Lucene search
K
GithubMost viewed

33227 matches found

Github Security Blog
Github Security Blog
added 2018/08/21 7:3 p.m.55 views

Nokogiri subject to DoS via libxml2 vulnerability

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 as used in nokogiri before 1.6.7.1 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted XML data, a different vulnerability than...

7.1CVSS7AI score0.04537EPSS
Exploits0References23Affected Software1
Github Security Blog
Github Security Blog
added 2018/07/26 3:14 p.m.55 views

Prototype Pollution in lodash

Versions of lodash before 4.17.5 are vulnerable to prototype pollution. The vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of Object via proto causing the addition or modification of an existing property that will exist on al...

6.5CVSS5.3AI score0.02413EPSS
Exploits2References6Affected Software2
Github Security Blog
Github Security Blog
added 2018/07/24 8:11 p.m.55 views

Regular Expression Denial of Service in parsejson

Affected versions of parsejson are vulnerable to a regular expression denial of service when parsing untrusted user input. Recommendation The parsejson package has not been functionally updated since it was initially released. Additionally, it provides functionality which is natively included in...

7.5CVSS4.9AI score0.01508EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.55 views

actionpack vulnerable to Cross-site Scripting

Cross-site scripting XSS vulnerability in the numbertocurrency helper in actionpack/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter...

4.3CVSS5.5AI score0.03171EPSS
Exploits0References18Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.55 views

Rails vulnerable to Cross-site Scripting

There is an XSS vulnerability in the numbertocurrency, numbertopercentage and numbertohuman helpers in Ruby on Rails. This vulnerability has been assigned the CVE identifier CVE-2014-0081. Versions Affected: All. Fixed Versions: 4.1.0.beta2, 4.0.3, 3.2.17. Impact ------ These helpers allows users...

4.3CVSS6AI score0.04032EPSS
Exploits0References12Affected Software2
Github Security Blog
Github Security Blog
added 2025/05/05 9:31 p.m.54 views

BRCC Incorrect Access Control vulnerability

Incorrect access control in the /admin/ API of brcc v1.2.0 allows attackers to gain access to Admin rights via a crafted request...

9.8CVSS6.9AI score0.00365EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/05/05 6:51 p.m.54 views

Keystone has an unintended `isFilterable` bypass that can be used as an oracle to match hidden fields

Summary field.isFilterable access control can be bypassed in update and delete mutations by adding additional unique filters. These filters can be used as an oracle to probe the existence or value of otherwise unreadable fields. Specifically, when a mutation includes a where clause with multiple...

4.3CVSS6.6AI score0.00234EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/03/07 3:16 p.m.54 views

axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL

Summary A previously reported issue in axios demonstrated that using protocol-relative URLs could lead to SSRF Server-Side Request Forgery. Reference: axios/axios6463 A similar problem that occurs when passing absolute URLs rather than protocol-relative URLs to axios has been identified. Even if...

8.7CVSS6.7AI score0.00759EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2025/02/28 5:46 p.m.54 views

IBC-Go has Non-deterministic JSON Unmarshalling of IBC Acknowledgement

Name: ASA-2025-004: Non-deterministic JSON Unmarshalling of IBC Acknowledgement can result in a chain halt Component: IBC-Go Criticality: Critical Considerable Impact; Almost Certain Likelihood per ACMv1.2 Affected versions: IBC-Go = v7; Earlier IBC-Go versions may also be affected. Affected user...

7AI score
Exploits0References4Affected Software8
Github Security Blog
Github Security Blog
added 2025/01/22 6:31 p.m.54 views

Bitbucket Server Integration Plugin allows bypassing CSRF protection for any URL

An extension point in Jenkins allows selectively disabling cross-site request forgery CSRF protection for specific URLs. Bitbucket Server Integration Plugin implements this extension point to support OAuth 1.0 authentication. In Bitbucket Server Integration Plugin 2.1.0 through 4.1.3 both inclusi...

8.8CVSS6.9AI score0.00285EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/11/13 3:31 p.m.54 views

DotNetZip Directory Traversal vulnerability

Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component...

