Lucene search
K
GithubRecent

33181 matches found

Github Security Blog
Github Security Blog
added 2026/04/01 12:24 a.m.8 views

YesWiki has Multiple Reflected Cross-site Scripting Vulnerabilities

Summary Multiple reflected Cross-site Scripting XSS vulnerabilities across both authenticated and unauthenticated portions of the application. These findings present a significant security risk, as they can be leveraged to execute arbitrary JavaScript in a victim’s browser under various contexts...

6.6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/01 12:23 a.m.6 views

@tinacms/graphql's Media Endpoints Can Escape the Media Root via Symlinks or Junctions

Summary @tinacms/cli recently added lexical path-traversal checks to the dev media routes, but the implementation still validates only the path string and does not resolve symlink or junction targets. If a link already exists under the media root, Tina accepts a path like...

8.3CVSS5.8AI score0.00408EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/01 12:19 a.m.10 views

xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion

Summary @xmldom/xmldom allows attacker-controlled strings containing the CDATA terminator to be inserted into a CDATASection node. During serialization, XMLSerializer emitted the CDATA content verbatim without rejecting or safely splitting the terminator. As a result, data intended to remain...

7.5CVSS5.4AI score0.00472EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2026/04/01 12:14 a.m.16 views

Ash.Type.Module.cast_input/2 atom exhaustion via unchecked Module.concat allows BEAM VM crash

Summary Ash.Type.Module.castinput/2 unconditionally creates a new Erlang atom via Module.concatvalue for any user-supplied binary string that starts with "Elixir.", before verifying whether the referenced module exists. Because Erlang atoms are never garbage-collected and the BEAM atom table has ...

8.2CVSS6AI score0.00423EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/01 12:13 a.m.11 views

YesWiki has Persistent Blind XSS at "/?BazaR&vue=consulter"

Summary A stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication via a form title that is saved in the backend database. When any user visits that injected page, the JavaScript payload gets executed. Type: Stored an...

7.1CVSS6AI score0.00213EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/01 12:10 a.m.5 views

CI4MS: Permissions Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

Summary Vulnerability: Stored DOM XSS via Group / Role Management Fields Administrative Context Execution - Stored Cross-Site Scripting via Unsanitized Group / Role Management Inputs Description The application fails to properly sanitize user-controlled input within group and role management...

9.1CVSS6AI score0.00307EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/01 12:9 a.m.11 views

CI4MS: Methods Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

Summary Vulnerability: Stored DOM XSS via Methods Management Fields Global Persistent Payload Execution - Stored Cross-Site Scripting via Unsanitized Method Creation and Management Inputs - Automatic Execution Across All Pages Where Method Is Rendered in Navigation Description The application fai...

9.1CVSS6.3AI score0.00307EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/01 12:7 a.m.8 views

Parse Server has a LiveQuery protected-field guard bypass via array-like logical operator value

Impact An authenticated user with find class-level permission can bypass the protectedFields class-level permission setting on LiveQuery subscriptions. By sending a subscription with a $or, $and, or $nor operator value as a plain object with numeric keys and a length property an "array-like" obje...

5.3CVSS5.9AI score0.00251EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/01 12:5 a.m.8 views

SiYuan Desktop: Stored XSS in imported .sy.zip content leads to arbitrary command execution

Summary A vulnerability allows crafted block attribute values to bypass server-side attribute escaping when an HTML entity is mixed with raw special characters. An attacker can embed a malicious IAL value inside a .sy document, package it as a .sy.zip, and have the victim import it through the...

8.6CVSS6.7AI score0.00343EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/01 12:3 a.m.11 views

TorchGeo Remote Code Execution Vulnerability

Impact TorchGeo 0.4–0.6.0 used an eval statement in its model weight API that could allow an unauthenticated, remote attacker to execute arbitrary commands. All platforms that expose torchgeo.models.getweight or torchgeo.trainers as an external API could be affected. Patches The eval statement wa...

