Lucene search
K
GithubMost viewed

33225 matches found

Github Security Blog
Github Security Blog
•added 2021/05/10 3:29 p.m.•49 views

Regular Expression Denial of Service in postcss

The npm package postcss from 7.0.0 and before versions 7.0.36 and 8.2.10 is vulnerable to Regular Expression Denial of Service ReDoS during source map parsing...

5.3CVSS4.4AI score0.0354EPSS
Exploits1References13Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/10 3:19 p.m.•49 views

Broken Authentication in Atlassian Connect Spring Boot

Broken Authentication in Atlassian Connect Spring Boot ACSB from version 1.1.0 before version 2.1.3. Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a...

6.5CVSS4.6AI score0.00651EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2021/05/06 3:58 p.m.•49 views

Denial of service in chrono-node

This affects the package chrono-node before 2.2.4. It hangs on a date-like string with lots of embedded spaces...

7.5CVSS3.2AI score0.01987EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/20 4:30 p.m.•49 views

Improper Restriction of XML External Entity Reference in pikepdf

models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries...

7.5CVSS5.1AI score0.01713EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/19 2:50 p.m.•49 views

Timing side channel vulnerability in endpoint request handler in Vaadin 15-19

Non-constant-time comparison of CSRF tokens in endpoint request handler in com.vaadin:flow-server versions 3.0.0 through 5.0.3 Vaadin 15.0.0 through 18.0.6, and com.vaadin:fusion-endpoint version 6.0.0 Vaadin 19.0.0 allows attacker to guess a security token for Fusion endpoints via timing attack....

4CVSS3.6AI score0.00211EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/19 2:49 p.m.•49 views

Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11

Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2 allows attacker to update element property values via crafted synchronization message. - https://vaadin.com/security/cve-2018-25007...

4.3CVSS3.6AI score0.00574EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/13 3:30 p.m.•49 views

LDAP Injection in is-user-valid

All versions of package is-user-valid are vulnerable to LDAP Injection which can lead to either authentication bypass or information exposure...

7.5CVSS3.2AI score0.01419EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/12 6:51 p.m.•49 views

mongodb-client-encryption vulnerable to Improper Certificate Validation

A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Node.js driver and th...

6.8CVSS6.2AI score0.00204EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/07 9:47 p.m.•49 views

Exposure of Sensitive Information to an Unauthorized Actor and Insecure Temporary File in Ansible

A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and t...

4.7CVSS6AI score0.00374EPSS
Exploits0References14Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/07 8:58 p.m.•49 views

Cross-site scripting in actionpack

In actionpack gem = 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed in another page a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This...

6.1CVSS5.7AI score0.70717EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2021/04/07 8:56 p.m.•49 views

Improper Certificate Validation in phpseclib

phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS1 v1.5 signature verification...

7.5CVSS3.7AI score0.01055EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2021/03/29 8:59 p.m.•49 views

Out-of-bounds write

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916...

7.6CVSS2.6AI score0.09215EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/02/05 8:43 p.m.•49 views

Prototype pollution in dotty

Prototype pollution vulnerability in 'dotty' before version 0.1.1 allows attackers to cause a denial of service and may lead to remote code execution...

9.8CVSS6.8AI score0.03337EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2021/01/11 8:38 p.m.•49 views

CSRF can expose users authentication token

Issue The /login and /change endpoints can return the authenticated user's authentication token in response to a GET request. Since GET requests aren't protected with a CSRF token, this could lead to a malicious 3rd party site acquiring the authentication token. Patches Version 3.4.5 and soon to ...

7.4CVSS2.9AI score0.00917EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
•added 2020/12/21 6:1 p.m.•49 views

Jupyter Server open redirect vulnerability

Impact What kind of vulnerability is it? Who is impacted? Open redirect vulnerability - a maliciously crafted link to a jupyter server could redirect the browser to a different website. All jupyter servers running without a baseurl prefix are technically affected, however, these maliciously craft...

