVSS7.9AI score0.01292EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
•added 2023/09/20 6:30 a.m.•66 views

graphql Uncontrolled Resource Consumption vulnerability

Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service DoS due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance. Note: It was not proven...

5.3CVSS6.7AI score0.01198EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
•added 2023/09/12 8:51 p.m.•66 views

Microsoft Security Advisory CVE-2023-36792: .NET Remote Code Execution Vulnerability

Microsoft Security Advisory CVE-2023-36792: .NET Remote Code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update thei...

7.8CVSS7.3AI score0.01441EPSS
Exploits0References5Affected Software3
Github Security Blog
Github Security Blog
•added 2023/06/14 2:54 p.m.•66 views

@keystone-6/auth Open Redirect vulnerability

Summary There is an open redirect in the @keystone-6/auth package, where the redirect leading / filter can be bypassed. Impact Users may be redirected to domains other than the relative host, thereby it might be used by attackers to re-direct users to an unexpected location. Mitigations - Don't u...

6.1CVSS6.7AI score0.00407EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2023/03/06 9:30 p.m.•66 views

Moodle Session Fixation vulnerability

In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin...

9.8CVSS9.6AI score0.07034EPSS
Exploits2References3Affected Software1
Github Security Blog
Github Security Blog
•added 2022/12/12 2:38 p.m.•66 views

Amazon CloudWatch Agent for Windows has Privilege Escalation Vector

Impact A privilege escalation issue exists within the Amazon CloudWatch Agent for Windows in versions up to and including v1.247354. When users trigger a repair of the Agent, a pop-up window opens with SYSTEM permissions. Users with administrative access to affected hosts may use this to create a...

7.1CVSS1.4AI score0.00482EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2022/12/03 3:30 p.m.•66 views

Apache Commons Net vulnerable to information leakage via malicious server

Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about...

6.5CVSS6.6AI score0.01858EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2022/11/23 10:17 p.m.•66 views

TemporaryFolder on unix-like systems does not limit access to created files

Vulnerability PreparedStatement.setTextint, InputStream and PreparedStatemet.setByteaint, InputStream will create a temporary file if the InputStream is larger than 51k Example of vulnerable code: java String s = "some very large string greater than 51200 bytes"; PreparedStatement.setInputStream1...

5.5CVSS6.4AI score0.0048EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
•added 2022/10/20 6:20 p.m.•66 views

Jadx-gui vulnerable to swing HTML Denial of Service (DoS) attack

Impact Using jadx-gui to open a special zip file with entry containing HTML sequence like will cause interface to get stuck and throw exceptions like: java.lang.RuntimeException: Can't build aframeset, BranchElementframeset 1,3 :no ROWS or COLS defined. at...

5.5CVSS5.4AI score0.00312EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2022/10/18 6:12 p.m.•66 views

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs

Summary Nokogiri v1.13.9 upgrades the packaged version of its dependency libxml2 to v2.10.3 from v2.9.14. libxml2 v2.10.3 addresses the following known vulnerabilities: - CVE-2022-2309 - CVE-2022-40304 - CVE-2022-40303 Please note that this advisory only applies to the CRuby implementation of...

7.8CVSS1AI score0.22791EPSS
Exploits3References2Affected Software1
Github Security Blog
Github Security Blog
•added 2022/07/09 12:0 a.m.•66 views

rpc.py vulnerable to Deserialization of Untrusted Data

rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON not Pickle is the default data format, an unauthenticated client can cause the data to be processed with unpickle. Per the maintainer, rpc....

9.8CVSS9.4AI score0.45862EPSS
Exploits7References8Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/24 5:5 p.m.•66 views

Pivotal Spring Framework contains unsafe Java deserialization methods

Pivotal Spring Framework before 6.0.0 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. Maintainers recommend...

9.8CVSS9.9AI score0.32257EPSS
Exploits4References17Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/14 1:10 a.m.•66 views

Apache Tomcat is vulnerable to HTTP request-smuggling

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct...

5.8CVSS7AI score0.16833EPSS
Exploits2References52Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/13 1:25 a.m.•66 views

Apache MyFaces Trinidad Deserialization Vulnerability

CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized viewstate string...

9.8CVSS8.7AI score0.07958EPSS
Exploits1References15Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/06 12:0 a.m.•66 views

Argument injection in python-libnmap

In the python-libnmap package through 0.7.2 for Python, remote command execution can occur if used in a client application that does not validate arguments...

9.8CVSS9.1AI score0.04936EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
•added 2022/03/07 12:0 a.m.•66 views

Code injection in RazorEngine

In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can execute arbitrary .NET code in a sandboxed environment if users can externally control template contents. NOTE: This vulnerability only affects products that are no longer supported by the maintain...

