Lucene search
K
GithubRecent

33227 matches found

Github Security Blog
Github Security Blog
•added 2026/03/01 1:24 a.m.•11 views

Indico has a missing access check in the event series management API

Impact The API endpoint used to manage event series is missing an access check, allowing unauthenticated/unauthorized access to this endpoint. The impact of this is limited to: - Getting the metadata title, category chain, start/end date for events in an existing series - Deleting an existing eve...

6.5CVSS6AI score0.00264EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/01 1:22 a.m.•7 views

INSATutorat has an authorization bypass vulnerability in its /api/admin/* endpoints

Impact An authorization bypass vulnerability was discovered in the administration pages of the tutoring application. When a standard user logged in but without administrator privileges attempts to access a resource under /api/admin/, the system detects the error but does not block the request. As...

6AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/01 1:18 a.m.•20 views

Multer vulnerable to Denial of Service via incomplete cleanup

Impact A vulnerability in Multer versions 2.1.0 allows an attacker to trigger a Denial of Service DoS by sending malformed requests, potentially causing resource exhaustion. Patches Users should upgrade to 2.1.0 Workarounds None...

8.7CVSS5.9AI score0.00663EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/01 1:18 a.m.•17 views

Multer vulnerable to Denial of Service via resource exhaustion

Impact A vulnerability in Multer versions 2.1.0 allows an attacker to trigger a Denial of Service DoS by dropping connection during file upload, potentially causing resource exhaustion. Patches Users should upgrade to 2.1.0 Workarounds None...

8.7CVSS5.9AI score0.00663EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/03/01 1:0 a.m.•5 views

Gradio: Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session Secret

Summary Gradio applications running outside of Hugging Face Spaces automatically enable "mocked" OAuth routes when OAuth components e.g. gr.LoginButton are used. When a user visits /login/huggingface, the server retrieves its own Hugging Face access token via huggingfacehub.gettoken and stores it...

5.9CVSS5.9AI score0.00453EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/28 2:50 a.m.•58 views

Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()

Impact The serialize-javascript npm package versions tags, the injected code executes. javascript const serialize = require'serialize-javascript'; // Create an object that passes instanceof RegExp with a spoofed .flags const fakeRegex = Object.createRegExp.prototype; Object.definePropertyfakeRege...

8.1CVSS7.3AI score0.03009EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/28 2:50 a.m.•5 views

malcontent: Nested archive extraction failure can drop content from scan inputs

Previously, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to preserve these archives so that malcontent can attempt a best-effort scan of the archive bytes. Fix:...

6.9CVSS5.9AI score0.00222EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/28 2:49 a.m.•9 views

PMD Designer has Stored XSS in VBHTMLRenderer and YAHTMLRenderer via unescaped violation messages

Summary PMD's vbhtml and yahtml report formats insert rule violation messages into HTML output without escaping. When PMD analyzes untrusted source code containing crafted string literals, the generated HTML report contains executable JavaScript that runs when opened in a browser. While the defau...

6.8CVSS5.9AI score0.00297EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/28 2:48 a.m.•12 views

Hive has Double-free and Use After Free Vulnerabilities

Drop implementation for Hive did perform free, but so did Hive::close, which, at the end of the scope performed Drop, therefore triggering double-free. Additionally, function Hive::fromhandle was not marked as unsafe, making it, in combination with ashandle easy to clone and trigger double-free i...

6AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/28 2:47 a.m.•9 views

@fastify/middie has Improper Path Normalization when Using Path-Scoped Middleware

Summary A path normalization inconsistency in @fastify/middie can result in authentication/authorization bypass when using path-scoped middleware for example, app.use'/secret', auth. When Fastify router normalization options are enabled such as ignoreDuplicateSlashes, useSemicolonDelimiter, and...

9.1CVSS6AI score0.0039EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/28 2:46 a.m.•13 views

pypdf: Manipulated RunLengthDecode streams can exhaust RAM

Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. Patches This has been fixed in pypdf==6.7.4. Workarounds If you cannot upgrade yet, consider applying the changes from PR 36...

6.9CVSS5.8AI score0.00423EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/28 2:7 a.m.•8 views

osctrl has Stored Cross-Site Scripting (XSS) in On-Demand Query List

Summary A stored Cross-site Scripting XSS vulnerability exists in the osctrl-admin on-demand query list. A user with query-level permissions can inject arbitrary JavaScript via the query parameter when running an on-demand query. The payload is stored and executes in the browser of any user...

8.7CVSS6.1AI score0.00227EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/28 2:5 a.m.•16 views

osctrl is Vulnerable to OS Command Injection via Environment Configuration

Summary An OS command injection vulnerability exists in the osctrl-admin environment configuration. An authenticated administrator can inject arbitrary shell commands via the hostname parameter when creating or editing environments. These commands are embedded into enrollment one-liner scripts...

