Lucene search
K
GithubMost viewed

33227 matches found

Github Security Blog
Github Security Blog
•added 2021/10/05 8:23 p.m.•63 views

HTTP Host Header Injection

Meta CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:F/RL:O/RC:C 3.5 Problem It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses the HTTP Host header, for example, to generate absolute URLs during the frontend...

5.3CVSS1.2AI score0.0116EPSS
Exploits0References8Affected Software2
Github Security Blog
Github Security Blog
•added 2021/09/08 9:11 p.m.•63 views

Flask-AppBuilder Open Redirect vulnerability

Impact If using Flask-AppBuilder OAuth, an attacker can share a carefully crafted URL with a trusted domain for an application built with Flask-AppBuilder, this URL can redirect a user to a malicious site. This is an open redirect vulnerability Patches Install Flask-AppBuilder 3.2.2 or above...

7.2CVSS6.2AI score0.007EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2021/08/09 8:43 p.m.•63 views

Integer overflow in pywin32

An integer overflow exists in pywin32 prior to version b301 when adding an access control entry ACE to an access control list ACL that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process...

6.5CVSS6.2AI score0.01729EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2021/08/09 8:38 p.m.•63 views

No Restriction of Excessive Authentication Attempts in Firefly III

firefly-iii is vulnerable to Improper Lack of Restriction of Excessive Authentication Attempts...

7.5CVSS7.3AI score0.0071EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/06/29 9:12 p.m.•63 views

Erroneous Proof of Work calculation in geth

Impact An ethash mining DAG generation flaw in Geth could cause miners to erroneously calculate PoW in an upcoming epoch estimated early January, 2021. This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected. Patches This issue is also...

7.5CVSS7.4AI score0.01643EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2021/06/29 5:23 p.m.•63 views

Missing Authentication for Critical Function

Shopware is an open source eCommerce platform. Creation of order credits was not validated by ACL in admin orders. Users are recommend to update to the current version 6.4.1.1. You can get the update to 6.4.1.1 regularly via the Auto-Updater or directly via the download overview. For older versio...

4.9CVSS4.1AI score0.00626EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/06/08 10:29 p.m.•63 views

Uncontrolled Resource Consumption in XNIO

A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final...

5.9CVSS3.6AI score0.0222EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/06/04 7:9 p.m.•63 views

Script injection

Impact A malicious internal actor can potentially upload documentation content with malicious scripts by embedding the script within an object element. This may give access to sensitive data when other users visit that same documentation page. The ability to upload malicious content may be limite...

7.3CVSS0.9AI score0.01209EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/27 6:39 p.m.•63 views

Private Field data leak

This security advisory relates to a newly discovered capability in our query infrastructure to directly or indirectly expose the values of private fields, bypassing the configured access control. This is an access control related oracle attack in that the attack method guides an attacker during...

7.5CVSS1.2AI score0.00864EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/25 6:46 p.m.•63 views

Cross-Site Request Forgery in OpenNMS Horizon

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to CSRF, due to no CSRF protection at...

8.8CVSS4.1AI score0.00726EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/24 6:13 p.m.•63 views

HTTP Request Smuggling in reel

reel through 0.6.1 allows Request Smuggling attacks due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as...

7.5CVSS7.4AI score0.01334EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/21 4:24 p.m.•63 views

pomerium_signature is not verified in middleware in github.com/pomerium/pomerium

Impact Some API endpoints under /.pomerium/ do not verify parameters with pomeriumsignature. This could allow modifying parameters intended to be trusted to Pomerium. The issue mainly affects routes responsible for sign in/out, but does not introduce an authentication bypass. Specific Go Packages...

6.1CVSS6.3AI score0.00658EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/18 6:33 p.m.•63 views

Improper Authorization in github.com/containers/libpod

A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root user inside the...

7CVSS2.3AI score0.00261EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/18 6:19 p.m.•63 views

Denial of Service (DoS) in HashiCorp Consul

HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3. Specific Go Packages Affected github.com/hashicorp/consul/agent/consul...

7.5CVSS7.5AI score0.0201EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/07 4:14 p.m.•63 views

OS Command Injection in gulp-tape

gulp-tape through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of gulp-tape options...

9.8CVSS9.2AI score0.02512EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/07 4:14 p.m.•63 views

OS Command Injection in gulkp-styledocco

gulp-styledocco through 0.0.3 allows execution of arbitrary commands. The argument options of the exports function in index.js can be controlled by users without any sanitization...

9.8CVSS9.1AI score0.02512EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/06 6:53 p.m.•63 views

Cross-Site Request Forgery in ForkCMS

Multiple cross-site request forgery CSRF vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to 1 approve the mass of the user's comments, 2 restoring a deleted user, 3 installing or running modules, 4 resetting the...

8.8CVSS8.5AI score0.00676EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/06 6:53 p.m.•63 views

SQL Injection in librenms

A second-order SQL injection issue in Widgets/TopDevicesController.php aka the Top Devices dashboard widget of LibreNMS before 21.1.0 allows remote authenticated attackers to execute arbitrary SQL commands via the sortorder parameter against the /ajax/form/widget-settings endpoint...

