Lucene search
K
GithubMost viewed

33190 matches found

Github Security Blog
Github Security Blog
added 2021/04/13 3:30 p.m.46 views

Improper Control of Dynamically-Managed Code Resources in config-shield

scripts/cli.js in the GoDaddy node-config-shield aka Config Shield package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data...

5.3CVSS5.5AI score0.01207EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/13 3:27 p.m.46 views

Improper Input Validation in SocksJS-Node

Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20...

5.3CVSS5.9AI score0.04978EPSS
Exploits3References9Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/13 3:20 p.m.46 views

Command injection in launchpad

All versions of package launchpad are vulnerable to Command Injection via stop...

9.8CVSS5.7AI score0.05247EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/13 3:20 p.m.46 views

Prototype Pollution in iniparserjs

This affects all versions of package iniparserjs. This vulnerability relates when iniparser.js is concentrating arrays. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program...

6.8CVSS4AI score0.00982EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/13 3:18 p.m.46 views

Server-Side Request Forgery in private-ip

Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. An attacker can perform a large range of requests to ARIN reserved IP ranges, resulting in an indeterminable number of critical attack vectors, allowing remote...

9.8CVSS9.4AI score0.02949EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/29 8:56 p.m.46 views

Out-of-bounds write

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1217, CVE-2019-1237, CVE-2019-1298, CVE-2019-1300...

7.6CVSS2.6AI score0.08673EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/29 8:42 p.m.47 views

Cross-site scripting (XSS) and Server side request forgery (SSRF) in moodle

Text-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17...

5.4CVSS2.8AI score0.01277EPSS
Exploits2References9Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/22 11:28 p.m.46 views

XStream is vulnerable to an Arbitrary Code Execution attack

Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...

9.8CVSS1.5AI score0.7598EPSS
Exploits1References17Affected Software1
Github Security Blog
Github Security Blog
added 2021/02/08 5:43 p.m.46 views

Key Caching behavior in the DynamoDB Encryption Client.

Impact This advisory concerns users of MostRecentProvider in the DynamoDB Encryption Client with a key provider like AWS Key Management Service that allows for permissions on keys to be modified. When key usage permissions were changed at the key provider, time-based key reauthorization logic in...

2.3AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/12/16 7:25 p.m.46 views

Command Injection Vulnerability in systeminformation

Impact command injection vulnerability Patches Problem was fixed with a shell string sanitation fix. Please upgrade to version = 4.31.1 Workarounds If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.inetLatency For more information If you have any...

8.8CVSS8.6AI score0.02712EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/12/08 2:42 p.m.46 views

Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5

Impact An editor with full access to the Kirby Panel can upload a PHP .phar file and execute it on the server. This vulnerability is critical if you might have potential attackers in your group of authenticated Panel users, as they can gain access to the server with such a Phar file. Visitors...

9.1CVSS1.7AI score0.0147EPSS
Exploits0References8Affected Software2
Github Security Blog
Github Security Blog
added 2020/10/30 5:6 p.m.46 views

RCE via PHP Object injection via SOAP Requests

Impact This vulnerability allows an admin user to generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. Patches The latest OpenMage Versions up from 19.4.7 and 20.0.3 have this Issue solved Credits Credit to Luke Rodgers for...

8CVSS4.1AI score0.01249EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/10/30 5:5 p.m.46 views

Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0

baserCMS 4.4.0 and earlier is affected by Remote Code Execution RCE. Impact: XSS via Arbitrary script execution. Attack vector is: Administrator must be logged in. Components are: Edit template. Tested baserCMS Version : 4.4.0 Latest Affected baserCMS Version : 4.0.0 4.4.0 Patches :...

7.2CVSS2.9AI score0.02215EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/11 9:16 p.m.46 views

Malicious Package in test-module-a

All versions of test-module-a contain malicious code as a preinstall script. The package fetches all names of npm packages owned by the user and attempts to add another maintainer to every package as a means of package hijacking, Recommendation Remove the package from your system. If you own any...

1AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/03 9:12 p.m.46 views

Denial of Service in mongodb

Versions of mongodb prior to 3.1.13 are vulnerable to Denial of Service. The package fails to properly catch an exception when a collection name is invalid and the DB does not exist, crashing the application. Recommendation Upgrade to version 3.1.13 or later...

3.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/01 8:29 p.m.46 views

Malicious Package in oauth-validator

Version 1.0.2 of oauth-validator contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.0.2 of this module is found installed you...

6.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/01 4:11 p.m.46 views

windows-selenium-chromedriver downloads Resources over HTTP

Affected versions of windows-selenium-chromedriver insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...

9.3CVSS8.1AI score0.01752EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2020/08/31 10:58 p.m.46 views

Directory Traversal in st

Versions of st prior to 0.2.5 are affected by a directory traversal vulnerability. Vulnerable versions fail to properly handle URL encoded dots, which caused %2e to be interpreted as . by the filesystem, resulting the potential for an attacker to read sensitive files on the server. Recommendation...

