Lucene search
K
GithubMost viewed

33255 matches found

Github Security Blog
Github Security Blog
added 2019/11/12 10:58 p.m.60 views

XSS in search engine

In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the search engine...

6.1CVSS1.8AI score0.02904EPSS
Exploits5References5Affected Software1
Github Security Blog
Github Security Blog
added 2019/08/06 1:43 a.m.60 views

Allocation of Resources Without Limits or Throttling in Apache Tika

A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file a quine, causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Apache Tika users should upgrade to 1.22 or later...

7.8CVSS4.2AI score0.02457EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/16 7:58 p.m.60 views

Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core

Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability."...

7.5CVSS3.4AI score0.0551EPSS
Exploits0References4Affected Software19
Github Security Blog
Github Security Blog
added 2018/10/16 5:34 p.m.60 views

Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents

Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from...

7.5CVSS3.1AI score0.08885EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 5:34 p.m.59 views

vLLM: Security Check Bypass via assert Statement in Activation Function Loading Allows Arbitrary Code Execution

Summary An assert-based security check in vLLM's activation function loading allows any unauthenticated attacker to achieve arbitrary code execution on the server by publishing a malicious HuggingFace model, when vLLM runs in Python optimized mode python -O or PYTHONOPTIMIZE=1. Details vLLM uses ...

8.1CVSS7.7AI score0.0252EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 3:1 p.m.59 views

protobuf.js: Denial of service through unbounded protobuf recursion

Summary protobufjs could recurse without a depth limit while decoding nested protobuf data. This affected both skipping unknown group fields and generated decoding of nested message fields. A crafted protobuf binary payload could cause the JavaScript call stack to be exhausted during decoding...

7.5CVSS5.7AI score0.0058EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/04 9:28 p.m.59 views

Immutable is vulnerable to Prototype Pollution

Impact What kind of vulnerability is it? Who is impacted? A Prototype Pollution is possible in immutable via the mergeDeep, mergeDeepWith, merge, Map.toJS, and Map.toObject APIs. Affected APIs | API | Notes | | --------------------------------------- |...

9.8CVSS5.8AI score0.00978EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/28 2:50 a.m.59 views

Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()

Impact The serialize-javascript npm package versions tags, the injected code executes. javascript const serialize = require'serialize-javascript'; // Create an object that passes instanceof RegExp with a spoofed .flags const fakeRegex = Object.createRegExp.prototype; Object.definePropertyfakeRege...

8.1CVSS7.3AI score0.03009EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/31 10:5 p.m.59 views

serverless MCP Server vulnerable to Command Injection in list-projects tool

Summary A command injection vulnerability exists in the Serverless Framework's built-in MCP server package @serverless/mcp. This vulnerability only affects users of the experimental MCP server feature serverless mcp, which represents less than 0.1% of Serverless Framework users. The core Serverle...

7.5CVSS9.4AI score0.01944EPSS
Exploits2References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/03/31 5:31 p.m.59 views

Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query

Summary The contents of arbitrary files can be returned to the browser. Impact Only apps explicitly exposing the Vite dev server to the network using --host or server.host config option are affected. Details - base64 encoded content of non-allowed files is exposed using ?inline&import originally...

7.5CVSS6.9AI score0.58765EPSS
Exploits9References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/03/01 12:11 a.m.59 views

Formwork improperly validates input of User role preventing site and panel availability

Summary Improper validation of select fields allows attackers to craft an input that crashes the system, resulting in a 500 status and making the entire site and administration panel unavailable. This clearly impacts the Availability aspect of the CIA triad confidentiality, integrity, and...

5.4AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/06 2:20 p.m.59 views

Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter

The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as opposed to only values as user input, and...

5.4CVSS6.2AI score0.00979EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/17 5:33 p.m.59 views

Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow

Keycloak allows arbitrary URLs as SAML Assertion Consumer Service POST Binding URL ACS, including JavaScript URIs javascript:. Allowing JavaScript URIs in combination with HTML forms leads to JavaScript evaluation in the context of the embedding origin on form submission. Acknowledgements: Specia...

