Lucene search
K
GithubMost viewed

33227 matches found

Github Security Blog
Github Security Blog
added 2020/09/03 9:12 p.m.52 views

Denial of Service in mongodb

Versions of mongodb prior to 3.1.13 are vulnerable to Denial of Service. The package fails to properly catch an exception when a collection name is invalid and the DB does not exist, crashing the application. Recommendation Upgrade to version 3.1.13 or later...

3.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/03 2:36 a.m.52 views

SQL Injection in sails-mysql

Versions of sails-mysql prior to 0.10.8 are vulnerable to SQL Injection. The sort keyword is not properly sanitized and may allow attackers to inject SQL statements and execute arbitrary SQL queries Recommendation Upgrade to version 0.10.8 or later...

6.4AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/01 9:22 p.m.52 views

Entropy Backdoor in text-qrcode

All versions of text-qrcode contain malicious code that overwrites the randomBytes method for the crypto module with a function that generates weak entropy. Instead of generating 32 bytes, the infected randomBytes will generate 3 bytes of entropy and hash them, resulting in a 32 byte value being...

1.4AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2020/08/31 10:41 p.m.52 views

methodOverride Middleware Reflected Cross-Site Scripting in connect

Connect is a stack of middleware that is executed in order in each request. The "methodOverride" middleware allows the http post to override the method of the request with the value of the "method" post key or with the header "x-http-method-override". Because the user post input was not checked,...

6.1CVSS0.8AI score0.01417EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
added 2020/08/19 7:52 p.m.52 views

Remote Code Execution in SyliusResourceBundle

Impact Request parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. The vulnerable versions...

9.6CVSS4.3AI score0.02149EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/08/18 5:30 p.m.52 views

CSRF in Play Framework

In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed...

6.5CVSS3.6AI score0.00525EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/07/29 4:15 p.m.52 views

Potential Remote Code Execution in TYPO3 with mediace extension

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 9.1 CWE-325, CWE-20, CWE-200, CWE-502 Problem It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message...

9.8CVSS1.7AI score0.02721EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/07/07 6:59 p.m.52 views

Sensitive information exposure through logs in npm-registry-fetch

Affected versions of npm-registry-fetch are vulnerable to an information exposure vulnerability through log files. The cli supports URLs like ://:@::/. The password value is not redacted and is printed to stdout and also to any generated log files...

1.8AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/04/22 8:59 p.m.52 views

Subject Confirmation Method not validated in Saml2 Authentication Services for ASP.NET

Impact Saml2 tokens are usually used as bearer tokens - a caller that presents a token is assumed to be the subject of the token. There is also support in the Saml2 protocol for issuing tokens that is tied to a subject through other means, e.g. holder-of-key where possession of a private key must...

7.3CVSS1.8AI score0.01086EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2019/11/18 5:19 p.m.52 views

Path traversal attack on Windows platforms

Tapestry processes assets /assets/ctx using classes chain StaticFilesFilter - AssetDispatcher - ContextResource, which doesn't filter the character , so attacker can perform a path traversal attack to read any files on Windows platform...

7.5CVSS4.1AI score0.03094EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2019/10/28 8:51 p.m.52 views

Polymorphic Typing in FasterXML jackson-databind

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the commons-dbcp 1.4 jar in the classpath, and an attacker can find a...

9.8CVSS2.7AI score0.05681EPSS
Exploits0References35Affected Software1
Github Security Blog
Github Security Blog
added 2019/07/05 9:7 p.m.52 views

Deserialization of Untrusted Data in FasterXML jackson-databind

FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible...

5.9CVSS6AI score0.45205EPSS
Exploits2References49Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/17 4:27 p.m.52 views

Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman ECDH key exchanges, aka an "invalid curve attack."...

5CVSS8.1AI score0.0482EPSS
Exploits0References23Affected Software3
Github Security Blog
Github Security Blog
added 2018/07/24 8:4 p.m.52 views

Github Token Leak in aegir

Affected versions of aegir bundle and publish the current users github token to npm when aegir-release is executed. Recommendation Update to version 12.0.8 or later. If you used this module to do a release for your project you should invalidate the GitHub tokens that were leaked...

7.5CVSS4.1AI score0.01177EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.52 views

actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...

4.3CVSS7.2AI score0.03931EPSS
Exploits2References13Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.52 views

SQL Injection in sequelize

Versions 2.0.0-rc-7 and earlier of sequelize are affected by a SQL injection vulnerability when user input is passed into the order parameter. Proof of Concept javascript Test.findAndCountAll where: id :1 , order : 'id', 'UNTRUSTED USER INPUT' Recommendation Update to version 2.0.0-rc8 or later...

7.5CVSS7.5AI score0.02174EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.52 views

Incorrect Handling of Non-Boolean Comparisons During Minification in uglify-js

Versions of uglify-js prior to 2.4.24 are affected by a vulnerability which may cause crafted JavaScript to have altered functionality after minification. Recommendation Upgrade UglifyJS to version = 2.4.24...

