Lucene search
K
GithubMost viewed

33227 matches found

Github Security Blog
Github Security Blog
added 2020/09/25 6:28 p.m.65 views

Segfault in Tensorflow

Impact The RaggedCountSparseOutput implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the splits tensor generate a valid partitioning of the values tensor. Thus, the following code sets up conditions to...

5.9CVSS2.1AI score0.00844EPSS
Exploits1References8Affected Software3
Github Security Blog
Github Security Blog
added 2020/09/01 8:44 p.m.64 views

Command Injection in pdf-image

Versions of pdf-image before 2.0.0 are vulnerable to command injection. This vulnerability is exploitable if the attacker has control over the pdfFilePath variable passed into pdf-image. Recommendation Update to version 2.0.0 or later...

10CVSS5.1AI score0.04568EPSS
Exploits2References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/07/29 6:7 p.m.64 views

Log injection in uvicorn

This affects all versions of package uvicorn. The request logger provided by the package is vulnerable to ASNI escape sequence injection. Whenever any HTTP request is received, the default behaviour of uvicorn is to log its details to either the console or a log file. When attackers request craft...

7.5CVSS1.5AI score0.01345EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/03 9:57 p.m.64 views

DoS via malicious record IDs in WatermelonDB

Impact Medium severity 5.9 https://www.first.org/cvss/calculator/3.0CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H A maliciously crafted record ID can exploit a SQL Injection vulnerability in iOS adapter implementation and cause the app to delete all or selected records from the database, generally...

5.9CVSS5.8AI score0.00763EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/04/29 3:34 p.m.64 views

BSON rubygem contains potential denial of service

The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service worker resource consumption via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410...

7.5CVSS6.9AI score0.06372EPSS
Exploits1References16Affected Software1
Github Security Blog
Github Security Blog
added 2020/04/16 3:14 a.m.64 views

Machine-In-The-Middle in lix

All versions of lix are vulnerable to Machine-In-The-Middle. The package accepts downloads with http and follows location header redirects for package downloads. This allows for an attacker in a privileged network position to intercept a lix package installation and redirect the download to a...

8.1CVSS3AI score0.01365EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2020/02/04 10:38 p.m.64 views

Server-Side Request Forgery (SSRF) in Apache Olingo

Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperImpl class which reads a URL from the Location header, and then sends a GET or DELETE request to this URL. It may allow to implement a SSRF attack. If an attacker tricks a client to connect to a malicious server, the server can...

7.5CVSS2.8AI score0.0283EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2020/01/28 10:26 p.m.64 views

XSS in Dolibarr ERP & CRM

htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header...

6.1CVSS1.4AI score0.01152EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2019/03/14 3:39 p.m.64 views

spring-security-oauth and spring-security-oauth2 Open Redirect vulnerability

Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to th...

6.5CVSS10AI score0.15621EPSS
Exploits4References6Affected Software2
Github Security Blog
Github Security Blog
added 2019/01/30 8:56 p.m.64 views

CRLF Injection in pypiserver

CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI...

6.1CVSS6.2AI score0.03922EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/18 6:4 p.m.64 views

Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding...

5.9CVSS3.7AI score0.02618EPSS
Exploits0References9Affected Software3
Github Security Blog
Github Security Blog
added 2018/10/17 8:5 p.m.64 views

Spring Framework allows applications to expose STOMP over WebSocket endpoints

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

9.8CVSS9.6AI score0.77245EPSS
Exploits5References20Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/17 5:23 p.m.64 views

Spring Data Commons contain a property path parser vulnerability caused by unlimited resource allocation

Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user or attacker can issue requests against Spring Data REST endpoints or endpoint...

7.5CVSS3.9AI score0.01969EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/29 5:40 p.m.63 views

vm2 is Vulnerable to Sandbox Breakout Through Promise Species

Summary VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. Details The localPromise constructor was changed to call this.thenundefined, eater to ensure a rejected promise i...

10CVSS6.5AI score0.0051EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/18 1:13 a.m.63 views

MailKit has STARTTLS Response Injection via unflushed stream buffer that enables SASL mechanism downgrade

Summary A STARTTLS Response Injection vulnerability in MailKit allows a Man-in-the-Middle attacker to inject arbitrary protocol responses across the plaintext-to-TLS trust boundary, enabling SASL authentication mechanism downgrade e.g., forcing PLAIN instead of SCRAM-SHA-256. The internal read...

6.8CVSS6.8AI score0.16334EPSS
Exploits2References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/08 9:52 p.m.64 views

AWS SDK for JavaScript v3 adopted defense in depth enhancement for region parameter value

CVSSv3.1 Rating: 3.7 LOW Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. A defense-in-depth enhancement h...

6.7AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/10/04 8:31 p.m.63 views

cookie accepts cookie name, path, and domain with out of bounds characters

Impact The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. For example, serialize"userName=alert'XSS3'; Max-Age=2592000; a", value would result in "userName=alert'XSS3'; Max-Age=2592000; a=test", setting userName cookie to and ignoring value. ...

