Lucene search
K
GithubMost viewed

33225 matches found

Github Security Blog
Github Security Blog
added 2024/07/17 4:1 p.m.48 views

BlastRADIUS also affects eduMFA

Summary BlastRADIUS see blastradius.fail for details also affects eduMFA prior version 2.2.0, because the Message-Authenticator attributes were not checked. Details Website with the vulnerability information blastradius.fail The original vulnerability has been assigned CVE-2024-3596 Case in vince...

9CVSS6.8AI score0.14859EPSS
Exploits2References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/07/15 6:30 a.m.48 views

langchain-experimental vulnerable to Arbitrary Code Execution

Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' on all values. An attacker can exploit this vulnerability and execute arbitrary python code if the...

8.5CVSS8.1AI score0.01864EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/17 10:28 p.m.48 views

Firefly III has a MFA bypass in oauth flow

Impact A MFA bypass in the Firefly III OAuth flow may allow malicious users to bypass the MFA-check. This allows malicious users to use password spraying to gain access to your Firefly III data using passwords stolen from other sources. As OAuth applications are easily enumerable using an...

5.9CVSS7.2AI score0.00594EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/05 3:30 p.m.48 views

PyMongo Out-of-bounds Read in the bson module

Versions of the package pymongo before 4.6.3 are vulnerable to Out-of-bounds Read in the bson module. Using the crafted payload the attacker could force the parser to deserialize unmanaged memory. The parser tries to interpret bytes next to buffer and throws an exception with string. If the...

8.1CVSS4.7AI score0.00663EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/15 9:47 p.m.48 views

gree/jose - "None" Algorithm treated as valid in tokens

Several widely-used JSON Web Token JWT libraries, including node-jsonwebtoken, pyjwt, namshi/jose, php-jwt, and jsjwt, are affected by critical vulnerabilities that could allow attackers to bypass the verification step when using asymmetric keys RS256, RS384, RS512, ES256, ES384, ES512...

7.3AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/17 6:21 p.m.48 views

.NET Elevation of Privilege Vulnerability

Microsoft Security Advisory CVE-2024-21409 | .NET Elevation of Privilege Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 7.0 ,and .NET 8.0. This advisory also provides guidance on what developers can do t...

7.3CVSS7.3AI score0.02513EPSS
Exploits0References5Affected Software3
Github Security Blog
Github Security Blog
added 2024/04/10 10:4 p.m.48 views

Evmos transaction execution not accounting for all state transition after interaction with precompiles

Context - stateObject: represents the state of an account and is used to store its updates during a state transition. This is accomplished using two in memory Storage variables: originStorage and dirtyStorage - StateDB: it is the general interface to retrieve accounts and holds a map of...

9.1CVSS7.2AI score0.00943EPSS
Exploits0References7Affected Software9
Github Security Blog
Github Security Blog
added 2024/03/22 3:31 p.m.48 views

Cross-site Scripting in Moodle Chat

The Chat activity in Moodle 4.3.3 allows students to insert a potentially unwanted HTML A element or IMG element, or HTML content that leads to a performance degradation. NOTE: the vendor's UsingChat page says "If you know some HTML code, you can use it in your text to do things like insert image...

5.4CVSS6.5AI score0.00551EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/03/12 6:31 p.m.48 views

Remote Code Execution Vulnerability in Microsoft Django Backend for SQL Server

Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability...

8.8CVSS8.5AI score0.02124EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/02/23 6:30 p.m.48 views

Onnx Directory Traversal vulnerability

Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch adde...

7.5CVSS7.5AI score0.01189EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2024/02/02 8:43 p.m.48 views

PHPMailer Local file inclusion

Impact Arbitrary local file inclusion via the $lang property, remotely exploitable if host application passes unfiltered user data into that property. The 3 CVEs listed are applications that used PHPMailer that were vulnerable to this problem. Patches It's not known exactly when this was fixed in...

7.5CVSS6.3AI score0.01381EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/29 10:30 p.m.48 views

Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature

Summary The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system...