6.1CVSS6.3AI score0.01351EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
•added 2020/12/21 4:28 p.m.•49 views

Cross-Site Scripting in Fluid view helpers

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 5.7 CWE-79 Problem It has been discovered that system extension Fluid typo3/cms-fluid of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. Solution Update to...

6.1CVSS5.8AI score0.00715EPSS
Exploits1References7Affected Software2
Github Security Blog
Github Security Blog
•added 2020/12/10 7:7 p.m.•49 views

CHECK-fail in LSTM with zero-length input in TensorFlow

Impact Running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a query-of-death vulnerability, via denial of service, if users can control the input to the layer. Patches We have patched the...

4.4CVSS3.8AI score0.00166EPSS
Exploits0References7Affected Software3
Github Security Blog
Github Security Blog
•added 2020/12/01 8:25 p.m.•49 views

Base class whitelist configuration ignored in OAuthenticator

Impact What goes wrong? The deprecated in jupyterhub 1.2 configuration Authenticator.whitelist, which should be transparently mapped to Authenticator.allowedusers with a warning, is instead ignored by OAuthenticator classes, resulting in the same behavior as if this configuration has not been set...

6.3CVSS1.7AI score0.01108EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2020/10/16 4:55 p.m.•49 views

RCE in XWiki

Impact Any user with SCRIPT right EDIT right before XWiki 7.4 can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. Patches It has been patched in both version XWi...

9CVSS0.8AI score0.03218EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2020/10/08 7:55 p.m.•49 views

Cross-Site Scripting in ternary conditional operator

Meta CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C5.0 CWE-79 --- :informationsource: This vulnerability has been fixed in May 2019 already, CVE and GHSA were assigned later in October 2020 --- Problem It has been discovered that the Fluid Engine package typo3fluid/fluid is...

6.1CVSS2.8AI score0.00966EPSS
Exploits1References8Affected Software3
Github Security Blog
Github Security Blog
•added 2020/09/04 2:57 p.m.•49 views

Arbitrary Code Execution in handlebars

Versions of handlebars prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server...

3.3AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added 2020/09/03 3:54 p.m.•49 views

Cross-Site Scripting in bootstrap-select

Versions of bootstrap-select prior to 1.13.6 are vulnerable to Cross-Site Scripting XSS. The package does not escape title values on tags. This may allow attackers to execute arbitrary JavaScript in a victim's browser. Recommendation Upgrade to version 1.13.6 or later...

5.1AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2020/09/01 9:19 p.m.•49 views

Command Injection in ascii-art

Versions of ascii-art before 1.4.4 are vulnerable to command injection. This is exploitable when user input is passed into the argument of the ascii-art preview command. Example Proof of concept: ascii-art preview 'doom"; touch /tmp/malicious; echo "' Given that the input is passed on the command...

4.3AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2020/09/01 4:43 p.m.•49 views

Command Execution in windows-cpu

Version of windows-cpu before 0.1.5 will execute arbitrary code passed into the first argument of the findLoad method, resulting in remote code execution. Proof of Concept js var win = require'windows-cpu'; wind.findLoad'foo & calc.exe'; Recommendation Update to version 0.1.5 or later...

9.8CVSS9.6AI score0.04236EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2020/08/31 10:52 p.m.•49 views

Multiple Content Injection Vulnerabilities in marked

Versions 0.3.0 and earlier of marked are affected by two cross-site scripting vulnerabilities, even when sanitize: true is set. The attack vectors for this vulnerability are GFM Codeblocks and JavaScript URLs. Recommendation Upgrade to version 0.3.1 or later...

6.1CVSS5.8AI score0.01715EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2020/07/29 6:7 p.m.•49 views

Directory traversal in rollup-plugin-server

This affects all versions of package rollup-plugin-server. There is no path sanitization in readFile operation performed inside the readFileFromContentBase function...

