Lucene search
K
GithubMost viewed

33181 matches found

Github Security Blog
Github Security Blog
added 2020/07/27 9:52 p.m.44 views

Buffer overflow in Pillow

In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c...

7.8CVSS7.5AI score0.01129EPSS
Exploits0References13Affected Software1
Github Security Blog
Github Security Blog
added 2020/07/27 4:57 p.m.44 views

Remote code execution (RCE) in Apache Airflow

An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler depending o...

8.8CVSS9.2AI score0.99118EPSS
Exploits9References10Affected Software1
Github Security Blog
Github Security Blog
added 2020/07/09 6:28 p.m.44 views

Stored XSS in TimelineJS3

Impact TimelineJS renders some user data as HTML. An attacker could implement an XSS exploit with maliciously crafted content in a number of data fields. This risk is present whether the source data for the timeline is stored on Google Sheets or in a JSON configuration file. Most TimelineJS users...

7.2CVSS5AI score0.0106EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/07/01 5:26 p.m.44 views

Directory traversal in Apache RocketMQ

In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like “../../../../topic2020” is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a directory traversa...

5.3CVSS3.7AI score0.02985EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/24 5:40 p.m.44 views

Untrusted users can run pending migrations in production in Rails

There is a vulnerability in versions of Rails prior to 6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production. This vulnerability has been assigned the CVE identifier CVE-2020-8185. Versions Affected: 6.0.0 = 6.0.3.2 Impact ------ Using this issu...

6.5CVSS6.7AI score0.02181EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/10 7:40 p.m.44 views

Phar unserialization vulnerability in phpMussel

Impact What kind of vulnerability is it? Who is impacted? Anyone using = v1.0.0 = v1.6.0 the earliest safe version will resolve the problem. However, as multiple new major versions have been released since that version, upgrading to the latest available version is recommended, in order to protect...

9.8CVSS2.4AI score0.02597EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2020/06/03 9:58 p.m.44 views

Arbitrary File Deletion vulnerability in OctoberCMS

Impact An attacker can exploit this vulnerability to delete arbitrary local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the cms.manageassets permission. Patches Issue has been patched in Build 466 v1.0.466. Workarounds Apply...

6.2CVSS0.8AI score0.01429EPSS
Exploits3References6Affected Software1
Github Security Blog
Github Security Blog
added 2019/11/20 1:34 a.m.44 views

Timing attacks might allow practical recovery of the long-term private key

In elliptic-php versions priot to 1.0.6, Timing attacks might be possible which can result in practical recovery of the long-term private key generated by the library under certain conditions. Leakage of a bit-length of the scalar during scalar multiplication is possible on an elliptic curve whic...

7.4CVSS3.9AI score0.01091EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2019/11/14 3:25 p.m.44 views

JSON-jwt Gem lacked element count during splitting of JWE string

The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string...

7.5CVSS7.3AI score0.01257EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2019/10/21 4:12 p.m.44 views

SQL Injection in knex

knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB...

9.8CVSS4.7AI score0.01159EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2019/07/30 8:47 p.m.44 views

python-engineio vulnerable to Cross-Site Request Forgery (CSRF)

WebSocket cross-origin vulnerability Impact This is a Cross-Site Request Forgery CSRF vulnerability. It affects Socket.IO and Engine.IO web servers that authenticate clients using cookies. Patches python-engineio version 3.9.0 patches this vulnerability by adding server-side Origin header checks...

8.8CVSS2.1AI score0.00828EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2019/06/26 1:9 a.m.44 views

Improper Locking in Apache Tomcat

The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOWUPDATE messages for the connection window stream 0 clients were able to cause server-side threads to...

7.5CVSS3.7AI score0.72988EPSS
Exploits0References33Affected Software1
Github Security Blog
Github Security Blog
added 2019/05/14 4:0 a.m.44 views

Cross-site Scripting in Apache UIMA

This vulnerability relates to the user's browser processing of DUCC webpage input data.The javascript comprising Apache UIMA DUCC = 2.2.2 which runs in the user's browser does not sufficiently filter user supplied inputs, which may result in unintended execution of user supplied javascript code...

