Lucene search
K
GithubMost viewed

33225 matches found

Github Security Blog
Github Security Blog
added 2020/08/31 10:49 p.m.48 views

LDAP Injection in ldapauth

Versions 2.2.4 and earlier of ldapauth-fork are affected by an LDAP injection vulnerability. This allows an attacker to inject and run arbitrary LDAP commands via the username parameter. Recommendation ldapauth is not actively maintained, having not seen a publish since 2014. As a result, there i...

7.5CVSS7.7AI score0.02117EPSS
Exploits0References9Affected Software2
Github Security Blog
Github Security Blog
added 2020/07/30 2:58 p.m.48 views

False-positive validity for NFT1 genesis transactions in SLPJS

Impact In the npm package named "slpjs", versions prior to 0.27.4 are vulnerable to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any of the...

7.5CVSS0.8AI score0.01036EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/07/27 10:51 p.m.48 views

Command Injection in Kylin

Similar to CVE-2020-1956, Kylin has one more restful API which concatenates the API inputs into OS commands and then executes them on the server; while the reported API misses necessary input validation, which causes the hackers to have the possibility to execute OS command remotely. Users of all...

10CVSS4.8AI score0.19859EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/07/07 4:32 p.m.48 views

XXE attack in Mapfish Print

Impact A user can do to an XML External Entity XXE attack with the provided SDL style. Patches Use version = 3.24 Workarounds No References https://cwe.mitre.org/data/definitions/611.html https://github.com/mapfish/mapfish-print/pull/1397/commits/e1d0527d13db06b2b62ca7d6afb9e97dacd67a0e For more...

9.3CVSS8.8AI score0.01342EPSS
Exploits0References5Affected Software3
Github Security Blog
Github Security Blog
added 2020/06/10 8:28 p.m.48 views

Command Injection in umount

All versions of umount are vulnerable to Command Injection. The package fails to sanitize input rules and passes it directly to an exec call on the umount function . This may allow attackers to execute arbitrary code in the system if the device value passed to the function is user-controlled...

9.8CVSS6.2AI score0.01744EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/05/07 6:4 p.m.48 views

Potential Observable Timing Discrepancy in Wagtail

Impact A potential timing attack exists on pages or documents that have been protected with a shared password through Wagtail's "Privacy" controls. This password check is performed through a character-by-character string comparison, and so an attacker who is able to measure the time taken by this...

6.1CVSS2.4AI score0.0025EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2020/02/27 8:36 p.m.48 views

Sanitizer bypass in svg-sanitizer

It is possible to bypass enshrined/svg-sanitize before 0.13.1 using the "xlink:href" attribute due to mishandling of the xlink namespace by the sanitizer...

6.1CVSS1.4AI score0.00741EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2019/11/12 11:0 p.m.48 views

Symfony Cross-site Scripting (XSS) vulnerability

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle...

5.4CVSS7AI score0.01048EPSS
Exploits0References11Affected Software4
Github Security Blog
Github Security Blog
added 2019/11/08 5:7 p.m.48 views

Cross-site scripting in Jupyter Notebook

Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document...

5.3CVSS0.2AI score0.01443EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2019/08/06 1:43 a.m.48 views

Allocation of Resources Without Limits or Throttling in Apache Tika

A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Users should upgrade to 1.22 or later...

8.8CVSS2.4AI score0.0484EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2019/08/01 7:18 p.m.48 views

Deserialization of untrusted data in FasterXML jackson-databind

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2, 2.8.11.4, 2.7.9.6, and 2.6.7.3. This occurs when Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the logback jar in the...

7.5CVSS8.4AI score0.10763EPSS
Exploits0References31Affected Software1
Github Security Blog
Github Security Blog
added 2019/07/17 7:14 p.m.48 views

System.Management.Automation subject to bypass via script debugging

Microsoft Security Advisory CVE-2019-1167: Windows Defender Application Control Security Feature Bypass Vulnerability Microsoft Security Advisory CVE-2019-1167: Windows Defender Application Control Security Feature Bypass Vulnerability Executive Summary A security feature bypass vulnerability...

