33227 matches found
Apache ZooKeeper: Reverse-DNS fallback enables hostname verification bypass in ZooKeeper ZKTrustManager
Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS PTR when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate for the PTR name. It's important to note that attacker must...
Apache ZooKeeper has improper handling of configuration values
Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information stored in client configuration in the client's logfile. Configuration values are exposed at INFO level logging rendering potential producti...
Meta Box Plugin for WordPress: Authenticated (Contributor+) Arbitrary File Deletion via ajax_delete_file
The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxdeletefile' function in all versions up to, and including, 5.11.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...
Soroban: Muxed address<->ScVal conversions may break after a conversion failure
Summary Soroban host ensures that MuxedAddress objects can't be used as storage keys in order to proactively prevent the contract logic bugs. However, due to a bug in Soroban host implementation, a failure in Val-ScVal conversion during the storage key computation will have the flag indicating th...
OneUptime: Synthetic Monitor RCE via exposed Playwright browser object
Summary OneUptime Synthetic Monitors allow low-privileged project users to submit custom Playwright code that is executed on the oneuptime-probe service. In the current implementation, this untrusted code is run inside Node's vm and is given live host Playwright objects such as browser and page...
x402 SDK Security Advisory
Impact A security vulnerability exists in outdated versions of the x402 SDK. This vulnerability does not affect users' private keys, smart contracts, or funds. The issue impacts resource servers accepting payments on Solana when the facilitator is running a vulnerable version of the x402 SDK. Who...
Black's vulnerable version parsing leads to RCE in GitHub Action
Impact Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct URL reference to a malicious repository. Th...
Withdrawn Advisory: Shescape has possible misidentification of shell due to link chains
Withdrawn Advisory This advisory has been withdrawn because it falls outside the https://github.com/ericcornelissen/shescape/blob/a2544a1c78cae19d0e81a485b997bf0b0fcc2c12/SECURITY.mdthreat-model. This link is maintained to preserve external references. Original Description Impact This impacts use...
FUXA has a hardcoded fallback JWT signing secret
FUXA used a static fallback JWT signing secret frangoteam751 when no secretCode was configured. If authentication was enabled without explicitly setting a custom secret, an attacker who knew the default value could forge valid JWT tokens and bypass authentication. This issue has been addressed in...
OneUpTime's Unsandboxed Code Execution in Probe Allows Any Project Member to Achieve RCE
Summary OneUptime allows project members to run custom Playwright/JavaScript code via Synthetic Monitors to test websites. However, the system executes this untrusted user code inside the insecure Node.js vm module. By leveraging a standard prototype-chain escape this.constructor.constructor, an...
AVideo has Unauthenticated IDOR - Playlist Information Disclosure
Product: AVideo https://github.com/WWBN/AVideo Version: Latest tested March 2026 Type: Insecure Direct Object Reference IDOR Auth Required: No User Interaction: None Summary The /objects/playlistsFromUser.json.php endpoint returns all playlists for any user without requiring authentication or...
PowerSync: Some sync filters ignored on 1.20.0 using `config.edition: 3`
Impact In version 1.20.0, when using new sync streams with config.edition: 3, certain subquery filters were ignored when determining which data to sync to users. Depending on the sync stream configuration, this could result in authenticated users syncing data that should have been restricted. Onl...
SiYuan Vulnerable to Path Traversal in /export Endpoint Allows Arbitrary File Read and Secret Leakage
Summary A path traversal vulnerability in the /export endpoint allows an attacker to read arbitrary files from the server filesystem. By exploiting double‑encoded traversal sequences, an attacker can access sensitive files such as conf/conf.json, which contains secrets including the API token,...
mcp-memory-service's Wildcard CORS with Credentials Enables Cross-Origin Memory Theft
Summary When the HTTP server is enabled MCPHTTPENABLED=true, the application configures FastAPI's CORSMiddleware with alloworigins='', allowcredentials=True, allowmethods="", and allowheaders="". The wildcard Access-Control-Allow-Origin: header permits any website to read API responses...
Firefly III user API endpoints expose all users' information to any authenticated user (IDOR)
Summary The User management API endpoints GET /api/v1/users and GET /api/v1/users/id are accessible to any authenticated user without admin/owner role verification, exposing all users' email addresses, roles, and account status. Affected Endpoints 1. GET /api/v1/users UserController::index, line ...
WeKnora has Remote Code Execution (RCE) via Command Injection in MCP Stdio Configuration Validation
Summary A critical unauthenticated remote code execution RCE vulnerability exists in the MCP stdio configuration validation introduced in version 2.0.5. The application allows unrestricted user registration, meaning any attacker can create an account and exploit the command injection flaw. Despit...
WeKnora Vulnerable to Remote Code Execution via SQL Injection Bypass in AI Database Query Tool
Summary A critical Remote Code Execution RCE vulnerability exists in the application's database query functionality. The validation system fails to recursively inspect child nodes within PostgreSQL array expressions and row expressions, allowing attackers to bypass SQL injection protections. By...
