Lucene search
K
GithubMost viewed

33122 matches found

Github Security Blog
Github Security Blog
added 2022/08/06 5:20 a.m.282 views

Rust-WebSocket memory allocation based on untrusted length

Impact Untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based on the declared dataframe size, which may come from an untrusted source. When...

7.5CVSS7.2AI score0.01483EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/01/04 8:59 p.m.282 views

Axios vulnerable to Server-Side Request Forgery

Axios NPM package 0.21.0 contains a Server-Side Request Forgery SSRF vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address...

5.9CVSS6.2AI score0.0232EPSS
Exploits1References11Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:42 p.m.281 views

Withdrawn Advisory: Insufficient Granularity of Access Control in JSDom

Withdrawn Advisory This advisory has been withdrawn because the user must configure jsdom to allow access to local files. Original Description JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is...

6.8CVSS5.8AI score0.0139EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:25 a.m.281 views

Deserialization of Untrusted Data in Apache commons collections

It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections...

10CVSS9.6AI score0.83274EPSS
Exploits8References12Affected Software5
Github Security Blog
Github Security Blog
added 2019/01/17 1:57 p.m.281 views

Bootstrap Cross-site Scripting vulnerability

In Bootstrap 2.x from 2.0.4, 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute. Note that this is a different vulnerability than CVE-2018-14041. See https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/ for more info...

6.1CVSS6.3AI score0.0404EPSS
Exploits1References18Affected Software5
Github Security Blog
Github Security Blog
added 2022/02/10 8:38 p.m.280 views

Arbitrary Code Execution in Handlebars

Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars...

8.1CVSS4.6AI score0.03193EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2025/06/30 6:31 p.m.278 views

Mattermost Incorrect Authorization vulnerability

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly validate channel membership when retrieving playbook run metadata, allowing authenticated users who are playbook members but not channel members to access sensitive informatio...

5.4CVSS5.9AI score0.00169EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2022/07/06 6:38 p.m.277 views

Moment.js vulnerable to Inefficient Regular Expression Complexity

Impact using string-to-date parsing in moment more specifically rfc2822 parsing, which is tried by default has quadratic N^2 complexity on specific inputs noticeable slowdown is observed with inputs above 10k characters users who pass user-provided strings without sanity length checks to moment...

7.5CVSS7.6AI score0.04923EPSS
Exploits1References20Affected Software2
Github Security Blog
Github Security Blog
added 2019/12/05 6:44 p.m.275 views

Cross-Site Scripting in serialize-javascript

Versions of serialize-javascript prior to 2.1.1 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize serialized regular expressions. This vulnerability does not affect Node.js applications. Recommendation Upgrade to version 2.1.1 or later...

5.4CVSS3.7AI score0.00977EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 12:56 a.m.272 views

Laravel Framework RCE Vulnerability

In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in...

8.1CVSS7.7AI score0.76814EPSS
Exploits11References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/27 6:43 p.m.272 views

Authentication Bypass in hydra

Impact When using client authentication method "privatekeyjwt" 1, OpenId specification says the following about assertion jti: A unique identifier for the token, which can be used to prevent reuse of the token. These tokens MUST only be used once, unless conditions for reuse were negotiated betwe...

5.8CVSS5.8AI score0.01028EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/08/31 10:42 p.m.270 views

DataTable Vulnerable to Cross-Site Scripting

Cross-site scripting XSS vulnerability in the DataTables plugin 1.10.8 and earlier for jQuery allows remote attackers to inject arbitrary web script or HTML via the scripts parameter to media/unittesting/templates/6776.php. Recommendation Update to a version greater than 1.10.8. A fix appears in...

4.3CVSS8.1AI score0.02679EPSS
Exploits2References11Affected Software2
Github Security Blog
Github Security Blog
added 2020/07/06 9:31 p.m.270 views

Directory traversal in Rack::Directory app bundled with Rack

A directory traversal vulnerability exists in rack 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure...

8.6CVSS4.2AI score0.03593EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2025/05/02 3:31 p.m.269 views

Hashicorp Vault Community vulnerable to Generation of Error Message Containing Sensitive Information

Vault Community and Vault Enterprise Key/Value kv Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret creation or update operations via the Vault REST API. This vulnerability, identified as CVE-2025-4166, is...

6.5CVSS6.4AI score0.00335EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/04/02 3:4 p.m.269 views

image-size Denial of Service via Infinite Loop during Image Processing

Summary image-size is vulnerable to a Denial of Service vulnerability when processing specially crafted images. The issue occurs because of an infine loop in findBox when processing certain images with a box with size 0. Details If the first bytes of the input does not match any bytes in...

8.7CVSS7.2AI score0.00625EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/22 3:8 p.m.268 views

Improper Handling of Exceptional Conditions in Newtonsoft.Json

Newtonsoft.Json prior to version 13.0.1 is vulnerable to Insecure Defaults due to improper handling of expressions with high nesting level that lead to StackOverFlow exception or high CPU and RAM usage. Exploiting this vulnerability results in Denial Of Service DoS. The serialization and...