6.1CVSS1.4AI score0.04885EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2019/03/25 4:15 p.m.44 views

Doorkeeper-openid_connect contains Open Redirect

Doorkeeper::OpenidConnect aka the OpenID Connect extension for Doorkeeper 1.4.x and 1.5.x before 1.5.4 has an open redirect via the redirecturi field in an OAuth authorization request that results in an error response with the 'openid' scope and a prompt=none value. This allows phishing attacks...

6.1CVSS3.9AI score0.01349EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2019/03/13 5:28 p.m.44 views

Use of Insufficiently Random Values in Railties Allows Remote Code Execution

Possible Remote Code Execution Exploit in Rails Development Mode Impact ------ With some knowledge of a target application it is possible for an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to...

9.8CVSS9.8AI score0.92144EPSS
Exploits13References8Affected Software1
Github Security Blog
Github Security Blog
added 2019/02/18 11:42 p.m.44 views

Downloads Resources over HTTP in serc.js

Affected versions of serc.js insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system...

9.3CVSS6.4AI score0.01682EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2019/02/12 5:26 p.m.44 views

Exposure of Sensitive Information to an Unauthorized Actor in Hadoop

In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5.0 to 2.7.5, HDFS exposes extended attribute key/value pairs during listXAttrs, verifying only path-level search access to the directory rather than path-level read permission to the referent...

7.5CVSS2.4AI score0.03299EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2018/11/21 10:23 p.m.44 views

Py-EVM is vulnerable to arbitrary bytecode injection

Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.executebytecode call that triggers computation.stack.values with '"stack": 100, 100, 0' where b'\x' was expected, resulting in an execution failure because of an invalid opcode. This is reportedly related to "smart contracts can be executed...

8.8CVSS8.3AI score0.02901EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/16 5:35 p.m.44 views

Spring Framework Cross Site Tracing (XST)

Spring Framework versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions allow web applications to change the HTTP request method to any HTTP method including TRACE using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS...

5.9CVSS7.3AI score0.02781EPSS
Exploits0References19Affected Software1
Github Security Blog
Github Security Blog
added 2018/08/13 8:47 p.m.44 views

rest-client Gem Vulnerable to Session Fixation

REST client for Ruby aka rest-client versions 1.6.1.a until 1.8.0 allow remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect...

9.8CVSS8.6AI score0.04345EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2018/07/26 2:53 p.m.44 views

Path Traversal in glance

Versions of glance before 3.0.4 are vulnerable to a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path. Recommendation Update to version 3.0.4 or later...

6.5CVSS4AI score0.01417EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2018/07/23 7:51 p.m.44 views

Cross-site request forgery in Django

Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged AJAX requests that leverage a "combination of browser plugins...

6.8CVSS6.3AI score0.01589EPSS
Exploits0References24Affected Software1
Github Security Blog
Github Security Blog
added 2018/04/26 3:25 p.m.44 views

Prototype Pollution in hoek

Versions of hoek prior to 4.2.1 and 5.0.3 are vulnerable to prototype pollution. The merge function, and the applyToDefaults and applyToDefaultsWithShallow functions which leverage merge behind the scenes, are vulnerable to a prototype pollution attack when provided an unvalidated payload created...

8.8CVSS3AI score0.04307EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2018/03/05 6:35 p.m.44 views

Regular Expression Denial of Service in moment

Affected versions of moment are vulnerable to a low severity regular expression denial of service when parsing dates as strings. Recommendation Update to version 2.19.3 or later...

7.5CVSS6.2AI score0.03673EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2017/11/30 11:15 p.m.44 views

ejs is vulnerable to remote code execution due to weak input validation

nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile function...

