Lucene search
K
GithubMost viewed

33254 matches found

Github Security Blog
Github Security Blog
added 2021/11/15 11:16 p.m.60 views

Authentication bypass issue in the Operator Console

During an internal security audit, we detected an authentication bypass issue in the Operator Console when an external IDP is enabled. The security issue has been reported internally. We have not observed this exploit in the wild or reported elsewhere in the community at large. All users are...

9.8CVSS1.9AI score0.46706EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/30 5:11 p.m.60 views

SQL Injection in topthink/thinkphp

ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "where" and "query" methods...

9.8CVSS9.7AI score0.01749EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/29 5:11 p.m.60 views

Cross site scripting in datatables.net

This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped...

6.1CVSS0.8AI score0.01837EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/20 11:18 p.m.60 views

Deserialization of Untrusted Data in com.jsoniter:jsoniter

Withdrawn was withdrawn by its CNA. Further investigation showed that it was not a security issue. Original Description All versions of package com.jsoniter:jsoniter are vulnerable to Deserialization of Untrusted Data via malicious JSON strings. This may lead to a Denial of Service, and in certai...

5.1AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/07 11:8 p.m.60 views

Older releases of better_errors open to Cross-Site Request Forgery attack

Impact bettererrors prior to 2.8.0 did not implement CSRF protection for its internal requests. It also did not enforce the correct "Content-Type" header for these requests, which allowed a cross-origin "simple request" to be made without CORS protection. These together left an application with...

8.8CVSS8.4AI score0.00636EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/07 11:8 p.m.60 views

Uncontrolled Resource Consumption in pillow

The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service ReDoS via the getrgb function...

7.5CVSS7.5AI score0.03154EPSS
Exploits1References12Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/30 4:22 p.m.60 views

Dolibarr Cross-site Scripting vulnerability

In Dolibarr ERP CRM, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the Private Note field at /adherents/note.php?id=1 endpoint. These scripts are executed in a victim’s browser when th...

9CVSS3.3AI score0.00893EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/30 4:13 p.m.60 views

Account Takeover in Octobercms

Impact An attacker can request an account password reset and then gain access to the account using a specially crafted request. - To exploit this vulnerability, an attacker must know the username of an administrator and have access to the password reset form. Patches - Issue has been patched in...

9.1CVSS9.1AI score0.90418EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/30 4:12 p.m.60 views

TimelockController vulnerability in OpenZeppelin Contracts

Impact A vulnerability in TimelockController allowed an actor with the executor role to take immediate control of the timelock, by resetting the delay to 0 and escalating privileges, thus gaining unrestricted access to assets held in the contract. Instances with the executor role set to "open"...

10CVSS8.9AI score0.0159EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/28 6:57 p.m.60 views

Out-of-bounds write in ChakraCore

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829,...

7.6CVSS2.8AI score0.13303EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/28 4:52 p.m.60 views

Reflected cross-site scripting in development mode handler in Vaadin

URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 Vaadin 14.0.0 through 14.6.1, 3.0.0 through 6.0.9 Vaadin 15.0.0 through 19.0.8 allows local user to execute arbitrary JavaScript code by opening crafted URL in browser. -...

2.5CVSS2.6AI score0.00286EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/28 4:46 p.m.60 views

Reflected XSS from the callback handler's error query parameter

Overview Versions before and including 1.4.1 are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the error query parameter which is then processed by the callback handler as an error message. Am I affected? You are affected by this vulnerability ...

8CVSS1.9AI score0.01403EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/23 6:14 p.m.60 views

Helm passes repository credentials to alternate domain

While working on the Helm source, a Helm core maintainer discovered a situation where the username and password credentials associated with a Helm repository could be passed on to another domain referenced by that Helm repository. Impact The index.yaml within a Helm chart repository contains a...

8.6CVSS7AI score0.01395EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/21 5:14 p.m.60 views

Prototype Pollution

Prototype pollution vulnerability in ‘expand-hash’ versions 0.1.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution...

9.8CVSS6.8AI score0.03299EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/21 5:7 p.m.60 views

Auto-merging Person Records Compromised

Impact New user registrations are able to access anyone's account by only knowing their basic profile information name, birthday, gender, etc. This includes all app functionality within the app, as well as any authenticated links to Rock-based webpages such as giving and events. Patches We have...

9.8CVSS1.3AI score0.01458EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/08 7:23 p.m.60 views

Temporary urls leaked via logging

In OpenStack Swift prior to 2.15.2, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected...

4.3CVSS2.7AI score0.00789EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/18 6:22 p.m.60 views

Improper Authentication in InfluxDB

InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret aka shared secret...