9.8CVSS8.8AI score0.03559EPSS
Exploits1References8Affected Software2
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.52 views

ActiveRecord in Ruby on Rails allows database-query bypass

Active Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing...

7.5CVSS7.4AI score0.03903EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/21 8:38 p.m.51 views

lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files

Impact Using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Patches lxml 6.1.0 changes the default to resolveentities='internal', thus disallowing local file access by default. Workarounds Setting the resolveentitie...

7.5CVSS5.8AI score0.00324EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/03 3:45 a.m.51 views

DOMPurify USE_PROFILES prototype pollution allows event handlers

Summary When USEPROFILES is enabled, DOMPurify rebuilds ALLOWEDATTR as a plain array before populating it with the requested allowlists. Because the sanitizer still looks up attributes via ALLOWEDATTRlcName, any Array.prototype property that is polluted also counts as an allowlisted attribute. An...

5.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/04/10 3:31 a.m.51 views

yiisoft/yii2 Mishandles the Attaching of Behavior Defined by a `__class` Array Key

Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025...

9.8CVSS7.1AI score0.87776EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2025/04/04 2:7 p.m.51 views

GraphQL query operations security can be bypassed

Summary Using the Relay special node type you can bypass the configured security on an operation. Details Here is an example of how to apply security configurations for the GraphQL operations: php ApiResource security: "isgranted'ROLEUSER'", operations: / ... / , graphQlOperations: new...

7.5CVSS7.4AI score0.00439EPSS
Exploits0References9Affected Software2
Github Security Blog
Github Security Blog
added 2025/02/26 8:8 p.m.51 views

Mautic allows Improper Authorization in Reporting API

Summary This advisory addresses an authorization vulnerability in Mautic's HTTP Basic Authentication implementation. This flaw could allow unauthorized access to sensitive report data. Improper Authorization: An authorization flaw exists in Mautic's API Authorization implementation. Any...

7.7CVSS7.4AI score0.00681EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/01/21 9:10 p.m.51 views

Use of Insufficiently Random Values in undici

Impact Undici fetch uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled websit...

6.8CVSS6.6AI score0.00736EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2024/07/01 7:24 p.m.51 views

Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat

Impact If GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCache ByteStreamController class and read arbitrary classpath resources with specific file name extensions. If GeoServer i...

7.5CVSS6.8AI score0.00756EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2024/05/14 10:29 p.m.51 views

Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins

Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-39201 We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues. Release 9.2, latest release, also...

7.5CVSS6.8AI score0.01228EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2024/03/22 9:30 p.m.51 views

XNIO denial of service vulnerability

A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service DoS. Version 3.8.14.Final is expected to contain a fix...

7.5CVSS7AI score0.03479EPSS
Exploits0References14Affected Software1
Github Security Blog
Github Security Blog
added 2024/02/20 11:44 p.m.51 views

Pimcore Host Header Injection in user invitation link

Overview A potential security vulnerability discovered in pimcore/admin-ui-classic-bundle version up to v1.3.3 . The vulnerability involves a Host Header Injection in the invitationLinkAction function of the UserController, specifically in the way $loginUrl trusts user input. Details The host...

9.3CVSS7.1AI score0.00682EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/02/02 9:4 p.m.51 views

PowerShell is subject to remote code execution vulnerability

Microsoft Security Advisory CVE-2020-0605: .NET Framework Remote Code Execution Vulnerability Executive Summary A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability coul...

9.3CVSS8AI score0.17767EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/23 2:42 p.m.51 views

@hono/node-server cannot handle "double dots" in URL

Impact Since v1.3.0, we use our own Request object. This is great, but the url behavior is unexpected. In the standard API, if the URL contains .., here called "double dots", the URL string returned by Request will be in the resolved path. ts const req = new...

5.3CVSS7.4AI score0.00722EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/12/18 7:31 p.m.51 views

Keycloak vulnerable to reflected XSS via wildcard in OIDC redirect_uri

Keycloak prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This could permit an attacker to submit a specially crafted request leading to XSS or possibly further attacks...

5.4CVSS6.4AI score0.00912EPSS
Exploits1References13Affected Software1
Github Security Blog
Github Security Blog
added 2023/12/15 12:31 a.m.51 views

Duplicate Advisory: Keycloak vulnerable to reflected XSS via wildcard in OIDC redirect_uri

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cvg2-7c3j-g36j. This link is maintained to preserve external references. Original Description A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended t...

6AI score
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2023/12/04 11:13 p.m.51 views

HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL

Summary HtmlUnit 3.8.0 are vulnerable to Remote Code Execution RCE via XSTL, when browsing the attacker’s webpage Details Vulnerability code location: org.htmlunit.activex.javascript.msxml.XSLProcessortransformorg.htmlunit.activex.javascript.msxml.XMLDOMNode The reason for the vulnerability is th...

9.8CVSS8AI score0.02378EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/12/01 7:23 p.m.51 views

OpenSearch StackOverflow vulnerability

Impact A flaw was discovered in OpenSearch, affecting the search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service. The issue was identified by Elastic Engineering and corresponds to security advisory ESA-2023-14 CVE-2023-31419...

