Lucene search
K
GithubMost viewed

33187 matches found

Github Security Blog
Github Security Blog
added 2020/06/25 8:2 p.m.45 views

Log Forging in generator-jhipster-kotlin

Impact We log the mail for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to forge log entries. This is vulnerable to https://cwe.mitre.org/data/definitions/117.html This problem affects only application generated with jwt...

5.3CVSS5.2AI score0.01214EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/24 5:40 p.m.45 views

Untrusted users can run pending migrations in production in Rails

There is a vulnerability in versions of Rails prior to 6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production. This vulnerability has been assigned the CVE identifier CVE-2020-8185. Versions Affected: 6.0.0 = 6.0.3.2 Impact ------ Using this issu...

6.5CVSS6.7AI score0.02181EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/23 7:58 p.m.45 views

Timing attack on django-basic-auth-ip-whitelist

Impact Potential timing attack exists on websites where the basic authentication is used or configured, i.e. BASICAUTHLOGIN and BASICAUTHPASSWORD is set. Currently the string comparison between configured credentials and the ones provided by users is performed through a character-by-character...

2.4CVSS0.6AI score0.00355EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/22 2:39 p.m.45 views

Regular expression denial of service in url-regex

all versions of url-regex are vulnerable to Regular Expression Denial of Service. An attacker providing a very long string in String.test can cause a Denial of Service...

7.8CVSS5.5AI score0.02693EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/18 2:44 p.m.45 views

Deserialization of untrusted data in Jackson Databind

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool aka apache/drill...

8.1CVSS3.2AI score0.08607EPSS
Exploits0References16Affected Software1
Github Security Blog
Github Security Blog
added 2020/01/24 9:27 p.m.45 views

Link injection in SimpleSAMLphp

Background Several scripts part of SimpleSAMLphp display a web page with links obtained from the request parameters. This allows us to enhance usability, as the users are presented with links they can follow after completing a certain action, like logging out. Description The following scripts we...

0.2AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2019/10/21 4:12 p.m.45 views

SQL Injection in knex

knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB...

9.8CVSS4.7AI score0.01159EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2019/07/05 9:12 p.m.45 views

Vulnerability that affects org.apache.pdfbox:pdfbox

Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XFDF...

9.8CVSS6.4AI score0.09451EPSS
Exploits0References14Affected Software1
Github Security Blog
Github Security Blog
added 2019/04/12 8:42 p.m.45 views

Apache Airflow vulnerable to Stored XSS

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...

4.8CVSS6AI score0.02767EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2019/01/04 5:50 p.m.45 views

Django denial-of-service possibility in urlize and urlizetrunc template filters

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions only one regular expression for Django...

5.3CVSS5.8AI score0.04772EPSS
Exploits0References15Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/29 7:6 p.m.45 views

Insufficiently Protected Credentials in Requests

The Requests package through 2.19.1 before 2018-09-14 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network...

7.5CVSS3.4AI score0.07443EPSS
Exploits2References13Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/17 8:1 p.m.45 views

Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core

Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...

5.3CVSS1.6AI score0.02857EPSS
Exploits0References14Affected Software2
Github Security Blog
Github Security Blog
added 2018/10/17 4:23 p.m.45 views

Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15

In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak...

5.3CVSS1.1AI score0.027EPSS
Exploits0References10Affected Software3
Github Security Blog
Github Security Blog
added 2018/10/17 3:43 p.m.45 views

Command injection in org.apache.tika:tika-core

From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients...

9.3CVSS7.9AI score0.93972EPSS
Exploits10References7Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/16 8:50 p.m.45 views

Improper Validation of Certificates in apache axis

The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subjec...

5.8CVSS6.4AI score0.05806EPSS
Exploits0References26Affected Software2
Github Security Blog
Github Security Blog
added 2018/08/13 8:47 p.m.45 views

rest-client Gem Vulnerable to Session Fixation

REST client for Ruby aka rest-client versions 1.6.1.a until 1.8.0 allow remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect...

9.8CVSS8.6AI score0.04345EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2018/04/13 4:17 p.m.45 views

Uncontrolled resource consumption in nokogiri

The xzhead function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service memory consumption via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file...

6.5CVSS7AI score0.02706EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2018/03/05 6:35 p.m.45 views

Regular Expression Denial of Service in moment

Affected versions of moment are vulnerable to a low severity regular expression denial of service when parsing dates as strings. Recommendation Update to version 2.19.3 or later...

7.5CVSS6.2AI score0.03673EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2017/11/15 8:41 p.m.45 views

cairo is vulnerable to denial of service due to a null pointer dereference

Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FTLoadGlyph and FTRenderGlyph resulting in an application crash...

5.5CVSS4AI score0.01839EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/26 7:33 p.m.44 views

XWiki Platform vulnerable to potential arbitrary file writing using path traversal from (subwiki) admin

Impact A potential path traversal vulnerability allow an attacker who manages to get a malicious WebJar extension installed on the wiki to write arbitrary files. While the consequences could be severe like overriding configuration files and setting the superadmin password, the attack first requir...

