Lucene search
K
GithubRecent

33227 matches found

Github Security Blog
Github Security Blog
added 2026/03/05 9:48 p.m.8 views

Plane is Vulnerable to Unauthenticated Workspace Member Information Disclosure

Executive Summary A security vulnerability exists in the Plane project management platform that allows unauthenticated attackers to enumerate workspace members and extract sensitive information including email addresses, user roles, and internal identifiers. The vulnerability stems from Django RE...

7.5CVSS5.9AI score0.00377EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 9:43 p.m.8 views

Plane has SSRF via Incomplete IP Validation in Webhook URL Serializer

Summary The webhook URL validation in plane/app/serializers/webhook.py only checks ip.isloopback, allowing attackers with workspace ADMIN role to create webhooks pointing to private/internal network addresses 10.x.x.x, 172.16.x.x, 192.168.x.x, 169.254.169.254, etc.. When webhook events fire, the...

8.5CVSS5.9AI score0.00284EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 9:42 p.m.10 views

mcp-memory-service Vulnerable to System Information Disclosure via Health Endpoint

Summary The /api/health/detailed endpoint returns detailed system information including OS version, Python version, CPU count, memory totals, disk usage, and the full database filesystem path. When MCPALLOWANONYMOUSACCESS=true is set required for the HTTP server to function without OAuth/API key,...

5.3CVSS6AI score0.00369EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 9:41 p.m.20 views

org.eclipse.jetty:jetty-http has different parsing of invalid URIs

The Jetty URI parser has some key differences compared to other common parsers when evaluating invalid or unusual URIs. Specifically: Invalid Scheme | URI | Jetty | uri-js nodejs | node-urlnodejs | |---|---|---| --- | | https://vulndetector.com/path | scheme=http| scheme=https | invalid URI |...

6.5CVSS5.9AI score0.00159EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 9:30 p.m.8 views

@perfood/couch-auth has an Observable Timing Discrepancy

An Observable Timing Discrepancy in @perfood/couch-auth v0.26.0 allows attackers to access sensitive information via a timing side-channel...

7.5CVSS5.8AI score0.00379EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 9:30 p.m.12 views

@perfood/couch-auth has a host header injection vulnerability

A host header injection vulnerability in the mailer component of @perfood/couch-auth v0.26.0 allows attackers to obtain reset tokens and execute an account takeover via spoofing the HTTP Host header...

9.3CVSS5.8AI score0.00352EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 9:30 p.m.7 views

Cloudfoundry UAA has logic error in the token revocation endpoint implementation

Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0...

6.5CVSS5.8AI score0.00224EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 9:30 p.m.9 views

Fonoster is vulnerable to directory traversal

Fonoster 0.5.5 before 0.6.1 allows ../ directory traversal to read arbitrary files via the /sounds/:file or /tts/:file VoiceServer endpoint. This occurs in serveFiles in mods/voice/src/utils.ts. NOTE: serveFiles exists in 0.5.5 but not in the next release, 0.6.1...

5.8CVSS5.9AI score0.02362EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 9:30 p.m.10 views

Keycloak allows authentication using an Identity Provider (IdP) even after it has been disabled by an administrator

A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider IdP even after it has been disabled by an administrator. An attacker who knows the IdP alias can reuse a previously generated login request to bypass the...

8.1CVSS5.7AI score0.00333EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 9:30 p.m.9 views

Keycloak SAML Broken has Authentication Bypass by Primary Weakness

A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language SAML client is configured as an Identity Provider IdP-initiated broker landing target, it can still complete the login process and establish a Single Sign-On SSO session. This allows a remote attacker...

8.8CVSS5.8AI score0.00469EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 9:30 p.m.9 views

RAGAS has an Arbitrary File Read vulnerability

An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrievedcontexts parameter when handling multimodal inputs...

7.5CVSS5.8AI score0.00534EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 9:29 p.m.10 views

Fastify's Missing End Anchor in "subtypeNameReg" Allows Malformed Content-Types to Pass Validation

Description Fastify incorrectly accepts malformed Content-Type headers containing trailing characters after the subtype token, in violation of RFC 9110 §8.3.1. For example, a request sent with Content-Type: application/json garbage passes validation and is processed normally, rather than being...

5.3CVSS6AI score0.00351EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 9:27 p.m.14 views

The Eclipse Jetty Server Artifact has a Gzip request memory leak

Description as reported There is a memory leak when using GzipHandler in jetty-12.0.30 that can cause off-heap OOMs. This can be used for DoS attacks so I'm reporting this as a vulnerability. The leak is created by requests where the request is inflated Content-Encoding: gzip and the response is...