WeKnora has Broken Access Control - Cross-Tenant Data Exposure
Summary A broken access control vulnerability in the database query tool allows any authenticated tenant to read sensitive data belonging to other tenants, including API keys, model configurations, and private messages. The application fails to enforce tenant isolation on critical tables models,...
WeKnora has DNS Rebinding Vulnerability in web_fetch Tool that Allows SSRF to Internal Resources
Summary A DNS rebinding vulnerability in the webfetch tool allows an unauthenticated attacker to bypass URL validation and access internal resources on the server, including private IP addresses e.g., 127.0.0.1, 192.168.x.x. By crafting a malicious domain that resolves to a public IP during...
WeKnora has Unauthorized Cross‑Tenant Knowledge Base Cloning
Summary A cross-tenant authorization bypass in the knowledge base copy endpoint allows any authenticated user to clone duplicate another tenant’s knowledge base into their own tenant by knowing/guessing the source knowledge base ID. This enables bulk data exfiltration document/FAQ content across...
WeKnora Vulnerable to Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection
Summary A vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution. By exploiting an ambiguous naming convention in the MCP client mcpservicetool, an attacker can register a malicious tool that overwrites a legitimate...
WeKnora Vulnerable to Broken Access Control in Tenant Management
Summary An authorization bypass in tenant management endpoints of WeKnora application allows any authenticated user to read, modify, or delete any tenant by ID. Since account registration is open to the public, this vulnerability allows any unauthenticated attacker to register an account and...
Caddy's vars_regexp double-expands user input, leaking env vars and files
Summary The varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the header value gets resolved once expected, then passed through repl.ReplaceAll again the bug. This mean...
Caddy forward_auth copy_headers Does Not Strip Client-Supplied Headers, Allowing Identity Injection and Privilege Escalation
Summary Caddy's forwardauth directive with copyheaders generates conditional header-set operations that only fire when the upstream auth service includes the named header in its response. No delete or remove operation is generated for the original client-supplied request header with the same name...
CommonMark has DisallowedRawHtml extension bypass via whitespace in HTML tag names
Impact The DisallowedRawHtml extension can be bypassed by inserting a newline, tab, or other ASCII whitespace character between a disallowed HTML tag name and the closing . For example, would pass through unfiltered and be rendered as a valid HTML tag by browsers. This is a cross-site scripting X...
parse-server: Malformed `$regex` query leaks database error details in API response
Impact A malformed $regex query parameter e.g. abc causes the database to return a structured error object that is passed unsanitized through the API response. This leaks database internals such as error messages, error codes, code names, cluster timestamps, and topology details. The vulnerabilit...
Flowise Missing Authentication on NVIDIA NIM Endpoints
Missing Authentication on NVIDIA NIM Endpoints Summary The NVIDIA NIM router /api/v1/nvidia-nim/ is whitelisted in the global authentication middleware, allowing unauthenticated access to privileged container management and token generation endpoints. Vulnerability Details | Field | Value |...
Flowise has IDOR leading to Account Takeover and Enterprise Feature Bypass via SSO Configuration
Summary The Flowise platform has a critical Insecure Direct Object Reference IDOR vulnerability combined with a Business Logic Flaw in the PUT /api/v1/loginmethod endpoint. While the endpoint requires authentication, it fails to validate if the authenticated user has ownership or administrative...
Flowise Allows Mass Assignment in `/api/v1/leads` Endpoint
Summary A Mass Assignment vulnerability in the /api/v1/leads endpoint allows any unauthenticated user to control internal entity fields id, createdDate, chatId by including them in the request body. The endpoint uses Object.assign to copy all properties from the request body to the Lead entity...
soft-serve vulnerable to SSRF via unvalidated LFS endpoint in repo import
While auditing the codebase in the wake of the webhook SSRF fix shipped in v0.11.1 GHSA-vwq2-jx9q-9h9f, it was identified that the LFS import path was never given the same treatment. The webhook fix introduced dual-layer SSRF protection — ValidateWebhookURL at creation time and secureHTTPClient...
Zarf's symlink targets in archives are not validated against destination directory
Summary A path traversal vulnerability in archive extraction allows a specifically crafted Zarf package to create symlinks pointing outside the destination directory, enabling arbitrary file read or write on the system processing the package. What users should do Upgrade immediately to version...
CoreDNS Loop Detection Denial of Service Vulnerability
Executive Summary A Denial of Service vulnerability exists in CoreDNS's loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable pseudo-random number generator PRNG for generating a secret...
How to scan for vulnerabilities with GitHub Security Lab’s open source AI-powered framework
For the last few months, we've been using the GitHub Security Lab Taskflow Agent along with a new set of auditing taskflows that specialize in finding web security vulnerabilities. They also turn out to be very successful at finding high-impact vulnerabilities in open source projects. As security...
Flowise has Arbitrary File Upload via MIME Spoofing
Vulnerability Description --- Vulnerability Overview - The /api/v1/attachments/:chatflowId/:chatId endpoint is listed in WHITELISTURLS, allowing unauthenticated access to the file upload API. - While the server validates uploads based on the MIME types defined in...
