Lucene search
K
GithubMost viewed

33227 matches found

Github Security Blog
Github Security Blog
added 2021/05/21 2:28 p.m.53 views

Heap OOB write in TFLite

Impact A specially crafted TFLite model could trigger an OOB write on heap in the TFLite implementation of ArgMin/ArgMax: cc TfLiteIntArray outputdims = TfLiteIntArrayCreateNumDimensionsinput - 1; int j = 0; for int i = 0; i dataj = SizeOfDimensioninput, i; ++j; If axisvalue is not a value betwee...

7.8CVSS1.2AI score0.00201EPSS
Exploits1References8Affected Software3
Github Security Blog
Github Security Blog
added 2021/05/21 2:26 p.m.53 views

Stack overflow due to looping TFLite subgraph

Impact TFlite graphs must not have loops between nodes. However, this condition was not checked and an attacker could craft models that would result in infinite loop during evaluation. In certain cases, the infinite loop would be replaced by stack overflow due to too many recursive calls. For...

7.8CVSS0.8AI score0.00262EPSS
Exploits1References9Affected Software3
Github Security Blog
Github Security Blog
added 2021/05/21 2:26 p.m.53 views

Heap buffer overflow in `MaxPool3DGradGrad`

Impact The implementation of tf.rawops.MaxPool3DGradGrad is vulnerable to a heap buffer overflow: python import tensorflow as tf values = 0.01 11 originput = tf.constantvalues, shape=11, 1, 1, 1, 1, dtype=tf.float32 origoutput = tf.constant0.01, shape=1, 1, 1, 1, 1, dtype=tf.float32 grad =...

7.8CVSS1.1AI score0.00211EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
added 2021/05/17 8:57 p.m.53 views

Prototype Pollution in deep-override

Prototype pollution vulnerability in 'deep-override' versions 1.0.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution...

9.8CVSS6.8AI score0.03337EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/07 4:6 p.m.53 views

Improper Input Validation in Google Closure Library

A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation -- update your library to version v20200315...

6.5CVSS6.1AI score0.00524EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/07 4:6 p.m.53 views

Path Traversal in marscode

This affects all versionsup to and including version 1.0.1-0 of package marscode. There is no path sanitization in the path provided at fs.readFile in index.js...

7.5CVSS7.3AI score0.01738EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/06 6:27 p.m.53 views

Command injection in bestzip

The package bestzip before 2.1.7 are vulnerable to Command Injection via the options param...

9.8CVSS9.3AI score0.03145EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/06 6:25 p.m.53 views

Code injection in mock2easy

This affects all versions up to and including version 0.0.24 of package mock2easy. a malicious user could inject commands through the data variable: Affected Area js require'../server/getJsonByCurl'mock2easy, functionerror, stdout if error return res.json500, error; res.jsonJSON.parsestdout; , ''...

9.8CVSS8.9AI score0.02044EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/06 5:29 p.m.53 views

Prototype Pollution in property-expr

The package property-expr before 2.0.3 are vulnerable to Prototype Pollution via the setter function...

9.8CVSS8.9AI score0.03376EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/19 2:53 p.m.53 views

Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11

Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2 allows attacker to update element property values via crafted synchronization message. - https://vaadin.com/security/cve-2018-25007...

4.3CVSS3.6AI score0.00574EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/19 2:49 p.m.53 views

Regular expression denial of service (ReDoS) in EmailValidator class in Vaadin 7

Unsafe validation RegEx in EmailValidator class in com.vaadin:vaadin-server versions 7.0.0 through 7.7.21 Vaadin 7.0.0 through 7.7.21 allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses. - https://vaadin.com/security/cve-2020-36320...

7.5CVSS7.2AI score0.01956EPSS
Exploits1References6Affected Software2
Github Security Blog
Github Security Blog
added 2021/04/19 2:48 p.m.53 views

Reflected cross-site scripting in default RouteNotFoundError view in Vaadin 10 and 11-13

Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 Vaadin 10.0.0 through 10.0.13, and 1.1.0 through 1.4.2 Vaadin 11.0.0 through 13.0.5 allows attacker to execute malicious JavaScript via crafted URL. -...

6.1CVSS4.4AI score0.00668EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/13 3:41 p.m.53 views

Remote code execution in mongo-express

mongo-express before 1.0.0 offers support for certain advanced syntax but implements this in an unsafe way. NOTE: this may overlap CVE-2019-10769...

9.8CVSS8.9AI score0.74519EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/07 9:5 p.m.53 views

bottle HTTP Request smuggling

The package bottle before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with default...

6.8CVSS6.3AI score0.01837EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/07 8:33 p.m.53 views

Insertion of Sensitive Information into Log File, Invocation of Process Using Visible Sensitive Information, and Exposure of Sensitive Information to an Unauthorized Actor in Ansible

A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl...