8.8CVSS9.4AI score0.0234EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/20 4:43 p.m.•63 views

Exposure of Sensitive Information to an Unauthorized Actor in ansible

A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldapattr and ldapentry community modules are used. The issue...

5CVSS5.9AI score0.00406EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/07 8:37 p.m.•63 views

Code Injection, Race Condition, and Execution with Unnecessary Privileges in Ansible

A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.11, and 2.9.7 respectively, when using ansiblefacts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansiblefacts after the clean. An attacker could take...

7.9CVSS7.4AI score0.00345EPSS
Exploits0References13Affected Software1
Github Security Blog
Github Security Blog
•added 2021/03/22 11:29 p.m.•63 views

XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos)

Impact The vulnerability may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. Patches If you rely on...

7.8CVSS1.5AI score0.13832EPSS
Exploits0References17Affected Software1
Github Security Blog
Github Security Blog
•added 2021/03/19 9:19 p.m.•63 views

Command Injection in ps-kill

This affects all versions of package ps-kill. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file. PoC provided by...

9.8CVSS9.3AI score0.01201EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2021/02/02 5:58 p.m.•63 views

Cross-site scripting in Bleach

Impact A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument stripcomments=False Note: none of the above tags are in the default...

6.1CVSS6.2AI score0.00483EPSS
Exploits1References11Affected Software1
Github Security Blog
Github Security Blog
•added 2020/12/30 11:9 p.m.•63 views

XSS in Vega

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Vega in an npm package. In Vega before version 5.17.3 there is an XSS vulnerability in Vega expressions. Through a specially crafted Vega expression, an attacker could execut...

8.7CVSS7.9AI score0.01362EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2020/11/23 9:18 p.m.•63 views

XML External Entity in Dashboard Widget

Problem It has been discovered that RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not possible to actually reproduce the vulnerability with current PHP versions of supported and maintained system distributions. At leas...

3.7CVSS2.6AI score0.00636EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
•added 2020/06/15 9:53 p.m.•63 views

Cross-site Scripting in dijit editor's LinkDialog plugin

Impact XSS possible for users of the Dijit Editor's LinkDialog plugin Patches Yes, 1.11.11, 1.12.9, 1.13.8, 1.14.7, 1.15.4, 1.16.3 Workarounds Users may apply the patch made in these releases. For more information If you have any questions or comments about this advisory, open an issue in dojo/di...

5.4CVSS1.7AI score0.01183EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2020/06/03 9:58 p.m.•63 views

Upload whitelisted files to any directory in OctoberCMS

Impact An attacker can exploit this vulnerability to upload jpg, jpeg, bmp, png, webp, gif, ico, css, js, woff, woff2, svg, ttf, eot, json, md, less, sass, scss, xml files to any directory of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the...

4CVSS3.4AI score0.0118EPSS
Exploits3References6Affected Software1
Github Security Blog
Github Security Blog
•added 2020/04/14 3:27 p.m.•64 views

Persistent Cross-Site scripting in Nexus Repository Manager

Sonatype Nexus Repository before 3.21.2 allows XSS...

4.8CVSS2.4AI score0.00918EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2020/03/30 8:9 p.m.•64 views

Prevent cache poisoning via a Response Content-Type header in Symfony

Description ----------- When a Response does not contain a Content-Type header, Symfony falls back to the format defined in the Accept header of the request, leading to a possible mismatch between the response's content and Content-Type header. When the response is cached, this can lead to a...

4.3CVSS4.3AI score0.01297EPSS
Exploits0References9Affected Software2
Github Security Blog
Github Security Blog
•added 2020/03/24 3:8 p.m.•63 views

Incorrect Account Used for Signing

Impact Anybody using this library to sign with a BIP44 account other than the first account may be affected. If a user is signing with the first account i.e. the account at index 0, or with the legacy MEW/MyCrypto HD path, they are not affected. The vulnerability impacts cases where the user sign...

2.1AI score
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
•added 2020/03/11 9:36 p.m.•63 views

Incorrect Default Permissions in keyring

Python keyring lib before 0.10 created keyring files with world-readable permissions...

7.5CVSS2.6AI score0.0146EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2020/01/23 2:27 a.m.•63 views

Limited header injection when using dynamic overrides with user input in RubyGems secure_headers

Impact If user-supplied input was passed into append/overridecontentsecuritypolicydirectives, a newline could be injected leading to limited header injection. Upon seeing a newline in the header, rails will silently create a new Content-Security-Policy header with the remaining value of the...

5.8CVSS0.3AI score0.01079EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2020/01/08 5:26 p.m.•63 views

Stored XSS in Apache Atlas

Apache Atlas versions 0.8.3 and 1.1.0 were found vulnerable to Stored Cross-Site Scripting in the search functionality...

6.1CVSS2.1AI score0.01787EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2019/02/18 11:47 p.m.•63 views

Downloads Resources over HTTP in httpsync

Affected versions of httpsync insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syste...

9.3CVSS5.6AI score0.01682EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2018/10/22 6:53 p.m.•63 views

Unrestricted Upload of File with Dangerous Type in blueimp-file-upload

Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload = v9.22.0...

