Lucene search
K
GithubMost viewed

33254 matches found

Github Security Blog
Github Security Blog
added 2026/02/25 10:34 p.m.55 views

Basic FTP has Path Traversal Vulnerability in its downloadToDir() method

The basic-ftp library contains a path traversal vulnerability in the downloadToDir method. A malicious FTP server can send directory listings with filenames containing path traversal sequences ../ that cause files to be written outside the intended download directory. Source-to-Sink Flow 1. SOURC...

9.8CVSS6AI score0.00528EPSS
Exploits2References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/05/02 7:28 p.m.55 views

Information Disclosure via Flags override link

Summary An information disclosure vulnerability affecting Flags SDK has been addressed. It impacted flags ≤3.2.0 and @vercel/flags ≤3.1.1 and in certain circumstances, allowed a bad actor with detailed knowledge of the vulnerability to list all flags returned by the flags discovery endpoint...

6.5CVSS6.2AI score0.00278EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2025/03/19 3:48 p.m.55 views

Fast-JWT Improperly Validates iss Claims

Summary The fast-jwt library does not properly validate the iss claim based on the RFC https://datatracker.ietf.org/doc/html/rfc7519page-9. Details The iss issuer claim validation within the fast-jwt library permits an array of strings as a valid iss value. This design flaw enables a potential...

6.5CVSS6.7AI score0.00519EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/10/15 6:30 p.m.55 views

ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function

The ReDoS can be exploited through the parseHTML function in the html-parser.ts file. This flaw allows attackers to slow down the application by providing specially crafted input that causes inefficient processing of regular expressions, leading to excessive resource consumption. To demonstrate...

3.7CVSS6.4AI score0.00507EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/07/15 4:37 p.m.55 views

The FIDO2/Webauthn Support for PHP library allows enumeration of valid usernames

Summary The ProfileBasedRequestOptionsBuilder method returns allowedCredentials without any credentials if no username was found. Details When WebAuthn is used as the first or only authentication method, an attacker can enumerate usernames based on the absence of the allowedCredentials property i...

5.3CVSS7.1AI score0.00394EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2024/07/08 2:14 p.m.55 views

RailsAdmin Cross-site Scripting vulnerability in the list view

Impact RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML title attribute. The issue was originally reported in https://github.com/railsadminteam/railsadmin/issues/3686. Patches Upgrade to 3.1.4. The vulnerability itself was patched in 3.1.3 but it has a functionali...

6.8CVSS6.2AI score0.00579EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/31 6:31 p.m.55 views

wangEditor was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload function

There is a cross-site scripting XSS issue in wangEditor via the image upload function in version 4.7.11. This issue has been fixed in version 4.7.12...

5.4CVSS5.7AI score0.00268EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/23 3:19 p.m.55 views

Traefik vulnerable to GO issue allowing malformed DNS message to cause infinite loop

Impact There is a vulnerability in GO managing malformed DNS message, which impacts Traefik. This vulnerability could be exploited to cause a denial of service. References - CVE-2024-24788 Patches - https://github.com/traefik/traefik/releases/tag/v2.11.3 -...

5.9CVSS6.9AI score0.01001EPSS
Exploits0References6Affected Software3
Github Security Blog
Github Security Blog
added 2024/05/09 9:7 p.m.55 views

Next.js Vulnerable to HTTP Request Smuggling

Impact Inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses. This led to a response queue poisoning vulnerability in the affected Next.js versions. For a request to...

7.5CVSS6.6AI score0.01022EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/08 2:33 p.m.55 views

Deno permission escalation vulnerability via open of privileged files with missing `--deny` flag

The Deno sandbox may be unexpectedly weakened by allowing file read/write access to privileged files in various locations on Unix and Windows platforms. For example, reading /proc/self/environ may provide access equivalent to --allow-env, and writing /proc/self/mem may provide access equivalent t...