9.8CVSS9.8AI score0.00699EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/16 9:13 p.m.48 views

Breaking unlinkability in Identity Mixer using malicious keys

CL Signatures Issuer Key Correctness Proof lacks of prime strength checking A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key ...

5.3CVSS6.8AI score0.00428EPSS
Exploits1References5Affected Software2
Github Security Blog
Github Security Blog
added 2023/12/19 9:17 p.m.48 views

containerd allows RAPL to be accessible to a container

/sys/devices/virtual/powercap accessible by default to containers Intel's RAPL Running Average Power Limit feature, introduced by the Sandy Bridge microarchitecture, provides software insights into hardware energy consumption. To facilitate this, Intel introduced the powercap framework in Linux...

5.5CVSS7AI score0.00462EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/14 6:30 p.m.48 views

Cross-site Scripting in cesium

A cross-site scripting XSS vulnerability in CesiumJS v1.111 allows attackers to execute arbitrary code in the context of the victim's browser via sending a crafted payload to /containerfiles/publichtml/doc/index.html. NOTE: the vendor’s position is that Apps/Sandcastle/standalone.html is part of...

6.1CVSS6AI score0.00314EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/12 3:57 p.m.48 views

piccolo SQL Injection via named transaction savepoints

Summary The handling of named transaction savepoints in all database implementations is vulnerable to SQL Injection as user provided input is passed directly to connection.execute... via f-strings. Details An excerpt of the Postgres savepoint handling: python async def savepointself, name:...

9.1CVSS8AI score0.00776EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/18 12:31 a.m.48 views

MySQL Connectors takeover vulnerability

Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/J. Supported versions that are affected are 8.1.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful...

8.3CVSS6.1AI score0.00872EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2023/09/14 4:16 p.m.48 views

Jetty vulnerable to errant command quoting in CGI Servlet

If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the...

3.5CVSS6.9AI score0.01006EPSS
Exploits1References8Affected Software4
Github Security Blog
Github Security Blog
added 2023/08/11 6:31 p.m.48 views

OpenNMS Horizon XXE Injection Vulnerability

XXE injection in /rtc/post/ endpoint in OpenNMS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to XML external entity XXE injection, which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external services. The solution...

6.1CVSS6.9AI score0.00489EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/08/09 1:4 p.m.48 views

.NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2023-38178: .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0. This advisory also provides guidance on what developers can do to update their applications to...

7.5CVSS6.7AI score0.02563EPSS
Exploits0References4Affected Software8
Github Security Blog
Github Security Blog
added 2023/08/08 5:12 p.m.48 views

Several quadratic complexity bugs may lead to denial of service in Commonmarker

Impact Several quadratic complexity bugs in commonmarker's underlying cmark-gfm library may lead to unbounded resource exhaustion and subsequent denial of service. The following vulnerabilities were addressed: CVE-2023-37463 For more information, consult the release notes for version 0.29.0.gfm.1...

7.5CVSS7AI score0.00591EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/28 3:30 p.m.48 views

Code injection in oscore

oscore v2.2.6 and below was discovered to contain a code injection vulnerability in the component com.opensymphony.util.EJBUtils.createStateless. This vulnerability is exploited via passing an unchecked argument...

9.8CVSS7.7AI score0.00987EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/25 6:25 p.m.49 views

Information Disclosure due to Out-of-scope Site Resolution

CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C 3.5 Problem In multi-site scenarios, enumerating the HTTP query parameters id and L allowed out-of-scope access to rendered content in the website frontend. For instance, this allowed visitors to access content of an internal site b...

5.3CVSS6.7AI score0.0088EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/18 6:47 p.m.48 views

OpenRefine vulnerable to zip slip in project import

Impact A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution if a user can be convinced to import it. Patches The vulnerability exists in all versions of OpenRefine up to and including 3.7.3. Users should update to OpenRefine 3.7.4 as soon as...

