Lucene search
K
GithubMost viewed

33225 matches found

Github Security Blog
Github Security Blog
added 2024/08/02 9:12 p.m.49 views

Reposilite artifacts vulnerable to Stored Cross-site Scripting

Summary Reposilite v3.5.10 is affected by Stored Cross-Site Scripting XSS when displaying artifact's content in the browser. Details As a Maven repository manager, Reposilite provides the ability to view the artifacts content in the browser, as well as perform administrative tasks via API. The...

7.1CVSS6.8AI score0.00783EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2024/07/05 7:42 p.m.49 views

Pomerium exposed OAuth2 access and ID tokens in user info endpoint response

Impact The Pomerium user info page at /.pomerium unintentionally included serialized OAuth2 access and ID tokens from the logged-in user's session. These tokens are not intended to be exposed to end users. This issue may be more severe in the presence of an XSS vulnerability in an upstream...

6.5CVSS5.8AI score0.00416EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/07/01 8:35 p.m.49 views

Session Middleware Token Injection Vulnerability

A security vulnerability has been identified in the Fiber session middleware where a user can supply their own sessionid value, leading to the creation of a session with that key. Impact The identified vulnerability is a session middleware issue in GoFiber versions 2 and above. This vulnerability...

10CVSS6.7AI score0.00686EPSS
Exploits0References5Affected Software3
Github Security Blog
Github Security Blog
added 2024/06/12 7:39 p.m.49 views

@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass

Summary By combining two vulnerabilities an Open Redirect and session token sent as URL query parameter in Strapi framework is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction one click. Impact...

8.1CVSS7.1AI score0.0071EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/15 10:26 p.m.49 views

State Guessing Vulnerability in laravel/socialite

laravel/socialite versions prior to 2.0.10 are susceptible to a security vulnerability related to state guessing during OAuth authentication. This vulnerability could potentially lead to session hijacking, allowing attackers to compromise user sessions. The issue has been addressed and fixed in...

7AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/16 12:30 a.m.49 views

mlflow vulnerable to Path Traversal

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the deleteartifactmlflowartifacts handler and localfileuritopath function, allowing for...

8.1CVSS8AI score0.00856EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/06 6:31 a.m.49 views

PyMongo Out-of-bounds Read in the bson module

Versions of the package pymongo before 4.6.3 are vulnerable to Out-of-bounds Read in the bson module. Using the crafted payload the attacker could force the parser to deserialize unmanaged memory. The parser tries to interpret bytes next to buffer and throws an exception with string. If the...

4.6AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/03/11 9:25 p.m.49 views

Account Takeover via Session Fixation in Zitadel [Bypassing MFA]

Impact ZITADEL uses a cookie to identify the user agent browser and its user sessions. Although the cookie was handled according to best practices, it was accessible on subdomains of the ZITADEL instance. An attacker could take advantage of this and provide a malicious link hosted on the subdomai...

7.5CVSS6AI score0.00335EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/02/28 12:30 p.m.49 views

Apache Superset: Improper error handling on alerts

An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. This error is not properly handled by Apache Superset and may inadvertently surface in the error log of the Alert...

4.3CVSS7.5AI score0.00969EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/02/06 3:32 p.m.49 views

Allegro AI ClearML path traversal vulnerability

A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user’s system when interacted with...

8.8CVSS8.6AI score0.00798EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/12/09 12:39 a.m.49 views

Local Privilege Escalation in Windows

Impact A PyInstaller built application, elevated as a privileged process, may be tricked by an unprivileged attacker into deleting files the unprivileged user does not otherwise have access to. A user is affected if all the following are satisfied: The user runs an application containing either...

8.8CVSS6.9AI score0.00324EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2023/12/08 6:30 a.m.49 views

mockjs vulnerable to Prototype Pollution via the Util.extend function

All versions of the package mockjs are vulnerable to Prototype Pollution via the Util.extend function due to missing check if the attribute resolves to the object prototype. By adding or modifying attributes of an object prototype, it is possible to create attributes that exist on every object, o...