8.4CVSS6.7AI score0.009EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/28 2:4 a.m.•11 views

SvelteKit has deserialization expansion in unvalidated `form` remote function leading to Denial of Service (experimental only)

Some relatively small inputs can cause very large files arrays in form handlers. If the SvelteKit application code doesn't check files.length or individual files' sizes and performs expensive processing with them, it can result in Denial of Service. Only users with experimental.remoteFunctions:...

6AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/28 2:1 a.m.•418 views

jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

Summary The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength constraint default: 1000 characters defined in StreamReadConstraints. This allows an attacker to send JSON with arbitrarily long numbers through the async parser API, leading to excessive memory allocation and...

6AI score
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
•added 2026/02/28 1:59 a.m.•10 views

Vikunja Vulnerable to Account Takeover via Password Reset Token Reuse

Summary A critical business logic vulnerability exists in the password reset mechanism of vikunja/api that allows password reset tokens to be reused indefinitely. Due to a failure to invalidate tokens upon use and a critical logic bug in the token cleanup cron job, reset tokens remain valid...

9.8CVSS6AI score0.00673EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/27 10:9 p.m.•64 views

Junrar has an arbitrary file write due to backslash Path Traversal bypass in LocalFolderExtractor on Linux/Unix

Summary A backslash path traversal vulnerability in LocalFolderExtractor allows an attacker to write arbitrary files with attacker-controlled content anywhere on the filesystem when a crafted RAR archive is extracted on Linux/Unix. This can often lead to remote code execution e.g., overwriting...

5.9CVSS6.6AI score0.12038EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/27 10:8 p.m.•12 views

OpenClaw ACP client has permission auto-approval bypass via untrusted tool metadata

Vulnerability Summary The OpenClaw ACP client could auto-approve tool calls based on untrusted metadata and permissive name heuristics. A malicious or compromised ACP tool invocation could bypass expected interactive approval prompts for read-class operations. Affected Packages / Versions -...

5.4CVSS6AI score0.00257EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/27 9:36 p.m.•12 views

OpenClaw: Skill env override host env injection via applySkillConfigEnvOverrides (defense-in-depth)

Summary applySkillConfigEnvOverrides previously copied skills.entries..env values into the host process.env without applying the host env safety policy. Impact In affected versions, dangerous process-level variables such as NODEOPTIONS could be injected when unset, which can influence...

8.8CVSS5.9AI score0.00316EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/27 9:35 p.m.•10 views

Statamic allows Authenticated Control Panel users to escalate privileges via elevated session bypass

Impact Authenticated Control Panel users may under certain conditions obtain elevated privileges without completing the intended verification step. This can allow access to sensitive operations and, depending on the user’s existing permissions, may lead to privilege escalation. Patches This has...

8.8CVSS5.8AI score0.00386EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/27 9:33 p.m.•8 views

ZITADEL has potential SSRF via Actions

Summary ZITADEL Action V2 introduced as early preview in 2.59.0, beta in 3.0.0 and GA in 4.0.0 is a webhook based approach to allow developers act on API request to Zitadel and customize flows such the issue of a token. ZITADEL's Action target URLs can point to local hosts, potentially allowing...

6.5CVSS5.9AI score0.00226EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/27 9:26 p.m.•8 views

ZITADEL Users Can Self-Verify Email/Phone via UpdateHumanUser API

Summary A vulnerability in Zitadel's self-management capability allowed users to mark their email and phone as verified without going through an actual verification process. Impact Zitadel provides an API for managing users. The API also allows users to self-manage their own data including updati...

8.2CVSS7AI score0.00176EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/27 9:22 p.m.•8 views

ZITADEL's truncated opaque tokens are still valid

Summary Opaque OIDC access tokens in v2 format, truncated to 80 characters are still considered valid. ZITADEL uses a symmetric AES encryption for opaque tokens. The cleartext payload is a concatenation of a couple of identifiers, such as a token ID and user ID. Internally Zitadel has 2 different...

4.3CVSS5.8AI score0.00142EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/27 9:1 p.m.•12 views

phpMyFAQ Allows Unauthenticated Account Creation via WebAuthn Prepare Endpoint

Summary The WebAuthn prepare endpoint /api/webauthn/prepare creates new active user accounts without any authentication, CSRF protection, CAPTCHA, or configuration checks. This allows unauthenticated attackers to create unlimited user accounts even when registration is disabled. Details File:...

