Lucene search
K
GithubMost viewed

33227 matches found

Github Security Blog
Github Security Blog
•added 2021/05/18 1:41 a.m.•66 views

Injection and Command Injection in devcert

A command injection vulnerability in the devcert module may lead to remote code execution when users of the module pass untrusted input to the certificateFor function...

9.8CVSS9.9AI score0.02774EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/17 9:0 p.m.•66 views

Code Injection in node-extend

node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument A of extend functionA,B,as,isAargs located within lib/extend.js is executed by the eval function, resulting in code execution...

9.8CVSS9.2AI score0.02512EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/17 9:0 p.m.•66 views

Improper Input Validation in access-policy

access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. User input provided to the template function is executed by the eval function resulting in code execution...

9.8CVSS9.2AI score0.02512EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/13 10:30 p.m.•66 views

Information Disclosure in Apache Tomcat

When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of...

5.9CVSS2.5AI score0.22852EPSS
Exploits0References22Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/20 4:31 p.m.•66 views

Cross-site scripting in sickrage

In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting XSS due to user input not being validated properly in the quicksearch feature. Therefore, an attacker can steal a user's sessionID to masquerade as a victim user, to carry out any actions in the...

6.1CVSS2.3AI score0.0082EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/19 2:53 p.m.•66 views

Regular expression denial of service (ReDoS) in EmailField component in Vaadin 14 and 15-17

Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-text-field-flow versions 2.0.4 through 2.3.2 Vaadin 14.0.6 through 14.4.3, and 3.0.0 through 4.0.2 Vaadin 15.0.0 through 17.0.10 allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses...

7.5CVSS3.9AI score0.01127EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/16 7:52 p.m.•66 views

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in @nextcloud/dialogs

Impact The Nextcloud dialogs library before 3.1.2 did insufficiently escape text input passed to a toast. If your application displays toasts with user-supplied input, this could lead to a XSS vulnerability. Note: Nextcloud Server employs a strict Content Security Policy that mitigates the risk o...

5.4CVSS0.4AI score0.00703EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/03/18 7:55 p.m.•66 views

Pillow Out-of-bounds Read

In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled...

5.8CVSS7AI score0.01573EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2021/03/12 11:1 p.m.•66 views

Madge vulnerable to command injection

This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which, when the .image, .svg or .dot functions are called, is executed by the childprocess.exec function. PoC js const madge = require'madge'; madge'..', graphVizPat...

9.8CVSS8.9AI score0.02057EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/03/10 9:7 p.m.•66 views

October CMS vulnerable to Potential Host Header Poisoning on misconfigured servers

Impact When running on servers that are configured to accept a wildcard as a hostname i.e. the server routes any request, regardless of the HOST header to an October CMS instance the potential exists for Host Header Poisoning attacks to succeed. See the following resources for more information on...

7.5CVSS6.9AI score0.01748EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2021/03/09 12:38 a.m.•66 views

Sensitive information disclosure via log in com.bmuschko:gradle-vagrant-plugin

Impact The com.bmuschko:gradle-vagrant-plugin Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in public CI/CD, this can lead to sensitive credentials being exposed to malicious actors. Patch...

6.5CVSS1.9AI score0.01176EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2021/01/07 9:54 p.m.•66 views

lxml vulnerable to Cross-site Scripting

A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code...

6.1CVSS6.4AI score0.03934EPSS
Exploits1References16Affected Software1
Github Security Blog
Github Security Blog
•added 2020/10/08 10:11 p.m.•66 views

Sensitive data exposure in NATS

Preview versions of two NPM packages and one Deno package from the NATS project contain an information disclosure flaw, leaking options to the NATS server; for one package, this includes TLS private credentials. The connection configuration options in these JavaScript-based implementations were...

7.5CVSS7.2AI score0.01476EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
•added 2020/09/14 6:44 p.m.•66 views

XXE in Apache Standard Taglibs

Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity XXE attacks via a crafted XSLT extension in a 1 or 2 JSTL XML tag...

7.5CVSS8.6AI score0.1326EPSS
Exploits0References24Affected Software2
Github Security Blog
Github Security Blog
•added 2020/07/22 11:6 p.m.•66 views

GraphQL: Security breach on Viewer query

Impact An authenticated user using the viewer GraphQL query can bypass all read security on his User object and can also bypass all objects linked via relation or Pointer on his User object. Patches This vulnerability has been patched in Parse Server 4.3.0. Workarounds No References See commit...

6.5CVSS3.7AI score0.01072EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2020/06/30 10:48 p.m.•66 views

Denial of service in XStream

XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML"" call...

7.5CVSS4.4AI score0.04928EPSS
Exploits0References14Affected Software1
Github Security Blog
Github Security Blog
•added 2020/06/09 12:25 a.m.•66 views

The filename of uploaded files vulnerable to stored XSS

Impact The filename of uploaded files was vulnerable to stored XSS. It is not possible to inject javascript code in the file name when creating/uploading the file. But, once created/uploaded, it can be renamed to inject the payload in it. Additionally, the measures to prevent renaming the file to...