8.2CVSS6.9AI score0.00801EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/12/04 11:13 p.m.49 views

HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL

Summary HtmlUnit 3.8.0 are vulnerable to Remote Code Execution RCE via XSTL, when browsing the attacker’s webpage Details Vulnerability code location: org.htmlunit.activex.javascript.msxml.XSLProcessortransformorg.htmlunit.activex.javascript.msxml.XMLDOMNode The reason for the vulnerability is th...

9.8CVSS8AI score0.02378EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/20 8:58 p.m.49 views

JWT Algorithm Confusion

Summary The fast-jwt library does not properly prevent JWT algorithm confusion for all public key types. Details The 'publicKeyPemMatcher' in 'fast-jwt/src/crypto.js' does not properly match all common PEM formats for public keys. To exploit this vulnerability, an attacker needs to craft a...

5.9CVSS6.8AI score0.00687EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/07 11:2 p.m.49 views

XWiki Platform vulnerable to privilege escalation and remote code execution via the edit action

Impact In XWiki Platform, it's possible for a user to execute any content with the right of an existing document's content author, provided the user have edit right on it. The reason for this is that the edit action sets the content without modifying the content author. To reproduce: Log in as a...

9.9CVSS6.9AI score0.00985EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/10 9:31 p.m.49 views

MTProto proxy remote code execution vulnerability

In the mtprotoproxy aka MTProto proxy component through 0.7.2 for Erlang, a low-privileged remote attacker can access an improperly secured default installation without authenticating and achieve remote command execution ability...

8.8CVSS7.2AI score0.01513EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/21 5:14 p.m.49 views

plone.namedfile vulnerable to Stored Cross Site Scripting with SVG images

Impact There is a stored cross site scripting vulnerability for SVG images. A security hotfix from 2021 already partially fixed this, by making sure SVG images are always downloaded instead of shown inline. But the same problem still exists for scales of SVG images. Note that an image tag with an...

5.4CVSS6.2AI score0.00475EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/14 4:16 p.m.49 views

Jetty vulnerable to errant command quoting in CGI Servlet

If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the...

3.5CVSS6.9AI score0.01006EPSS
Exploits1References8Affected Software4
Github Security Blog
Github Security Blog
added 2023/09/08 6:30 p.m.49 views

Terraform allows arbitrary file write during the `init` operation

Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the init operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7...

7.8CVSS6.9AI score0.00255EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/01 8:51 p.m.49 views

tss-lib leaks secret keys in response to incorrectly constructed Paillier moduli

Impact The specification of the GG18 threshold ECDSA signature protocol contains a vulnerability allowing an attacker to recover the shared secret key. If a participant generates a Paillier modulus N containing small factors less than 2^100 they can interact with other participants in the signing...

6.7AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/08/24 10:22 p.m.49 views

libp2p nodes vulnerable to OOM attack

Summary In go-libp2p, by using signed peer records a malicious actor can store an arbitrary amount of data in a remote node’s memory. This memory does not get garbage collected and so the victim can run out of memory and crash. It is feasible to do this at scale. An attacker would have to transfe...

7.5CVSS6.7AI score0.00772EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/08/22 9:30 p.m.49 views

Apache XML Graphics Batik Server-Side Request Forgery vulnerability

Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even...

7.1CVSS6.6AI score0.00786EPSS
Exploits0References11Affected Software3
Github Security Blog
Github Security Blog
added 2023/08/09 12:51 p.m.49 views

Angular critical CSS inlining Cross-site Scripting Vulnerability Advisory

Impact Angular Universal applications on 16.1.0 and 16.1.1 using critical CSS inlining are vulnerable to a cross-site scripting XSS attack where an attacker can trick another user into visiting a page which injects malicious JavaScript. Angular CLI applications without Universal do perform critic...

6.7AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/19 3:30 p.m.49 views

Pygments vulnerable to ReDoS

A ReDoS issue was discovered in pygments/lexers/smithy.py in Pygments until 2.15.0 via SmithyLexer...

5.5CVSS6.5AI score0.00503EPSS
Exploits1References11Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/12 12:31 p.m.49 views

RocketMQ NameServer component Code Injection vulnerability

The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the...

