Lucene search
K
GithubMost viewed

33227 matches found

Github Security Blog
Github Security Blog
added 2021/03/19 9:10 p.m.54 views

Command injection in wc-cmd

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

0.7AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/19 7:42 p.m.54 views

Using default SSLContext for HTTPS requests in an HTTPS proxy doesn't verify certificate hostname for proxy connection

Impact Users who are using an HTTPS proxy to issue HTTPS requests and haven't configured their own SSLContext via proxyconfig. Only the default SSLContext is impacted. Patches urllib3 =1.26.4 has the issue resolved. urllib31.26 is not impacted due to not supporting HTTPS requests via HTTPS proxie...

6.5CVSS2.1AI score0.02109EPSS
Exploits0References16Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/08 8:38 p.m.54 views

Exposure of Sensitive Information to an Unauthorized Actor in Products.PluggableAuthService ZODBRoleManager

Impact What kind of vulnerability is it? Who is impacted? Information disclosure vulnerability - everyone can list the names of roles defined in the ZODB Role Manager plugin if the site uses this plugin. Patches Has the problem been patched? What versions should users upgrade to? The problem has...

6.5CVSS0.6AI score0.01505EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/01 7:52 p.m.54 views

Denial of service in prismjs

The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service ReDoS via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components...

7.5CVSS7.5AI score0.03167EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2021/02/11 8:47 p.m.54 views

XSS in apexcharts

The package apexcharts before 3.24.0 are vulnerable to Cross-site Scripting XSS via lack of sanitization of graph legend fields...

6.3CVSS3.1AI score0.0137EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/12/30 6:35 p.m.54 views

Nokogiri::XML::Schema trusts input by default, exposing risk of XXE vulnerability

Severity Nokogiri maintainers have evaluated this as Low Severity CVSS3 2.6. Description In Nokogiri versions = 1.11.0.rc3, XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the network, potentially enabling XXE or SSRF attacks. Th...

4.3CVSS5.5AI score0.01109EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
added 2020/11/24 10:59 p.m.54 views

datasette-graphql leaks details of the schema of private database files

Impact When running against a Datasette instance with private databases, datasette-graphql would expose the schema of those database tables - but not the table contents. Patches Patched in version 1.2. Workarounds This issue is only present if a Datasette instance that includes private databases...

1.4AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2020/11/24 10:58 p.m.54 views

Denial of service attack due to invalid JSON

Impact A denial of service attack against Matrix clients can be exploited by sending an event including invalid JSON data to Synapse. Synapse would relay the data to clients which could crash or hang. Impact is long-lasting if the event is made part of the room state. Patches At a minimum 8106 an...

7.5CVSS2.2AI score0.02967EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/10/27 8:40 p.m.54 views

Command Injection in systeminformation

Impact command injection vulnerability Patches Problem was fixed with a shell string sanitation fix. Please upgrade to version = 4.26.2 Workarounds If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to is.services, is.inetChecksite, si.inetLatency,...

9.8CVSS3.8AI score0.01407EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/10/19 8:40 p.m.54 views

Ability to switch customer email address on account detail page and stay verified

Impact The user may register in a shop by email [email protected], verify it, change it to the mail [email protected] and stay verified and enabled. This may lead to having accounts addressed to totally different emails, that were verified. Note, that this way one is not able to take over any...

4.3CVSS1.2AI score0.0062EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/10/19 8:2 p.m.54 views

Unprotected dynamically loaded chunks

Impact All dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their integrity. This removes the additional level of protection offered by SRI for such chunks. Top-level chunks are unaffected. Patches This issue is...

5CVSS1.9AI score0.00517EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/25 6:28 p.m.54 views

Segfault and data corruption in tensorflow-lite

Impact To mimic Python's indexing with negative values, TFLite uses ResolveAxis to convert negative values to positive indices. However, the only check that the converted index is now valid is only present in debug builds:...

