Lucene search
K
GithubRecent

33225 matches found

Github Security Blog
Github Security Blog
added 2026/03/11 7:23 p.m.21 views

Shopware: Unauthenticated data extraction possible through store-api.order endpoint

Summary An insufficient check on the filter types for unauthenticated customers allows access to orders of other customers. This is part of the deepLinkCode support on the store-api.order endpoint. Details Data Exposure Depending on the order payload configuration, attackers may retrieve: -...

8.9CVSS5.8AI score0.00237EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2026/03/11 6:30 p.m.6 views

Keycloak: Improper Access Control Leading to MFA Deletion and Account Takeover in Keycloak Account REST API

A flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lower security level to perform sensitive actions intended only for higher-assurance sessions. Specifically, an attacker who has already obtained a victim’s password can delete the victim’s registered...

4.2CVSS5.8AI score0.00251EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 3:33 p.m.7 views

Anytype Heart's gRPC API client challenge verification can be bypassed on localhost

Impact The challenge-based authentication for the local gRPC client API can be bypassed, allowing an attacker to gain access without the 4-digit code. Affected components: - Anytype Desktop all platforms ≤ v0.48.2 - Anytype-CLI headless deployments ≤ v0.1.9 Not affected: - Anytype mobile apps iOS...

4.4CVSS5.8AI score0.00107EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2026/03/11 2:56 p.m.5 views

Craft CMS Vulnerable to Stored XSS via User Group Name in User Permissions Page

Summary A stored XSS vulnerability exists in the User Permissions page. The User Group name is rendered without proper HTML escaping in the permissions section, allowing an attacker to execute arbitrary JavaScript when another user views or edits a user's permissions. !NOTE This is a separate...

6AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 2:56 p.m.7 views

CraftCMS has an RCE vulnerability via relational conditionals in the control panel

A Remote Code Execution vulnerability exists in the Craft CMS 5 conditions system. The BaseElementSelectConditionRule::getElementIds method passes user-controlled string input through renderObjectTemplate -- an unsandboxed Twig rendering function with escaping disabled. Any authenticated Control...

9.3CVSS5.9AI score0.00665EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 2:55 p.m.7 views

Striae has a hash validation utility vulnerability

Summary A high-severity integrity bypass vulnerability existed in Striae's digital confirmation workflow prior to v3.0.0. Hash-only validation trusted manifest hash fields that could be modified together with package content, allowing tampered confirmation packages to pass integrity checks. Impac...

8.2CVSS5.8AI score0.00118EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 2:54 p.m.8 views

Umbraco Affected by Vertical Privilege Escalation via Missing Authorization Checks

Description A privilege escalation vulnerability has been identified in Umbraco CMS. Under certain conditions, authenticated backoffice users with permission to manage users, may be able to elevate their privileges due to insufficient authorization enforcement when modifying user group membership...

7.2CVSS5.7AI score0.00257EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 2:54 p.m.7 views

Umbraco has Stored XSS in UFM Rendering Pipeline via Permissive DOMPurify Attribute Filtering

Description An authenticated backoffice user with access to Settings can inject malicious HTML into property type descriptions. Due to an overly permissive attributeNameCheck configuration /.+/ in the UFM DOMPurify instance, event handler attributes such as onclick and onload, when used within...

6.7CVSS5.8AI score0.0026EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 2:53 p.m.27 views

Cosmos EVM: incorrect state handling during nested EVM execution paths

Advisory ID: ASA-2026-002 Component: ICS20 Precompile Status: Resolved Published: March 2026 Contact: [email protected] --- Security Advisory ASA-2026-002 Status: Resolved. A patch is available and all known affected chains have either applied mitigations or upgraded. | Field | Value | | ---...

6AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 2:49 p.m.13 views

Traefik: kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values

Summary There is a potential vulnerability in Traefik's Kubernetes Gateway provider related to rule injection. A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query parameter match values. ...