9.8CVSS9.8AI score0.8993EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/11 10:45 p.m.49 views

Microsoft Security Advisory CVE-2023-33127: .NET Remote Code Execution Vulnerability

Microsoft Security Advisory CVE-2023-33127: .NET Remote Code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update thei...

8.1CVSS8.3AI score0.01976EPSS
Exploits0References5Affected Software3
Github Security Blog
Github Security Blog
added 2023/07/05 9:38 p.m.49 views

1Panel vulnerable to command injection when adding container repositories

Impact The authenticated attacker can craft a malicious payload to achieve command injection when adding container repositories. 1. Vulnerability analysis. backend\app\api\v1\imagerepo.gocreate backend\app\service\imagerepo.goCheckConn 2. vulnerability reproduction. POST /api/v1/containers/repo...

8.8CVSS7.3AI score0.02313EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/24 10:34 p.m.49 views

Rancher Webhook is misconfigured during upgrade process

Impact A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into the Kubernetes cluster. When the Webhook is operating in a degraded state, it no...

9.9CVSS8.9AI score0.00779EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/18 1:14 p.m.49 views

Shopware Has Improper Control of Generation of Code in Twig rendered views

Impact We fixed with CVE-2023-22731 Twig filters to only be executed with allowed functions. It is possible to pass PHP Closures as string or an array and array crafted PHP Closures was not checked against allow list Patches The problem has been fixed with 6.4.20.1 with an improved override...

9.9CVSS8.4AI score0.02083EPSS
Exploits1References7Affected Software2
Github Security Blog
Github Security Blog
added 2023/04/14 6:28 p.m.49 views

Snowflake JDBC vulnerable to command injection via SSO URL authentication

Snowflake JDBC driver is vulnerable to command injection vulnerability via SSO URL authentication. The vulnerability was patched on March 17, 2023 as part of Snowflake JDBC driver Version 3.13.29. An attacker could set up a malicious, publicly accessible server which responds to the SSO URL with ...

8.8CVSS9.1AI score0.01668EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/02 9:30 p.m.49 views

Jenkins Mashup Portlets Plugin vulnerable to stored cross-site scripting

Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic JS Portlet" feature that lets a user populate a portlet using a custom JavaScript expression. This results in a stored cross-site scripting XSS vulnerability exploitable by authenticated attackers with Overall/Read permission...

5.4CVSS5.2AI score0.00571EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/27 10:17 p.m.49 views

Apiman vulnerable to permissions bypass due to missing check on API key URL

Impact Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL. The URL includes Organisation ID, Client ID, and Client Version of the targeted non-permitted...

6.4CVSS4.9AI score0.0034EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/23 9:30 p.m.49 views

tripleo-ansible may disclose important configuration details from an OpenStack deployment

A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information...

5.5CVSS4.8AI score0.002EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/02/01 1:37 a.m.49 views

Dompdf vulnerable to URI validation failure on SVG parsing

Summary The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing tags with uppercase letters. This might leads to arbitrary object unserialize on PHP tags, in src/Image/Cache.php : if $type === "svg" $parser = xmlparsercreate"utf-8"; xmlparsersetoption$parser,...

10CVSS9.2AI score0.03572EPSS
Exploits2References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/01/11 6:27 p.m.49 views

Zitadel RefreshToken invalidation vulnerability

Impact RefreshTokens is an OAuth 2.0 feature that allows applications to retrieve new access tokens and refresh the user's session without the need for interacting with a UI. RefreshTokens were not invalidated when a user was locked or deactivated. The deactivated or locked user was able to obtai...

5.9CVSS5.6AI score0.00599EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/29 1:49 a.m.49 views

CRI-O vulnerable to /etc/passwd tampering resulting in Privilege Escalation

Impact It is possible to craft an environment variable with newlines to add entries to a container's /etc/passwd. It is possible to circumvent admission validation of username/UID by adding such an entry. Note: because the pod author is in control of the container's /etc/passwd, this is not...

7.8CVSS1.6AI score0.00266EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/13 6:30 p.m.49 views

pgadmin4 vulnerable to Code Injection

The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to...

8.8CVSS8.3AI score0.79933EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/11/21 10:36 p.m.49 views

Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in xwiki-platform-icon-ui

Impact Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper neutralization of the macro parameters of the icon picker macro. The URL...