10CVSS9.5AI score0.06328EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.44 views

Ruby on Rails vulnerable to code injection

Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOADPATH variable, a different vulnerability than CVE-2006-4112...

7.5CVSS6.9AI score0.02214EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.44 views

activesupport Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods...

4.3CVSS4.3AI score0.02137EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.44 views

will_paginate Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in the willpaginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links...

4.3CVSS4.3AI score0.02209EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.44 views

Directory traversal vulnerability in actionpack

Directory traversal vulnerability in actionpack/lib/actiondispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when servestaticassets is enabled, allows remote attackers to determine the existence o...

5CVSS6.2AI score0.04162EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.44 views

Directory traversal vulnerability in Action View in Ruby on Rails

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing...

7.5CVSS6.4AI score0.95537EPSS
Exploits11References21Affected Software2
Github Security Blog
Github Security Blog
added 2026/06/15 8:7 p.m.43 views

aiohttp: CRLF injection in multipart headers

Summary Attacker-controlled input included into multipart/payload headers can be used to modify a request to inject additional headers or similar. Impact In the unlikely situation that an application is passing user-controlled strings into MultipartWriter.appendheaders=... or Payload.headers, the...

7.5CVSS5.3AI score0.00301EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/01 2:12 p.m.43 views

Vitest browser mode serves unsanitized otelCarrier query parameter as inline script

Summary Vitest browser mode served /vitesttest/ with the otelCarrier query parameter inserted directly into an inline module script. Because this value was treated as JavaScript source rather than data, an attacker could craft a browser-runner URL that executes arbitrary JavaScript in the Vitest...

6.1AI score0.0005EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 3:43 p.m.43 views

New API: Stripe Webhook Signature Bypass via Empty Secret Enables Unlimited Quota Fraud

Summary A critical vulnerability exists in the Stripe webhook handler that allows an unauthenticated attacker to forge webhook events and credit arbitrary quota to their account without making any payment. The vulnerability stems from three compounding flaws: 1. The Stripe webhook endpoint does n...

8.2CVSS5.9AI score0.00259EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/21 2:38 p.m.43 views

python-dotenv: Symlink following in set_key allows arbitrary file overwrite via cross-device rename fallback

Summary setkey and unsetkey in python-dotenv follow symbolic links when rewriting .env files, allowing a local attacker to overwrite arbitrary files via a crafted symlink when a cross-device rename fallback is triggered. Details The rewrite context manager in dotenv/main.py is used by both setkey...

6.6CVSS5.8AI score0.00236EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/02 3:31 p.m.43 views

Keycloak: UMA Policy Resource Injection Allows Unauthorized Cross-User Permission Grants

A flaw was found in Keycloak. An authenticated user with the umaprotection role can bypass User-Managed Access UMA policy validation. This allows the attacker to include resource identifiers owned by other users in a policy creation request, even if the URL path specifies an attacker-owned...

8.1CVSS5.9AI score0.00346EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/01 11:50 p.m.43 views

lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`

Impact Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465 only guards against string key members, so an attacker can bypass the check by passing array-wrapped path segments. This allows deletion of properties fro...

6.5CVSS5.9AI score0.00317EPSS
Exploits0References4Affected Software4
Github Security Blog
Github Security Blog
added 2025/12/09 5:23 p.m.43 views

JDA (Java Discord API) downloads external URLs when updating message components

Impact Anyone using untrusted message components may be affected. On versions =6.0.0,6.1.3 of JDA, the requester will attempt to download external media URLs from components if they are used in an update or send request. If you are used MessagegetComponents or similar to get a list of components...

6.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/05/13 9:34 p.m.43 views

OPKSSH Vulnerable to Authentication Bypass

Impact Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. As OPKSSH depends on the OpenPubkey library for authentication, this vulnerability in OpenPubkey also applies to OPKSSH versions prior to 0.5....

9.8CVSS6.7AI score0.00295EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/03/21 10:4 p.m.43 views

jwt-go allows excessive memory allocation during header parsing

Summary Function parse.ParseUnverified currently splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs...

