Lucene search
K
GithubMost viewed

33181 matches found

Github Security Blog
Github Security Blog
added 2021/03/29 8:57 p.m.43 views

Out-of-bounds write

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062, CVE-2019-1092, CVE-2019-1103, CVE-2019-1106...

7.6CVSS2.6AI score0.09325EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/01/29 6:13 p.m.43 views

Path traversal in Node-RED-Dashboard

In Node-RED-Dashboard before 2.26.2 there is a path traversal vulnerability. It allows uibase/js/..%2f directory traversal to read files...

7.5CVSS3.9AI score0.18369EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/11/04 9:8 p.m.43 views

Edit feed settings and others, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0

baserCMS 4.4.0 and earlier is affected by Cross Site Scripting XSS. Impact: XSS via Arbitrary script execution. Attack vector is: Administrator must be logged in. Components are: Edit feed settings, Edit widget area, Sub site new registration, New category registration Tested baserCMS Version :...

8.1CVSS0.7AI score0.01016EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/10/27 8:30 p.m.43 views

Unauthorized privilege escalation in Mod module

Impact An unauthorized privilege escalation exploit has been discovered in the Mod module: this exploit allows Discord users with a high privilege level within the guild to bypass hierarchy checks when the application is in a specific condition that is beyond that user's control. By abusing this...

7.7CVSS1.9AI score0.01065EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/11 9:8 p.m.43 views

Command Injection in soletta-dev-app

All versions of soletta-dev-app are vulnerable to Command Injection. The package does not validate user input on the /api/service/status API endpoint, passing contents of the service query parameter to an exec call. This may allow attackers to run arbitrary commands in the system. Recommendation ...

6.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/04 5:59 p.m.43 views

Denial of Service in http-proxy

Versions of http-proxy prior to 1.18.1 are vulnerable to Denial of Service. An HTTP request with a long body triggers an ERRHTTPHEADERSSENT unhandled exception that crashes the proxy server. This is only possible when the proxy server sets headers in the proxy request using the proxyReq.setHeader...

1.4AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/04 3:26 p.m.43 views

Cross-Site Scripting in react

Versions of react prior to 0.14.0 are vulnerable to Cross-Site Scripting XSS. The package's createElement function fails to properly validate its input object, allowing attackers to execute arbitrary JavaScript in a victim's browser. Recommendation Upgrade to version 0.14.0 or later...

5.4AI score
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/03 9:18 p.m.43 views

Sandbox Breakout / Arbitrary Code Execution in safer-eval

All versions of safer-eval are vulnerable to Sandbox Escape leading to Remote Code Execution. It is possible to escape the sandbox by forcing exceptions recursively in the evaluated code. This may allow attacker to execute arbitrary code in the system. Recommendation The package is not suited to...

6.2AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2020/08/21 4:25 p.m.43 views

Client Denial of Service on TUF

Impact An attacker who can gain file access to the repository and modify metadata files may cause a denial of service to clients by creating many invalid signatures on a metadata file. Having a large number of signatures to verify will delay the moment when the client will determine the signature...

5.3CVSS2.3AI score0.01403EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/07/27 5:47 p.m.43 views

Authorization Bypass in I hate money

Impact An authenticated member of one project can modify and delete members of another project, without knowledge of this other project's private code. This can be further exploited to access all bills of another project without knowledge of this other project's private code. With the default...

4.9CVSS0.3AI score0.01029EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/07/23 6:20 p.m.43 views

Storing Password in Local Storage

The setPassword method http://parseplatform.org/Parse-SDK-JS/api/2.9.1/Parse.User.htmlsetPassword stores the user's password in localStorage as raw text making it vulnerable to anyone with access to your localStorage. We believe this is the only time that password is stored at all. In the...

6.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2020/07/07 12:1 a.m.43 views

Arbitrary file read via window-open IPC in Electron

Impact The vulnerability allows arbitrary local file read by defining unsafe window options on a child window opened via window.open. Workarounds Ensure you are calling event.preventDefault on all new-window events where the url or options is not something you expect. Fixed Versions 9.0.0-beta.21...

