Lucene search
K
GithubMost viewed

33181 matches found

Github Security Blog
Github Security Blog
•added 2023/03/20 8:44 p.m.•42 views

svg-sanitizer has Cross-site Scripting Bypass

Update In 88 we have determined that the bypass this security advisory was created for, was a false positive and as such we have requested that the CVE be rejected. A bypass has been found that allows an attacker to upload an SVG with persistent XSS. HTML elements within CDATA needed to be...

9.1AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2023/03/17 2:43 p.m.•42 views

Streamlit publishes previously-patched Cross-site Scripting vulnerability

Synopsis: Streamlit open source publicizes a prior security fix implemented in 2021. The vulnerability affected Streamlit versions between 0.63.0 and 0.80.0 inclusive and was patched on April 21, 2021. If you are using Streamlit with version before 0.63.0 or after 0.80.0, no action is required. 1...

6.1CVSS5.4AI score0.00407EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2023/03/02 11:11 p.m.•42 views

Vega Expression Language `scale` expression function Cross Site Scripting

Summary The Vega scale expression function has the ability to call arbitrary functions with a single controlled argument. This can be exploited to escape the Vega expression sandbox in order to execute arbitrary JavaScript. Details The scale expression function passes a user supplied argument gro...

6.5CVSS6.7AI score0.00775EPSS
Exploits1References7Affected Software2
Github Security Blog
Github Security Blog
•added 2023/02/23 4:58 p.m.•42 views

Unsafe fall-through in getWhereConditions

Impact Providing an invalid value to the where option of a query caused Sequelize to ignore that option instead of throwing an error. A finder call like the following did not throw an error: ts User.findAll where: new Date, ; As this option is typically used with plain javascript objects, be awar...

9.9CVSS8.1AI score0.00809EPSS
Exploits0References10Affected Software2
Github Security Blog
Github Security Blog
•added 2023/02/19 6:30 p.m.•42 views

java-xmlbuilder vulnerable to XML External Entity Reference

A vulnerability was found in java-xmlbuilder up to 1.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. Upgrading to version 1.2 is able to address this issue. The name of the patch is...

9.8CVSS8.9AI score0.01231EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
•added 2023/02/08 10:37 p.m.•42 views

Argo CD leaks repository credentials in user-facing error messages and in logs

Impact All versions of Argo CD starting with v2.6.0-rc1 have an output sanitization bug which leaks repository access credentials in error messages. These error messages are visible to the user, and they are logged. The error message is visible when a user attempts to create or update an...

6.5CVSS6.7AI score0.00843EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2023/02/08 9:38 p.m.•42 views

Credential disclosure in syft when SYFT_ATTEST_PASSWORD environment variable set

A password disclosure flaw was found in Syft versions v0.69.0 and v0.69.1. This flaw leaks the password stored in the SYFTATTESTPASSWORD environment variable. Impact The SYFTATTESTPASSWORD environment variable is for the syft attest command to generate attested SBOMs for the given container image...

7.5CVSS7.4AI score0.00791EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2023/01/30 6:30 a.m.•42 views

Eta vulnerable to Code Injection via templates rendered with user-defined data

Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution RCE by overwriting template engine configuration variables with view options received from The Express render API. Note: This is exploitable only for users who are rendering templates with user-defined data...

8.8CVSS6.2AI score0.01995EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2023/01/26 9:30 p.m.•42 views

Cross-site request forgery in Jenkins Gerrit Trigger Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit...

6.5CVSS7AI score0.00487EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2023/01/16 12:30 a.m.•42 views

thorsten/phpmyfaq is vulnerable to cross-site scripting (XSS)

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10...

8.6CVSS5.8AI score0.00562EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2023/01/11 3:30 p.m.•42 views

Duplicate Advisory: PapaParse Inefficient Regular Expression Complexity vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qvjc-g5vr-mfgr. This link is maintained to preserve external references. Original Description A vulnerability was found in mholt PapaParse up to 5.1.x. It has been classified as problematic. Affected is an unkno...