7.5CVSS2.5AI score0.32908EPSS
Exploits2References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 1:7 a.m.268 views

Unrestricted Upload of File with Dangerous Type Apache Tomcat

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default servlet to false it was possible to upload a JSP file to the server via a specially crafted...

8.1CVSS2.6AI score0.99988EPSS
Exploits23References84Affected Software2
Github Security Blog
Github Security Blog
added 2018/10/18 7:24 p.m.268 views

Apache Struts vulnerable to remote arbitrary command execution due to improper input validation

Apache Struts versions prior to 2.3.32 and 2.5.10.1 contain incorrect exception handling and error-message generation during file-upload attempts using the Jakarta Multipart parser, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or...

10CVSS4.5AI score0.99999EPSS
Exploits44References45Affected Software1
Github Security Blog
Github Security Blog
added 2020/02/28 1:10 a.m.267 views

Potential HTTP request smuggling in Apache Tomcat

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse...

5.8CVSS1AI score0.09386EPSS
Exploits0References21Affected Software2
Github Security Blog
Github Security Blog
added 2021/05/07 4:4 p.m.264 views

Deserialization of Untrusted Data in bson

All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's bsontype, leading to cases where an object is serialized as a document rather than the intended BSON type...

9.8CVSS8.9AI score0.02164EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/03 12:0 a.m.263 views

Deserialization of Untrusted Data in Gson

The package com.google.code.gson:gson before 2.8.9 is vulnerable to Deserialization of Untrusted Data via the writeReplace method in internal classes, which may lead to denial of service attacks...

7.7CVSS3.5AI score0.1158EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/22 4:10 p.m.263 views

Fixes a bug in Zend Framework's Stream HTTP Wrapper

Impact CVE-2021-3007: Backport of ZendHttpResponseStream, added certain type checking as a way to prevent exploitation. https://vulners.com/cve/CVE-2021-3007 This vulnerability is caused by the unsecured deserialization of an object. In versions higher than Zend Framework 3.0.0, the attacker abus...

9.8CVSS1.6AI score0.75313EPSS
Exploits3References3Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/25 6:28 p.m.263 views

Segmentation fault in tensorflow-lite

Impact If a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. Patches We have patched the issue in d58c96946b and will release patch releases for all versions between 1.1...

6.5CVSS3.2AI score0.00729EPSS
Exploits1References14Affected Software3
Github Security Blog
Github Security Blog
added 2018/09/11 6:22 p.m.261 views

Insufficient Entropy in cryptiles

Versions of cryptiles prior to 4.1.2 are vulnerable to Insufficient Entropy. The randomDigits method does not provide sufficient entropy and its generates digits that are not evenly distributed. Recommendation Upgrade to version 4.1.2. The package is deprecated and has been moved to @hapi/cryptil...

9.8CVSS4.8AI score0.01681EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/07 9:6 p.m.260 views

Cross-Site Request Forgery in Webargs

flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Content-Type header is application/json when receiving JSON input. If the request body is valid JSON, it will accept it even if the content type is application/x-www-form-urlencoded. This allows for JSON POST requests to be made...

8.8CVSS8.3AI score0.00488EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2019/12/26 6:22 p.m.257 views

In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could perform a session fixation attack

When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, th...

7.5CVSS3.2AI score0.10687EPSS
Exploits0References21Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/27 9:55 p.m.256 views

DoS vulnerabilities persist in ESAPI file uploads despite remediation of CVE-2023-24998

Impact ESAPI 2.5.2.0 and later addressed the DoS vulnerability described in CVE-2023-24998, which Apache Commons FileUpload 1.5 attempted to remediate. But while writing up a new security bulletin regarding the impact on the affected ESAPI HTTPUtilities.getFileUploads methods or more specifically...

7.5CVSS6.9AI score0.46836EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/03 12:0 a.m.255 views

angular vulnerable to regular expression denial of service (ReDoS)

AngularJS lets users write client-side web applications. The package angular after 1.7.0 is vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very...

7.5CVSS3.5AI score0.04658EPSS
Exploits1References13Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/03 4:46 p.m.254 views

Vite's `server.fs.deny` did not deny requests for patterns with directories.

Summary Vite dev server option server.fs.deny did not deny requests for patterns with directories. An example of such a pattern is /foo//. Impact Only apps setting a custom server.fs.deny that includes a pattern with directories, and explicitly exposing the Vite dev server to the network using...

5.9CVSS6.9AI score0.00711EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 5:17 p.m.253 views

vite: `server.fs.deny` bypass on Windows alternate paths

Summary The contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - the sensitive file...

8.2CVSS5.4AI score0.00393EPSS
Exploits2References2Affected Software2
Github Security Blog
Github Security Blog
added 2021/06/16 5:45 p.m.253 views

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's...

7.5CVSS2.1AI score0.18114EPSS
Exploits1References18Affected Software2
Github Security Blog
Github Security Blog
added 2021/12/20 5:53 p.m.252 views

Critical security issues in XML encoding in github.com/dexidp/dex

Impact The following vulnerabilities have been disclosed, which impact users leveraging the SAML connector: Signature Validation Bypass CVE-2020-15216: https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-q547-gmf8-8jr7 encoding/xml instabilities: - Element namespace prefix...

