Lucene search
K
GithubRecent

33227 matches found

Github Security Blog
Github Security Blog
added 2026/03/02 10:3 p.m.10 views

OpenClaw has web_search citation redirect SSRF via private-network-allowing policy

Summary Gemini websearch citation redirect resolution used a private-network-allowing SSRF policy. A citation URL redirect could target loopback/private/internal destinations and be fetched by the gateway. Impact An attacker who can influence citation redirect targets could trigger internal-netwo...

7.4CVSS5.9AI score0.00184EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/02 9:59 p.m.8 views

OpenClaw's authorization mismatch allowed write-scope agent runs to reach owner-only tools

Summary An authorization mismatch allowed authenticated callers with operator.write access to invoke owner-only tool surfaces gateway, cron through agent runs in scoped-token deployments. Impact On affected deployments, write-scoped callers could perform control-plane actions beyond intended writ...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/02 9:55 p.m.5 views

OpenClaw: Sandbox media TOCTOU could read files outside sandbox root

Summary Sandbox media handling had a time-of-check/time-of-use gap: media paths could be validated first and read later through a separate path. A symlink retarget between those steps could cause reads outside sandboxRoot. Impact Affected versions could permit host file reads outside the intended...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/02 9:55 p.m.9 views

OpenClaw's TOCTOU symlink race in writeFileWithinRoot could create or truncate files outside root boundaries

Summary A symlink-retarget TOCTOU race in writeFileWithinRoot could point an attacker-controlled path alias outside the configured root between resolution and write operations. Impact Affected versions could cause out-of-root write side effects including file creation or truncation before final...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/02 9:55 p.m.10 views

CpenClaw's ACPX Windows wrapper shell fallback allowed cwd injection in specific paths

Summary On Windows ACPX paths, wrapper resolution for .cmd/.bat could fall back to shell execution in ways that allowed cwd influence to alter execution behavior. Impact In affected Windows ACPX configurations, this could enable command execution integrity loss through cwd-influenced wrapper...

7.8CVSS6.1AI score0.00241EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/02 9:54 p.m.8 views

OpenClaw has an unauthorized sender bypass in its stop triggers and /models command authorization

Summary Unauthorized senders could trigger two command paths without sender authorization checks: 1. stop-like natural-language abort triggers 2. /models command output Impact An unauthorized sender could disrupt active sessions and view model/auth metadata that should be authorization-gated. Fix...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/02 9:53 p.m.26 views

OpenClaw's sandboxed sessions_spawn now enforces sandbox inheritance for cross-agent spawns

Summary A sandboxed session could use cross-agent sessionsspawn to create a child under an agent configured with sandbox.mode="off", downgrading runtime confinement. Impact In mixed-agent setups that allow cross-agent spawning, a sandboxed requester could escape into an unsandboxed child runtime...

9.9CVSS5.9AI score0.00281EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/02 9:49 p.m.12 views

OpenClaw has unbounded memory growth in Zalo webhook via query-string key churn (unauthenticated DoS)

Summary Unauthenticated requests to a reachable Zalo webhook endpoint could trigger unbounded in-memory key growth by varying query strings on the same valid webhook route. Impact An attacker could cause memory pressure and potential process instability or OOM, degrading availability. Fix Webhook...

6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/02 9:49 p.m.6 views

OpenClaw: Unicode canonicalization drift in node metadata policy classification could broaden node allowlists

Summary A paired node could supply Unicode-confusable platform or deviceFamily metadata that passed metadata pinning but classified differently for command policy resolution, broadening default node command allowlists. Impact This is a policy-bypass issue within the paired-node trust boundary and...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/02 9:49 p.m.7 views

OpenClaw: Browser control startup could continue unauthenticated after auth bootstrap failure

Summary When browser control started without explicit auth credentials, OpenClaw attempted to bootstrap auth automatically. In affected versions, if that bootstrap step threw an error, startup could continue and expose browser-control routes without authentication. Impact On affected deployments,...

