Lucene search
K
GithubMost viewed

33268 matches found

Github Security Blog
Github Security Blog
added 2021/03/03 1:52 a.m.58 views

Prefix escape

Impact By crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is /pub/, a user expect that accessing /priv on the target service would not be possible. Unfortunately, it is. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N...

10CVSS0.6AI score0.01821EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/01/19 9:16 p.m.58 views

Inline JS XSS vulnerability in Mautic

Impact Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form. Patches Upgrade to 2.12.0 or later. Workarounds None References https://github.com/mautic/mautic/releases/tag/2.12.0 For mo...

6.1CVSS0.9AI score0.00843EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/01/19 9:16 p.m.58 views

XSS vulnerability in Author URL of themes in Mautic

Impact An XSS vulnerability was discovered in Mautic 2.13.1 in the Author URL of themes. Patches Update to 2.14 or later Workarounds None References https://github.com/mautic/mautic/releases/tag/2.14.0 For more information If you have any questions or comments about this advisory: Email us at...

6.1CVSS0.5AI score0.00905EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/12/08 11:55 p.m.58 views

Remote Code Execution (RCE) Exploit on Cross Site Scripting (XSS) Vulnerability

Impact A RCE exploit has been discovered in the Red Discord Bot - Dashboard Webserver: this exploit allows Discord users with specially crafted Server names and Usernames/Nicknames to inject code into the webserver front-end code. By abusing this exploit, it's possible to perform destructive...

8.7CVSS2.8AI score0.01053EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/07/29 4:15 p.m.58 views

Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 8.2 CWE-325, CWE-20, CWE-200, CWE-502 Problem It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message...

8.8CVSS2AI score0.02229EPSS
Exploits0References9Affected Software2
Github Security Blog
Github Security Blog
added 2020/06/15 6:51 p.m.58 views

Denial of service in Apache Xerces2

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service infinite loop and application hang via malformed XML input, as...

5CVSS4.7AI score0.3038EPSS
Exploits2References67Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/09 12:25 a.m.58 views

CSRF issue on preview pages in Bolt CMS

Impact Bolt CMS lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized users could...

8.6CVSS3.2AI score0.01766EPSS
Exploits3References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/05/13 4:29 p.m.58 views

path traversal in Jooby

Impact Access to sensitive information available from classpath. Patches Patched version: 1.6.7 and 2.8.2 Commit 1.x: https://github.com/jooby-project/jooby/commit/34f526028e6cd0652125baa33936ffb6a8a4a009 Commit 2.x:...

5.3CVSS0.5AI score0.01554EPSS
Exploits0References8Affected Software2
Github Security Blog
Github Security Blog
added 2020/04/22 8:59 p.m.58 views

XSS in python-markdown2

python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute...

6.1CVSS2.4AI score0.01868EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2020/04/16 3:14 a.m.58 views

CSRF and DNS Rebinding in Oasis

Impact What kind of vulnerability is it? Who is impacted? If you're running a vulnerable application on your computer and an attacker can trick you into visiting a malicious website, they could use DNS rebinding and CSRF attacks to read/write to vulnerable applications. There is no evidence that...

8.1CVSS3.9AI score0.00502EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2020/03/31 5:2 p.m.58 views

Cross-Site Scripting in http_server

All versions of httpserver are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation No fix is currently available. Consider usi...

7.5CVSS5.3AI score0.02509EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/03/19 5:29 p.m.58 views

GitHub personal access token leaking into temporary EasyBuild (debug) logs

Impact The GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --from-pr, etc. is shown in plain text in EasyBuild debug log files. Scope: the log message only appears in the top-level log file, not in the individual software installation logs see...

7.7CVSS5.5AI score0.00538EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2020/03/06 1:15 a.m.58 views

Holder can generate proof of ownership for credentials it does not control in vp-toolkit

Impact The verifyVerifiablePresentation method check the cryptographic integrity of the Verifiable Presentation, but it does not check if the credentialSubject.id DID matches the signer of the VP proof. The verifier is impacted by this vulnerability. Patches Patch will be available in version...

2.1AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/02/12 6:45 p.m.58 views

URL Redirection to Untrusted Site (Open Redirect) in Ktor

In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location...