8.1CVSS6.2AI score0.01221EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/01 12:3 a.m.10 views

Parse Server has a session field immutability bypass via falsy-value guard

Impact An authenticated user can bypass the immutability guard on session fields expiresAt, createdWith by sending a null value in a PUT request to the session update endpoint. This allows nullifying the session expiry, making the session valid indefinitely and bypassing configured session length...

5.4CVSS5.9AI score0.0021EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/01 12:2 a.m.11 views

OpenClaw has a CWD `.env` environment variable injection which bypasses host-env policy and allows config takeover

Summary OpenClaw loaded the current working directory .env before trusted state-dir configuration, allowing untrusted workspace state to inject host environment values. Impact A repository or workspace containing a malicious .env file could override runtime configuration and security-sensitive...

8.6CVSS5.9AI score0.0013EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/01 12:2 a.m.14 views

OpenClaw gateway exec allow-always over-trusts positional carrier executables

Summary Allow-always persistence could trust wrapper carrier executables instead of the actual invoked target when commands were routed through dispatch wrappers. Impact A one-time approval could persist a broader future allowlist entry than the operator intended, weakening execution approval...

7.3CVSS6.1AI score0.00124EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/01 12:1 a.m.10 views

OpenClaw affected by SSRF via unguarded image download in fal provider

Summary The fal provider used raw fetches for both provider API traffic and returned image download URLs instead of the existing SSRF-guarded fetch path. Impact A malicious or compromised fal relay could make the gateway fetch internal URLs and expose metadata or internal service responses throug...

8.3CVSS5.9AI score0.00227EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/01 12:1 a.m.12 views

OpenClaw: Google Chat and Zalouser group sender allowlist bypass via policy downgrade

Summary When only a route-level group allowlist was configured, sender policy resolution silently downgraded from allowlist to open instead of preserving the configured group policy. Impact Any member of an allowlisted Google Chat space or Zalouser group could interact with the bot even when the...

5.3CVSS5.9AI score0.00297EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/01 12:0 a.m.8 views

OpenClaw Gateway `operator.write` can reach admin-only session reset via `chat.send` `/reset`

Summary The chat.send path reused command authorization to trigger /reset session rotation even though direct session reset is an admin-only control-plane operation. Impact A write-scoped gateway caller could rotate a target session, archive the prior transcript state, and force a new session id...

5.9AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/01 12:0 a.m.11 views

OpenClaw: node.pair.approve missing callerScopes validation allows low-privilege operator to approve malicious nodes

Summary The node pairing approval path did not consistently enforce that the approving caller already held every scope requested by the node. Impact A lower-privileged operator could approve a pending node request for broader scopes and extend privileges onto the paired node. Affected Component...

8.6CVSS5.9AI score0.00379EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/31 11:59 p.m.15 views

OpenClaw has a gateway exec allowlist allow-always bypass via unregistered /usr/bin/script wrapper

Summary Allow-always persistence did not unwrap /usr/bin/script and similar wrappers to the actual executed target before storing trust decisions. Impact A user approval for one wrapped command could persist trust for a wrapper binary that later executed a different underlying program. Affected...

7.3CVSS5.9AI score0.00117EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/31 11:59 p.m.11 views

OpenClaw's incomplete host env sanitization blocklist allows supply-chain redirection via package-manager env overrides

Summary Host exec env override sanitization did not fail closed for several package-manager and related redirect variables that can steer dependency fetches or startup behavior. Impact An approved exec request could silently redirect package resolution or runtime bootstrap to attacker-controlled...

8.5CVSS6AI score0.00241EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/31 11:59 p.m.15 views

OpenClaw's Nextcloud Talk webhook missing rate limiting on shared secret authentication

Summary Nextcloud Talk webhook signature failures were not throttled even though the integration relies on an operator-configured shared secret that may be weak. Impact An attacker who could reach the webhook endpoint could brute-force weak secrets online and then forge inbound webhook events...

6.5CVSS5.8AI score0.00365EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/31 11:58 p.m.10 views

OpenClaw SSRF guard misses four IPv6 special-use ranges

Summary The SSRF/IP classifier treated several IPv6 special-use ranges as public and allowed fetches to proceed. Impact An attacker who controlled a fetched URL could target internal or non-routable IPv6 addresses that should have been blocked by the SSRF guard. Affected Component...

