Lucene search
K
GithubMost viewed

33227 matches found

Github Security Blog
Github Security Blog
•added 2021/01/29 6:13 p.m.•62 views

Cross Site Scripting (XSS) in XWiki

XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section...

5.4CVSS2.3AI score0.00735EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2021/01/21 2:12 p.m.•62 views

SAML XML Signature wrapping in PySAML2

Impact All users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. pysaml2 = 6.4.1 does not validate the SAML document against an XML schema. This allows invalid XML documents to trick the verification process, by presenting elemen...

6.5CVSS2.4AI score0.01078EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2020/12/04 4:47 p.m.•62 views

Multiple cryptographic issues in Python oic

Impact Client implementations using this library Issues 1 The IdToken signature algorithm was not checked automatically, but only if the expected algorithm was passed in as a kwarg. 2 JWA none algorithm was allowed in all flows. 3 oic.consumer.Consumer.parseauthz returns an unverified IdToken. Th...

6.8CVSS2.8AI score0.00815EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2020/09/25 6:29 p.m.•62 views

Out of bounds access in tensorflow-lite

Impact In TensorFlow Lite models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor:...

8.6CVSS0.8AI score0.0061EPSS
Exploits1References11Affected Software3
Github Security Blog
Github Security Blog
•added 2020/09/11 9:18 p.m.•62 views

Cross-Site Scripting in dojo

Versions of dojo prior to 1.2.0 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize HTML code in user-controlled input, allowing attackers to execute arbitrary JavaScript in the victim's browser. Recommendation Upgrade to version 1.2.0 or later...

4.3CVSS6.2AI score0.02224EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
•added 2020/09/01 4:15 p.m.•62 views

Downloads Resources over HTTP in npm-test-sqlite3-trunk

Affected versions of npm-test-sqlite3-trunk insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code executio...

9.3CVSS6.4AI score0.01752EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2020/08/31 10:57 p.m.•62 views

Open Redirect in serve-static

Versions of serve-static prior to 1.6.5 or 1.7.x prior to 1.7.2 are affected by an open redirect vulnerability on some browsers when configured to mount at the root directory. Proof of Concept A link to http://example.com//www.google.com/%2e%2e will redirect to //www.google.com/%2e%2e Some browse...

4.3CVSS6.2AI score0.02616EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2020/08/07 10:27 p.m.•62 views

Unintended read access in kramdown gem

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...

9.8CVSS2.6AI score0.0456EPSS
Exploits0References15Affected Software1
Github Security Blog
Github Security Blog
•added 2020/07/20 5:50 p.m.•62 views

Cross-Site Scripting in Wagtail

Impact When a form page type is made available to Wagtail editors through the wagtail.contrib.forms app, and the page template is built using Django's standard form rendering helpers such as form.asp as directed in the documentation, any HTML tags used within a form field's help text will be...

5.7CVSS5.4AI score0.01083EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2020/06/03 11:19 p.m.•62 views

Potential unauthorized access to stored request & session data when plugin is misconfigured in October CMS Debugbar

Impact The debugbar contains a perhaps little known feature where it will log all requests and all information pertaining to each request including session data whenever it is enabled. This presents a problem if the plugin is ever enabled on a system that is open to untrusted users as the potenti...

9.8CVSS1AI score0.01047EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2020/05/13 10:17 p.m.•62 views

Cross-Site Scripting in SVG Sanitizer

Slightly invalid or incomplete SVG markup is not correctly processed and thus not sanitized at all. Albeit the markup is not valid it still is evaluated in browsers and leads to cross-site scripting. An updated version 1.0.3 is available from the TYPo3 extension manager and at...

5.4CVSS0.6AI score0.0054EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2020/03/25 5:35 p.m.•62 views

Local file inclusion vulnerability in http4s

Impact This vulnerability applies to all users of: org.http4s.server.staticcontent.FileService org.http4s.server.staticcontent.ResourceService org.http4s.server.staticcontent.WebjarService Path escaping URI normalization is applied incorrectly. Requests whose path info contain ../ or // can expos...

7.6CVSS1.8AI score0.06817EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2020/03/10 8:56 p.m.•62 views

Incorrect Default Permissions in keyring

Python keyring has insecure permissions on new databases, allowing world-readable files to be created...

