Lucene search
K
GithubMost viewed

33255 matches found

Github Security Blog
Github Security Blog
added 2020/12/10 7:7 p.m.57 views

Heap out of bounds access in MakeEdge in TensorFlow

Impact Under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph. The MakeEdge function creates an edge between one output tensor of the src node given by outputindex and the input slot of the dst node given by inputindex. This is...

4.4CVSS0.3AI score0.00213EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
added 2020/11/06 5:35 p.m.57 views

LDAP authentication bypass with empty password

Impact Users may be able to bypass LDAP authentication if they provide an empty password when Alerta server is configure to use LDAP as the authorization provider. Only deployments where LDAP servers are configured to allow unauthenticated binds eg. default on Active Directory are affected. Patch...

9.8CVSS2.2AI score0.65933EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2020/10/27 8:39 p.m.57 views

xml-crypto's HMAC-SHA1 signatures can bypass validation via key confusion

Impact An attacker can inject an HMAC-SHA1 signature that is valid using only knowledge of the RSA public key. This allows bypassing signature validation. Patches Version 2.0.0 has the fix. Workarounds The recommendation is to upgrade. In case that is not possible remove the...

5.4AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/10/19 8:55 p.m.57 views

Prototype pollution in object-path

Impact A prototype pollution vulnerability has been found in object-path = 0.11.0 is used, which has to be explicitly enabled by creating a new instance of object-path and setting the option includeInheritedProps: true, or by using the default withInheritedProps instance. The default operating mo...

9.8CVSS3.4AI score0.01528EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/25 6:28 p.m.57 views

Heap buffer overflow in Tensorflow

Impact The RaggedCountSparseOutput implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the splits tensor generate a valid partitioning of the values tensor. Hence, this code is prone to heap buffer overflow...

6.8CVSS1.1AI score0.00563EPSS
Exploits1References8Affected Software3
Github Security Blog
Github Security Blog
added 2020/09/18 6:3 p.m.57 views

Heap Overflow in PyMiniRacer

A heap overflow in Sqreen PyMiniRacer aka Python Mini Racer before 0.3.0 allows remote attackers to potentially exploit heap corruption. More details on https://blog.sqreen.com/vulnerability-disclosure-finding-a-vulnerability-in-sqreens-php-agent-and-how-we-fixed-it/...

9.8CVSS5AI score0.02498EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/08/21 4:30 p.m.57 views

Remote Code Execution in Red Discord Bot

Impact A RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia module's leaderboard command. By abusing this exploit, it's possible to perform destructive actions and/or access sensitive...

9.6CVSS3.7AI score0.00923EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/03 10:2 p.m.57 views

Arbitrary File Read in Snyk Broker

All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by creating symlinks to match whitelisted paths...

6.5CVSS4.4AI score0.0113EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/03 9:58 p.m.57 views

Local File read vulnerability in OctoberCMS

Impact An attacker can exploit this vulnerability to read local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the cms.manageassets permission. Patches Issue has been patched in Build 466 v1.0.466. Workarounds Apply...

4.9CVSS0.2AI score0.07371EPSS
Exploits4References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/05/13 4:28 p.m.57 views

Arbitrary file write in actionpack-page_caching gem

There is a vulnerability in actionpackpage-caching gem v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view...

9.8CVSS5.3AI score0.0525EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/04/16 3:14 a.m.57 views

Machine-In-The-Middle in https-proxy-agent

Versions of https-proxy-agent prior to 2.2.3 are vulnerable to Machine-In-The-Middle. The package fails to enforce TLS on the socket if the proxy server responds the to the request with a HTTP status different than 200. This allows an attacker with access to the proxy server to intercept...

3.6AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/03/31 5:2 p.m.57 views

Path Traversal in statics-server

All versions of statics-server are vulnerable to Path Traversal. The package fails to limit access to files outside of the served folder through symlinks. Recommendation No fix is currently available. Do not use statics-server in production or consider using an alternative module until a fix is...

7.5CVSS4AI score0.01529EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/03/30 8:9 p.m.57 views

Read permissions not enforced for client provided filter expressions in Elide.