9.8CVSS5.5AI score0.01832EPSS
Exploits2References3Affected Software1
Github Security Blog
Github Security Blog
•added 2022/02/10 11:42 p.m.•66 views

Cross-site Scripting in aurelia-framework

The HTMLSanitizer class in html-sanitizer.ts in all released versions of the Aurelia framework 1.x repository is vulnerable to XSS. The sanitizer only attempts to filter SCRIPT elements, which makes it feasible for remote attackers to conduct XSS attacks via for example JavaScript code in an...

6.1CVSS2.2AI score0.01416EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2022/02/10 10:39 p.m.•66 views

Improper Certificate Validation in Graylog

Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP servers. It allows use of an external user/group database stored in LDAP. The connection configuration allows the usage of unencrypted, SSL- or TLS-secured connections. Unfortunately, the Graylog client code in all versions that suppo...

8.1CVSS7.9AI score0.00779EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2022/02/01 12:43 a.m.•66 views

Unsafe handling of user-specified cookies in treq

Impact Treq's request methods treq.get, treq.post, HTTPClient.request, HTTPClient.get, etc. accept cookies as a dictionary, for example: py treq.get'https://example.com/', cookies='session': '1234' Such cookies are not bound to a single domain, and are therefore sent to every domain "supercookies...

6.5CVSS0.4AI score0.01083EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2021/11/08 5:43 p.m.•66 views

Prototype Pollution in json-ptr

This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays...

9.8CVSS3.5AI score0.01769EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2021/09/20 8:27 p.m.•66 views

tmpl vulnerable to Inefficient Regular Expression Complexity which may lead to resource exhaustion

nodejs-tmpl is simple string formatting. tmpl is vulnerable to Inefficient Regular Expression Complexity which may lead to resource exhaustion...

7.8CVSS7.5AI score0.01298EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/08/30 4:11 p.m.•66 views

Cachet vulnerable to forced reinstall

Impact Authenticated users, regardless of their privileges User or Admin, can trick Cachet and install the instance again, leading to arbitrary code execution on the server. Patches This issue was addressed by improving the middleware ReadyForUse, which now performs a stricter validation of the...

8.8CVSS8.8AI score0.02362EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/08/23 7:40 p.m.•66 views

Widget feature vulnerability allowing to execute JavaScript code using undo functionality

Affected packages The vulnerability has been discovered in Widget plugin if used alongside Undo feature. Impact A potential vulnerability has been discovered in CKEditor 4 Widget package. The vulnerability allowed to abuse undo functionality using malformed widget HTML, which could result in...

7.6CVSS1.7AI score0.01192EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
•added 2021/08/13 3:22 p.m.•66 views

Padding oracle attacks

It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks...

5.9CVSS4.5AI score0.0045EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/07/28 5:57 p.m.•66 views

Incorrect Authorization in HashiCorp Consul

HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3...

5.3CVSS5.6AI score0.01412EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/06/22 3:23 p.m.•66 views

Cross-Site Request Forgery in forkcms

Cross-site request forgery CSRF in Fork-CMS before 5.8.2 allow remote attackers to hijack the authentication of logged administrators...

8.8CVSS8.6AI score0.00629EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2021/06/16 5:39 p.m.•66 views

Improper Authentication in Apache ActiveMQ and Apache Artemis

The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error...

7.5CVSS4.2AI score0.11239EPSS
Exploits0References42Affected Software2
Github Security Blog
Github Security Blog
•added 2021/06/16 5:29 p.m.•66 views

Missing Authorization in Jenkins S3 publisher Plugin

Jenkins S3 publisher Plugin prior to 0.11.7 and 0.11.5.1 does not perform Run/Artifacts permission checks in various HTTP endpoints and API models. This allows attackers with Item/Read permission to obtain information about artifacts uploaded to S3, if the optional Run/Artifacts permission is...

4.3CVSS4.6AI score0.00712EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/06/01 9:53 p.m.•66 views

Insertion of Sensitive Information into Log File in ansible

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucketpipelinevariable module. This flaw allows an attacker to steal bitbucketpipeline credentials. The highest threat from this vulnerabili...

5.5CVSS2.2AI score0.00337EPSS
Exploits0References14Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/18 6:28 p.m.•66 views

github.com/u-root/u-root/pkg/tarutil Arbitrary File Write via Archive Extraction (Zip Slip)

This affects all versions up to and including version 0.7.0 of package github.com/u-root/u-root/pkg/tarutil. It is vulnerable to both leading and non-leading relative path traversal attacks in tar file extraction...

7.5CVSS7.3AI score0.0183EPSS
Exploits1References6Affected Software1
Total number of security vulnerabilities5000