Lucene search
K
GithubMost viewed

33123 matches found

Github Security Blog
Github Security Blog
added 2023/01/29 6:30 a.m.168 views

JSZip contains Path Traversal via loadAsync

loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive...

7.3CVSS7AI score0.01411EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 2:45 p.m.168 views

ASP.NET Core Information Disclosure Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0, .NET Core 3.1 and .NET Core 2.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. An information disclosure vulnerabilit...

5.5CVSS6.1AI score0.01121EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/24 5:0 p.m.168 views

containerd-shim API Exposed to Host Network Containers

Impact Access controls for the shim’s API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID...

5.2CVSS5.7AI score0.03236EPSS
Exploits4References9Affected Software1
Github Security Blog
Github Security Blog
added 2020/11/25 4:53 p.m.168 views

Memory leak in Nanopb

Impact Decoding specifically formed message can leak memory if dynamic allocation is enabled and an oneof field contains a static submessage that contains a dynamic field, and the message being decoded contains the submessage multiple times. This is rare in normal messages, but it is a concern wh...

7.5CVSS0.3AI score0.0261EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/09 9:30 p.m.167 views

HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability

HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10...

7.5CVSS7AI score0.00719EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/09 12:46 a.m.167 views

Server-side request forgery (SSRF) in Apache Batik

Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests...

7.5CVSS2.7AI score0.1074EPSS
Exploits0References16Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/14 7:10 p.m.167 views

Incorrect Regular Expression in RestSharp

RestSharp 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service ReDoS when converting strings into DateTimes. If a server responds with a malicious string, the client using RestSharp will be stuck processing it for an exceedingly long time. Thus...

7.5CVSS2.2AI score0.01508EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/05 7:48 p.m.167 views

Denial of Service in Action Dispatch

Impact ------ There is a possible Denial of Service vulnerability in Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine. Releases -------- The fixed releases are available at the norm...

7.5CVSS7.4AI score0.02791EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2020/05/11 8:0 p.m.167 views

XSS in TinyMCE

Impact A cross-site scripting XSS vulnerability was discovered in: the core parser and media plugin. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor via the clipboard or APIs. This impacts all users who are using TinyMCE...

6.1CVSS1.5AI score0.01917EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/06 5:54 p.m.166 views

Gogs Vulnerable to 2FA Bypass via Recovery Code

Contact OpenAI Security Research at [email protected] to engage on this report. See PDF report for easier reading. Security Advisory: 2FA Bypass via Recovery Code Vulnerability Type: 2FA Authentication Bypass Affected Software: GOGS Severity: High Date: Aug 5, 2025 Discoverer: OpenAI...

8.8CVSS5.8AI score0.00424EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/01 9:44 p.m.166 views

Remote CLI Command Execution Vulnerability in CodeIgniter4

Impact This vulnerability allows attackers to execute CLI routes via HTTP request. Patches Upgrade to v4.1.9 or later. Workarounds None. For more information If you have any questions or comments about this advisory: Open an issue in codeigniter4/CodeIgniter4 Email us at SECURITY.md...

9.8CVSS5.8AI score0.01154EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/21 2:22 p.m.166 views

Invalid validation in `SparseMatrixSparseCholesky`

Impact An attacker can trigger a null pointer dereference by providing an invalid permutation to tf.rawops.SparseMatrixSparseCholesky: python import tensorflow as tf import numpy as np from tensorflow.python.ops.linalg.sparse import sparsecsrmatrixops indicesarray = np.array0, 0 valuearray =...

7.8CVSS1AI score0.00232EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
added 2021/04/30 5:34 p.m.166 views

Authentication bypass in Apache Airflow

The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been changed to deny all requests by default and is documented at...

9.8CVSS9.3AI score0.99799EPSS
Exploits8References12Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/14 9:42 p.m.166 views

Prototype Pollution in node-forge

The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: version 0.10.0 is a breaking change removing the vulnerable functions...