6CVSS7AI score0.00711EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/04 3:30 p.m.59 views

pgAdmin Remote Code Execution (RCE) vulnerability

pgAdmin = 8.4 is affected by a Remote Code Execution RCE vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the...

9.8CVSS9AI score0.64846EPSS
Exploits5References7Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/01 3:30 a.m.59 views

Withdrawn: JJWT improperly generates signing keys

Withdrawn Advisory This advisory has been withdrawn because it has been found to be disputed. Please see the issue here for more information. Original Description JJWT aka Java JWT through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. The...

6.8CVSS6.6AI score0.00776EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2024/02/13 10:25 p.m.60 views

Email Validation Bypass And Preventing Sign Up From Email's Owner

Summary Email validation can easily be bypassed because verifyemailenabled option enable email validation at sign up only. A user changing it's email after signing up and verifying it can change it without verification in /profile. This can be used to prevent legitimate owner of the email address...

5.4CVSS5.9AI score0.01385EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/28 9:30 a.m.59 views

Spring Framework vulnerable to denial of service

In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC or Spring WebFlux...

7.5CVSS7AI score0.0115EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/27 5:25 p.m.59 views

Validator.isValidSafeHTML is being deprecated and will be deleted from org.owasp.esapi:esapi in 1 year

Impact The Validator.isValidSafeHTML method can result in false negatives where it reports some input as safe i.e., returns true, but really isn't, and using that same input as-is can in certain circumstances result in XSS vulnerabilities. Because this method cannot be fixed, it is being deprecat...

6.4AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/03 6:36 a.m.59 views

Pillow Denial of Service vulnerability

An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates o...

7.5CVSS7.1AI score0.01038EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/11 8:35 p.m.59 views

HTTP/2 rapid reset can cause excessive work in net/http

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.5CVSS7.7AI score0.03796EPSS
Exploits0References46Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/04 3:30 p.m.59 views

Ansible may expose private key

A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availabili...

7.8CVSS6.7AI score0.00239EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/27 8:14 p.m.59 views

Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server

Impact In Argo CD versions prior to 2.3 starting at least in v0.1.0, but likely in any version using Helm before 2.3, using a specifically-crafted Helm file could reference external Helm charts handled by the same repo-server to leak values, or files from the referenced Helm Chart. This was...

5CVSS6.2AI score0.005EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2023/07/28 3:34 p.m.59 views

Cross-site scripting (XSS) from MIME type auto-detection of uploaded files

TL;DR This vulnerability affects all Kirby sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to upload an arbitrary file to the content folder. Your Kirby sites are not affected if they don't allow file uploads for untrusted users ...

5.7CVSS6.8AI score0.00552EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/14 9:30 a.m.59 views

Apache Struts vulnerable to memory exhaustion

Denial of service via out of memory OOM owing to no sanity limit on normal form fields in multipart forms. When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checking their sizes. This could lead to an OOM if developer has set...

7.5CVSS5.5AI score0.05467EPSS
Exploits0References8Affected Software3
Github Security Blog
Github Security Blog
added 2023/05/24 5:24 p.m.59 views

Ckan remote code execution and private information access via crafted resource ids

Specific vulnerabilities: Arbitrary file write in resourcecreate and packageupdate actions, using the ResourceUploader object. Also reachable via packagecreate, packagerevise, and packagepatch via calls to packageupdate. Remote code execution via unsafe pickle loading, via Beaker's session store...

9.8CVSS8.3AI score0.01684EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/02/08 9:33 p.m.59 views

TYPO3 is vulnerable to Cross-Site Scripting via frontend rendering

CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:F/RL:O/RC:C 8.2 Problem TYPO3 core component GeneralUtility::getIndpEnv uses the unfiltered server environment variable PATHINFO, which allows attackers to inject malicious content. In combination with the TypoScript setting...