7.5CVSS7.1AI score0.34012EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2020/08/31 10:54 p.m.46 views

Validation Bypass in paypal-ipn

Versions 2.x.x and earlier of paypal-ipn are affected by a validation bypass vulnerability. paypal-ipn uses the testipn parameter which is set by the PayPal IPN simulator to determine if it should use the production PayPal site or the sandbox. A motivated attacker could craft a request string usi...

5.9CVSS5.7AI score0.01169EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/07/27 4:57 p.m.46 views

Insecure default config of Celery worker in Apache Airflow

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attack can connect to the broker Redis, RabbitMQ directly, it was possible to insert a malicious payload directly to the broker which could lead to a deserialization attack and thus remote code...

9.8CVSS6.7AI score0.07225EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/07/27 4:57 p.m.46 views

Remote code execution (RCE) in Apache Airflow

An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler depending o...

8.8CVSS9.2AI score0.99118EPSS
Exploits9References10Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/30 9:1 p.m.46 views

Denial of service in Netty

The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted SSLv2Hello message...

5CVSS8.4AI score0.04222EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/22 3:24 p.m.46 views

Command Injection in Limdu

Impact The trainBatch function has a command injection vulnerability. Clients of the Limdu library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. Patches Patched in version 0.9.5. Workarounds Do not use trainBatch with classifiers that rely o...

9CVSS7.3AI score0.01628EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2019/08/08 3:18 p.m.46 views

Sensitive data written to disk unencrypted in Spark

Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk controlled by spark.maxRemoteBlockSizeFetchToMem; in SparkR, using parallelize; in Pyspark, using...

7.5CVSS1.4AI score0.01291EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2019/07/05 9:12 p.m.46 views

Vulnerability that affects org.apache.pdfbox:pdfbox

Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XFDF...

9.8CVSS6.4AI score0.09451EPSS
Exploits0References14Affected Software1
Github Security Blog
Github Security Blog
added 2019/06/14 4:15 p.m.46 views

Sandbox Bypass Leading to Arbitrary Code Execution in constantinople

Versions of constantinople prior to 3.1.1 are vulnerable to a sandbox bypass which can lead to arbitrary code execution. Recommendation Update to version 3.1.1 or later...

6AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2019/05/14 4:2 a.m.46 views

Exposure of Sensitive Information to an Unauthorized Actor and SQL Injection in Spring Data JPA

This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ?startingWith?, ?endingWith? or ?containing? could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE...

5.3CVSS2.6AI score0.01087EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2019/05/01 6:37 p.m.46 views

Improper Input Validation in tar-fs

A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the...

7.5CVSS1.5AI score0.02106EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2019/01/04 5:50 p.m.46 views

Django denial-of-service possibility in urlize and urlizetrunc template filters

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions only one regular expression for Django...

5.3CVSS5.8AI score0.04772EPSS
Exploits0References15Affected Software1
Github Security Blog
Github Security Blog
added 2019/01/04 5:41 p.m.46 views

rendertron can remotely shut down Chrome instance

Rendertron 1.0.0 includes an ah/stop route to shutdown the Chrome instance responsible for serving render requests to all users. Visiting this route with a GET request allows any unauthorized remote attacker to disable the core service of the application...

7.5CVSS7.2AI score0.01151EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/18 6:5 p.m.46 views

Spring Security OAuth vulnerable to remote code execution (RCE)

Spring Security OAuth versions prior to 2.3.3, prior to 2.2.2, prior to 2.1.2, and prior to 2.0.15 contain a remote code execution vulnerability. An attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarde...

9.8CVSS9.6AI score0.08352EPSS
Exploits2References6Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/17 4:23 p.m.46 views

Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15

In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak...

5.3CVSS1.1AI score0.027EPSS
Exploits0References10Affected Software3
Github Security Blog
Github Security Blog
added 2018/10/16 8:50 p.m.46 views

Improper Validation of Certificates in apache axis

The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subjec...

5.8CVSS6.4AI score0.05806EPSS
Exploits0References26Affected Software2
Github Security Blog
Github Security Blog
added 2018/10/16 7:58 p.m.46 views

ASP.NET Core fails to properly validate web requests

A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and...

7.5CVSS5.1AI score0.16911EPSS
Exploits1References5Affected Software19
Github Security Blog
Github Security Blog
added 2018/09/17 8:44 p.m.46 views

js-bson vulnerable to REDoS

The MongoDB bson JavaScript module also known as js-bson versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service ReDoS in lib/bson/decimal128.js. The flaw is triggered when the Decimal128.fromString function is called to parse a long untrusted string...

7.5CVSS7.1AI score0.01941EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2018/07/31 10:47 p.m.46 views

Downloads Resources over HTTP in react-native-baidu-voice-synthesizer

Affected versions of react-native-baidu-voice-synthesizer insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in...