5.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/31 11:58 p.m.11 views

OpenClaw's Discord component interaction ingress skips guild/channel policy enforcement

Summary Discord button and component interaction ingress did not consistently reapply the same guild and channel policy gates used for normal inbound messages. Impact Users could trigger privileged component actions from contexts that should have been blocked by Discord channel policy. Affected...

5.8AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/31 11:57 p.m.15 views

OpenClaw: Gateway chat.send ACP-only provenance guard could be bypassed by client identity spoofing

Summary ACP-only provenance fields in chat.send were gated by self-declared client metadata from the WebSocket handshake rather than verified authorization state. Impact A normal authenticated operator client could spoof ACP identity labels and inject reserved provenance fields intended only for...

7.1CVSS5.8AI score0.00203EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/31 11:57 p.m.10 views

OpenClaw: Gateway `operator.write` can reach admin-only persisted `verboseLevel` via `chat.send` `/verbose`

Summary The chat.send path let authorized write-scoped callers persist /verbose session overrides even though the same stored session mutation is admin-only through sessions.patch. Impact A write-scoped gateway caller could persist verbose output for later runs and expose more reasoning or tool...

8.8CVSS5.9AI score0.00209EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/31 11:57 p.m.6 views

OpenClaw host-env blocklist missing `GIT_TEMPLATE_DIR` and `AWS_CONFIG_FILE` allows code execution via env override

Summary Host execution env sanitization did not block GITTEMPLATEDIR or AWSCONFIGFILE, even though both can redirect trusted tooling to attacker-controlled content. Impact An approved exec request could redirect git or AWS CLI behavior through attacker-controlled configuration and execute untrust...

5.8CVSS6.2AI score0.00105EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/31 11:56 p.m.6 views

OpenClaw safeBins jq `$ENV` filter bypass allows environment variable disclosure

Summary The jq safe-bin policy blocked explicit env usage but still allowed jq programs that accessed environment data through $ENV. Impact An operator-approved safe-bin jq command could disclose environment variables that the safe-bin policy was supposed to keep out of scope. Affected Component...

5.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/31 11:54 p.m.5 views

OpenClaw's message tool media parameter bypasses tool policy filesystem isolation

Summary The message tool accepted mediaUrl and fileUrl aliases without applying the same sandbox localRoots validation as the canonical media path handling. Impact A caller constrained to sandbox media roots could read arbitrary local files by routing them through the alias parameters. Affected...

8.6CVSS6AI score0.00555EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/31 11:54 p.m.12 views

OpenClaw: Gateway WebSocket Denial of Service via unbounded pre-auth upgrades

Summary The gateway accepted unbounded concurrent unauthenticated WebSocket upgrades before allocating them to an authenticated session budget. Impact An unauthenticated network attacker could consume socket and worker capacity and disrupt WebSocket availability for legitimate clients. Affected...

8.7CVSS5.9AI score0.00318EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/31 11:53 p.m.14 views

OpenClaw: Feishu extension resolveUploadInput bypasses file-system sandbox and allows arbitrary file reads via upload_image

Summary Feishu upload path resolution could read files outside the configured localRoots sandbox before handing them to the upload path. Impact A tool caller constrained to workspace or localRoots paths could exfiltrate arbitrary host files through Feishu upload actions. Affected Component...

6.5CVSS6AI score0.00339EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/31 11:52 p.m.15 views

OpenClaw: Discord text `/approve` bypasses `channels.discord.execApprovals.approvers` and allows non-approvers to resolve pending exec approvals

Summary Discord text approval commands resolved pending exec approvals without honoring the configured approver allowlist. Impact A Discord user who was allowed to send commands but was not in the approver list could still approve pending host execution. Affected Component...

8.8CVSS5.9AI score0.00407EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/31 11:52 p.m.7 views

OpenClaw's device removal and token revocation do not terminate active WebSocket sessions

Summary Removing a device or revoking its token updated stored credentials but did not disconnect already-authenticated WebSocket sessions. Impact A revoked device could continue using its existing live session until reconnect, extending access beyond credential removal. Affected Component...

