Lucene search
K
GithubRecent

33122 matches found

Github Security Blog
Github Security Blog
added 2026/06/26 9:48 p.m.6 views

Cargo crates in third party registries can override the cached source of other crates

The Rust Security Response Team was notified that Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. This vulnerability is tracked as CVE-2026-5223. The...

6.5CVSS5.8AI score0.00294EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 9:47 p.m.6 views

Cargo can be coerced to share credentials between registries

The Rust Security Response Team was notified that Cargo incorrectly normalized the URLs of third-party registries using the sparse index protocol1. If a hosting provider allowed multiple registries to be hosted with arbitrary names within the same domain, an attacker able to publish crates in a...

6.5CVSS5.9AI score0.00328EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 9:46 p.m.7 views

php-weasyprint: shell command injection via configurable WeasyPrint binary path due to inverted is_executable() guard (mirror of KnpLabs/snappy GHSA-vpr4-p6fq-85jc)

Summary pontedilana/php-weasyprint builds the shell command for WeasyPrint by passing the binary path through escapeshellarg first and then checking the quoted result with isexecutable. On POSIX escapeshellarg'/usr/local/bin/weasyprint' returns '/usr/local/bin/weasyprint' with the single-quote...

8.2CVSS5.8AI score0.00154EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 9:29 p.m.6 views

Nebula Mesh: Web UI lacks ownership checks, enabling cross-operator access to hosts and networks (read, block, delete)

Summary The web UI /ui/ does not apply the per-operator CA scoping the JSON API received for GHSA-598g-h2vc-h5vg. Any authenticated non-admin operator for example, one created via self-registration or OIDC can access resources belonging to other operators. Impact A non-admin operator can: - Block...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 9:23 p.m.27 views

phpMyFAQ has an incomplete fix for GHSA-xvp4-phqj-cjr3 — editUser() and updateUserRights() lack authorization guards

Advisory / Disclosure phpMyFAQ 4.1.3 — incomplete fix for the admin-API IDOR/privilege-escalation class Target: thorsten/phpMyFAQ composer: thorsten/phpmyfaq, phpmyfaq/phpmyfaq Affected: "Only SuperAdmins may change other users' attributes. Self-service is always allowed." and "a non-SuperAdmin...

6AI score
Exploits0References2Affected Software2
Github Security Blog
Github Security Blog
added 2026/06/26 9:8 p.m.5 views

@cardano402/mcp-server missing spending limits, LAN-exposed HTTP transport, and SSRF via catalog.server.url

Summary @cardano402/mcp-server versions = 0.1.1 ship three security gaps that can lead to unauthorized fund movement when the package is used as designed an MCP server exposing Cardano payment tools to an Impact 1. No spending limits on signed payments An LLM or prompt-injected LLM calling tools...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 9:5 p.m.5 views

mcp-pinot: Unauthenticated tool invocation via default oauth_enabled=False + host 0.0.0.0 bind

Resolution Fixed in v3.1.0, released 2026-05-25. The fix was merged in PR 95 at commit 1c7d3f9. The fix changes the default HTTP bind host to 127.0.0.1, refuses non-loopback HTTP/HTTPS exposure unless OAuth is enabled, makes Helm exposure opt-in and OAuth-gated, and adds parser-backed...

10CVSS6.1AI score0.00498EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 9:5 p.m.5 views

Relyra SAML SignatureValue not cryptographically verified -> authentication bypass

Summary Relyra 1.0.0 and 1.1.0 accept forged SAML signatures because SignatureValue was not cryptographically verified before the library returned a successful authentication result. Details In 1.0.0 and 1.1.0, the XMLDSig trust boundary was incomplete. :publickey.verify over the exclusive-C14N...

9.1CVSS5.9AI score0.00135EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 9:4 p.m.5 views

mcp-memory-service: OAuth read-only clients can write and delete memories through MCP tools/call

Summary The HTTP MCP JSON-RPC endpoint at /mcp requires only OAuth read scope for all requests, then dispatches tools/call directly to handlers that include mutating tools. A read-only OAuth client can call storememory and deletememory through MCP even though the corresponding REST endpoints...

