Lucene search
K
GithubMost viewed

33227 matches found

Github Security Blog
Github Security Blog
added 2021/07/28 6:57 p.m.65 views

Out-of-bounds write in ChakraCore

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828,...

7.6CVSS2.8AI score0.09363EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/19 9:22 p.m.65 views

URIjs Vulnerable to Hostname spoofing via backslashes in URL

Impact If using affected versions to determine a URL's hostname, the hostname can be spoofed by using a combination of backslash \ and slash / characters as part of the scheme delimiter, e.g. scheme:///\hostname. If the hostname is used in security decisions, the decision may be incorrect...

6.1CVSS6.6AI score0.0091EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/22 3:18 p.m.65 views

PHPMailer untrusted code may be run from an overridden address validator

If a function is defined that has the same name as the default built-in email address validation scheme php, it will be called in default configuration as when no validation scheme is provided, the default scheme's callable php was being called. If an attacker is able to inject such a function in...

8.1CVSS7.9AI score0.0226EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/21 5:16 p.m.65 views

ckeditor4 vulnerable to cross-site scripting

A cross-site scripting XSS vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --! is mishandled...

6.1CVSS5.8AI score0.03189EPSS
Exploits0References11Affected Software3
Github Security Blog
Github Security Blog
added 2021/06/08 10:29 p.m.65 views

Unsynchronized Access to Shared Data in a Multithreaded Context in RESTEasy

A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is to confidentiality and integrity. Versions before resteasy 2.0.0.Alpha3 are affected...

4.3CVSS5.4AI score0.00629EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/24 7:51 p.m.65 views

Potential memory exposure in dns-packet

This affects the package dns-packet before versions 1.3.2 and 5.2.2. It creates buffers with allocUnsafe and does not always fill them before forming network packets. This can expose internal application memory over unencrypted network when querying crafted invalid domain names...

7.7CVSS4.9AI score0.01425EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/24 4:59 p.m.65 views

Path traversal and files overwrite with unsquashfs in singularity

Impact Due to insecure handling of path traversal and the lack of path sanitization within unsquashfs a distribution provided utility used by Singularity, it is possible to overwrite/create any files on the host filesystem during the extraction of a crafted squashfs filesystem. Squashfs extractio...

9.3CVSS0.4AI score0.02046EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/21 4:24 p.m.65 views

JWT leak via Open Redirect in Programmatic access

Impact Using programmatic access on protected sites, one can get a signed login URL with pomeriumredirecturi set to an arbitrary URL. Then, if the user has already logged into Pomerium, they will be redirected to the specified pomeriumredirecturi with a JWT attached. This allows an outside attack...

6.1CVSS6.2AI score0.00658EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/18 6:32 p.m.65 views

Path Traversal in Buildah

A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTPs server and then write files to the user's system anywhere that the user has permissions. Specific Go Packages Affected...

9.3CVSS8.2AI score0.02603EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/17 9:0 p.m.65 views

Code Injection in cd-messenger

cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. User input provided to the color argument executed by the eval function resulting in code execution...

9.8CVSS9.2AI score0.02512EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/11 12:5 a.m.65 views

Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala code

Impact This vulnerability impacts generated code. If this code was generated as a one-off occasion, not as a part of an automated CI/CD process, this code will remain vulnerable until fixed manually! On Unix-Like systems, the system temporary directory is shared between all local users. When...

6.2CVSS0.3AI score0.00404EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/10 2:53 p.m.65 views

Insecure path handling in Bundler

Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could pla...

7.8CVSS7.5AI score0.00529EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/07 4:28 p.m.65 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes in utilitify

utilitify prior to 1.0.3 allows modification of object properties. The merge method could be tricked into adding or modifying properties of the Object.prototype...

8.8CVSS3.9AI score0.02044EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/06 6:26 p.m.65 views

Prototype Pollution in worksmith

All versions up to and including 1.0.0 of the package worksmith are vulnerable to Prototype Pollution via the setValue function...

9.8CVSS9AI score0.01916EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/06 6:26 p.m.65 views

Prototype Pollution in gammautils

All versions of package gammautils up to and including version 0.0.81 are vulnerable to Prototype Pollution via the deepSet and deepMerge functions...

9.8CVSS9AI score0.01916EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/30 5:34 p.m.65 views

libtaxii Server-Side Request Forgery vulnerability

"TAXII libtaxii through 1.1.117, as used in EclecticIQ OpenTAXII through 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the nonetwork setting is used for the XML parser. NOTE: the vendor points out that the parse method "wraps the lxml librar...

9.8CVSS9AI score0.0225EPSS
Exploits2References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/20 4:30 p.m.65 views

Open Redirect in werkzeug

Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL...

6.1CVSS6.2AI score0.01661EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/07 8:36 p.m.65 views

Exposure of Resource to Wrong Sphere and Insecure Temporary File in Ansible

A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchiv...

5.5CVSS1.2AI score0.00376EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/24 6:24 p.m.65 views

Python-RSA decryption of ciphertext leads to DoS

Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior such as by...

7.5CVSS7.4AI score0.01359EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/02 3:44 a.m.65 views

Actionpack Open Redirect Vulnerability

The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious websi...

