Lucene search
K
GithubMost viewed

33122 matches found

Github Security Blog
Github Security Blog
added 2026/06/04 2:21 p.m.186 views

Allocation of Resources Without Limits or Throttling in Axios

Summary Axios versions 1.7.0 through 1.15.x did not enforce configured request and response size limits when requests were sent with the fetch adapter. Applications that selected adapter: 'fetch', or ran in environments where axios resolved to the fetch adapter, could receive or send bodies large...

7.5CVSS5.8AI score0.0063EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/03/05 10:8 p.m.186 views

Phar object injection in PHPMailer

PHPMailer versions prior to 6.0.6 and 5.2.27 are vulnerable to an object injection attack by passing phar:// paths into addAttachment and other functions that may receive unfiltered local paths, possibly leading to RCE. See this article for more info on this type of vulnerability. Mitigated by...

8.8CVSS0.3AI score0.02211EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:12 p.m.185 views

Deserialization of Untrusted Data in Liferay Portal

Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services JSONWS...

9.8CVSS9.5AI score0.99783EPSS
Exploits10References9Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:5 a.m.185 views

Improper Authorization in Apache Xalan-Java

The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURESECUREPROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted 1...

7.5CVSS8.4AI score0.13809EPSS
Exploits2References28Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/28 12:34 a.m.184 views

Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatch

Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...

7.5CVSS7.3AI score0.03514EPSS
Exploits1References5Affected Software2
Github Security Blog
Github Security Blog
added 2020/12/10 4:53 p.m.184 views

ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse

Overview The ini npm package before version 1.3.6 has a Prototype Pollution vulnerability. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context. Patch...

9.8CVSS3.8AI score0.03612EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/30 8:40 p.m.183 views

Deserialization of Untrusted Data in jackson-databind

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist...

8.1CVSS5AI score0.06962EPSS
Exploits0References18Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/14 6:30 p.m.182 views

Uncontrolled resource consumption in braces

The NPM package braces fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In lib/parse.js, if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing...

7.5CVSS6.6AI score0.01471EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2020/01/16 10:18 p.m.182 views

Local Privilege Escalation in PyInstaller

Impact Local Privilege Escalation in all Windows software frozen by PyInstaller in "onefile" mode. The vulnerability is present only on Windows and in this particular case: If a software frozen by PyInstaller in "onefile" mode is launched by a privileged user who has his/her "TempPath" resolving ...

7.8CVSS1AI score0.00689EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2019/12/02 6:7 p.m.182 views

Symfony Unsafe Cache Serialization Could Enable RCE

An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache...

9.8CVSS9.4AI score0.33247EPSS
Exploits0References10Affected Software2
Github Security Blog
Github Security Blog
added 2025/04/15 9:21 p.m.181 views

vLLM vulnerable to Denial of Service by abusing xgrammar cache

Impact This report is to highlight a vulnerability in XGrammar, a library used by the structured output feature in vLLM. The XGrammar advisory is here: https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-389x-67px-mjg3 The xgrammar library is the default backend used by vLLM to support...

6.8AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/02/07 5:30 p.m.180 views

CKEditor4 Cross-site Scripting vulnerability caused by incorrect CDATA detection

Affected packages The vulnerability has been discovered in the core HTML parsing module and may affect all editor instances that: Enabled full-page editing mode, or enabled CDATA elements in Advanced Content Filtering configuration defaults to script and style elements. Impact A potential...

6.1CVSS6.5AI score0.00706EPSS
Exploits0References8Affected Software2
Github Security Blog
Github Security Blog
added 2024/02/23 6:30 a.m.179 views

Spring Web vulnerable to Open Redirect or Server Side Request Forgery

Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect attack or to a SSRF attack if the URL is used after passing validation checks...

8.1CVSS5.7AI score0.03967EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/25 9:15 p.m.179 views

crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard

Impact Summary Crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standardOWASP PBKDF2 Cheatsheet. This is because it both 1 defaults to SHA1SHA1 wiki, a cryptographic hash algorithm considered insecure since at leas...

