Lucene search
K
GithubMost viewed

33122 matches found

Github Security Blog
Github Security Blog
added 2020/09/03 7:39 p.m.213 views

Command Injection in marsdb

All versions of marsdb are vulnerable to Command Injection. In the DocumentMatcher class, selectors on $where clauses are passed to a Function constructor unsanitized. This allows attackers to run arbitrary commands in the system when the function is executed. Recommendation No fix is currently...

6.4AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/11/18 6:30 a.m.212 views

Spring MVC controller vulnerable to a DoS attack

Spring MVC controller methods with an @RequestBody byte method parameter are vulnerable to a DoS attack...

5.3CVSS6.7AI score0.00729EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/10 7:16 p.m.212 views

Prototype pollution in grpc and @grpc/grpc-js

"The package grpc before 1.24.4 and the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition."...

9.8CVSS8.5AI score0.03554EPSS
Exploits0References10Affected Software2
Github Security Blog
Github Security Blog
added 2021/02/26 5:28 p.m.212 views

Open redirects on some federation and push requests

Impact Requests to user provided domains were not restricted to external IP addresses when calculating the key validity for third-party invite events and sending push notifications. This could cause Synapse to make requests to internal infrastructure. The type of request was not controlled by the...

6.1CVSS1.4AI score0.01809EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/29 12:30 p.m.211 views

logback serialization vulnerability

A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html...

7.5CVSS7AI score0.009EPSS
Exploits0References10Affected Software2
Github Security Blog
Github Security Blog
added 2021/08/12 8:42 p.m.211 views

Clipboard-based DOM-XSS

Impact A self Cross-Site Scripting vulnerability exists in the @github/paste-markdown library. If the clipboard data contains the string , a div is dynamically created, and the clipboard content is copied into its innerHTML property without any sanitization, resulting in improper execution of...

6.5CVSS6AI score0.0166EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/07 12:0 a.m.210 views

JMESPath for Ruby uses unsafe JSON.load when safe JSON.parse is preferable

jmespath.rb aka JMESPath for Ruby before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable...

9.8CVSS8.9AI score0.02131EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2022/04/15 12:0 a.m.210 views

Improper handling of case sensitivity in Spring Framework

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the fiel...

5.3CVSS2.9AI score0.05666EPSS
Exploits2References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/02/21 6:55 p.m.209 views

HTTP Request Smuggling in Netty

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header...

9.1CVSS1.4AI score0.13474EPSS
Exploits1References57Affected Software3
Github Security Blog
Github Security Blog
added 2026/04/06 6:3 p.m.208 views

Vite: `server.fs.deny` bypassed with queries

Summary The contents of files that are specified by server.fs.deny can be returned to the browser. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - the sensitive file exists in th...

8.2CVSS5.9AI score0.02095EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/27 12:1 a.m.207 views

Withdrawn Advisory: NULL Pointer Dereference in Protocol Buffers

Withdrawn Advisory This advisory has been withdrawn because the protobuf vulnerability comes from the compiler rather that the code. This link is maintained to preserve external references. Original Description Nullptr dereference when a null char is present in a proto symbol. The symbol is parse...

6.5CVSS6.6AI score0.0266EPSS
Exploits0References14Affected Software5
Github Security Blog
Github Security Blog
added 2022/01/12 8:7 p.m.207 views

Arbitrary expression injection in Pillow

PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method ImageMath.eval"execexit". While Pillow 9.0.0 restricted top-level builtins available to PIL.ImageMath.eval, it did not prevent builtins available to lambda expression...

9.8CVSS9AI score0.03399EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2021/02/26 2:11 a.m.207 views

`aiohttp` Open Redirect vulnerability (`normalize_path_middleware` middleware)

Impact Open redirect vulnerability — a maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the aiohttp.webmiddlewares.normalizepathmiddleware middleware. Patches This security problem has been fixed in v3.7.4. Upgrade...

6.1CVSS5AI score0.01905EPSS
Exploits0References13Affected Software1
Github Security Blog
Github Security Blog
added 2021/02/17 7:50 p.m.207 views

Dynamic modification of RPyC service due to missing security check

Impact Version 4.1.0 of RPyC has a vulnerability that affects custom RPyC services making it susceptible to authenticated remote attacks. Patches Git commits between September 2018 and October 2019 and version 4.1.0 are vulnerable. Use a version of RPyC that is not affected. Workarounds The commi...