9.3CVSS6.4AI score0.01752EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2018/07/27 5:3 p.m.46 views

Remote Code Execution in markdown-pdf

Versions of markdown-pdf prior to 9.0.0 are vulnerable to Remote Code Execution. The package fails to sanitize HTML code in markdown files. If markdown files with malicious HTML are converted to PDF, the resulting PDF file will execute any JavaScript code in the original markdown file. This may...

5.5CVSS3.8AI score0.00501EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2018/07/24 8:15 p.m.46 views

Pillow Integer overflow in ImagingResampleHorizontal

Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow...

10CVSS9.4AI score0.07871EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2017/11/30 11:14 p.m.46 views

Cross-Site Request Forgery (CSRF) in keystone

Versions of keystone prior to 4.0.0 are vulnerable to Cross-Site Request Forgery CSRF. The package fails to validate the presence of the X-CSRF-Token header, which may allow attackers to carry actions on behalf of other users on all endpoints. Recommendation Update to version 4.0.0 or later...

8.8CVSS5.1AI score0.02213EPSS
Exploits2References9Affected Software1
Github Security Blog
Github Security Blog
added 2017/11/15 8:41 p.m.46 views

cairo is vulnerable to denial of service due to a null pointer dereference

Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FTLoadGlyph and FTRenderGlyph resulting in an application crash...

5.5CVSS4AI score0.01839EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.46 views

Active Record vulnerable to SQL Injection via nested query parameters

The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query...

5CVSS5.7AI score0.04174EPSS
Exploits2References7Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.46 views

Active Record contains SQL Injection

SQL injection vulnerability in the Active Record component in Ruby on Rails before 2.3.15, 3.0.x before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in...

7.5CVSS7.7AI score0.04458EPSS
Exploits2References10Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 1:53 p.m.45 views

Laravel Framework: CRLF injection in default email rule

Summary A CRLF injection vulnerability in Laravel's email validation, in combination with how Symfony Mailer and Symfony Mime handle certain character sequences, may allow an unauthenticated attacker to interfere with outbound email processing in applications that send mail to user-supplied...

5.3AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/05 4:43 p.m.45 views

NocoDB: OAuth Tokens Persist Through Security Events

Summary OAuth access and refresh tokens were not revoked when the user changed, reset, or recovered their password, leaving an attacker-issued OAuth grant valid after the user believed they had locked the attacker out. Details revokeAllOAuthTokensByUser in the users service was an empty stub bein...

6.3CVSS5.5AI score0.00295EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/26 7:33 p.m.45 views

XWiki Platform vulnerable to potential arbitrary file writing using path traversal from (subwiki) admin

Impact A potential path traversal vulnerability allow an attacker who manages to get a malicious WebJar extension installed on the wiki to write arbitrary files. While the consequences could be severe like overriding configuration files and setting the superadmin password, the attack first requir...

5.9AI score0.00056EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 1:31 p.m.45 views

webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins

Impact When webpack-dev-server is running on a non-HTTPS origin the default, cross-origin requests from malicious websites can load the dev server's JavaScript bundles via tags. The fix introduced in v5.2.1 CVE-2025-30359 relied on Sec-Fetch-Mode and Sec-Fetch-Site request headers to block these...

6.5CVSS6.5AI score0.00427EPSS
Exploits2References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.45 views

Apache Tomcat - Digest authenticator will authenticate any unknown user

Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.21 Apache Tomcat 10.1.0-M1 to 10.1.54 Apache Tomcat 9.0.0.M1 to 9.0.117 Older, unsupported versions may also be affected Description: When DIGEST authentication was configured, any user not known to the configured Realm would be authenticated if...

9.8CVSS5.8AI score0.01233EPSS
Exploits1References10Affected Software3
Github Security Blog
Github Security Blog
added 2026/05/04 9:18 p.m.45 views

AzuraCast's Missing RequireInternalConnection on Liquidsoap API Allows Low-Privilege Metadata Injection and Broadcast Disruption

Summary The /api/internal/stationid/liquidsoap/action endpoint is accessible from the public web interface because it lacks the RequireInternalConnection middleware that protects other internal endpoints /sftp-auth, /sftp-event. Combined with a logic flaw where the $asAutoDj flag is set based on...

6AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/26 3:16 p.m.45 views

mcp-server-git : Path traversal in git_add allows staging files outside repository boundaries

In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. The tool used GitPython's repo.index.add, which did not enforce working-tree boundary checks for relative paths. As a result,...

6.5CVSS5.4AI score0.00287EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/04/04 2:19 p.m.45 views

GraphQL grant on a property might be cached with different objects

Original message: I found an issue with security grants on on properties in the GraphQL ItemNormalizer: If you use something like ApiPropertysecurity: 'isgranted"PROPERTYREAD", object, property' on a member of an entity, the grant gets cached and is only evaluated once, even if the object in...

7.5CVSS7.1AI score0.00441EPSS
Exploits0References8Affected Software2
Total number of security vulnerabilities5000