Lucene search
K
GithubMost viewed

33181 matches found

Github Security Blog
Github Security Blog
•added 2024/04/16 12:30 a.m.•43 views

mlflow vulnerable to Path Traversal

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the artifactlocation parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component in the artifact location URI to read arbitrary files on the...

7.5CVSS7.3AI score0.00712EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2024/04/11 9:32 p.m.•43 views

Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode

Impact A specially crafted argument to the idna.encode function could consume significant resources. This may lead to a denial-of-service. Patches The function has been refined to reject such strings without the associated resource consumption in version 3.7. Workarounds Domain names cannot excee...

7.5CVSS6.5AI score0.01386EPSS
Exploits1References11Affected Software1
Github Security Blog
Github Security Blog
•added 2024/03/22 4:56 p.m.•43 views

Server Side Template Injection (SSTI) via Twig escape handler

Summary Due to the unrestricted access to twig extension class from grav context, an attacker can redefine the escape function and execute arbitrary commands. Details https://github.com/twigphp/Twig/blob/3.x/src/Extension/EscaperExtension.phpL99 php / Defines a new escaper to be used via the esca...

8.8CVSS8.4AI score0.01584EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2024/03/22 4:30 p.m.•43 views

Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass

Summary Grav CMS is vulnerable to a Server-Side Template Injection SSTI, which allows any authenticated user editor permissions are sufficient to execute arbitrary code on the remote server bypassing the existing security sandbox. Details The Grav CMS implements a custom sandbox to protect the...

8.8CVSS8.7AI score0.0576EPSS
Exploits4References4Affected Software1
Github Security Blog
Github Security Blog
•added 2024/03/21 9:31 a.m.•43 views

Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()

This Out-of-bounds Write vulnerability in Apache Commons Configuration affects Apache Commons Configuration: from 2.0 before 2.10.1. User can see this as a 'StackOverflowError' when adding a property in 'AbstractListDelimiterHandler.flattenIterator'. Users are recommended to upgrade to version...

7.3CVSS5.6AI score0.02054EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
•added 2024/03/06 6:30 p.m.•43 views

Jenkins Delphix Plugin has SSL/TLS certificate validation disabled by default

In Jenkins Delphix Plugin 3.0.1, a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower DCT connections is disabled by default...

5.3CVSS6.8AI score0.00417EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2024/03/06 3:25 p.m.•43 views

CasaOS Improper Restriction of Excessive Authentication Attempts vulnerability

Summary Here it is observed that the CasaOS doesn't defend against password brute force attacks, which leads to having full access to the server. Details The web application lacks control over the login attempts i.e. why attacker can use a password brute force attack to find and get full access...

9.8CVSS9.4AI score0.00977EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2024/02/08 6:44 p.m.•44 views

Rancher 'Audit Log' leaks sensitive information

Impact A vulnerability has been identified which may lead to sensitive data being leaked into Rancher's audit logs. Rancher Audit Logging is an opt-in feature, only deployments that have it enabled and have AUDITLEVEL set to 1 or above are impacted by this issue. The leaks might be caught in the...

8.4CVSS6.4AI score0.01882EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2024/02/06 3:32 p.m.•43 views

Allegro AI ClearML vulnerable to deserialization of untrusted data

Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.02452EPSS
Exploits9References3Affected Software1
Github Security Blog
Github Security Blog
•added 2024/01/19 9:30 p.m.•44 views

Duplicate Advisory: Exposure of sensitive information in ClickHouse

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-g8ph-74m6-8m7r. This link is maintained to preserve external references. Original Description Exposure of sensitive information in exceptions in ClickHouse's clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and...

8.8CVSS7AI score0.0067EPSS
Exploits1References8Affected Software3
Github Security Blog
Github Security Blog
•added 2023/12/28 10:32 p.m.•43 views

Winter CMS Stored XSS through Backend ColorPicker FormWidget

Impact Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be rendered unescaped in the backend form, potentially allowing for a stored XSS attack. By default, only the Brand Settings backend.managebranding and Mail Brand Settings...

5.4CVSS5.8AI score0.00309EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2023/12/13 6:31 p.m.•43 views

Password stored in a recoverable format by Jenkins OpenId Connect Authentication Plugin

Jenkins OpenId Connect Authentication Plugin stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain text password of that account, likely gaining administrator...