7.5CVSS4.8AI score0.01175EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/26 4:27 p.m.43 views

RSA PKCS#1 decryption vulnerability with prepending zeros in jsrsasign

Impact Jsrsasign supports RSA PKCS1 v1.5 i.e. RSAES-PKCS1-v15 and RSA-OAEP encryption and decryption. Its encrypted message is represented as BigInteger. When there is a valid encrypted message, a crafted message with prepending zeros can be decrypted by this vulnerability. - If you don't use RSA...

9.8CVSS1.6AI score0.02592EPSS
Exploits1References12Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/18 7:23 p.m.43 views

Command injection in mversion

Impact This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. Patches Patched by version 2.0.0. Previous releases are deprecated in npm. Workarounds Make sure to escape git commit messages when using the commitMessage option for t...

7.5CVSS3.8AI score0.02596EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2019/10/11 6:41 p.m.43 views

HTTP Request Smuggling in Netty

Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers such as a "Transfer-Encoding : chunked" line, which leads to HTTP request smuggling...

7.5CVSS0.7AI score0.08415EPSS
Exploits1References82Affected Software3
Github Security Blog
Github Security Blog
added 2019/08/06 1:43 a.m.43 views

Allocation of Resources Without Limits or Throttling in Apache Tika

In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. Apache Tika users should upgrade to 1.22 or later...

6.5CVSS2AI score0.03699EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2019/07/19 4:12 p.m.43 views

Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory usage

The Pallets Project Flask before 1.0 is affected by unexpected memory usage. The impact is denial of service. The attack vector is crafted encoded JSON data. The fixed version is 1. NOTE this may overlap CVE-2018-1000656...

7.5CVSS7.5AI score0.01884EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2019/07/05 9:10 p.m.43 views

Django Denial-of-service by filling session store

The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service session store consumption via multiple requests with unique session keys...

7.8CVSS6.1AI score0.07266EPSS
Exploits0References16Affected Software1
Github Security Blog
Github Security Blog
added 2019/06/07 8:56 p.m.43 views

Cross-site Scripting in HAPI FHIR

XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR library before 3.8.0. The attack involves unsanitized HTTP parameters being output in a form page, allowing attackers to leak cookies and other sensitive information from ca/uhn/fhir/to/BaseController.java via a specially crafte...

6.1CVSS2.4AI score0.01268EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2019/06/03 5:8 p.m.43 views

Memory Exposure in tunnel-agent

Versions of tunnel-agent before 0.6.0 are vulnerable to memory exposure. This is exploitable if user supplied input is provided to the auth value and is a number. Proof-of-concept: js require'request' method: 'GET', uri: 'http://www.example.com', tunnel: true, proxy: protocol: 'http:',...

3.3AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2019/05/29 6:54 p.m.43 views

Access control bypass in Apache ZooKeeper

An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper?s getACL command doesn?t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider...

5.9CVSS2.4AI score0.09634EPSS
Exploits0References22Affected Software1
Github Security Blog
Github Security Blog
added 2019/04/09 7:47 p.m.43 views

Jupyter Notebook open redirect vulnerability

In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255...

6.1CVSS6.4AI score0.01264EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2019/02/07 6:16 p.m.43 views

Prototype Pollution in lodash

Versions of lodash before 4.17.11 are vulnerable to prototype pollution. The vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of Object via constructor: prototype: ... causing the addition or modification of an existing propert...

6.8CVSS6.3AI score0.01553EPSS
Exploits2References6Affected Software2
Github Security Blog
Github Security Blog
added 2019/01/04 7:7 p.m.43 views

com.fasterxml.jackson.core:jackson-databind vulnerable to Deserialization of Untrusted Data

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization...

9.8CVSS9.7AI score0.10599EPSS
Exploits0References41Affected Software1
Github Security Blog
Github Security Blog
added 2019/01/04 5:50 p.m.43 views

Django open redirect and possible XSS attack via user-supplied numeric redirect URLs

Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects namely django.utils.http.issafeurl considered some numeric URLs "safe" when they shouldn't be, aka an open...