8.1CVSS5.8AI score0.00264EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 9:3 p.m.4 views

deepstream is vulnerable to prototype pollution

Impact Prototype pollution in deepstream server v =10.0.4. Potential privilege escalation from any authenticated user with write permission to any record. Patches Yes, upgrade to v10.0.5 Workarounds Filter out all messages containing the path proto, constructor, prototype, before they reach the...

9.9CVSS5.8AI score0.0027EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 9:3 p.m.5 views

Dosage Vulnerable to Stored Cross-Site Scripting (XSS) in HTML/RSS Output Handlers

Summary The HTML and RSS output handlers in dosagelib/events.py write user-controlled content comic text and page URLs directly into generated files without proper HTML escaping. When a user scrapes a malicious webcomic and opens the generated HTML/RSS file, attacker-controlled JavaScript can...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 9:2 p.m.5 views

Scriban: ExpressionDepthLimit guard is non-enforcing — parser-recursion DoS in 6.6.0–7.2.0 (incomplete fix for GHSA-wgh7-7m3c-fx25 / GHSA-p6q4-fgr8-vx4p)

Summary The ExpressionDepthLimit parser guard in Scriban does not actually stop parsing — it only logs a non-fatal error and lets recursive descent continue. As a result, a template containing a deeply nested expression parentheses, array initializers, object initializers, or unary operators driv...

6.1AI score
Exploits0References2Affected Software2
Github Security Blog
Github Security Blog
added 2026/06/26 9:1 p.m.9 views

Scriban: array * int (ScriptArray<T>.TryEvaluate) bypasses LoopLimit — incomplete fix for GHSA-c875-h985-hvrc, missed sibling of GHSA-24c8-4792-22hx

Summary The array multiplication operator array integer in Scriban allocates a result whose size is the product of the attacker-controlled integer and the array length, with no LoopLimit / LimitToString check and no overflow-safe arithmetic. A 40-byte template forces a multi-gigabyte allocation,...

5.8AI score
Exploits0References2Affected Software2
Github Security Blog
Github Security Blog
added 2026/06/26 9:1 p.m.6 views

nebula-mesh: Signed-poll nonce LRU is in-memory and bounded; replay survives restart + eviction

internal/api/pop/nonce.go:25,40,86 + internal/api/server.go:38 — the signed-poll nonce cache is an in-process LRU sized at 65,536 entries. internal/api/updates.go:31 sets pollClockSkew = 5 time.Minute as the replay window. Affected All released versions through v0.3.0 that have shipped the ADR 00...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 9:0 p.m.6 views

WebauthnAuthenticator leaks sensitive HTTP headers through INFO-level logs

Impact Webauthn\Bundle\Security\Http\Authenticator\WebauthnAuthenticator logs the full Symfony\Component\HttpFoundation\Request object inside the log context of both onAuthenticationSuccess and onAuthenticationFailure at INFO level: php $this-logger-info'User has been authenticated successfully...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 9:0 p.m.5 views

CakePHP: View::element() is missing a path containment check

Impact View::getElementFileName does not check that the resolved element path is within the application/plugin view template paths. When element names are created with specifically crafted user-supplied data this weakness can be leveraged to include other PHP files on the server. Patches Patched...

6.3CVSS5.8AI score0.00258EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 8:59 p.m.6 views

joserfc: b64=false RFC7797 JWS payloads bypass JWSRegistry payload-size limits during deserialization

RFC7797 b64=false JWS payloads bypass JWSRegistry payload-size limits during deserialization Summary Testing revealed that joserfc accepts oversized RFC7797 b64=false JWS payloads without applying JWSRegistry.maxpayloadlength. The normal JWS compact and flattened JSON paths reject payloads above...

5.3CVSS5.8AI score0.00163EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 8:56 p.m.6 views

better-helperjs Vulnerable to Directory Traversal via String Prefix Bypass in Static Server

Summary A directory traversal vulnerability exists in the production static file server of better-helperjs = 3.0.5. Attackers can read arbitrary files located in adjacent directory structures that share the same string prefix as the intended static root directory. Details The framework utilizes a...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 8:55 p.m.7 views

PHP Standard Library: HTTP/2 server-side missing content-length validation enables request smuggling

Impact Psl\H2\ServerConnection does not validate that the total bytes received in DATA frames match the content-length header declared in the HEADERS frame, in violation of RFC 9113 §8.1.1. A malicious client can: - Send more DATA bytes than declared, smuggling additional content past...