Impact It is possible for an adversary to "guess and check" the value of a model field they do not have access to assuming they can read at least one other field in the model. The adversary can construct filter expressions for an inaccessible field to filter a collection. The presence or absence ...

6.8CVSS1.3AI score0.01251EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/01/24 9:27 p.m.57 views

Incorrect signature verification in SimpleSAMLphp

Background An incorrect check of return values in the signature validation utilities allows an attacker to get invalid signatures accepted as valid by forcing an error during validation. Description The SimpleSAMLXMLValidator class allows the verification of the XML digital signature of a SAML 1...

6.3CVSS0.7AI score0.01188EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2019/12/16 7:29 p.m.57 views

lodahs is malware

All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated...

9.3CVSS8.5AI score0.01257EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2018/12/21 5:51 p.m.57 views

Commons FileUpload Denial of service vulnerability

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted Content-Type header that bypasses a loop's intended exit conditions...

7.5CVSS7.3AI score0.83175EPSS
Exploits8References77Affected Software2
Github Security Blog
Github Security Blog
added 2018/10/17 5:23 p.m.57 views

Spring Data Commons remote code injection vulnerability

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user or attacker can supply specially crafted request parameters...

9.8CVSS4.2AI score0.95649EPSS
Exploits9References8Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/17 4:32 p.m.57 views

The host name verification missing in Apache Tomcat

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88...

7.5CVSS3.3AI score0.213EPSS
Exploits0References65Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/17 12:5 a.m.57 views

Improper certificate validation in org.apache.httpcomponents:httpclient

http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via...

4.3CVSS6.1AI score0.05844EPSS
Exploits0References24Affected Software1
Github Security Blog
Github Security Blog
added 2018/07/18 6:28 p.m.57 views

Sandbox Breakout in safe-eval

Affected versions of safe-eval are vulnerable to a sandbox escape. By accessing object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox. Proof of Concept: This code accesses the process object and calls .exit js var safeEval =...

10CVSS9AI score0.03494EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.57 views

activerecord vulnerable to SQL Injection

The Active Record component in Ruby on Rails efore 2.3.15, 3.0.x before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via...

7.5CVSS7.1AI score0.02924EPSS
Exploits2References11Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.57 views

Deserialization Code Execution in js-yaml

Versions 2.0.4 and earlier of js-yaml are affected by a code execution vulnerability in the YAML deserializer. Proof of Concept const yaml = require'js-yaml'; const x = test: !!js/function function f console.log1; ; yaml.loadx; Recommendation Update js-yaml to version 2.0.5 or later, and ensure...

6.8CVSS5.3AI score0.17186EPSS
Exploits7References4Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.57 views

actionpack Path Traversal vulnerability

Directory traversal vulnerability in actionpack/lib/abstractcontroller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files...

7.5CVSS6.2AI score0.53703EPSS
Exploits2References16Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/22 5:27 p.m.56 views

qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set

Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is synchronous and not handled by any of qs's null-related options skipNulls, strictNullHandling. Details In the comma + encodeValuesOnly...

6.3CVSS5.9AI score0.00351EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/16 3:30 p.m.56 views

Mattermost fails to preserve the redacted state of burn-on-read posts during deletion

Mattermost versions 11.3.x = 11.3.0 fail to preserve the redacted state of burn-on-read posts during deletion which allows channel members to access unrevealed burn-on-read message contents via the WebSocket post deletion event. Mattermost Advisory ID: MMSA-2026-00579...

4.3CVSS5.8AI score0.00219EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/02/23 10:10 p.m.56 views

New API has Potential XSS in its MarkdownRenderer component

Summary A potential unsafe operation occurs in component MarkdownRenderer.jsx, allowing for Cross-Site ScriptingXSS when the model outputs items containing tag. Details Line 212-231 of MarkdownRenderer.jsx is unsafe, it use dangerouslySetInnerHTML to preview html the model generates. This can...

7.6CVSS5.4AI score0.00222EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/03/11 7:24 p.m.56 views

Microsoft Security Advisory CVE-2025-24070: .NET Elevation of Privilege Vulnerability

Microsoft Security Advisory CVE-2025-24070: .NET Elevation of Privilege Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 9.0, ASP.NET Core 8.0, ASP.NET Core 6.0, and ASP.NET Core 2.3. This advisory also...