6.5CVSS5.8AI score0.00277EPSS
Exploits0References4Affected Software3
Github Security Blog
Github Security Blog
added 2026/03/11 2:49 p.m.9 views

Unauthorized access to Argo Workflows Template

Summary Workflow templates endpoints allow any client to retrieve WorkflowTemplates and ClusterWorkflowTemplates. Any request with a Authorization: Bearer nothing token can leak sensitive template content, including embedded Secret manifests. Details...

9.8CVSS5.8AI score0.00652EPSS
Exploits1References6Affected Software2
Github Security Blog
Github Security Blog
added 2026/03/11 6:31 a.m.6 views

Keycloak: Information disclosure of disabled user attributes via administrative endpoint

A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized...

2.7CVSS5.7AI score0.00332EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 12:38 a.m.6 views

Quill has DoS via unbounded read of HTTP response body during notarization

Impact Quill before version v0.7.1 has unbounded reads of HTTP response bodies during the Apple notarization process. Exploitation requires the ability to modify API responses from Apple's notarization service, which is not possible under standard network conditions due to HTTPS with proper TLS...

5.3CVSS5.8AI score0.00088EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 12:38 a.m.7 views

Quill has unbounded memory allocation via unvalidated size fields in Mach-O binary parsing

Impact Quill before version v0.7.1 contains an unbounded memory allocation vulnerability when parsing Mach-O binaries. Exploitation requires that Quill processes an attacker-supplied Mach-O binary, which is most likely in environments such as CI/CD pipelines, shared signing services, or any...

5.5CVSS5.8AI score0.001EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 12:37 a.m.10 views

Quill vulnerable to SSRF via unvalidated URL from Apple notarization log retrieval

Impact Quill before version v0.7.1 contains a Server-Side Request Forgery SSRF vulnerability when attempting to fetch the Apple notarization submission logs. Exploitation requires the ability to modify API responses from Apple's notarization service, which is not possible under standard network...

5.3CVSS5.9AI score0.00097EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 12:37 a.m.12 views

@siteboon/claude-code-ui Vulnerable to Unauthenticated RCE via WebSocket Shell Injection

Security Advisory: Insecure Default JWT Secret + WebSocket Auth Bypass Enables Unauthenticated RCE via Shell Injection Download: cveclaudecodeuisubmissionv2.zip  Submission Info | Field | Value | |-------|-------| | Package | @siteboon/claude-code-ui | | Ecosystem | npm | | Affected versions | =...

9.8CVSS6AI score0.03433EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 12:36 a.m.6 views

Parse Server vulnerable to user enumeration via email verification endpoint

Impact The email verification endpoint /verificationEmailRequest returns distinct error responses depending on whether an email address belongs to an existing user, is already verified, or does not exist. An attacker can send requests with different email addresses and observe the error codes to...

6.3CVSS5.8AI score0.00241EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 12:35 a.m.6 views

Parse Server's MFA recovery codes not consumed after use

Impact When multi-factor authentication MFA via TOTP is enabled for a user account, Parse Server generates two single-use recovery codes. These codes are intended as a fallback when the user cannot provide a TOTP token. However, recovery codes are not consumed after use, allowing the same recover...

8.2CVSS5.8AI score0.0044EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 12:34 a.m.13 views

Parse Server has a protected fields bypass via dot-notation in query and sort

Impact The protectedFields class-level permission CLP can be bypassed using dot-notation in query WHERE clauses and sort parameters. An attacker can use dot-notation to query or sort by sub-fields of a protected field, enabling a binary oracle attack to enumerate protected field values. This...

8.7CVSS5.8AI score0.00367EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 12:34 a.m.65 views

Parse Server vulnerable to SQL Injection via dot-notation sub-key name in `Increment` operation on PostgreSQL

Impact A SQL injection vulnerability exists in the PostgreSQL storage adapter when processing Increment operations on nested object fields using dot notation e.g., stats.counter. The sub-key name is interpolated directly into SQL string literals without escaping. An attacker who can send write...

