Lucene search
K
GithubRecent

33187 matches found

Github Security Blog
Github Security Blog
added 2026/03/27 5:43 p.m.24 views

Moby has AuthZ plugin bypass when provided oversized request bodies

Summary A security vulnerability has been detected that allows attackers to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being exploited is low. This is an incomplete fix for CVE-2024-41110. Impact If you don't use AuthZ plugins, you are not affecte...

8.8CVSS6.8AI score0.08123EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blog
added 2026/03/27 5:38 p.m.11 views

Moby has an Off-by-one error in its plugin privilege validation

Summary A security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a privilege set that differs from the one approved by the user...

8.4CVSS5.7AI score0.00387EPSS
Exploits0References6Affected Software3
Github Security Blog
Github Security Blog
added 2026/03/27 5:22 p.m.10 views

Incus has an abitrary file write through its systemd-creds options

Summary Incus instances have an option to provide credentials to systemd in the guest. For containers, this is handled through a shared directory. An attacker can use the name of a systemd credential to escape that directory and overwrite arbitrary files on the host system. This can in turn be us...

9.9CVSS6AI score0.00447EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/27 5:21 p.m.10 views

Local Incus UI web server vulnerable to nuthentication bypass

Summary The web server spawned by incus webui incorrectly validates the authentication token such that an invalid value will be accepted. Details incus webui runs a local web server on a random localhost port. For authentication, it provides the user with a URL containing an authentication token...

8.8CVSS6AI score0.00347EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/27 5:17 p.m.9 views

Incus vulnerable to arbitrary file read and write through pongo templates

Summary Instance template files can be used to cause arbitrary read or writes as root on the host server. Details Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to template files inside of the instance. This particular implementatio...

9.9CVSS6AI score0.00481EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/03/27 5:12 p.m.8 views

Incus vulnerable to denial of source through crafted bucket backup file

Summary A specially crafted storage bucket backup can be used by an user with access to Incus' storage bucket feature to crash the Incus daemon. Repeated use of this attack can be used to keep the server offline causing a denial of service of the control plane API. This does not impact any runnin...

6.5CVSS5.8AI score0.00385EPSS
Exploits1References5Affected Software2
Github Security Blog
Github Security Blog
added 2026/03/27 5:9 p.m.5 views

Incus vulnerable to local privilege escalation through VM screenshot path

Summary Incus provides an API to retrieve VM screenshots, that API relies on the use of a temporary file for QEMU to write the screenshot to which is then picked up and sent to the user prior to deletion. As Incus uses predictable paths under /tmp for this, an attacker with local access to the...

7.8CVSS5.8AI score0.0035EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/27 5:8 p.m.11 views

Incus does not verify combined fingerprint when downloading images from simplestreams servers

Summary A lack of validation of the image fingerprint when downloading from simplestreams image servers opens the door to image cache poisoning and under very narrow circumstances exposes other tenants to running attacker controlled images rather than the expected one. Details Incus image...

7.1CVSS5.8AI score0.0018EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/27 3:56 p.m.14 views

python-ecdsa: Denial of Service via improper DER length validation in crafted private keys

Summary An issue in the low-level DER parsing functions can cause unexpected exceptions to be raised from the public API functions. 1. ecdsa.der.removeoctetstring accepts truncated DER where the encoded length exceeds the available buffer. For example, an OCTET STRING that declares a length of 40...

5.3CVSS5.8AI score0.00476EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/27 3:47 p.m.8 views

Postiz has Multiple SSRF Vectors - Webhooks, RSS Feed, URL Loader

Summary Postiz has multiple SSRF vulnerabilities where user-provided URLs are fetched server-side without any IP validation or SSRF protection. Vulnerable Code 1. Webhook Send Endpoint Most Critical apps/backend/src/api/routes/webhooks.controller.ts lines 58-70: typescript async sendWebhook@Body...

6AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/27 3:46 p.m.20 views

Postiz App has a High-Severity SSRF Vulnerability via Next.js

Impact A successful SSRF attack allows an attacker to: - Bypass firewalls to scan and interact with internal network services/ports. - Access sensitive cloud metadata services e.g., AWS IMDS 169.254.169.254 to potentially leak instance credentials. - Pivot into the internal network environment...