6.1CVSS0.7AI score0.00642EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2019/12/17 10:53 p.m.58 views

Unrestricted file uploads in Contao

Impact A back end user with access to the form generator can upload arbitrary files and execute them on the server. Patches Update to Contao 4.4.46 or 4.8.6. Workarounds Configure your web server so it does not execute PHP files and other scripts in the Contao file upload directory. References...

8.8CVSS8.9AI score0.01108EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2019/11/20 5:44 p.m.58 views

SQL Injection in usmanhalalit/pixie

Pixie versions 1.0.x before 1.0.3, and 2.0.x before 2.0.2 allow SQL Injection in the limit function due to improper sanitization...

9.8CVSS4.6AI score0.01499EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2019/04/16 3:50 p.m.58 views

SQLAlchemy is vulnerable to SQL Injection via group_by parameter

SQLAlchemy 1.2.17 has SQL Injection when the groupby parameter can be controlled...

7.8CVSS9.3AI score0.01777EPSS
Exploits1References14Affected Software1
Github Security Blog
Github Security Blog
added 2018/07/12 8:30 p.m.58 views

Gunicorn contains Improper Neutralization of CRLF sequences in HTTP headers

gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "processheaders" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been...

7.5CVSS3.2AI score0.02431EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 7:59 p.m.57 views

DOMPurify: Hook mutation of `data.allowedTags` / `data.allowedAttributes` permanently pollutes `DEFAULT_ALLOWED_TAGS` / `DEFAULT_ALLOWED_ATTR`

Hook mutation of data.allowedTags / data.allowedAttributes permanently pollutes DEFAULTALLOWEDTAGS / DEFAULTALLOWEDATTR CWE: CWE-501 Trust Boundary Violation — hook-scoped mutation leaks to global default sets via CWE-693 Protection Mechanism Failure — the default allow-list is silently widened f...

5.6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 2:35 p.m.57 views

Malware in @opensearch-project/opensearch

Overview The OpenSearch Project has sustained a security incident involving an external actor gaining force-push permissions within the project's CI infrastructure to embed malicious packages into four release versions of @opensearch-project/opensearch. Users are instructed to immediately take...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/15 7:51 p.m.57 views

FlowiseAI Pre-Auth Arbitrary Code Execution

Summary An authenticated admin user of FlowiseAI can exploit the Supabase RPC Filter component to execute arbitrary server-side code without restriction. By injecting a malicious payload into the filter expression field, the attacker can directly trigger JavaScript's execSync to launch reverse...

6.5CVSS8.4AI score0.00594EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/01/22 6:31 p.m.57 views

Incorrect permission check in Jenkins GitLab Plugin allows enumerating credentials IDs

The Jenkins GitLab Plugin 1.9.6 and earlier does not correctly perform a permission check in an HTTP endpoint. This allows attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate credential IDs of GitLab API token credentials and...

4.3CVSS6.1AI score0.00288EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/10 3:29 p.m.57 views

Blind XSS Leading to Froxlor Application Compromise

Description: A Stored Blind Cross-Site Scripting XSS vulnerability has been identified in the Failed Login Attempts Logging Feature of the Froxlor Application. Stored Blind XSS occurs when user input is not properly sanitized and is stored on the server, allowing an attacker to inject malicious...

9.6CVSS5.4AI score0.00963EPSS
Exploits2References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/02 9:30 a.m.57 views

Apache ActiveMQ's default configuration doesn't secure the API web context

In Apache ActiveMQ 6.x, the default configuration doesn't secure the API web context where the Jolokia JMX REST API and the Message REST API are located. It means that anyone can use these layers without any required authentication. Potentially, anyone can interact with the broker using Jolokia J...

8.8CVSS7.3AI score0.0692EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2024/03/25 7:36 p.m.57 views

RDoc RCE vulnerability with .rdoc_options

An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be...