7.5CVSS7.1AI score0.00693EPSS
Exploits0References6Affected Software3
Github Security Blog
Github Security Blog
added 2024/11/12 9:28 p.m.43 views

Zoraxy has an authenticated command injection in the Web SSH feature

Summary A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Details Zoraxy has a Web SSH terminal feature that allows authenticated users to connect to SSH servers from their browsers. In...

8.6CVSS8.8AI score0.01442EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2024/11/12 7:53 p.m.43 views

Denial of Service attack on windows app using netty

Summary An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attemps to load a file that does not exist. If an attacker creates such a large file, the Netty application crash. Details When the library netty is...

5.5CVSS5.9AI score0.00408EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/10/15 6:5 p.m.43 views

changedetection.io has a Server Side Template Injection using Jinja2 which allows Remote Command Execution

Summary A Server Side Template Injection in changedetection.io caused by usage of unsafe functions of Jinja2 allows Remote Command Execution on the server host. Details changedetection.io version: 0.45.20 docker images REPOSITORY TAG IMAGE ID CREATED SIZE dgtlmoon/changedetection.io latest...

10CVSS9.6AI score0.83722EPSS
Exploits5References6Affected Software1
Github Security Blog
Github Security Blog
added 2024/10/15 3:30 p.m.43 views

Valid ECDSA signatures erroneously rejected in Elliptic

The Elliptic prior to 6.6.0 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because of an truncateToN anomaly. This leads to...

4.8CVSS9.2AI score0.00556EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2024/07/30 3:4 p.m.43 views

pREST vulnerable to jwt bypass + sql injection

Summary Probably jwt bypass + sql injection or what i'm doing wrong? PoC how to reproduce 1. Create following files: docker-compose.yml: services: postgres: image: postgres containername: postgrescontainermre environment: POSTGRESUSER: testuserpg POSTGRESPASSWORD: testpasspg POSTGRESDB: testdb...

8.3AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/12 3:31 p.m.43 views

Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions

It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.htmlsecurity-api-create-cross-cluster-api-key-request-body restricts search for a given index using the query or the fieldsecurity parameter, an...

6.5CVSS7AI score0.00456EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/02 10:30 p.m.43 views

Decompressors can crash the JVM and leak memory content in Aircompressor

Summary All decompressor implementations of Aircompressor LZ4, LZO, Snappy, Zstandard can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java process which could contain sensitive information. Details When decompressing certain data, the...

8.6CVSS6.2AI score0.00504EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/14 10:17 p.m.43 views

Grafana API IDOR

Today we are releasing Grafana 8.3.5 and 7.5.14. This patch release includes MEDIUM severity security fix for Grafana Teams API IDOR. Release v.8.3.5, only containing security fixes: - Download Grafana 8.3.5 - Release notes Release v.7.5.15, only containing security fixes: - Download Grafana 7.5....

4.3CVSS6.2AI score0.01185EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/13 4:4 p.m.43 views

matrix-sdk-crypto contains a log exposure of private key of the server-side key backup

Introduction In Matrix, the server-side key backup stores encrypted copies of Matrix message keys. This facilitates key sharing between a user's devices and provides a redundant copy in case all devices are lost. The key backup uses asymmetric cryptography, with each server-side key backup assign...

5.5CVSS5.4AI score0.00193EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/07 3:30 p.m.43 views

tiagorlampert CHAOS vulnerable to arbitrary code execution

An issue in tiagorlampert CHAOS before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe concatenation of the filename argument into the buildStr string without any sanitization or filtering...

9.8CVSS7.6AI score0.01365EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/02 3:30 p.m.43 views

Jenkins Script Security Plugin sandbox bypass vulnerability

Jenkins Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call ...

8.8CVSS7.8AI score0.01002EPSS
Exploits0References4Affected Software1
Total number of security vulnerabilities5000