7.5CVSS6.8AI score0.05453EPSS
Exploits3References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/27 3:42 p.m.8 views

TSPortal's Uncontrolled User Creation via Validation Side Effects Leads to Potential Denial of Service

Summary A flaw in TSPortal allowed attackers to create arbitrary user records in the database by abusing validation logic. While validation correctly rejected invalid usernames, a side effect within a validation rule caused user records to be created regardless of whether the request succeeded...

6.5CVSS5.8AI score0.00293EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/27 3:37 p.m.11 views

TSPortal: Any user can forge self-deletion requests for any account

Summary Conversion of empty strings to null allows disguising DPA reports as genuine self-deletion reports. Details Creating a DPA report about another user and leaving the evidence field empty causes that report to look like the reported user self-requested deletion of their data. Ingenuine repo...

8.4CVSS6AI score0.00262EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/27 3:35 p.m.13 views

Open WebUI's Insecure Direct Object Reference (IDOR) allows access to other users' memories

Summary Any authenticated user can read other users' private memories via /api/v1/retrieval/query/collection Details Vulnerability 1: Missing authorization in collection querying In backend/openwebui/routers/retrieval.py, the querycollectionhandler function accepts a list of collectionnames but...

4.3CVSS5.9AI score0.00253EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/27 3:35 p.m.6 views

Open WebUI has unauthorized deletion of knowledge files

Summary An access control check is missing when deleting a file from a knowledge base. The only check being done is that the user has write access to the knowledge base or is admin, but NOT that the file actually belongs to this knowledge base. It is thus possible to delete arbitrary files from...

8.1CVSS6AI score0.00252EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/27 3:34 p.m.7 views

Open WebUI's process_files_batch() endpoint missing ownership check, allows unauthorized file overwrite

Summary Any authenticated user can overwrite any file's content by ID through the POST /api/v1/retrieval/process/files/batch endpoint. The endpoint performs no ownership check, so a regular user with read access to a shared knowledge base can obtain file UUIDs via GET /api/v1/knowledge/id/files a...

7.1CVSS5.9AI score0.02858EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/27 3:30 p.m.6 views

Grafana public dashboards disclose all direct mode datasources

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve...

7.5CVSS5.8AI score0.00309EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/27 3:29 p.m.9 views

Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`

Summary An unsanitised filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a FileNotFoundError whose message — including the server's absolute DATADIR path — is returned verbatim in the HTTP 400 response body, confirming information...

4.3CVSS6AI score0.00427EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/27 3:27 p.m.34 views

vLLM has Hardcoded Trust Override in Model Files Enables RCE Despite Explicit User Opt-Out

Summary Two model implementation files hardcode trustremotecode=True when loading sub-components, bypassing the user's explicit --trust-remote-code=False security opt-out. This enables remote code execution via malicious model repositories even when the user has explicitly disabled remote code...

8.8CVSS6.6AI score0.01364EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/27 6:31 a.m.8 views

Spring AI Redis Store has TAG Field Query Injection Through Improper Neutralization of Special Characters

In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value for a TAG field, stringValue inserts the value directly into the @field:VALUE RediSearch TAG block without escaping characters. This issue affects Spring AI: from 1.0.0 before...

7.5CVSS5.9AI score0.0025EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/27 6:31 a.m.7 views

Spring AI: Insufficient Validation causes SSRF when processing multimodal messages with user-supplied URLs

Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery SSRF vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows an attacker to induce the server to issue HTTP requests...

8.6CVSS5.9AI score0.00353EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/27 6:31 a.m.8 views

Spring AI has a Cypher Injection vulnerability in Neo4jVectorFilterExpressionConverter

Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store, doKey embeds the key into a backtick-delimited...

7.5CVSS5.9AI score0.0025EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/27 6:31 a.m.6 views

Spring AI: SpEL injection is triggered when a user-supplied value is used as a filter expression key

In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and pass user-supplied input as a filter expression...

9.8CVSS6.1AI score0.00821EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/27 12:31 a.m.9 views

Grafana Tempo has Inadequate Encryption Strength

A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3. Grafana thanks williamgoodfellow for reporting this vulnerability...

7.5CVSS5.8AI score0.00155EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/26 10:27 p.m.8 views

C2C CI utils is vulnerable to DoS via pyasn dependency (CVE-2026-30922)

Pin vulnerable version of pyasn, see: See: https://github.com/advisories/GHSA-jr27-m4p2-rc6r...