Flowise has Authorization Bypass via Spoofed x-request-from Header
Summary Flowise trusts any HTTP client that sets the header x-request-from: internal, allowing an authenticated tenant session to bypass all /api/v1/ authorization checks. With only a browser cookie, a low-privilege tenant can invoke internal administration endpoints API key management, credentia...
Mercurius's queryDepth limit bypassed for WebSocket subscriptions
Description Mercurius fails to enforce the configured queryDepth limit on GraphQL subscription queries received over WebSocket connections. The depth check is correctly applied to HTTP queries and mutations, but subscription queries are parsed and executed without invoking the depth validation...
parse-server's endpoint `/loginAs` allows `readOnlyMasterKey` to gain full read and write access as any user
Impact The readOnlyMasterKey can call POST /loginAs to obtain a valid session token for any user. This allows a read-only credential to impersonate arbitrary users with full read and write access to their data. Any Parse Server deployment that uses readOnlyMasterKey is affected. Patches The fix...
parse-server's file creation and deletion bypasses `readOnlyMasterKey` write restriction
Impact The readOnlyMasterKey can be used to create and delete files via the Files API POST /files/:filename, DELETE /files/:filename. This bypasses the read-only restriction which violates the access scope of the readOnlyMasterKey. Any Parse Server deployment that uses readOnlyMasterKey and expos...
Vercel Workflow Allows Webhook Creation with Predictable User-Specified Tokens
createWebhook in Vercel Workflow DevKit accepts a user-specified token parameter that serves as the credential for the public webhook endpoint /.well-known/workflow/v1/webhook/token. Official documentation recommended predictable token patterns, making it possible for an unauthenticated remote...
PinchTab has SSRF with Full Response Exfiltration via Download Handler
SSRF with Full Response Exfiltration via Download Handler Summary A Server-Side Request Forgery SSRF vulnerability in the /download endpoint allows any user with API access to induce the PinchTab server to make requests to arbitrary URLs, including internal network services and local system files...
defuddle vulnerable to XSS via unescaped string interpolation in _findContentBySchemaText image tag
Summary The findContentBySchemaText method in src/defuddle.ts interpolates image src and alt attributes directly into an HTML string without escaping: typescript html += ; An attacker can use a " in the alt attribute to break out of the attribute context and inject event handlers. This is a...
express-rate-limit: IPv4-mapped IPv6 addresses bypass per-client rate limiting on servers with dual-stack network
Summary The default keyGenerator in express-rate-limit applies IPv6 subnet masking /56 by default to all addresses that net.isIPv6 returns true for. This includes IPv4-mapped IPv6 addresses ::ffff:x.x.x.x, which Node.js returns as request.ip on dual-stack servers. Because the first 80 bits of all...
Snipe-IT has sensitive user attributes related to account privileges that are insufficiently protected against mass assignment
Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently protected against mass assignment. An authenticated, low-privileged user can craft a malicious API request to modify restricted fields of another user account, including the...
CoreDNS ACL Bypass
A logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default execution order of plugins. Security plugins such as acl are evaluated before the rewrite plugin, resulting in a Time-of-Check Time-of-Use TOCTOU flaw. Impact In multi-tenant Kubernetes clusters, this...
GitHub Copilot CLI Dangerous Shell Expansion Patterns Enable Arbitrary Code Execution
Summary A security vulnerability has been identified in GitHub Copilot CLI's shell tool that could allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent e.g., via prompt injection through repository files...
SageMaker Python SDK replaced eval() with safe parser in JumpStart search functionality
Summary This advisory addresses the use of the searchhub function within the SageMaker Python SDK's JumpStart search functionality. An actor with the ability to control query parameters passed to the searchhub function could potentially provide malformed input that causes the eval function to...
Flowise Vulnerable to PII Disclosure on Unauthenticated Forgot Password Endpoint
Summary The /api/v1/account/forgot-password endpoint returns the full user object including PII id, name, email, status, timestamps in the response body instead of a generic success message. This exposes sensitive user information to unauthenticated attackers who only need to know a valid email...
Flowise has Insufficient Password Salt Rounds
Description The default bcrypt salt rounds is set to 5, which is below the recommended minimum for security. Affected Code export function getHashvalue: string const salt = bcrypt.genSaltSyncparseIntprocess.env.PASSWORDSALTHASHROUNDS || '5' return bcrypt.hashSyncvalue, salt Evidence Using 5 salt...
MimeKit has CRLF Injection in Quoted Local-Part that Enables SMTP Command Injection and Email Forgery
Summary A CRLF Injection vulnerability in MimeKit 4.15.0 allows an attacker to embed \r\n into the SMTP envelope address local-part when the local-part is a quoted-string. This is non-compliant with RFC 5321 and can result in SMTP command injection e.g., injecting additional RCPT TO / DATA / RSET...
WeKnora is Vulnerable to SSRF via Redirection
Summary The application's "Import document via URL" feature is vulnerable to Server-Side Request Forgery SSRF through HTTP redirects. While the backend implements comprehensive URL validation blocking private IPs, loopback addresses, reserved hostnames, and cloud metadata endpoints, it fails to...