Lucene search
K
GithubMost viewed

33255 matches found

Github Security Blog
Github Security Blog
added 2021/06/02 9:42 p.m.59 views

Dragonfly contains remote code execution vulnerability

An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verifyurl option is disabled. This may lead to code execution. The problem occurs because the generate and process features...

9.8CVSS9.2AI score0.72249EPSS
Exploits4References9Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/24 6:20 p.m.59 views

HTTP Request Smuggling in goliath

goliath through 1.0.6 allows request smuggling attacks where goliath is used as a backend and a frontend proxy also being vulnerable. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to b...

7.5CVSS7.3AI score0.01221EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/24 4:57 p.m.59 views

Ory fosite contains Improper Handling of Exceptional Conditions

Impact The TokenRevocationHandler ignores errors coming from the storage. This can lead to unexpected 200 status codes indicating successful revocation while the token is still valid. Whether an attacker can use this for her advantage depends on the ability to trigger errors in the store...

8CVSS1.2AI score0.01588EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/18 9:7 p.m.59 views

Cross-site scripting in bluemonday

bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string...

6.1CVSS2AI score0.00929EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/13 10:29 p.m.59 views

Code injection in keycloak

A flaw was found in keycloak. The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

7.5CVSS3.2AI score0.0119EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/07 3:56 p.m.59 views

Path traversal in servey

A path traversal vulnerability in servey versions prior to 3.3.2 allows an attacker to read content of any arbitrary file...

7.5CVSS7.2AI score0.01986EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/22 4:11 p.m.59 views

Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19

Authentication.logout helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 Vaadin 18, and 6.0.0 through 6.0.4 Vaadin 19.0.0 through 19.0.3 uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the...

7.1CVSS3.4AI score0.00322EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/16 7:53 p.m.59 views

SQL Injection via in django-debug-toolbar

Impact With Django Debug Toolbar attackers are able to execute SQL by changing the rawsql input of the SQL explain, analyze or select forms and submitting the form. NOTE: This is a high severity issue for anyone using the toolbar in a production environment. Generally the Django Debug Toolbar tea...

9.8CVSS1.3AI score0.01925EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/12 5:39 p.m.59 views

Prototype Pollution in set-or-get

Prototype pollution vulnerability in ‘set-or-get’ version 1.0.0 through 1.2.10 allows an attacker to cause a denial of service and may lead to remote code execution...

9.8CVSS6.8AI score0.04197EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/29 4:33 p.m.59 views

Pygments vulnerable to Regular Expression Denial of Service (ReDoS)

In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service...

7.5CVSS7.3AI score0.03832EPSS
Exploits1References12Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/18 7:27 p.m.59 views

Insufficiently Protected Credentials in Elasticsearch

Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Users who execute an async search will improperly store the HTTP headers. An Elasticsearch user with the ability to read the .tasks index could obtain sensitive request headers of other users in...

4.8CVSS1.8AI score0.01241EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/01/19 9:16 p.m.59 views

XSS vulnerability in theme config file in Mautic

Impact Mautic before v2.13.0 has stored XSS via a theme config file. Patches Update to 2.13.0 or later. Workarounds None. For more information If you have any questions or comments about this advisory: Email us at [email protected]...

6.1CVSS2.5AI score0.0084EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/12/15 4:52 p.m.59 views

Denial of Service in ecstatic

ecstatic have a denial of service vulnerability. Successful exploitation could lead to crash of an application...

7.5CVSS3.1AI score0.01274EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2020/11/13 3:47 p.m.59 views

Remote code execution in dependabot-core branch names when cloning

Impact Remote code execution vulnerability in dependabot-common and dependabot-gomodules when a source branch name contains malicious injectable bash code. For example, if Dependabot is configured to use the following source branch name: "/$curl,127.0.0.1", Dependabot will make a HTTP request to...

8.8CVSS8.9AI score0.02935EPSS
Exploits1References9Affected Software2
Github Security Blog
Github Security Blog
added 2020/09/25 6:28 p.m.59 views

Denial of service in tensorflow-lite

Impact In TensorFlow Lite models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum. Since code uses the last element of the tensor holding them to determine the dimensionality of output tensor, attackers can use a very...

4.3CVSS1.8AI score0.00632EPSS
Exploits1References11Affected Software3
Github Security Blog
Github Security Blog
added 2020/08/20 2:38 p.m.59 views

openapi-python-client Arbitrary Code Generation vulnerability

Impact Clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution. Giving this a CVSS of 8.0 high with CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C . Patches Fix will be...

9CVSS8.7AI score0.0158EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2020/07/07 7:24 p.m.59 views

Path Traversal in socket.io-file

All versions of socket.io-file are vulnerable to Path Traversal. The package fails to sanitize user input and uses it to generate the file upload paths. The socket.io-file::createFile message contains a name option that is passed directly to path.join. It is possible to upload files to arbitrary...

7.5CVSS3.2AI score0.01581EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/15 6:51 p.m.59 views

Apache Tomcat Denial of Service vulnerability

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servle...