9CVSS2.1AI score0.01227EPSS
Exploits1References9Affected Software3
Github Security Blog
Github Security Blog
added 2020/09/25 6:28 p.m.54 views

Heap buffer overflow in Tensorflow

Impact The SparseCountSparseOutput and RaggedCountSparseOutput implementations don't validate that the weights tensor has the same shape as the data. The check exists for DenseCountSparseOutput, where both tensors are fully specified:...

9.9CVSS1.2AI score0.00902EPSS
Exploits1References8Affected Software3
Github Security Blog
Github Security Blog
added 2020/09/04 5:54 p.m.54 views

Command Injection in traceroute

All versions of traceroute are vulnerable to Command Injection. The package fails to sanitize input and passes it directly to an exec call, which may allow attackers to execute arbitrary code in the system. The trace function is vulnerable and can be abused if the host value is controlled by an...

5.7AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/02 5:29 p.m.54 views

RCE in Symfony

Description ----------- The CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially written with surroga...

8.8CVSS1.2AI score0.03043EPSS
Exploits0References11Affected Software2
Github Security Blog
Github Security Blog
added 2020/09/01 6:57 p.m.54 views

Tracking Module in botbait

The module botbait is a tool to be used to track bot and automated tools usage with-in the npm ecosystem. botbait is known to record and track user information. The module tracks the following information. - Source IP - process.versions - process.platform - How the module was invoked test, requir...

5.3CVSS3.1AI score0.0088EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/01 4:42 p.m.54 views

Cross-Site Scripting in yui

Affected versions of yui are vulnerable to cross-site scripting in the uploader.swf and io.swf utilities, via script injection in the url. Recommendation YUI has published their recommendation to fix this issue. Their recommendation is to: - Delete self-hosted copies of these files if you are not...

4.3CVSS2.5AI score0.01492EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/01 4:3 p.m.54 views

Local Privilege Escalation in npm

Affected versions of npm use predictable temporary file names during archive unpacking. If an attacker can create a symbolic link at the location of one of these temporary file names, the attacker can arbitrarily write to any file that the user which owns the npm process has permission to write t...

3.3CVSS3.7AI score0.00372EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/16 10:8 p.m.54 views

Cross-site Scripting in Sanitize

When HTML is sanitized using Sanitize's "relaxed" config or a custom config that allows certain elements, some content in a or element may not be sanitized correctly even if math and svg are not in the allowlist. You are likely to be vulnerable to this issue if you use Sanitize's relaxed config o...

7.3CVSS0.1AI score0.01853EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/03 10:2 p.m.54 views

Arbitrary File Read in Snyk Broker

All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json...

6.5CVSS3.7AI score0.0113EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/04/15 9:9 p.m.54 views

Predictable password in Keycloak

A flaw was found in all versions of the Keycloak operator, before version 8.0.2,community only where the operator generates a random admin password when installing Keycloak, however the password remains the same when deployed to the same OpenShift namespace...

9.8CVSS3.1AI score0.01281EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2020/04/15 9:7 p.m.54 views

XSS injection in the Grid component of Sylius

Grid component of Sylius omits HTML input sanitisation while rendering object implementing toString method through the string field type...

4.8CVSS1AI score0.00552EPSS
Exploits0References5Affected Software3
Github Security Blog
Github Security Blog
added 2020/03/10 6:2 p.m.54 views

Improper Authentication in requests-kerberos

python-requests-Kerberos through 0.5 does not handle mutual authentication...

9.8CVSS9.1AI score0.03615EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2020/02/11 8:36 p.m.54 views

SQL injection in Centreon

SQL injection vulnerabilities in Centreon through 19.04 allow attacks via the svcid parameter in include/monitoring/status/Services/xml/makeXMLForOneService.php...

9.8CVSS5AI score0.01598EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/01/30 9:0 p.m.54 views

Cross-Site Scripting in node-red

Versions of node-red prior to 0.20.8are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize the name field in new Flows, allowing attackers to execute arbitrary JavaScript in the victim's browser. Recommendation Upgrade to version 0.18.6 or later...