9.8CVSS5.1AI score0.03162EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/18 5:42 p.m.166 views

jackson-databind vulnerable to remote code execution due to incorrect deserialization and blocklist bypass

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper,...

9.8CVSS4AI score0.49727EPSS
Exploits1References34Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/10 10:22 p.m.165 views

io.netty:netty-codec-http2 vulnerable to HTTP/2 Rapid Reset Attack

A client might overload the server by issue frequent RST frames. This can cause a massive amount of load on the remote system and so cause a DDOS attack. Impact This is a DDOS attack, any http2 server is affected and so you should update as soon as possible. Patches This is patched in version...

7.5CVSS6.8AI score0.99999EPSS
Exploits19References6Affected Software1
Github Security Blog
Github Security Blog
added 2018/07/24 8:4 p.m.165 views

Chromium Remote Code Execution in electron

Affected versions of ElectronJS are susceptible to a remote code execution vulnerability that occurs when an affected application access remote content, even if the sandbox option is enabled. Recommendation Update to electron version 1.7.8 or later...

9.8CVSS5.4AI score0.02716EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/02 11:25 p.m.164 views

Keycloak vulnerable to user impersonation via stolen UUID code

Keycloak's OpenID Connect user authentication was found to incorrectly authenticate requests. An authenticated attacker who could also obtain a certain piece of info from a user request, from a victim within the same realm, could use that data to impersonate the victim and generate new session...

5CVSS5.2AI score0.01274EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/04 9:36 p.m.164 views

Improper Input Validation in Hibernate Validator

A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation escaping, stripping controls that developers may have put in place...

5.3CVSS3AI score0.02294EPSS
Exploits0References8Affected Software2
Github Security Blog
Github Security Blog
added 2020/05/15 6:58 p.m.164 views

jackson-databind mishandles the interaction between serialization gadgets and typing

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean aka spring-aop...

8.1CVSS3.5AI score0.03607EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
added 2019/12/06 6:55 p.m.164 views

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria

Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. Impact 1. Cross-User Defacement 2. Cache...

1.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2019/04/23 4:6 p.m.164 views

Cross-site Scripting in Eclipse Jetty

In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents...

6.1CVSS3.3AI score0.09591EPSS
Exploits0References17Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/03 7:6 p.m.163 views

Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization

Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution node-tar aims to prevent extraction of absolute file paths by turning absolute paths into relative paths when the preservePaths flag is not set to true. This is achieved by stripping the absolute path root from any...

8.2CVSS1.3AI score0.15014EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/02 5:38 p.m.163 views

Unrestricted Upload of File with Dangerous Type in Umbraco CMS

Umbraco CMS 8.5.3 allows an authenticated file upload and consequently Remote Code Execution via the Install Package functionality...

6.5CVSS6.7AI score0.02109EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/02/02 3:47 p.m.163 views

Unexpected database bindings

This is a follow-up to the previous security advisory GHSA-3p32-j457-pg5x which addresses a few additional edge cases. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to its expected type before being passed to the quer...

1AI score
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2021/01/20 9:27 p.m.163 views

Prototype Pollution in immer

Overview Affected versions of immer are vulnerable to Prototype Pollution. Proof of exploit js const applyPatches, enablePatches = require"immer"; enablePatches; let obj = ; console.log"Before : " + obj.polluted; applyPatches, op: 'add', path: "proto", "polluted" , value: "yes" ; // applyPatches,...

7.5CVSS8.4AI score0.02293EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2020/08/28 9:25 p.m.163 views

Cross-Site Scripting in dompurify

Versions of dompurify prior to 2.0.3 are vulnerable to Cross-Site Scripting XSS. The package has an XSS filter bypass due to Mutation XSS in both Chrome and Safari through a combination of / elements and /. An example payload is: ". This allows attackers to bypass the XSS protection and execute...