8.6CVSS5.9AI score0.00332EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/31 11:51 p.m.6 views

OpenClaw: CLI Remote Onboarding Persists Unauthenticated Discovery Endpoint and Exfiltrates Gateway Credentials

Summary Remote onboarding accepted discovered gateway endpoints without an explicit trust confirmation before persisting the remote URL and connection details. Impact A malicious or spoofed discovery endpoint could steer onboarding toward an attacker-controlled gateway and capture future gateway...

8.1CVSS5.9AI score0.00126EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/31 11:50 p.m.11 views

OpenClaw: Zalo channel downloads media before sender authorization

Summary The Zalo image path fetched and stored inbound media before the DM/pairing authorization checks ran. Impact Unauthorized senders could force network fetches and disk writes in the inbound media store even when the message itself was rejected. Affected Component...

6.9CVSS5.9AI score0.00355EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/31 11:50 p.m.13 views

OpenClaw: /pair approve command path omitted caller scope subsetting and reopened device pairing escalation

Summary The /pair approve command path called device approval without forwarding caller scopes into the core approval check. Impact A caller that held pairing privileges but not admin privileges could approve a pending device request asking for broader scopes, including admin access. Affected...

9.9CVSS5.9AI score0.00624EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/31 11:50 p.m.12 views

OpenClaw: Voice-call Plivo V3 webhook replay key uses unsorted URL, allowing replay via query-parameter reordering

Summary Plivo V3 signature verification canonicalized query ordering, but replay detection hashed the raw verification URL. Reordering query parameters preserved a valid signature while producing a fresh replay-cache key. Impact An attacker who captured one valid signed Plivo V3 webhook could...

8.2CVSS5.9AI score0.00149EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/31 11:49 p.m.7 views

parse-server has GraphQL complexity validator exponential fragment traversal DoS

Impact The GraphQL query complexity validator can be exploited to cause a denial-of-service by sending a crafted query with binary fan-out fragment spreads. A single unauthenticated request can block the Node.js event loop for seconds, denying service to all concurrent users. This only affects...

8.2CVSS5.9AI score0.00463EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/31 11:48 p.m.5 views

parse-server has cloud function validator bypass via prototype chain traversal

Impact An attacker can bypass Cloud Function validator access controls by appending .prototype.constructor to the function name in the URL. When a Cloud Function handler is declared using the function keyword and its validator is a plain object or arrow function, the trigger store traversal...

9.1CVSS5.9AI score0.00277EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/31 11:48 p.m.9 views

Flask-HTTPAuth invokes token verification callback when missing or empty token was given by client

Summary In a situation where the client makes a request to a token protected resource without passing a token, or passing an empty token, Flask-HTTPAuth would invoke the application's token verification callback function with the token argument set to an empty string. If the application had any...

8.2CVSS5.9AI score0.00324EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/31 11:45 p.m.6 views

File Browser vulnerable to Stored Cross-site Scripting via text/template branding injection

Summary The SPA index page in File Browser is vulnerable to Stored Cross-site Scripting XSS via admin-controlled branding fields. An admin who sets branding.name to a malicious payload injects persistent JavaScript that executes for ALL visitors, including unauthenticated users. Details...

6.9CVSS6AI score0.00356EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/31 11:44 p.m.8 views

File Browser's Signup Grants Execution Permissions When Default Permissions Includes Execution

Summary The signupHandler in File Browser applies default user permissions via d.settings.Defaults.Applyuser, then strips only Admin commit a63573b. The Execute permission and Commands list from the default user template are not stripped. When an administrator has enabled signup, server-side...

9.8CVSS6.7AI score0.00654EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/31 11:44 p.m.8 views

File Browser is vulnerable to Stored Cross-site Scripting via crafted EPUB file

Summary The EPUB preview function in File Browser is vulnerable to Stored Cross-site Scripting XSS. JavaScript embedded in a crafted EPUB file executes in the victim's browser when they preview the file. Details frontend/src/views/files/Preview.vue passes allowScriptedContent: true to the...