6.2CVSS6.2AI score0.0045EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
•added 2020/03/10 6:3 p.m.•62 views

Prototype Pollution in Dojox

The Dojox jQuery wrapper jqMix mixin method is vulnerable to Prototype Pollution. Affected Area: //https://github.com/dojo/dojox/blob/master/jq.jsL442 var tobj = ; forvar x in props // the "tobj" condition avoid copying properties in "props" // inherited from Object.prototype. For example, if obj...

8.6CVSS1.8AI score0.01976EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2020/01/24 9:26 p.m.•62 views

Cross-site scripting in SimpleSAMLphp

Background SimpleSAMLphp allows users to report errors and failures to the system administrators via a web form. This web form gathers some contextual information automatically, but it also allows the user to provide their email address for follow-ups and a free-text explanation of what happened...

5.4CVSS4.9AI score0.00544EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2019/03/13 5:26 p.m.•62 views

Path Traversal in Action View

File Content Disclosure in Action View Impact ------ There is a possible file content disclosure vulnerability in Action View. Specially crafted accept headers in combination with calls to render file: can cause arbitrary files on the target server to be rendered, disclosing the file contents. Th...

7.5CVSS7.2AI score0.98507EPSS
Exploits18References19Affected Software1
Github Security Blog
Github Security Blog
•added 2018/10/16 7:58 p.m.•62 views

Denial of service in ASP.NET Core

A denial of service vulnerability exists when OData Library improperly handles web requests, aka "OData Denial of Service Vulnerability." This affects Microsoft.Data.OData...

7.5CVSS2.6AI score0.25745EPSS
Exploits5References6Affected Software3
Github Security Blog
Github Security Blog
•added 2018/06/08 12:43 p.m.•62 views

Growl before 1.10.0 vulnerable to Command Injection

Affected versions of growl do not properly sanitize input prior to passing it into a shell command, allowing for arbitrary command execution. Recommendation Update to version 1.10.0 or later...

9.8CVSS6.1AI score0.04412EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2026/05/19 12:31 p.m.•61 views

Keycloak: Session fixation in OIDC login flow that can lead to account takeover

A session fixation vulnerability was found in Keycloak's login-actions endpoints. An unauthenticated attacker could exploit this flaw by pre-creating an authentication session and tricking a victim into visiting a maliciously crafted link. By leveraging the /login-actions/restart endpoint—which...

7.5CVSS5.8AI score0.00418EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/08 7:23 p.m.•61 views

Cryptography vulnerable to buffer overflow if non-contiguous buffers were passed to APIs

If a non-contiguous buffer was passed to APIs which accepted Python buffers e.g. Hash.update, this could lead to buffer overflows. For example: python h = HashSHA256 b.updatebuf::-1 would read past the end of the buffer on Python 3.11...

9.8CVSS6.1AI score0.00652EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2025/07/11 5:9 p.m.•61 views

Better Call routing bug can lead to Cache Deception

Summary Using a CDN that caches //.png, //.json, //.css, etc... requests, a cache deception can emerge. This could lead to unauthorized access to user sessions and personal data when cached responses are served to other users. Details The vulnerability occurs in the request processing logic where...

7.1AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2025/04/07 3:31 p.m.•61 views

Duplicate Advisory: Langflow Vulnerable to Code Injection via the `/api/v1/validate/code` endpoint

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rvqx-wpfh-mfx7. This link is maintained to preserve external references. Original Description Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote an...

9.8CVSS8.3AI score0.9999EPSS
Exploits33References5Affected Software1
Github Security Blog
Github Security Blog
•added 2025/03/26 8:8 p.m.•61 views

Directus's webhook trigger flows can leak sensitive data

Describe the Bug In Directus, when a Flow with the "Webhook" trigger and the "Data of Last Operation" response body encounters a ValidationError thrown by a failed condition operation, the API response includes sensitive data. This includes environmental variables, sensitive API keys, user...

8.6CVSS6.7AI score0.00505EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2024/12/05 10:40 p.m.•61 views

path-to-regexp contains a ReDoS

Impact The regular expression that is vulnerable to backtracking can be generated in versions before 0.1.12 of path-to-regexp, originally reported in CVE-2024-45296 Patches Upgrade to 0.1.12. Workarounds Avoid using two parameters within a single path segment, when the separator is not . e.g. no...