6.1CVSS4.7AI score0.0167EPSS
Exploits2References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/03/20 6:49 p.m.162 views

go-redis allows potential out of order responses when `CLIENT SETINFO` times out during connection establishment

Impact The issue only occurs when the CLIENT SETINFO command times out during connection establishment. The following circumstances can cause such a timeout: 1. The client is configured to transmit its identity. This can be disabled via the DisableIndentity flag. 2. There are network connectivity...

3.7CVSS7.2AI score0.00694EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/15 9:52 p.m.163 views

Laravel RCE vulnerability in "cookie" session driver

Application's using the "cookie" session driver were the primary applications affected by this vulnerability. Since we have not yet released a security release for the Laravel 5.5 version of the framework, we recommend that all applications running Laravel 5.5 and earlier do not use the "cookie"...

8.1AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/14 10:24 p.m.162 views

Java: DoS Vulnerability in JSON-JAVA

Summary A denial of service vulnerability in JSON-Java was discovered by ClusterFuzz. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. There are two issues: 1 the parser bug can be used to circumvent a check that is supposed to...

7.5CVSS6.9AI score0.01449EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/17 8:52 p.m.162 views

Nokogiri updates packaged dependency on libxml2 from 2.9.10 to 2.9.12

Summary Nokogiri v1.11.4 updates the vendored libxml2 from v2.9.10 to v2.9.12 which addresses: - CVE-2019-20388 Medium severity - CVE-2020-24977 Medium severity - CVE-2021-3517 Medium severity - CVE-2021-3518 Medium severity - CVE-2021-3537 Low severity - CVE-2021-3541 Low severity Note that two...

8.8CVSS8.3AI score0.0828EPSS
Exploits2References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/16 5:14 p.m.161 views

sharp vulnerability in libwebp dependency CVE-2023-4863

Overview sharp uses libwebp to decode WebP images and versions prior to the latest 0.32.6 are vulnerable to the high severity https://github.com/advisories/GHSA-j7hp-h8jx-5ppr. Who does this affect? Almost anyone processing untrusted input with versions of sharp prior to 0.32.6. How to resolve...

8.8CVSS7.1AI score0.99735EPSS
Exploits9References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/19 3:19 p.m.161 views

Buildah processes using chroot isolation may leak environment values to intermediate processes

Impact When running processes using "chroot" isolation, the process being run can examine the environment variables of its immediate parent and grandparent processes CVE-2021-3602. This isolation type is often used when running buildah in unprivileged containers, and it is often used to do so in...

5.5CVSS5.8AI score0.00327EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/19 9:29 p.m.161 views

Django Channels leakage of session identifiers using legacy AsgiHandler

Django Channels 3.x before 3.0.3 allows remote attackers to obtain sensitive information from a different request scope. The legacy channels.http.AsgiHandler class, used for handling HTTP type requests in an ASGI environment prior to Django 3.0, did not correctly separate request scopes in Channe...

7.4CVSS6.8AI score0.02658EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/05/08 9:0 p.m.161 views

Potential Code Injection in Sprout Forms

Impact A potential Server-Side Template Injection vulnerability exists in Sprout Forms which could lead to the execution of Twig code. Patches The problem is fixed inbarrelstrength/sprout-forms:v3.9.0 which upgrades to barrelstrength/sprout-base-email:v1.2.7 Workarounds Users unable to upgrade...

7.4CVSS1.1AI score0.01029EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2023/02/08 10:17 p.m.160 views

Vulnerable OpenSSL included in cryptography wheels

pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 0.8.1-39.0.0 are vulnerable to a security issue. More details about the vulnerabilities themselves can be found in https://www.openssl.org/news/secadv/20221213.txt and...

7.4CVSS8AI score0.59501EPSS
Exploits0References13Affected Software2
Github Security Blog
Github Security Blog
added 2021/04/30 5:35 p.m.159 views

Timing attacks in python-rsa

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA...

