Lucene search
K
GithubMost viewed

33187 matches found

Github Security Blog
Github Security Blog
•added 2024/07/10 6:33 a.m.•45 views

@discordjs/opus vulnerable to Denial of Service

All versions of the package @discordjs/opus are vulnerable to Denial of Service DoS due to providing an input object with a property toString to several different functions. Exploiting this vulnerability could lead to a process crash...

7.5CVSS7.5AI score0.00597EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2024/06/03 6:30 a.m.•45 views

Silverpeas authentication bypass

Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access...

9.8CVSS6.8AI score0.00943EPSS
Exploits2References6Affected Software1
Github Security Blog
Github Security Blog
•added 2024/05/20 5:49 p.m.•45 views

Pusher Service Channel Authentication Bypass

The service offered by Pusher provides "private" channels with an authentication mechanism that restricts subscription access. The decision on allowing subscriptions to private channels is delegated to customers, who implement an authentication endpoint. End-users request a token from this endpoi...

7.2AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2024/05/14 10:22 p.m.•45 views

Grafana account takeover via OAuth vulnerability

Today we are releasing Grafana 8.3.10, 8.4.10, 8.5.9 and 9.0.3. This patch release includes a HIGH severity security fix for an Oauth takeover vulnerability in Grafana. Release v.9.0.3, containing this security fix and other patches: - Download Grafana 9.0.3 - Release notes Release v.8.5.9,...

7.5CVSS8AI score0.02039EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2024/05/14 10:11 p.m.•45 views

Grafana directory traversal for .cvs files

Today we are releasing Grafana 8.3.2 and 7.5.12. This patch release includes a moderate severity security fix for directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerability i...

4.3CVSS6.4AI score0.57991EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
•added 2024/04/04 3:30 p.m.•45 views

quarkus-core leaks local environment variables from Quarkus namespace during application's build

A vulnerability was found in the quarkus-core component. Quarkus captures the local environment variables from the Quarkus namespace during the application's build. Thus, running the resulting application inherits the values captured at build time. However, some local environment variables may ha...

7CVSS6.9AI score0.00286EPSS
Exploits0References16Affected Software1
Github Security Blog
Github Security Blog
•added 2024/03/29 7:5 p.m.•45 views

Kimai API returns timesheet entries a user should not be authorized to view

Summary The permission viewothertimesheet performs differently for the Kimai UI and the API, thus returning unexpected data through the API. Details When setting the viewothertimesheet permission to true, on the frontend, users can only see timesheet entries for teams they are a part of. When...

6.8CVSS6.3AI score0.00644EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2024/03/25 7:41 p.m.•45 views

WP Crontrol vulnerable to possible RCE when combined with a pre-condition

Impact WP Crontrol includes a feature that allows administrative users to create events in the WP-Cron system that store and execute PHP code subject to the restrictive security permissions documented here. While there is no known vulnerability in this feature on its own, there exists potential f...

8.1CVSS7.5AI score0.00165EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2024/03/20 3:22 p.m.•45 views

Jupyter Server Proxy's Websocket Proxying does not require authentication

Summary jupyter-server-proxy is used to expose ports local to a Jupyter server listening to web traffic to the Jupyter server's authenticated users by proxying web requests and websockets. Dependent packages partial list also use jupyter-server-proxy to expose other popular interactive applicatio...

9.8CVSS7.9AI score0.01021EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2024/03/06 8:11 p.m.•45 views

Go SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentials

Impact What kind of vulnerability is it? Who is impacted? Using cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper causes the go-sdk to leak credentials to arbitrary endpoints. The relevant code is here also inline, emphasis added: if p.Client == n...

7.5CVSS7AI score0.00661EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2024/02/07 6:23 p.m.•45 views

Graylog vulnerable to instantiation of arbitrary classes triggered by API request

Summary Arbitrary classes can be loaded and instantiated using a HTTP PUT request to the /api/system/clusterconfig/ endpoint. Details Graylog's cluster config system uses fully qualified class names as config keys. To validate the existence of the requested class before using them, Graylog loads...

8.8CVSS7.6AI score0.34498EPSS
Exploits2References6Affected Software1
Github Security Blog
Github Security Blog
•added 2024/01/16 3:24 p.m.•45 views

Default swagger-ui configuration exposes all files in the module

Impact The default configuration of @fastify/swagger-ui without baseDir set will lead to all files in the module's directory being exposed via http routes served by the module. Patches Update to v2.1.0 Workarounds Use the baseDir option References HackerOne report...