7.5CVSS5.8AI score0.00267EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2026/06/26 8:55 p.m.7 views

Muhammara has a NULL pointer dereference in LZWDecode filter when DecodeParms omits EarlyChange key

Summary A NULL pointer dereference vulnerability exists in PDFParser::CreateFilterForStream when processing a PDF stream with /Filter /LZWDecode and a /DecodeParms dictionary that does not contain the EarlyChange key. This causes an access violation 0xC0000005 and crashes the process. Affected...

5.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 8:54 p.m.11 views

Pterodactyl Panel: Client email change endpoint allows enumeration of accounts in system

Summary An unprotected user enumeration vulnerability exists in the account email update endpoint, allowing authenticated users to verify whether email addresses are registered on the panel through automated requests without rate limiting or CAPTCHA protection. Details The account settings page...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 8:53 p.m.8 views

Pterodactyl Wings: Chmod operation can be used to change permissions of files outside of the server container

In wings/internal/ufs/fsunix.go line 92-94, this function is defined and is used to change permissions of files in the server: go func fs UnixFS fchmodatop string, dirfd int, name string, mode FileMode error return ensurePathErrorunix.Fchmodatdirfd, name, uint32mode, 0, op, name This call to the...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 8:52 p.m.6 views

Flawfinder output manipulation via untrusted filenames and source text

Impact This vulnerability is an improper input neutralization issue leading to output manipulation, specifically, Terminal/ANSI Escape Sequence Injection and XML Injection: Terminal Output Spoofing: A malicious file whose name contains ANSI escape sequences can end up being included in flawfinder...

6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 8:51 p.m.5 views

python-socketio: Binary attachment accumulation can cause denial of service

Impact The python-socketio server stores binary EVENT and ACK messages in memory while it waits to receive their binary attachments. Once all the attachments are received, these messages are then processed. An attacker can submit a binary message and intentionally omit sending one or more of its...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 8:51 p.m.6 views

python-engineio has unbound thread allocation that can cause denial of service

Impact An attacker can cause the creation of unnecessary background threads in the python-engineio server by exploiting the heartbeat mechanism, which launches a thread when a new connection is received, and when the client sends a PONG packet. Note: this issue primarily affects synchronous...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 8:51 p.m.9 views

semantic-router exposed to compromised litellm wheel (CVE-2026-42208) via unbounded transitive pin

Impact semantic-router versions 0.1.8 through 0.1.14 declare litellm=1.61.3 with no upper bound. During the window in which litellm==1.82.8 was the latest release on PyPI, a fresh install of any affected semantic-router version could resolve to that compromised wheel. The malicious litellm==1.82....

9.8CVSS6.2AI score0.86607EPSS
Exploits7References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 8:48 p.m.5 views

python-engineio has possible denial of service due to maximum payload size sometimes not being enforced

Impact There are two specific configurations of the python-engineio server in which the size of incoming messages is not checked before the messages are loaded into memory. An attacker can take advantage of these to cause unnecessary memory allocations in the python-engineio server. The two cases...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 8:47 p.m.5 views

LinkifyIt#match scan loop has quadratic algorithmic complexity

Summary LinkifyIt.prototype.match — the package's primary public API — has ON² algorithmic complexity for inputs containing many fuzzy links or emails. This is not a regex backtrack bug; it's a structural issue in the JS-level scan loop that re-slices the input and re-runs unanchored regex search...

5.3CVSS5.8AI score0.02152EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 8:44 p.m.6 views

turso-cli persists Turso platform JWT with world-readable (0o644) file permissions

Summary turso-cli persists the user's Turso platform JWT to settings.json using Viper's default configPermissions of 0o644, leaving the credential file world-readable on standard Linux and macOS systems. Any other local UID on the host can read the file and recover the platform JWT, which grants...