7CVSS7AI score0.00911EPSS
Exploits1References5Affected Software13
Github Security Blog
Github Security Blog
added 2025/03/03 9:30 a.m.56 views

PrismJS DOM Clobbering vulnerability

Prism aka PrismJS through 1.29.0 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...

5.4CVSS6.1AI score0.00301EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/01/06 7:23 p.m.56 views

Guzzle OAuth Subscriber has insufficient nonce entropy

Impact Nonce generation does not use sufficient entropy nor a cryptographically secure pseudorandom source https://github.com/guzzle/oauth-subscriber/blob/0.8.0/src/Oauth1.phpL192. This can leave servers vulnerable to replay attacks when TLS is not used. Patches Upgrade to version 0.8.1 or higher...

6.3CVSS6.7AI score0.00451EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2024/10/15 6:12 p.m.56 views

Starlette Denial of service (DoS) via multipart/form-data

Summary Starlette treats multipart/form-data parts without a filename as text form fields and buffers those in byte strings with no size limit. This allows an attacker to upload arbitrary large form fields and cause Starlette to both slow down significantly due to excessive memory allocations and...

8.7CVSS6.9AI score0.00658EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/09/24 6:34 p.m.56 views

Spring Framework DoS via conditional HTTP request

Description Applications that parse ETags from If-Match or If-None-Match request headers are vulnerable to DoS attack. Affected Spring Products and Versions org.springframework:spring-web in versions 6.1.0 through 6.1.11 6.0.0 through 6.0.22 5.3.0 through 5.3.37 Older, unsupported versions are al...

5.3CVSS6.7AI score0.00852EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2024/07/29 5:46 p.m.56 views

fast-xml-parser vulnerable to ReDOS at currency parsing

Summary A ReDOS that exists on currency.js was discovered by Gauss Security Labs R&D team. Details https://github.com/NaturalIntelligence/fast-xml-parser/blob/v4.4.0/src/v5/valueParsers/currency.jsL10 contains a vulnerable regex PoC pass the following string '\t'.repeat13337 + '.' Impact Denial o...

7.5CVSS7.4AI score0.00828EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/08 5:50 p.m.56 views

Spin applications with specific configuration vulnerable to potential network sandbox escape

Impact Some specifically configured Spin applications that use self requests without a specified URL authority can be induced to make requests to arbitrary hosts via the Host HTTP header. If an application's manifest contains a component with configuration such as toml allowedoutboundhosts =...

9.1CVSS7.3AI score0.00485EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/15 8:21 p.m.56 views

sqlparse parsing heavily nested list leads to Denial of Service

Summary Passing a heavily nested list to sqlparse.parse leads to a Denial of Service due to RecursionError. Details + PoC Running the following code will raise Maximum recursion limit exceeded exception: py import sqlparse sqlparse.parse'' 10000 + '' 10000 We expect a traceback of RecursionError:...

7.5CVSS7.3AI score0.0321EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/02/22 6:25 p.m.56 views

Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials

The CORS middleware allows for insecure configurations that could potentially expose the application to multiple CORS-related vulnerabilities. Specifically, it allows setting the Access-Control-Allow-Origin header to a wildcard "" while also having the Access-Control-Allow-Credentials set to true...

9.8CVSS9.3AI score0.0066EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2024/02/21 3:30 a.m.56 views

Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting

Cross-site scripting XSS vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.2.0 through 7.4.3.37, and Liferay DXP 7.4 before update 38, 7.3 before update 11, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML...

9.6CVSS5.9AI score0.00555EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2024/01/26 9:30 a.m.56 views

Null pointer dereference in PKCS12 parsing

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates...

5.5CVSS7AI score0.03174EPSS
Exploits0References21Affected Software1
Github Security Blog
Github Security Blog
added 2023/12/29 7:36 p.m.56 views

Miniflare vulnerable to Server-Side Request Forgery (SSRF)

Impact Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces as was the default in wrangler until 3.19.0, an attacker on the local network...