9.1CVSS9.2AI score0.00635EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/06 5:33 p.m.179 views

fast-xml-parser vulnerable to Regex Injection via Doctype Entities

Impact "fast-xml-parser" allows special characters in entity names, which are not escaped or sanitized. Since the entity name is used for creating a regex for searching and replacing entities in the XML body, an attacker can abuse it for DoS attacks. By crafting an entity name that results in an...

7.5CVSS7AI score0.01135EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/06 5:31 p.m.179 views

Authorization Before Parsing and Canonicalization in jetty

Release 9.4.37 introduced a more precise implementation of RFC3986 with regards to URI decoding, together with some new compliance modes to optionally allow support of some URI that may have ambiguous interpretation within the Servlet specified API methods behaviours. The default mode allowed %...

5.3CVSS3.1AI score0.82371EPSS
Exploits7References27Affected Software1
Github Security Blog
Github Security Blog
added 2021/01/21 2:12 p.m.179 views

Improper Verification of Cryptographic Signature in PySAML2

Impact All users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. pysaml2 = 6.4.1 does not ensure that a signed SAML document is correctly signed. The default CryptoBackendXmlSec1 backend is using the xmlsec1 binary to verify the...

6.5CVSS0.8AI score0.0118EPSS
Exploits3References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/01 11:51 p.m.178 views

lodash vulnerable to Code Injection via `_.template` imports key names

Impact The fix for CVE-2021-23337 added validation for the variable option in .template but did not apply the same validation to options.imports key names. Both paths flow into the same Function constructor sink. When an application passes untrusted input as options.imports key names, an attacker...

9.8CVSS6.1AI score0.01735EPSS
Exploits0References6Affected Software4
Github Security Blog
Github Security Blog
added 2021/05/21 2:28 p.m.178 views

Interpreter crash from `tf.io.decode_raw`

Impact The implementation of tf.io.decoderaw produces incorrect results and crashes the Python interpreter when combining fixedlength and wider datatypes. python import tensorflow as tf tf.io.decoderawtf.constant"1","2","3","4", tf.uint16, fixedlength=4 The implementation of the padded version is...

7.8CVSS1.2AI score0.00221EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
added 2021/04/29 9:52 p.m.178 views

SQL Server LIMIT / OFFSET SQL Injection in laravel/framework and illuminate/database

Impact Those using SQL Server with Laravel and allowing user input to be passed directly to the limit and offset functions are vulnerable to SQL injection. Other database drivers such as MySQL and Postgres are not affected by this vulnerability. Patches This problem has been patched on Laravel...

3.5AI score
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2021/05/28 7:19 p.m.177 views

ReDoS in Sec-Websocket-Protocol header

Impact A specially crafted value of the Sec-Websocket-Protocol header can be used to significantly slow down a ws server. Proof of concept js for const length of 1000, 2000, 4000, 8000, 16000, 32000 const value = 'b' + ' '.repeatlength + 'x'; const start = process.hrtime.bigint; value.trim.split/...

5.3CVSS2.2AI score0.02821EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/01 8:43 p.m.177 views

Cross-Site Scripting in react-marked-markdown

All versions of react-marked-markdown are vulnerable to cross-site scripting XSS via href attributes. This is exploitable if user is provided to react-marked-markdown Proof of concept: import React from 'react' import ReactDOM from 'react-dom' import MarkdownPreview from 'react-marked-markdown'...

3.3AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/03/14 6:48 p.m.176 views

Flowise allows arbitrary file write to RCE

Summary An attacker could write files with arbitrary content to the filesystem via the /api/v1/document-store/loader/process API. An attacker can reach RCERemote Code Execution via file writing. Details All file writing functions in packages/components/src/storageUtils.ts are vulnerable. -...

8.1AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/05 12:0 a.m.176 views

Improper Input Validation and Allocation of Resources Without Limits or Throttling in poi-scratchpad

A shortcoming in the HMEF package of poi-scratchpad Apache POI allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files Microsoft Outlook and Microsoft Exchange Server. If an application uses poi-scratchpad to parse TNEF files and the application allows...