6.1CVSS6.1AI score0.02384EPSS
Exploits1References15Affected Software1
Github Security Blog
Github Security Blog
added 2018/11/26 11:58 p.m.43 views

Critical severity vulnerability that affects event-stream and flatmap-stream

The NPM package flatmap-stream is considered malicious. A malicious actor added this package as a dependency to the NPM event-stream package in version 3.3.6. Users of event-stream are encouraged to downgrade to the last non-malicious version, 3.3.4, or upgrade to the latest 4.x version. Users of...

4.7AI score
Exploits0References2Affected Software2
Github Security Blog
Github Security Blog
added 2018/11/09 5:50 p.m.43 views

Jetty vulnerable to exposure of sensitive information to unauthenticated remote users

The exception handling code in Eclipse Jetty prior to 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak...

7.5CVSS7.3AI score0.74881EPSS
Exploits16References13Affected Software1
Github Security Blog
Github Security Blog
added 2018/11/09 5:41 p.m.43 views

org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11 Improper Authentication vulnerability

From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property 'spark.authenticate.secret' establishes a shared secret for authenticating requests to submit jobs vi...

4.9CVSS1.5AI score0.6583EPSS
Exploits2References6Affected Software2
Github Security Blog
Github Security Blog
added 2018/11/09 5:41 p.m.43 views

Uncontrolled Resource Consumption in spray-json

Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service resource consumption because of Algorithmic Complexity during the parsing of many JSON object fields with keys that have the same hash code...

7.5CVSS4.7AI score0.01897EPSS
Exploits1References3Affected Software3
Github Security Blog
Github Security Blog
added 2018/10/19 5:43 p.m.43 views

Moderate severity vulnerability that affects io.vertx:vertx-core

In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response...

5.3CVSS3AI score0.02482EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/19 4:46 p.m.43 views

Deserialization of Untrusted Data in swagger-codegen

A vulnerability in Swagger-Parser's version = 1.0.30 and Swagger codegen version = 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in...

8.8CVSS5.6AI score0.01705EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2018/10/19 4:41 p.m.43 views

Moderate severity vulnerability that affects org.apache.commons:commons-compress

When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite...

5.5CVSS3.3AI score0.05253EPSS
Exploits0References19Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/16 7:37 p.m.43 views

The REST Plugin in Apache Struts is using an outdated XStream library

The REST Plugin in Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload...

7.5CVSS3.5AI score0.0902EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/10 5:29 p.m.43 views

Moderate severity vulnerability that affects sprockets

Withdrawn, accidental duplicate publish. Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4,...

5CVSS4.6AI score0.0386EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/09 12:38 a.m.43 views

Verification Bypass in jsonwebtoken

Versions 4.2.1 and earlier of jsonwebtoken are affected by a verification bypass vulnerability. This is a result of weak validation of the JWT algorithm type, occuring when an attacker is allowed to arbitrarily specify the JWT algorithm. Recommendation Update to version 4.2.2 or later...

9.8CVSS8.9AI score0.08655EPSS
Exploits3References6Affected Software1
Github Security Blog
Github Security Blog
added 2018/09/06 3:28 a.m.43 views

Ansible fails to properly mark lookup-plugin results as unsafe

Ansible before versions 2.1.6.0, 2.2.3.0, 2.3.1.0, and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default,...

9.8CVSS9.4AI score0.04804EPSS
Exploits0References17Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.43 views

ActiveRecord vulnerable to modification of protected model attributes

ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attrprotected protection mechanism and modify protected model attributes via a crafted request...

4.3CVSS6.2AI score0.0246EPSS
Exploits1References12Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.43 views

actionpack Improper Input Validation vulnerability

actionpack/lib/actionview/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service memory consumption by including these strings in heade...

5CVSS6AI score0.06193EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 5:35 p.m.42 views

Nodemailer jsonTransport bypasses disableFileAccess and disableUrlAccess during message normalization

Summary Nodemailer's disableFileAccess and disableUrlAccess options are intended to prevent message content and attachments from reading local files or fetching URLs. The normal MIME streaming path enforces those options in MimeNode.getStream. However, jsonTransport serializes messages by calling...