9.9CVSS8.9AI score0.0119EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/10/26 10:8 p.m.49 views

Twisted vulnerable to NameVirtualHost Host header injection

When the host header does not match a configured host, twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. Example configuration: python from twisted.web.server import Site from...

5.4CVSS5.8AI score0.01156EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/10/18 6:5 p.m.49 views

MySQL JDBC deserialization vulnerability

Impact In Dataease, the Mysql data source in the data source function can customize the JDBC connection parameters and the Mysql server target to be connected. In backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java, MysqlConfiguration class don't filter any parameters, directl...

9.8CVSS9.2AI score0.01473EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/09/30 12:0 a.m.49 views

Duplicate Advisory: AWS Redshift JDBC Driver fails to validate class type during object instantiation

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jc69-hjw2-fm86. This link is maintained to preserve external references. Original Description In Amazon AWS Redshift JDBC Driver aka amazon-redshift-jdbc-driver or redshift-jdbc42 before 2.1.0.8, the Object...

8.8CVSS7AI score0.01479EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/09/16 9:13 p.m.49 views

TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsPerChannel`

Impact If FakeQuantWithMinMaxVarsPerChannel is given min or max tensors of a rank other than one, it results in a CHECK fail that can be used to trigger a denial of service attack. python import tensorflow as tf numbits = 8 narrowrange = False inputs = tf.constant0, shape=4, dtype=tf.float32 min ...

7.5CVSS7.5AI score0.00396EPSS
Exploits0References5Affected Software3
Github Security Blog
Github Security Blog
added 2022/09/16 5:42 p.m.49 views

OPA Compiler: Bypass of WithUnsafeBuiltins using "with" keyword to mock functions

Impact The Rego compiler provides a deprecated WithUnsafeBuiltins function, which allows users to provide a set of built-in functions that should be deemed unsafe — and as such rejected — by the compiler if encountered in the policy compilation stage. A bypass of this protection has been found,...

9.8CVSS9.1AI score0.0127EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2022/08/27 12:0 a.m.49 views

Deluge Web-UI vulnerable to XSS through a crafted torrent file

The Deluge Web-UI is vulnerable to cross-site scripting through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context ...

6.1CVSS6AI score0.00736EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/15 9:7 p.m.49 views

Undertow vulnerable to memory exhaustion due to buffer leak

Buffer leak on incoming WebSocket PONG messages in Undertow before 2.0.40 and 2.2.10 can lead to memory exhaustion and allow a denial of service...

7.5CVSS7.3AI score0.01375EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/25 10:40 p.m.49 views

Cross-site Scripting in the Flamingo theme manager

Impact We found a possible XSS vector in the FlamingoThemesCode.WebHomeSheet wiki page related to the "newThemeName" form field. Patches The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, 13.10.3. Workarounds The easiest workaround is to edit the wiki page FlamingoThemesCode.WebHomeShe...

7.4CVSS5.7AI score0.01263EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 10:8 p.m.49 views

Missing validation causes denial of service via `SparseTensorToCSRSparseMatrix`

Impact The implementation of tf.rawops.SparseTensorToCSRSparseMatrix does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import tensorflow as tf indices = tf.constant53, shape=3, dtype=tf.int64 values =...

5.5CVSS6.3AI score0.00317EPSS
Exploits1References9Affected Software3
Github Security Blog
Github Security Blog
added 2022/05/24 5:48 p.m.49 views

Remote code execution vulnerability in Jenkins Templating Engine Plugin

Jenkins Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using Script Security Plugin. This vulnerability allows attackers with Job/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM. Jenkins Templating Engine Plugin 2....

8.8CVSS8.7AI score0.01749EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:6 p.m.49 views

Denial of service in ASP.NET Core

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'...

7.5CVSS2.1AI score0.07614EPSS
Exploits0References7Affected Software11
Github Security Blog
Github Security Blog
added 2022/05/24 5:2 p.m.49 views

Keycloak Authentication Error

A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none LDAP anonymous bind, any password, invalid or valid will be accepted...

9.3CVSS6.9AI score0.01076EPSS
Exploits0References4Affected Software1
Total number of security vulnerabilities5000