6.1CVSS6.1AI score0.87301EPSS
Exploits1References14Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/02 2:57 a.m.65 views

Sandbox escape through template_object in smarty

Sandbox protection could be bypassed through access to an internal Smarty object that should have been blocked. Sites that rely on Smarty Security features should upgrade as soon as possible. Please upgrade to 3.1.39 or higher...

7.5CVSS0.9AI score0.09436EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2021/01/13 6:22 p.m.65 views

Command injection in buns

There is a command injection vulnerability in all versions of package buns. The injection point is located in line 678 in index file lib/index.js in the exported function installrequestedModule...

9.8CVSS9.4AI score0.01583EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2020/11/13 5:18 p.m.65 views

Float cast overflow undefined behavior

Impact When the boxes argument of tf.image.cropandresize has a very large value, the CPU kernel implementation receives it as a C++ nan floating point value. Attempting to operate on this is undefined behavior which later produces a segmentation fault. Patches We have patched the issue in...

7.5CVSS1.8AI score0.00916EPSS
Exploits1References8Affected Software3
Github Security Blog
Github Security Blog
added 2020/11/09 10:17 p.m.65 views

Web Cache Poisoning in find-my-way

This affects the package find-my-way before 2.2.5, from 3.0.0 and before 3.0.5. It accepts the Accept-Version' header by default, and if versioned routes are not being used, this could lead to a denial of service. Accept-Version can be used as an unkeyed header in a cache poisoning attack...

7.5CVSS3.9AI score0.01705EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/10/20 8:3 p.m.65 views

Ensure that doorkeeper_token is valid when authenticating requests in API v2 calls

Impact The perpetrator who previously obtained an old expired user token could use it to access Storefront API v2 endpoints. Patches Please upgrade to 3.7.11, 4.0.4, or 4.1.11 depending on your used Spree version. Workarounds In your project directory create a decorator file...

9.1CVSS1.4AI score0.01051EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/07/27 10:51 p.m.65 views

SQL Injection in Kylin

Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries...

8.8CVSS2.8AI score0.02667EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/04/16 3:14 a.m.65 views

Cross-Site Scripting in sanitize-html

Affected versions of sanitize-html do not sanitize input recursively, which may allow an attacker to execute arbitrary Javascript. Recommendation Update to version 1.4.3 or later...

6.1CVSS5.9AI score0.0084EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/01/30 9:21 p.m.65 views

Users with ROLE_COURSE_ADMIN can create new users in Opencast

Impact Users with the role ROLECOURSEADMIN can use the user-utils endpoint to create new users not including the role ROLEADMIN. For example: bash Use the admin to create a new user with ROLECOURSEADMIN using the admin user. We expect this to work. % curl -i -u admin:opencast...

6.5CVSS0.8AI score0.00625EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/01/30 9:21 p.m.65 views

Authentication Bypass For Endpoints With Anonymous Access in Opencast

Impact Using a remember-me cookie with an arbitrary username can cause Opencast to assume proper authentication for that user even if the remember-me cookie was incorrect given that the attacked endpoint also allows anonymous access. This way, an attacker can, for example, fake a remember-me toke...

10CVSS2.9AI score0.01293EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/01/24 9:26 p.m.65 views

Log injection in SimpleSAMLphp

Background SimpleSAMLphp has a logging functionality that allows system administrators to keep track of the activity, errors, and statistics. Additionally, it allows users to report errors, shall they happen. An error report contains a report identifier, which is logged once submitted. Descriptio...

5.5CVSS1.6AI score0.00653EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2019/12/17 10:53 p.m.65 views

Insert tag injection in the Contao login module

Impact It is possible to inject insert tags into the login module which will be replaced when the page is rendered. Patches Update to Contao 4.8.6. Workarounds None. References https://contao.org/en/security-advisories/insert-tag-injection-in-the-login-module For more information If you have any...

5.3CVSS5.3AI score0.00819EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2019/12/02 6:4 p.m.65 views

Prototype Pollution in chartkick

Affected versions of @polymer/polymer are vulnerable to prototype pollution. The package fails to prevent modification of object prototypes through chart options containing a payload such as "proto": "polluted": true. It is possible to achieve the same results if a chart loads data from a malicio...

7.5CVSS4.3AI score0.01391EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/17 8:2 p.m.65 views

Denial of Service in org.springframework:spring-core

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

6.5CVSS5.4AI score0.03279EPSS
Exploits0References15Affected Software1
Github Security Blog
Github Security Blog
added 2018/03/26 4:41 p.m.65 views

Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration

A vulnerability has been discovered which allows Node.js integration to be re-enabled in some Electron applications that disable it. For the application to be impacted by this vulnerability it must meet all of these conditions - Runs on Electron 1.7, 1.8, or a 2.0.0-beta - Allows execution of...

8.1CVSS7.9AI score0.04778EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 8:25 p.m.64 views

Open WebUI has an IDOR vulnerability in the update_message_by_id API endpoint

Summary An IDOR vulnerability exists in the Channels feature of Open WebUI, allowing any channel member to modify messages sent by other members including administrators within the same channel. This vulnerability affects the latest version v0.8.12 of Open WebUI. Details In the updatemessagebyid...