7.4CVSS0.1AI score0.02026EPSS
Exploits3References7Affected Software1
Github Security Blog
Github Security Blog
•added 2020/04/29 5:58 p.m.•66 views

Http request which redirect to another hostname do not strip authorization header in @actions/http-client

Impact If consumers of the http-client: 1. make an http request with an authorization header 2. that request leads to a redirect 302 and 3. the redirect url redirects to another domain or hostname The authorization header will get passed to the other domain. Note that since this library is for...

7.5CVSS0.7AI score0.01737EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2020/03/31 3:42 p.m.•66 views

Improper Input Validation in Twisted

In Twisted Web before 20.3.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request...

9.8CVSS8.9AI score0.04083EPSS
Exploits1References16Affected Software1
Github Security Blog
Github Security Blog
•added 2019/12/16 7:30 p.m.•66 views

In RubyGem excon, interrupted Persistent Connections May Leak Response Data

Impact There was a race condition around persistent connections, where a connection which is interrupted such as by a timeout would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short,...

5.9CVSS1.8AI score0.014EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2019/04/19 4:55 p.m.•66 views

Improper Certificate Validation in urllib3

The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use o...

7.5CVSS8.5AI score0.02836EPSS
Exploits0References16Affected Software1
Github Security Blog
Github Security Blog
•added 2017/10/24 6:33 p.m.•66 views

actionpack Improper Input Validation vulnerability

activesupport/coreext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a...

7.5CVSS6.5AI score0.99449EPSS
Exploits21References16Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/23 2:55 p.m.•65 views

Microsoft Security Advisory CVE-2026-40372 – ASP.NET Core Elevation of Privilege

Executive Summary: A bug in Microsoft.AspNetCore.DataProtection 10.0.0-10.0.6 NuGet packages can give an attacker the opportunity to execute an Elevation of Privilege attack by forging authentication cookies, and also allows some protected payloads to be decrypted. If an attacker used forged...

9.1CVSS6.2AI score0.11205EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/11 12:34 a.m.•65 views

Parse Server vulnerable to SQL Injection via dot-notation sub-key name in `Increment` operation on PostgreSQL

Impact A SQL injection vulnerability exists in the PostgreSQL storage adapter when processing Increment operations on nested object fields using dot notation e.g., stats.counter. The sub-key name is interpolated directly into SQL string literals without escaping. An attacker who can send write...

9.8CVSS6AI score0.00418EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2025/05/05 8:40 p.m.•65 views

league/commonmark contains a XSS vulnerability in Attributes extension

Summary Cross-site scripting XSS vulnerability in the Attributes extension of the league/commonmark library versions 1.5.0 through 2.6.x allows remote attackers to insert malicious JavaScript calls into HTML. Details The league/commonmark library provides configuration options such as htmlinput:...

6.4CVSS5.3AI score0.00287EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2025/03/20 12:32 p.m.•65 views

Gunicorn HTTP Request/Response Smuggling vulnerability

Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data...

7.5CVSS6.5AI score0.00738EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2024/07/11 6:31 p.m.•65 views

Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability

Withdrawn Advisory This advisory has been withdrawn because it was determined to not be a vulnerability in Bootstrap. From the CVE: This was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior...

6.4AI score
Exploits0References5Affected Software6
Github Security Blog
Github Security Blog
•added 2024/05/24 6:52 p.m.•65 views

Jenkins Report Info Plugin Path Traversal vulnerability

Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files. Additionally, Report Info Plugin does not support distributed builds. This results in a path traversal vulnerability, allowing attackers with Item/Configure permissio...

4.3CVSS6.6AI score0.00831EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2024/05/09 3:12 p.m.•65 views

Npgsql vulnerable to SQL Injection via Protocol Message Size Overflow

Summary The WriteBind method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This causes Npgsql to write a message size that is...

8.1CVSS7.6AI score0.01716EPSS
Exploits0References19Affected Software1
Github Security Blog
Github Security Blog
•added 2024/03/20 2:54 p.m.•65 views

Arbitrary file upload vulnerability in GeoServer's REST Coverage Store API

Summary An arbitrary file upload vulnerability exists that enables an authenticated administrator with permissions to modify coverage stores through the REST Coverage Store API to upload arbitrary file contents to arbitrary file locations which can lead to remote code execution. Details Coverage...

7.2CVSS7.7AI score0.01867EPSS
Exploits1References7Affected Software2
Github Security Blog
Github Security Blog
•added 2024/02/20 9:30 a.m.•65 views

Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated

In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticatedAuthentication method. Specifically, an application is vulnerable if: The applicatio...

7.4CVSS7.3AI score0.00682EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2023/12/19 12:30 a.m.•65 views

Duplicate Advisory: Keycloak Open Redirect vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9vm7-v8wj-3fqw. This link is maintained to preserve external references. Original Description A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients...

5.4AI score
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
•added 2023/11/16 6:30 p.m.•65 views

Ray Path Traversal vulnerability

LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers response can be found here:...