7.5CVSS7.1AI score0.01388EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
•added 2023/01/10 10:43 p.m.•42 views

.NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2023-21538: .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to...

7.5CVSS7.6AI score0.0274EPSS
Exploits0References7Affected Software12
Github Security Blog
Github Security Blog
•added 2022/12/13 7:44 p.m.•42 views

Keycloak vulnerable to session takeover with OIDC offline refreshtokens

An issue was discovered in Keycloak when using a client with the offlineaccess scope. Reuse of session ids across root and user authentication sessions and a lack of root session validation enabled attackers to resolve a user session attached to a different previously authenticated user. This iss...

6.8CVSS2.3AI score0.00952EPSS
Exploits0References15Affected Software1
Github Security Blog
Github Security Blog
•added 2022/12/13 6:30 p.m.•43 views

Apache CXF Server-Side Request Forgery vulnerability

A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...

9.8CVSS8.8AI score0.0193EPSS
Exploits6References3Affected Software1
Github Security Blog
Github Security Blog
•added 2022/11/11 7:0 p.m.•42 views

Snakeyaml vulnerable to Stack overflow leading to denial of service

Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack...

6.5CVSS6.6AI score0.01476EPSS
Exploits1References13Affected Software1
Github Security Blog
Github Security Blog
•added 2022/11/04 7:1 p.m.•42 views

Apache Pulsar Disabled Certificate Validation for OAuth Client Credential Requests makes C++/Python Clients vulnerable to MITM attack

The Apache Pulsar C++ Client does not verify peer TLS certificates when making HTTPS calls for the OAuth2.0 Client Credential Flow, even when tlsAllowInsecureConnection is disabled via configuration. This vulnerability allows an attacker to perform a man in the middle attack and intercept and/or...

8.1CVSS7.9AI score0.00704EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2022/10/21 8:29 p.m.•42 views

.NET Denial of Service Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0 and .NET 5.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A Denial of Service vulnerability exists in .NET 6.0 and...

7.5CVSS0.4AI score0.03739EPSS
Exploits0References8Affected Software12
Github Security Blog
Github Security Blog
•added 2022/09/30 10:46 p.m.•42 views

matrix-js-sdk subject to user impersonation due to key/device identifier confusion in SAS verification

Impact An attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one of the users’ identities, leading to the other device trusting/verifying the user identity under the control of th...

8.6CVSS8AI score0.00936EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2022/09/16 5:39 p.m.•42 views

XWiki Platform Web Templates vulnerable to Missing Authorization, Exposure of Private Personal Information to Unauthorized Actor

Impact Through the suggestion feature, string and list properties of objects the user shouldn't have access to can be accessed. This includes private personal information like email addresses and salted password hashes of registered users but also other information stored in properties of objects...

7.5CVSS7.2AI score0.00682EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
•added 2022/09/14 12:0 a.m.•42 views

rdiffweb Missing Custom Error Page

rdiffweb version 2.4.1 is set to a default and leaks error information. Version 2.4.2 fixes this issue...

5.3CVSS5.1AI score0.00684EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2022/08/19 12:0 a.m.•42 views

OmniAuth's `lib/omniauth/failure_endpoint.rb` does not escape `message_key` value

lib/omniauth/failureendpoint.rb in OmniAuth before 1.9.2 and before 2.0 does not escape the messagekey value...

9.8CVSS8.9AI score0.01035EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2022/07/29 10:29 p.m.•42 views

Juniper is vulnerable to @DOS GraphQL Nested Fragments overflow

GraphQL behaviour Nested fragment in GraphQL might be quite hard to handle depending on the implementation language. Some language support natively a max recursion depth. However, on most compiled languages, you should add a threshold of recursion. graphql Infinite loop example query ...a fragmen...