7.5CVSS0.4AI score0.13049EPSS
Exploits2References7Affected Software1
Github Security Blog
Github Security Blog
added 2019/04/16 3:50 p.m.207 views

SQLAlchemy vulnerable to SQL Injection via order_by parameter

SQLAlchemy before 1.3.0b3 allows SQL Injection via the orderby parameter. The fix commit 30307c4 was applied only to the main branch and was never backported to the 1.2.x release line; all 1.2.x versions remain vulnerable...

9.8CVSS8.6AI score0.03525EPSS
Exploits2References13Affected Software1
Github Security Blog
Github Security Blog
added 2024/09/10 3:52 p.m.206 views

body-parser vulnerable to denial of service when url encoding is enabled

Impact body-parser 1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. Patches this issue is patched in 1.20.3 References...

7.5CVSS6.5AI score0.00824EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/02 4:41 p.m.206 views

tj-actions/changed-files has Potential Actions command injection in output filenames (GHSL-2023-271)

Summary The tj-actions/changed-files workflow allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. Details The changed-files action returns a list of files changed in a commit or pull request which provides an escapejson...

9.8CVSS8.4AI score0.03351EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/02 7:18 p.m.205 views

Cross-site scripting (XSS) from field and configuration text displayed in the Panel

On Saturday, @hdodov reported that the Panel's ListItem component used in the pages and files section for example displayed HTML in page titles as it is. This could be used for cross-site scripting XSS attacks. We used his report as an opportunity to find and fix XSS issues related to dynamic sit...

7.1CVSS0.2AI score0.00532EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/02/21 6:55 p.m.204 views

HTTP Request Smuggling in Netty

Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace such as a spaceTransfer-Encoding:chunked line and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869...

7.5CVSS0.8AI score0.03617EPSS
Exploits1References22Affected Software1
Github Security Blog
Github Security Blog
added 2019/07/10 7:45 p.m.204 views

Prototype Pollution in lodash

Versions of lodash before 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep allows a malicious user to modify the prototype of Object via constructor: prototype: ... causing the addition or modification of an existing property that will exist on all objects. Recommendation...

9.1CVSS8.7AI score0.05006EPSS
Exploits2References11Affected Software5
Github Security Blog
Github Security Blog
added 2022/01/21 11:26 p.m.203 views

SQL Injection in Log4j 1.2.x

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings...

9.8CVSS2.7AI score0.66537EPSS
Exploits1References8Affected Software2
Github Security Blog
Github Security Blog
added 2020/06/05 2:15 p.m.203 views

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender prior to version 2.13.2. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender...

4.3CVSS3.6AI score0.08096EPSS
Exploits0References90Affected Software2
Github Security Blog
Github Security Blog
added 2024/05/23 2:11 p.m.202 views

iFrames Bypass Origin Checks for Tauri API Access Control

Impact Remote origin iFrames in Tauri applications can access the Tauri IPC endpoints without being explicitly allowed in the dangerousRemoteDomainIpcAccess in v1 and in the capabilities in v2. This bypasses the origin check and allows iFrames to access the IPC endpoints exposed to the parent...

5.9CVSS7.4AI score0.00349EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/11/15 5:45 p.m.202 views

Improper Input Validation in pip

A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1...

5.7CVSS6.3AI score0.01687EPSS
Exploits2References11Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/04 7:10 p.m.202 views

Reflected XSS when using flashMessages or languageDictionary

Overview Versions before and including 11.30.0 are vulnerable to reflected XSS. An attacker can execute arbitrary code when the library's - flashMessage feature is utilized and user input or data from URL parameters is incorporated into the flashMessage. - languageDictionary feature is utilized a...

8.1CVSS2.4AI score0.01539EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/23 1:54 a.m.202 views

Cross-Site Scripting in Content Preview (CType menu)

Problem It has been discovered that content elements of type menu are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability. Solution Update to TYPO3 versions 7.6.51, 8.7.40, 9.5.25,...