5.6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 8:41 p.m.4 views

nono-py's policy JSON accepts unknown security fields

Summary nono-py policy handling could fail open in two ways. First, resolving a policy-derived ProxyConfig did not automatically enforce CapabilitySet.proxyonly, allowing sandboxed children to bypass a resolved domain allowlist by using direct network access. Second, policy JSON accepted unknown...

5.9AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 8:39 p.m.7 views

nono-py vulnerable to authorization bypass / policy confusion

The python API made a restrictive-looking configuration unsafe by default. A caller could configure only reverse- proxy credential routes, put the child in CapabilitySet.proxyonly, and reasonably expect network access to be limited to those routes. Instead, because empty allowedhosts meant...

5.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 8:34 p.m.8 views

Backpropagate: backprop ui --auth and backprop ui --share do not enforce authentication

Summary In backpropagate = 1.1.0, the optional Reflex web UI pip install backpropagateui, launched via backprop ui exposes a training control plane: dataset upload, model load, training start/stop, multi-run orchestration, GGUF export, and HuggingFace Hub push. The CLI accepts two operator-facing...

9.3CVSS6.1AI score0.00324EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/06/26 8:33 p.m.7 views

nono-py has proxy-only network fallback bypass on older Linux kernels

Summary On Linux kernels that do not support Landlock network rules, nonopy.sandboxedexec could run CapabilitySet.proxyonlyproxy without supervising the seccomp-notify proxy-only fallback returned by the Rust core. In that configuration, a sandboxed child process could remove HTTPPROXY / HTTPSPRO...

5.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 8:30 p.m.6 views

Fleet DM Vulnerable to Cross-Team Policy Data Exposure via Global Policy Read Endpoint

Summary The global policy read endpoint GET /api/latest/fleet/policies/policyid performs authorization against an empty fleet.Policy struct with nil TeamID, then fetches any policy by ID from the database without verifying the fetched policy actually belongs to the global scope. This allows a use...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 8:19 p.m.7 views

Hysteria: http large header with sniff cause server DoS

Summary Sending an excessively large header by an attacker could lead to a server-side DoS attack. Details The current sniff implementation does not explicitly specify the upper limit for HTTP headers. Attackers can continuously send excessively large headers without including \r\n\r\n, leading t...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 7:58 p.m.5 views

Hysteria vulnerable to server crash when max_datagram_frame_size very small

Summary An authenticated client can crash the Hysteria server by advertising a very small QUIC maxdatagramframesize and then triggering a UDP response from the server. When the server tries to send the UDP response back via QUIC DATAGRAM, quic-go returns DatagramTooLargeError. The server then...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 7:48 p.m.8 views

Hysteria has an authenticated UDP ACL bypass that enables localhost and private-network UDP SSRF

Summary Hysteria's UDP relay treats the destination address as packet-scoped, but ACL and outbound policy are applied only once when a new UDP session is created. After an authenticated client opens a UDP session using an allowed first destination, later packets in the same Session ID can be sent...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 7:47 p.m.9 views

@cyclonedx/cdxgen: Maven project scanning may allow shell command injection through repository-controlled module paths

Summary A command injection vulnerability existed in the Maven scanning flow of cdxgen before version 12.4.3. When cdxgen scanned an attacker-controlled Maven project, repository-controlled paths could be used in the Maven command construction. In affected versions, some Maven invocations were...

6.2AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 7:26 p.m.6 views

Remark42: Cross-Site Scripting (XSS) on /api/v1/img via content-type spoofing

Summary The remark42 image proxy fetches an arbitrary remote URL and re-serves the response from remark42's own origin. The download path decides whether the fetched resource is an image by looking only at the Content-Type header the remote server claims — it never inspects the actual bytes. The...

8.2CVSS7.5AI score0.00251EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 7:20 p.m.7 views

Apptainer has incorrect path matching for 'limit container paths' directive

Impact The limit container paths directive in apptainer.conf is intended to allow a system administrator limit the paths from which containers can be run, under setuid mode. Due to incorrect matching of a path string, sibling directories with similar names may incorrectly be allowed. For example,...

