Lucene search
K
GithubMost viewed

33254 matches found

Github Security Blog
Github Security Blog
added 2018/10/17 12:5 a.m.61 views

Improper Verification of Cryptographic Signature in org.apache.httpcomponents:httpclient

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

5.8CVSS6.9AI score0.09149EPSS
Exploits1References43Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.61 views

Active Record allows bypassing of database-query restrictions

Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NU...

6.4CVSS7.4AI score0.08245EPSS
Exploits1References13Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/05 3:47 p.m.60 views

wasmtime-wasi: WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction

Summary In wasmtime-wasi, when a filesystem preopen is given DirPerms::all and FilePerms::READ without FilePerms::WRITE, this wasmtime-wasi enforced access control mechanism can be bypassed by using the wasip2 descriptor.open-at or wasip1 pathopen interfaces by opening a file with...

7.5CVSS5.5AI score0.00357EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 7:41 p.m.60 views

@isaacs/brace-expansion has Uncontrolled Resource Consumption

Summary @isaacs/brace-expansion is vulnerable to a Denial of Service DoS issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the...

9.2CVSS5.5AI score0.00481EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/04/10 12:25 p.m.60 views

ezsystems/ezplatform-richtext allows access to external entities in XML

Impact This security advisory resolves a vulnerability in the RichText field type. By entering a maliciously crafted input into the RichText XML, an attacker could perform an attack using XML external entity XXE injection, which might be able to read files on the server. To exploit this...

6.6AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/12/11 6:30 p.m.60 views

Apache Struts file upload logic is flawed

File upload logic is flawed vulnerability in Apache Struts. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. This issue affects Apache Struts: from...

9.8CVSS6.4AI score0.78198EPSS
Exploits15References9Affected Software1
Github Security Blog
Github Security Blog
added 2024/09/26 5:54 p.m.60 views

Layui has DOM Clobbering gadgets that leads to Cross-site Scripting

Summary A DOM Clobbering vulnerability has been discovered in layui that can lead to Cross-site Scripting XSS on web pages where attacker-controlled HTML elements e.g., img tags with unsanitized name attributes are present. It's worth noting that we’ve identifed similar issues in other popular...

6.4CVSS5.3AI score0.0032EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/09/22 3:30 a.m.60 views

HTTP Request Smuggling in ruby webrick

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webric...

6.8AI score0.00393EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2024/09/18 2:39 p.m.60 views

Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182)

An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on depending on the permissions of the underlying filesystem. E.g. This can lead to a delayed...

9.9CVSS8.3AI score0.35461EPSS
Exploits2References9Affected Software1
Github Security Blog
Github Security Blog
added 2024/07/01 3:32 p.m.60 views

robinweser fast-loops vulnerable to prototype pollution

robinweser fast-loops v1.1.3 was discovered to contain a prototype pollution via the function objectMergeDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

10CVSS8.1AI score0.00918EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/06 9:30 p.m.60 views

Denial of service in langchain-community

Denial of service in SitemapLoader Document Loader in the langchain-community package, affecting versions below 0.2.5. The parsesitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap...

4.7CVSS4.3AI score0.00301EPSS
Exploits1References7Affected Software2
Github Security Blog
Github Security Blog
added 2024/04/18 1:45 p.m.60 views

aiohttp Cross-site Scripting vulnerability on index pages for static file handling

Summary A XSS vulnerability exists on index pages for static file handling. Details When using web.static..., showindex=True, the resulting index pages do not escape file names. If users can upload files with arbitrary filenames to the static directory, the server is vulnerable to XSS attacks...

6.1CVSS6.3AI score0.00666EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/04 2:20 p.m.60 views

Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline

Impact Undici cleared Authorization and Proxy-Authorization headers for fetch, but did not clear them for undici.request. Patches This has been patched in https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75. Fixes has been released in v5.28.4 and v6.11.1. Workarounds...

4.3CVSS4.7AI score0.00734EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2024/02/27 6:31 p.m.60 views

Apache James MIME4J improper input validation vulnerability

Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages...

5.3CVSS6.3AI score0.01082EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2024/02/15 3:34 p.m.60 views

Helm dependency management path traversal

A Helm contributor discovered a path traversal vulnerability when Helm saves a chart including at download time. Impact When either the Helm client or SDK is used to save a chart whose name within the Chart.yaml file includes a relative path change, the chart would be saved outside its expected...

6.4CVSS7AI score0.00567EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/12/05 6:13 p.m.60 views

Traefik docker container using 100% CPU

Summary The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration. Details While attempting to set up Traefik to handle traffic for Docker containers, I observed in the...

7.5CVSS7AI score0.01269EPSS
Exploits1References5Affected Software2
Github Security Blog
Github Security Blog
added 2023/10/25 9:14 p.m.60 views

crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard

Impact Summary Crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standardOWASP PBKDF2 Cheatsheet. This is because it both 1 defaults to SHA1SHA1 wiki, a cryptographic hash algorithm considered insecure since at leas...