7.5CVSS6AI score0.0041EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/27 9:1 p.m.•14 views

Beszel: Docker API has a Path Traversal Vulnerability via Unsanitized Container ID

Summary The hub's authenticated API endpoints GET /api/beszel/containers/logs and GET /api/beszel/containers/info pass the user-supplied "container" query parameter to the agent without validation. The agent constructs Docker Engine API URLs using fmt.Sprintf with the raw value instead of...

6.5CVSS6.2AI score0.00484EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/27 7:29 p.m.•8 views

@actual-app/sync-server: Missing authorization in sync endpoints allows cross-user budget file access in multi-user mode

In multi-user mode OpenID, the sync API endpoints /sync/ don't verify that the authenticated user owns or has access to the file being operated on. Any authenticated user can read, modify, and overwrite any other user's budget files by providing their file ID. Affected Code File:...

7.1CVSS6AI score0.00295EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/27 6:35 p.m.•10 views

Umbraco.Engage.Forms Allows Unauthorized Access to Multiple API Endpoints

Description A vulnerability has been identified in Umbraco Engage where certain API endpoints are exposed without enforcing authentication or authorization checks. The affected endpoints can be accessed directly over the network without requiring a valid session or user credentials. By supplying ...

7.5CVSS5.8AI score0.00359EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/27 6:33 p.m.•15 views

Angular i18n vulnerable to Cross-Site Scripting

A Cross-site Scripting XSS vulnerability has been identified in the Angular internationalization i18n pipeline. In ICU messages International Components for Unicode, HTML from translated content was not properly sanitized and could execute arbitrary JavaScript. Angular i18n typically involves thr...

7.6CVSS6.2AI score0.00466EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/27 6:31 p.m.•8 views

Duplicate Advisory: Nest has a Fastify URL Encoding Middleware Bypass

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r4wm-x892-vjmx. This link is maintained to preserve external references. Original Description A NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization middleware when...

9.8CVSS5.8AI score0.00666EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/27 6:31 p.m.•10 views

CleverTap Web SDK is vulnerable to DOM-based Cross-Site Scripting (XSS) via window.postMessage

CleverTap Web SDK version 1.15.2 and earlier is vulnerable to DOM-based Cross-Site Scripting XSS via window.postMessage in the Visual Builder module. The origin validation in src/modules/visualBuilder/pageBuilder.js lines 56-60 uses the includes method to verify the originUrl contains...

8.3CVSS5.9AI score0.00366EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/27 6:31 p.m.•9 views

CleverTap Web SDK is vulnerable to DOM-based XSS via handleCustomHtmlPreviewPostMessageEvent function

CleverTap Web SDK version 1.15.2 and earlier is vulnerable to Cross-site Scripting XSS via window.postMessage. The handleCustomHtmlPreviewPostMessageEvent function in src/util/campaignRender/nativeDisplay.js performs insufficient origin validation using the includes method, which can be bypassed ...

8.3CVSS5.9AI score0.00181EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/27 4:3 p.m.•11 views

Vitess users with backup storage access can write to arbitrary file paths on restore

Impact Anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that files in the manifest — which may be files that they have also added to the manifest and backup contents — are written to any accessible location on restore. This is ...

9.3CVSS6.1AI score0.00402EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/27 3:50 p.m.•8 views

AWS CLI: cli_history database does not restrict file permissions on Unix systems

Summary AWS CLI is a command line tool for interacting with AWS services. When the clihistory feature is enabled, the history database file is created with default permissions, potentially allowing other local users on a multi-user system to read the file. Impact When clihistory is enabled, AWS C...

6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/27 3:47 p.m.•9 views

Langflow has Remote Code Execution in CSV Agent

Summary The CSV Agent node in Langflow hardcodes allowdangerouscode=True, which automatically exposes LangChain’s Python REPL tool pythonreplast. As a result, an attacker can execute arbitrary Python and OS commands on the server via prompt injection, leading to full Remote Code Execution RCE...

9.8CVSS6.4AI score0.33694EPSS
Exploits4References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/27 9:30 a.m.•6 views

Keycloak Server Private SPI: Improper Access Control Allows Administrators to Bypass Attribute Visibility Restrictions and Modify Unmanaged User Profile Attributes

A flaw was found in Keycloak. An administrator with manage-users permission can bypass the "Only administrators can view" setting for unmanaged attributes, allowing them to modify these attributes. This improper access control can lead to unauthorized changes to user profiles, even when the syste...

4.9CVSS5.8AI score0.00307EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/27 9:30 a.m.•10 views

rubyipmi is vulnerable to OS Command Injection through malicious usernames

A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller BMC component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote...

8.8CVSS6.5AI score0.00771EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/27 9:30 a.m.•9 views

Keycloak REST Services has a WebAuthn Attestation Statement Verification Bypass

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require...