7.8CVSS5.9AI score0.0011EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/02 9:47 p.m.11 views

OpenChatBI has a Path Traversal Vulnerability in save_report Tool

Impact The savereport tool in openchatbi/tool/savereport.py suffers from a critical path traversal vulnerability due to insufficient input sanitization of the fileformat parameter. The function only removes leading dots of fileformat using fileformat.lstrip"." but allows path traversal sequences...

9.8CVSS6.2AI score0.00443EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/02 9:43 p.m.10 views

`@orpc/client` has Prototype Pollution via `StandardRPCJsonSerializer` Deserialization

Summary A critical Prototype Pollution vulnerability exists in the RPC JSON deserializer of the @orpc/client package. The vulnerability allows unauthenticated, remote attackers to inject arbitrary properties into the global Object.prototype. Because this pollution persists for the lifetime of the...

9.8CVSS6.4AI score0.0091EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/02 9:42 p.m.12 views

OliveTin has Unauthenticated Action Termination via KillAction When Guests Must Login

Summary OliveTin allows an unauthenticated guest to terminate running actions through KillAction even when authRequireGuestsToLogin: true is enabled. In the tested release 3000.10.2, guests are correctly blocked from dashboard access, but an still call the KillAction RPC directly and successfully...

7.5CVSS6.1AI score0.0065EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/02 9:41 p.m.7 views

OliveTin has unauthenticated DoS via concurrent map writes in OAuth2 state handling

Summary An unauthenticated denial-of-service vulnerability exists in OliveTin’s OAuth2 login flow. Concurrent requests to /oauth/login can trigger unsynchronized access to a shared registeredStates map, causing a Go runtime panic fatal error: concurrent map writes and process termination. This...

7.5CVSS6.1AI score0.00394EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/02 9:41 p.m.16 views

Qwik vulnerable to Unauthenticated RCE via server$ Deserialization

Summary qwik =1.19.0 is vulnerable to RCE due to an unsafe deserialization vulnerability in the server$ RPC mechanism that allows any unauthenticated user to execute arbitrary code on the server with a single HTTP request. Affects any deployment where require is available at runtime. Impact -...

9.8CVSS6.5AI score0.04632EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/02 9:40 p.m.12 views

OneUptime has WebAuthn 2FA bypass: server accepts client-supplied challenge instead of server-stored value, allowing credential replay

Summary The WebAuthn authentication implementation does not store the challenge on the server side. Instead, the challenge is returned to the client and accepted back from the client request body during verification. This violates the WebAuthn specification W3C Web Authentication Level 2, §13.4.3...

9CVSS6AI score0.00276EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/02 9:31 p.m.11 views

MS-Agent vulnerable to Command Injection

A Command Injection vulnerability in ModelScope's MS-Agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input...

6.5CVSS6.2AI score0.01611EPSS
Exploits2References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/02 9:26 p.m.9 views

Idno Vulnerable to Remote Code Execution via Chained Import File Write and Template Path Traversal

Affected Versions: Tested on current dev branch build fingerprint 505...7bd86 CVSS v4 Score: 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Privileges Required: Web application admin account for file write, any authenticated user for RCE trigger --- Summary Two separate...

8.6CVSS6.3AI score0.00673EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/02 9:24 p.m.12 views

Idno Vulnerable to Unauthenticated SSRF via URL Unfurl Endpoint

Summary A logic error in the API authentication flow causes the CSRF protection on the URL unfurl service endpoint to be trivially bypassed by any unauthenticated remote attacker. Combined with the absence of a login requirement on the endpoint itself, this allows an attacker to force the server ...

9.2CVSS6.3AI score0.00628EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/02 8:56 p.m.11 views

AVideo has Authenticated Remote Code Execution via Unsafe Plugin ZIP Extraction

Summary An authenticated Remote Code Execution RCE vulnerability was identified in AVideo related to the plugin upload/import functionality. The issue allowed an authenticated administrator to upload a specially crafted ZIP archive containing executable server-side files. Due to insufficient...