6.9CVSS7AI score0.00744EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/09/03 8:3 p.m.63 views

CometBFT's state syncing validator from malicious node may lead to a chain split

Name: ASA-2024-009: State syncing validator from malicious node may lead to a chain split Component: CometBFT Criticality: Medium ACMv1.2: I:Moderate; L: Possible Affected versions: = 0.34.0, =0.37.0, = 0.38.0, = 0.38.11 Summary The state sync protocol retrieves a snapshot of the application and...

6.5AI score
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2024/02/19 9:30 a.m.63 views

Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Apache Commons Compress. This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue...

8.1CVSS6.7AI score0.00441EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2024/02/13 9:18 p.m.64 views

NuGet Client Security Feature Bypass Vulnerability

Description Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 7.0 and .NET 8.0. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability. A security feature bypass...

9.8CVSS7.3AI score0.02778EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2023/12/02 12:31 a.m.63 views

Jupiter allows attackers to execute arbitrary commands via sending a crafted RPC request

A deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute arbitrary commands via sending a crafted RPC request...

9.8CVSS7.7AI score0.01552EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/17 6:31 a.m.63 views

Concrete CMS allows unauthorized access because directories can be created with insecure permissions

Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. File creation functions such as the Mkdir function gives universal access 0777 to created folders by default. Excessive permissions can be granted when creating...

9.8CVSS6.9AI score0.01233EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/02 6:30 a.m.63 views

Django potential denial of service vulnerability in UsernameField on Windows

An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS denial of service attack via certain inputs with a very large number of...

7.5CVSS7.1AI score0.49774EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/27 2:2 p.m.63 views

Potential leak of authentication data to 3rd parties

Impact Users of typed-rest-client library version 1.7.3 or lower are vulnerable to leak authentication data to 3rd parties. The flow of the vulnerability is as follows: 1. Send any request with BasicCredentialHandler, BearerCredentialHandler or PersonalAccessTokenCredentialHandler 2. The target...

9.1CVSS8.1AI score0.02224EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/23 9:30 p.m.63 views

tripleo-ansible may disclose important configuration details from an OpenStack deployment

A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file, leading to information disclosure of...

5.5CVSS4.8AI score0.00201EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/01/21 3:30 a.m.63 views

Command injection in yiisoft/yii2-gii

Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary code via the Generator.php messageCategory field. The attacker can embed arbitrary PHP code into the model file...

8.8CVSS9AI score0.01461EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/01/07 6:30 a.m.63 views

usememos/memos vulnerable to stored Cross-site Scripting

Cross-site Scripting XSS - Stored in GitHub repository usememos/memos prior to 0.10.0...

7.1CVSS5.2AI score0.00519EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/16 12:30 a.m.63 views

Alist vulnerable to Path Traversal

In versions of Alist prior to 3.6.0, a user with only file upload permission can bypass the base path restriction by using '... /' to bypass the base path restriction and upload files to an arbitrary path...

9.8CVSS9.5AI score0.01175EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/14 9:36 p.m.63 views

Helm vulnerable to denial of service through string value parsing

Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the strvals package that can cause a stack overflow. In Go, a stack overflow cannot be recovered from. Applications that use functions from the strvals package in the Helm SDK can have a Denial of Service atta...

7.5CVSS2.2AI score0.0076EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/22 12:0 a.m.63 views

file-type vulnerable to Infinite Loop via malformed MKV file

An issue was discovered in the file-type package from 13.0.0 until 16.5.4 and 17.x before 17.1.3 for Node.js. A malformed MKV file could cause the file type detector to get caught in an infinite loop. This would make the application become unresponsive and could be used to cause a DoS attack when...

5.5CVSS5.8AI score0.00389EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 8:48 p.m.63 views

Cross-site Scripting in Gogs

Impact The malicious user is able to upload a crafted SVG file as the issue attachment to archive XSS. All installations allow uploading SVG text/xml files as issue attachments non-default are affected. Patches Correctly setting the Content Security Policy for the serving endpoint. Users should...

7.3CVSS0.1AI score0.00687EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/18 8:6 p.m.63 views

Integer Overflow or Wraparound in libxml2 affects Nokogiri

Summary Nokogiri v1.13.5 upgrades the packaged version of its dependency libxml2 from v2.9.13 to v2.9.14. libxml2 v2.9.14 addresses CVE-2022-29824. This version also includes several security-related bug fixes for which CVEs were not created, including a potential double-free, potential memory...

6.5CVSS1.9AI score0.0363EPSS
Exploits5References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 3:28 a.m.63 views

Improper Control of Generation of Code ('Code Injection') in Spring Framework

SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs0=jar: followed by a URL of a crafted .jar file...

6CVSS9.6AI score0.52003EPSS
Exploits11References17Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/05 12:29 a.m.63 views

Symfony Host Header Injection vulnerability in the HttpFoundation component

Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to...