9.8CVSS7.3AI score0.81512EPSS
Exploits22References5Affected Software1
Github Security Blog
Github Security Blog
•added 2023/10/22 9:36 p.m.•65 views

Wagtail CRX CodeRed Extensions vulnerable to Path Traversal

views.py in Wagtail CRX CodeRed Extensions formerly CodeRed CMS or coderedcms before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media...

6.5CVSS6.9AI score0.0071EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
•added 2023/09/15 12:30 a.m.•65 views

Froala Editor Cross-site Scripting vulnerability

Froala Editor v4.0.1 to v4.1.1 was discovered to contain a cross-site scripting XSS vulnerability...

5.4CVSS6.1AI score0.00892EPSS
Exploits1References7Affected Software2
Github Security Blog
Github Security Blog
•added 2023/06/20 4:33 p.m.•65 views

netty-handler SniHandler 16MB allocation

Summary The SniHandler can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the SniHandler to allocate 16MB of heap. Details The SniHandler class is a handler that waits...

6.5CVSS7AI score0.02459EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
•added 2023/03/12 6:30 a.m.•65 views

Duplicate Advisory: User account enumeration in eZ Publish Ibexa Kernel

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gmrf-99gw-vvwj. This link is maintained to preserve external references. Original Description This Security Advisory is about a vulnerability in eZ Platform v1.13, v2.5, and v3.2, and in Ibexa DXP and Ibexa Open...

5.3CVSS5.7AI score0.00507EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2023/02/08 10:21 p.m.•65 views

openssl-src contains `NULL` dereference during PKCS7 data verification

A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail...

7.5CVSS7.4AI score0.01846EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2023/01/25 7:36 p.m.•65 views

Plaintext storage of sensitive data in Rancher API and cluster.management.cattle.io objects

Impact This issue affects Rancher versions from 2.5.0 up to and including 2.5.16, from 2.6.0 up to and including 2.6.9 and 2.7.0. It was discovered that the security advisory CVE-2021-36782 GHSA-g7j7-h4q8-8w2f, previously released by Rancher, missed addressing some sensitive fields, secret tokens...

9.9CVSS9AI score0.00553EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2022/06/19 12:0 a.m.•65 views

Got allows a redirect to a UNIX socket

The got package before 11.8.5 and 12.1.0 for Node.js allows a redirect to a UNIX socket...

5.3CVSS6.5AI score0.02162EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/13 1:48 a.m.•65 views

Loop with Unreachable Exit Condition in Jenkins

A denial of service vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop...

6.5CVSS4.2AI score0.02751EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/01 7:8 a.m.•65 views

phpSysInfo allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence

Directory traversal vulnerability in index.php in phpSysInfo prior to 3.2.5 allows remote attackers to determine the existence of arbitrary files via a .. dot dot sequence and a trailing null %00 byte in the lng parameter, which will display a different error message if the file exists...

5CVSS6.2AI score0.05369EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2022/02/10 11:51 p.m.•65 views

Prototype Pollution in handlebars

The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source...

9.8CVSS2.9AI score0.04506EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
•added 2022/02/09 11:39 p.m.•65 views

Integer overflows in Tensorflow

Impact The implementations of SparseCwise ops are vulnerable to integer overflows. These can be used to trigger large allocations so, OOM based denial of service or CHECK-fails when building new TensorShape objects so, assert failures based denial of service: python import tensorflow as tf import...

6.5CVSS3AI score0.01097EPSS
Exploits1References9Affected Software3
Github Security Blog
Github Security Blog
•added 2022/02/09 10:27 p.m.•65 views

Deserialization exploitation in Apache Dubbo

A deserialization vulnerability existed in dubbo 2.7.5 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protool, during Hessian2 deserializing the HashMap object, some functions in the classes stored...

9.8CVSS4AI score0.05839EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2022/02/01 12:48 a.m.•65 views

Denial of Service by injecting highly recursive collections or maps in XStream

Impact The vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. Patches XStream 1.4.19 monitors and accumulates the...

7.5CVSS7.8AI score0.07934EPSS
Exploits1References14Affected Software1
Github Security Blog
Github Security Blog
•added 2022/01/12 10:46 p.m.•65 views

Exposure of sensitive information in follow-redirects

follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor...

8CVSS3.4AI score0.02426EPSS
Exploits2References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/09/10 5:56 p.m.•65 views

Security check skip in Apache Dubbo

The Dubbo Provider will check the incoming request and the corresponding serialization type of this request meet the configuration set by the server. But there's an exception that the attacker can use to skip the security check when enabled and reaching a deserialization operation with native jav...

9.8CVSS8.9AI score0.06742EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2021/08/05 5:1 p.m.•65 views

Remote Code Execution via unsafe classes in otherwise permitted modules

Impact The module AccessControl defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of Script Python objects. The policies defined in AccessControl severely restrict...

7.2CVSS7.4AI score0.02032EPSS
Exploits0References13Affected Software2
Github Security Blog
Github Security Blog
•added 2021/07/28 6:58 p.m.•65 views

Out-of-bounds write in ChakraCore

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829,...

7.6CVSS2.8AI score0.09363EPSS
Exploits0References3Affected Software1
Total number of security vulnerabilities5000