6.7CVSS6.7AI score0.00286EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2023/11/03 12:30 a.m.•43 views

Dromara Lamp-Cloud Use of Hard-coded Cryptographic Key

Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token...

9.8CVSS7.3AI score0.00681EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
•added 2023/10/20 7:30 p.m.•43 views

PDM Trojan Lockfile

Summary It's possible to craft a malicious pdm.lock file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. Details Project foo can be targeted by creating the project foo-2 and uploading the fil...

7.8CVSS7.6AI score0.00512EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
•added 2023/09/27 3:30 p.m.•43 views

Pimcore Demo Allows GraphQL Introspection

Introspection is enabled on demo.pimcore.fun. The demo site has graphql as a feature for users, but allows users to run instropection queries, which presents a potential schema information disclosure vulnerability...

6.5CVSS5.9AI score0.00783EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2023/09/20 6:30 p.m.•43 views

Jenkins Cross-site Scripting vulnerability

ExpandableDetailsNote allows annotating build log content with additional information that can be revealed when interacted with. Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the caption constructor parameter of ExpandableDetailsNote. This results in a stored...

5.4CVSS5.5AI score0.00883EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2023/09/19 8:35 p.m.•43 views

Improper Control of Generation of Code ('Code Injection') in jai-ext

Impact Programs using jt-jiffle, and allowing Jiffle script to be provided via network request, are susceptible to a Remote Code Execution as the Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects the downstream GeoServer project. Patches Version 1.2.22...

10CVSS9.5AI score0.98739EPSS
Exploits1References5Affected Software2
Github Security Blog
Github Security Blog
•added 2023/09/12 1:52 p.m.•43 views

OpenRefine Remote Code execution in project import with mysql jdbc url attack

Summary An remote Code exec vulnerability allows any unauthenticated user to exec code on the server. Details Hi,Team, i find openrefine support to import data from database,When use mysql jdbc to connect to database,It is vulnerable to jdbc url attacks,for example,unauthenticated attacker can ge...

9.8CVSS7.3AI score0.45473EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2023/09/11 12:59 p.m.•43 views

Argo CD repo-server Denial of Service vulnerability

Impact All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, the said component extracts a user-controlled tar.gz file without validating the size of its inner files. As a result, a malicious,...

6.5CVSS6.5AI score0.01176EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2023/08/16 9:2 p.m.•43 views

Flarum vulnerable to LFI and Blind SSRF via Avatar upload

Impact The Flarum forum software is affected by a vulnerability that allows an attacker to conduct a Blind SSRF attack or disclose any file on the server, even with a basic user account on any Flarum forum. By uploading a file containing a URL and spoofing the MIME type, an attacker can manipulat...

7.1CVSS6.4AI score0.00421EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
•added 2023/08/03 7:45 p.m.•43 views

Aerospike Java Client vulnerable to unsafe deserialization of server responses

GitHub Security Lab GHSL Vulnerability Report: GHSL-2023-044 The GitHub Security Lab team has identified a potential security vulnerability in Aerospike Java Client. We are committed to working with you to help resolve this issue. In this report you will find everything you need to effectively...

9.8CVSS8AI score0.01691EPSS
Exploits0References15Affected Software1
Github Security Blog
Github Security Blog
•added 2023/08/01 3:31 a.m.•43 views

mlflow vulnerable to OS Command Injection

OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0...

8.8CVSS7.1AI score0.01195EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2023/07/28 3:30 p.m.•43 views

SQL injection in jeecg-boot

jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData...

9.8CVSS8.3AI score0.72043EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2023/07/27 7:28 p.m.•43 views

Obfuscated email addresses should not be sorted

Impact The mail obfuscation configuration was not fully taken into account and is was still possible by obfuscated emails. See https://jira.xwiki.org/browse/XWIKI-20601 for the reproduction steps. Patches This has been patched in XWiki 14.10.9, and XWiki 15.3-rc-1. Workarounds The workaround is t...

4.3CVSS6.8AI score0.00661EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2023/07/03 9:30 p.m.•43 views

langchain arbitrary code execution vulnerability

An issue in langchain allows an attacker to execute arbitrary code via the PALChain in the python exec method...