4.5CVSS8.1AI score0.01571EPSS
Exploits0References16Affected Software1
Github Security Blog
Github Security Blog
added 2024/03/22 4:57 p.m.57 views

Denial of service while parsing a tar file due to lack of folders count validation

Description: During some analysis today on npm's node-tar package I came across the folder creation process, Basicly if you provide node-tar with a path like this ./a/b/c/foo.txt it would create every folder and sub-folder here a, b and c until it reaches the last folder to create foo.txt, In-thi...

6.5CVSS7AI score0.00929EPSS
Exploits1References5Affected Software2
Github Security Blog
Github Security Blog
added 2024/03/20 2:45 p.m.57 views

GeoServer log file path traversal vulnerability

Impact This vulnerability requires GeoServer Administrator with access to the admin console to misconfigured the Global Settings for log file location to an arbitrary location. This can be used to read files via the admin console GeoServer Logs page. It is also possible to leverage RCE or cause...

7.2CVSS7.2AI score0.00841EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/03/19 8:6 p.m.57 views

Container escape at build time

Impact What kind of vulnerability is it? Who is impacted? Users running containers with root privileges allowing a container to run with read/write access to the host system files when selinux is not enabled. With selinux enabled, some read access is allowed. Patches From @nalind cat...

8.6CVSS8.5AI score0.0049EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2024/03/01 4:58 p.m.57 views

Directus has MySQL accent insensitive email matching

Password reset vulnerable to accent confusion The password reset mechanism of the Directus backend is implemented in a way where combined with specific, need to double check if i can work around configuration in MySQL or MariaDB. As such, it allows attackers to receive a password reset email of a...

8.2CVSS7AI score0.00702EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/22 3:30 p.m.57 views

Spring Framework server Web DoS Vulnerability

In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC Spring Security 6.1....

7.5CVSS7.4AI score0.01048EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/11 4:27 p.m.57 views

Authenticated (user role) SQL injection in `OrderAndPaginate` (GHSL-2023-270)

Summary The OrderAndPaginate function is used to order and paginate data. It is defined as follows: go func OrderAndPaginatec gin.Context funcdb gorm.DB gorm.DB return funcdb gorm.DB gorm.DB sort := c.DefaultQuery"order", "desc" order := fmt.Sprintf"%s %s", DefaultQueryc, "sortby", "id", sort db ...

7CVSS6.8AI score0.00584EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/12/05 10:57 p.m.57 views

Test code in published microsoft-graph-beta package exposes phpinfo()

Impact The Microsoft Graph Beta PHP SDK published packages which contained test code that enabled the use of the phpInfo function from any application that could access and execute the file at vendor/microsoft/microsoft-graph-beta/tests/GetPhpInfo.php. The phpInfo function exposes system...

10CVSS6.2AI score0.78428EPSS
Exploits5References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/08/01 3:30 p.m.57 views

RaspAP Command Injection vulnerability

A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfgid parameter in /ajax/openvpn/activateovpncfg.php and /ajax/openvpn/delovpncfg.php...

9.8CVSS8AI score0.98725EPSS
Exploits3References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/06 7:24 p.m.57 views

is_js vulnerable to Regular Expression Denial of Service

is.js is a general-purpose check library. Versions 0.9.0 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. is.js uses a regex copy-pasted from a gist to validate URLs. Trying to validate a malicious string can cause the regex to...

7.5CVSS6.8AI score0.00866EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/21 6:30 a.m.57 views

semver vulnerable to Regular Expression Denial of Service

Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range...

7.5CVSS6.3AI score0.02761EPSS
Exploits1References16Affected Software1
Github Security Blog
Github Security Blog
added 2023/05/23 8:7 p.m.57 views

Sqlite-jdbc vulnerable to remote code execution when JDBC url is attacker controlled

Summary Sqlite-jdbc addresses a remote code execution vulnerability via JDBC URL. Impacted versions : 3.6.14.1-3.41.2.1 References https://github.com/xerial/sqlite-jdbc/releases/tag/3.41.2.2...

9.8CVSS9.5AI score0.01592EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/27 11:9 p.m.57 views

Cross-site Scripting (XSS) in DataObject Any Getter grid operator

Impact Stored cross site scripting vulnerability in operator any getter in dataobject grid configuration. Patches Update to version 10.5.21 or apply this patch manually https://github.com/pimcore/pimcore/commit/6946f8a5a0a93b516c49f17a5b45044eebd73480.patch Workarounds Apply patch...