5.3CVSS7AI score0.02001EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2024/01/11 4:30 p.m.•45 views

Authenticated (user role) remote command execution by modifying `nginx` settings (GHSL-2023-269)

Summary The Home Preference page exposes a small list of nginx settings such as Nginx Access Log Path and Nginx Error Log Path. However, the API also exposes testconfigcmd, reloadcmd and restartcmd. While the UI doesn't allow users to modify any of these settings, it is possible to do so by sendi...

8.8CVSS7.1AI score0.01537EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
•added 2024/01/03 12:30 p.m.•45 views

Apache InLong Manager Arbitrary File Read Vulnerability

Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.9.0, the attackers can make a arbitrary file read attack using mysql driver. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick 1 to solve it. 1 ...

7.5CVSS7.4AI score0.01012EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2023/11/20 11:25 p.m.•46 views

Possible user mocking that bypasses basic authentication

Impact next-auth applications prior to version 4.24.5 that rely on the default Middleware authorization are affected. A bad actor could create an empty/mock user, by getting hold of a NextAuth.js-issued JWT from an interrupted OAuth sign-in flow state, PKCE or nonce. Manually overriding the...

5.3CVSS6.5AI score0.007EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2023/11/17 10:48 p.m.•45 views

json-web-token library is vulnerable to a JWT algorithm confusion attack

Summary The json-web-token library is vulnerable to a JWT algorithm confusion attack. Details On line 86 of the 'index.js' file, the algorithm to use for verifying the signature of the JWT token is taken from the JWT token, which at that point is still unverified and thus shouldn't be trusted. To...

7.5CVSS7.2AI score0.00304EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2023/11/16 6:30 p.m.•45 views

H2O local file inclusion vulnerability

A Local File Inclusion LFI vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require user interaction. Th...

9.3CVSS9.2AI score0.0434EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2023/11/09 10:3 p.m.•45 views

Sentry Next.js vulnerable to SSRF via Next.js SDK tunnel endpoint

Impact An unsanitized input of Next.js SDK tunnel endpoint allows sending HTTP requests to arbitrary URLs and reflecting the response back to the user. This could open door for other attack vectors: client-side vulnerabilities: XSS/CSRF in the context of the trusted domain; interaction with...

9.3CVSS7AI score0.00631EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2023/11/09 9:30 p.m.•45 views

Moodle Code Injection vulnerability

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution...

9.8CVSS7.8AI score0.0137EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2023/10/25 9:13 p.m.•45 views

XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled

Impact When document names are validated according to a name strategy disabled by default, XWiki is vulnerable to a reflected XSS attack in the page creation form. To reproduce, make sure that "Validate names before saving" is enabled in the administration under "Editing" - "Name strategies" and...

9.6CVSS9.3AI score0.05124EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2023/10/18 6:27 p.m.•45 views

Synchrony deobfuscator prototype pollution vulnerability leading to arbitrary code execution

Impact A proto pollution vulnerability exists in synchrony versions before v2.4.4. Successful exploitation could lead to arbitrary code execution. Summary A proto pollution vulnerability exists in the LiteralMap transformer allowing crafted input to modify properties in the Object prototype. When...

8.1CVSS7.9AI score0.00415EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2023/09/29 6:30 p.m.•45 views

Apache Avro Java SDK vulnerable to Improper Input Validation

When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro...

7.5CVSS7.5AI score0.01772EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
•added 2023/08/09 1:4 p.m.•45 views

.NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2023-38178: .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0. This advisory also provides guidance on what developers can do to update their applications to...

7.5CVSS6.7AI score0.02563EPSS
Exploits0References4Affected Software8
Github Security Blog
Github Security Blog
•added 2023/07/31 10:3 p.m.•45 views

Sydent does not verify email server certificates

Impact If configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle MITM attack. Attackers with privileged access to the network can intercept room invitations and address confirmation...

9.3CVSS6.9AI score0.00229EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
•added 2023/07/19 3:30 a.m.•46 views

MLflow Path Traversal vulnerability

Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0...

10CVSS7AI score0.70736EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2023/06/29 3:30 p.m.•45 views

URI gem has ReDoS vulnerability

A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396parser.rb and rfc3986parser.rb. NOTE: this issue exists becuse of a...

5.3CVSS6.9AI score0.01698EPSS
Exploits0References17Affected Software1
Github Security Blog
Github Security Blog
•added 2023/06/22 9:30 p.m.•45 views

Moodle vulnerable to Cross-site Scripting

Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14...