7.8CVSS7.6AI score0.00632EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/06 9:15 p.m.48 views

gRPC connection termination issue

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyo...

5.3CVSS5.3AI score0.00531EPSS
Exploits0References10Affected Software3
Github Security Blog
Github Security Blog
added 2023/06/30 6:31 p.m.48 views

Temporal Server vulnerable to Incorrect Authorization and Insecure Default Initialization of Resource

Insecure defaults in open-source Temporal Server before version 1.20 on all platforms allows an attacker to craft a task token with access to a namespace other than the one specified in the request. Creation of this task token must be done outside of the normal Temporal server flow. It requires t...

3.6CVSS6.1AI score0.00166EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/14 5:8 p.m.48 views

.NET Denial of Service vulnerability

Microsoft Security Advisory CVE-2023-29331: .NET Denial of Service vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their...

7.5CVSS6.5AI score0.02627EPSS
Exploits0References6Affected Software14
Github Security Blog
Github Security Blog
added 2023/04/24 10:42 p.m.48 views

HTTP Multiline Header Termination

Impact Affected versions of Laminas Diactoros accepted a single line feed LF / \n character at the end of a header name. When serializing such a header name containing a line-feed into the on-the-wire representation of a HTTP/1.x message, the resulting message would be syntactically invalid, due ...

7.5CVSS6AI score0.00965EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/19 6:33 p.m.48 views

Strapi does not verify the access or ID tokens issued during the OAuth flow

Strapi 3.2.1 until 4.6.0 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. A remote attacker could forge an ID token that is signed using the 'None' type algorithm to bypass authentication and impersonate any user...

8.2CVSS6.4AI score0.04158EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/18 1:14 p.m.48 views

Shopware Has Improper Control of Generation of Code in Twig rendered views

Impact We fixed with CVE-2023-22731 Twig filters to only be executed with allowed functions. It is possible to pass PHP Closures as string or an array and array crafted PHP Closures was not checked against allow list Patches The problem has been fixed with 6.4.20.1 with an improved override...

9.9CVSS8.4AI score0.02083EPSS
Exploits1References7Affected Software2
Github Security Blog
Github Security Blog
added 2023/04/15 3:30 p.m.48 views

Weak Password Requirements in calibreweb

Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20...

9.8CVSS9AI score0.00742EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/13 12:30 p.m.48 views

Apache Sling Engine vulnerable to cross-site scripting (XSS) that can lead to privilege escalation

The SlingRequestDispatcher doesn't correctly implement the RequestDispatcher API resulting in a generic type of include-based cross-site scripting issues on the Apache Sling level. The vulnerability is exploitable by an attacker that is able to include a resource with specific content-type and...

9CVSS8.4AI score0.01121EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/27 10:17 p.m.48 views

Apiman vulnerable to permissions bypass due to missing check on API key URL

Impact Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL. The URL includes Organisation ID, Client ID, and Client Version of the targeted non-permitted...

6.4CVSS4.9AI score0.0034EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/17 6:24 p.m.48 views

PHAR deserialization allowing remote code execution

Description snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the fileexists function. If an attacker can upload files of any type to the server he can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitra...

9.8CVSS9.9AI score0.0276EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/10 9:30 p.m.48 views

Denial of service in Jenkins Core

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service...

7.5CVSS7.4AI score0.0098EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/10 3:30 p.m.48 views

Apache Log4j 1.x (EOL) allows Denial of Service (DoS)

UNSUPPORTED WHEN ASSIGNED When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted ie deeply nested hashmap or hashtable depending on which logging component is in use to be processed...

7.5CVSS7.3AI score0.01905EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2023/02/16 2:11 p.m.48 views

Supplementary groups are not set up properly in github.com/containerd/containerd

Impact A bug was found in containerd where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in...

7.8CVSS7.2AI score0.00542EPSS
Exploits1References15Affected Software1
Github Security Blog
Github Security Blog
added 2023/02/13 6:30 a.m.48 views

Cross-site Scripting vulnerability in drag-and-drop upload of phpMyAdmin

In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger Cross-site Scripting XSS by uploading a crafted .sql file through the drag-and-drop interface. By disabling the configuration directive $cfg'enabledragdropimport', users will be unable to use the drag and drop...