7.5CVSS3.9AI score0.01768EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2020/06/18 2:44 p.m.•49 views

Deserialization of untrusted data in Jackson Databind

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and...

8.1CVSS3.2AI score0.04421EPSS
Exploits0References13Affected Software1
Github Security Blog
Github Security Blog
•added 2020/06/11 12:4 a.m.•49 views

Uncontrolled Resource Consumption in Indy Node

Summary Indy Node has a bug in TAA handling code. The current primary can be crashed with a malformed transaction from a client, which leads to a view change. Repeated rapid view changes have the potential of bringing down the network. Discovery On May 18, Evernym's monitoring of Sovrin StagingNe...

7.5CVSS7.4AI score0.01731EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2019/10/14 9:23 p.m.•49 views

Incorrect Access Control vulnerability in api-platform/core

API Platform version from 2.2.0 to 2.3.5 contains an Incorrect Access Control vulnerability in GraphQL delete mutations that can result in a user authorized to delete a resource can delete any resource. This attack appears to be exploitable via the user must be authorized. This vulnerability...

6.5CVSS5.5AI score0.01024EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2019/08/01 7:18 p.m.•49 views

Undertow Missing Authorization when requesting a protected directory without trailing slash

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api...

7.5CVSS8.3AI score0.03478EPSS
Exploits0References17Affected Software1
Github Security Blog
Github Security Blog
•added 2019/08/01 7:18 p.m.•49 views

Deserialization of untrusted data in FasterXML jackson-databind

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2, 2.8.11.4, 2.7.9.6, and 2.6.7.3. This occurs when Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the logback jar in the...

7.5CVSS8.4AI score0.10763EPSS
Exploits0References31Affected Software1
Github Security Blog
Github Security Blog
•added 2018/10/24 7:42 p.m.•49 views

Improper Input Validation in alilibaba:fastjson

parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is...

10CVSS6.1AI score0.3897EPSS
Exploits2References6Affected Software2
Github Security Blog
Github Security Blog
•added 2018/10/19 4:42 p.m.•49 views

Improper Certificate Validation in Apache activemq-client

TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default...

7.4CVSS2.6AI score0.0699EPSS
Exploits0References13Affected Software1
Github Security Blog
Github Security Blog
•added 2018/10/16 5:21 p.m.•49 views

Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization

Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization. De-serializing untrusted data can lead to security flaws...

9.8CVSS2.1AI score0.06286EPSS
Exploits0References17Affected Software1
Github Security Blog
Github Security Blog
•added 2018/08/09 8:13 p.m.•49 views

superagent vulnerable to zip bomb attacks

Affected versions of superagent do not check the post-decompression size of ZIP compressed HTTP responses prior to decompressing. This results in the package being vulnerable to a ZIP bomb attack, where an extremely small ZIP file becomes many orders of magnitude larger when decompressed. This ma...

7.1CVSS6AI score0.01767EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2017/10/24 6:33 p.m.•49 views

actionpack Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/formtaghelper.rb in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the prompt field to the selecttag helper...

4.3CVSS4.1AI score0.01306EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
•added 2017/10/24 6:33 p.m.•49 views

actionpack allows bypass of database-query restrictions

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query...

6.4CVSS3.7AI score0.02371EPSS
Exploits0References16Affected Software1
Github Security Blog
Github Security Blog
•added 2017/10/24 6:33 p.m.•49 views

Potential for Script Injection in syntax-error

Versions of syntax-error prior to 1.1.1 are affected by a cross-site scripting vulnerability which may allow a malicious file to execute code when browserified. Recommendation Update to version 1.1.1 or later...

10CVSS6AI score0.13441EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
•added 2026/05/18 5:24 p.m.•48 views

ruby-jwt: Empty-key HMAC bypass; cross-language sibling of CVE-2026-44351

JWT.decodetoken, '', true, algorithm: 'HS256' accepts an attacker-forged token. OpenSSL::HMAC.digest'SHA256', '', payload returns a valid digest under an empty key, and no raise InvalidKeyError if key.empty? precondition exists in the HMAC algorithm. JWT.decodetoken, "", true, algorithm: 'HS256' ...