9.8CVSS6.8AI score0.02047EPSS
Exploits0References12Affected Software2
Github Security Blog
Github Security Blog
added 2024/10/29 6:30 p.m.251 views

Grafana org admin can delete pending invites in different org

Organization admins can delete pending invites created in an organization they are not part of...

2.7CVSS7.1AI score0.00496EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2019/01/17 1:57 p.m.251 views

XSS vulnerability that affects bootstrap

In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute...

6.1CVSS2.4AI score0.03835EPSS
Exploits0References17Affected Software4
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.251 views

Moderate severity vulnerability that affects ember

Withdrawn, accidental duplicate publish. Cross-site scripting XSS vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web scrip...

6.1CVSS2.9AI score0.00816EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2023/05/29 9:30 p.m.250 views

Dolibarr vulnerable to remote code execution via uppercase manipulation

Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: ?PHP instead of ?php in injected data...

8.8CVSS7.8AI score0.79335EPSS
Exploits16References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/02 3:44 a.m.250 views

Active Record subject to Regular Expression Denial-of-Service (ReDoS)

The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service REDoS vulnerability. Carefully crafted input can cause the input validation in the money type of the PostgreSQL adapter in Active Record to spend too much time in a regular...

7.5CVSS7AI score0.04434EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/07 4:16 p.m.249 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes in querymen

querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handlertype, name, fn can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks...

5.3CVSS5.9AI score0.01127EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/09 10:57 p.m.248 views

SQL injection in hibernate-core

A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an...

7.4CVSS8AI score0.02907EPSS
Exploits0References13Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 9:48 p.m.247 views

jaraco.context Has a Path Traversal Vulnerability

Summary There is a Zip Slip path traversal vulnerability in the jaraco.context package affecting setuptools as well, in jaraco.context.tarball function. The vulnerability may allow attackers to extract files outside the intended extraction directory when malicious tar archives are processed. The...

8.6CVSS5.7AI score0.00527EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/17 8:11 p.m.246 views

Billion laughs attack (XML bomb)

Impact Opencast is vulnerable to the Billion laughs attack which allows an attacker to easily execute a seemingly permanent denial of service attack, essentially taking down Opencast using a single HTTP request. Consider an XML file createMediaPackage.xml like this: xml mediapackage...

8.1CVSS6.7AI score0.01254EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/06 4:9 p.m.246 views

Arbitrary Code Execution in underscore

The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Execution via the template function, particularly when a variable property is passed as an argument as it is not sanitized...

7.2CVSS6AI score0.04087EPSS
Exploits2References31Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/06 6:36 p.m.246 views

Rebuild-bot workflow may allow unauthorised repository modifications

Impact projen is a project generation tool that synthesizes project configuration files such as package.json, tsconfig.json, .gitignore, GitHub Workflows, eslint, jest, and more, from a well-typed definition written in JavaScript. Users of projen's NodeProject project type including any project...

8.1CVSS1AI score0.01381EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/20 9:33 p.m.245 views

Spring Boot Security Bypass with Wildcard Pattern Matching on Cloud Foundry

In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users...

9.8CVSS6AI score0.01122EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2020/07/29 6:7 p.m.245 views

HTTP response splitting in uvicorn

Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can exploit exploit this to add arbitrary headers to HTTP responses, or even return an arbitrary response body, whenever crafted input is used to construct HTTP...

5.3CVSS1.3AI score0.0131EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/01/06 6:43 p.m.245 views

Deserialization of Untrusted Data in Log4j

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions 1.2 up ...

9.8CVSS9.2AI score0.6906EPSS
Exploits3References217Affected Software2
Github Security Blog
Github Security Blog
added 2020/09/04 6:0 p.m.244 views

yargs-parser Vulnerable to Prototype Pollution

Affected versions of yargs-parser are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of Object, causing the addition or modification of an existing property that will exist on all objects. Parsing the argument --foo.proto.bar...

5.3CVSS4.7AI score0.00514EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/08/05 2:52 p.m.244 views

Operation on a Resource after Expiration or Release in Jetty Server

In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this doub...

9.4CVSS0.2AI score0.11138EPSS
Exploits0References22Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/06 8:30 p.m.243 views

Regular Expression Denial of Service (ReDoS) in lodash

All versions of package lodash prior to 4.17.21 are vulnerable to Regular Expression Denial of Service ReDoS via the toNumber, trim and trimEnd functions. Steps to reproduce provided by reporter Liyuan Chen: js var lo = require'lodash'; function buildblankn var ret = "1" for var i = 0; i n; i++ r...

5.3CVSS6.3AI score0.07336EPSS
Exploits1References20Affected Software5
Github Security Blog
Github Security Blog
added 2021/11/10 7:52 p.m.242 views

Template injection in thymeleaf-spring5

In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution...

9.8CVSS2.7AI score0.03866EPSS
Exploits1References6Affected Software1
Total number of security vulnerabilities5000