9CVSS7.2AI score0.00368EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/12 3:55 p.m.55 views

otelgrpc DoS vulnerability due to unbound cardinality metrics

Summary The grpc Unary Server Interceptor opentelemetry-go-contrib/instrumentation/google.golang.org/grpc/otelgrpc/interceptor.go // UnaryServerInterceptor returns a grpc.UnaryServerInterceptor suitable // for use in a grpc.NewServer call. func UnaryServerInterceptoropts ...Option...

7.5CVSS7.1AI score0.01592EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/15 9:30 p.m.55 views

Authorization Header forwarded on redirect

urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect i.e., a redirect that differs in host, port, or scheme. This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this...

6.1CVSS6.8AI score0.00512EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/10 9:23 p.m.55 views

Remote Denial of Service Vulnerability in Microsoft.Native.Quic.MsQuic.Schannel

Impact The MsQuic server application or process will crash, resulting in a denial of service. Patches The following patch was made: - Don't Allow Version Negotiation Packets for Server Connections - https://github.com/microsoft/msquic/commit/3226cff07d22662f16fc98d605656860e64cd343 Workarounds...

7.5CVSS6.7AI score0.69494EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2023/09/14 4:17 p.m.55 views

Jetty accepts "+" prefixed value in Content-Length

Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smugglin...

5.3CVSS6.7AI score0.01069EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/12 8:26 p.m.55 views

Microsoft Security Advisory CVE-2023-36794: .NET Remote Code Execution Vulnerability

Microsoft Security Advisory CVE-2023-36794: .NET Remote Code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update thei...

7.8CVSS7.3AI score0.01441EPSS
Exploits0References5Affected Software3
Github Security Blog
Github Security Blog
added 2023/09/06 7:50 p.m.55 views

Electron context isolation bypass via nested unserializable return value

Impact Apps using contextIsolation and contextBridge are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Workarounds This issue is exploitable under eithe...

8.5CVSS6.7AI score0.0049EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/08/02 9:30 p.m.55 views

Golang TIFF decoder does not place a limit on the size of compressed tile data

The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image both in terms of pixel width/height, and encoded size to make the decoder decode large amounts of compressed data, consuming excessive memory and CPU...

6.5CVSS7AI score0.0086EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/18 6:30 p.m.55 views

Spring Security's authorization rules can be misconfigured when using multiple servlets

Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchersString and multiple servlets, one of them being Spring MVC’s DispatcherServlet. DispatcherServlet is a Spring...

7.3CVSS6.8AI score0.00568EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/06 9:14 p.m.55 views

Apache Tomcat - Fix for CVE-2023-24998 was incomplete

The fix for CVE-2023-24998 was incomplete. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded...

7.5CVSS6.7AI score0.51547EPSS
Exploits1References15Affected Software2
Github Security Blog
Github Security Blog
added 2023/06/30 8:31 p.m.55 views

Keycloak vulnerable to Improper Client Certificate Validation for OAuth/OpenID clients

When a Keycloak server is configured to support mTLS authentication for OAuth/OpenID clients, it does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client and therefore access data that belongs to other clients...

7.1CVSS7AI score0.00522EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/26 9:30 p.m.55 views

Access bypass in Drupal core

The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your...

6.5CVSS6.6AI score0.0054EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/20 2:37 p.m.55 views

vm2 Sandbox Escape vulnerability

There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside handleException which can be used to escape the sandbox and run arbitrary code in host context. Impact A threat actor can bypass the sandbox...

10CVSS9.9AI score0.72087EPSS
Exploits5References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/02/08 10:32 p.m.55 views

otelhttp and otelbeego have DoS vulnerability for high cardinality metrics

Impact The v0.38.0 release of go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp uses the httpconv.ServerRequest function to annotate metric measurements for the http.server.requestcontentlength, http.server.responsecontentlength, and http.server.duration instruments. The ServerRequest...

7.5CVSS7.2AI score0.00973EPSS
Exploits1References4Affected Software2
Github Security Blog
Github Security Blog
added 2023/02/08 10:31 p.m.55 views

openssl-src subject to Timing Oracle in RSA Decryption

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages fo...