7.5CVSS5.9AI score0.00625EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 9:24 p.m.9 views

OliveTin doesn't check view permission when returning dashboards

Summary An authorization flaw in OliveTin allows authenticated users with view: false permission to enumerate action bindings and metadata via dashboard and API endpoints. Although execution exec may be correctly denied, the backend does not enforce IsAllowedView when constructing dashboard and...

6.5CVSS6.1AI score0.00417EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 9:15 p.m.8 views

`time-sync` was removed from crates.io due to malicious code

The time-sync crate attempted to exfiltrate .env files to a server that was in turn impersonating the legitimate timeapi.io service. This the same attack that we've seen three times in the last few days. The malicious crate had 1 version published on 2026-03-04 approximately 50 minutes before...

6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 9:14 p.m.9 views

EC-CUBE has a Vulnerability that Allows MFA Bypass in the Administrative Interface

Vulnerability Allowing MFA Bypass Affected EC-CUBE Versions Versions: 4.1.0 – 4.3.1 Vulnerability Overview If an administrator’s ID and password are compromised, an issue exists that allows an attacker to bypass the normally required two-factor authentication 2FA and log in to the administrative...

6.1AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 8:57 p.m.7 views

Pingora vulnerable to cache poisoning via insecure-by-default cache key

Impact Pingora versions prior to 0.8.0 generated cache keys using only the URI path, excluding critical factors such as the host header. This allows an attacker to poison the cache and serve cross-origin responses to users. This vulnerability affects users of Pingora's alpha proxy caching feature...

8.4CVSS5.8AI score0.00394EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 8:56 p.m.7 views

Pingora has HTTP Request Smuggling via HTTP/1.0 and Transfer-Encoding Misparsing

Impact Pingora versions prior to 0.8.0 improperly allowed HTTP/1.0 request bodies to be close-delimited and incorrectly handled multiple Transfer-Encoding values. This allows an attacker to desync Pingora's request framing from backend servers and smuggle requests to the backend. This vulnerabili...

9.3CVSS5.8AI score0.00707EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 8:55 p.m.11 views

Pingora vulnerable to HTTP Request Smuggling via Premature Upgrade

Impact Pingora versions prior to 0.8.0 would immediately forward bytes following a request with an Upgrade header to the backend, without waiting for a 101 Switching Protocols response. This allows an attacker to smuggle requests to the backend and bypass proxy-level security controls. This...

9.3CVSS5.8AI score0.00666EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 8:54 p.m.7 views

OliveTin has crash on NPE by calling APIs with invalid bindings or log references

Summary An unauthenticated attacker can trigger server-side panics by first creating an execution log entry with a nil binding via StartActionByGet invalid action ID, then calling KillAction or RestartAction on that tracking ID. This causes a nil-pointer dereference in API handlers and results in...

6.2AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 8:53 p.m.9 views

OliveTin's RestartAction always runs actions as guest

Summary An authentication context confusion vulnerability in RestartAction allows a low‑privileged authenticated user to execute actions they are not permitted to run. RestartAction constructs a new internal connect.Request without preserving the original caller’s authentication headers or cookie...

5.3CVSS6.4AI score0.00414EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 8:53 p.m.8 views

OliveTin Session Fixation: Logout Fails to Invalidate Server-Side Session

Summary OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid in server storage until expiry default ≈ 1 year. An attacker with a previously stolen or captured session cookie can continue authenticating...

5.4CVSS6AI score0.00302EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 8:52 p.m.7 views

OliveTin has JWT Audience Validation Bypass in Local Key and HMAC Modes

Summary When JWT authentication is configured using either: - authJwtPubKeyPath local RSA public key, or - authJwtHmacSecret HMAC secret, the configured audience value authJwtAud is not enforced during token parsing. As a result, validly signed JWT tokens with an incorrect aud claim are accepted...

8.8CVSS6AI score0.00301EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 8:45 p.m.8 views

stellar-xdr's StringM::from_str bypasses max length validation

Impact StringM::fromstr does not validate that the input length is within the declared maximum MAX. Calling StringM::::fromstrs where s is longer than N bytes succeeds and returns an Ok value instead of ErrError::LengthExceedsMax, producing a StringM that violates its length invariant. This affec...

7.5CVSS6AI score0.00193EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 8:43 p.m.6 views

Gokapi has CSRF in Login Endpoint

Summary The login flow accepts credential-bearing requests without CSRF protection mechanisms tied to the browser session context. The handler parses form values directly and creates a session on successful credential validation. Issue found by aisafe.io Impact An attacker can force a victim...