9.8CVSS6AI score0.00418EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 12:34 a.m.8 views

Parse Server vulnerable to stored XSS via file upload of HTML-renderable file types

Impact An attacker can upload a file with a file extension or content type that is not blocked by the default configuration of the Parse Server fileUpload.fileExtensions option. The file can contain malicious code, for example JavaScript in an SVG or XHTML file. When the file is accessed via its...

6.3CVSS5.8AI score0.00245EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 12:33 a.m.8 views

flagd Vulnerable to Allocation of Resources Without Limits or Throttling

Details flagd exposes OFREP /ofrep/v1/evaluate/... and gRPC evaluation.v1, evaluation.v2 endpoints for feature flag evaluation. These endpoints are designed to be publicly accessible by client applications. The evaluation context included in request payloads is read into memory without any size...

7.5CVSS5.7AI score0.0042EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 12:32 a.m.9 views

Terraform Provider for SendGrid: TLS Session Resumption Bypasses Certificate Authority Trust Store Modifications in Go

Summary A critical vulnerability has been identified at https://security.snyk.io/package/linux/chainguard:latest/terraform-provider-sendgrid, associated with the underlying Go version. If the server's TLS configuration is mutated between connections — for example, a CA is removed from the trusted...

5.7AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 12:31 a.m.18 views

Hono vulnerable to Prototype Pollution possible through __proto__ key allowed in parseBody({ dot: true })

Summary When using parseBody dot: true in HonoRequest, specially crafted form field names such as proto.x could create objects containing a proto property. If the parsed result is later merged into regular JavaScript objects using unsafe merge patterns, this may lead to prototype pollution in the...

5.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 12:29 a.m.15 views

actix-web-lab has host header poisoning in redirect middleware can generate attacker-controlled absolute redirects

Summary actix-web-lab redirect middleware uses request-derived host information to construct absolute redirect URLs for example, https://hostnamepath. In deployments without strict host allowlisting, an attacker can supply a malicious Host header and poison the Location response header, causing...

5.8AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 12:27 a.m.5 views

CraftCMS's `ElementSearchController` Affected by Blind SQL Injection

The ElementSearchController::actionSearch endpoint is missing the unset protection that was added to ElementIndexesController in GHSA-2453-mppf-46cj. The exact same SQL injection vulnerability including criteriaorderBy, the original advisory vector works on this controller because the fix was nev...

8.8CVSS6AI score0.0035EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 12:26 a.m.9 views

Parse Server vulnerable to SQL injection via `Increment` operation on nested object field in PostgreSQL

Impact A SQL injection vulnerability exists in the PostgreSQL storage adapter when processing Increment operations on nested object fields using dot notation e.g., stats.counter. The amount value is interpolated directly into the SQL query without parameterization or type validation. An attacker...

9.8CVSS6AI score0.00418EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 12:26 a.m.11 views

CraftCMS vulnerable to reflective XSS via incomplete return URL sanitization

Summary The fix for CVE-2025-35939 in craftcms/cms introduced a striptags call in src/web/User.php to sanitize return URLs before they are stored in the session. However, striptags only removes HTML tags angle brackets -- it does not inspect or filter URL schemes. Payloads like...

6.9CVSS5.9AI score0.01119EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 12:25 a.m.8 views

@siteboon/claude-code-ui is Vulnerable to Command Injection via Multiple Parameters

Summary Multiple Git-related API endpoints use execAsync with string interpolation of user-controlled parameters file, branch, message, commit, allowing authenticated attackers to execute arbitrary OS commands. Details The claudecodeui application provides Git integration through various API...

9.1CVSS6.1AI score0.00437EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 12:24 a.m.7 views

Umbraco Backoffice API Allows Unauthorized Modification of Domain Data

Description A broken object-level authorization vulnerability exists in a backoffice API endpoint that allows authenticated users to assign domain-related data to content nodes without proper authorization checks. The issue is caused by insufficient authorization enforcement on the affected API...