9.3CVSS6.5AI score0.00673EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/02 8:49 p.m.16 views

AVideo has Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php

Impact An unauthenticated SQL Injection vulnerability exists in AVideo within the objects/videos.json.php and objects/video.php components. The application fails to properly sanitize the catName parameter when it is supplied via a JSON-formatted POST request body. Because JSON input is parsed and...

9.8CVSS6AI score0.0151EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/02 8:27 p.m.10 views

CocoIndex Doris target connector didn't verify table name when constructing ALTER TABLE statements

Impact The Doris target connector didn't verify the configured table name before creating some SQL statements ALTER TABLE. So, in the application code, if the table name is provided by an untrusted upstream, it expose vulnerability to SQL injection when target schema change. Patches Yes, it's fix...

9.8CVSS6AI score0.00282EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/02 8:15 p.m.8 views

FileBrowser has Path Traversal in Public Share Links that Exposes Files Outside Shared Directory

Summary When a user creates a public share link for a directory, the withHashFile middleware in http/public.go line 59 uses filepath.Dirlink.Path to compute the BasePathFs root. This sets the filesystem root to the parent directory instead of the shared directory itself, allowing anyone with the...

7.1CVSS6AI score0.00322EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/02 8:14 p.m.6 views

Products.isurlinportal has possible open redirect when using more than 2 forward slashes

Impact A url /login?camefrom=////evil.example may redirect to an external website after login. Standard Plone is not affected, but if you have customised the login, for example with add-ons, you might be affected. You can try the url to check if you are affected or not. Patches The problem has be...

6.1CVSS5.8AI score0.00227EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/03/02 7:53 p.m.5 views

NocoDB Missing Ownership Validation in MCP Token Operations

Summary The MCP token service did not validate token ownership, allowing a Creator within the same base to read, regenerate, or delete another user's MCP tokens if the token ID was known. Details McpTokenService.get, regenerateToken, and delete did not filter by fkuserid. The analogous...

7.1CVSS5.9AI score0.0016EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/02 7:53 p.m.8 views

NocoDB's Refresh Tokens Not Revoked on Password Reset

Summary The password reset flow did not revoke existing refresh tokens, allowing an attacker with a previously stolen refresh token to continue minting valid JWTs after the victim resets their password. Details passwordReset in users.service.ts updated tokenversion invalidating JWTs but did not...

7.1CVSS5.9AI score0.00181EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/02 7:52 p.m.5 views

NocoDB has Plaintext Storage of Shared View Passwords

Summary Shared view passwords were stored in plaintext in the database and compared using direct string equality. Details The password column in ncviews stored unhashed passwords. Verification used !== comparison across public-datas.service.ts, public-metas.service.ts, and...

6.9CVSS5.9AI score0.00194EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/02 7:51 p.m.10 views

NocoDB Vulnerable to Stored Cross-site Scripting via Rich Text Field

Summary An authenticated user with Editor role can inject arbitrary HTML into Rich Text cells by bypassing the TipTap editor and sending raw HTML via the API. Details The TipTap editor sanitizes HTML client-side, but the backend stores raw HTML without server-side sanitization. The stored content...

5.4CVSS6AI score0.00147EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/02 7:42 p.m.8 views

NocoDB Vulnerable to User Enumeration via Password Reset Endpoint

Summary The password forgot endpoint returned different responses for registered and unregistered emails, allowing user enumeration. Details POST /api/v2/auth/password/forgot returned a success message for registered emails but 'Your email has not been registered.' for unknown emails. The fix...

6.9CVSS5.9AI score0.00601EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/02 7:36 p.m.7 views

NocoDB has Stored Cross-site Scripting via Formula Cell

Summary A stored XSS vulnerability exists in the Formula virtual cell. Formula results containing URI:: patterns are rendered via v-html without sanitization, allowing injected HTML to execute. Details The replaceUrlsWithLink function in urlUtils.ts converts URI::url patterns to tags but passes a...