8.8CVSS5.9AI score0.00831EPSS
Exploits1References10Affected Software2
Github Security Blog
Github Security Blog
added 2022/10/18 9:46 p.m.59 views

.NET Remote Code Execution Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0, and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A Remote Code Execution vulnerability exis...

6.8CVSS1.8AI score0.01555EPSS
Exploits0References12Affected Software100
Github Security Blog
Github Security Blog
added 2022/10/18 9:16 p.m.59 views

Kirby CMS vulnerable to user enumeration in the brute force protection

TL;DR This vulnerability affects all Kirby sites with user accounts unless Kirby's API and Panel are disabled in the config. It can only be exploited for targeted attacks because the attack does not scale to brute force. ---- Introduction User enumeration is a type of vulnerability that allows...

6.5CVSS5.4AI score0.00585EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/01 7:50 p.m.59 views

Weak private key generation in SSH.NET

During an X25519 key exchange, the client’s private is generated with System.Random: cs var rnd = new Random; privateKey = new byteMontgomeryCurve25519.PrivateKeySizeInBytes; rnd.NextBytesprivateKey; Source: KeyExchangeECCurve25519.cs Source commit:...

6.5CVSS5.7AI score0.01384EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/27 4:36 p.m.59 views

Possible shell escape sequence injection vulnerability in Rack

There is a possible shell escape sequence injection vulnerability in the Lint and CommonLogger components of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-30123. Versions Affected: All. Not affected: None Fixed Versions: 2.0.9.1, 2.1.4.1, 2.2.3.1 Impact Carefully crafted...

10CVSS9.5AI score0.01801EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 10:17 p.m.59 views

Key confusion through non-blocklisted public key formats

Impact What kind of vulnerability is it? Who is impacted? Disclosed by Aapo Oksman Senior Security Specialist, Nixu Corporation. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requir...

7.5CVSS7.3AI score0.012EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 10:15 p.m.59 views

Segfault if `tf.histogram_fixed_width` is called with NaN values in TensorFlow

Impact The implementation of tf.histogramfixedwidth is vulnerable to a crash when the values array contain NaN elements: python import tensorflow as tf import numpy as np tf.histogramfixedwidthvalues=np.nan, valuerange=1,2 The implementation assumes that all floating point operations are defined...

5.5CVSS5.8AI score0.00313EPSS
Exploits1References11Affected Software3
Github Security Blog
Github Security Blog
added 2022/05/17 2:26 a.m.59 views

Deserialization of Untrusted Data in NancyFX Nancy

Csrf.cs in NancyFX Nancy before 1.4.4 and 2.x before 2.0-dangermouse has Remote Code Execution via Deserialization of JSON data in a CSRF Cookie...

9.8CVSS5AI score0.03095EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 2:50 a.m.59 views

Cross-Site Request Forgery in Apache Struts

Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable values, which allows remote attackers to bypass the CSRF protection mechanism...

6.8CVSS7.8AI score0.03486EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:9 a.m.59 views

Inadequate Encryption Strength in Apache CXF

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...

6.4CVSS5.5AI score0.06322EPSS
Exploits0References29Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:7 a.m.59 views

OpenStack Ironic Exposure of Sensitive Information to an Unauthorized Actor

The ironic-api service in OpenStack Ironic before 4.2.5 Liberty and 5.x before 5.1.2 Mitaka allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the...

7.5CVSS6.7AI score0.02836EPSS
Exploits0References14Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/11 12:2 a.m.59 views

Exposure of Sensitive Information to an Unauthorized Actor in PhpMyAdmin

PhpMyAdmin before 5.1.3 allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pmaparameter, and the cookie section...

7.5CVSS3.8AI score0.01276EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/17 5:19 p.m.59 views

Improper CSP in Image Optimization API for Next.js versions between 10.0.0 and 12.1.0

Next.js is a React framework. Starting with version 10.0.0 and prior to version 12.1.0, Next.js is vulnerable to User Interface UI Misrepresentation of Critical Information. In order to be affected, the next.config.js file must have an images.domains array assigned and the image host assigned in...