5.9CVSS6.7AI score0.16195EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/02/02 1:33 a.m.55 views

Switcher Client contains Regular Expression Denial of Service (ReDoS)

Impact Unsanitized input flows into Strategy match operation EXIST, where it is used to build a regular expression. This may result in a Regular expression Denial of Service attack reDOS. Patches Patched in 3.1.4 Workarounds Avoid using Strategy settings that use REGEX in conjunction with EXIST a...

8.6CVSS7.2AI score0.00541EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/01/18 12:30 a.m.55 views

Component takeover in Oracle Data Provider for .NET

Vulnerability in the Oracle Data Provider for .NET component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TCPS to compromise Oracle Data Provider for .NET. Successful...

7.5CVSS7.1AI score0.00594EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2023/01/17 12:30 p.m.55 views

Code injection in ruby git

ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46648...

8.8CVSS7.9AI score0.0136EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/13 7:44 p.m.55 views

Keycloak vulnerable to path traversal via double URL encoding

Keycloak does not properly validate URLs included in a redirect. An attacker could construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain, or possibly conduct further attacks...

9.1CVSS8.8AI score0.05796EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/10/13 7:11 p.m.55 views

October CMS Safe Mode bypass leads to authenticated Remote Code Execution

Impact This vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing public access to the admin panel. Assuming an attacker has access to the admin panel and permission to open the "Editor" section, they can bypass the Safe Mode cms.safemode...

7.2CVSS6.8AI score0.00864EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/09/29 2:12 p.m.55 views

d3-color vulnerable to ReDoS

The d3-color module provides representations for various color spaces in the browser. Versions prior to 3.1.0 are vulnerable to a Regular expression Denial of Service. This issue has been patched in version 3.1.0. There are no known workarounds...

5.5AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/09/23 12:0 a.m.55 views

rdiffweb Cross-Site Request Forgery vulnerability can lead to user email ID being changed

rdiffwen prior to version 2.4.7 is vulnerable to Cross-Site Request Forgery CSRF. An attacker can change a user's email ID. Version 2.4.7 has a fix for this issue...

7CVSS5.1AI score0.00375EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/09/16 5:44 p.m.55 views

JOSE vulnerable to resource exhaustion via specifically crafted JWE

The PBKDF2-based JWE key management algorithms expect a JOSE Header Parameter named p2c PBES2 Count, which determines how many PBKDF2 iterations must be executed in order to derive a CEK wrapping key. The purpose of this parameter is to intentionally slow down the key derivation function in order...

5.3CVSS6.1AI score0.01112EPSS
Exploits1References5Affected Software4
Github Security Blog
Github Security Blog
added 2022/08/02 12:0 a.m.55 views

graphql-go has infinite recursion in the type definition parser

graphql-go aka GraphQL for Go through 0.8.0 has infinite recursion in the type definition parser...

7.5CVSS7.3AI score0.00783EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:18 p.m.55 views

Moodle vulnerable to RCE

A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6, 3.6 before 3.6.10, 3.5 before 3.5.12 and earlier unsupported versions. It was possible to create a SCORM package in such a way that when added to a course, it could be interacted with via web services in order to achieve remo...

8.8CVSS7.5AI score0.03083EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 1:10 a.m.55 views

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. Thi...

7.5CVSS8.4AI score0.1684EPSS
Exploits0References59Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:20 a.m.55 views

Tampering vulnerability in .NET Core

A tampering vulnerability exists when .NET Core improperly handles specially crafted files, aka ".NET Core Tampering Vulnerability." This affects .NET Core 2.1...

6.5CVSS2.3AI score0.07258EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:12 a.m.55 views

Insufficient Verification of Data Authenticity in Async Http Client

main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Http Client aka AHC or async-http-client before 1.9.0 does not require a hostname match during verification of X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate...

4.3CVSS4.8AI score0.0083EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:2 a.m.55 views

Authentication Bypass Using an Alternate Path or Channel in Apache Tomcat

In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications...