7.5CVSS7.3AI score0.01331EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
•added 2022/07/21 10:33 p.m.•42 views

OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers

Impact SignatureChecker.isValidSignatureNow is not expected to revert. However, an incorrect assumption about Solidity 0.8's abi.decode allows some cases to revert, given a target contract that doesn't implement EIP-1271 as expected. The contracts that may be affected are those that use...

7.5CVSS7.2AI score0.00413EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
•added 2022/07/19 12:0 a.m.•42 views

Apache SkyWalking NodeJS Agent can lose availability if header includes illegal SkyWalking header

A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can't establish the connection...

7.5CVSS7.2AI score0.01595EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2022/07/13 12:0 a.m.•42 views

Svelte vulnerable to XSS when using objects during server-side rendering

The package svelte before 3.49.0 is vulnerable to Cross-site Scripting XSS due to improper input sanitization and to improper escape of attributes when using objects during SSR Server-Side Rendering. Exploiting this vulnerability is possible via objects with a custom toString function...

6.1CVSS5.8AI score0.01042EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2022/07/01 12:1 a.m.•42 views

Cross-site Scripting in Jenkins GitLab Plugin

Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fields inserted into the description of webhook-triggered builds, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. GitLab Plugin 1.5.35 does not show user-provide...

5.4CVSS4.9AI score0.7236EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2022/06/21 4:57 p.m.•42 views

CURLOPT_HTTPAUTH option not cleared on change of origin

Impact Authorization headers on requests are sensitive information. When using our Curl handler, it is possible to use the CURLOPTHTTPAUTH option to specify an Authorization header. On making a request which responds with a redirect to a URI with a different origin, if we choose to follow it, we...

7.7CVSS7.1AI score0.01762EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/25 10:40 p.m.•42 views

Possible information disclosure inside TreeGrid component with default data provider

Description The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information...

7.5CVSS6.9AI score0.00915EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
•added 2022/05/24 10:16 p.m.•42 views

Incomplete validation in signal ops leads to crashes in TensorFlow

Impact The tf.compat.v1.signal.rfft2d and tf.compat.v1.signal.rfft3d lack input validation and under certain condition can result in crashes due to CHECK-failures. Patches We have patched the issue in GitHub commit 0a8a781e597b18ead006d19b7d23d0a369e9ad73 merging GitHub PR 55274. The fix will be...

5.5CVSS6.1AI score0.0031EPSS
Exploits1References10Affected Software3
Github Security Blog
Github Security Blog
•added 2022/05/24 10:6 p.m.•42 views

Missing validation causes denial of service via `DeleteSessionTensor`

Impact The implementation of tf.rawops.DeleteSessionTensor does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import tensorflow as tf handle = tf.constant"", shape=0, dtype=tf.string...

5.5CVSS6AI score0.00325EPSS
Exploits1References9Affected Software3
Github Security Blog
Github Security Blog
•added 2022/05/24 5:39 p.m.•42 views

Gravity Forms stored Cross-Site Scripting (XSS) vulnerability

A stored Cross-Site Scripting XSS vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role Administrator, Editor, etc...

4.8CVSS5.6AI score0.00616EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/24 5:28 p.m.•42 views

Missing hostname validation in Email Extension Plugin

Email Extension Plugin 2.75 and earlier does not perform hostname validation when connecting to the configured SMTP server. This lack of validation could be abused using a man-in-the-middle attack to intercept these connections. Email Extension Plugin 2.76 validates the SMTP hostname when...

5.8CVSS5.2AI score0.00691EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/24 5:19 p.m.•42 views

containernetworking/plugins vulnerable to MitM attacks

A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle MitM attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or...

6CVSS6.6AI score0.02428EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/24 4:49 p.m.•42 views

libxslt Type Confusion vulnerability that affects Nokogiri

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. Nokogiri prior to version 1.10.5 used a vulnerable...

5.3CVSS2.5AI score0.05147EPSS
Exploits0References50Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/17 4:31 a.m.•42 views

Plone Code Injection vulnerability

registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface...

