Lucene search
K
GithubRecent

33190 matches found

Github Security Blog
Github Security Blog
•added 2026/03/25 5:32 p.m.•10 views

@grackle-ai/server has a Missing Secure Flag on Session Cookie

Impact The session cookie is set with HttpOnly; SameSite=Lax; Path=/ but does not include the Secure flag. This means the cookie will be sent over plain HTTP connections. Since the server binds to 127.0.0.1 by default and uses HTTP not HTTPS, this is acceptable for localhost use. However, when...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/25 5:32 p.m.•8 views

@grackle-ai/server has Missing Content-Security-Policy and X-Frame-Options Headers

Impact The HTTP server does not set Content-Security-Policy, X-Frame-Options, or X-Content-Type-Options headers on any response. This reduces defense-in-depth against XSS, clickjacking, and MIME-sniffing attacks. While the current XSS attack surface is small React-markdown is configured safely, n...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/25 5:30 p.m.•9 views

@grackle-ai/powerline Runs Without Authentication by Default

Impact When --token is not provided and GRACKLEPOWERLINETOKEN is not set, the PowerLine gRPC server runs with zero authentication. A warning is logged "NO AUTH development only" but nothing prevents deployment in this state. Any client that can reach the PowerLine port can spawn agent sessions,...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/25 5:27 p.m.•13 views

@grackle-ai/server has Missing WebSocket Origin Header Validation

Impact The WebSocket upgrade handler in the server validates authentication API key token or session cookie but does not check the Origin header. A malicious webpage on a different origin could initiate a WebSocket connection to ws://localhost:3000/ws if it can leverage the user's session cookie...

5.7AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/25 5:23 p.m.•14 views

@grackle-ai/mcp has a workspace authorization bypass in its knowledge_search MCP tool

Impact The knowledgesearch and knowledgegetnode MCP tools are included in SCOPEDTOOLS visible to scoped agents but their handlers do not receive authContext and do not enforce workspace scoping. A scoped agent in Workspace A can supply an arbitrary workspaceId parameter to search or retrieve...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/25 5:15 p.m.•11 views

@grackle-ai/server: Unescaped Error String in renderPairingPage() HTML Template

Impact The renderPairingPage function embeds the error parameter directly into HTML without escaping: typescript const errorHtml = error ? $error : ""; All current call sites pass hardcoded strings, so this is not exploitable today. However, the function is architecturally fragile — if a future...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/25 5:7 p.m.•7 views

NATS: Pre-auth remote server crash via WebSocket frame length overflow in wsRead

Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. When using WebSockets, a malicious client can trigger a server crash with crafted frames, before authentication. Problem Description A missi...

7.5CVSS6.2AI score0.00582EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
•added 2026/03/25 5:3 p.m.•17 views

Modoboa has OS Command Injection

Summary execcmd in modoboa/lib/sysutils.py always runs subprocess calls with shell=True. Since domain names flow directly into shell command strings without any sanitization, a Reseller or SuperAdmin can include shell metacharacters in a domain name to run arbitrary OS commands on the server...

7.2CVSS6.1AI score0.00566EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/25 5:0 p.m.•6 views

n8n has In-Process Memory Disclosure in its Task Runner

Impact An authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buffers. Uninitialized buffers may contain residual data from the same Node.js process — including data from prior requests, tasks, secrets, or tokens —...

7.1CVSS5.7AI score0.00262EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/25 4:56 p.m.•4 views

Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function

Impact The requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker with write access to the temp directory could...

5.5CVSS5.8AI score0.00182EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/25 3:31 p.m.•7 views

pdf-image has an OS Command Injection Vulnerability through its pdfFilePath parameter

pdf-image npm package through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format to interpolate user-controlled file paths into shell command strings that are executed via...

9.8CVSS5.9AI score0.02493EPSS
Exploits4References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/25 2:25 p.m.•49 views

Two LiteLLM versions published containing credential harvesting malware

After an API Token exposure from an exploited trivy dependency, two new releases of litellm were uploaded to PyPI containing automatically activated malware, harvesting sensitive credentials and files, and exfiltrating to a remote API. Anyone who has installed and run the project should assume an...

5.8AI score
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/24 10:25 p.m.•11 views

Ech0 authenticated user-list exposed data via public `/api/allusers` endpoint

Summary A public access-control flaw allows unauthenticated users to retrieve the full user list from GET /api/allusers. This exposes user profile metadata to anyone who can reach the application and enables remote user enumeration. Details The vulnerable route is registered as a public endpoint:...