7.5CVSS6.9AI score0.60679EPSS
Exploits4References2Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/14 6:30 p.m.51 views

Bootbox.js Cross Site Scripting vulnerability

Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0 allows a remote attacker to execute arbitrary code via a crafted payload to alert, confirm, prompt functions...

6.1CVSS6.8AI score0.01435EPSS
Exploits2References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/09 9:30 p.m.51 views

Moodle Code Injection vulnerability

A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers...

8.8CVSS8AI score0.01862EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/03 6:36 a.m.51 views

Django Denial-of-service in django.utils.text.Truncator

In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars and words methods when used with html=True are subject to a potential DoS denial of service attack via certain inputs with very long, potentially malformed HTML text. The chars and words...

7.5CVSS7.1AI score0.01236EPSS
Exploits0References16Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/17 8:15 p.m.51 views

urllib3's request body not stripped after redirect from 303 status changes request method to GET

urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 303 "See Other" after the request had its method changed from one that could accept a request body like POST to GET as is required by HTTP RFCs. Although the behavior of removing the request body ...

4.2CVSS6.5AI score0.00544EPSS
Exploits0References14Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/17 2:21 p.m.51 views

Prototype Pollution in ali-security/mongoose

Impact This vulnerability causes a Prototype Pollution in document.js, through functions such as findByIdAndUpdate. For applications using Express and EJS, this can potentially allow remote code execution. Patches The original patched version for mongoose 5.3.3 did not include a fix for...

7.3AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/14 12:30 p.m.51 views

Apache Airflow vulnerable to sensitive information exposure when expose-config is set to non-sensitive-only

Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the exposeconfig option is set to non-sensitive-only. The exposeconfig option is False by default. It is recommended to upgrade to a...

4.3CVSS6.5AI score0.01232EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/25 5:33 p.m.51 views

x/net/html Vulnerable to DoS During HTML Parsing

The html package aka x/net/html through 2018-09-25 in Go mishandles , leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification...

7.5CVSS6.8AI score0.02618EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/20 6:30 p.m.51 views

Jenkins temporary uploaded file created with insecure permissions

In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, uploaded files processed via the Stapler web framework and the Jenkins API MultipartFormDataParser create temporary files in the system temporary directory with the default permissions for newly created files. If these permissions are overly...

8.1CVSS6.6AI score0.008EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/12 6:58 p.m.51 views

Apache Airflow Incorrect Authorization vulnerability

Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. Users should upgrade to...

4.3CVSS4.6AI score0.01305EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2023/08/31 12:30 a.m.51 views

Path traversal in Zip Swift

An issue in Zip Swift v2.1.2 allows attackers to execute a path traversal attack via a crafted zip entry...

7.8CVSS7AI score0.00439EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/08/11 6:57 p.m.51 views

Critters Cross-site Scripting Vulnerability

Impact Critters version 0.0.17-0.0.19 have an issue when parsing the HTML which leads to a potential cross-site scripting XSS bug. Patches The bug has been fixed in v0.0.20. Workarounds Upgrading Critters version to 0.0.20 is the easiest fix. This is a non breaking version upgrade so we recommend...

6.1CVSS6.5AI score0.00147EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/12 5:29 p.m.51 views

Pimcore admin UI vulnerable to Cross-site Scripting in 2 factor authentication setup page

Summary Unauthenticated HTML Injection / XSS Possible. Conditions: 2factor authentication must not set before Vulnerable Endpoint: /admin/login/2fa-setup Vulnerable Param: error= How it works, So basically any admin, who has not setup 2 factor authentication before is vulnerable for this attack,...

6.1CVSS7.4AI score0.00535EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/20 3:31 p.m.51 views

Langchain vulnerable to arbitrary code execution

Langchain 0.0.171 is vulnerable to Arbitrary code execution in loadprompt...

9.8CVSS7.5AI score0.00943EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/05/31 11:38 p.m.51 views

In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file

Note The official templates of Lima, and the well-known third party products Colima, Rancher Desktop, and Finch are unlikely to be affected by this issue. Impact A virtual machine instance with a malicious disk image could read a single file on the host filesystem, even when no filesystem is...

2.7CVSS6.6AI score0.00268EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/05/15 8:50 p.m.51 views

Any file can be included with the pymdown-snippets extension

Summary Arbitrary file read when using include file syntax. Details By using the syntax --8--"/etc/passwd" or --8--"/proc/self/environ" the content of these files will be rendered in the generated documentation. Additionally, a path relative to a specified, allowed base path can also be used to...

7.5CVSS7.6AI score0.01815EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/02 9:30 p.m.51 views

Jenkins Phabricator Differential Plugin vulnerable to XML external entity (XXE) attacks

Jenkins Phabricator Differential Plugin 2.1.5 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control coverage report file contents for the Post to Phabricator post-build action to have Jenkins parse a crafted XML document th...

8.2CVSS7.9AI score0.00569EPSS
Exploits0References3Affected Software1
Total number of security vulnerabilities5000