7.5CVSS7.5AI score0.72855EPSS
Exploits0References59Affected Software2
Github Security Blog
Github Security Blog
added 2020/06/03 10:2 p.m.59 views

Arbitrary File Read in Snyk Broker

All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk's internal network via patch history from GitHub Commits API...

4.3CVSS4.1AI score0.01115EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/05/26 3:9 p.m.59 views

Circumvention of file size limits in ActiveStorage

There is a vulnerability in ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user. Versions Affected: rails = 5.2.4.3, rails = 6.0.3.1 Impact ------ Utilizing this vulnerability, an attacker can control the Content-Length of an S3 direct...

7.5CVSS7.4AI score0.03065EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2020/05/13 4:29 p.m.59 views

curlrequest allows execution of arbitrary commands

curlrequest through 1.0.1 allows execution of arbitrary commands. It is possible to inject arbitrary commands by using a semicolon char in any of the options values...

9.8CVSS4.6AI score0.01884EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/04/15 9:9 p.m.59 views

XSS in Keycloak

It was found in all keycloak versions before 9.0.0 that links to external applications Application Links in the admin console are not validated properly and could allow Stored XSS attacks. An authed malicious user could create URLs to trick users in other realms, and possibly conduct further...

6.1CVSS3.9AI score0.00758EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2020/03/30 8:9 p.m.59 views

Firewall configured with unanimous strategy was not actually unanimous in Symfony

Description ----------- On Symfony before 4.4.0, when a Firewall checks an access control rule using the unanimous strategy, it iterates over all rule attributes and grant access only if all calls to the accessDecisionManager decide to grant access. As of Symfony 4.4.0, a bug was introduced that...

8.1CVSS2.4AI score0.01148EPSS
Exploits0References9Affected Software3
Github Security Blog
Github Security Blog
added 2020/03/25 4:52 p.m.59 views

Missing Token Replay Detection in Saml2 Authentication services for ASP.NET

Impact Token Replay Detection is an important defence in depth measure for Single Sign On solutions. In all previous 2.X versions, the Token Replay Detection is not properly implemented. Note that version 1.0.1 is not affected. It has a correct Token Replay Implementation and is safe to use...

8.2CVSS1.9AI score0.01204EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/03/10 8:39 p.m.59 views

Insufficient Verification of Data Authenticity in python-keystoneclient

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass...

9.8CVSS5.3AI score0.01696EPSS
Exploits1References13Affected Software1
Github Security Blog
Github Security Blog
added 2020/02/19 5:29 p.m.59 views

codecov NPM module allows remote attackers to execute arbitrary commands

codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596...

8.8CVSS7.3AI score0.02918EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/01/30 9:21 p.m.59 views

Unsafe Identifiers in Opencast

Impact Opencast allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security since such identifiers are sometimes used for file system operations which may lead to an attacker being able to escape working directories and write...

7.7CVSS2.4AI score0.01168EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2019/10/16 6:31 p.m.59 views

Improper Check for Unusual or Exceptional Conditions in Connect2id Nimbus JOSE+JWT

Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash potential information disclosure or a potential authentication bypass...

9.8CVSS3.1AI score0.11032EPSS
Exploits0References18Affected Software1
Github Security Blog
Github Security Blog
added 2019/10/15 7:27 p.m.59 views

Cross-site scripting in Swagger-UI

A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...

9.8CVSS3.8AI score0.0558EPSS
Exploits1References15Affected Software4
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.59 views

Wicked gem contains Path traversal vulnerability

The Wicked gem prior to v1.0.1 allows a remote attacker to traverse directories on the system via a vulnerability in controller/concerns/renderredirect.rb. An attacker can send a specially-crafted URL request containing %2E%2E%2F directory traversal sequences to read arbitrary files on the system...

5CVSS6.4AI score0.02958EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.59 views

actionpack Improper Input Validation vulnerability

actionpack/lib/actionview/lookupcontext.rb in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service memory consumption via a header containing an invalid MIME type that leads to excessive caching...

5CVSS6.2AI score0.207EPSS
Exploits2References18Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/10 1:39 p.m.58 views

Papra HTTP redirect bypass can lead to SSRF via webhook delivery system

Summary Papra's webhook delivery system contains an SSRF protection bypass that allows any authenticated organisation member to cause the server to make HTTP requests to internal addresses — loopback, link-local, and RFC-1918 ranges. The SSRF protection validates the registered webhook URL but...

5.6AI score0.00025EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 7:30 p.m.58 views

Gemini CLI: Remote Code Execution via workspace trust and tool allowlisting bypasses

Summary Gemini CLI @google/gemini-cli and the run-gemini-cli GitHub Action are being updated to harden workspace trust and tool allowlisting, in particular when used in untrusted environments like GitHub Actions. This update introduces a breaking change to how non-interactive headless environment...