5.3CVSS5.9AI score0.00484EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/24 10:16 p.m.•15 views

Scriban has Multiple Denial-of-Service Vectors via Unbounded Resource Consumption During Expression Evaluation

Summary Scriban's expression evaluation contains three distinct code paths that allow an attacker who can supply a template to cause denial of service through unbounded memory allocation or CPU exhaustion. The existing safety controls LimitToString, LoopLimit do not protect these paths, giving...

6AI score
Exploits0References2Affected Software2
Github Security Blog
Github Security Blog
•added 2026/03/24 10:15 p.m.•9 views

Scriban: Denial of Service via Unbounded Cumulative Template Output Bypassing LimitToString

Summary The LimitToString safety limit default 1MB since commit b5ac4bf can be bypassed to allocate approximately 1GB of memory by exploiting the per-call reset of currentToStringLength in ObjectToString. Each template expression rendered through TemplateContext.WriteSourceSpan, object triggers a...

5.8AI score
Exploits0References2Affected Software2
Github Security Blog
Github Security Blog
•added 2026/03/24 10:15 p.m.•8 views

Scriban has Uncontrolled Recursion in `object.to_json` Causing Unrecoverable Process Crash via StackOverflowException

Summary The object.tojson builtin function in Scriban performs recursive JSON serialization via an internal WriteValue static local function that has no depth limit, no circular reference detection, and no stack overflow guard. A Scriban template containing a self-referencing object passed to...

5.9AI score
Exploits0References2Affected Software2
Github Security Blog
Github Security Blog
•added 2026/03/24 10:13 p.m.•7 views

Scriban: Uncontrolled Memory Allocation via string.pad_left/pad_right Allows Remote Denial of Service

Summary The built-in string.padleft and string.padright template functions in Scriban perform no validation on the width parameter, allowing a template expression to allocate arbitrarily large strings in a single call. When Scriban is exposed to untrusted template input — as in the official...

5.8AI score
Exploits0References2Affected Software2
Github Security Blog
Github Security Blog
•added 2026/03/24 10:13 p.m.•7 views

Scriban: Built-in operations bypass LoopLimit and delay cancellation, enabling Denial of Service

Summary Scriban's LoopLimit only applies to script loop statements, not to expensive iteration performed inside operators and builtins. An attacker can submit a single expression such as 1..1000000 | array.size and force large amounts of CPU work even when LoopLimit is set to a very small value...

6AI score
Exploits0References2Affected Software2
Github Security Blog
Github Security Blog
•added 2026/03/24 10:11 p.m.•8 views

Scriban: Sandbox escape due to TypedObjectAccessorcache bypassing MemberFilter after TemplateContext reuse

Summary TemplateContext caches type accessors by Type only, but those accessors are built using the current MemberFilter and MemberRenamer. When a TemplateContext is reused and the filter is tightened for a later render, Scriban still reuses the old accessor and continues exposing members that...

5.8AI score
Exploits0References2Affected Software2
Github Security Blog
Github Security Blog
•added 2026/03/24 10:9 p.m.•8 views

Scriban has an authorization bypass due to stale include cache surviving TemplateContext.Reset()

Summary TemplateContext.Reset claims that a TemplateContext can be reused safely on the same thread, but it does not clear CachedTemplates. If an application pools TemplateContext objects and uses an ITemplateLoader that resolves content per request, tenant, or user, a previously authorized inclu...

5.9AI score
Exploits0References2Affected Software2
Github Security Blog
Github Security Blog
•added 2026/03/24 10:6 p.m.•6 views

Scriban has a Stack Overflow via Nested Array Initializers That Bypass the ExpressionDepthLimit Fix

Summary StackOverflowException via nested array initializers bypasses ExpressionDepthLimit fix GHSA-wgh7-7m3c-fx25 Details The recent fix for GHSA-wgh7-7m3c-fx25 uncontrolled recursion in parser added ExpressionDepthLimit defaulting to 250. However, deeply nested array initializers ... recurse...

5.8AI score
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
•added 2026/03/24 9:51 p.m.•8 views

NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching

Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. One authentication model supported is mTLS, deriving the NATS client identity from properties of the TLS Client Certificate. Problem...

4.2CVSS5.8AI score0.00143EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
•added 2026/03/24 9:50 p.m.•13 views

NATS: Leafnode connections allow spoofing of Nats-Request-Info identity headers

Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The nats-server allows hub/spoke topologies using "leafnode" connections by other nats-servers. NATS messages can have headers. Problem...

6.4CVSS5.8AI score0.00143EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
•added 2026/03/24 9:50 p.m.•16 views

NATS Server: Incomplete Stripping of Nats-Request-Info Header Allows Identity Spoofing

Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The nats-server offers a Nats-Request-Info: message header, providing information about a request. Problem Description The NATS message head...

