Lucene search
K
GithubMost viewed

33123 matches found

Github Security Blog
Github Security Blog
added 2022/04/27 9:9 p.m.156 views

Exposure of SSH credentials in Rancher/Fleet

Impact This vulnerability only affects customers using Fleet for continuous delivery with authenticated Git and/or Helm repositories. A security vulnerability CVE-2022-29810 was discovered in go-getter library in versions prior to v1.5.11 that exposes SSH private keys in base64 format due to a...

5.5CVSS0.2AI score0.00403EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/16 5:1 p.m.156 views

Dom4j contains a XML Injection vulnerability

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or...

7.5CVSS5.1AI score0.0657EPSS
Exploits1References32Affected Software2
Github Security Blog
Github Security Blog
added 2025/03/05 6:15 p.m.155 views

OpenTelemetry .NET has Denial of Service (DoS) Vulnerability in API Package

Impact What kind of vulnerability is it? Who is impacted? A vulnerability in OpenTelemetry.Api package 1.10.0 to 1.11.1 could cause a Denial of Service DoS when a tracestate and traceparent header is received. Even if an application does not explicitly use trace context propagation, receiving the...

7.5CVSS6.9AI score0.00468EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/22 3:30 a.m.155 views

Next.js missing cache-control header may lead to CDN caching empty reply

Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN. Cloudflare considers these requests cacheable assets...

7.5CVSS6.7AI score0.01284EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/08/21 5:3 p.m.155 views

Remote Code Execution in Red Discord Bot

Impact A RCE exploit has been discovered in the Streams module: this exploit allows Discord users with specifically crafted "going live" messages to inject code into the Streams module's going live message. By abusing this exploit, it's possible to perform destructive actions and/or access...

8.5CVSS2.2AI score0.02037EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/05/22 7:23 p.m.155 views

Private key leak in Apache CXF

Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore JKS/PKCS12 by specifing the...

7.5CVSS0.8AI score0.0606EPSS
Exploits0References12Affected Software2
Github Security Blog
Github Security Blog
added 2020/05/15 6:59 p.m.155 views

Polymorphic deserialization of malicious object in jackson-databind

A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when...

9.8CVSS2.6AI score0.03958EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2025/03/11 8:30 p.m.154 views

Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups

Impact When using Babel to compile regular expression named capturing groups, Babel will generate a polyfill for the .replace method that has quadratic complexity on some specific replacement pattern strings i.e. the second argument passed to .replace. Your generated code is vulnerable if all the...

6.2CVSS6.2AI score0.00478EPSS
Exploits0References5Affected Software4
Github Security Blog
Github Security Blog
added 2023/08/25 9:30 p.m.154 views

Apache Tomcat Open Redirect vulnerability

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. Older, EOL versions may als...

6.1CVSS7.7AI score0.05972EPSS
Exploits0References11Affected Software3
Github Security Blog
Github Security Blog
added 2022/02/15 1:57 a.m.154 views

Gitea Remote Code Execution

models/repomirror.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 mishandles mirror repo URL settings, leading to remote code execution...

8.8CVSS8.9AI score0.55578EPSS
Exploits3References8Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/04 5:55 p.m.154 views

Cross-Site Scripting in markdown-it-katex

All versions of markdown-it-katex are vulnerable to Cross-Site Scripting XSS. The package fails to properly escape error messages, which may allow attackers to execute arbitrary JavaScript in a victim's browser by triggering an error. Recommendation No fix is currently available. Consider using a...

5.3AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2020/07/01 5:55 p.m.154 views

XML external entity injection in Terracotta Quartz Scheduler

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description...

9.8CVSS5.3AI score0.162EPSS
Exploits0References30Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/14 9:31 p.m.153 views

cryptography mishandles SSH certificates

The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options...

7.5CVSS7AI score0.00613EPSS
Exploits1References12Affected Software1
Github Security Blog
Github Security Blog
added 2022/10/16 12:0 p.m.153 views

Withdrawn Advisory: ReDoS in py library when used with subversion

Withdrawn Advisory This advisory has been withdrawn because evidence does not suggest that CVE-2022-42969 is a valid, reproducible vulnerability. This link is maintained to preserve external references. Original Description The py library through 1.11.0 for Python allows remote attackers to condu...

7.5CVSS5.8AI score0.01546EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/13 3:22 p.m.153 views

Timing based private key exposure in Bouncy Castle

Bouncy Castle BC Java before 1.66, BC C .NET before 1.8.7, BC-FJA before 1.0.2.1, BC before 1.66, BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of...

5.9CVSS1.5AI score0.01522EPSS
Exploits0References6Affected Software9
Github Security Blog
Github Security Blog
added 2021/06/28 5:18 p.m.153 views

Cross-site scripting

Two kinds of XSS were found: 1. As mentioned in https://github.com/mongo-express/mongo-express/issues/577 when the content of a cell grows larger than supported size, clicking on a row will show full document unescaped, however this needs admin interaction on cell. 2. Data cells identified as med...