4.6CVSS5.9AI score0.00076EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 8:42 p.m.7 views

Gokapi has privilege escalation via incomplete API-key permission revocation on user rank demotion

Summary A privilege escalation vulnerability in the user rank demotion logic allows a demoted user's existing API keys to retain ApiPermManageFileRequests and ApiPermManageLogs permissions, enabling continued access to upload-request management and log viewing endpoints after the user has been...

5.4CVSS5.8AI score0.00116EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 8:19 p.m.19 views

LangGraph checkpoint loading has unsafe msgpack deserialization

LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can modify checkpoint data in the backing store for example, after a database compromise or other privileged write access to the persistence layer, they can...

7.2CVSS6.3AI score0.05219EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 8:16 p.m.7 views

Gogs: DOM-based XSS via milestone selection

Summary It was confirmed in a test environment that an attacker can store an HTML/JavaScript payload in a repository’s Milestone name, and when another user selects that Milestone on the New Issue page /issues/new, a DOM-Based XSS is triggered. Impact Theft of information accessible in the victim...

7.3CVSS6AI score0.00184EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 7:50 p.m.8 views

Gogs: Access tokens get exposed through URL params in API requests

Summary The Gogs API still accepts tokens in URL parameters such as token and accesstoken, which can leak through logs, browser history, and referrers. Details A static review shows that the API still checks tokens in the URL query before looking at headers: - internal/context/auth.go reads...

6.9CVSS5.9AI score0.00254EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 7:48 p.m.8 views

Gogs: Stored XSS in branch and wiki views through author and committer names

Summary Stored XSS is still possible through unsafe template rendering that mixes user input with safe plus permissive sanitizer handling of data URLs. Details safe still turns off escaping: - internal/template/template.go - func saferaw string template.HTML return template.HTMLraw Branch pages...

6.9CVSS6.1AI score0.00189EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 7:29 p.m.11 views

Gogs: Release tag option injection in release deletion

Summary There is a security issue in Gogs where deleting a release can fail if a user-controlled tag name is passed to Git without the right separator, allowing Git option injection and therefore interfering with the process. Affected Component - internal/database/release.go process.ExecDir...,...

8.8CVSS6AI score0.00433EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 7:26 p.m.6 views

Gogs: Stored XSS via data URI in issue comments

Summary A Stored Cross-site Scripting XSS vulnerability exists in the comment and issue description functionality. The application's HTML sanitizer explicitly allows data: URI schemes, enabling authenticated users to inject arbitrary JavaScript execution via malicious links. Details The...

8.7CVSS6.3AI score0.00306EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 7:14 p.m.8 views

Gogs: Cross-repository LFS object overwrite via missing content hash verification

Summary Overwritable LFS object across different repos leads to supply-chain attack, all LFS objects are vulnerable to be maliciously overwritten by malicious attackers. Details Gogs store all LFS objects in the same place, no isolation between different repositories. repo id not concatenated to...

9.3CVSS5.8AI score0.00327EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 6:57 p.m.9 views

Gokapi has privilege escalation with auth token

Impact A registered user without privileges to create or modify file requests is able to create a short-lived API key that has the permission to do so. The user must be registered with Gokapi. If you do not have any other users with access to the admin/upload menu, you are not impacted. Patches...

5CVSS6AI score0.00137EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 6:40 p.m.10 views

Gokapi has Stored XSS in SVG Hotlinks

Summary If a malicious authenticated user uploads SVG and creates a hotlink for it, they achieve stored XSS. Details The hotlinking functionality fails to properly handle scripts included in the SVGs, allowing authenticated attackers with the ability to upload and hotlink file to execute arbitrar...

8.7CVSS6.1AI score0.00189EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 6:37 p.m.7 views

Gokapi has Data Leak in Upload Status Stream

Description The upload status SSE implementation on /uploadStatus publishes global upload state to any authenticated listener and includes fileid values that are not scoped to the requesting user. Impact Any authenticated user can observe other users' file identifiers and retrieve unauthorized...

6.4CVSS5.9AI score0.00133EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 6:26 p.m.20 views

Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure

Summary The /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to download a full system backup containing sensitive data user credentials,...

9.8CVSS6AI score0.22162EPSS
Exploits13References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 6:20 p.m.7 views

xgrammar vulnerable to DoS via multi-layer nesting

Summary The multi-level nested syntax caused a segmentation fault core dump. Details A trigger stack overflow or memory exhaustion was caused by constructing a malicious grammar rule containing 30,000 layers of nested parentheses. PoC !/usr/bin/env python3 """ XGrammar - Math Expression Generatio...