9CVSS6.2AI score0.00321EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/31 11:43 p.m.13 views

openssl-encrypt silently skips schema validation when jsonschema library is not installed

Summary In opensslencrypt/modules/jsonvalidator.py at lines 234-238, when the jsonschema library is not installed, all schema validation is silently skipped with only a print warning. Affected Code python if not JSONSCHEMAAVAILABLE: printf"Warning: Cannot validate against schema 'schemaname' -...

5.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/31 11:43 p.m.7 views

openssl-encrypt has non-cryptographic PRNG used for steganography pixel selection

Summary The generatepseudorandomsequence function in opensslencrypt/plugins/steganography/core/utils.py at lines 89-91 uses Python's random module Mersenne Twister for steganographic pixel/sample selection. Affected Code python random.seedseed sequence = random.samplerangemaxvalue, minlength,...

5.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/31 11:42 p.m.8 views

openssl-encrypt has visible password in process list via --password CLI argument

Summary Passwords passed via the --password / -p CLI argument in opensslencrypt/modules/cryptclisubparser.py at lines 150-154 are visible to any user on the system via ps aux or /proc/pid/cmdline. Affected Code python subparser.addargument "--password", "-p", help="Password will prompt if not...

5.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/31 11:41 p.m.7 views

openssl-encrypt: TOTP rate limiter is in-memory only — not shared across workers, lost on restart

Severity: HIGH Summary The TOTP brute-force rate limiter in opensslencryptserver/modules/pepper/totp.py at lines 47-98 uses an in-memory defaultdictlist as a class variable. Affected Code python class TOTPRateLimiter: def initself, ...: self.attempts: Dictstr, Listdatetime = defaultdictlist...

5.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/31 11:31 p.m.7 views

openssl-encrypt: Dynamic .so loading for Whirlpool uses broad glob pattern without integrity verification

Severity: HIGH Summary The Whirlpool hash implementation in opensslencrypt/modules/registry/hashregistry.py at lines 570-589 uses glob patterns to find .so modules in site-packages and loads the first match via importlib without verifying module integrity. Affected Code python for sitepkg in...

5.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/31 11:30 p.m.7 views

SiYuan: Unauthenticated Access to Password-Protected Bookmarks via /api/bookmark/getBookmark

Summary The publish service exposes bookmarked blocks from password-protected documents to unauthenticated visitors. In publish/read-only mode, /api/bookmark/getBookmark filters bookmark results by calling FilterBlocksByPublishAccessnil, .... Because the filter treats a nil context as authorized,...

7.5CVSS5.9AI score0.01227EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/31 11:29 p.m.8 views

SiYuan is Vulnerable to Cross-Origin RCE via Permissive CORS Policy and JavaScript Snippet Injection

Summary A malicious website can achieve Remote Code Execution RCE on any desktop running SiYuan by exploiting the permissive CORS policy Access-Control-Allow-Origin: + Access-Control-Allow-Private-Network: true to inject a JavaScript snippet via the API. The injected snippet executes in Electron'...

9.6CVSS6.3AI score0.00499EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/31 11:28 p.m.11 views

SiYuan: Stored XSS in Attribute View Gallery/Kanban Cover Rendering Allows Arbitrary Command Execution in Desktop Client

Summary An attacker who can place a malicious URL in an Attribute View mAsse field can trigger stored XSS when a victim opens the Gallery or Kanban view with “Cover From - Asset Field” enabled. The vulnerable code accepts arbitrary https URLs without extensions as images, stores the...

9CVSS6.7AI score0.00489EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/31 11:27 p.m.19 views

Nuxt OG Image is vulnerable to reflected XSS via query parameter injection into HTML attributes

Product: Nuxt OG Image Version: 6.1.2 CWE-ID: CWE-79: Improper Neutralization of Input During Web Page Generation Description: Incorrect parsing of GET parameters leads to the possibility of HTML injection and JavaScript code injection. Impact: Client-Side JavaScript Execution Exploitation...

6.1CVSS6AI score0.00216EPSS
Exploits1References3Affected Software1
Total number of security vulnerabilities33181