5.4CVSS5.2AI score0.00872EPSS
Exploits0References7Affected Software3
Github Security Blog
Github Security Blog
added 2024/01/16 3:24 p.m.201 views

avo vulnerable to stored cross-site scripting (XSS) in key_value field

Summary A stored cross-site scripting XSS vulnerability was found in the keyvalue field of Avo v3.2.3. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the victim's browser. Details The value of the keyvalue is inserted directly into the HTML code. In the current...

7.3CVSS7AI score0.00745EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/23 1:53 a.m.201 views

Unrestricted File Upload in Form Framework

Problem Due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default fileDenyPattern successfully blocked files like .htaccess or malicious.php. TYPO3 Extbase extensions, which implement ...

8.6CVSS1AI score0.01631EPSS
Exploits0References7Affected Software3
Github Security Blog
Github Security Blog
added 2025/04/21 9:55 p.m.200 views

Nokogiri updates packaged libxml2 to v2.13.8 to resolve CVE-2025-32414 and CVE-2025-32415

Summary Nokogiri v1.18.8 upgrades its dependency libxml2 to v2.13.8. libxml2 v2.13.8 addresses: - CVE-2025-32414 - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/889 - CVE-2025-32415 - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/890 Impact CVE-2025-32414: No impact ...

7.5CVSS7.1AI score0.00559EPSS
Exploits2References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/06 5:36 p.m.199 views

Gerapy may cause remote code execution

Impact projectconfigure function exist remote code execute in Gerapy 0.9.8 Patches Patched in version 0.9.8, please install with: pip3 install -U gerapy...

9.8CVSS9.1AI score0.55331EPSS
Exploits7References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/07 10:10 p.m.199 views

Uncontrolled Resource Consumption in trim-newlines

@rkesters/gnuplot is an easy to use node module to draw charts using gnuplot and ps2pdf. The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service ReDoS for the .end method...

7.5CVSS7.5AI score0.02901EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 3:31 p.m.198 views

PostCSS has XSS via Unescaped </style> in its CSS Stringify Output

PostCSS: XSS via Unescaped in CSS Stringify Output Summary PostCSS v8.5.5 latest does not escape sequences when stringifying CSS ASTs. When user-submitted CSS is parsed and re-stringified for embedding in HTML tags, in CSS values breaks out of the style context, enabling XSS. Proof of Concept...

6.1CVSS5.3AI score0.00205EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/06 2:21 p.m.198 views

Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domain

The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it...

7.5CVSS7.6AI score0.03397EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/17 2:37 a.m.197 views

Traefik vulnerable to HTTP/2 request causing denial of service

Impact A vulnerability CVE-2023-39325 exists in Go managing HTTP/2 requests, which impacts Traefik. This vulnerability could be exploited to cause a denial of service. References - CVE-2023-44487 - CVE-2023-39325 Patches - https://github.com/traefik/traefik/releases/tag/v2.10.5 -...

7.5CVSS7AI score0.03796EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/06 8:32 p.m.197 views

Sandbox Bypass in Apache Velocity Engine

An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache...

9CVSS6.8AI score0.22709EPSS
Exploits0References26Affected Software2
Github Security Blog
Github Security Blog
added 2021/12/14 9:7 p.m.197 views

Apache Log4j Remote Code Execution

Impact Opencast uses an Apache Log4j2 version which, combined with older JDK versions, can be used for remote code execution attacks which have been found to be actively exploited. Apache Log4j2 =2.14.1 JNDI features is not sufficiently protected. An attacker who can control log messages or log...

10CVSS4.4AI score0.99999EPSS
Exploits351References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/01 5:1 p.m.197 views

Remote Code Execution Vulnerability in Session Storage

Impact A malicious attacker can achieve Remote Code Execution RCE via a maliciously crafted Java deserialization gadget chain leveraged against the Ratpack session store. If your application does not use Ratpack's session mechanism, it is not vulnerable. Details Attackers with the ability to writ...

9.9CVSS0.5AI score0.01973EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/12/03 8:37 p.m.194 views

Withdrawn: Arbitrary code execution in lodash

Withdrawn GitHub has chosen to publish this CVE as a withdrawn advisory due to it not being a security issue. See this issue for more details. CVE description " DISPUTED A command injection vulnerability in Lodash 4.17.21 allows attackers to achieve arbitrary code execution via the template...