8.1CVSS6.2AI score0.0157EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/11/27 8:13 p.m.153 views

Use after free in CefSharp

CVE-2020-16017: Use after free in site isolation - https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop11.html - https://vulners.com/cve/CVE-2020-16017 Google is aware of reports that exploits for CVE-2020-16013 and CVE-2020-16017 exist in the wild. There is currently...

9.6CVSS9.4AI score0.02747EPSS
Exploits0References5Affected Software4
Github Security Blog
Github Security Blog
added 2025/06/02 12:30 p.m.152 views

Grafana's datasource proxy API allows authorization checks to be bypassed

This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...

6.8CVSS6.5AI score0.12241EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/26 12:30 a.m.152 views

python-jose algorithm confusion with OpenSSH ECDSA keys

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...

6.5CVSS7.1AI score0.00307EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/09 10:51 p.m.152 views

Gradio vulnerable to arbitrary file read and proxying of arbitrary URLs

Impact There are two separate security vulnerabilities here: 1 a security vulnerability that allows users to read arbitrary files on the machines that are running shared Gradio apps 2 the ability of users to use machines that are sharing Gradio apps to proxy arbitrary URLs Patches Both problems...

9.1CVSS6.7AI score0.00651EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/02 5:13 p.m.153 views

Vulnerable OpenSSL included in cryptography wheels

pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 0.5-40.0.2 are vulnerable to a security issue. More details about the vulnerability itself can be found in https://www.openssl.org/news/secadv/20230530.txt. If you are building...

6.6AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/29 10:27 p.m.152 views

PrestaShop eval injection possible if shop vulnerable to SQL injection

Impact Eval injection possible if the shop is vulnerable to an SQL injection. Patches The problem is fixed in version 1.7.8.7 Workarounds Delete the MySQL Smarty cache feature by removing these lines in the file config/smarty.config.inc.php lines 43-46 PrestaShop 1.7 or 40-43 PrestaShop 1.6: php ...

9.8CVSS9.4AI score0.0517EPSS
Exploits2References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/29 9:24 p.m.152 views

CRLF vulnerability in Fiber

Impact The filename that is given in c.Attachment is not escaped, and therefore vulnerable for a CRLF injection attack. I.e. an attacker could upload a custom filename and then give the link to the victim. With this filename, the attacker can change the name of the downloaded file, redirect to...

5.8CVSS0.3AI score0.00861EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/14 3:3 p.m.152 views

Improper parsing of octal bytes in netmask

Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on netmask to filter IPs...

9.1CVSS3.7AI score0.16356EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2021/01/29 7:47 p.m.153 views

XML External Entity attack in log4net

Apache log4net before 2.0.10 does not disable XML external entities when parsing log4net configuration files. This could allow for XXE-based attacks in applications that accept arbitrary configuration files from users...

9.8CVSS4.7AI score0.49839EPSS
Exploits0References22Affected Software1
Github Security Blog
Github Security Blog
added 2020/01/14 8:19 p.m.152 views

Persistent XSS vulnerability in filename of attached file in PrivateBin

On 24th of December 2019 one of the property based unit tests reported a failure. Upon investigation, @elrido discovered that the failure was due to unescaped HTML, which allowed the user provided attachment file name to inject HTML under certain conditions leading to a persistent Cross-site...

6.1CVSS5.2AI score0.00658EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2019/12/20 11:4 p.m.152 views

HTTP Request Smuggling: Invalid Transfer-Encoding in Waitress

Impact Waitress would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall through and use the Content-Length header instead. According to the HTTP standard Transfer-Encoding should be a comma separated list, with the inner-most...

7.5CVSS0.02545EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/19 12:1 a.m.151 views

Deserialization of Untrusted Data in Apache Log4j

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. Users are advised to migrate from log4j:log4j to org.apache.logging.log4j:log4j for an updated version of the...

9.8CVSS4.9AI score0.52458EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2021/06/28 4:38 p.m.151 views

XXE vulnerability on Launch import with externally-defined DTD file

Impact Starting from version 3.1.0 we introduced a new feature of JUnit XML launch import. Unfortunately XML parser was not configured properly to prevent XML external entity XXE attacks. This allows a user to import a specifically-crafted XML file which imports external Document Type Definition...

7.5CVSS1AI score0.02199EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/13 3:42 p.m.151 views

Improper Certificate Validation in Puppet

Previously, Puppet operated on the model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the default node, the catalog can be retrieved for...

6.5CVSS6.5AI score0.00823EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/29 8:23 p.m.151 views

Unauthenticated remote code execution in Ignition

Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of filegetcontents and fileputcontents. This is exploitable on sites using debug mode with Laravel before 8.4.2...

9.8CVSS6.8AI score0.99943EPSS
Exploits36References9Affected Software1
Github Security Blog
Github Security Blog
added 2020/07/07 12:1 a.m.151 views

Context isolation bypass via contextBridge in Electron

Impact Apps using both contextIsolation and contextBridge are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Workarounds There are no app-side workaround...

9.9CVSS4.6AI score0.01003EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 4:17 p.m.150 views

LiteLLM has SQL Injection in Proxy API key verification

Impact A database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An unauthenticated attacker could send a specially crafted Authorization header to any LLM API route for example POST /chat/completions a...