5.4CVSS6.2AI score0.00143EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/02 7:35 p.m.6 views

lxml-html-clean has <base> tag injection through default Cleaner configuration

Summary The tag passes through the default Cleaner configuration. While pagestructure=True removes html, head, and title tags, there is no specific handling for , allowing an attacker to inject it and hijack relative links on the page. Details The tag is not currently in the pagestructure kill se...

6.1CVSS6AI score0.00254EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/02 7:19 p.m.7 views

lxml-html-clean has CSS @import Filter Bypass via Unicode Escapes

Summary The hassneakyjavascript method strips backslashes before checking for dangerous CSS keywords. This causes CSS Unicode escape sequences to bypass the @import and expression filters, allowing external CSS loading or XSS in older browsers. Details The root cause is located in clean.py around...

6.1CVSS5.9AI score0.00228EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/02 6:49 p.m.7 views

OliveTin has Unauthenticated Denial of Service via Memory Exhaustion in PasswordHash API Endpoint

Summary The PasswordHash API endpoint allows unauthenticated users to trigger excessive memory allocation by sending concurrent password hashing requests. By issuing multiple parallel requests, an attacker can exhaust available container memory, leading to service degradation or complete denial o...

7.5CVSS6AI score0.00645EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/02 6:48 p.m.6 views

malcontent: Error-path cleanup gap can leak scanners and fds and degrade availability

Several extraction and scanning code paths registered late defers which could leak resources and exhaust system resources. This report is an aggregate of these individual reports for the affected code: Advisory | Affected File -- | -- GHSA-jjgh-mc5q-gch7 | pkg/action/scan.go GHSA-mwmf-fxh2-w4x7 |...

6AI score
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/02 6:47 p.m.5 views

joserfc's PBES2 p2c Unbounded Iteration Count enables Denial of Service (DoS)

Summary A resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library decrypts a JSON Web Encryption JWE token using Password-Based Encryption PBES2 algorithms, it reads the p2c PBES2 Count parameter directl...

7.5CVSS6AI score0.00432EPSS
Exploits2References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/02 6:30 p.m.3 views

`tracing-check` was removed from crates.io for malicious code

This is part of an ongoing campaign to attempt to typosquat crates in the polymarket-client-sdk ecosystem to exfiltrate user credentials. The malicious crate had 1 version published on 2026-02-24 approximately 4 hours before removal and had no evidence of actual downloads. There were no crates...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/02 6:30 p.m.5 views

OpenEXR's CompositeDeepScanLine integer-overflow leads to heap OOB write

Summary Function: CompositeDeepScanLine::readPixels, reachable from high-level multipart deep read flows MultiPartInputFile + DeepScanLineInputPart + CompositeDeepScanLine. Vulnerable lines src/lib/OpenEXR/ImfCompositeDeepScanLine.cpp: - totalsizesptr += countsjptr; line 511 - overallsamplecount ...

8.4CVSS6.2AI score0.00201EPSS
Exploits2References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/02 5:44 p.m.8 views

theshit's Improper Privilege Dropping Allows Local Privilege Escalation via Command Re-execution

Impact Vulnerability Type: Local Privilege Escalation LPE / Improper Privilege Management / Arbitrary Command Execution. The application automatically re-executes the previously failed command but does not properly drop elevated privileges during this process. When the tool is executed with sudo ...

8.4CVSS6.2AI score0.00177EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/02 5:32 p.m.9 views

Bytebase vulnerable to Improper Authentication

Impact - GitLab login allows login by any user. - JWT auth token can be derived as long as the server isn't rebooted. - Developers can assign issues to non-admin/DBA users...