5.4CVSS5.8AI score0.00179EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 12:24 a.m.10 views

sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest

Summary Sigstore::Verifierverify does not propagate the VerificationFailure returned by verifyintoto when the artifact digest does not match the digest in the in-toto attestation subject. As a result, verification of DSSE bundles containing in-toto statements returns VerificationSuccess regardles...

7.5CVSS6AI score0.00217EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 12:24 a.m.14 views

Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network Access

Description: Flowise exposes an HTTP Node in AgentFlow and Chatflow that performs server-side HTTP requests using user-controlled URLs. By default, there are no restrictions on target hosts, including private/internal IP ranges RFC 1918, localhost, or cloud metadata endpoints. This enables...

8.8CVSS5.8AI score0.023EPSS
Exploits1References3Affected Software2
Github Security Blog
Github Security Blog
added 2026/03/11 12:23 a.m.8 views

Parse Server vulnerable to LDAP injection via unsanitized user input in DN and group filter construction

Impact The LDAP authentication adapter is vulnerable to LDAP injection. User-supplied input authData.id is interpolated directly into LDAP Distinguished Names DN and group search filters without escaping special characters. This allows an attacker with valid LDAP credentials to manipulate the bin...

8.8CVSS5.8AI score0.00423EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 12:23 a.m.8 views

Parse Server: Classes `_GraphQLConfig` and `_Audience` master key bypass via generic class routes

Impact The GraphQLConfig and Audience internal classes can be read, modified, and deleted via the generic /classes/GraphQLConfig and /classes/Audience REST API routes without master key authentication. This bypasses the master key enforcement that exists on the dedicated /graphql-config and...

9.1CVSS5.8AI score0.00335EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 12:22 a.m.8 views

@appium/support has a Zip Slip arbitrary file write in its ZIP extraction

Summary @appium/support contains a ZIP extraction implementation extractAllTo via ZipExtractor.extract with a path traversal Zip Slip check that is non-functional. The check at line 88 of packages/support/lib/zip.js creates an Error object but never throws it, allowing malicious ZIP entries with...

6.5CVSS6.1AI score0.00388EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 12:21 a.m.11 views

Parse Server has a rate limit bypass via batch request endpoint

Impact Parse Server's rate limiting middleware is applied at the Express middleware layer, but the batch request endpoint /batch processes sub-requests internally by routing them directly through the Promise router, bypassing Express middleware including rate limiting. An attacker can bundle...

7.5CVSS5.8AI score0.00342EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 12:21 a.m.8 views

Parse Server OAuth2 authentication adapter account takeover via identity spoofing

Impact The OAuth2 authentication adapter, when configured without the useridField option, only verifies that a token is active via the provider's token introspection endpoint, but does not verify that the token belongs to the user identified by authData.id. An attacker with any valid OAuth2 token...

8.8CVSS5.8AI score0.00333EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 12:21 a.m.9 views

Parse Server has role escalation and CLP bypass via direct `_Join` table write

Impact Parse Server's internal tables, which store Relation field mappings such as role memberships, can be directly accessed via the REST API or GraphQL API by any client using only the application key. No master key is required. An attacker can create, read, update, or delete records in any...

10CVSS5.8AI score0.00384EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 12:20 a.m.11 views

Parse Server vulnerable to session token exfiltration via `redirectClassNameForKey` query parameter

Impact A vulnerability in Parse Server's query handling allows an authenticated or unauthenticated attacker to exfiltrate session tokens of other users by exploiting the redirectClassNameForKey query parameter. Exfiltrated session tokens can be used to take over user accounts. The vulnerability...

9.9CVSS5.8AI score0.0036EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 12:19 a.m.39 views

Parse Server has a protected fields bypass via logical query operators

Impact The validation for protected fields only checks top-level query keys. By wrapping a query constraint on a protected field inside a logical operator, the check is bypassed entirely. This allows any authenticated user to query on protected fields to extract field values. All Parse Server...