6.1CVSS6.8AI score0.02313EPSS
Exploits0References20Affected Software2
Github Security Blog
Github Security Blog
added 2022/04/09 12:0 a.m.63 views

Remote Code Execution in Laravel

Withdrawn This advisory has been withdrawn because it is not a security issue and the CVE has been revoked. Original Description A Remote Code Execution RCE vulnerability exists in h laravel 5.8.38 via an unserialize pop chain in 1 destruct in \Routing\PendingResourceRegistration.php, 2 cal in...

2.1AI score
Exploits2References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/09 11:38 p.m.63 views

NULL Pointer Dereference and Access of Uninitialized Pointer in TensorFlow

Impact The code for boosted trees in TensorFlow is still missing validation. This allows malicious users to read and write outside of bounds of heap allocated data as well as trigger denial of service via dereferencing nullptrs or via CHECK-failures. This follows after CVE-2021-41208 where these...

8.8CVSS1.6AI score0.00168EPSS
Exploits0References4Affected Software3
Github Security Blog
Github Security Blog
added 2022/02/09 10:58 p.m.63 views

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this...

7.5CVSS7.5AI score0.24622EPSS
Exploits0References34Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/09 12:56 a.m.63 views

Improper Input Validation in Keycloak

A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote co...

8.8CVSS8.6AI score0.02604EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2022/01/07 12:9 a.m.63 views

NumPy Buffer Overflow (Disputed)

A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArrayNewFromDescrint function of ctors.c when specifying arrays of large dimensions over 32 from Python code, which could let a malicious user cause a Denial of Service. NOTE: The vendor does not agree this is a vulnerability; In very...

5.3CVSS5.3AI score0.01074EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/05 8:23 p.m.63 views

HTTP Host Header Injection

Meta CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:F/RL:O/RC:C 3.5 Problem It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses the HTTP Host header, for example, to generate absolute URLs during the frontend...

5.3CVSS1.2AI score0.0116EPSS
Exploits0References8Affected Software2
Github Security Blog
Github Security Blog
added 2021/09/10 5:54 p.m.63 views

Remote Code Execution in Apache Dubbo

Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Apache Dubbo 2.7.13...

9.8CVSS8.9AI score0.02467EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/08 9:11 p.m.63 views

Flask-AppBuilder Open Redirect vulnerability

Impact If using Flask-AppBuilder OAuth, an attacker can share a carefully crafted URL with a trusted domain for an application built with Flask-AppBuilder, this URL can redirect a user to a malicious site. This is an open redirect vulnerability Patches Install Flask-AppBuilder 3.2.2 or above...

7.2CVSS6.2AI score0.007EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 2:48 p.m.63 views

XStream is vulnerable to an Arbitrary Code Execution attack

Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user is only affected if using the version out of the box with JDK 1.7u21 or below. However, this scenario can be adjusted easily to an...

8.8CVSS8.8AI score0.0454EPSS
Exploits0References13Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/13 3:22 p.m.63 views

Cross-site scripting in jfinal

An issue was discovered in JFinal framework v4.9.10 and below. The "set" method of the "Controller" class of jfinal framework is not strictly filtered, which will lead to XSS vulnerabilities in some cases...

6.1CVSS1.2AI score0.00641EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/09 8:43 p.m.63 views

Integer overflow in pywin32

An integer overflow exists in pywin32 prior to version b301 when adding an access control entry ACE to an access control list ACL that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process...

6.5CVSS6.2AI score0.01729EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/09 8:38 p.m.63 views

No Restriction of Excessive Authentication Attempts in Firefly III

firefly-iii is vulnerable to Improper Lack of Restriction of Excessive Authentication Attempts...

7.5CVSS7.3AI score0.0071EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/29 9:12 p.m.63 views

Erroneous Proof of Work calculation in geth

Impact An ethash mining DAG generation flaw in Geth could cause miners to erroneously calculate PoW in an upcoming epoch estimated early January, 2021. This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected. Patches This issue is also...

7.5CVSS7.4AI score0.01643EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/29 5:23 p.m.63 views

Missing Authentication for Critical Function

Shopware is an open source eCommerce platform. Creation of order credits was not validated by ACL in admin orders. Users are recommend to update to the current version 6.4.1.1. You can get the update to 6.4.1.1 regularly via the Auto-Updater or directly via the download overview. For older versio...

4.9CVSS4.1AI score0.00626EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/08 10:29 p.m.63 views

Uncontrolled Resource Consumption in XNIO

A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final...

5.9CVSS3.6AI score0.0222EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/04 7:9 p.m.63 views

Script injection

Impact A malicious internal actor can potentially upload documentation content with malicious scripts by embedding the script within an object element. This may give access to sensitive data when other users visit that same documentation page. The ability to upload malicious content may be limite...

7.3CVSS0.9AI score0.01209EPSS
Exploits0References5Affected Software1
Total number of security vulnerabilities5000