33190 matches found
Improper Control of Dynamically-Managed Code Resources in config-shield
scripts/cli.js in the GoDaddy node-config-shield aka Config Shield package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data...
Improper Input Validation in SocksJS-Node
Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20...
Command injection in launchpad
All versions of package launchpad are vulnerable to Command Injection via stop...
Prototype Pollution in iniparserjs
This affects all versions of package iniparserjs. This vulnerability relates when iniparser.js is concentrating arrays. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program...
Server-Side Request Forgery in private-ip
Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. An attacker can perform a large range of requests to ARIN reserved IP ranges, resulting in an indeterminable number of critical attack vectors, allowing remote...
Out-of-bounds write
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1217, CVE-2019-1237, CVE-2019-1298, CVE-2019-1300...
Cross-site scripting (XSS) and Server side request forgery (SSRF) in moodle
Text-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17...
XStream is vulnerable to an Arbitrary Code Execution attack
Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...
Key Caching behavior in the DynamoDB Encryption Client.
Impact This advisory concerns users of MostRecentProvider in the DynamoDB Encryption Client with a key provider like AWS Key Management Service that allows for permissions on keys to be modified. When key usage permissions were changed at the key provider, time-based key reauthorization logic in...
Command Injection Vulnerability in systeminformation
Impact command injection vulnerability Patches Problem was fixed with a shell string sanitation fix. Please upgrade to version = 4.31.1 Workarounds If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.inetLatency For more information If you have any...
Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5
Impact An editor with full access to the Kirby Panel can upload a PHP .phar file and execute it on the server. This vulnerability is critical if you might have potential attackers in your group of authenticated Panel users, as they can gain access to the server with such a Phar file. Visitors...
RCE via PHP Object injection via SOAP Requests
Impact This vulnerability allows an admin user to generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. Patches The latest OpenMage Versions up from 19.4.7 and 20.0.3 have this Issue solved Credits Credit to Luke Rodgers for...
Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0
baserCMS 4.4.0 and earlier is affected by Remote Code Execution RCE. Impact: XSS via Arbitrary script execution. Attack vector is: Administrator must be logged in. Components are: Edit template. Tested baserCMS Version : 4.4.0 Latest Affected baserCMS Version : 4.0.0 4.4.0 Patches :...
Malicious Package in test-module-a
All versions of test-module-a contain malicious code as a preinstall script. The package fetches all names of npm packages owned by the user and attempts to add another maintainer to every package as a means of package hijacking, Recommendation Remove the package from your system. If you own any...
Denial of Service in mongodb
Versions of mongodb prior to 3.1.13 are vulnerable to Denial of Service. The package fails to properly catch an exception when a collection name is invalid and the DB does not exist, crashing the application. Recommendation Upgrade to version 3.1.13 or later...
Malicious Package in oauth-validator
Version 1.0.2 of oauth-validator contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.0.2 of this module is found installed you...
windows-selenium-chromedriver downloads Resources over HTTP
Affected versions of windows-selenium-chromedriver insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...
Directory Traversal in st
Versions of st prior to 0.2.5 are affected by a directory traversal vulnerability. Vulnerable versions fail to properly handle URL encoded dots, which caused %2e to be interpreted as . by the filesystem, resulting the potential for an attacker to read sensitive files on the server. Recommendation...
Validation Bypass in paypal-ipn
Versions 2.x.x and earlier of paypal-ipn are affected by a validation bypass vulnerability. paypal-ipn uses the testipn parameter which is set by the PayPal IPN simulator to determine if it should use the production PayPal site or the sandbox. A motivated attacker could craft a request string usi...
Insecure default config of Celery worker in Apache Airflow
An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attack can connect to the broker Redis, RabbitMQ directly, it was possible to insert a malicious payload directly to the broker which could lead to a deserialization attack and thus remote code...
Remote code execution (RCE) in Apache Airflow
An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler depending o...
Denial of service in Netty
The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted SSLv2Hello message...
Command Injection in Limdu
Impact The trainBatch function has a command injection vulnerability. Clients of the Limdu library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. Patches Patched in version 0.9.5. Workarounds Do not use trainBatch with classifiers that rely o...
Sensitive data written to disk unencrypted in Spark
Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk controlled by spark.maxRemoteBlockSizeFetchToMem; in SparkR, using parallelize; in Pyspark, using...
Vulnerability that affects org.apache.pdfbox:pdfbox
Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XFDF...
Sandbox Bypass Leading to Arbitrary Code Execution in constantinople
Versions of constantinople prior to 3.1.1 are vulnerable to a sandbox bypass which can lead to arbitrary code execution. Recommendation Update to version 3.1.1 or later...
Exposure of Sensitive Information to an Unauthorized Actor and SQL Injection in Spring Data JPA
This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ?startingWith?, ?endingWith? or ?containing? could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE...