6.5AI score
Exploits0References2Affected Software2
Github Security Blog
Github Security Blog
added 2026/04/24 12:31 a.m.58 views

Duplicate Advisory: OpenClaw: Gateway `device.token.rotate` does not terminate active WebSocket sessions after credential rotation

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rfqg-qgf8-xr9x. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 fails to terminate active WebSocket sessions when rotating device tokens. Attackers with...

5.4CVSS5.7AI score0.00186EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/05/28 9:52 p.m.58 views

Information exposure in Next.js dev server due to lack of origin verification

Summary A low-severity vulnerability in Next.js has been fixed in version 15.2.2. This issue may have allowed limited source code exposure when the dev server was running with the App Router enabled. The vulnerability only affects local development environments and requires the user to visit a...

4.3CVSS4.5AI score0.00174EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/07/30 10:18 a.m.58 views

Authz zero length regression

A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being exploited is low. This advisory outlines the issue, identifies the affected versions...

9.9CVSS6.9AI score0.16496EPSS
Exploits0References14Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/17 10:28 p.m.58 views

Lobe Chat API Key Leak

Summary If an attacker can successfully authenticate through SSO/Access Code, they can obtain the real backend API Key by modifying the base URL to their own attack URL on the frontend and setting up a server-side request. Details The attack process is described above. PoC Frontend: 1. Pass basic...

5.7CVSS6.9AI score0.00546EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/02/27 9:54 p.m.58 views

Missing permission checks on Hazelcast client protocol

Impact In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing authenticated users to access data stored in the cluster. Patches Fix versions: 5.2.5, 5.3.5,...

7.6CVSS7.2AI score0.00503EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2024/01/09 7:35 p.m.58 views

Microsoft ASP.NET Core project templates vulnerable to denial of service

A Denial of Service vulnerability exists in ASP.NET Core project templates which utilize JWT-based authentication tokens. This vulnerability allows an unauthenticated client to consume arbitrarily large amounts of server memory, potentially triggering an out-of-memory condition on the server and...

6.8CVSS8AI score0.02868EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2023/10/16 12:33 p.m.58 views

Google Sheets data source plugin for Grafana information disclosure vulnerability

Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google...

7.5CVSS6.4AI score0.00389EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/02 11:27 p.m.58 views

`Cookie` HTTP header isn't stripped on cross-origin redirects

urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a Cookie header and unknowingly leak information via HTTP redirects to a different origin if that user...

8.1CVSS6.6AI score0.01207EPSS
Exploits0References13Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/27 8:16 p.m.59 views

Chaijs/get-func-name vulnerable to ReDoS

The current regex implementation for parsing values in the module is susceptible to excessive backtracking, leading to potential DoS attacks. The regex implementation in question is as follows: js const functionNameMatch = /\sfunction?:\s|\s/^?:/+\/\s^\s/+/; This vulnerability can be exploited...

8.6CVSS6.9AI score0.01114EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/07 12:58 p.m.58 views

Apollo Router Unnamed "Subscription" operation results in Denial-of-Service

Impact This is a Denial-of-Service DoS type vulnerability which causes the Router to panic and terminate when GraphQL Subscriptions are enabled. It can be triggered when all of the following conditions are met: 1. Running Apollo Router v1.28.0, v1.28.1 or v1.29.0 "impacted versions"; and 2. The...

7.5CVSS6.7AI score0.00653EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/18 7:22 p.m.58 views

Fides Webserver Vulnerable to Zip Bomb File Uploads

Impact The Fides webserver is vulnerable to a type of Denial of Service DoS attack. Attackers can exploit a weakness in the connector template upload feature to upload a malicious zip bomb file, resulting in resource exhaustion and service unavailability for all users of the Fides webserver. This...

4.9CVSS6.8AI score0.00568EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/22 9:30 p.m.58 views

Grafana vulnerable to Authentication Bypass by Spoofing

Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app...

9.8CVSS9.5AI score0.04094EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/05/01 7:22 p.m.58 views

Flask vulnerable to possible disclosure of permanent session cookie due to missing Vary: Cookie header

When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by a proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client's session cookie to other clients. The severity depends on the...

7.5CVSS7.3AI score0.01261EPSS
Exploits1References11Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/18 10:28 p.m.58 views

Authentication Bypass in @strapi/plugin-users-permissions

Summary Strapi through 4.5.6 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. Details Strapi through 4.5.6 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider i...

6.8AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/02/14 10:0 p.m.58 views

.NET Remote Code Execution Vulnerability

Microsoft Security Advisory CVE-2023-21808: .NET Remote Code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update thei...

7.8CVSS8.2AI score0.01148EPSS
Exploits0References4Affected Software4
Github Security Blog
Github Security Blog
added 2023/01/11 6:27 p.m.58 views

gatsby-transformer-remark has possible unsanitized JavaScript code injection

Impact The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default configuration, unless input is sanitized. The vulnerability is present in gatsby-transformer-remark when...

8.1CVSS5.8AI score0.00613EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/28 12:30 a.m.58 views

YAML Go package vulnerable to denial of service

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector...

5.5CVSS4.3AI score0.00415EPSS
Exploits1References6Affected Software2
Total number of security vulnerabilities5000