5.4CVSS4.6AI score0.00644EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2019/06/07 8:56 p.m.54 views

Code Injection in PyXDG

A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDGCONFIGDIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in...

7.5CVSS3.6AI score0.02105EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2019/01/04 5:45 p.m.54 views

PyYAML insecurely deserializes YAML strings leading to arbitrary code execution

In PyYAML before 5.1, the yaml.load API could execute arbitrary code. In other words, yaml.safeload is not used. This was intended to be fixed in 4.1, but due to breaking changes, 4.1 was yanked and 5.1 contains the patch for CVE-2017-18342...

9.8CVSS7.1AI score0.06031EPSS
Exploits1References14Affected Software1
Github Security Blog
Github Security Blog
added 2018/11/21 10:24 p.m.54 views

Incorrect Permission Assignment for Critical Resource in Apache hive

In Apache Hive 2.1.0 to 2.3.2, when 'COPY FROM FTP' statement is run using HPL/SQL extension to Hive, a compromised/malicious FTP server can cause the file to be written to an arbitrary location on the cluster where the command is run from. This is because FTP client code in HPL/SQL does not veri...

4.3CVSS1AI score0.0178EPSS
Exploits0References3Affected Software3
Github Security Blog
Github Security Blog
added 2018/10/17 8:28 p.m.54 views

Spring Framework has Improperly Implemented Security Check for Standard

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

9.8CVSS9.4AI score0.77245EPSS
Exploits5References18Affected Software1
Github Security Blog
Github Security Blog
added 2018/08/21 7:3 p.m.54 views

Nokogiri subject to DoS via libxml2 vulnerability

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 as used in nokogiri before 1.6.7.1 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted XML data, a different vulnerability than...

7.1CVSS7AI score0.04537EPSS
Exploits0References23Affected Software1
Github Security Blog
Github Security Blog
added 2018/07/13 3:16 p.m.54 views

Code injection in ansible

An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability...

7.8CVSS5AI score0.02967EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.54 views

Action Pack contains database-query restrictions bypass

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 2.3.16, 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to...

6.4CVSS7.4AI score0.046EPSS
Exploits1References13Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.54 views

Puppet Improper Input Validation vulnerability

Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call...

7.5CVSS7.2AI score0.03408EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.54 views

actionpack vulnerable to Cross-site Scripting

Cross-site scripting XSS vulnerability in the numbertocurrency helper in actionpack/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter...

4.3CVSS5.5AI score0.03171EPSS
Exploits0References18Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 9:38 p.m.53 views

Istio: SSRF via RequestAuthentication jwksUri

Impact When a RequestAuthentication resource is created with a jwksUri pointing to an internal service, istiod makes an unauthenticated HTTP GET request to that URL without filtering out localhost or link local ips. This can result in sensitive data being distributed to Envoy proxies via xDS...

7.7CVSS5.8AI score0.00329EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/17 2:7 p.m.53 views

SiYuan Vulnerable to Arbitrary File Read in Desktop Publish Service

Summary In SiYuan, /api/lute/html2BlockDOM on the desktop copies local files pointed to by file:// links in pasted HTML into the workspace assets directory without validating paths against a sensitive-path list. Together with GET /assets/path, which only requires authentication, a publish-service...

9.9CVSS5.8AI score0.00414EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/12 2:48 p.m.53 views

Traefik: HTTP/2 frames can cause a running server to panic

Summary More Details: - https://nvd.nist.gov/vuln/detail/CVE-2026-27141 - https://pkg.go.dev/golang.org/x/net/http2?tab=versions Patches - https://github.com/traefik/traefik/releases/tag/v3.6.10 - https://github.com/traefik/traefik/releases/tag/v2.11.40 For more information If you have any...