7.5CVSS6AI score0.01631EPSS
Exploits1References17Affected Software1
Github Security Blog
Github Security Blog
added 2020/01/08 3:10 a.m.159 views

PrestaShop gamification module ZIP archives were vulnerable from CVE-2017-9841

Impact We have identified that some gamification module ZIP archives have been built with phpunit dev dependencies. PHPUnit contains a php script that would allow, on a webserver, an attacker to perform a RCE. This vulnerability impacts - phpunit before 4.8.28 and 5.x before 5.6.3 as reported in...

9.8CVSS0.6AI score0.99999EPSS
Exploits19References4Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.159 views

Cross-site Scripting in jquery-ui

Cross-site scripting XSS vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option...

6.1CVSS4.2AI score0.18351EPSS
Exploits1References27Affected Software4
Github Security Blog
Github Security Blog
added 2024/10/18 6:30 a.m.158 views

Spring Framework DataBinder Case Sensitive Match Exception

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could potentially result in fields not protected as expected...

5.3CVSS6.6AI score0.00631EPSS
Exploits1References6Affected Software2
Github Security Blog
Github Security Blog
added 2024/09/09 8:19 p.m.158 views

path-to-regexp outputs backtracking regular expressions

Impact A bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period .. For example, /:a-:b. Patches For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0. These versions add backtrack protection...

7.5CVSS7.3AI score0.00932EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2024/02/05 9:30 p.m.158 views

Python Cryptography package vulnerable to Bleichenbacher timing oracle attack

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...

7.5CVSS6.7AI score0.01118EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/24 4:57 p.m.158 views

Token reuse in Ory fosite

Impact When using client authentication method "privatekeyjwt" 1https://openid.net/specs/openid-connect-core-10.htmlClientAuthentication, OpenId specification says the following about assertion jti: A unique identifier for the token, which can be used to prevent reuse of the token. These tokens...

8.1CVSS7.9AI score0.00867EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2024/08/12 3:30 p.m.157 views

Server-Side Request Forgery in axios

axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs...

7.5CVSS6.9AI score0.01414EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/26 12:30 a.m.157 views

python-jose denial of service via compressed JWE content

python-jose through 3.3.0 allows attackers to cause a denial of service resource consumption during a decode via a crafted JSON Web Encryption JWE token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319...

5.3CVSS7.4AI score0.00783EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/05/22 7:49 p.m.157 views

Remote Code Execution Vulnerability in Validation Placeholders in CodeIgniter4

Impact This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they use the Validation library internally...

9.8CVSS9.5AI score0.01116EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/21 2:20 p.m.157 views

Type confusion during tensor casts lead to dereferencing null pointers

Impact Calling TF operations with tensors of non-numeric types when the operations expect numeric tensors result in null pointer dereferences. There are multiple ways to reproduce this, listing a few examples here: python import tensorflow as tf import numpy as np data =...

7.8CVSS1.2AI score0.00203EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
added 2020/02/12 6:44 p.m.157 views

Deserialization of untrusted data in Symfony

In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. This is related to...

7.1CVSS2.3AI score0.02302EPSS
Exploits0References30Affected Software5
Github Security Blog
Github Security Blog
added 2019/12/04 9:25 p.m.157 views

Validation bypass is possible in Json Pattern Validator

In jpv aka Json Pattern Validator before 2.1.1, compareCommon can be bypassed because certain internal attributes can be overwritten via a conflicting name, as demonstrated by 'constructor': 'name':'Array'. This affects validate. Hence, a crafted payload can overwrite this builtin attribute to...

5.3CVSS2.6AI score0.00974EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/01 2:7 p.m.156 views

DOMPurify XSS via selectedcontent re-clone

Summary DOMPurify 3.4.4 allows selectedcontent by default, allowing a chain in which browsers "re-clone" an XSS payload after sanitization, effectively bypassing DOMPurify. Details The chain is as follows: 1. The browser parses the input and creates a clone from the selected 2. DOMPurify walks an...

5.8AI score0.00035EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities5000