9.1CVSS3.5AI score0.10303EPSS
Exploits5References49Affected Software3
Github Security Blog
Github Security Blog
added 2022/05/02 3:39 a.m.55 views

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Apache Tomcat

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename...

4.3CVSS6AI score0.1078EPSS
Exploits0References48Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/01 7:15 a.m.55 views

Cross-site scripting (XSS) vulnerability in CakePHP

Cross-site scripting XSS vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 "Not Found" error page. NOTE: some of these details are obtained from third party information...

4.3CVSS3.6AI score0.01184EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/01 6:38 a.m.55 views

Apache Geronimo console 1.0 vulnerable to cross-site scripting

Multiple cross-site scripting XSS vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 time parameter to cal2.jsp and 2 any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer. Version 1.1 contai...

4.3CVSS4.9AI score0.32247EPSS
Exploits1References17Affected Software1
Github Security Blog
Github Security Blog
added 2022/04/01 2:5 p.m.55 views

Command Injection Vulnerability with Mercurial in VCS

URLs and local file paths passed to the Mercurial hg APIs that are specially crafted can contain commands which are executed by Mercurial if it is installed on the host operating system. The vcs package uses the underly version control system, in this case hg, to implement the needed functionalit...

9.8CVSS3.7AI score0.01818EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/03 7:23 p.m.55 views

Leading white space bypasses protocol validation

Impact Whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly and protocol validation mechanisms may fail. Patches Patched in 1.19.9 Workarounds Remove leading whitespace from values before passing them to URI.parse e.g. via .hrefvalue or new...

5.3CVSS2.1AI score0.01995EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/01 10:4 p.m.55 views

Multiple security issues in Pomerium's embedded envoy

Envoy, which Pomerium is based on, has issued multiple CVEs impacting stability and security. Though Pomerium may not be vulnerable to all of the issues, it is recommended that all users upgrade to Pomerium v0.16.4 as soon as possible to minimize risk. Impact - Possible DoS or crash - Resources...

7AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/15 12:32 a.m.55 views

Zip slip directory exploit in github.com/deislabs/oras

Impact The directory support 55 allows the downloaded gzipped tarballs to be automatically extracted to the user-specified directory where the tarball can have symbolic links and hard links. A well-crafted tarball or tarballs allow malicious artifact providers linking, writing, or overwriting...

7.7CVSS1.9AI score0.01448EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/06 11:13 p.m.55 views

OS Command Injection in Laravel Framework

OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework before 5.8.17...

8.8CVSS8.8AI score0.02523EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/12/16 6:53 p.m.55 views

Vulnerable dependency in XTDB connector

Impact The impacted portion of the XTDB connector is its connectivity to S3 as a backing store: this is the only portion of the connector that uses this vulnerable httpclient dependency. Per the description, the vulnerability regards URIs that may be misinterpreted, which given the area of impact...

5.3CVSS0.4AI score0.08665EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/12/10 5:15 p.m.55 views

Unsafe Deserialization that can Result in Code Execution

JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 is vulnerable to unsafe deserialization that can result in code execution via crafted StreamMessage data...

9.8CVSS9.3AI score0.02844EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/11/10 7:33 p.m.55 views

Overflow/crash in `tf.tile` when tiling tensor is large

Impact If tf.tile is called with a large input argument then the TensorFlow process will crash due to a CHECK-failure caused by an overflow. python import tensorflow as tf import numpy as np tf.keras.backend.tilex=np.ones1,1,1, n=100000000,100000000, 100000000 The number of elements in the output...

5.5CVSS2.2AI score0.0023EPSS
Exploits1References8Affected Software3
Github Security Blog
Github Security Blog
added 2021/11/08 5:54 p.m.55 views

Cross-site Scripting in bootstrap-table

This affects all versions of package bootstrap-table. A type confusion vulnerability can lead to a bypass of input sanitization when the input provided to the escapeHTML function is an array instead of a string even if the escape attribute is set...

6.1CVSS2.7AI score0.02332EPSS
Exploits1References9Affected Software1
Total number of security vulnerabilities5000