Lucene search
K
GithubMost viewed

33227 matches found

Github Security Blog
Github Security Blog
added 2018/03/05 6:54 p.m.51 views

ejs vulnerable to DoS due to weak input validation

nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in ejs.renderFile...

7.5CVSS7.2AI score0.02267EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.51 views

actionpack Cross-site Scripting vulnerability

The sanitizecss method in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n newline characters, which makes it easier for remote attackers to...

4.3CVSS5.5AI score0.0264EPSS
Exploits1References17Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.51 views

actionmailer email address processing causes Denial of service

Multiple format string vulnerabilities in logsubscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message...

4.3CVSS6.2AI score0.03135EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.51 views

JSON gem has Improper Input Validation vulnerability

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...

7.5CVSS4.9AI score0.13911EPSS
Exploits0References22Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 6:12 p.m.50 views

Multer vulnerable to Denial of Service via deeply nested field names

Impact Multer is vulnerable to a Denial of Service DoS via deeply nested field names in multipart form data. The append-field dependency parses bracket notation in field names e.g., abc with no limit on nesting depth, allowing an attacker to force allocation of deeply nested object structures tha...

7.5CVSS5.3AI score0.00278EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/12 9:53 p.m.50 views

File Browser: FilePath traversal in download-as-zip/tar via Windows-style backslash separators in stored filenames

Summary filebrowser builds the download-as-zip / download-as-tar archive entry names with filepath.ToSlash, which on a Linux host is a no-op for backslashes \ is only a path separator on Windows. A file whose name contains Windows-style traversal ......\evil.txt is accepted by the resource...

6.8CVSS5.7AI score0.00189EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/12 3:6 p.m.50 views

protobuf.js: Code injection in pbjs static output from crafted schema names

Summary pbjs static code generation could emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from a crafted schema or JSON descriptor, certain namespace, enum, service, or derived full names could be written into the generated output without...

8.7CVSS5.9AI score0.00395EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 7:22 p.m.50 views

mcp-from-openapi is Vulnerable to SSRF via $ref Dereferencing in Untrusted OpenAPI Specifications

Summary The mcp-from-openapi library uses @apidevtools/json-schema-ref-parser to dereference $ref pointers in OpenAPI specifications without configuring any URL restrictions or custom resolvers. A malicious OpenAPI specification containing $ref values pointing to internal network addresses, cloud...

7.5CVSS6AI score0.00319EPSS
Exploits1References4Affected Software3
Github Security Blog
Github Security Blog
added 2026/03/25 2:25 p.m.50 views

Two LiteLLM versions published containing credential harvesting malware

After an API Token exposure from an exploited trivy dependency, two new releases of litellm were uploaded to PyPI containing automatically activated malware, harvesting sensitive credentials and files, and exfiltrating to a remote API. Anyone who has installed and run the project should assume an...

5.8AI score
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2025/04/12 3:43 a.m.50 views

CefSharp affected by incorrect handle provided in unspecified circumstances in Mojo on Windows

Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. Chromium security severity: High https://nvd.nist.gov/vuln/detail/CVE-2025-2783...

8.3CVSS6.6AI score0.08404EPSS
Exploits6References6Affected Software7
Github Security Blog
Github Security Blog
added 2025/04/04 2:7 p.m.50 views

GraphQL query operations security can be bypassed

Summary Using the Relay special node type you can bypass the configured security on an operation. Details Here is an example of how to apply security configurations for the GraphQL operations: php ApiResource security: "isgranted'ROLEUSER'", operations: / ... / , graphQlOperations: new...

7.5CVSS7.4AI score0.00439EPSS
Exploits0References9Affected Software2
Github Security Blog
Github Security Blog
added 2025/03/17 9:26 p.m.50 views

zip Incorrectly Canonicalizes Paths during Archive Extraction Leading to Arbitrary File Write

Summary In the archive extraction routine of affected versions of the zip crate, symbolic links earlier in the archive are allowed to be used for later files in the archive without validation of the final canonicalized path, allowing maliciously crafted archives to overwrite arbitrary files in th...

7.3CVSS7.2AI score0.005EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/03/12 7:28 p.m.50 views

graphql allows remote code execution when loading a crafted GraphQL schema

Summary Loading a malicious schema definition in GraphQL::Schema.fromintrospection or GraphQL::Schema::Loader.load can result in remote code execution. Any system which loads a schema by JSON from an untrusted source is vulnerable, including those that use GraphQL::Client to load external schemas...