3.8AI score0.2241EPSS
Exploits2References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/01/24 3:36 p.m.193 views

ReDoS Vulnerability in ua-parser-js version

Description: A regular expression denial of service ReDoS vulnerability has been discovered in ua-parser-js. Impact: This vulnerability bypass the library's MAXLENGTH input limit prevention. By crafting a very-very-long user-agent string with specific pattern, an attacker can turn the script to g...

7.5CVSS7.9AI score0.01725EPSS
Exploits2References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/11/08 11:0 p.m.193 views

.NET Information Disclosure Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET, .NET Core and .NET Framework's System.Data.SqlClient and Microsoft.Data.SqlClient NuGet Packages. A vulnerability exists in System.Data.SqlClient and Microsoft.Data.SqlClient libraries where a...

5.8CVSS6.4AI score0.00747EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2021/06/18 7:31 p.m.193 views

Passing in a non-string 'html' argument can lead to unsanitized output

A type-confusion vulnerability can cause striptags to concatenate unsanitized strings when an array-like object is passed in as the html parameter. This can be abused by an attacker who can control the shape of their input, e.g. if query parameters are passed directly into the function. Impact XS...

5.3CVSS1.6AI score0.01079EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2019/10/17 6:15 p.m.193 views

Out-of-Memory Error in Bouncy Castle Crypto

The ASN.1 parser in Bouncy Castle Crypto aka BC Java 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64...

7.5CVSS5.3AI score0.08878EPSS
Exploits0References18Affected Software1
Github Security Blog
Github Security Blog
added 2024/09/23 10:5 p.m.192 views

Duplicate Advisory: Camaleon CMS vulnerable to remote code execution through code injection (GHSL-2024-185)

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7x4w-cj9r-h4v9. This link is maintained to preserve external references. Original Description The actions defined inside of the MediaController class do not check whether a given path is inside a certain path e....

7.3AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/18 5:55 p.m.192 views

Authentication Bypass in keycloak

A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API. This flaw allows an attacker to change its own NameID attribute to impersonate the admin user for any particular application...

4.9CVSS5AI score0.00572EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/12 4:35 p.m.191 views

SQL Injection and Cross-site Scripting in class-validator

In TypeStack class-validator, validate input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name. Even though there is an optional forbidUnknownValues parameter that can be used to reduce the risk of this bypass, this option is not documented a...

9.8CVSS3.6AI score0.01987EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/12/17 3:30 a.m.189 views

Xnx3 Wangmarket Cross-Site Scripting vulnerability

A vulnerability was found in xnx3 wangmarket 6.1. It has been rated as critical. Affected by this issue is some unknown functionality of the component Role Management Page. The manipulation leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public...

9.8CVSS7.7AI score0.00851EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2019/12/06 11:20 p.m.189 views

Cross-Site Scripting in serialize-to-js

Versions of serialize-to-js prior to 3.0.1 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize serialized regular expressions. This vulnerability does not affect Node.js applications. Recommendation Upgrade to version 3.0.1 or later...

6.1CVSS3.7AI score0.00646EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2019/11/29 5:5 p.m.189 views

2FA bypass in Wagtail through new device path

2FA bypass through new device path Impact If someone gains access to someone's Wagtail login credentials, they can log into the CMS and bypass the 2FA check by changing the URL. They can then add a new device and gain full access to the CMS. Patches This problem has been patched in version 1.3.0...

8.8CVSS2AI score0.01162EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/10/06 5:46 p.m.187 views

Context isolation bypass in Electron

Impact Apps using both contextIsolation and sandbox: true are affected. Apps using both contextIsolation and nativeWindowOpen: true are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context an...

6.8CVSS3.7AI score0.00683EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2019/12/20 11:3 p.m.187 views

HTTP Request Smuggling: LF vs CRLF handling in Waitress

Impact Waitress implemented a "MAY" part of the RFC7230 https://tools.ietf.org/html/rfc7230section-3.5 which states: Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR...

7.5CVSS0.1AI score0.02714EPSS
Exploits1References11Affected Software1
Total number of security vulnerabilities5000