9.1CVSS6.6AI score0.00446EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/25 6:32 p.m.60 views

SaToken authentication bypass vulnerability

An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass...

8.8CVSS7AI score0.00797EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/16 1:55 p.m.60 views

Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code

Impact Using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the path.evaluateor path.evaluateTruthy internal Babel methods. Known affected plugins are: - @babel/plugin-transform-runtime -...

9.3CVSS7.1AI score0.0052EPSS
Exploits0References10Affected Software2
Github Security Blog
Github Security Blog
added 2023/10/06 4:59 p.m.60 views

Bundled libwebp in pywebp vulnerable

Impact pywebp versions before v0.3.0 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863. The vulnerability was a heap buffer overflow which allowed a remote attacker to perform an out of bounds memory write. Patches The problem has been patched upstream in libwebp 1.3.2. pywe...

8.8CVSS7.3AI score0.99735EPSS
Exploits9References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/08/23 8:36 p.m.60 views

Active Support Possibly Discloses Locally Encrypted Files

There is a possible file disclosure of locally encrypted files in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-38037. Versions Affected: = 5.2.0 Not affected: 5.2.0 Fixed Versions: 7.0.7.1, 6.1.7.5 Impact ActiveSupport::EncryptedFile writes contents that will b...

5.5CVSS4.5AI score0.00258EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/08/15 6:31 p.m.60 views

llama-index vulnerable to arbitrary code execution

An issue in llamaindex v.0.7.13 and before allows a remote attacker to execute arbitrary code via the exec parameter in PandasQueryEngine function...

9.8CVSS7.8AI score0.01233EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/11 10:47 p.m.60 views

Decidim Cross-site Scripting vulnerability in the external link redirections

Impact The external link feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of...

8.1CVSS6.3AI score0.00816EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2023/07/05 7:12 p.m.60 views

Connection confusion in gRPC

When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this...

7.5CVSS6.8AI score0.00502EPSS
Exploits0References10Affected Software3
Github Security Blog
Github Security Blog
added 2023/05/25 12:30 p.m.60 views

Open redirect in Tornado

Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL...

6.1CVSS6.9AI score0.01132EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/19 9:41 p.m.60 views

Strapi leaking sensitive user information by filtering on private fields

Summary Strapi through 4.7.1 allows unauthenticated attackers to discover sensitive user details for Strapi administrators and API users. Details Strapi through 4.7.1 allows unauthenticated attackers to discover sensitive user details for Strapi administrators and API users. The unauthenticated...

9.8CVSS6.5AI score0.01658EPSS
Exploits2References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/05 3:30 a.m.60 views

LangChain vulnerable to code injection

In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method...

9.8CVSS9.7AI score0.39653EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/02/14 12:30 a.m.60 views

Vulnerable OpenSSL included in sgx-dcap-quote-verify-python

sgx-dcap-quote-verify-python includes a statically linked copy of OpenSSL. The version of OpenSSL included in sgx-dcap-quote-verify-python 0.0.1..0.0.2 is vulnerable to a security issue. More details about the OpenSSL vulnerabilities themselves can be found at...

7.4CVSS0.4AI score0.59501EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2023/02/07 9:30 p.m.60 views

Apache Kafka Connect vulnerable to Deserialization of Untrusted Data

A possible security vulnerability has been identified in Apache Kafka Connect API. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka...

8.8CVSS8.6AI score0.95302EPSS
Exploits8References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/01/23 10:5 p.m.60 views

MITM based Zip Slip in `ca.uhn.hapi.fhir:org.hl7.fhir.core`

Impact MITM can enable Zip-Slip. Vulnerability Vulnerability 1: Scanner.java There is no validation that the zip file being unpacked has entries that are not maliciously writing outside of the intended destination directory...

8.1CVSS7.9AI score0.01166EPSS
Exploits1References5Affected Software6
Github Security Blog
Github Security Blog
added 2022/10/19 8:26 p.m.60 views

Team scope authorization bypass when Post/Put request with :team_name in body, allows HTTP parameter pollution

Impact For some Post/Put Concourse endpoint containing :teamname in the URL, a Concourse user can send a request with body including :teamname=team2 to bypass team scope check to gain access to certain resources belong to any other team. The user only needs a valid user session and belongs to...

5.4CVSS5.7AI score0.00446EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2022/10/16 12:0 p.m.60 views

Gitea vulnerable to Argument Injection

Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands are mishandled...

9.8CVSS9AI score0.01051EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/09/30 4:37 a.m.60 views

matrix-android-sdk2 vulnerable to Olm/Megolm protocol confusion

Impact An attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability...