9.8CVSS7.8AI score0.01074EPSS
Exploits1References11Affected Software1
Github Security Blog
Github Security Blog
•added 2023/05/17 3:49 a.m.•43 views

vm2 vulnerable to Inspect Manipulation

In versions 3.9.17 and lower of vm2 it was possible to get a read-write reference to the node inspect method and edit options for console.log. Impact A threat actor can edit options for console.log. Patches This vulnerability was patched in the release of version 3.9.18 of vm2. Workarounds After...

5.3CVSS6.7AI score0.0079EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2023/04/10 4:37 p.m.•43 views

Flask-AppBuilder Has No Rate Limiting on Login AUTH DB

Impact Lack of rate limiting will allow an attacker to brute-force user credentials. Patches Ability to enable rate limiting on Flask-AppBuilder = 4.3.0. Use AUTHRATELIMITED = True and RATELIMITENABLED = True set the limit itself by using AUTHRATELIMIT. Will apply only to database authentication...

7.5CVSS7.4AI score0.00629EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2023/03/28 7:57 p.m.•43 views

matrix-react-sdk Prototype pollution vulnerability

Impact Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear functional, though certain rooms/events will not be rendered. Patches...

8.2CVSS5.8AI score0.00906EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2023/03/07 8:35 p.m.•43 views

directus vulnerable to HTML Injection in Password Reset email to custom Reset URL

Impact Instances relying on an allow-listed reset URL are vulnerable to an HTML injection attack through the use of query parameters in the reset URL. Patches The problem has been resolved and released under version 9.23.0. People relying on a custom password reset URL should upgrade to 9.23.0 or...

8CVSS6AI score0.00531EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2023/02/14 12:32 a.m.•43 views

Cross-Site-Scripting attack on `<RichTextField>`

Impact All React applications built with react-admin and using the are affected. outputs the field value using dangerouslySetInnerHTML without client-side sanitization. If the data isn't sanitized server-side, this opens a possible Cross-Site-Scripting XSS attack. Proof of concept: jsx import...

5.4CVSS5.8AI score0.00694EPSS
Exploits1References7Affected Software2
Github Security Blog
Github Security Blog
•added 2023/01/16 3:30 a.m.•43 views

Froxlor vulnerable to Command Injection

Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8...

8.8CVSS8.8AI score0.97653EPSS
Exploits8References6Affected Software1
Github Security Blog
Github Security Blog
•added 2023/01/13 6:30 a.m.•43 views

Wildfly-elytron possibly vulnerable to timing attacks via use of unsafe comparator

wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead...

7.4CVSS8.1AI score0.00584EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2022/12/22 3:33 a.m.•44 views

jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC

Overview Versions =8.5.1 of jsonwebtoken library can be misconfigured so that passing a poorly implemented key retrieval function referring to the secretOrPublicKey argument from the readme link will result in incorrect verification of tokens. There is a possibility of using a different algorithm...

6.3CVSS1.9AI score0.00753EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2022/12/15 9:30 p.m.•43 views

FeehiCMS Cross Site Scripting vulnerability

Cross Site Scripting XSS vulnerability in FeehiCMS 2.1.1 allows remote attackers to run arbitrary code via upload of crafted XML file...

5.4CVSS5.7AI score0.00506EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2022/12/13 5:51 p.m.•43 views

Possible XSS vulnerability with certain configurations of rails-html-sanitizer

Summary There is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer. This is due to an incomplete fix of CVE-2022-32209. - Versions affected: ALL - Not affected: NONE - Fixed versions: 1.4.4 Impact A possible XSS vulnerability with certain configurations of...

6.1CVSS6.3AI score0.2914EPSS
Exploits2References7Affected Software1
Github Security Blog
Github Security Blog
•added 2022/12/08 3:3 a.m.•43 views

Unchecked return value from xmlTextReaderExpand

Summary Nokogiri 1.13.8, 1.13.9 fails to check the return value from xmlTextReaderExpand in the method Nokogiri::XML::Readerattributehash. This can lead to a null pointer exception when invalid markup is being parsed. For applications using XML::Reader to parse untrusted inputs, this may...

7.5CVSS2.6AI score0.0168EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2022/12/06 6:30 a.m.•43 views

GitPython vulnerable to Remote Code Execution due to improper user input validation

All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git...