7.5CVSS5.8AI score0.00501EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/01/28 3:20 p.m.53 views

Next.js has Unbounded Memory Consumption via PPR Resume Endpoint

A denial of service vulnerability exists in Next.js versions with Partial Prerendering PPR enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the Next-Resume: 1 header and processes attacker-controlled postponed state data. Two closely related...

7.5CVSS5.9AI score0.00363EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/12/16 7:33 p.m.53 views

ASA-2024-0012, ASA-2024-0013: CosmosSDK: Transaction decoding may result in a stack overflow or resource exhaustion

Summary ASA-2024-0012 Name: ASA-2024-0012, Transaction decoding may result in a stack overflow Component: Cosmos SDK Criticality: High Considerable Impact, and Possible Likelihood per ACMv1.2 Affected versions: cosmos-sdk versions = v0.50.10, = v0.47.14 Affected users: Chain Builders + Maintainer...

7.1AI score
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2024/11/17 12:30 p.m.53 views

Debezium database connector has a script injection vulnerability

A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a parameter that may allow the viewing of unauthorized data...

5.9CVSS6.8AI score0.0038EPSS
Exploits0References5Affected Software3
Github Security Blog
Github Security Blog
added 2024/05/29 3:25 p.m.53 views

Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability

The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver startup fails and the part of the password following the...

3.3CVSS7.2AI score0.00275EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/01 4:40 p.m.53 views

Yamux Memory Exhaustion Vulnerability via Active::pending_frames property

Summary Attack scenario The Rust implementation of the Yamux stream multiplexer uses a vector for pending frames. This vector is not bounded in length. Every time the Yamux protocol requires sending of a new frame, this frame gets appended to this vector. This can be remotely triggered in a numbe...

7.5CVSS7AI score0.00761EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/24 9:35 p.m.53 views

Heketi Arbitrary Code Execution

A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation...

9CVSS6.9AI score0.05495EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/16 9:13 p.m.53 views

CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential

Summary The revocation schema that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model, allowing a malicious holder of a revoked credential to generate a valid Non-Revocation Proof for that...

8.1CVSS6.3AI score0.00276EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2023/11/20 9:30 a.m.53 views

Apache Derby: LDAP injection vulnerability in authenticator

A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also allow the attacker to execute malware which was...

9.8CVSS7.5AI score0.01418EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/09 9:30 p.m.53 views

Moodle Cross-site Scripting vulnerability

Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk...

6.5CVSS5.8AI score0.0051EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/25 9:30 p.m.53 views

Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation

A security issue was identified in ingress-nginx where the nginx.ingress.kubernetes.io/permanent-redirect annotation on an Ingress object in the networking.k8s.io or extensions API group can be used to inject arbitrary commands, and obtain the credentials of the ingress-nginx controller. In the...

8.8CVSS8AI score0.56568EPSS
Exploits2References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/10 9:31 p.m.53 views

Apache Tomcat Improper Input Validation vulnerability

Improper Input Validation vulnerability in Apache Tomcat. Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomc...

5.3CVSS7.4AI score0.05848EPSS
Exploits2References12Affected Software3
Github Security Blog
Github Security Blog
added 2023/10/04 2:46 p.m.53 views

Zod denial of service vulnerability during email validation

Impact API servers running express-zod-api having: - version of express-zod-api below 10.0.0-beta1, - and using the following or similar validation schema in its implementation: z.string.email, are vulnerable to a DoS attack due to: - Inefficient Regular Expression Complexity in zod versions up t...

7.5CVSS6.7AI score0.00764EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/03 9:54 p.m.53 views

Presto JDBC Server-Side Request Forgery by redirect

Summary Presto JDBC is vulnerable to Server-Side Request Forgery SSRF when connecting a remote Presto server. An attacker can construct a redirect response that Presto JDBC client will follow and view sensitive information from highly sensitive internal servers or perform a local port scan. Detai...

7AI score
Exploits0References2Affected Software1
Total number of security vulnerabilities5000