4.1CVSS0.2AI score0.011EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2019/07/05 9:8 p.m.48 views

Insufficient Entropy in DotNetNuke

DNN aka DotNetNuke 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812...

7.5CVSS2.4AI score0.53618EPSS
Exploits4References5Affected Software1
Github Security Blog
Github Security Blog
added 2019/05/29 6:4 p.m.48 views

Denial of Service in axios

Versions of axios prior to 0.18.1 are vulnerable to Denial of Service. If a request exceeds the maxContentLength property, the package prints an error but does not stop the request. This may cause high CPU usage and lead to Denial of Service. Recommendation Upgrade to 0.18.1 or later...

7.5CVSS3.2AI score0.0598EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2019/03/07 6:48 p.m.48 views

Improper Input Validation in Apache Qpid Broker-J

A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 6.0.0-7.0.6 inclusive and 7.1.0 which allows an unauthenticated attacker to crash the broker instance by sending specially crafted commands using AMQP protocol versions below 1.0 AMQP 0-8, 0-9, 0-91 and 0-10. Users of...

7.5CVSS4.7AI score0.03815EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/17 4:32 p.m.48 views

In Apache Tomcat there is an improper handing of overflow in the UTF-8 decoder

An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86...

7.5CVSS4.9AI score0.20599EPSS
Exploits0References61Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/17 4:31 p.m.48 views

Apache Tomcat unauthorized access vulnerability

The URL pattern of "" the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It...

5.9CVSS7AI score0.17378EPSS
Exploits0References63Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/16 7:33 p.m.48 views

The installation wizard in DotNetNuke (DNN) allows privilege escalation

The installation wizard in DotNetNuke DNN before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx...

9.8CVSS8.9AI score0.74552EPSS
Exploits4References7Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/16 5:43 p.m.48 views

Moderate severity vulnerability that affects org.springframework:spring-core

Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP JSON with Padding through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser...

7.5CVSS3.1AI score0.03244EPSS
Exploits0References13Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/16 5:16 p.m.49 views

DotNetZip Zip-Slip Vulnerability

DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

5.5CVSS5.6AI score0.12165EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2018/08/29 11:43 p.m.48 views

nodemailer.js is malware

The nodemailer.js package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security...

7.5CVSS7.3AI score0.01177EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.48 views

activerecord vulnerable to SQL Injection

Multiple SQL injection vulnerabilities in the quotetablename method in the ActiveRecord adapters in activerecord/lib/activerecord/connectionadapters/ in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a...

7.5CVSS8.1AI score0.02375EPSS
Exploits0References15Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.48 views

crack does not properly restrict casts of string values

The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption by leveraging Action Pack support for 1 YAML type...

7.5CVSS5.6AI score0.04952EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 7:29 p.m.47 views

PyJWT: Unauthenticated DoS via unbounded Base64URL decoding of unused payload segment in b64=false detached JWS

!NOTE Practical impact depends on whether request body-size limits are enforced upstream proxy/web-server/framework. Deployments with typical body-size caps ≤2 MB bound the amplifier significantly; deployments accepting larger token inputs are more exposed. When verifying detached JWS tokens usin...

5.3CVSS5.5AI score0.00288EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/25 11:51 p.m.47 views

OpenClaw: Agent gateway config mutations could change protected operator settings

Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact The agent-facing gateway config.patch / config.apply guard did not cover several operator-trusted settings, including sandbox policy, plugin enablement, gateway auth/TLS, hook...

5.4AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 11:1 p.m.47 views

Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions

Impact Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their...

8.2CVSS5.6AI score0.01535EPSS
Exploits0References5Affected Software4
Github Security Blog
Github Security Blog
added 2025/03/12 7:42 p.m.47 views

omniauth-saml has dependency on ruby-saml version with Signature Wrapping Attack issue

Summary There are 2 new Critical Signature Wrapping Vulnerabilities CVE-2025-25292, CVE-2025-25291 and a potential DDOS Moderated Vulneratiblity CVE-2025-25293 affecting ruby-saml, a dependency of omniauth-saml. The fix will be applied to ruby-saml and released 12 March 2025, under version 1.18.0...