8.1CVSS7AI score0.00552EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/12/18 11:26 p.m.56 views

Grackle has StackOverflowError in GraphQL query processing

Impact Prior to this fix, the GraphQL query parsing was vulnerable to StackOverflowErrors. The possibility of small queries resulting in stack overflow is a potential denial of service vulnerability. This potentially affects all applications using Grackle which have untrusted users. !CAUTION No...

7.5CVSS7.2AI score0.00827EPSS
Exploits0References5Affected Software12
Github Security Blog
Github Security Blog
added 2023/12/01 12:31 a.m.56 views

Apache Tiles: Unvalidated input may lead to path traversal and XXE

The value set as the DefaultLocaleResolver.LOCALEKEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to this key may be relativel...

7.5CVSS7.5AI score0.01345EPSS
Exploits0References3Affected Software3
Github Security Blog
Github Security Blog
added 2023/11/29 9:33 p.m.56 views

Keycloak vulnerable to LDAP Injection on UsernameForm Login

A flaw was found in the Keycloak package. This flaw allows an attacker to benefit from an LDAP query and access existing usernames in the server...

7.5CVSS6.9AI score0.00642EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2023/11/20 9:30 a.m.56 views

Deserialization of Untrusted Data in apache-submarine

Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests using application/yaml content-type, it defin...

9.8CVSS6.7AI score0.01747EPSS
Exploits9References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/30 3:18 p.m.56 views

CodeIgniter4 vulnerable to information disclosure when detailed error report is displayed in production environment

Impact If an error or exception occurs in CodeIgniter4 v4.4.2 and earlier, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Patches Upgrade to v4.4.3 or later. See upgrading guide. Workarounds Replace...

7.5CVSS6.8AI score0.00621EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/24 7:47 p.m.56 views

Jumpserver Koko vulnerable to remote code execution on the host system via MongoDB shell

Impact An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may further be leveraged to gain root privileges on the host system. Details Through the WEB CLI interface provided by koko, a user logs...

9.9CVSS8.2AI score0.01716EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/10 9:30 p.m.56 views

ZITADEL's password reset does not respect the "Ignoring unknown usernames" setting

Impact ZITADEL administrators can enable a setting called "Ignoring unknown usernames" which helps mitigate attacks that try to guess/enumerate usernames. While this settings was properly working during the authentication process it did not work correctly on the password reset flow. This meant th...

5.3CVSS7AI score0.00532EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/28 9:27 p.m.56 views

OpenFGA Vulnerable to DoS from circular relationship definitions

Overview OpenFGA is vulnerable to a DoS attack when certain Check calls are executed against authorization models that contain circular relationship definitions. When the call is made, it's possible for the server to exhaust resources and die. Am I Affected? Yes, if your store contains an...

5.9CVSS6.7AI score0.00751EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/12 7:57 p.m.56 views

Microsoft Security Advisory CVE-2023-36799: .NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2023-36799: .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their...

6.5CVSS6.5AI score0.04661EPSS
Exploits0References4Affected Software6
Github Security Blog
Github Security Blog
added 2023/08/29 11:33 p.m.56 views

GitPython untrusted search path on Windows systems leading to arbitrary code execution

Summary When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment see big warning in https://docs.python.org/3/library/subprocess.htmlpopen-constructor. GitPython defaults to use the git command, if a user runs GitPython from a repo has a...

7.8CVSS7.1AI score0.00465EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/30 8:29 p.m.56 views

Client Spoofing within the Keycloak Device Authorisation Grant

Under certain pre-conditions the vulnerability allows an attacker to spoof parts of the device flow and use a devicecode to retrieve an access token for other OAuth clients...

8.1CVSS6.8AI score0.00694EPSS
Exploits0References11Affected Software2
Github Security Blog
Github Security Blog
added 2023/05/17 3:49 a.m.56 views

Starlette has Path Traversal vulnerability in StaticFiles

Summary When using StaticFiles, if there's a file or directory that starts with the same name as the StaticFiles directory, that file or directory is also exposed via StaticFiles which is a path traversal vulnerability. Details The root cause of this issue is the usage of os.path.commonprefix:...

7.5CVSS6.6AI score0.02032EPSS
Exploits1References8Affected Software1
Total number of security vulnerabilities5000