3.1CVSS5.8AI score0.00202EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/27 9:30 a.m.•15 views

uv has ZIP payload obfuscation through parsing differentials

A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during package resolution or installation via specially crafted ZIP Zipped Information Package archives that exploit parsing differentials, requiring user interaction to install an attacker-controlled package...

6.3CVSS5.9AI score0.0015EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/27 6:31 a.m.•10 views

OpenStack Vitrage: Unauthorized Access to the Host can Lead to Eval Injection

In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...

9.1CVSS6.3AI score0.00763EPSS
Exploits2References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/27 6:31 a.m.•5 views

OpenClaw is vulnerable to validation bypass through GNU long-option abbreviations in allowlist mode

In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations such as --compress-prog in allowlist mode, leading to approval-free execution paths that were intended to require approval. Only an exact string such as --compress-program was...

9.9CVSS6.1AI score0.00495EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/27 6:31 a.m.•8 views

Snowflake JDBC Driver is Vulnerable to Uncontrolled Resource Consumption through SdkProxyRoutePlanner

A weakness has been identified in Snowflake JDBC Driver up to 4.0.1. Impacted is the function SdkProxyRoutePlanner of the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java of the component JDBC URL Handler. Executing a manipulation of the argument nonProxyHosts can...

5.5CVSS5.5AI score0.00209EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/27 12:31 a.m.•6 views

PSI Probe: Broken access control can lead to DoS

A flaw has been found in psi-probe PSI Probe up to 5.3.0. The impacted element is the function handleRequestInternal of the file psi-probe-core/src/main/java/psiprobe/controllers/sessions/ExpireSessionsController.java of the component Session Handler. Executing a manipulation can lead to denial o...

6.5CVSS5.5AI score0.00561EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/27 12:31 a.m.•5 views

PSI Probe vulnerable to Server-Side Request Forgery

A vulnerability has been found in psi-probe PSI Probe up to 5.3.0. This affects the function lookup of the file psi-probe-core/src/main/java/psiprobe/tools/Whois.java of the component Whois. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploit h...

8.8CVSS5.4AI score0.00362EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/26 10:50 p.m.•6 views

Vitess users with backup storage access can gain unauthorized access to production deployment environments

Impact Any user with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored. This can be used to provide that attacker with unintended/unauthorized access to the production...

9.9CVSS5.8AI score0.00417EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/26 10:49 p.m.•7 views

Sealed Secrets for Kubernetes: Rotate API Allows Scope Widening from Strict/Namespace-Wide to Cluster-Wide via Untrusted Template Annotations

This report shows a scope-widening issue in the rotate re-encrypt flow: the output scope can be derived from untrusted spec.template.metadata.annotations on the input sealed secret. If a victim sealed secret is strict- or namespace-scoped, an attacker who can submit it to the rotate endpoint can...

4.9CVSS5.5AI score0.00352EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/26 10:48 p.m.•9 views

Curio exposes database credentials to users with network access through verbose HTTP error responses

Summary Multiple HTTP handlers in Curio passed raw database error messages to HTTP clients via http.Error. When the PostgreSQL/YugabyteDB driver pgx returned errors, these could contain the database connection string — including hostname, port, username, and password. Additionally, the internal...

5.9AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/26 10:47 p.m.•13 views

n8n has Webhook Forgery on Zendesk Trigger Node

Impact An attacker who knows the webhook URL of a workflow using the ZendeskTrigger node could send unsigned POST requests and trigger the workflow with arbitrary data. The node does not verify the HMAC-SHA256 signature that Zendesk attaches to every outbound webhook, allowing any party to inject...

5.6AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/26 10:46 p.m.•7 views

n8n has a Guardrail Node Bypass

Impact An end user interacting with a workflow that uses the Guardrail node could craft an input that bypasses the default guardrail instructions. Patches The issue has been fixed in n8n version 2.10.0. Users should upgrade to this version or later to remediate the vulnerability. Workarounds If...

5.3AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/26 10:45 p.m.•9 views

n8n has an Authentication Bypass in its Chat Trigger Node

Impact When the Chat Trigger node is configured with n8n User Auth authentication, the authentication check could be circumvented. - This issue requires the Chat Trigger node to be configured with n8n User Auth authentication non-default. Patches The issue has been fixed in n8n versions 2.10.1,...

5.3AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/26 10:45 p.m.•11 views

n8n has an SSO Enforcement Bypass in its Self-Service Settings API

Impact An authenticated user signed in through Single Sign-On SSO could disable SSO enforcement for their own account through the n8n API. This allowed the user to create a local password and authenticate directly with email and password, completely bypassing the organization's SSO policy,...

5.3AI score
Exploits0References4Affected Software1
Total number of security vulnerabilities33227