33187 matches found
path-to-regexp vulnerable to Regular Expression Denial of Service via multiple wildcards
Impact When using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is vulnerable to ReDoS. This backtracking vulnerability requires the second wildcard to be somewhere other than the end of the path. Unsafe examples: /foo-bar-:baz /a-:b-c-:d...
path-to-regexp vulnerable to Denial of Service via sequential optional groups
Impact A bad regular expression is generated any time you have multiple sequential optional groups curly brace syntax, such as abc:z. The generated regex grows exponentially with the number of groups, causing denial of service. Patches Fixed in version 8.4.0. Workarounds Limit the number of...
AWS SDK for .NET: Improper escaping of special characters in CloudFront policy document construction
Summary This notification is related to the CloudFront signing utilities in the AWS SDK for .NET, which are used to generate Amazon CloudFront signed URLs and signed cookies. A defense-in-depth enhancement has been implemented to improve handling of special characters, such as double quotes and...
Withdrawn Advisory: Kirby CMS has Persistent DoS via Malformed Image Upload
Duplicate Advisory This advisory has been withdrawn because it is been determined to not be a vulnerability. This link is maintained to preserve external references. Original Description Summary Kirby CMS through version 5.1.4 allows an authenticated user with Editor permissions to cause a...
Zebra node crash — V5 transaction hash panic (P2P reachable)
--- Remote Denial of Service via Crafted V5 Transactions Summary A vulnerability in Zebra's transaction processing logic allows a remote, unauthenticated attacker to cause a Zebra node to panic crash. This is triggered by sending a specially crafted V5 transaction that passes initial...
Giskard Agents have Server-side template injection via ChatWorkflow.chat() using non-sandboxed Jinja2 Environment
Summary ChatWorkflow.chatmessage passes its string argument directly as a Jinja2 template source to a non-sandboxed Environment. A developer who passes user input to this method enables full remote code execution via Jinja2 class traversal. The method name chat and parameter name message naturall...
AWS SDK for Java 2.0: Improper Handling of Special Characters in CloudFront Signing Utilities
Summary This notification is related to the CloudFront signing utilities in the AWS SDK for Java v2, which are used to generate Amazon CloudFront signed URLs and signed cookies. A defense-in-depth enhancement has been implemented to improve handling of special characters, such as double quotes an...
DOMPurify is vulnerable to mutation-XSS via Re-Contextualization
Description A mutation-XSS mXSS condition was confirmed when sanitized HTML is reinserted into a new parsing context using innerHTML and special wrappers. The vulnerable wrappers confirmed in browser behavior are script, xmp, iframe, noembed, noframes, and noscript. The payload remains seemingly...
Traefik Vulnerable to BasicAuth/DigestAuth Identity Spoofing via Non-Canonical headerField
Summary There is a potential vulnerability in Traefik's Basic and Digest authentication middlewares when headerField is configured with a non-canonical HTTP header name. An authenticated attacker with valid credentials can inject the canonical version of the configured header to impersonate any...
Home Assistant has stored XSS in history-graphs
Summary The "remaining charge time"-sensor for mobile phones imported/included from Android Auto it appears is vulnerable to the same issue as CVE-2025-62172. This also indicates that any sensor showing their name in the history-graph, is likely to be vulnerable to this issue. Details Another...
Home Assistant has stored XSS in Map-card through malicious device name
Summary An authenticated party can add a malicious name to their device entity, allowing for Cross-Site Scripting attacks against anyone who can see a dashboard with a Map-card which includes that entity. It requires that the victim hovers over an information point The lines or the dots...
Flannel has cross-node remote code execution via extension backend BackendData injection
Background The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. This backend uses shell commands stored in Kubernetes annotations to configure network connectivity on the node. Note: consumers are only affected by this vulnerabili...
A Fleet team maintainer can transfer hosts from any team via missing source team authorization
Summary A broken access control vulnerability in Fleet's host transfer API allows a team maintainer to transfer hosts from any team into their own team, bypassing team isolation boundaries. Once transferred, the attacker gains full control over the stolen hosts, including the ability to execute...
path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters
Impact A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two parameter...
Clerk: SSRF in the opt-in clerkFrontendApiProxy feature may leak secret keys to unintended host
Summary The clerkFrontendApiProxy function in @clerk/backend is vulnerable to Server-Side Request Forgery SSRF. An unauthenticated attacker can craft a request path that causes the proxy to send the application's Clerk-Secret-Key to an attacker-controlled server. Affected packages Only applicatio...
cryptography has incomplete DNS name constraint enforcement on peer names
Summary In versions of cryptography prior to 46.0.5, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography would allow a peer named bar.example.com to validate against a wildcard leaf...
AWS SDK for PHP has CloudFront Policy Document Injection via Special Characters
Summary This notification is related to the CloudFront signing utilities in the AWS SDK for PHP, which are used to generate Amazon CloudFront signed URLs and signed cookies. A defense-in-depth enhancement has been implemented to improve handling of special characters, such as double quotes and...