8.7CVSS6.5AI score0.00792EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2024/11/29 9:31 p.m.•61 views

Withdrawn Advisory: Symfony's VarDumper vulnerable to unsafe deserialization

Withdrawn Advisory This advisory has been withdrawn because the report is not part of a valid vulnerability. This link is maintained to preserve external references. For more information, see advisory-database/pull/5048. Original Description A deserialization vulnerability exists in the Stub clas...

9.4AI score
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2024/06/12 9:31 p.m.•61 views

HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims

Vault and Vault Enterprise did not properly validate the JSON Web Token JWT role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have be...

7.5CVSS7.1AI score0.00343EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2024/05/13 4:5 p.m.•61 views

Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459

Summary Nokogiri v1.16.5 upgrades its dependency libxml2 to 2.12.7 from 2.12.6. libxml2 v2.12.7 addresses CVE-2024-34459: - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 - patched by https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac53 Impact There is no impact to Nokogiri...

7.5CVSS6.9AI score0.02298EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2024/02/12 5:28 p.m.•61 views

python-multipart vulnerable to Content-Type Header ReDoS

Summary When using form data, python-multipart uses a Regular Expression to parse the HTTP Content-Type header, including options. An attacker could send a custom-made Content-Type option that is very difficult for the RegEx to process, consuming CPU resources and stalling indefinitely minutes or...

7.5CVSS7.3AI score0.01523EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
•added 2024/02/02 6:30 p.m.•61 views

Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm.

Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm...

7.5CVSS7AI score0.00525EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2024/01/29 10:31 p.m.•61 views

aiohttp is vulnerable to directory traversal

Summary Improperly configuring static resource resolution in aiohttp when used as a web server can result in the unauthorized reading of arbitrary files on the system. Details When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static...

7.5CVSS7.3AI score0.76875EPSS
Exploits15References11Affected Software1
Github Security Blog
Github Security Blog
•added 2023/12/15 11:43 p.m.•61 views

nvdApiKey is logged in debug mode

Summary The value of nvdApiKey configuration parameter is logged in clear text in debug mode. Details The NVD API key is a kind of secret and should be treated like other secrets when logging in debug mode. Expecting the same behavior as for several password configurations: just print Note that...

7.1AI score
Exploits0References2Affected Software3
Github Security Blog
Github Security Blog
•added 2023/10/19 4:42 p.m.•61 views

TinyMCE XSS vulnerability in notificationManager.open API

Impact A cross-site scripting XSS vulnerability was discovered in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE's unfiltered notification system, which is used in error handling. The conditions for this exploit requires carefully crafted malicious content to have been...

6.1CVSS6.7AI score0.00601EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
•added 2023/07/28 3:30 p.m.•61 views

Code injection in wix-embedded-mysql

wix-embedded-mysql v4.6.2 and below was discovered to contain a code injection vulnerability in the component com.wix.mysql.distribution.Setup.apply. This vulnerability is exploited via passing an unchecked argument...

9.8CVSS7.7AI score0.0087EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2023/07/06 3:30 p.m.•61 views

langchain SQL Injection vulnerability

SQL injection vulnerability in langchain allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component...

7.5CVSS7.6AI score0.01237EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
•added 2023/05/26 6:30 p.m.•61 views

Spring Boot Welcome Page Denial of Service

In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service DoS attack if Spring MVC is used together with a reverse proxy cache. Specifically, an application is vulnerable if all of the condition...

7.5CVSS6.7AI score0.00904EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
•added 2023/04/21 10:33 p.m.•61 views

Session fixation in fastify-passport

Applications using @fastify/passport for user authentication, in combination with @fastify/session as the underlying session management mechanism, are vulnerable to session fixation attacks from network and same-site attackers. Details fastify applications rely on the @fastify/passport library fo...

8.1CVSS5.9AI score0.00751EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2023/04/07 3:30 p.m.•61 views

Apache Airflow Spark Provider vulnerable to improper input validation

Apache Software Foundation Apache Airflow Spark Provider before 4.0.1 is vulnerable to improper input validation because the host and schema of JDBC Hook can contain / and ? which is used to denote the end of the field...

7.5CVSS7.3AI score0.02152EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2023/03/16 5:22 p.m.•61 views

DDOS attack on graphql endpoints

An attacker could use a specially crafted graphql query to execute a Distributed Denial of Service attack DDOS attack against a website. This mostly affects websites with publicly exposed and particularly large/complex graphql schemas. If your Silverstripe CMS project does not expose a public...