5.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/02 2:34 p.m.13 views

Nest has a Fastify URL Encoding Middleware Bypass

Impact What kind of vulnerability is it? Who is impacted? A NestJS application using @nestjs/platform-fastify can allow bypass of any middleware when Fastify path-normalization options e.g., ignoreTrailingSlash, ignoreDuplicateSlashes, useSemicolonDelimiter are enabled. In affected route-scoped...

9.8CVSS6.1AI score0.00666EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/02 6:32 a.m.5 views

Duplicate Advisory: Open Babel has a NULL pointer dereference in CDXML OBAtom::GetExplicitValence

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rxpr-wq63-jr7p. This link is maintained to preserve external references. Original Description A vulnerability was identified in Open Babel up to 3.1.1. This impacts the function OBAtom::GetExplicitValence of the...

6.5CVSS5.2AI score0.00394EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/01 1:31 a.m.10 views

Statamic vulnerable to privilege escalation via stored cross-site scripting

Impact Stored XSS vulnerability in svg and icon related components allow authenticated users with appropriate permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Patches This has been fixed in 5.73.11 and 6.4.0...

8.7CVSS5.8AI score0.00259EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/01 1:30 a.m.11 views

Statamic vulnerable to remote code execution via Antlers-enabled control panel inputs

Impact An authenticated control panel user with access to Antlers-enabled inputs may be able to achieve remote code execution in the application context. That can lead to full compromise of the application, including access to sensitive configuration, modification or exfiltration of data, and...

8CVSS6.5AI score0.00428EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/01 1:30 a.m.8 views

Statamic's missing authorization allows access to email addresses

Impact User email addresses were included in responses from the user fieldtype’s data endpoint for control panel users who did not have the “view users” permission. Patches This has been fixed in 5.73.11 and 6.4.0...

6.5CVSS5.9AI score0.00231EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/01 1:30 a.m.9 views

Statamic Vulnerable to Server-Side Request Forgery via Glide

Impact When Glide image manipulation is used in insecure mode which is not the default, the image proxy can be abused by an unauthenticated user to make the server send HTTP requests to arbitrary URLs—either via the URL directly or via the watermark feature. That can allow access to internal...

8.6CVSS5.9AI score0.00378EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/01 1:29 a.m.13 views

Gradio has SSRF via Malicious `proxy_url` Injection in `gr.load()` Config Processing

Summary A Server-Side Request Forgery SSRF vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When a victim application uses gr.load to load an attacker-controlled Space, the malicious proxyurl from the config is...

8.6CVSS6.1AI score0.00316EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/01 1:29 a.m.9 views

Gradio has an Open Redirect in its OAuth Flow

Summary The redirecttotarget function in Gradio's OAuth flow accepts an unvalidated targeturl query parameter, allowing redirection to arbitrary external URLs. This affects the /logout and /login/callback endpoints on Gradio apps with OAuth enabled i.e. apps running on Hugging Face Spaces with...

4.7CVSS6AI score0.00232EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/01 1:28 a.m.13 views

Gradio is Vulnerable to Absolute Path Traversal on Windows with Python 3.13+

Summary Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system. Details Python 3.13+ changed the definition of os.path.isabs so that root-relative paths like...

7.5CVSS6AI score0.03095EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/01 1:28 a.m.10 views

kaniko has tar archive path traversal in its build context extraction, allowing file writes outside destination directories

kaniko unpacks build context archives using filepath.Joindest, cleanedName without enforcing that the final path stays within dest. A tar entry like ../outside.txt escapes the extraction root and writes files outside the destination directory. In environments with registry authentication, this ca...

8.5CVSS6.3AI score0.00613EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/01 1:25 a.m.7 views

hex_core has Unsafe Deserialization of Erlang Terms

Impact The Hex client hexcore deserializes Erlang terms received from the Hex API using binarytoterm/1 without sufficient restrictions. If an attacker can control the HTTP response body returned by the Hex API, this allows denial-of-service attacks such as atom table exhaustion, leading to a VM...

7.5CVSS6.2AI score0.00576EPSS
Exploits0References8Affected Software1
Total number of security vulnerabilities33227