LangChain Core has Path Traversal vulnerabilites in legacy `load_prompt` functions
Summary Multiple functions in langchaincore.prompts.loading read files from paths embedded in deserialized config dicts without validating against directory traversal or absolute path injection. When an application passes user-influenced prompt configurations to loadprompt or loadpromptfromconfig...
Ruby LSP has arbitrary code execution through branch setting
Summary The rubyLsp.branch VS Code workspace setting was interpolated without sanitization into a generated Gemfile, allowing arbitrary Ruby code execution when a user opens a project containing a malicious .vscode/settings.json. Other editors that support workspace setting that get automatically...
Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check
Vulnerability IDOR in GET/PATCH/DELETE /api/v1/flow/flowid The readflow helper in src/backend/base/langflow/api/v1/flows.py branched on the AUTOLOGIN setting to decide whether to filter by userid. When AUTOLOGIN was False i.e., authentication was enabled, neither branch enforced an ownership chec...
act: actions/cache server allows malicious cache injection
act's built-in actions/cache server listens to connections on all interfaces and allows anyone who can connect to it — including someone anywhere on the internet — to create caches with arbitrary keys and retrieve all existing caches. If one can predict which cache keys will be used by local...
act: Unrestricted set-env and add-path command processing enables environment injection
Summary act unconditionally processes the deprecated ::set-env:: and ::add-path:: workflow commands, which GitHub Actions disabled in October 2020 CVE-2020-15228, GHSA-mfwh-5m23-j46w due to environment injection risks. When a workflow step echoes untrusted data to stdout, an attacker can inject...
@mobilenext/mobile-mcp alllows arbitrary file write via Path Traversal in mobile screen capture tools
Summary The @mobilenext/mobile-mcp server contains a Path Traversal vulnerability in the mobilesavescreenshot and mobilestartscreenrecording tools. The saveTo and output parameters were passed directly to filesystem operations without validation, allowing an attacker to write files outside the...
Changedetection.io Discloses Environment Variables via jq env Builtin in Include Filters
Summary The jq: and jqraw: include filter expressions allow use of the jq env builtin, which reads all process environment variables and stores them as the watch snapshot. An authenticated user or unauthenticated user when no password is set, the default can leak sensitive environment variables...
Azure Data Explorer MCP Server: KQL Injection in multiple tools allows MCP client to execute arbitrary Kusto queries
Summary adx-mcp-server ListDictstr, Any: client = getkustoclient query = f"tablename | getschema" ListDictstr, Any: client = getkustoclient query = f"tablename | sample samplesize" ListDictstr, Any: client = getkustoclient query = f".show table tablename details" -- KQL injection resultset =...
MCP Ruby SDK: Insufficient Session Binding Allows SSE Stream Hijacking via Session ID Replay
Summary The Ruby SDK's streamablehttptransport.rb implementation contains a session hijacking vulnerability. An attacker who obtains a valid session ID can completely hijack the victim's Server-Sent Events SSE stream and intercept all real-time data. Details Root Cause The StreamableHTTPTransport...
Saloon has insecure deserialization in AccessTokenAuthenticator
Impact Users of the OAuth2 utilities in Saloon, specifically the AccessTokenAuthenticator class. Patches Upgrade to Saloon v4+ Upgrade guide: https://docs.saloon.dev/upgrade/upgrading-from-v3-to-v4 Description The Saloon PHP library used PHP's unserialize in AccessTokenAuthenticator::unserialize ...
Hugging Face Smolagents has an Injection issue
A weakness has been identified in huggingface smolagents 1.25.0.dev0. This affects the function evaluateaugassign/evaluatecall/evaluatewith of the file src/smolagents/localpythonexecutor.py of the component Incomplete Fix CVE-2025-9959. This manipulation causes code injection. It is possible to...
Undertow is Vulnerable to HTTP Request/Response Smuggling
A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, can be exploited by a remote attacker to perform...
MLFlow allows Tracing + Assessments Access
In the latest version of mlflow/mlflow, when the basic-auth app is enabled, tracing and assessment endpoints are not protected by permission validators. This allows any authenticated user, including those with NOPERMISSIONS on the experiment, to read trace information and create assessments for...
Undertow is Vulnerable to HTTP Request/Response Smuggling
A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending \r\r\r as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer,...
Undertow is Vulnerable to HTTP Request/Response Smuggling
A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be exploited to launch request smuggling attacks,...
Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options
Summary The Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings — template file names and several CLI options — directly into the JavaScript it emits, without any escaping or sanitization. An attacker who can influence template filenames or CLI...
Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial
Summary A crafted object placed in the template context can bypass all conditional guards in resolvePartial and cause invokePartial to return undefined. The Handlebars runtime then treats the unresolved partial as a source that needs to be compiled, passing the crafted object to env.compile...
Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template Compilation
Summary When a Handlebars template contains decorator syntax referencing an unregistered decorator e.g. n, the compiled template calls lookupPropertydecorators, "n", which returns undefined. The runtime then immediately invokes the result as a function, causing an unhandled TypeError: ... is not ...
Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block
Summary The @partial-block special variable is stored in the template data context and is reachable and mutable from within a template via helpers that accept arbitrary objects. When a helper overwrites @partial-block with a crafted Handlebars AST, a subsequent invocation of @partial-block compil...
Handlebars.js has JavaScript Injection via AST Type Confusion
Summary Handlebars.compile accepts a pre-parsed AST object in addition to a template string. The value field of a NumberLiteral AST node is emitted directly into the generated JavaScript without quoting or sanitization. An attacker who can supply a crafted AST to compile can therefore inject and...
Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects
Impact What kind of vulnerability is it? It is a Denial of Service DoS vulnerability caused by CPU exhaustion. When serializing a specially crafted "array-like" object an object that inherits from Array.prototype but has a very large length property, the process enters an intensive loop that...
Fleet's unbounded request body read allows remote Denial of Service
Summary Fleet contained multiple unauthenticated HTTP endpoints that read request bodies without enforcing a size limit. An unauthenticated attacker could exploit this behavior by sending large or repeated HTTP payloads, causing excessive memory allocation and resulting in a denial-of-service DoS...
Fleet: Password reset tokens remain valid after password change for 24 hours
Summary A vulnerability in Fleet’s password management logic could allow previously issued password reset tokens to remain valid after a user changes their password. As a result, a stale password reset token could be reused to reset the account password even after a defensive password change...
n8n has XSS in its Credential Management Flow
Impact An authenticated user with permission to create and share credentials could craft a malicious OAuth2 credential containing a JavaScript URL in the Authorization URL field. If a victim opened the credential and interacted with the OAuth authorization button, the injected script would execut...
n8n has XSS in Chat Trigger Node through Custom CSS
Impact An authenticated user with permission to create or modify workflows could inject malicious JavaScript into the Custom CSS field of the Chat Trigger node. Due to a misconfiguration in the sanitize-html library, the sanitization could be bypassed, resulting in stored XSS on the public chat...
n8n: Authenticated XSS and Open Redirect via Form Node
Impact An authenticated user with permission to create or modify workflows could configure a Form Node with an unsanitized HTML description field or exploit an overly permissive iframe sandbox policy to perform stored cross-site scripting or redirect end users visiting the form to an arbitrary...
n8n has a Stored XSS Vulnerability in its Form Trigger
Impact An authenticated user with permission to create or modify workflows could exploit a flaw in the Form Trigger node's CSS sanitization to store a cross-site scripting XSS payload. The injected script executes persistently for every visitor of the published form, enabling form submission...
Dolibarr Core Discloses Sensitive Data via Authenticated Local File Inclusion in selectobject.php
Authenticated Local File Inclusion LFI via selectobject.php leading to sensitive data disclosure Target Dolibarr Core Tested on version 22.0.4 Summary A Local File Inclusion LFI vulnerability has been discovered in the core AJAX endpoint /core/ajax/selectobject.php. By manipulating the objectdesc...
pyLoad: Server-Side Request Forgery via Download Link Submission Enables Cloud Metadata Exfiltration
Summary PyLoad's download engine accepts arbitrary URLs without validation, enabling Server-Side Request Forgery SSRF attacks. An authenticated attacker can exploit this to access internal network services and exfiltrate cloud provider metadata. On DigitalOcean droplets, this exposes sensitive...
Locutus Prototype Pollution due to incomplete fix for CVE-2026-25521
Summary A prototype pollution vulnerability exists in the parsestr function of the npm package locutus. An attacker can pollute Object.prototype by overriding RegExp.prototype.test and then passing a crafted query string to parsestr, bypassing the prototype pollution guard. This vulnerability ste...
Locutus has Prototype Pollution via __proto__ Key Injection in unserialize()
Summary The unserialize function in locutus/php/var/unserialize assigns deserialized keys to plain objects via bracket notation without filtering the proto key. When a PHP serialized payload contains proto as an array or object key, JavaScript's proto setter is invoked, replacing the deserialized...
Express XSS Sanitizer: allowedTags/allowedAttributes bypass leads to permissive sanitization (XSS risk)
Description A vulnerability has been identified in express-xss-sanitizer , , , etc. and attributes e.g., href on . This behavior violates the expected API contract and may lead to security issues such as content injection or XSS, depending on how the sanitized output is used. Impact Developers...
Traefik has Knative Ingress Rule Injection that Allows Host Restriction Bypass
Summary There is a potential vulnerability in Traefik's Kubernetes Knative, Ingress, and Ingress-NGINX providers related to rule injection. User-controlled values are interpolated into backtick-delimited Traefik router rule expressions without escaping or validation. A malicious value containing ...