8.7CVSS5.9AI score0.00688EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 6:18 p.m.8 views

Mercurius: Incorrect Content-Type parsing can lead to CSRF attack

Summary A Cross-Site Request Forgery CSRF vulnerability was identified in Mercurius versions 16. The issue arises from incorrect parsing of the Content-Type header in requests. Specifically, requests with Content-Type values such as application/x-www-form-urlencoded, multipart/form-data, or...

5.4CVSS5.9AI score0.00159EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 6:5 p.m.11 views

Leantime has HTML injection through firstname and lastname fields

Summary Leantime v2.3.27 is vulnerable to Stored HTML Injection. The firstname and lastname fields in the admin user edit page are rendered without HTML escaping, allowing an authenticated user to inject arbitrary HTML that executes when the profile is viewed. Vulnerable File...

6.1AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 3:30 p.m.19 views

Python-Markdown has an Uncaught Exception

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown...

8.2CVSS6AI score0.00566EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 6:30 a.m.10 views

django-allauth has an open redirect vulnerability

An open redirect vulnerability exists in django-allauth versions prior to 65.14.1 when SAML IdP initiated SSO is enabled it is disabled by default, which may allow an attacker to redirect users to an arbitrary external website via a crafted URL...

6.1CVSS6AI score0.00159EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 1:22 a.m.7 views

AVideo: Unauthenticated PHP session store exposed to host network via published memcached port

Summary The official docker-compose.yml publishes the memcached service on host port 11211 0.0.0.0:11211 with no authentication, while the Dockerfile configures PHP to store all user sessions in that memcached instance. An attacker who can reach port 11211 can read, modify, or flush session data ...

9.8CVSS6.1AI score0.0049EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 1:2 a.m.10 views

Agentgateway is missing parameter sanitization in MCP to OpenAPI conversion

Summary When converting MCP tools/call request to OpenAPI request, input path, query, and header values are not sanitized. Details When using the MCP to OpenAPI feature, the proxy lacks proper sanitization of input parameters in the MCP call, allowing: Injection of additional path or query...

6.5CVSS6AI score0.00144EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 12:59 a.m.9 views

dbt-common's commonprefix() doesn't protect against path traversal

Impact What kind of vulnerability is it? Who is impacted? A path traversal vulnerability exists in dbt-common's safeextract function used when extracting tarball archives. The function uses os.path.commonprefix to validate that extracted files remain within the intended destination directory...

5.3CVSS6AI score0.00262EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 12:57 a.m.22 views

opennextjs-cloudflare has SSRF vulnerability via /cdn-cgi/ path normalization bypass

A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package, resulting from a path normalization bypass in the /cdn-cgi/image/ handler. The @opennextjs/cloudflare worker template includes a /cdn-cgi/image/ handler intended for development use only. In...

7.7CVSS6AI score0.00363EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 12:52 a.m.13 views

tar has Hardlink Path Traversal via Drive-Relative Linkpath

Summary tar npm can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x extraction. Details The extraction logic in UnpackSTRIPABSOLUTEPATH chec...

8.6CVSS6AI score0.00408EPSS
Exploits2References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 12:43 a.m.9 views

`dnp3times` was removed from crates.io due to malicious code

The dnp3times crate attempted to exfiltrate .env files to a server that was in turn impersonating the legitimate timeapi.io service. It was loosely trying to typosquat the dnp3time crate, but otherwise was the same attack as the recent timecalibrator and timecalibrators malware. The malicious cra...

6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 12:42 a.m.8 views

Ghost has incomplete CSRF protections around OTC use

Impact Incomplete CSRF protections around /session/verify made it possible to use OTCs in login sessions different from the requesting session. In some scenarios this might have made it easier for phishers to take over a Ghost site. Vulnerable versions This vulnerability is present in Ghost from...

8.8CVSS5.9AI score0.00157EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 12:38 a.m.5 views

zeptoclaw has Shell allowlist-blocklist bypass via command/argument injection and file name wildcards

Summary zeptoclaw implements a allowlist combined with a blocklist to prevent malicious shell commands in src/security/shell.rs. However, even in the Strict mode, attackers can completely bypass all the guards from allowlist and blocklist: - to bypass the allowlist, command injection is enough,...

6.2AI score
Exploits0References4Affected Software1
Total number of security vulnerabilities33227