5.4CVSS5.1AI score0.01163EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/01/27 12:30 a.m.48 views

Improper Certificate Validation in pyload-ng

Improper Certificate Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev44...

7.4CVSS7.2AI score0.00526EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/01/26 9:30 p.m.48 views

CSRF vulnerability in Jenkins GitHub Pull Request Builder Plugin

A cross-site request forgery CSRF vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS8.7AI score0.00556EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/01/26 7:51 p.m.48 views

magento-lts Reset Password not protected against well-timed CSRF

Impact Password reset form is vulnerable to CSRF between time reset password link is clicked and user submits new password. Patches PR forthcoming Workarounds None...

4.3CVSS1.9AI score0.00383EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/01/16 12:30 p.m.48 views

Apache Superset's SQL Alchemy connector vulnerable to SQL Injection

A vulnerability in the SQL Alchemy connector of Apache Superset allows an authenticated user with read access to a specific database to add subqueries to the WHERE and HAVING fields referencing tables on the same database that the user should not have access to, despite the user having the featur...

5.4CVSS5.7AI score0.01194EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/01/09 8:5 p.m.48 views

Apiman Manager API affected by Jackson denial of service vulnerability

Impact Due to a vulnerability in jackson-databind = 2.12.6.0, an authenticated attacker could craft an Apiman policy configuration which, when saved, may cause a denial of service on the Apiman Manager API. This does not affect the Apiman Gateway. Patches Upgrade to Apiman 3.0.0.Final or later. I...

7.5CVSS2AI score0.0486EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/16 9:30 p.m.48 views

HuTool vulnerable to Uncontrolled Resource Consumption

A vulnerability classified as problematic was found in Dromara HuTool up to 5.8.10. This vulnerability affects unknown code of the file cn.hutool.core.util.ZipUtil.java. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the...

7.5CVSS7.5AI score0.00897EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/11/19 12:30 a.m.48 views

HTTP response splitting in CGI

Ruby gem cgi.rb prior to versions 0.3.5, 0.2.2 and 0.1.0.2 allow HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to...

8.8CVSS8.5AI score0.02287EPSS
Exploits1References15Affected Software1
Github Security Blog
Github Security Blog
added 2022/10/19 7:0 p.m.48 views

Jenkins Script Security Plugin sandbox bypass vulnerability

A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b0b0aa451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary...

9.9CVSS9.3AI score0.01428EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/09/25 12:0 a.m.48 views

Scala subject to file deletion, code execution due to Java deserialization chain with LazyList object deserialization

Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with LazyList object deserialization within an application. In such situations, it allows attackers to erase contents of arbitrary files, make netwo...

9.8CVSS9.3AI score0.08343EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2022/09/23 8:31 p.m.48 views

protobuf-cpp and protobuf-python have potential Denial of Service issue

Summary A message parsing and memory management vulnerability in ProtocolBuffer’s C++ and Python implementations can trigger an out of memory OOM failure when processing a specially crafted message, which could lead to a denial of service DoS on services using the libraries. Reporter: ClusterFuzz...

7.5CVSS2.7AI score0.01191EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2022/09/19 12:0 a.m.48 views

Vuetify Cross-site Scripting vulnerability

The package vuetify from 2.0.0-beta.4 and before 2.6.10 are vulnerable to Cross-site Scripting XSS due to improper input sanitization in the 'eventName' function within the VCalendar component...

5.4CVSS2.2AI score0.0066EPSS
Exploits1References8Affected Software2
Github Security Blog
Github Security Blog
added 2022/09/16 5:20 p.m.48 views

mako is vulnerable to Regular Expression Denial of Service

Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin...

7.5CVSS7.2AI score0.01718EPSS
Exploits1References10Affected Software1
Total number of security vulnerabilities5000