6.4CVSS5.8AI score0.00211EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
•added 2026/03/24 9:49 p.m.•5 views

NATS JetStream has an authorization bypass through its Management API

Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The persistent storage feature, JetStream, has a management API which has many features, amongst which are backup and restore. Problem...

4.9CVSS5.8AI score0.00306EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
•added 2026/03/24 9:46 p.m.•12 views

NATS is vulnerable to pre-auth DoS through WebSockets client service

Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The nats-server offers a WebSockets client service, used in deployments where browsers are the NATS clients. Problem Description A malicious...

7.5CVSS5.8AI score0.00532EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
•added 2026/03/24 9:45 p.m.•11 views

NATS has pre-auth server panic via leafnode handling

Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The nats-server allows hub/spoke topologies using "leafnode" connections by other nats-servers. Problem Description A client which can conne...

7.5CVSS5.8AI score0.00616EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
•added 2026/03/24 9:44 p.m.•6 views

NATS allows MQTT clients to bypass ACL checks

Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The nats-server provides an MQTT client interface. Problem Description When using ACLs on message subjects, these ACLs were not applied in t...

8.1CVSS5.8AI score0.00259EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
•added 2026/03/24 9:42 p.m.•8 views

NATS has MQTT plaintext password disclosure

Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The nats-server provides an MQTT client interface. Problem Description For MQTT deployments using usercodes/passwords: MQTT passwords are...

8.6CVSS5.8AI score0.00365EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
•added 2026/03/24 9:39 p.m.•7 views

NATS is vulnerable to MQTT hijacking via Client ID

Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The nats-server provides an MQTT client interface. Problem Description Sessions and Messages can by hijacked via MQTT Client ID malfeasance...

6.5CVSS5.8AI score0.0024EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/24 9:31 p.m.•26 views

NVIDIA NeMo Framework contains an RCE vulnerability in checkpoint loading

NVIDIA NeMo Framework contains a vulnerability in checkpoint loading where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering...

9.8CVSS6.1AI score0.00641EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/24 9:31 p.m.•7 views

NVIDIA NeMo Framework contains a vulnerability leading to Remote Code Execution

NVIDIA NeMo Framework contains a vulnerability where an attacker may cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering...

9.8CVSS6.1AI score0.00641EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/24 9:29 p.m.•23 views

NATS Server panic via malicious compression on leafnode port

Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. When configured to accept leafnode connections for a hub/spoke topology of multiple nats-servers, then the default configuration allows for...

7.5CVSS5.8AI score0.00658EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
•added 2026/03/24 8:44 p.m.•25 views

NATS credentials are exposed in monitoring port via command-line argv

Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The nats-server provides an optional monitoring port, which provides access to sensitive data. The nats-server can take certain configuratio...

7.5CVSS5.8AI score0.00414EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/24 8:40 p.m.•8 views

Invoice Ninja Denylist Bypass may Lead to Stored XSS via Invoice Line Items

Vulnerability Details Invoice line item descriptions in Invoice Ninja v5.13.0 bypass the XSS denylist filter, allowing stored XSS payloads to execute when invoices are rendered in the PDF preview or client portal. The line item description field was not passed through purify::clean before...

5.4CVSS5.9AI score0.00231EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/24 8:37 p.m.•19 views

NATS: Message tracing can be redirected to arbitrary subject

Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The nats-server supports telemetry on messages, using the per-message NATS headers. Problem Description A valid client which uses message...

4.3CVSS5.9AI score0.00228EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/24 8:17 p.m.•10 views

Parse Server exposes auth data via /users/me endpoint

Impact An authenticated user calling GET /users/me receives unsanitized auth data, including sensitive credentials such as MFA TOTP secrets and recovery codes. The endpoint internally uses master-level authentication for the session query, and the master context leaks through to the user data,...

7.1CVSS5.8AI score0.00378EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/24 7:48 p.m.•12 views

Parse Server: MFA recovery code single-use bypass via concurrent requests

Impact An attacker who obtains a user's password and a single MFA recovery code can reuse that recovery code an unlimited number of times by sending concurrent login requests. This defeats the single-use design of recovery codes. The attack requires the user's password, a valid recovery code, and...

2.7CVSS5.9AI score0.00175EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/24 7:47 p.m.•15 views

PinchTab: Unapplied Rate Limiting Middleware Allows Unbounded Brute-Force of API Token

Summary PinchTab v0.7.7 through v0.8.4 contain incomplete request-throttling protections for auth-checkable endpoints. In v0.7.7 through v0.8.3, a fully implemented RateLimitMiddleware existed in internal/handlers/middleware.go but was not inserted into the production HTTP handler chain, so...