5.9AI score0.00056EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 2:54 p.m.44 views

FlowiseAI has Mass Assignment in Chatflow Update Endpoint that Allows Cross-Workspace AgentFlow Reassignment

Summary A Mass Assignment vulnerability exists in the chatflow update endpoint of FlowiseAI. The endpoint allows clients to modify server-controlled properties such as deployed, isPublic, workspaceId, createdDate, and updatedDate when updating a chatflow object. Due to missing server-side...

8.1CVSS5.7AI score0.00268EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 3:6 p.m.44 views

protobuf.js: Denial of service from crafted field names in generated code

Summary protobufjs generated JavaScript property accessors from schema-controlled field and oneof names. Certain control characters in field names were not escaped before being embedded into generated function bodies. A crafted schema or JSON descriptor could therefore cause generated encode,...

5.3CVSS6.2AI score0.00431EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 3:31 p.m.44 views

Ollama contains a heap out-of-bounds read vulnerability in the GGUF model loader

Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and size exceed the file's actual length; during quantization in fs/ggml/gguf.go and...

9.1CVSS5.8AI score0.01001EPSS
Exploits3References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 8:23 p.m.44 views

xmldom: Uncontrolled recursion in XML serialization leads to DoS

Summary Seven recursive traversals in lib/dom.js operate without a depth limit. A sufficiently deeply nested DOM tree causes a RangeError: Maximum call stack size exceeded, crashing the application. Reported operations: - Node.prototype.normalize — reported by @praveen-kv email 2026-04-05 and...

8.7CVSS6.1AI score0.00643EPSS
Exploits0References14Affected Software2
Github Security Blog
Github Security Blog
added 2026/02/11 9:30 p.m.44 views

DiskCache has unsafe pickle deserialization

DiskCache python-diskcache through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache...

9.8CVSS6.4AI score0.00521EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/01 7:7 p.m.44 views

fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib

Summary The fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The vulnerability affects the main code path of fontTools.varLib, used by the fonttools varLib CLI and...

9.8CVSS8.3AI score0.00496EPSS
Exploits9References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/07/22 9:31 p.m.44 views

Ollama vulnerable to Cross-Domain Token Exposure

Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via a malicious realm value in a WWW-Authenticate header returned by the /api/pull endpoint...

6.9CVSS7.4AI score0.03837EPSS
Exploits2References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/04/30 5:40 p.m.44 views

Vite's server.fs.deny bypassed with /. for files under project root

Summary The contents of files in the project root that are denied by a file matching pattern can be returned to the browser. Impact Only apps explicitly exposing the Vite dev server to the network using --host or server.host config option are affected. Only files that are under project root and a...

6CVSS7.2AI score0.01077EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/04/18 7:35 p.m.44 views

Traefik affected by Go HTTP Request Smuggling Vulnerability

Summary net/http: request smuggling through invalid chunked data: The net/http package accepts data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk...

9.1CVSS6.8AI score0.00724EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.44 views

LiteLLM Has a Leakage of Langfuse API Keys

In berriai/litellm version v1.52.1, an issue in proxyserver.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive information, including langfusesecret and langfusepublickey, which can provide full access to the Langfuse...

7.5CVSS6.7AI score0.00523EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/12/17 3:31 p.m.44 views

Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability

Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from...

9.8CVSS8.9AI score0.43663EPSS
Exploits13References16Affected Software2
Github Security Blog
Github Security Blog
added 2024/11/12 7:53 p.m.44 views

Denial of Service attack on windows app using netty

Summary An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attemps to load a file that does not exist. If an attacker creates such a large file, the Netty application crash. Details When the library netty is...

5.5CVSS5.9AI score0.00408EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/10/02 9:33 p.m.44 views

Pomerium service account access token may grant unintended access to databroker API

Impact We've identified a vulnerability in the Pomerium databroker service API that may grant unintended access under specific conditions. This affects only certain Pomerium Zero and Pomerium Enterprise deployments. Who is affected? A Pomerium deployment is susceptible to this issue if all of the...

6.8CVSS7AI score0.00577EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2024/09/19 2:48 p.m.44 views

HTTP client can manipulate custom HTTP headers that are added by Traefik

Impact There is a vulnerability in Traefik that allows the client to remove the X-Forwarded headers except the header X-Forwarded-For. Patches - https://github.com/traefik/traefik/releases/tag/v2.11.9 - https://github.com/traefik/traefik/releases/tag/v3.1.3 Workarounds No workaround. For more...

9.8CVSS7.4AI score0.01513EPSS
Exploits0References6Affected Software3
Github Security Blog
Github Security Blog
added 2024/09/17 9:30 p.m.44 views

druid-pac4j, Apache Druid extension, has Padding Oracle vulnerability

Padding Oracle vulnerability in Apache Druid extension, druid-pac4j. This could allow an attacker to manipulate a pac4j session cookie. This issue affects Apache Druid versions 0.18.0 through 30.0.0. Since the druid-pac4j extension is optional and disabled by default, Druid installations not usin...