6.8CVSS6.8AI score0.02066EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/17 4:19 a.m.•42 views

Symfony Denial of Service Via Long Password Hashing

The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service CPU consumption via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a...

5CVSS6.9AI score0.01868EPSS
Exploits0References9Affected Software3
Github Security Blog
Github Security Blog
•added 2022/05/14 3:44 a.m.•42 views

Deserialization of Untrusted Data in Jenkins

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void...

6.5CVSS4.4AI score0.01776EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/14 12:58 a.m.•42 views

curl FTP path confusion leads to NIL byte out of bounds write

curl can be coerced into writing a zero byte out of bounds. This bug can trigger when curl is told to work on an FTP URL, with the setting to only issue a single CWD command --ftp-method singlecwd or the libcurl alternative CURLOPTFTPFILEMETHOD. curl then URL-decodes the given path, calls strlen ...

9.8CVSS0.1AI score0.12058EPSS
Exploits0References21Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/14 12:56 a.m.•42 views

Enhanced Image plugin for CKEditor is vulnerable to Cross-site scripting (XSS)

The Enhanced Image aka image2 plugin for CKEditor in versions 4.5.10 through 4.9.1; fixed in 4.9.2, and as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2 and other products, is vulnerable to cross-site scripting because it allows remote attackers to inject arbitrary web script through a...

6.1CVSS6.2AI score0.0178EPSS
Exploits0References8Affected Software3
Github Security Blog
Github Security Blog
•added 2022/05/14 12:54 a.m.•42 views

Authlogic Information Exposure vulnerability

The Authlogic gem for Ruby on Rails prior to version 3.3.0 makes potentially unsafe findbyid method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secrettoken value, as demonstrated by a value...

5CVSS5.1AI score0.02737EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/14 12:54 a.m.•42 views

ClassLoader manipulation in Apache Struts

CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists...

5.8CVSS8.7AI score0.06516EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/13 1:53 a.m.•42 views

ChakraCore information disclosure vulnerability

An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers, aka "Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge...

4.3CVSS5.7AI score0.05588EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/13 1:38 a.m.•42 views

Keycloak Reflected XSS

It was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server...

5.4CVSS6AI score0.01021EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/13 1:20 a.m.•42 views

ChakraCore RCE Vulnerability

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8267...

7.6CVSS7.4AI score0.11168EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/13 1:14 a.m.•42 views

Improper Input Validation in Apache Tomcat

The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a...

7.1CVSS1.4AI score0.39633EPSS
Exploits6References61Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/13 1:14 a.m.•42 views

Apache Tomcat Improper Access Control vulnerability

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency...

9.8CVSS7.8AI score0.90338EPSS
Exploits1References60Affected Software2
Github Security Blog
Github Security Blog
•added 2022/05/13 1:13 a.m.•42 views

Moodle Allows Modification of Constants

The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the values of constant...

5CVSS7.2AI score0.02102EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/13 1:2 a.m.•42 views

Nokogiri gem, via libxml, is affected by DoS vulnerabilities

parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities...

7.5CVSS6.9AI score0.05928EPSS
Exploits0References13Affected Software1
Github Security Blog
Github Security Blog
•added 2022/05/05 2:48 a.m.•42 views

Rack arbitrary code execution via timing attack

Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that doe...

5.1CVSS8.7AI score0.05281EPSS
Exploits0References14Affected Software1
Github Security Blog
Github Security Blog
•added 2022/04/22 8:55 p.m.•42 views

Denial of Service in http-swagger

Impact Allows an attacker to perform a DOS attack consisting of memory exhaustion on the host system. Patches Yes. Please upgrade to v1.2.6. Workarounds A workaround is to restrict the path prefix to the "GET" method. As shown below func main r := mux.NewRouter...

7.8CVSS0.5AI score0.02402EPSS
Exploits0References7Affected Software1
Total number of security vulnerabilities5000