5.5CVSS6.1AI score0.00506EPSS
Exploits1References14Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/06 5:24 p.m.53 views

Arbitrary Command Injection in portprocesses

Impact An Arbitrary Command Injection vulnerability was reported in portprocesses impacting versions = 1.0.4. Example Proof of Concept The following example demonstrates the vulnerability and will run touch success therefore creating a file named success. js const portprocesses =...

8.8CVSS2.3AI score0.0182EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/29 8:59 p.m.53 views

Chakra Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...

7.6CVSS6.7AI score0.02403EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/29 4:35 p.m.53 views

Regular Expression Denial of Service (ReDoS) in Pillow

An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS ReDoS attack via a crafted PDF file because of a catastrophic backtracking regex...

6.5CVSS5.2AI score0.01635EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/12 11:9 p.m.53 views

Authenticated remote code execution

Impact Authenticated remote code execution using plugin manager without ACL permissions. Patches We recommend to update to the current version 6.3.5.2. You can get the update to 6.3.5.2 regularly via the Auto-Updater or directly via the download overview...

3.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/12 11:9 p.m.53 views

Potential Session Hijacking

Impact Potential session hijacking of store customers. Patches We recommend to update to the current version 6.3.5.2. You can get the update to 6.3.5.2 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/shopware-6 Workarounds For older...

7.5CVSS2.6AI score0.00877EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/01/29 8:51 p.m.53 views

Steam Socialite Provider v1 does not correctly validate openid server

Impact The outdated version 1 of the Steam Socialite Provider doesn't check properly if the login comes from steamcommunity.com, allowing a malicious actor to substitute their own openID server. Patches This vulnerability only affects the outdated v1.x versions of the package. These are no longer...

3.1AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/01/29 6:12 p.m.53 views

Path Traversal in the Java Kubernetes Client

Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process...

9.1CVSS8.3AI score0.03545EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2020/12/30 11:40 p.m.53 views

Hostname spoofing via backslashes in URL

Impact If using affected versions to determine a URL's hostname, the hostname can be spoofed by using a backslash \ character followed by an at @ character. If the hostname is used in security decisions, the decision may be incorrect. Depending on library usage and attacker intent, impacts may...

6.5CVSS6.5AI score0.0169EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/12/09 7:3 p.m.53 views

Information Disclosure in Apache Groovy

Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the...

5.5CVSS3.3AI score0.0105EPSS
Exploits0References16Affected Software2
Github Security Blog
Github Security Blog
added 2020/11/24 10:59 p.m.53 views

datasette-graphql leaks details of the schema of private database files

Impact When running against a Datasette instance with private databases, datasette-graphql would expose the schema of those database tables - but not the table contents. Patches Patched in version 1.2. Workarounds This issue is only present if a Datasette instance that includes private databases...

1.4AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2020/11/23 7:48 p.m.53 views

Twig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled.

Impact An authenticated backend user with the cms.managepages, cms.managelayouts, or cms.managepartials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to cms.enableSafeMode being enabled is able to write specific Twig code to escape the Twig...

5.2CVSS1.4AI score0.0029EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/25 6:28 p.m.53 views

Data corruption in tensorflow-lite

Impact When determining the common dimension size of two tensors, TFLite uses a DCHECK which is no-op outside of debug compilation modes: https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/lite/kernels/internal/types.hL437-L442 Since the function...

9.8CVSS0.8AI score0.00893EPSS
Exploits1References9Affected Software3
Github Security Blog
Github Security Blog
added 2020/09/11 3:19 p.m.53 views

XSS in Action View

There is a potential Cross-Site Scripting XSS vulnerability in Action View's translation helpers. Views that allow the user to control the default not found value of the t and translate helpers could be susceptible to XSS attacks. Impact When an HTML-unsafe string is passed as the default for a...

6.1CVSS0.9AI score0.02372EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2020/08/26 7:32 p.m.53 views

Server secret was included in static assets and served to clients

Impact Server JWT signing secret was included in static assets and served to clients. This ALLOWS Flood's builtin authentication to be bypassed. Given Flood is granted access to rTorrent's SCGI interface which is unprotected and ALLOWS arbitrary code execution and usually wide-ranging privileges ...

1.1AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/08/19 9:4 p.m.53 views

Remote Code Execution in SyliusResourceBundle

Impact Request parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. The vulnerable versions...

8.8CVSS4.5AI score0.01914EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/07/07 12:1 a.m.53 views

Context isolation bypass via leaked cross-context objects in Electron

Impact Apps using contextIsolation are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Workarounds There are no app-side workarounds, you must update your...

9CVSS4.7AI score0.00367EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/07/01 5:12 p.m.53 views

Privilege escalation in mysql-connector-jav

Vulnerability in the MySQL Connectors component of Oracle MySQL subcomponent: Connector/J. Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise...

6.3CVSS4.4AI score0.00501EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/03 10:2 p.m.53 views

Arbitrary File Read in Snyk Broker

All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal...

6.5CVSS4.9AI score0.01685EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/03 10:2 p.m.53 views

Arbitrary File Read in Snyk Broker

All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. package.json...