6.5CVSS5.8AI score0.00308EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/24 7:46 p.m.•7 views

PinchTab: OS Command Injection via Profile Name in Windows Cleanup Routine Enables Arbitrary Command Execution

Summary PinchTab v0.8.4 contains a Windows-only command injection issue in the orphaned Chrome cleanup path. When an instance is stopped, the Windows cleanup routine builds a PowerShell -Command string using a needle derived from the profile path. In v0.8.4, that string interpolation escapes...

7.2CVSS6.7AI score0.02904EPSS
Exploits1References4Affected Software2
Github Security Blog
Github Security Blog
•added 2026/03/24 7:43 p.m.•5 views

A PinchTab Security Policy Bypass in /wait Allows Arbitrary JavaScript Execution

Summary PinchTab v0.8.3 through v0.8.5 allow arbitrary JavaScript execution through POST /wait and POST /tabs/id/wait when the request uses fn mode, even if security.allowEvaluate is disabled. POST /evaluate correctly enforces the security.allowEvaluate guard, which is disabled by default. Howeve...

8.8CVSS6.3AI score0.00512EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/24 7:33 p.m.•4 views

PinchTab: API Bearer Token Exposed in URL Query Parameter via Server Logs and Intermediary Systems

Summary PinchTab v0.7.8 through v0.8.3 accepted the API token from a token URL query parameter in addition to the Authorization header. When a valid API credential is sent in the URL, it can be exposed through request URIs recorded by intermediaries or client-side tooling, such as reverse proxy...

4.3CVSS5.8AI score0.00273EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/24 7:32 p.m.•14 views

PinchTab has Unauthenticated Blind SSRF in Task Scheduler via Unvalidated callbackUrl

Summary PinchTab v0.8.3 contains a server-side request forgery issue in the optional scheduler's webhook delivery path. When a task is submitted to POST /tasks with a user-controlled callbackUrl, the v0.8.3 scheduler sends an outbound HTTP POST to that URL when the task reaches a terminal state. ...

5.5CVSS5.9AI score0.00249EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/24 7:29 p.m.•9 views

Astro: Memory exhaustion DoS due to missing request body size limit in Server Islands

Summary Astro's Server Islands POST handler buffers and parses the full request body as JSON without enforcing a size limit. Because JSON.parse allocates a V8 heap object for every element in the input, a crafted payload of many small JSON objects achieves 15x memory amplification wire bytes to...

7.5CVSS5.9AI score0.0037EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/24 7:23 p.m.•21 views

MobSF has SQL Injection in its SQLite Database Viewer Utils

Description MobSF's readsqlite function in mobsf/MobSF/utils.py lines 542-566 uses Python string formatting % to construct SQL queries with table names read from a SQLite database's sqlitemaster table. When a security analyst uses MobSF to analyze a malicious mobile application containing a craft...

6.5CVSS6.2AI score0.00276EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/24 7:22 p.m.•10 views

JustHTML is vulnerable to XSS via code fence breakout in <pre> content

Summary tomarkdown is vulnerable when serializing attacker-controlled content. The handler emits a fixed three-backtick fenced code block, but writes decoded text content into that fence without choosing a delimiter longer than any backtick run inside the content. An attacker can place backticks...

5.9AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/24 7:18 p.m.•7 views

FileBrowser Quantum has Username Enumeration via Authentication Timing Side-Channel

Summary The /api/auth/login authentication endpoint does not execute in constant time. When a non-existent username is supplied, the server returns a 401/403 response almost immediately. When a valid username is provided, the server performs a bcrypt password comparison, causing a measurable dela...

5.9AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/24 7:13 p.m.•8 views

iCalendar has ICS injection via unsanitized URI property values

Summary .ics serialization does not properly sanitize URI property values, enabling ICS injection through attacker-controlled input, adding arbitrary calendar lines to the output. Details Icalendar::Values::Uri falls back to the raw input string when URI.parse fails and later serializes it with...

4.3CVSS5.9AI score0.00244EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/24 7:12 p.m.•9 views

Parse Server has SQL Injection through aggregate and distinct field names in PostgreSQL adapter

Impact An attacker with master key access can execute arbitrary SQL statements on the PostgreSQL database by injecting SQL metacharacters into field name parameters of the aggregate $group pipeline stage or the distinct operation. This allows privilege escalation from Parse Server application-lev...

8.6CVSS6.1AI score0.00452EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/24 7:11 p.m.•7 views

Parse Server: Denial of Service via unindexed database query for unconfigured auth providers

Impact An unauthenticated attacker can cause Denial of Service by sending authentication requests with arbitrary, unconfigured provider names. The server executes a database query for each unconfigured provider before rejecting the request, and since no database index exists for unconfigured...

8.7CVSS5.8AI score0.00406EPSS
Exploits0References7Affected Software1
Total number of security vulnerabilities33190