6.1CVSS6.1AI score0.00523EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/02/07 6:16 p.m.57 views

URI validation failure on SVG parsing. Bypass of CVE-2023-23924

Summary Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrary URLs with arbitrary protocols. Details Dompdf parses the href attribute of image tags with the following code: src/Image/Cache.php line 135-150 php function $parser, $name,...

10CVSS9.3AI score0.03572EPSS
Exploits3References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/01/26 9:30 p.m.57 views

Remote code execution in simple-git

Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution RCE via the clone, pull, push and listRemote methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of CVE-2022-25912...

9.8CVSS6.2AI score0.02712EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/23 9:30 p.m.57 views

ThinkPHP Framework vulnerable to remote code execution

ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled langswitchon=true. An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php...

9.8CVSS9.3AI score0.15505EPSS
Exploits2References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/09/16 10:31 p.m.57 views

TensorFlow vulnerable to `CHECK` fail in `Save` and `SaveSlices`

Impact If Save or SaveSlices is run over tensors of an unsupported dtype, it results in a CHECK fail that can be used to trigger a denial of service attack. python import tensorflow as tf filename = tf.constant"" tensornames = tf.constant"" Save data = tf.casttf.random.uniformshape=1,...

7.5CVSS7.5AI score0.00396EPSS
Exploits0References5Affected Software3
Github Security Blog
Github Security Blog
added 2022/08/30 7:32 p.m.57 views

.NET Denial of Service Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET 6.0, .NET 5....

7.5CVSS7.2AI score0.04913EPSS
Exploits0References10Affected Software14
Github Security Blog
Github Security Blog
added 2022/08/18 7:2 p.m.58 views

Duplicate Advisory: KubeVirt arbitrary host file read from the VM

Duplicate Advisory This advisory is a duplicate of GHSA-qv98-3369-g364. This link is maintained to preserve external references. Original Description Summary As part of a Kubevirt audit performed by NCC group, a finding dealing with systemic lack of path sanitization which leads to a path travers...

8.7CVSS7.7AI score0.00359EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/26 12:0 a.m.57 views

Moodle Arbitrary file read when importing lesson questions

The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature...

7.5CVSS6.7AI score0.49102EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/05 12:0 a.m.57 views

Django `Trunc()` and `Extract()` database functions vulnerable to SQL Injection

An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc and Extract database functions are subject to SQL injection if untrusted data is used as a kind/lookupname value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected...

9.8CVSS9.6AI score0.73274EPSS
Exploits3References14Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/25 7:11 a.m.57 views

BlockWishList SQL Injection vulnerability

Impact An authenticated customer can perform SQL injection Patches Issue is fixed in 2.1.1...

8.8CVSS8.6AI score0.24146EPSS
Exploits6References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 10:3 p.m.57 views

URL Redirection to Untrusted Site ('Open Redirect') in next-auth

Impact We found that this vulnerability is present when the developer is implementing an OAuth 1 provider by extension, it means Twitter, which is the only built-in provider using OAuth 1, but upgrading is still recommended. next-auth v3 users before version 3.29.3 are impacted. We recommend...

6.1CVSS6.1AI score0.00612EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 1:29 a.m.57 views

Drupal Core Remote Code Execution Vulnerability

Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations...

9.8CVSS8.2AI score0.99993EPSS
Exploits46References25Affected Software2
Github Security Blog
Github Security Blog
added 2022/05/13 1:45 a.m.57 views

Exposure of Sensitive Information to an Unauthorized Actor in Oracle MySQL Connectors Java

Vulnerability in the MySQL Connectors component of Oracle MySQL subcomponent: Connector/J. Supported versions that are affected are 5.1.41 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise...

3.3CVSS4AI score0.00448EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:40 a.m.57 views

Improper Authentication in Jenkins Blue Ocean Plugin

Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. Its SCM content REST API supports the pipeline creation and editing feature in Blue...

8.5CVSS1.6AI score0.00758EPSS
Exploits0References3Affected Software1
Total number of security vulnerabilities5000