9.1CVSS5.7AI score0.00236EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2026/05/06 9:31 p.m.•48 views

Duplicate Advisory: OpenClaw: MCP loopback owner context is derived from server-issued bearer tokens

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r6xh-pqhr-v4xh. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.22 derives loopback MCP owner context from spoofable server-issued bearer tokens in request...

8.5CVSS5.7AI score0.00112EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/08 7:22 p.m.•48 views

mcp-from-openapi is Vulnerable to SSRF via $ref Dereferencing in Untrusted OpenAPI Specifications

Summary The mcp-from-openapi library uses @apidevtools/json-schema-ref-parser to dereference $ref pointers in OpenAPI specifications without configuring any URL restrictions or custom resolvers. A malicious OpenAPI specification containing $ref values pointing to internal network addresses, cloud...

7.5CVSS6AI score0.00319EPSS
Exploits1References4Affected Software3
Github Security Blog
Github Security Blog
•added 2026/04/08 12:16 a.m.•48 views

Hono: Path traversal in toSSG() allows writing files outside the output directory

Summary A path traversal issue in toSSG allows files to be written outside the configured output directory during static site generation. When using dynamic route parameters via ssgParams, specially crafted values can cause generated file paths to escape the intended output directory. Details The...

7.5CVSS5.8AI score0.00532EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 3:43 a.m.•48 views

Auth0 WordPress Plugin has Insufficient Entropy in Cookie Encryption

Impact In applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session cookies. Am I Affected? Consumers are affected if their application meets the following preconditions: - It ...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/01 8:25 p.m.•48 views

Open WebUI has Broken Access Control in Tool Valves

Summary Broken Access Control in Tool Valves Open WebUI supports function calling through "Tools". Function calling allows an LLM to reliably connect to external tools and interact with external APIs. Exemplary use-cases include connecting to an internal knowledge base, retrieving emails from an...

7.7CVSS6AI score0.05271EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/01/21 11:1 p.m.•48 views

Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions

Impact Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their...

8.2CVSS5.6AI score0.01535EPSS
Exploits0References5Affected Software4
Github Security Blog
Github Security Blog
•added 2024/11/20 9:30 p.m.•48 views

Duplicate Advisory: Querydsl SQL/HQL injection

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6q3q-6v5j-h6vg. This link is maintained to preserve external references. Original Description Querydsl 5.1.0 allows SQL/HQL injection in orderBy in JPAQuery...

6.9AI score0.00391EPSS
Exploits0References7Affected Software4
Github Security Blog
Github Security Blog
•added 2024/10/08 8:24 p.m.•48 views

Microsoft Security Advisory CVE-2024-43484 | .NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2024-43484 | .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in System.IO.Packaging. This advisory also provides guidance on what developers can do to update their...

7.5CVSS7.7AI score0.02893EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2024/08/21 3:30 p.m.•48 views

Undertow vulnerable to Race Condition

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the...

7.5CVSS6.5AI score0.02644EPSS
Exploits0References18Affected Software1
Github Security Blog
Github Security Blog
•added 2024/08/20 6:31 p.m.•48 views

Grafana plugin data sources vulnerable to access control bypass

Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associated access to any other data source, as the ReqActions check was not scoped to each specific datasource. The account must have prior query...

5.4CVSS6.9AI score0.00305EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2024/07/30 9:31 a.m.•48 views

GraphQL Java does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service

GraphQL Java aka graphql-java before 21.5 does not properly consider ExecutableNormalizedFields ENFs as part of preventing denial of service via introspection queries. 20.9 and 19.11 are also fixed versions...

5.3CVSS6.9AI score0.00943EPSS
Exploits2References11Affected Software1
Total number of security vulnerabilities5000