7.5CVSS7.4AI score0.01055EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2023/03/13 8:0 p.m.•61 views

sqlite vulnerable to code execution due to Object coercion

Impact Due to the underlying implementation of .ToString, it's possible to execute arbitrary JavaScript, or to achieve a denial-of-service, if a binding parameter is a crafted Object. Users of sqlite3 v5.0.0 - v5.1.4 are affected by this. Patches Fixed in v5.1.5. All users are recommended to...

9.8CVSS9.2AI score0.02356EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2023/02/23 9:30 p.m.•61 views

Cross-site Scripting in Quarkus

If the Quarkus Form Authentication session cookie Path attribute is set to / then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature...

6.1CVSS6.5AI score0.0055EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2022/12/12 3:30 p.m.•61 views

Protobuf Java vulnerable to Uncontrolled Resource Consumption

A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes...

7.5CVSS7.4AI score0.00567EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
•added 2022/08/06 5:39 a.m.•61 views

Solana Pay Vulnerable to Weakness in Transfer Validation Logic

Description When a Solana Pay transaction is located using a reference key, it may be checked to represent a transfer of the desired amount to the recipient, using the supplied validateTransfer function. An edge case regarding this mechanism could cause the validation logic to validate multiple...

5.3CVSS5.4AI score0.00669EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2022/08/06 12:0 a.m.•61 views

Undertow vulnerable to Dos via Large AJP request

When a POST request comes through AJP and the request exceeds the max-post-size limit maxEntitySize, Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker...

7.5CVSS3.5AI score0.00874EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2022/06/21 8:7 p.m.•61 views

Change in port should be considered a change in origin

Impact Authorization and Cookie headers on requests are sensitive information. On making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the Authorization and Cookie headers from the request, before containing. Previously, we...

7.7CVSS7.3AI score0.0138EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/24 10:16 p.m.•61 views

Code injection in `saved_model_cli` in TensorFlow

Impact TensorFlow's savedmodelcli tool is vulnerable to a code injection: savedmodelcli run --inputexprs 'x=print"malicious code to run"' --dir ./ --tagset serve --signaturedef servingdefault This can be used to open a reverse shell savedmodelcli run --inputexprs 'hello=exec"""\nimport...

7.8CVSS7.7AI score0.00536EPSS
Exploits1References10Affected Software3
Github Security Blog
Github Security Blog
•added 2022/05/24 10:0 p.m.•61 views

Deserialization of Untrusted Data in Apache Tapestry

By manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded. If the attacker found the file with the value of the tapestry.hmac-passphrase configuration symbol, most probably the webapp's AppModule class, the value of this...

9.8CVSS3AI score0.14866EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/14 1:57 a.m.•61 views

Withdrawn Advisory: AlchemyCMS is vulnerable to stored XSS via the /admin/pictures image field

Withdrawn Advisory This advisory has been withdrawn because it does not describe a vulnerability. The maintainer states the following: The researcher used an authorized cookie to perform the request to a password-protected route. Without that session cookie, the request would have been rejected a...

6.1CVSS5.9AI score0.01691EPSS
Exploits2References8Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/13 1:26 a.m.•61 views

Code execution in Apache Struts 1 plugin

The Struts 1 plugin used with Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage...

9.8CVSS3.9AI score0.98931EPSS
Exploits19References11Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/04 12:0 a.m.•61 views

`OCSP_basic_verify` may incorrectly verify the response signing certificate

The function OCSPbasicverify verifies the signer certificate on an OCSP response. In the case where the non-default flag OCSPNOCHECKS is used then the response will be positive meaning a successful verification even in the case where the response signing certificate fails to verify. It is...

5.3CVSS1.4AI score0.01174EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/02 7:33 p.m.•61 views

Exposure of repository credentials to external third-party sources in Rancher

Impact This issue only happens when the user configures access credentials to a private repository in Rancher inside Apps & Marketplace Repositories. It affects Rancher versions 2.5.0 up to and including 2.5.11 and from 2.6.0 up to and including 2.6.2. An insufficient check of the same-origin...

7.5CVSS7.3AI score0.00706EPSS
Exploits0References4Affected Software1
Total number of security vulnerabilities5000