9.8CVSS6.2AI score0.63792EPSS
Exploits3References8Affected Software1
Github Security Blog
Github Security Blog
added 2025/01/21 9:21 p.m.47 views

Umbraco Allows User Enumeration Feasible Based On Management API Timing and Response Codes

Impact Based on an analysis of response codes and timing of Umbraco 14+ management API responses, it's possible to determine whether an account exists. Patches Patched in 14.3.2 and 15.1.2. Workarounds None available...

5.3CVSS5.1AI score0.01451EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/12/17 3:9 p.m.47 views

Next.js authorization bypass vulnerability

Impact If a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed. Patches This issue was patched in Next.js 14.2.15 and later. If your Next.js application is hosted on Vercel, this vulnerability has been automatical...

7.5CVSS7.4AI score0.03884EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/11/27 7:0 p.m.47 views

Querydsl vulnerable to HQL injection through orderBy

Summary The order by method enables injecting HQL queries. This may cause blind HQL injection, which could lead to leakage of sensitive information, and potentially also Denial Of Service. This vulnerability is present since the original querydsl repositoryhttps://github.com/querydsl/querydsl whe...

6.7AI score0.00391EPSS
Exploits0References9Affected Software4
Github Security Blog
Github Security Blog
added 2024/10/28 12:23 p.m.47 views

pyLoad vulnerable to remote code execution by download to /.pyload/scripts using /flashgot API

Summary The folder /.pyload/scripts has scripts which are run when certain actions are completed, for e.g. a download is finished. By downloading a executable file to a folder in /scripts and performing the respective action, remote code execution can be achieved. A file can be downloaded to such...

9.1CVSS6.7AI score0.00679EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/09/18 3:52 p.m.47 views

find-my-way has a ReDoS vulnerability in multiparametric routes

Impact A bad regular expression is generated any time you have two parameters within a single segment, when adding a - at the end, like /:a-:b-. Patches Update to find-my-way v8.2.2 or v9.0.1. or subsequent versions. Workarounds No known workarounds. References - CVE-2024-45296 - Detailed blog po...

5.3CVSS6.5AI score0.00674EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2024/09/10 7:41 p.m.47 views

express vulnerable to XSS via response.redirect()

Impact In express 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect may execute untrusted code Patches this issue is patched in express 4.20.0 Workarounds users are encouraged to upgrade to the patched version of express, but otherwise can workaround this issu...

5CVSS6.8AI score0.00458EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/08/20 8:4 p.m.47 views

Ghost's improper authentication allows access to member information and actions

Impact Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. Vulnerable versions This security vulnerability is present in Ghost v4.46.0-v5.89.5. GhostPro customers are automatically updated to fixed...

6.5CVSS6.5AI score0.00325EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2024/08/05 7:48 p.m.47 views

Nuxt Devtools has a Path Traversal: '../filedir'

Summary Nuxt Devtools is missing authentication on the getTextAssetContent RPC function which is vulnerable to path traversal. Combined with a lack of Origin checks on the WebSocket handler, an attacker is able to interact with a locally running devtools instance and exfiltrate data abusing this...

8.8CVSS9AI score0.01143EPSS
Exploits2References8Affected Software1
Github Security Blog
Github Security Blog
added 2024/07/23 8:46 p.m.47 views

Sentry vulnerable to stored Cross-Site Scripting (XSS)

Impact An unsanitized payload sent by an Integration platform integration allows the storage of arbitrary HTML tags on the Sentry side. This payload could subsequently be rendered on the Issues page, creating a Stored Cross-Site Scripting XSS vulnerability. This vulnerability might lead to the...

7.1CVSS5.6AI score0.00467EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2024/07/05 8:3 p.m.47 views

ZITADEL Vulnerable to Session Information Leakage

Impact ZITADEL provides users the ability to list all user sessions of the current user agent browser by API and in the Console UI. Due to a missing check, user sessions without that information e.g. when created though the session service were incorrectly listed exposing potentially other user's...