9CVSS7.6AI score0.02865EPSS
Exploits2References15Affected Software1
Github Security Blog
Github Security Blog
added 2024/12/12 9:31 a.m.50 views

Withdrawn Advisory: undertow: information leakage via HTTP/2 request header reuse

Withdrawn Advisory This advisory has been withdrawn because it was determined to not be a valid vulnerability. This link is maintained to preserve external references. For more information, see https://nvd.nist.gov/vuln/detail/CVE-2024-4109. Original Description A flaw was found in Undertow. An...

5.2AI score
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
added 2024/09/19 6:30 p.m.50 views

Duplicate Advisory: Keycloak Open Redirect vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-w8gr-xwp4-r9f7. This link is maintained to preserve external references. Original Description A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL...

6.1CVSS6.7AI score0.01959EPSS
Exploits0References20Affected Software1
Github Security Blog
Github Security Blog
added 2024/09/18 3:46 p.m.50 views

Camaleon CMS vulnerable to arbitrary path traversal (GHSL-2024-183)

A path traversal vulnerability accessible via MediaController's downloadprivatefile method allows authenticated users to download any file on the web server Camaleon CMS is running on depending on the file permissions. In the downloadprivatefile method: ruby def downloadprivatefile...

7.7CVSS6.6AI score0.1456EPSS
Exploits11References9Affected Software1
Github Security Blog
Github Security Blog
added 2024/09/10 7:42 p.m.50 views

serve-static vulnerable to template injection that can lead to XSS

Impact passing untrusted user input - even after sanitizing it - to redirect may execute untrusted code Patches this issue is patched in serve-static 1.16.0 Workarounds users are encouraged to upgrade to the patched version of express, but otherwise can workaround this issue by making sure any...

5CVSS6.8AI score0.00595EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/08/07 3:30 p.m.50 views

Jenkins Remoting library arbitrary file read vulnerability

Jenkins uses the Remoting library typically agent.jar or remoting.jar for the communication between controller and agents. This library allows agents to load classes and classloader resources from the controller, so that Java objects sent from the controller build steps, etc. can be executed on...

8.8CVSS6.9AI score0.28782EPSS
Exploits4References9Affected Software2
Github Security Blog
Github Security Blog
added 2024/06/10 9:38 p.m.50 views

@grpc/grpc-js can allocate memory for incoming messages well above configured limits

Impact There are two separate code paths in which memory can be allocated per message in excess of the grpc.maxreceivemessagelength channel option: 1. If an incoming message has a size on the wire greater than the configured limit, the entire message is buffered before it is discarded. 2. If an...

5.3CVSS7.2AI score0.00671EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/15 10:27 p.m.50 views

Insecure State Generation in laravel/socialite

laravel/socialite versions prior to 2.0.9 are found to have an insecure state generation mechanism, potentially exposing the OAuth authentication process to security risks. The issue has been addressed in version 2.0.9 by ensuring that the state is generated using a truly random approach, enhanci...

7.3AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/06 6:31 a.m.50 views

PyMongo Out-of-bounds Read in the bson module

Versions of the package pymongo before 4.6.3 are vulnerable to Out-of-bounds Read in the bson module. Using the crafted payload the attacker could force the parser to deserialize unmanaged memory. The parser tries to interpret bytes next to buffer and throws an exception with string. If the...

4.6AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/03/21 6:59 p.m.50 views

Path traversal in webpack-dev-middleware

Summary The webpack-dev-middleware middleware does not validate the supplied URL address sufficiently before returning the local file. It is possible to access any file on the developer's machine. Details The middleware can either work with the physical filesystem when reading the files or it can...

7.5CVSS6.4AI score0.01209EPSS
Exploits1References11Affected Software1
Github Security Blog
Github Security Blog
added 2024/03/06 6:24 p.m.50 views

Apollo Router's Compressed Payloads do not respect HTTP Payload Limits

Impact The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service DoS type vulnerability. When receiving compressed HTTP payloads, affected versions of the Route...

7.5CVSS5.5AI score0.0077EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/03/06 12:31 a.m.50 views

Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

7.5CVSS6.7AI score0.01262EPSS
Exploits0References9Affected Software3
Github Security Blog
Github Security Blog
added 2024/02/28 12:30 p.m.50 views

Apache Superset: Improper error handling on alerts

An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. This error is not properly handled by Apache Superset and may inadvertently surface in the error log of the Alert...