Improper Input Validation in tar-fs
A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the...
Django denial-of-service possibility in urlize and urlizetrunc template filters
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions only one regular expression for Django...
rendertron can remotely shut down Chrome instance
Rendertron 1.0.0 includes an ah/stop route to shutdown the Chrome instance responsible for serving render requests to all users. Visiting this route with a GET request allows any unauthorized remote attacker to disable the core service of the application...
Spring Security OAuth vulnerable to remote code execution (RCE)
Spring Security OAuth versions prior to 2.3.3, prior to 2.2.2, prior to 2.1.2, and prior to 2.0.15 contain a remote code execution vulnerability. An attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarde...
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak...
Improper Validation of Certificates in apache axis
The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subjec...
ASP.NET Core fails to properly validate web requests
A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and...
js-bson vulnerable to REDoS
The MongoDB bson JavaScript module also known as js-bson versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service ReDoS in lib/bson/decimal128.js. The flaw is triggered when the Decimal128.fromString function is called to parse a long untrusted string...
Downloads Resources over HTTP in react-native-baidu-voice-synthesizer
Affected versions of react-native-baidu-voice-synthesizer insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in...
Remote Code Execution in markdown-pdf
Versions of markdown-pdf prior to 9.0.0 are vulnerable to Remote Code Execution. The package fails to sanitize HTML code in markdown files. If markdown files with malicious HTML are converted to PDF, the resulting PDF file will execute any JavaScript code in the original markdown file. This may...
Pillow Integer overflow in ImagingResampleHorizontal
Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow...
Cross-Site Request Forgery (CSRF) in keystone
Versions of keystone prior to 4.0.0 are vulnerable to Cross-Site Request Forgery CSRF. The package fails to validate the presence of the X-CSRF-Token header, which may allow attackers to carry actions on behalf of other users on all endpoints. Recommendation Update to version 4.0.0 or later...
cairo is vulnerable to denial of service due to a null pointer dereference
Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FTLoadGlyph and FTRenderGlyph resulting in an application crash...
Active Record vulnerable to SQL Injection via nested query parameters
The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query...
Active Record contains SQL Injection
SQL injection vulnerability in the Active Record component in Ruby on Rails before 2.3.15, 3.0.x before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in...
Laravel Framework: CRLF injection in default email rule
Summary A CRLF injection vulnerability in Laravel's email validation, in combination with how Symfony Mailer and Symfony Mime handle certain character sequences, may allow an unauthenticated attacker to interfere with outbound email processing in applications that send mail to user-supplied...
NocoDB: OAuth Tokens Persist Through Security Events
Summary OAuth access and refresh tokens were not revoked when the user changed, reset, or recovered their password, leaving an attacker-issued OAuth grant valid after the user believed they had locked the attacker out. Details revokeAllOAuthTokensByUser in the users service was an empty stub bein...
XWiki Platform vulnerable to potential arbitrary file writing using path traversal from (subwiki) admin
Impact A potential path traversal vulnerability allow an attacker who manages to get a malicious WebJar extension installed on the wiki to write arbitrary files. While the consequences could be severe like overriding configuration files and setting the superadmin password, the attack first requir...
webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins
Impact When webpack-dev-server is running on a non-HTTPS origin the default, cross-origin requests from malicious websites can load the dev server's JavaScript bundles via tags. The fix introduced in v5.2.1 CVE-2025-30359 relied on Sec-Fetch-Mode and Sec-Fetch-Site request headers to block these...
Apache Tomcat - Digest authenticator will authenticate any unknown user
Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.21 Apache Tomcat 10.1.0-M1 to 10.1.54 Apache Tomcat 9.0.0.M1 to 9.0.117 Older, unsupported versions may also be affected Description: When DIGEST authentication was configured, any user not known to the configured Realm would be authenticated if...
AzuraCast's Missing RequireInternalConnection on Liquidsoap API Allows Low-Privilege Metadata Injection and Broadcast Disruption
Summary The /api/internal/stationid/liquidsoap/action endpoint is accessible from the public web interface because it lacks the RequireInternalConnection middleware that protects other internal endpoints /sftp-auth, /sftp-event. Combined with a logic flaw where the $asAutoDj flag is set based on...
mcp-server-git : Path traversal in git_add allows staging files outside repository boundaries
In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. The tool used GitPython's repo.index.add, which did not enforce working-tree boundary checks for relative paths. As a result,...
GraphQL grant on a property might be cached with different objects
Original message: I found an issue with security grants on on properties in the GraphQL ItemNormalizer: If you use something like ApiPropertysecurity: 'isgranted"PROPERTYREAD", object, property' on a member of an entity, the grant gets cached and is only evaluated once, even if the object in...