5.5CVSS3.5AI score0.0152EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/09/17 9:58 p.m.175 views

Next.js Cache Poisoning

Impact By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router this does not affect the app router. When this crafted request is sent it could coerce Next.js to cache a route that is meant to not be cached and send a...

7.5CVSS6.7AI score0.58768EPSS
Exploits3References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/09/13 6:30 a.m.175 views

Path traversal vulnerability in functional web frameworks

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...

7.5CVSS6.7AI score0.14718EPSS
Exploits1References5Affected Software2
Github Security Blog
Github Security Blog
added 2023/07/25 2:43 p.m.176 views

Removal of e-Tugra root certificate

Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store. e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions ...

9.8CVSS6.5AI score0.00468EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/18 5:7 p.m.175 views

jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label

Impact Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. If you call .checkboxradio "refresh" on such a widget and the initial HTML contained encoded HTML entities, they will erroneously get decoded. This can le...

6.1CVSS6.5AI score0.01933EPSS
Exploits1References14Affected Software4
Github Security Blog
Github Security Blog
added 2019/05/29 6:5 p.m.175 views

Command Injection in Xstream

Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON...

9.8CVSS5.8AI score0.84362EPSS
Exploits5References12Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/04 8:14 p.m.174 views

Pterodactyl Panel vulnerable to authentication bypass due to improper user-provided security token verification

A malicious user can modify the contents of a confirmationtoken input during the two-factor authentication process to reference a cache value not associated with the login attempt. In rare cases this can allow a malicious actor to authenticate as a random user in the Panel. The malicious user mus...

8.1CVSS0.7AI score0.01696EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/01/06 6:43 p.m.174 views

Deserialization of Untrusted Data in Log4j

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code...

9.8CVSS4.3AI score0.8904EPSS
Exploits2References84Affected Software2
Github Security Blog
Github Security Blog
added 2019/06/10 6:5 p.m.174 views

Twisted CRLF Injection

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF...

6.1CVSS6.6AI score0.02535EPSS
Exploits1References13Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/16 5:21 p.m.174 views

jackson-databind is vulnerable to a deserialization flaw

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper...

9.8CVSS9.4AI score0.37925EPSS
Exploits7References65Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/08 9:47 p.m.174 views

vLLM introduced enhanced protection for CVE-2025-62164

Summary The fix here for CVE-2025-62164 is not sufficient. The fix only disables prompt embeds by default rather than addressing the root cause, so the DoS vulnerability remains when the feature is enabled. Details vLLM's pending change attempts to fix the root cause, which is the missing sparse...

8.8CVSS6.8AI score0.00831EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/20 3:18 p.m.173 views

Tauri's Updater Private Keys Possibly Leaked via Vite Environment Variables

Impact This advisory is not describing a vulnerability in the Tauri code base itself but a commonly used misconfiguration which could lead to leaking of the private key and updater key password into bundled Tauri applications using the Vite frontend in a specific configuration. The Tauri...

8.4CVSS5.5AI score0.00192EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2019/09/23 6:33 p.m.173 views

Polymorphic Typing issue in FasterXML jackson-databind

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10, 2.8.11.5, and 2.6.7.3. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540...

9.8CVSS8.9AI score0.04918EPSS
Exploits0References35Affected Software1
Github Security Blog
Github Security Blog
added 2025/01/31 6:31 p.m.172 views

Grafana Alerting VictorOps integration could be exposed to users with Viewer permission

Grafana is an open-source platform for monitoring and observability. The Grafana Alerting VictorOps integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 11.5.0, 11.4.1, 11.3.3, 11.2.6, 11.1.11, 11.0.11 and 10.4.15...

4.3CVSS4.5AI score0.00368EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/02 6:30 a.m.172 views

Follow Redirects improperly handles URLs in the url.parse() function

Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse function. When new URL throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect...