4.3CVSS7.5AI score0.00969EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/02/27 9:41 p.m.50 views

Rails has possible XSS Vulnerability in Action Controller

Possible XSS Vulnerability in Action Controller There is a possible XSS vulnerability when using the translation helpers translate, t, etc in Action Controller. This vulnerability has been assigned the CVE identifier CVE-2024-26143. Versions Affected: = 7.0.0. Not affected: 7.0.0 Fixed Versions:...

6.1CVSS6.2AI score0.01034EPSS
Exploits1References8Affected Software2
Github Security Blog
Github Security Blog
added 2024/01/31 10:42 p.m.51 views

nodemailer ReDoS when trying to send a specially crafted email

Summary A ReDoS vulnerability occurs when nodemailer tries to parse img files with the parameter attachDataUrls set, causing the stuck of event loop. Another flaw was found when nodemailer tries to parse an attachments with a embedded file, causing the stuck of event loop. Details Regex:...

6.8AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/24 3:30 p.m.50 views

Apache Airflow: Bypass permission verification to read code of other dags

Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version...

6.5CVSS6.2AI score0.00971EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/28 8:46 p.m.50 views

cryptography vulnerable to NULL-dereference when loading PKCS7 certificates

Summary Calling loadpempkcs7certificates or loadderpkcs7certificates could lead to a NULL-pointer dereference and segfault. PoC Here is a Python code that triggers the issue: python from cryptography.hazmat.primitives.serialization.pkcs7 import loadderpkcs7certificates, loadpempkcs7certificates...

7.5CVSS7.2AI score0.00985EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/28 9:30 a.m.50 views

Reactor Netty HTTP Server denial of service vulnerability

In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in...

7.5CVSS6.9AI score0.00906EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/14 8:36 p.m.50 views

Microsoft Security Advisory CVE-2023-36558: .NET Security Feature Bypass Vulnerability

Microsoft Security Advisory CVE-2023-36558: .NET Security Feature Bypass Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 6.0, ASP.NET Core 7.0 and, ASP.NET Core 8.0 RC2. This advisory also provides guidance...

6.2CVSS6.3AI score0.01085EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/08 2:51 p.m.50 views

XWiki Platform vulnerable to reflected cross-site scripting through revision parameter in content menu

Impact XWiki is vulnerable to reflected cross-site scripting RXSS via the rev parameter that is used in the content of the content menu without escaping. If an attacker can convince a user to visit a link with a crafted parameter, this allows the attacker to execute arbitrary actions in the name ...

9.6CVSS7.3AI score0.02191EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/07 11:2 p.m.50 views

XWiki Platform vulnerable to privilege escalation and remote code execution via the edit action

Impact In XWiki Platform, it's possible for a user to execute any content with the right of an existing document's content author, provided the user have edit right on it. The reason for this is that the edit action sets the content without modifying the content author. To reproduce: Log in as a...

9.9CVSS6.9AI score0.00985EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/17 1:23 p.m.50 views

WebAuthn4J Spring Security Improper signature counter value handling

Improper signature counter value handling Impact A flaw was found in webauthn4j-spring-security-core. When an authneticator returns an incremented signature counter value during authentication, webauthn4j-spring-security-core does not properly persist the value, which means cloned authenticator...

5.3CVSS6.8AI score0.0052EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/06 8:43 p.m.50 views

JWT token compromise can allow malicious actions including Remote Code Execution (RCE)

Impact A user can reverse engineer the JWT token JSON Web Token used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE. Patches Upgrade to NeuVector version 5.2.2 or later and latest Helm chart 2.6.3+....

9.4CVSS6.6AI score0.00461EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/05 8:52 p.m.50 views

Decidim has broken access control in templates

Impact The templates module doesn't enforce the correct permissions, allowing any logged-in user to access to this functionality in the administration panel. An attacker could use this vulnerability to change, create or delete templates of surveys...

9.1CVSS6.3AI score0.00541EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2023/09/25 9:30 p.m.50 views

plexus-codehaus vulnerable to directory traversal

A flaw was found in plexus-codehaus. A directory traversal attack also known as path traversal aims to access files and directories stored outside the intended folder. By manipulating files with dot-dot-slash ../ sequences and their variations or by using absolute file paths, it may be possible t...

7.5CVSS7.6AI score0.01347EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/20 12:30 p.m.50 views

Quarkus HTTP vulnerable to incorrect evaluation of permissions

A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized...