9.8CVSS2.7AI score0.97107EPSS
Exploits15References9Affected Software1
Github Security Blog
Github Security Blog
•added 2018/08/13 8:49 p.m.•63 views

Moderate severity vulnerability that affects activerecord

Withdrawn, accidental duplicate publish. Active Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions a...

2.1AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added 2017/10/24 6:33 p.m.•63 views

Improper Input Validation in multi_xml

multixml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and possibly other products, does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption involvin...

7.5CVSS5.8AI score0.03655EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/08 8:2 p.m.•62 views

basic-ftp has FTP Command Injection via CRLF

Summary basic-ftp version 5.2.0 allows FTP command injection via CRLF sequences \r\n in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handles leading spaces and returns other...

8.6CVSS6.2AI score0.02185EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/06 6:23 p.m.•62 views

OpenSTAManager has a Time-Based Blind SQL Injection with Amplified Denial of Service

Summary Critical Time-Based Blind SQL Injection vulnerability affecting multiple search modules in OpenSTAManager v2.9.8 allows authenticated attackers to extract sensitive database contents including password hashes, customer data, and financial records through time-based Boolean inference attac...

8.7CVSS6.1AI score0.00366EPSS
Exploits3References3Affected Software1
Github Security Blog
Github Security Blog
•added 2024/11/25 7:40 p.m.•62 views

Keycloak mTLS Authentication Bypass via Reverse Proxy TLS Termination

A vulnerability was found in Keycloak. Deployments of Keycloak with a reverse proxy not using pass-through termination of TLS, with mTLS enabled, are affected. This issue may allow an attacker on the local network to authenticate as any user or client that leverages mTLS as the authentication...

6.8AI score0.00101EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2024/07/09 9:14 p.m.•62 views

Microsoft Security Advisory CVE-2024-38081 | .NET Elevation of Privilege Vulnerability

Microsoft Security Advisory CVE-2024-38081 | .NET Elevation of Privilege Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0 . This advisory also provides guidance on what developers can do to update their...

7.3CVSS7.5AI score0.01292EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2024/06/22 6:30 a.m.•62 views

Open redirect in gradio

An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting XSS, Server-Side Request Forgery SSRF, amongst others. This...

6.1CVSS6.5AI score0.01021EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2024/06/02 10:32 p.m.•62 views

SQL Injection in Harbor scan log API

Impact A user with an administrator, projectadmin, or projectmaintainer role could utilize and exploit SQL Injection to allow the execution of any Postgres function or the extraction of sensitive information from the database through this API: GET...

5.5CVSS7.6AI score0.00417EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2024/05/15 9:8 p.m.•62 views

eZ Platform Bundled jQuery affected by CVE-2019-11358

In eZ Platform 2.x, ezsystems/ezplatform-admin-ui-assets before v4.2.0 includes jQuery version 3.3.1. This version of jQuery is affected by the security vulnerability https://www.cvedetails.com/cve/CVE-2019-11358/ This is fixed in jQuery version 3.4. We recommend that you upgrade your...

6.1CVSS6.3AI score0.87218EPSS
Exploits4References4Affected Software1
Github Security Blog
Github Security Blog
•added 2024/05/03 6:30 p.m.•62 views

Bouncy Castle Java Cryptography API vulnerable to DNS poisoning

An issue was discovered in the Bouncy Castle Crypto Package For Java before BC TLS Java 1.0.19 ships with BC Java 1.78, BC Java LTS 2.73.6 and before BC FIPS TLS Java 1.0.19. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname as happens...

7.5CVSS6AI score0.0077EPSS
Exploits0References6Affected Software7
Github Security Blog
Github Security Blog
•added 2024/04/22 3:30 p.m.•62 views

Apache HugeGraph-Server: Command execution in gremlin

RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue...

9.8CVSS9.6AI score0.9921EPSS
Exploits11References8Affected Software2
Github Security Blog
Github Security Blog
•added 2024/04/17 5:31 p.m.•62 views

Keycloak path traversal vulnerability in the redirect validation

An issue was found in the redirecturi validation logic that allows for a bypass of otherwise explicitly allowed hosts...

7.1CVSS7.1AI score0.00495EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2024/04/03 3:30 a.m.•62 views

Pillow buffer overflow vulnerability

In imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy...

6.7CVSS7.7AI score0.00989EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2024/02/21 6:4 p.m.•62 views

cryptography NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override

If pkcs12.serializekeyandcertificates is called with both: 1. A certificate whose public key did not match the provided private key 2. An encryptionalgorithm with hmachash set via PrivateFormat.PKCS12.encryptionbuilder.hmachash... Then a NULL pointer dereference would occur, crashing the Python...

7.5CVSS7.5AI score0.00831EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2023/10/19 8:2 p.m.•62 views

Directus crashes on invalid WebSocket message

Summary It seems that any Directus installation that has websockets enabled can be crashed if the websocket server receives an invalid frame. This could probably be posted as an issue and I might even be able to put together a pull request for a fix if only I had some extra time..., but I decided...

6.5CVSS5.9AI score0.00689EPSS
Exploits1References5Affected Software1
Total number of security vulnerabilities5000