6.1CVSS6.2AI score0.00677EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
•added 2023/06/16 7:36 p.m.•45 views

Grav Server-side Template Injection (SSTI) via Twig Default Filters

Hi, actually we have sent the bug report to [email protected] on 27th March 2023 and on 10th April 2023. Grav Server-side Template Injection SSTI via Insufficient Validation in filterFilter Summary: | Product | Grav CMS | | ----------------------- | --------------------------------------------...

8.8CVSS8.3AI score0.02074EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
•added 2023/06/16 7:35 p.m.•45 views

Grav Server Side Template Injection (SSTI) vulnerability

Summary I found an RCERemote Code Execution by SSTI in the admin screen. Details Remote Code Execution is possible by embedding malicious PHP code on the administrator screen by a user with page editing privileges. PoC 1. Log in to the administrator screen and access the edit screen of the defaul...

9.9CVSS7.6AI score0.02338EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
•added 2023/06/09 10:53 p.m.•45 views

Snowflake Python Connector vulnerable to Command Injection

Issue Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake Python connector via SSO browser URL authentication. Impacted driver package: snowflake-connector-python Impacted version range: before Version 3.0.2 Attack Scenario In order to exploit t...

8.8CVSS7.4AI score0.01841EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2023/06/02 5:9 p.m.•45 views

DataEase API interface has IDOR vulnerability

Impact The api interface for DataEase delete dashboard and delete system messages is vulnerable to IDOR. The interface to delete the dashboard: 1. Create two users: user1 and user2 2. User1 creates a dashboard named pan1 3. User2 creates a dashboard named pan2 4. Both user1 and user2 share their...

8.1CVSS6.8AI score0.01014EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2023/05/10 7:20 p.m.•45 views

PostgresNIO processes unencrypted bytes from man-in-the-middle

Impact Any user of PostgresNIO connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and encryption. The remaining text in this section is quoted verbatim fr...

8.1CVSS6.9AI score0.01901EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
•added 2023/04/20 9:58 p.m.•45 views

XWiki App Within Minutes app grants space admin rights that allows cross-site scripting

Impact Any user who can create a space can become admin of that space through App Within Minutes. The admin right implies the script right and thus allows JavaScript injection. The vulnerability can be exploited by creating an app in App Within Minutes. If the button should be disabled because th...

7.7CVSS6.4AI score0.00567EPSS
Exploits1References5Affected Software2
Github Security Blog
Github Security Blog
•added 2023/04/20 9:18 p.m.•45 views

Bypass of CSRF protection in the presence of predictable userInfo

Description The CSRF protection enforced by the @fastify/csrf-protection library in combination with @fastify/cookie can be bypassed from network and same-site attackers under certain conditions. @fastify/csrf-protection supports an optional userInfo parameter that binds the CSRF token to the use...

6.5CVSS6.3AI score0.00331EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2023/04/13 5:53 p.m.•45 views

SpiceDB binding metrics port to untrusted networks and can leak command-line flags

Background The spicedb serve command contains a flag named --grpc-preshared-key which is used to protect the gRPC API from being accessed by unauthorized requests. The values of this flag are to be considered sensitive, secret data. The /debug/pprof/cmdline endpoint served by the metrics service...

8.7CVSS7.5AI score0.00762EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2023/03/23 9:30 p.m.•45 views

NotrinosERP vulnerable to SQL Injection

NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customerdelivery.php...

8.8CVSS9.3AI score0.03088EPSS
Exploits4References7Affected Software1
Github Security Blog
Github Security Blog
•added 2023/01/26 11:54 p.m.•45 views

Devise Gem for Ruby Unauthorized Access Using "Remember Me" Cookie

Devise version before 3.5.4 uses cookies to implement a "Remember me" functionality. However, it generates the same cookie for all devices. If an attacker manages to steal a remember me cookie and the user does not change the password frequently, the cookie can be used to gain access to the...

7.5CVSS6.7AI score0.00618EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2023/01/25 7:39 p.m.•45 views

Controller reconciles apps outside configured namespaces when sharding is enabled

Impact All Argo CD versions starting with 2.5.0-rc1 are vulnerable to an authorization bypass bug which allows a malicious Argo CD user to deploy Applications outside the configured allowed namespaces. Description of exploit Reconciled Application namespaces are specified as a comma-delimited lis...

8.5CVSS8.1AI score0.0078EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2023/01/24 8:47 p.m.•45 views

Issue with whitespace in JWT roles in OpenSearch

Advisory title: Issue with whitespace in JWT roles Affected versions: OpenSearch 1.0.0-1.3.7 and 2.0.0-2.4.1 Patched versions: OpenSearch 1.3.8 and 2.5.0 Impact: OpenSearch uses JWTs to store role claims obtained from the Identity Provider IdP when the authentication backend is SAML or OpenID...