5.3CVSS6.5AI score0.00821EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2024/09/09 6:17 p.m.44 views

pyload-ng vulnerable to RCE with js2py sandbox escape

Summary Any pyload-ng running under python3.11 or below are vulnerable under RCE. Attacker can send a request containing any shell command and the victim server will execute it immediately. Details js2py has a vulnerability of sandbox escape assigned as CVE-2024-28397, which is used by the...

9.8CVSS7AI score0.16513EPSS
Exploits4References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/09/03 7:45 p.m.44 views

Pimcore includes vulnerable PHPOffice/PhpSpreadsheet

Summary Pimcore 10.6.x and Enterprise 10.6.x versions currently depend on PHPOffice/PhpSpreadsheet version 1.x, which has recently been identified with a security vulnerability CVE-2024-45048. To mitigate this issue, it is recommended to update to the latest version 2.2.2. For more details, pleas...

8.8CVSS6.8AI score0.0057EPSS
Exploits1References3Affected Software3
Github Security Blog
Github Security Blog
added 2024/08/09 9:23 p.m.44 views

OpenFGA Authorization Bypass

Overview OpenFGA v1.5.7 and v1.5.8 are vulnerable to authorization bypass when calling Check API with a model that uses but not and from expressions and a userset. Fix - If you are using OpenFGA within Docker or as a Go library, as a binary, or through Docker, upgrade to v1.5.9 as soon as possibl...

9.8CVSS7.5AI score0.00527EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/07/31 9:2 p.m.44 views

ZITADEL "ignoring unknown usernames" vulnerability

Impact ZITADEL administrators can enable a setting called "Ignoring unknown usernames" which helps mitigate attacks that try to guess/enumerate usernames. If enabled, ZITADEL will show the password prompt even if the user doesn't exist and report "Username or Password invalid". Due to a...

5.3CVSS6.8AI score0.00633EPSS
Exploits0References16Affected Software1
Github Security Blog
Github Security Blog
added 2024/07/19 9:32 a.m.44 views

Apache CXF: SSRF vulnerability via WADL stylesheet parameter

A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured...

9.1CVSS6.7AI score0.01029EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/17 9:20 p.m.44 views

DeepJavaLibrary API absolute path traversal

Summary DeepJavaLibraryDJL versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed in DJL 0.28.0 and patched in DJL Large Model Inference containers 0.27.0. Impacted versions: 0.1...

10CVSS6.7AI score0.00655EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/12 3:31 p.m.44 views

Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions

It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.htmlsecurity-api-create-cross-cluster-api-key-request-body restricts search for a given index using the query or the fieldsecurity parameter, an...

6.5CVSS7AI score0.00456EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/06 9:41 p.m.44 views

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado

Summary When Tornado receives a request with two Transfer-Encoding: chunked headers, it ignores them both. This enables request smuggling when Tornado is deployed behind a proxy server that emits such requests. Pound does this. PoC 0. Install Tornado. 1. Start a simple Tornado server that echoes...

7AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/20 5:49 p.m.44 views

Pusher Service Channel Authentication Bypass

The service offered by Pusher provides "private" channels with an authentication mechanism that restricts subscription access. The decision on allowing subscriptions to private channels is delegated to customers, who implement an authentication endpoint. End-users request a token from this endpoi...

7.2AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/15 10:3 p.m.44 views

Read private customer data reclaiming carts in Klaviyo Magento

A researcher identified an endpoint in a thirth party module Klaviyo Magento 2 which allows to read private customer data from stores. It works by reclaiming any guest-cart as your own and reading the private data for the orders in the Magento API...

6.9AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/18 9:30 a.m.44 views

Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used

Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows an authenticated user to see sensitive provider configuration via the "configuration" UI page when "non-sensitive-only" was set as "webserver.exposeconfig" configuration The celery provider is the only community provider...

5.3CVSS6.7AI score0.01049EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/11 9:32 p.m.44 views

Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode

Impact A specially crafted argument to the idna.encode function could consume significant resources. This may lead to a denial-of-service. Patches The function has been refined to reject such strings without the associated resource consumption in version 3.7. Workarounds Domain names cannot excee...

7.5CVSS6.5AI score0.01386EPSS
Exploits1References11Affected Software1
Github Security Blog
Github Security Blog
added 2024/03/21 9:31 a.m.44 views

Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()

This Out-of-bounds Write vulnerability in Apache Commons Configuration affects Apache Commons Configuration: from 2.0 before 2.10.1. User can see this as a 'StackOverflowError' when adding a property in 'AbstractListDelimiterHandler.flattenIterator'. Users are recommended to upgrade to version...

7.3CVSS5.6AI score0.02054EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2024/03/12 8:50 p.m.44 views

URL Redirection to Untrusted Site in OAuth2/OpenID in directus

Summary The authentication API has a redirect parameter that can be exploited as an open redirect vulnerability as the user tries to log in via the API URL https://docs.directus.io/reference/authentication.htmllogin-using-sso-providers /auth/login/google?redirect for example. Details There's a...

5.4CVSS7.3AI score0.00583EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/02/06 3:32 p.m.44 views

Allegro AI ClearML vulnerable to deserialization of untrusted data

Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.02452EPSS
Exploits9References3Affected Software1
Total number of security vulnerabilities5000