4.3CVSS5.6AI score0.00204EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/27 10:9 p.m.64 views

Junrar has an arbitrary file write due to backslash Path Traversal bypass in LocalFolderExtractor on Linux/Unix

Summary A backslash path traversal vulnerability in LocalFolderExtractor allows an attacker to write arbitrary files with attacker-controlled content anywhere on the filesystem when a crafted RAR archive is extracted on Linux/Unix. This can often lead to remote code execution e.g., overwriting...

5.9CVSS6.6AI score0.12038EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/04/04 2:20 p.m.64 views

Vite allows server.fs.deny to be bypassed with .svg or relative paths

Summary The contents of arbitrary files can be returned to the browser. Impact Only apps explicitly exposing the Vite dev server to the network using --host or server.host config option are affected. Details .svg Requests ending with .svg are loaded at this line...

5.3CVSS5.1AI score0.38685EPSS
Exploits7References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/12/06 9:24 p.m.64 views

shared_preferences_android vulnerability

Impact Due to some data types not being natively representable for the available storage options, sharedpreferencesandroid serializes and deserializes special string prefixes to store these unrepresentable data types. This allows arbitrary classes to be deserialized leading to arbitrary code...

7.6AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/11 6:30 p.m.64 views

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability...

5.5CVSS5.8AI score0.00788EPSS
Exploits0References9Affected Software8
Github Security Blog
Github Security Blog
added 2024/01/23 2:43 p.m.64 views

keycloak-core: open redirect via "form_post.jwt" JARM response mode

An incomplete fix was found in Keycloak Core patch. An attacker can steal authorization codes or tokens from clients using a wildcard in the JARM response mode "formpost.jwt". It is observed that changing the responsemode parameter in the original proof of concept from "formpost" to "formpost.jwt...

6.1CVSS7.2AI score0.01109EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
added 2023/12/07 9:30 a.m.64 views

Apache Struts vulnerable to path traversal

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this...

9.8CVSS9.7AI score0.80819EPSS
Exploits15References10Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/30 7:51 p.m.64 views

@adobe/css-tools Improper Input Validation and Inefficient Regular Expression Complexity

Impact @adobe/css-tools version 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS. Patches The issue has been resolved in 4.3.2. Workarounds None References N/A...

7.5CVSS7AI score0.01121EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/28 9:30 a.m.64 views

Spring Boot Actuator denial of service vulnerability

In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring M...

6.5CVSS5.8AI score0.01219EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/26 5:39 p.m.64 views

Buffer overflow in sponge queue functions

Impact The Keccak sponge function interface accepts partial inputs to be absorbed and partial outputs to be squeezed. A buffer can overflow when partial data with some specific sizes are queued, where at least one of them has a length of 2^32 - 200 bytes or more. Patches Yes, see commit fdc6fef0...

9.8CVSS9.4AI score0.05193EPSS
Exploits1References23Affected Software2
Github Security Blog
Github Security Blog
added 2022/12/26 9:30 a.m.64 views

json-pointer vulnerable to Prototype Pollution

A vulnerability, which was classified as critical, has been found in json-pointer up to 0.6.1. Affected by this issue is the function set of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. The attack may be...

9.8CVSS9.5AI score0.01005EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/22 7:59 p.m.64 views

CodeIgniter4 allows spoofing of IP address when using proxy

Impact This vulnerability may allow attackers to spoof their IP address when your server is behind a reverse proxy. Patches Upgrade to v4.2.11 or later, and configure Config\App::$proxyIPs. Workarounds Do not use $request-getIPAddress. References -...

7.5CVSS1.8AI score0.00373EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/09 8:19 p.m.64 views

Spring Boot Admins integrated notifier support allows arbitrary code execution

Impact All users who run Spring Boot Admin Server, having enabled Notifiers e.g. Teams-Notifier and write access to environment variables via UI are possibly affected. Patches In the most recent releases of Spring Boot Admin 2.6.10 and 2.7.8 the issue is fixed by implementing SimpleExecutionConte...

9.8CVSS9.2AI score0.01437EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2022/11/28 3:30 p.m.64 views

decode-uri-component vulnerable to Denial of Service (DoS)

decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS...

7.5CVSS7.3AI score0.24928EPSS
Exploits1References11Affected Software1
Github Security Blog
Github Security Blog
added 2022/10/14 7:0 p.m.64 views

loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable

A Regular expression denial of service ReDoS flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js. A badly or maliciously formed string could be used to send crafted requests that cause a system to crash or take ...

7.5CVSS8.1AI score0.02029EPSS
Exploits1References12Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/15 9:46 p.m.64 views

Cilium host policy bypass in endpoint-routes mode with dual-stack

Impact This vulnerability allows bypassing host policies for IPv6 traffic coming from a Cilium-managed pod and destined to the host-network namespace e.g., to a host-network pod. Host policy enforcement on IPv4 or for traffic coming from outside the node is not affected. Cilium is only affected b...

7AI score
Exploits0References3Affected Software1
Total number of security vulnerabilities5000