7.1CVSS5.8AI score0.00297EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 12:18 a.m.13 views

Sequelize v6 Vulnerable to SQL Injection via JSON Column Cast Type

Summary SQL injection via unescaped cast type in JSON/JSONB where clause processing. The traverseJSON function splits JSON path keys on :: to extract a cast type, which is interpolated raw into CAST... AS SQL. An attacker who controls JSON object keys can inject arbitrary SQL and exfiltrate data...

7.5CVSS6AI score0.00422EPSS
Exploits2References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 12:17 a.m.7 views

Parse Server missing audience validation in Keycloak authentication adapter

Impact The Keycloak authentication adapter does not validate the azp authorized party claim of Keycloak access tokens against the configured client-id. A valid access token issued by the same Keycloak realm for a different client application can be used to authenticate as any user on the Parse...

8.8CVSS5.8AI score0.00426EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 12:17 a.m.6 views

Parse Server vulnerable to stored cross-site scripting (XSS) via SVG file upload

Impact A stored cross-site scripting XSS vulnerability allows any authenticated user to upload an SVG file containing JavaScript. The file is served inline with Content-Type: image/svg+xml and without protective headers, causing the browser to execute embedded scripts in the Parse Server origin...

8.3CVSS5.8AI score0.00216EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 12:17 a.m.38 views

Parse Server has a bypass of class-level permissions in LiveQuery

Impact Class-level permissions CLP are not enforced for LiveQuery subscriptions. An unauthenticated or unauthorized client can subscribe to any LiveQuery-enabled class and receive real-time events for all objects, regardless of CLP restrictions. All Parse Server deployments that use LiveQuery wit...

8.7CVSS5.8AI score0.00426EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 12:16 a.m.10 views

Parse Server affected by denial-of-service via unbounded query complexity in REST and GraphQL API

Impact An unauthenticated attacker can exhaust Parse Server resources CPU, memory, database connections through crafted queries that exploit the lack of complexity limits in the REST and GraphQL APIs. All Parse Server deployments using the REST or GraphQL API are affected. Patches The vulnerabili...

8.7CVSS5.8AI score0.00562EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 12:16 a.m.9 views

StudioCMS: IDOR — Arbitrary API Token Revocation Leading to Denial of Service

Summary The DELETE /studiocmsapi/dashboard/api-tokens endpoint allows any authenticated user with editor privileges or above to revoke API tokens belonging to any other user, including admin and owner accounts. The handler accepts tokenID and userID directly from the request payload without...

7.1CVSS5.9AI score0.00452EPSS
Exploits2References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 12:16 a.m.9 views

Parse Server has a NoSQL injection via token type in password reset and email verification endpoints

Impact A NoSQL injection vulnerability allows an unauthenticated attacker to inject MongoDB query operators via the token field in the password reset and email verification resend endpoints. The token value is passed to database queries without type validation and can be used to extract password...

8.7CVSS5.8AI score0.00455EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 12:14 a.m.9 views

pypdf: manipulated stream length values can exhaust RAM

Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length inside the stream. Patches This has been fixed in pypdf==6.8.0. Workarounds If you canno...

6.8CVSS5.9AI score0.00172EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 12:13 a.m.8 views

Sylius has a DQL Injection via API Order Filters

Impact Sylius API filters ProductPriceOrderFilter and TranslationOrderNameAndLocaleFilter pass user-supplied order direction values directly to Doctrine's orderBy without validation. An attacker can inject arbitrary DQL: GET /api/v2/shop/products?orderprice=ASC,%20variant.code%20DESC Patches The...

5.3CVSS6AI score0.00197EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 12:13 a.m.5 views

Sylius has a Promotion Usage Limit Bypass via Race Condition

Impact A Time-of-Check To Time-of-Use TOCTOU race condition was discovered in the promotion usage limit enforcement. The same class of vulnerability affects three independent limits: 1. Promotion usage limit - the global used counter on Promotion entities 2. Coupon usage limit - the global used...

8.2CVSS6AI score0.00179EPSS
Exploits0References3Affected Software1
Total number of security vulnerabilities33225