8.1CVSS6.6AI score0.01215EPSS
Exploits1References17Affected Software4
Github Security Blog
Github Security Blog
added 2023/09/08 6:30 p.m.50 views

Terraform allows arbitrary file write during the `init` operation

Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the init operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7...

7.8CVSS6.9AI score0.00255EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/06 7:51 p.m.50 views

Electron vulnerable to out-of-package code execution when launched with arbitrary cwd

Impact Apps that are launched as command line executables are impacted. E.g. if your app exposes itself in the path as myapp --help Specifically this issue can only be exploited if the following conditions are met: Your app is launched with an attacker-controlled working directory The attacker ha...

6.6CVSS6.9AI score0.00563EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/14 9:58 p.m.50 views

SwiftTerm Code Injection vulnerability

Impact Attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. Credit These...

7.8CVSS7.4AI score0.0043EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/05 9:36 p.m.50 views

@fastify/oauth2 vulnerable to Cross Site Request Forgery due to reused Oauth2 state

Impact All versions of @fastify/oauth2 used a statically generated state parameter at startup time and were used across all requests for all users. The purpose of the Oauth2 state parameter is to prevent Cross-Site-Request-Forgery attacks. As such, it should be unique per user and should be...

8.8CVSS6.8AI score0.00679EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/21 12:30 p.m.50 views

Apache Tomcat vulnerable to information leak

A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SENDHEADERS message would be sent for the response which in turn meant that at least one AJP proxy modproxyajp would use the response heade...

7.5CVSS7.3AI score0.01116EPSS
Exploits0References14Affected Software2
Github Security Blog
Github Security Blog
added 2023/06/06 2:0 a.m.50 views

Rancher vulnerable to Privilege Escalation via manipulation of Secrets

Impact A vulnerability has been identified which enables Standard users or above to elevate their permissions to Administrator in the local cluster. The local cluster means the cluster where Rancher is installed. It is named local inside the list of clusters in the Rancher UI. Standard users coul...

9.9CVSS6.7AI score0.00715EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/05/18 5:29 p.m.50 views

SwiftNIO vulnerable to HTTP request smuggling using malformed Transfer-Encoding header

Impact Affected SwiftNIO systems are vulnerable to request smuggling attacks, in which they parse a given HTTP message differently from other network parties, potentially seeing a different number of requests than other servers. This can lead to failures of authentication, routing, and other...

9.8CVSS6.8AI score0.57132EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2023/05/16 6:30 p.m.50 views

Jenkins Pipeline: Job Plugin vulnerable to stored Cross-site Scripting

Jenkins Pipeline: Job Plugin 1292.v27d8cc3e2602 and earlier does not escape the display name of the build that caused an earlier build to be aborted, when "Do not allow concurrent builds" is set. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to set...

5.4CVSS5.3AI score0.00586EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/27 11:53 p.m.50 views

Remote code injection in wwbn/avideo

WWBN Avideo Authenticated RCE - OS Command Injection Description An OS Command Injection vulnerability in an Authenticated endpoint /plugin/CloneSite/cloneClient.json.php allows attackers to achieve Remote Code Execution. Vulnerable code: php $cmd = "wget -O $clonesDir$json-sqlFile...

8.8CVSS9.4AI score0.05175EPSS
Exploits3References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/21 10:32 p.m.50 views

CSRF token fixation in fastify-passport

The CSRF protection enforced by the @fastify/csrf-protection library, when combined with @fastify/passport, can be bypassed by network and same-site attackers. Details fastify/csrf-protection implements the synchronizer token pattern using plugins @fastify/session and @fastify/secure-session by...

6.5CVSS6.2AI score0.00384EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/14 6:28 p.m.50 views

Snowflake JDBC vulnerable to command injection via SSO URL authentication

Snowflake JDBC driver is vulnerable to command injection vulnerability via SSO URL authentication. The vulnerability was patched on March 17, 2023 as part of Snowflake JDBC driver Version 3.13.29. An attacker could set up a malicious, publicly accessible server which responds to the SSO URL with ...

8.8CVSS9.1AI score0.01668EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/14 3:30 a.m.50 views

froxlor/froxlor vulnerable to unrestricted upload of file with dangerous type

Image files uploaded in froxlor/froxlor prior to 2.0.14 were not properly validated which could result in remote code execution via path manipulation...

9.1CVSS8.9AI score0.73247EPSS
Exploits1References4Affected Software1
Total number of security vulnerabilities5000