7.5CVSS7.1AI score0.0058EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/26 10:26 p.m.116 views

Nodemailer has SMTP command injection due to unsanitized `envelope.size` parameter

Summary When a custom envelope object is passed to sendMail with a size property containing CRLF characters \r\n, the value is concatenated directly into the SMTP MAIL FROM command without sanitization. This allows injection of arbitrary SMTP commands, including RCPT TO — silently adding...

6.1AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/26 10:25 p.m.41 views

Harbor: LDAP password and OIDC secret are not redacted in the audit log

Impact Harbor write configuration payload to audit log when configuration change, the ldapsearchpassword and oidcclientsecret will be logged in the audit log without redacted Patches Harbor v2.15.0, v2.14.3, v2.13.5 Workarounds Disable audit log configure event in Harbor Web Console: Go to...

5.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/26 10:22 p.m.27 views

Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code

Summary A code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions inside export declarations in ES module scripts processed by happy-dom. The compiler directly interpolates unsanitized content...

9.8CVSS7.6AI score0.00788EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/26 10:20 p.m.32 views

Handlebars.js has Prototype Pollution Leading to XSS through Partial Template Injection

Summary resolvePartial in the Handlebars runtime resolves partial names via a plain property lookup on options.partials without guarding against prototype-chain traversal. When Object.prototype has been polluted with a string value whose key matches a partial reference in a template, the polluted...

4.7CVSS6.7AI score0.00276EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/26 10:19 p.m.19 views

Loofah has improper detection of disallowed URIs via `allowed_uri?`

Summary Loofah::HTML5::Scrub.alloweduri? does not correctly reject javascript: URIs when the scheme is split by HTML entity-encoded control characters such as carriage return, line feed, or tab. Details The alloweduri? method strips literal control characters before decoding HTML entities. Payloa...

5.6AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/26 10:15 p.m.6 views

Ella Core Panics during NAS Authentication Response/Failure with missing IEs

Summary Ella Core panics when processing Authentication Response and Authentication Failure NAS message missing IEs. Impact An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Fi...

6.5CVSS5.8AI score0.00236EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/26 10:14 p.m.7 views

Ella Core has Privilege Escalation via Database Restore by NetworkManager role

Summary The NetworkManager role was granted backup and restore permission. The restore endpoint accepted any valid SQLite file without verifying its contents. Impact A NetworkManager could replace the production database with a tampered copy to escalate to Admin, gaining access to user management...

7.2CVSS5.8AI score0.00388EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/26 10:13 p.m.8 views

Ella Core has a Denial of Service via SCTP connection cleanup deadlock

Summary A deadlock in the AMF's SCTP notification handler causes the entire AMF control plane to hang until the process is restarted. Impact An attacker with access to the N2 interface can cause Ella Core to hang, resulting in a denial of service for all subscribers. Fix Add deferred Radio cleanu...

6.5CVSS5.8AI score0.00165EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/26 10:11 p.m.7 views

Ella Core panics when processing a crafted NGAP LocationReport message

Summary Ella Core panics when processing a specially crafted NGAP LocationReport message. Impact An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. Fix Add guards in NGAP Location Report handler...

6.5CVSS5.8AI score0.00207EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/26 10:9 p.m.16 views

ImageMagick: META reader memory leak in the APP1JPEG input path

ImageMagick contains a memory leak in the META reader when processing the APP1JPEG input path...

5.8AI score
Exploits0References2Affected Software18
Github Security Blog
Github Security Blog
added 2026/03/26 10:9 p.m.6 views

ImageMagick has possible memory leak in ASHLAR coder when action fails

The ASHLAR coder leaks a temporary image when an action fails and that could result to an out of memory...

5.8AI score
Exploits0References2Affected Software18
Github Security Blog
Github Security Blog
added 2026/03/26 10:9 p.m.16 views

Apollo Router Core: Browser Bug Enables Bypass of XS-Search Prevention via Read-Only Cross-Site Request Forgery

Impact In a Cross-Site Request Forgery attack, untrusted web content causes browsers to send authenticated requests to web servers which use cookies for authentication. While the web content is prevented from reading the request's response due to the Cross-Origin Request Sharing CORS protocol, th...

5.9AI score
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/26 10:5 p.m.21 views

Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)

Summary pki.verifyCertificateChain does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the basicConstraints and keyUsage extensions. This allows any leaf certificate without these extensions to act as a CA and sign other certificates, which node-for...