8.8CVSS8.3AI score0.00796EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2023/01/18 6:23 p.m.•45 views

ReDoS based DoS vulnerability in Active Support's underscore

There is a possible regular expression based DoS vulnerability in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-22796. Versions Affected: All Not affected: None Fixed Versions: 5.2.8.15 Rails LTS, which is a paid service and not part of the rubygem, 6.1.7.1,...

7.5CVSS7.5AI score0.01712EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
•added 2023/01/09 9:55 p.m.•45 views

ruby-git has potential remote code execution vulnerability

The git gem, between versions 1.2.0 and 1.12.0, incorrectly parsed the output of the git ls-files command using eval to unescape quoted file names. If a file name was added to the git repository contained special characters, such as \n, then the git ls-files command would print the file name in...

8CVSS8.1AI score0.01351EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2023/01/06 5:15 p.m.•45 views

XWiki CKEditor.HTMLConverter vulnerable to Remote Code Execution via Cross-Site Request Forgery

Impact The CKEditor.HTMLConverter document lacked a protection against Cross-Site Request Forgery CSRF, allowing to execute macros with the rights of the current user. If a privileged user with programming rights was tricked into executing a GET request to this document with certain parameters...

9CVSS9.1AI score0.18734EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2022/12/28 12:30 a.m.•45 views

yaml package for Go can consume excessive amounts of CPU or memory

Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory...

7.5CVSS7.6AI score0.017EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
•added 2022/12/08 4:11 p.m.•45 views

Traefik routes exposed with an empty TLSOption

Impact There is a potential vulnerability in Traefik managing the TLS connections. A router configured with a not well-formatted TLSOption is exposed with an empty TLSOption. For instance, a route secured using an mTLS connection set with a wrong CA file is exposed without verifying the client...

8.1CVSS6.2AI score0.00488EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2022/12/08 3:52 p.m.•45 views

Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List

Impact Applications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library throws an ArrayIndexOutOfBoundsException. Applications that do not use this feature are not affected. Patches Upgrade to 7.9.0 Workarounds Catch and discard any exceptions from...

7.5CVSS2.2AI score0.00738EPSS
Exploits0References4Affected Software12
Github Security Blog
Github Security Blog
•added 2022/12/06 9:13 p.m.•45 views

DSInternals Credential Roaming Elevation of Privilege Vulnerability

Impact A vulnerability exists in the DSInternals.Common.Data.RoamedCredential.Save method, which incorrectly parses the msPKIAccountCredentials LDAP attribute values. As a consequence, a malicious actor would be able to modify the file system of the computer where an application using this functi...

7.3CVSS1.5AI score0.0147EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2022/11/02 6:10 p.m.•45 views

Unchecked Return Value to NULL Pointer Dereference in PDFDocumentHandler.cpp

Impact The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service DoS when supplied with a maliciously crafted PDF file to be appended to another. Patches It has been patched in 2.6.0 for muhammara and not at all for hummus Workarounds Do not process...

7.5CVSS6.2AI score0.00645EPSS
Exploits1References7Affected Software2
Github Security Blog
Github Security Blog
•added 2022/11/01 12:0 p.m.•45 views

muhammara and hummus vulnerable to denial of service by NULL pointer dereference

Impact The package muhammara before 2.6.1, from 3.0.0 and before 3.1.1; all versions of package hummus are vulnerable to Denial of Service DoS when supplied with a maliciously crafted PDF file to be parsed. Patches It has been patched in 3.1.1 and has been backported to 2.6.1 Hummus has a patch i...

7.5CVSS2.5AI score0.01022EPSS
Exploits0References10Affected Software2
Github Security Blog
Github Security Blog
•added 2022/10/26 7:0 p.m.•45 views

Apache IoTDB subject to ReDOS with Java 8

Apache IoTDB versions 0.12.2 through 0.12.6, and 0.13.0 through 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. This issue is patched in 0.13.3. Users should upgrade or use a later version of Java to avoid it...

7.5CVSS7.1AI score0.01341EPSS
Exploits0References4Affected Software4
Github Security Blog
Github Security Blog
•added 2022/10/13 12:0 p.m.•45 views

Powerline Gitstatus vulnerable to arbitrary code execution

powerline-gitstatus aka Powerline Gitstatus before 1.3.2 allows arbitrary code execution. git repositories can contain per-repository configuration that changes the behavior of git, including running arbitrary commands. When using powerline-gitstatus, changing to a directory automatically runs gi...

7.8CVSS7.8AI score0.0042EPSS
Exploits1References6Affected Software1
Total number of security vulnerabilities5000