9.8CVSS9.7AI score0.02061EPSS
Exploits0References8Affected Software2
Github Security Blog
Github Security Blog
added 2024/11/06 3:22 p.m.54 views

Symfony vulnerable to command execution hijack on Windows with Process class

Description On Windows, when an executable file named cmd.exe is located in the current working directory it will be called by the Process class when preparing command arguments, leading to possible hijacking. Resolution The Process class now uses the absolute path to cmd.exe. The patch for this...

9.8CVSS3.5AI score0.0043EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2024/10/03 12:30 p.m.54 views

Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader

Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgra...

4.3CVSS6.8AI score0.01241EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/09/10 7:42 p.m.54 views

SAML authentication bypass via Incorrect XPath selector

Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrar...

10CVSS7AI score0.10684EPSS
Exploits3References10Affected Software1
Github Security Blog
Github Security Blog
added 2024/08/18 9:31 p.m.54 views

Flask-CORS allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default, without any configuration option. This behavior can expose private network resources to unauthorized external access, leading to significant security...

7.5CVSS6.7AI score0.00677EPSS
Exploits1References12Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/14 8:13 p.m.54 views

TYPO3 vulnerable to Cross-Site Scripting in the ShowImageController

Problem Failing to properly encode user-controlled values in file entities, the ShowImageController eID txcmsshowpic is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user account with access to file entities. Solution Update to TYPO3 versions 9.5.48...

5.4CVSS5.2AI score0.00502EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/09 9:35 p.m.54 views

Genie Path Traversal vulnerability via File Uploads

Overview Path Traversal Vulnerability via File Uploads in Genie Impact Any Genie OSS users running their own instance and relying on the filesystem to store file attachments submitted to the Genie application may be impacted. Using this technique, it is possible to write a file with any...

9.9CVSS7.5AI score0.24629EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/09 3:13 p.m.54 views

Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service

Important: Exploiting this vulnerability requires the attacker to have access to your Frigate instance, which means they could also just delete all of your recordings or perform any other action. If you have configured authentication in front of Frigate via a reverse proxy, then this vulnerabilit...

6.8CVSS7.1AI score0.00767EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/15 8:21 p.m.54 views

sqlparse parsing heavily nested list leads to Denial of Service

Summary Passing a heavily nested list to sqlparse.parse leads to a Denial of Service due to RecursionError. Details + PoC Running the following code will raise Maximum recursion limit exceeded exception: py import sqlparse sqlparse.parse'' 10000 + '' 10000 We expect a traceback of RecursionError:...

7.5CVSS7.3AI score0.0321EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/10 5:12 p.m.54 views

XWiki Platform: Remote code execution as guest via DatabaseSearch

Impact XWiki's database search allows remote code execution through the search text. This allows remote code execution for any visitor of a public wiki or user of a closed wiki as the database search is by default accessible for all users. This impacts the confidentiality, integrity and...

10CVSS8.7AI score0.3428EPSS
Exploits4References10Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/04 2:20 p.m.54 views

Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect

Impact If an attacker can alter the integrity option passed to fetch, they can let fetch accept requests as valid even if they have been tampered. Patches Fixed in https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3. Fixes has been released in v5.28.4 and v6.11.1...

3.5CVSS6.5AI score0.00803EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2024/03/19 6:30 a.m.54 views

Black vulnerable to Regular Expression Denial of Service (ReDoS)

Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service ReDoS via the lineswithleadingtabsexpanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service. Exploiting thi...

5.3CVSS6.9AI score0.00971EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/06 12:30 p.m.54 views

Apache Axis Improper Input Validation vulnerability

UNSUPPORTED WHEN ASSIGNED Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF. This issue affects Apache Axis through 1.3. As Axis 1 has been EOL, we recommend you migrate to a different SOAP engine, such as Apache Axis...

7.2CVSS6.9AI score0.01213EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2023/11/27 11:17 p.m.54 views

aiohttp's ClientSession is vulnerable to CRLF injection via method

Summary Improper validation makes it possible for an attacker to modify the HTTP request e.g. insert a new header or even create a new HTTP request if the attacker controls the HTTP method. Details The vulnerability occurs only if the attacker can control the HTTP method GET, POST etc. of the...