9.8CVSS9.1AI score0.30921EPSS
Exploits3References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/17 9:0 p.m.60 views

OS Command Injection in wifiscanner

wifiscanner.js in thingsSDK WiFi Scanner 1.0.1 allows Code Injection because it can be used with options to overwrite the default executable/binary path and its arguments. An attacker can abuse this functionality to execute arbitrary code...

9.8CVSS4.1AI score0.02512EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/13 10:31 p.m.60 views

Authorization service vulnerable to DDos attacks in Apache CFX

CXF supports via JwtRequestCodeFilter passing OAuth 2 parameters via a JWT token as opposed to query parameters see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request JAR. Instead of sending a JWT token as a "request" parameter, the spec also supports specifying a URI from...

7.5CVSS3AI score0.06593EPSS
Exploits0References13Affected Software2
Github Security Blog
Github Security Blog
added 2021/05/11 4:43 p.m.60 views

Cross-site scripting in jspdf

It's possible to use nested script tags in order to bypass the filtering regex...

6.3CVSS6.2AI score0.01573EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/07 4:14 p.m.60 views

OS Command Injection in docker-compose-remote-api

docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within index.js of the package, the function execserviceName, cmd, fnStdout, fnStderr, fnExit uses the variable serviceName which can be controlled by users without any sanitization...

9.8CVSS9.1AI score0.02644EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/06 6:53 p.m.60 views

OS Command injection in Bolt

Bolt before 3.7.2 does not restrict filter options in a Request in the Twig context, and is therefore inconsistent with the "How to Harden Your PHP for Better Security" guidance...

5.3CVSS5.5AI score0.01085EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/06 6:12 p.m.60 views

Prototype Pollution in deep-get-set

All versions of package deep-get-set prior to version 1.1.1 are vulnerable to Prototype Pollution via the main function...

9.8CVSS8.9AI score0.01965EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/20 4:43 p.m.60 views

Path Traversal in Ansible

A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the winunzip module as the extracted files are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive...

7.8CVSS6.8AI score0.00362EPSS
Exploits0References13Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/20 4:40 p.m.60 views

Incorrect Session Validation in Apache Airflow

Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have...

7.7CVSS7.4AI score0.23336EPSS
Exploits0References13Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/19 3:0 p.m.60 views

Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-cjs-runtime

Impact AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed JWEDecryptionFailed would be thrown. But a possibly observable difference in timing when padding error would occur while...

5.9CVSS2AI score0.01238EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/29 8:43 p.m.60 views

Cross-site Scripting (XSS) in moodle

In Moodle, it was possible to include JavaScript when re-naming content bank items. Versions affected: 3.9 to 3.9.2. This is fixed in moodle 3.9.3 and 3.10...

6.1CVSS6.2AI score0.01276EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/29 4:30 p.m.60 views

Remote code execution in Kramdown

Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated...

9.8CVSS6.7AI score0.02805EPSS
Exploits1References12Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/23 1:53 a.m.60 views

Cross-Site Scripting in Content Preview

Problem It has been discovered that database fields used as descriptionColumn are vulnerable to cross-site scripting when their content gets previewed in the page module. A valid backend user account is needed to exploit this vulnerability. Solution Update to TYPO3 versions 10.4.14, 11.1.1 that f...

5.4CVSS5.2AI score0.00872EPSS
Exploits0References7Affected Software3
Github Security Blog
Github Security Blog
added 2021/03/22 11:28 p.m.60 views

XStream is vulnerable to an Arbitrary Code Execution attack

Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...

9.8CVSS1.4AI score0.76367EPSS
Exploits1References17Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/19 9:22 p.m.60 views

printf vulnerable to Regular Expression Denial of Service (ReDoS)

The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service ReDoS via the regex string regex /%?:\w.+|1-9\d$?0 +-\|\d+?.?|\d+?hlL?%bscdeEfFgGioOuxX/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity...

7.5CVSS7.3AI score0.02176EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/18 7:23 p.m.60 views

Exposure of Sensitive Information to an Unauthorized Actor

A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. Get requests do not properly apply security permissions when executing a query against a recently updated document. This affects documents that have been...

4.3CVSS1.9AI score0.01112EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/12 9:34 p.m.60 views

Cross-site scripting (XSS)

Cross-site scripting XSS in modules/content/admin/content.php in ImpressCMS profile 1.4.2 allows remote attackers to inject arbitrary web script or HTML parameters through the "Display Name" field...

5.4CVSS3.6AI score0.00867EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/08 4:6 p.m.60 views

Elliptic Uses a Broken or Risky Cryptographic Algorithm

The npm package elliptic before version 6.5.4 are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm that the public key point passed into the derive function actually exists on the secp256k1 curve. This results in the potential...