6.5CVSS4.2AI score0.0113EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/03 10:2 p.m.53 views

Arbitrary File Read in Snyk Broker

All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json...

6.5CVSS3.7AI score0.0113EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/02/12 6:44 p.m.53 views

Improper Input Validation in Symfony

An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter...

9.8CVSS4.1AI score0.03354EPSS
Exploits0References9Affected Software2
Github Security Blog
Github Security Blog
added 2019/12/17 10:53 p.m.53 views

Information disclosure in the Contao backend

Impact Back end users can manipulate the details view URL to show pages and articles that have not been enabled for them. Patches Update to Contao 4.4.46 or 4.8.6. Workarounds None. References https://contao.org/en/security-advisories/information-disclosure-in-the-back-end For more information If...

5.3CVSS5.2AI score0.0088EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2019/10/28 8:51 p.m.53 views

Polymorphic Typing in FasterXML jackson-databind

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the commons-dbcp 1.4 jar in the classpath, and an attacker can find a...

9.8CVSS2.7AI score0.05681EPSS
Exploits0References35Affected Software1
Github Security Blog
Github Security Blog
added 2019/06/27 5:25 p.m.53 views

Cross-Site Scripting via JSONP

JSONP allows untrusted resource URLs, which provides a vector for attack by malicious actors...

4.2AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2018/11/21 10:24 p.m.53 views

Incorrect Permission Assignment for Critical Resource in Apache hive

In Apache Hive 2.1.0 to 2.3.2, when 'COPY FROM FTP' statement is run using HPL/SQL extension to Hive, a compromised/malicious FTP server can cause the file to be written to an arbitrary location on the cluster where the command is run from. This is because FTP client code in HPL/SQL does not veri...

4.3CVSS1AI score0.0178EPSS
Exploits0References3Affected Software3
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.53 views

nori contains Improper Input Validation

The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before 1.0.3 for Ruby does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption involving...

7.5CVSS5.4AI score0.02312EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.53 views

Puppet Improper Input Validation vulnerability

Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call...

7.5CVSS7.2AI score0.03408EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 5:18 p.m.52 views

launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows

Summary The launch-editor NPM package accesses arbitrary paths including Windows UNC paths. When a UNC path is opened, Windows automatically attempts NTLM authentication to the remote host, causing the user’s NTLMv2 password hash to be leaked to an attacker-controlled SMB server. This can result ...

5.5CVSS5.8AI score0.00322EPSS
Exploits0References2Affected Software3
Github Security Blog
Github Security Blog
added 2026/05/14 4:19 p.m.52 views

FlowiseAI: Assistant create+update mass-assignment allows cross-workspace assistant takeover

Summary Type: Mass assignment via Object.assignentity, body - client-controlled workspaceId and on create, id overwritten on the Assistant entity - cross-workspace data takeover and IDOR. File: packages/server/src/services/assistants/index.ts Root cause: The Assistant controller/service construct...

8.8CVSS6AI score0.00335EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 9:30 p.m.52 views

fast-xml-parser affected by DoS through entity expansion in DOCTYPE (no expansion limit)

Summary The XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML input, it’s possible to make the parser spend seconds or even minutes processing a single request, effectively freezing the application. Details There is a check in DocTypeReader.js that trie...

7.5CVSS5.9AI score0.00811EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/14 8:17 p.m.52 views

PrestaShop cross-site scripting via customer contact form in FO, through file upload

Impact Only PrestaShops with customer-thread feature flag enabled are impacted, starting from PrestaShop 8.1.0. The impact is substantial, when the customer thread feature flag is enabled, through the front-office contact form, a hacker can upload a malicious file containing an XSS that will be...

9.6CVSS9AI score0.5617EPSS
Exploits2References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/10 3:33 p.m.52 views

Previous ATX is not checked to be the newest valid ATX by Smesher when validating incoming ATX

Impact Nodes can publish ATXs which reference the incorrect previous ATX of the Smesher that created the ATX. ATXs are expected to form a single chain from the newest to the first ATX ever published by an identity. Allowing Smeshers to reference an earlier but not the latest ATX as previous break...

8.2CVSS7AI score0.00734EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2024/05/09 3:14 p.m.52 views

1Panel arbitrary file write vulnerability

Summary There are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. We can use the following mirror configuration write symbol to achieve arbitrary file writing PoC Dockerfile FROM bash:latest COPY...

7.5CVSS7.2AI score0.01329EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/07 4:48 p.m.52 views

react-pdf vulnerable to arbitrary JavaScript execution upon opening a malicious PDF with PDF.js

Summary If PDF.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true which is the default value, unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. Patches This patch forces isEvalSupported to false, removing...

7.1CVSS6.8AI score0.01064EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/04 9:30 p.m.52 views

ThinkPHP Cross-Site Scripting Vulnerability

ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to inadequate filtering of function argument values in thinkexception.tpl...

6.1CVSS5.7AI score0.00417EPSS
Exploits1References6Affected Software1
Total number of security vulnerabilities5000