7.5CVSS2.5AI score0.01795EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/12/16 9:1 p.m.59 views

Critical vulnerability in log4j may affect generated PEAR projects

Impact UIMA PEAR projects that have been generated with the de.averbis.textanalysis:pear-archetype version 2.0.0 have a maven dependency with scope test to log4j 2.8.2 and might be affected by CVE-2021-44228. Patches - The issue has been resolved in de.averbis.textanalysis:pear-archetype version...

10CVSS1.2AI score0.99999EPSS
Exploits352References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/12/09 7:15 p.m.59 views

Unsafe Deserialization in jackson-databind

FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration...

8.1CVSS8.7AI score0.07268EPSS
Exploits1References14Affected Software1
Github Security Blog
Github Security Blog
added 2021/11/10 6:57 p.m.59 views

Heap buffer overflow in `Transpose`

Impact The shape inference function for Transpose is vulnerable to a heap buffer overflow: python import tensorflow as tf @tf.function def test: y = tf.rawops.Transposex=1,2,3,4,perm=-10 return y test This occurs whenever perm contains negative elements. The shape inference function does not...

7.8CVSS1.6AI score0.00156EPSS
Exploits0References8Affected Software3
Github Security Blog
Github Security Blog
added 2021/09/14 8:25 p.m.59 views

body-parser-xml vulnerable to Prototype Pollution

body-parser-xml is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...

9.8CVSS8.9AI score0.01299EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/30 4:16 p.m.59 views

remote code execution via git repo provider

Impact A remote code execution vulnerability has been identified in BinderHub, where providing BinderHub with maliciously crafted input could execute code in the BinderHub context, with the potential to egress credentials of the BinderHub deployment, including JupyterHub API tokens, kubernetes...

9.8CVSS9.7AI score0.01928EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 2:47 p.m.59 views

XStream is vulnerable to an Arbitrary Code Execution attack

Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...

8.5CVSS8.8AI score0.143EPSS
Exploits0References13Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 2:43 p.m.59 views

Bad alloc in `StringNGrams` caused by integer conversion

Impact The implementation of tf.rawops.StringNGrams is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on this value. python import tensorflow as tf tf.rawops.StringNGrams data='','', datasplits=0,2, separator...

5.5CVSS6.1AI score0.00154EPSS
Exploits0References7Affected Software3
Github Security Blog
Github Security Blog
added 2021/08/02 5:15 p.m.59 views

Beego has a file creation race condition

The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions...

4.7CVSS4.8AI score0.00199EPSS
Exploits0References10Affected Software2
Github Security Blog
Github Security Blog
added 2021/07/26 9:41 p.m.59 views

Incorrect Authorization in TYPO3 extension

The l10nmgr aka Localization Manager extension before 7.4.0, 8.x before 8.7.0, and 9.x before 9.2.0 for TYPO3 allows Information Disclosure translatable fields...

4.3CVSS4.9AI score0.00824EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/28 6:33 p.m.59 views

Regular Expression Denial of Service (ReDoS) in Prism

Some languages before 1.24.0 are vulnerable to Regular Expression Denial of Service ReDoS. Impact When Prism is used to highlight untrusted user-given text, an attacker can craft a string that will take a very very long time to highlight. Do not use the following languages to highlight untrusted...

7.4CVSS1.5AI score0.01433EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/21 5:18 p.m.59 views

Prototype pollution in safe-flat

Prototype pollution vulnerability in 'safe-flat' versions 2.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution...

9.8CVSS6.8AI score0.03337EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/16 5:24 p.m.59 views

Cross-site Scripting in Jenkins Dashboard View Plugin

Jenkins Dashboard View Plugin prior to 2.16 and 2.12.1 does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with View/Configure permission. As part of this fix, the property for image URLs was changed fr...

5.4CVSS4.9AI score0.72678EPSS
Exploits0References5Affected Software1
Total number of security vulnerabilities5000