5.5AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/08 11:55 p.m.42 views

Puma PROXY Protocol v1 Parser Allows Remote Memory Exhaustion

Impact PROXY protocol support for Puma was added in version 5.5.0. When PROXY protocol v1 support is enabled, Puma reads incoming bytes into an internal buffer. It waits for "\r\n" to determine whether a PROXY v1 line is present. If an attacker opens a TCP connection and continuously sends bytes...

5.8AI score0.0007EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/08 11:0 p.m.42 views

PHPSpreadsheet has a patch bypass for CVE-2026-34084

Summary CVE-2026-34084 was patched by the helper File::prohibitWrappers. The helper calls parseurl$filename, PHPURLSCHEME and then checks isstring$scheme && strlen$scheme 1 to reject stream wrappers such as phar://, php://, data:// or expect://. The check is not equivalent to "does the path conta...

9.8CVSS5.7AI score0.00712EPSS
Exploits3References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 8:30 p.m.42 views

Svelte: SSR XSS via Insecure Promise Serialization in hydratable

Contents of hydratable promises were not properly stringified, potentially leading to an XSS exploit. You are vulnerable if all of the following is true: - you are using hydratable an experimental feature at the time of this report - you are passing attacker-controlled input such that a synchrono...

5.8AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/17 3:31 p.m.42 views

Mattermost doesn't validate whether users were correctly owned by the correct Connected Workspace

Mattermost versions 10.11.x = 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Workspaces feature to change the displayed status of local users via the Connected Workspaces API...

2.7CVSS5.3AI score0.00167EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/08 10:4 p.m.42 views

JavaScript SDK v2 users should add validation to the region parameter value in or migrate to v3

CVSSv3.1 Rating: 3.7 LOW Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. Per the AWS shared responsibilit...

6.6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2025/07/21 7:4 p.m.42 views

form-data uses unsafe random function in form-data for choosing boundary

Summary form-data uses Math.random to select a boundary value for multipart form-encoded data. This can lead to a security issue if an attacker: 1. can observe other values produced by Math.random in the target application, and 2. can control one field of a request made using form-data Because th...

9.4CVSS7.1AI score0.01735EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/05/28 2:25 p.m.42 views

Traefik allows path traversal using url encoding

Impact There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path, if the URL contains a URL encoded string in its path, it’s possible to target ...

9.1CVSS6.2AI score0.00784EPSS
Exploits0References6Affected Software3
Github Security Blog
Github Security Blog
added 2025/05/08 6:30 p.m.42 views

OpenStack Ironic fails to restrict paths used for file:// image URLs

OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling if a deployment was performed via the API. A malicious project assigned as a node owner can provide a path to any local file readable by ironic-conductor, which may then be written to the target...

2.8CVSS6.5AI score0.00155EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/03/12 8:20 p.m.42 views

Ruby SAML allows a SAML authentication bypass due to DOCTYPE handling (parser differential)

Summary An authentication bypass vulnerability was found in ruby-saml due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping...

9.8CVSS6.8AI score0.19506EPSS
Exploits1References16Affected Software1
Github Security Blog
Github Security Blog
added 2024/12/11 6:44 p.m.42 views

SiYuan has an arbitrary file read and path traversal via /api/export/exportResources

Summary Siyuan's /api/export/exportResources endpoint is vulnerable to arbitary file read via path traversal. It is possible to manipulate the paths parameter to access and download arbitrary files from the host system by traversing the workspace directory structure. Impact Arbitrary File Read...

8.7CVSS6.7AI score0.00597EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/11/21 10:20 p.m.42 views

LLama Factory Remote OS Command Injection Vulnerability

Summary A critical remote OS command injection vulnerability has been identified in the Llama Factory training process. This vulnerability arises from improper handling of user input, allowing malicious actors to execute arbitrary OS commands on the host system. The issue is caused by insecure...

9.8CVSS7.5AI score0.02273EPSS
Exploits1References5Affected Software1
Total number of security vulnerabilities5000