9.8CVSS3.9AI score0.05378EPSS
Exploits1References20Affected Software1
Github Security Blog
Github Security Blog
•added 2022/11/21 10:34 p.m.•43 views

Tailscale Windows daemon is vulnerable to RCE via CSRF

A vulnerability identified in the Tailscale Windows client allows a malicious website to reconfigure the Tailscale daemon tailscaled, which can then be used to remotely execute code. Affected platforms: Windows Patched Tailscale client versions: v1.32.3 or later, v1.33.257 or later unstable What...

9.6CVSS8.8AI score0.01555EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2022/11/03 6:14 p.m.•43 views

@keystone-6/core's NODE_ENV defaults to development with esbuild

Impact @keystone-6/[email protected] || 3.0.1 users that use NODEENV in their own code not dependencies to trigger security-sensitive functionality in a production build are vulnerable to NODEENV being inlined to "development" for user code. If your dependencies use NODEENV to trigger particular...

9.8CVSS9AI score0.01486EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2022/10/11 7:0 p.m.•43 views

Gogs vulnerable to Cross-site Scripting

In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting XSS that leads to an account takeover...

9CVSS8.1AI score0.58021EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2022/09/26 12:0 a.m.•43 views

Dompdf allows remote file inclusion because URI validation failure does not halt font registration

registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule...

7.5CVSS7.3AI score0.04173EPSS
Exploits3References8Affected Software1
Github Security Blog
Github Security Blog
•added 2022/09/23 12:0 a.m.•43 views

Apache Batik Server-Side Request Forgery

Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14...

5.3CVSS6.3AI score0.02017EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
•added 2022/09/16 5:17 p.m.•43 views

nftables binding to an already bound chain

Impact An issue was discovered in net/netfilter/nftablesapi.c in the Linux kernel. A denial of service can occur upon binding to an already bound chain. Affected by this vulnerability is the function nftverdictinit of the file net/netfilter/nftablesapi.c. The manipulation with an unknown input...

5.5CVSS0.7AI score0.00308EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added 2022/09/16 5:6 p.m.•43 views

XWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action

Impact All rights checks that would normally prevent a user from viewing a document on a wiki can be bypassed using the login action and directly specified templates. This exposes title, content and comments of any document and properties of objects class and property name must be known, though...

7.5CVSS7.8AI score0.00846EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2022/09/16 12:0 a.m.•43 views

ThinkPHP deserialization vulnerability

ThinkPHP v6.0.13 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\Psr6Cache. This vulnerability allows attackers to execute arbitrary code via a crafted payload...

9.8CVSS9.4AI score0.20199EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2022/09/14 12:0 a.m.•43 views

Podman's incorrect handling of the supplementary groups may lead to data disclosure, modification

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to...

7.1CVSS6.7AI score0.00307EPSS
Exploits1References11Affected Software2
Github Security Blog
Github Security Blog
•added 2022/09/07 12:1 a.m.•43 views

x/crypto/ssh vulnerable to panic via malformed packets

The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an unauthenticated attacker to panic an SSH server. When using AES-GCM or ChaCha20Poly1305, consuming a malformed packet which contains an empty plaintext causes a panic...

7.5CVSS7.6AI score0.00984EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2022/08/18 7:15 p.m.•43 views

React Editable Json Tree vulnerable to arbitrary code execution via function parsing

Impact Our library allows strings to be parsed as functions and stored as a specialized component, JsonFunctionValue. To do this, Javascript's eval function was used to execute strings that begin with "function" as Javascript. This was an oversight that unfortunately allows arbitrary code to be...

10CVSS9.1AI score0.01209EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2022/08/18 2:18 p.m.•43 views

Bots using py-cord as Discord API wrapper are vulnerable to shutdowns through remote code execution

Impact py-cord is a an API wrapper for Discord written in Python. Bots using py-cord version 2.0.0 are vulnerable to remote shutdown if they are added to the server with the application.commands scope without the bot scope. Currently, it appears that all public bots that use slash commands are...

7.5CVSS6.4AI score0.00662EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2022/07/29 10:28 p.m.•43 views

Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings

Impact An authenticated Admin user could craft HTTP requests to filter users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The response would not include the hashed passwords, but an attacker could infer partial password hashes...

2.7CVSS3.2AI score0.00616EPSS
Exploits0References5Affected Software1
Total number of security vulnerabilities5000