9.8CVSS6AI score0.86607EPSS
Exploits7References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/09/17 7:28 p.m.150 views

Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS

Summary We discovered a DOM Clobbering vulnerability in Vite when building scripts to cjs/iife/umd output format. The DOM Clobbering gadget in the module can lead to cross-site scripting XSS in web pages where scriptless attacker-controlled HTML elements e.g., an img tag with an unsanitized name...

6.4CVSS6AI score0.00636EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/05 3:30 a.m.150 views

Bouncy Castle For Java LDAP injection vulnerability

Bouncy Castle provides the X509LDAPCertStoreSpi.java class which can be used in conjunction with the CertPath API for validating certificate paths. Pre-1.73 the implementation did not check the X.500 name of any certificate, subject, or issuer being passed in for LDAP wild cards, meaning the...

5.3CVSS6.2AI score0.00772EPSS
Exploits0References10Affected Software12
Github Security Blog
Github Security Blog
added 2023/01/03 1:36 p.m.150 views

httparty has multipart/form-data request tampering vulnerability

Impact I found "multipart/form-data request tampering vulnerability" caused by Content-Disposition "filename" lack of escaping in httparty. httparty/lib/httparty/request body.rb def generatemultipart...

5.3CVSS5AI score0.0129EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/16 5:4 p.m.150 views

elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE

Impact We recently fixed several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with the minimal configuration. Patches The issues were addressed in our last release,...

9.8CVSS1.4AI score0.69934EPSS
Exploits5References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/10 6:47 p.m.150 views

Prototype pollution in chart.js

This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options or the defaults options are deeply merged with provided options. However, during this operation, the keys of the object being...

9.8CVSS8.4AI score0.04678EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/05/08 7:5 p.m.150 views

Incorrect Provision of Specified Functionality in qutebrowser

Description After a certificate error was overridden by the user, qutebrowser displays the URL as yellow colors.statusbar.url.warn.fg. However, when the affected website was subsequently loaded again, the URL was mistakenly displayed as green colors.statusbar.url.successhttps. While the user...

4.3CVSS0.5AI score0.01282EPSS
Exploits0References18Affected Software1
Github Security Blog
Github Security Blog
added 2020/03/04 8:52 p.m.150 views

Deserialization of Untrusted Data in jackson-databind

FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter...

9.8CVSS9AI score0.26587EPSS
Exploits5References49Affected Software1
Github Security Blog
Github Security Blog
added 2020/01/16 9:56 p.m.150 views

SQL injection in phpMyAdmin

An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature...

9.8CVSS2.3AI score0.02579EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2023/08/08 8:46 p.m.149 views

Privilege escalation via ApiTokensEndpoint

Impact An attacker with access to a token with few or no scopes can query /api/0/api-tokens/ for a list of all tokens created by a user, including tokens with greater scopes, and use those tokens in other requests. There is no evidence that the issue was exploited on https://sentry.io. For...

8.1CVSS6.8AI score0.00849EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/02/15 3:37 p.m.149 views

Incorrect parsing of nameless cookies leads to __Host- cookies bypass

Browsers may allow "nameless" cookies that look like =value instead of key=value. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like =Host-test=bad for another subdomain. Werkzeug = 2.2.2 will parse the cookie =Host-test=bad as...

3.5CVSS6AI score0.00507EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/22 3:31 a.m.149 views

jsonwebtoken has insecure input validation in jwt.verify function

Overview For versions =8.5.1 of jsonwebtoken library, if a malicious actor has the ability to modify the key retrieval parameter referring to the secretOrPublicKey argument from the readme link of the jwt.verify function, they can gain remote code execution RCE. Am I affected? This security issue...

2.8AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/21 11:37 p.m.149 views

Improper Privilege Management in shelljs

shelljs is vulnerable to Improper Privilege Management...

7.1CVSS3.3AI score0.00427EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/07 9:48 p.m.149 views

XSS vulnerability with translator

Flarum's translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. This change was made after v0.1.0-beta.16 our last beta before v1.0.0 and was not noticed or documented. This allowed for any user to type malicious HTML markup within certain user input field...

10CVSS0.39738EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/02/28 4:54 p.m.149 views

OS Command Injection in Rake

There is an OS command injection vulnerability in Ruby Rake before 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |...

6.9CVSS2.5AI score0.01359EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2020/05/15 6:59 p.m.148 views

jackson-databind mishandles the interaction between serialization gadgets and typing

FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig aka anteros-core...

9.8CVSS8.9AI score0.18345EPSS
Exploits0References20Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/19 9:58 p.m.147 views

Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem

Summary Vite dev server option server.fs.deny can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to https://nvd.nist.gov/vuln/detail/CVE-2023-34092 -- with surface area reduced to host...

7.5CVSS7AI score0.00791EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 1:9 a.m.147 views

jQuery vulnerable to Cross-Site Scripting (XSS)

Cross-site scripting XSS vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag...

4.3CVSS4AI score0.19191EPSS
Exploits1References12Affected Software3
Total number of security vulnerabilities5000