5.7AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 7:17 p.m.6 views

pydantic-ai: SSRF blocklist bypass via IPv4-compatible, SIIT/IVI, and local NAT64 IPv6 addresses (incomplete fix of CVE-2026-46678)

Summary When an application using Pydantic AI opts a URL into forcedownload='allow-local' which disables the default block on private/internal IPs and runs on a network that routes the affected IPv6 transition forms NAT64- or ISATAP-configured networks, the cloud-metadata blocklist could be...

6.8CVSS5.8AI score0.00332EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2026/06/26 7:13 p.m.9 views

Incus has an arbitrary file write on its client due to trusted image hash

Summary An arbitrary file write exists in the Incus client when a malicious image server returns a crafted Incus-Image-Hash header. This can lead to arbitrary command execution as root on the server. Details - cmd/incusd/images.go:611-684 handles source.type=url by HEADing the user-supplied URL,...

6.2AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 7:11 p.m.7 views

@sigstore/core has DSSE payloadType type-binding failure

Impact The preAuthEncoding function in @sigstore/core uses Node.js 'ascii' encoding when converting the PAE Pre-Authentication Encoding string to bytes. This allows payloadType to be mutated after signing without invalidating the signature, breaking the type-binding guarantee that DSSE is designe...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 7:7 p.m.12 views

Incus: CreateCustomVolumeFromBackup nil-pointer dereference on volume_snapshots[*].expires_at (sibling-field variant of GHSA-r7w7)

Summary backend.CreateCustomVolumeFromBackup in internal/server/storage/backend.go contains an unguarded time.Time dereference on the ExpiresAt field of every volume-snapshot entry in an imported custom-volume backup. An authenticated user with cancreatestoragevolumes permission on any project ca...

7.1CVSS5.8AI score0.00299EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 7:3 p.m.6 views

Incus has an argument injection in backup compression algorithm leading to AFW and ACE

Summary Improper validation of user-provided backup compression algorithm leads to argument injection in the constructed command line. This leads to an arbitrary file write on the host, possibly leading to arbitrary command execution. Details Incus validates compressionalgorithm by parsing it int...

6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 6:52 p.m.8 views

Incus: Nil-pointer dereference in createDependentVolumesFromBackup on disk.{Volume,VolumeSnapshots,Pool}

Summary backend.createDependentVolumesFromBackup in internal/server/storage/backend.go contains a cluster of unguarded pointer derefs on every dependent-volume entry's VolumeSnapshotsi, Volume, and Pool sub-fields. An authenticated user with cancreateinstances permission on any project can crash...

5.8AI score0.00025EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 6:47 p.m.7 views

Incus has an arbitrary file write via path traversal in S3 multipart upload

Summary The S3 protocol upload endpoint is vulnerable to path traversal and allows creation of arbitrary files on the host. This behavior could lead to arbitrary command execution. In internal/server/storage/s3/local/multipart.go, user-controlled upload ID is appended to the uploads directory...

6AI score0.00091EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 6:46 p.m.7 views

Incus has arbitrary file read+write on host via templates/ symlink in malicious image

Summary A specially crafted image or instance backup can be used to read or create/write arbitrary files on the host; possibly leading to arbitrary command execution. Details For container images, internal/server/storage/utils.go calls archive.UnpackimageFile, destPath, .... The tar extraction pa...

6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 6:33 p.m.7 views

Incus has a restricted project bypass leading to arbitrary command execution

Summary Instance snapshots ignore the restricted.containers.lowlevel=block setting; allowing for arbitrary command execution on the Incus server by abusing lowlevel hooks such as raw.lxc and raw.qemu. Details Instance snapshots ignore the restricted.containers.lowlevel=block setting; allowing for...

6.2AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/26 6:32 p.m.7 views

Incus has an arbitrary file write on host via `exec-output` symlink in crafted image

Summary The record-output parameter of the /instances/$name/exec endpoint stores the output of the command in the exec-output directory of the instance. If exec-output is a symlink, file named execUUID.stdout and execUUID.stderr can be written to an arbitrary location where the .stdout file will...

6AI score
Exploits0References2Affected Software1
Total number of security vulnerabilities33122