8.6CVSS7.1AI score0.00753EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/15 6:17 p.m.60 views

OpenZeppelin Contracts for Cairo account cannot process transactions on Goerli

Impact This vulnerability affects all accounts vanilla and ethereum flavors in the v0.2.0 release of OpenZeppelin Contracts for Cairo, which are not whitelisted on StarkNet mainnet, so only goerli deployments of v0.2.0 accounts are affected. This faulty behavior is not observed in StarkNet's...

6.5CVSS6.2AI score0.0134EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:34 p.m.60 views

Improper Neutralization of Input During Web Page Generation in CKEditor4

A cross-site scripting XSS vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs...

6.1CVSS6.3AI score0.02018EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/20 12:0 a.m.60 views

Integer overflow in BCrypt class in Spring Security

Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor 31, the encoder does not perform any salt rounds, due to an integer overflow error. The default...

5.3CVSS7.1AI score0.02139EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 3:54 a.m.60 views

Symfony Cryptographic Vulnerability

The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/randomcompat library and the opensslrandompseudobytes function fails, which makes it easier...

7.5CVSS6.9AI score0.01907EPSS
Exploits0References10Affected Software3
Github Security Blog
Github Security Blog
added 2022/05/17 1:24 a.m.60 views

Improper Restriction of XML External Entity Reference in Apache POI

The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

4.3CVSS7.3AI score0.13258EPSS
Exploits0References16Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 3:45 a.m.60 views

MitM on Jenkins Maven Plugin

Jenkins Maven Plugin 2.17 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. Maven Plugin 3.0 no longer has a dependency on commons-httpclient...

5.9CVSS5.6AI score0.00488EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 3:0 a.m.60 views

Dolibarr SQL injection vulnerability in product/card.php

SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statutbuy parameter...

9.8CVSS9AI score0.01918EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 12:57 a.m.60 views

Bundler allows attacker to inject arbitrary code via secondary Gem source

Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334...

9.8CVSS7.2AI score0.07541EPSS
Exploits1References12Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 12:1 a.m.60 views

Improper socket reuse in Apache Tomcat

If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling...

8.6CVSS0.5AI score0.08033EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:1 a.m.60 views

Deserialization of Untrusted Data in Jenkins

A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not...

10CVSS6.1AI score0.98481EPSS
Exploits5References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/04/11 9:21 p.m.60 views

Out-of-bounds Write in zlib affects Nokogiri

Summary Nokogiri v1.13.4 updates the vendored zlib from 1.2.11 to 1.2.12, which addresses CVE-2018-25032. That CVE is scored as CVSS 7.4 "High" on the NVD record as of 2022-04-05. Please note that this advisory only applies to the CRuby implementation of Nokogiri = v1.13.4. Impact CVE-2018-25032 ...

7.5CVSS0.3AI score0.52063EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/04/03 12:1 a.m.60 views

Allocation of Resources Without Limits or Throttling in Spring Framework

In Spring Framework versions 5.3.0 - 5.3.16, 5.2.0.RELEASE - 5.2.19.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition...

6.5CVSS6.7AI score0.35834EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/11 11:26 p.m.60 views

CBC padding oracle issue in AWS S3 Crypto SDK for golang

Summary The golang AWS S3 Crypto SDK is impacted by an issue that can result in loss of confidentiality and message forgery. The attack requires write access to the bucket in question, and that the attacker has access to an endpoint that reveals decryption failures without revealing the plaintext...

5.6CVSS5.8AI score0.00348EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/11 6:57 p.m.60 views

Uncaught Exception in fastify-multipart

Impact This is a bypass of CVE-2020-8136 https://vulners.com/cve/CVE-2020-8136. By providing a name=constructor property it is still possible to crash the application. The original fix only checks for the key proto https://github.com/fastify/fastify-multipart/pull/116. All users are recommended t...

7.5CVSS1.2AI score0.0203EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/09 10:49 p.m.60 views

TOCTOU Race Condition in Yarn

The package integrity validation in yarn 1.19.0 contains a TOCTOU vulnerability where the hash is computed before writing a package to cache. It's not computed again when reading from the cache. This may lead to a cache pollution attack. This issue is fixed in 1.19.0...

5.9CVSS5.7AI score0.01783EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/01 10:1 p.m.60 views

Neo4j Graph Database vulnerable to Path Traversal

Impact Directory Traversal Vulnerabilities found in several functions of apoc plugins in Neo4j Graph database. The attacker can retrieve and download files from outside the configured directory on the affected server. Under some circumstances, the attacker can also create files. Patches The users...

9.1CVSS2.5AI score0.01505EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/11/18 4:13 p.m.60 views

Clarify Content-Type handling

Impact In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents that contain both “manifests” and “layers” fields could be interpreted as either a manifest or an index in the...

5CVSS1AI score0.02085EPSS
Exploits0References13Affected Software1
Total number of security vulnerabilities5000