5.3CVSS4.9AI score0.0094EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/16 6:30 p.m.54 views

Remote Code Execution due to Full Controled File Write in mlflow

The mlflow web server includes tools for tracking experiments, packaging code into reproducible runs, and sharing and deploying models. As this vulnerability allows to write / overwrite any file on the file system, it gives a lot of ways to archive code execution like overwriting /home//.bashrc. ...

10CVSS7.7AI score0.47874EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/14 6:27 p.m.54 views

Label Studio Object Relational Mapper Leak Vulnerability in Filtering Task

Introduction This write-up describes a vulnerability found in Label Studio, a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.9.2post0 and was tested on version 1.8.2. Overview In all current versions of Label Studio, the application allow...

7.5CVSS7AI score0.04055EPSS
Exploits3References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/09 9:30 p.m.54 views

Moodle Cross-site Scripting vulnerability

Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk...

6.5CVSS5.8AI score0.0051EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/06 6:30 p.m.54 views

Mattermost password hash disclosure vulnerability

Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body...

4.9CVSS5AI score0.0051EPSS
Exploits0References6Affected Software4
Github Security Blog
Github Security Blog
added 2023/10/26 11:10 p.m.54 views

Cosmos packet-forward-middleware vulnerable to chain-halt

The Cosmos SDK is used for Inter-Blockchain Communication Protocol IBC applications and middleware. The packet-forward-middleware module is an IBC middleware module built for Cosmos blockchains utilizing the IBC protocol allowing routing of incoming IBC packets from a source chain to a destinatio...

6.8AI score
Exploits0References2Affected Software3
Github Security Blog
Github Security Blog
added 2023/10/25 2:22 p.m.54 views

Werkzeug DoS: High resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning

Werkzeug multipart data parser needs to find a boundary that may be between consecutive chunks. That's why parsing is based on looking for newline characters. Unfortunately, code looking for partial boundary in the buffer is written inefficiently, so if we upload a file that starts with CR or LF...

8CVSS7.1AI score0.01072EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/19 4:8 p.m.54 views

Apollo Router vulnerable to Improper Check or Handling of Exceptional Conditions

Impact The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service DoS type vulnerability which causes the Router to panic and terminate when a multi-part respons...

7.5CVSS6.7AI score0.00726EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/10 6:31 p.m.54 views

Apache Tomcat Incomplete Cleanup vulnerability

Incomplete Cleanup vulnerability in Apache Tomcat. When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recyclin...

5.3CVSS7.4AI score0.0216EPSS
Exploits1References12Affected Software4
Github Security Blog
Github Security Blog
added 2023/09/12 8:15 p.m.54 views

Microsoft Security Advisory CVE-2023-36793: .NET Remote Code Execution Vulnerability

Microsoft Security Advisory CVE-2023-36793: .NET Remote Code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update thei...

7.8CVSS7.3AI score0.01441EPSS
Exploits0References4Affected Software3
Github Security Blog
Github Security Blog
added 2023/08/15 6:31 p.m.54 views

LangChain vulnerable to arbitrary code execution

An issue in langchain langchain-ai before version 0.0.325 allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool.run component...

9.8CVSS9.6AI score0.01267EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/11 10:46 p.m.54 views

Decidim Cross-site Scripting vulnerability in the processes filter

Impact The processes filter feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of...

8.1CVSS6.3AI score0.00736EPSS
Exploits0References8Affected Software2
Github Security Blog
Github Security Blog
added 2023/07/11 10:46 p.m.54 views

Decidim vulnerable to sensitive data disclosure

Note: added the actual report as a comment. Summary Decidim, a platform for digital citizen participation, uses a third-party library named Ransack for filtering certain database collections e.g., public meetings. By default, this library allows filtering on all data attributes and associations...

7.5CVSS6.9AI score0.0125EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2023/07/01 12:30 a.m.54 views

llhttp vulnerable to HTTP request smuggling

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS. The CR character without LF is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only th...

7.5CVSS7.7AI score0.03906EPSS
Exploits1References13Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/14 3:30 p.m.54 views

Langchain OS Command Injection vulnerability

Langchain before v0.0.225 was discovered to contain a remote code execution RCE vulnerability in the component JiraAPIWrapper aka the JIRA API wrapper. This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the "releases/tag" reference, a fix is available...