9.1CVSS6.9AI score0.00348EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/26 10:4 p.m.8 views

Forge has signature forgery in Ed25519 due to missing S > L check

Summary Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order S = L. A valid signature and its S + L variant both verify in forge, while Node.js crypto.verify OpenSSL-backed rejects the S + L variant, as defined by the...

7.5CVSS6.7AI score0.00348EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/26 10:2 p.m.12 views

Forge has signature forgery in RSA-PKCS due to ASN.1 extra field

Summary RSASSA PKCS1 v1.5 signature verification accepts forged signatures for low public exponent keys e=3. Attackers can forge signatures by stuffing “garbage” bytes within the ASN structure in order to construct a signature that passes verification, enabling Bleichenbacher style forgery. This...

7.5CVSS6.7AI score0.00339EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/26 9:57 p.m.6 views

Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input

Summary A Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library. When modInverse is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachab...

7.5CVSS5.8AI score0.00596EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/26 9:53 p.m.6 views

Apollo Server: Browser bug allows for bypass of XS-Search (read-only Cross-Site Request Forgery) prevention

Impact In a Cross-Site Request Forgery attack, untrusted web content causes browsers to send authenticated requests to web servers which use cookies for authentication. While the web content is prevented from reading the request's response due to the Cross-Origin Request Sharing CORS protocol, an...

5.9AI score
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2026/03/26 9:49 p.m.12 views

OpenClaw: Symlink Traversal via IDENTITY.md appendFile in agents.create/update (Incomplete Fix for CVE-2026-32013)

Summary The patch for CVE-2026-32013 introduced symlink resolution and workspace boundary enforcement for agents.files.get and agents.files.set. However, two other handlers in the same file agents.create and agents.update still use raw fs.appendFile on the IDENTITY.md file without any symlink...

8.8CVSS6.5AI score0.00639EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/26 9:48 p.m.16 views

OpenClaw: Image Tool `tools.fs.workspaceOnly` Bypass via Sandbox Bridge Mounts

Summary The image tool did not fully honor the tools.fs.workspaceOnly filesystem boundary. In affected releases, image-path resolution could still traverse sandbox bridge mounts outside the workspace and read files from mounted directories that the other file tools would reject. Affected Packages...

6.5CVSS5.8AI score0.00286EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/26 9:46 p.m.4 views

OpenClaw's Conflicting Tool Identity Hints Bypass Dangerous-Tool Prompting

Summary ACP permission resolution trusted conflicting tool identity hints from rawInput and metadata, which could suppress dangerous-tool prompting. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

6.9CVSS5.8AI score0.00228EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/26 9:45 p.m.5 views

OpenClaw Bypasses DM Policy Separation via Synology Chat Webhook Path Collision

Summary Synology Chat multi-account configuration could collapse onto a shared webhook path, replacing route ownership and bypassing per-account DM policy separation. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

6.5CVSS5.8AI score0.00245EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/26 9:44 p.m.8 views

OpenClaw leaf subagents can bypass controlScope restrictions to send messages to child sessions

Summary Leaf subagents could still use the send action to message controlled child sessions even when their controlScope was narrower than children. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

5.3CVSS5.8AI score0.002EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/26 9:42 p.m.5 views

OpenClaw: Forwarding header spoofing bypasses gateway.trustedProxies origin detection

Summary When gateway.trustedProxies was configured, spoofed loopback hops in forwarding headers could be accepted as the client origin and weaken downstream auth and rate-limit decisions. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked:...

6.5CVSS5.8AI score0.00314EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/26 9:40 p.m.16 views

OpenClaw Gateway: RCE and Privilege Escalation from operator.pairing to operator.admin via device.pair.approve

Summary device.pair.approve allowed an operator.pairing approver to approve a pending device request for broader operator scopes than the approver actually held. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

8.8CVSS5.8AI score0.00458EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/26 9:37 p.m.9 views

OpenClaw: Google Chat app-url webhook auth accepted non-deployment add-on principals

Summary Google Chat app-url webhook verification accepted add-on principals outside the intended deployment binding. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2 630f1479c44f78484dfa21bb407cbe6f171dac87 - Latest published...

7.1CVSS5.8AI score0.00293EPSS
Exploits0References6Affected Software1
Total number of security vulnerabilities33187