7.3CVSS6.9AI score0.00797EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2023/12/18 7:22 p.m.172 views

Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin

Summary Terrapin is a prefix truncation attack targeting the SSH protocol. More precisely, Terrapin breaks the integrity of SSH's secure channel. By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server a...

5.9CVSS5.7AI score0.93305EPSS
Exploits4References145Affected Software3
Github Security Blog
Github Security Blog
added 2026/02/18 10:38 p.m.171 views

minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern

Summary minimatch is vulnerable to Regular Expression Denial of Service ReDoS when a glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string. Each compiles to a separate ^/? regex group, and when the match fails, V8's regex engine...

8.7CVSS5.3AI score0.00519EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/16 4:4 p.m.171 views

Authelia allows open redirects on the logout endpoint

Impact Utilizing a HTTP query parameter an attacker is able to redirect users from the web application to any domain. The URL of the intended redirect should always be checked for safety prior to forwarding the user. Other endpoints of the web application already do this, they check both that the...

5.7CVSS0.5AI score0.0051EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/09/28 1:9 p.m.171 views

vm2 vulnerable to Sandbox Escape resulting in Remote Code Execution on host

Impact A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. Patches This vulnerability was patched in the release of version 3.9.11 of vm2 Workarounds None. References Github Issue - https://github.com/patriksimek/vm2/issues/467 T...

10CVSS9.7AI score0.47868EPSS
Exploits2References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/24 7:52 p.m.171 views

Improper Certificate Validation in xmlhttprequest-ssl

The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized when the property exists but is undefined is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected...

9.4CVSS2.9AI score0.02056EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/21 2:21 p.m.171 views

CHECK-fail in SparseCross due to type confusion

Impact The API of tf.rawops.SparseCross allows combinations which would result in a CHECK-failure and denial of service: python import tensorflow as tf hashedoutput = False numbuckets = 1949315406 hashkey = 1869835877 outtype = tf.string internaltype = tf.string indices1 = tf.constant0, 6, shape=...

5.5CVSS1.9AI score0.00189EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
added 2021/03/25 5:4 p.m.171 views

Information Disclosure in Guava

A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava com.google.common.io.Files.createTempDir. The permissions granted to the directory created defau...

3.3CVSS6.3AI score0.00964EPSS
Exploits1References82Affected Software1
Github Security Blog
Github Security Blog
added 2020/03/04 8:52 p.m.171 views

Deserialization of Untrusted Data in jackson-databind

FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain net.sf.ehcache blocking...

9.8CVSS9AI score0.0864EPSS
Exploits0References37Affected Software1
Github Security Blog
Github Security Blog
added 2020/02/28 1:10 a.m.171 views

Potential HTTP request smuggling in Apache Tomcat

The refactoring present in Apache Tomcat versions 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was...

5.8CVSS1.4AI score0.08872EPSS
Exploits0References13Affected Software2
Github Security Blog
Github Security Blog
added 2025/04/12 3:41 a.m.169 views

CVE-2025-1386- Query smuggling in ch-go library

Impact When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream. Patches If you are using ch-go library, we...

5.9CVSS6.9AI score0.00342EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/05 7:38 p.m.169 views

Introspection in schema validation in Apollo Server

We encourage all users of Apollo Server to read this advisory in its entirety to understand the impact. The Resolution section contains details on patched versions. Impact If subscriptions: false is passed to the ApolloServer constructor options, there is no impact. If implementors were not...

Exploits0References15Affected Software12
Github Security Blog
Github Security Blog
added 2026/02/18 10:36 p.m.168 views

Go Ethereum Improperly Validates the ECIES Public Key in RLPx Handshake

Impact Through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. Patches The issue is resolved in the v1.16.9 and v1.17.0 releases of Geth. We recommend rotating the node key after applying the upgrade, which can be done by removing the...

7.5CVSS5.5AI score0.00447EPSS
Exploits0References7Affected Software1
Total number of security vulnerabilities5000