9.8CVSS10AI score0.01681EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/12 3:30 p.m.54 views

GeoServer RCE due to improper control of generation of code in jai-ext`Jiffle` map algebra language

GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime.exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. RCE in Jiffle The Jiffle map algebra language, provided by jai-ext, allows efficient...

9.8CVSS8.8AI score0.43235EPSS
Exploits0References6Affected Software3
Github Security Blog
Github Security Blog
added 2023/03/30 10:58 p.m.54 views

unpoly-rails Denial of Service vulnerability

There is a possible Denial of Service DoS vulnerability in the unpoly-rails gem that implements the Unpoly server protocol for Rails applications. Impact This issues affects Rails applications that operate as an upstream of a load balancer's that uses passive health checks. The unpoly-rails gem...

7.5CVSS7.2AI score0.01034EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/14 11:1 p.m.54 views

google.golang.org/protobuf vulnerable to panic leading to denial of service

Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic...

7.5CVSS7.4AI score0.01089EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/13 8:52 p.m.54 views

Missing proper state, nonce and PKCE checks for OAuth authentication

Impact next-auth applications using OAuth provider versions before v4.20.1 are affected. A bad actor who can spy on the victim's network or able to social engineer the victim to click a manipulated login link could intercept and tamper with the authorization URL to log in as the victim, bypassing...

8.8CVSS8.3AI score0.00538EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2023/01/27 12:30 p.m.54 views

Path Traversal In Eclipse GlassFish

In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed...

7.5CVSS4.7AI score0.00927EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/01/09 9:55 p.m.54 views

mercurius has Uncaught Exception when using subscriptions

Impact Any users of Mercurius until version v11.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to /graphql. Patches This was patched in https://github.com/mercurius-js/mercurius/pull/940. The patch was released as v11.5.0 and v8.13.2. Workarounds...

7.5CVSS7.1AI score0.01056EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/13 3:30 p.m.54 views

hutool-json stack overflow vulnerability

A stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.java component of hutool-json v5.8.10 allows attackers to cause a Denial of Service DoS via crafted JSON or XML data...

7.5CVSS7.6AI score0.00943EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/11/21 11:58 p.m.54 views

XSS via uploaded gpx file

A malicious content author could upload a GPX file with a Javascript payload. The payload could then be executed by luring a legitimate user to view the file in a browser with support for GPX files. GPX is an XML-based format used to store GPS data. By default, Silverstripe CMS will no longer all...

5.4CVSS5.5AI score0.00516EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/10/26 12:0 p.m.54 views

Insufficient validation when decoding a Socket.IO packet

Due to improper type validation in the socket.io-parser library which is used by the socket.io and socket.io-client packages to encode and decode Socket.IO packets, it is possible to overwrite the placeholder object which allows an attacker to place references to functions at arbitrary places in...

10CVSS0.2AI score0.01121EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2022/10/21 8:32 p.m.54 views

.NET Denial of Service Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0, and .NET CORE 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Microsoft is aware of a Denial of Service...

7.5CVSS0.5AI score0.03306EPSS
Exploits0References12Affected Software12
Github Security Blog
Github Security Blog
added 2022/10/06 7:54 p.m.54 views

SIF's Digital Signature Hash Algorithms Not Validated

Impact The github.com/sylabs/sif/v2/pkg/integrity package does not verify that the hash algorithms used are cryptographically secure when verifying digital signatures. Patches A patch is available in version = v2.8.1 of the module. Users are encouraged to upgrade. The patch is commit...

9.8CVSS7.6AI score0.00477EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2022/09/16 8:28 p.m.54 views

Hyperledger indy-node vulnerable to denial of service

Impact An attacker can max out the number of client connections allowed by the ledger that was deployed using guidance provided in the indy-node repository, leaving the ledger unable to be used for its intended purpose. The ledger content will not be impacted by the attack, and the ledger will...

7.5CVSS7.2AI score0.00959EPSS
Exploits0References6Affected Software1
Total number of security vulnerabilities5000