6.5CVSS6.5AI score0.00609EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/21 6:31 p.m.47 views

PyMySQL SQL Injection vulnerability

PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escapedict...

6.3CVSS8AI score0.00691EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/15 9:47 p.m.47 views

gree/jose - "None" Algorithm treated as valid in tokens

Several widely-used JSON Web Token JWT libraries, including node-jsonwebtoken, pyjwt, namshi/jose, php-jwt, and jsjwt, are affected by critical vulnerabilities that could allow attackers to bypass the verification step when using asymmetric keys RS256, RS384, RS512, ES256, ES384, ES512...

7.3AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/13 7:40 p.m.47 views

Directus allows redacted data extraction on the API through "alias"

Summary A user with permission to view any collection using redacted hashed fields can get access the raw stored version using the alias functionality on the API. Normally, these redacted fields will return however if we change the request to ?aliasworkaround=redacted we can instead retrieve the...

4.9CVSS6.5AI score0.00757EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/22 7:7 p.m.47 views

Arbitrary Code Execution in Gitea

The git hook feature in Gitea 1.1.0 through 1.12.5 allows for authenticated remote code execution...

7.2CVSS7.9AI score0.93691EPSS
Exploits12References14Affected Software1
Github Security Blog
Github Security Blog
added 2024/03/12 8:47 p.m.47 views

Session Token in URL in directus

Impact When reaching the /files page, a JWT is passed via GET request. Inclusion of session tokens in URLs poses a security risk as URLs are often logged in various places e.g., web server logs, browser history. Attackers gaining access to these logs may hijack active user sessions, leading to...

2.3CVSS6.7AI score0.00245EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/02/29 3:33 a.m.47 views

jose4j denial of service via specifically crafted JWE

The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value...

6.5CVSS6.7AI score0.00879EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/02/13 7:49 p.m.47 views

Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET 6.0, ASP.NET 7.0 and, ASP.NET 8.0 . This advisory also provides guidance on what developers can ...

7.5CVSS7.5AI score0.024EPSS
Exploits0References4Affected Software12
Github Security Blog
Github Security Blog
added 2024/02/08 6:45 p.m.47 views

Norman API Cross-site Scripting Vulnerability

Impact A vulnerability has been identified in which unauthenticated cross-site scripting XSS in Norman's public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to trigger JavaScript code and execute commands remotely. The attack vector was identified as a...

8.3CVSS5.9AI score0.00428EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/22 3:30 a.m.47 views

SQL injection in llama-index

LlamaIndex aka llamaindex through 0.9.35 allows SQL injection via the Text-to-SQL feature in NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine, and PGVectorSQLQueryEngine. For example, an attacker might be able to delete this year's student records via "Dro...

9.8CVSS7.8AI score0.00654EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/15 12:30 p.m.47 views

Apache Solr allows read access to host environmet variables

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the default list is designe...

6.5CVSS6.8AI score0.68665EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/05 6:30 a.m.47 views

PyCryptodome and pycryptodomex side-channel leakage for OAEP decryption

PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack...

5.9CVSS7.2AI score0.00618EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2023/12/29 3:30 p.m.47 views

Mattermost Cross-site Scripting vulnerability

Mattermost version 8.1.6 and earlier fails to sanitize channel mention data in posts, which allows an attacker to inject markup in the web client...

6.1CVSS6.7AI score0.00296EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/24 4:54 p.m.47 views

Attribute Injection leading to XSS(Cross-Site-Scripting)

Summary Google Analytics element Attribute Injection leading to XSS Details Since the custom status interface can set an independent Google Analytics ID and the template has not been sanitized, there is an attribute injection vulnerability here, which can lead to XSS attacks. PoC 1. Run the lates...

6.3CVSS6.8AI score0.00497EPSS
Exploits1References4Affected Software1
Total number of security vulnerabilities5000