6.8CVSS6.8AI score0.01245EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/02/02 3:46 p.m.60 views

Reflected Cross-site Scripting in ACS Commons

Impact ACS Commons version 4.9.2 and earlier suffers from a Reflected Cross-site Scripting XSS vulnerability in version-compare and page-compare due to invalid JCR characters that are not handled correctly. An attacker could potentially exploit this vulnerability to inject malicious JavaScript...

8.8CVSS1.2AI score0.03977EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/01/13 6:22 p.m.60 views

Command injection in ts-process-promises

This affects all versions of package ts-process-promises. The injection point is located in line 45 in main entry of package in lib/process-promises.js...

9.8CVSS9.2AI score0.01355EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/01/06 8:1 p.m.60 views

Path Traversal in Apache Flink

A change introduced in Apache Flink 1.11.0 and released in 1.11.1 and 1.11.2 as well allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users shou...

9.1CVSS7.2AI score0.97856EPSS
Exploits14References33Affected Software2
Github Security Blog
Github Security Blog
added 2020/12/18 6:28 p.m.60 views

MPXJ path Traversal vulnerability

common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations...

5.3CVSS6.5AI score0.01758EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/12/04 4:47 p.m.60 views

ReDOS vulnerabities: multiple grammars

Impact: Potential ReDOS vulnerabilities exponential and polynomial RegEx backtracking oswasp: The Regular expression Denial of Service ReDoS is a Denial of Service attack, that exploits the fact that most Regular Expression implementations may reach extreme situations that cause them to work very...

0.9AI score
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2020/07/27 4:57 p.m.60 views

Command injection via Celery broker in Apache Airflow

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker Redis, RabbitMQ directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands...

9.8CVSS7.3AI score0.3398EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/07/07 4:34 p.m.60 views

Remote code execution via user-provided local names in ActionView

The is a code injection vulnerability in versions of Rails prior to 5.0.1 that would allow an attacker who controlled the locals argument of a render call to perform a RCE...

8.8CVSS8.6AI score0.83085EPSS
Exploits10References8Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/10 8:2 p.m.60 views

Denial of Service in Cryptacular

CiphertextHeader.java in Cryptacular before 1.2.4, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data...

7.5CVSS4.8AI score0.03334EPSS
Exploits1References24Affected Software1
Github Security Blog
Github Security Blog
added 2020/04/22 8:59 p.m.60 views

Information disclosure of source code in SimpleSAMLphp

Background The module controller in SimpleSAML\Module that processes requests for pages hosted by modules, has code to identify paths ending with .php and process those as PHP code. If no other suitable way of handling the given path exists it presents the file to the browser. Description The che...

3.5CVSS2.1AI score0.00922EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/04/22 8:59 p.m.60 views

Negative charge in shopping cart in Shopizer

Impact Using API or Controller based versions negative quantity is not adequately validated hence creating incorrect shopping cart and order total. Patches Adding a back-end verification to check that quantity parameter isn't negative. If so, it is set to 1. Patched in 2.11.0 Workarounds Without...

6.5CVSS2.9AI score0.00852EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2019/12/17 10:52 p.m.60 views

Python Twisted trustRoot is not respected in HTTP client

Python Twisted 14.0.0 trustRoot is not respected in HTTP client...

7.5CVSS7.3AI score0.0259EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2019/11/20 1:39 a.m.60 views

XXE in PHPSpreadsheet due to incomplete fix for previous encoding issue

PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. The XmlScanner decodes the sheet1.xml from an .xlsx to utf-8 if something else than UTF-8 is declared in the header. This was a security measurement to prevent CVE-2018-19277 but the fix is not sufficient. By double-encoding the the xml...

8.8CVSS1.5AI score0.0135EPSS
Exploits1References8Affected Software2
Github Security Blog
Github Security Blog
added 2019/11/20 1:33 a.m.60 views

Potential to access user credentials from the log files when debug logging enabled

A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files...

9.8CVSS2.6AI score0.019EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2019/11/12 10:58 p.m.60 views

XSS in search engine

In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the search engine...

6.1CVSS1.8AI score0.02904EPSS
Exploits5References5Affected Software1
Github Security Blog
Github Security Blog
added 2019/08/06 1:43 a.m.60 views

Allocation of Resources Without Limits or Throttling in Apache Tika

A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file a quine, causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Apache Tika users should upgrade to 1.22 or later...

7.8CVSS4.2AI score0.02457EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/16 7:58 p.m.60 views

Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core

Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability."...

7.5CVSS3.4AI score0.0551EPSS
Exploits0References4Affected Software19
Total number of security vulnerabilities5000