Lucene search
K
GithubRecent

33227 matches found

Github Security Blog
Github Security Blog
added 2026/02/26 10:42 p.m.8 views

Koa has Host Header Injection via ctx.hostname

Summary Koa's ctx.hostname API performs naive parsing of the HTTP Host header, extracting everything before the first colon without validating the input conforms to RFC 3986 hostname syntax. When a malformed Host header containing a @ symbol e.g., evil.com:[email protected] is received,...

8.2CVSS5.7AI score0.00334EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/26 10:33 p.m.10 views

Copyparty vulnerable to reflected XSS via setck parameter

Summary An XSS allows for reflected cross-site scripting via URL-parameter ?setck=... Details A reflected cross-site scripting XSS vulnerability could allow an attacker to execute malicious javascript by tricking users into accessing a malicious link. The worst-case outcome of this is being able ...

6.1CVSS5.3AI score0.00163EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/26 10:33 p.m.9 views

fast-xml-parser has stack overflow in XMLBuilder with preserveOrder

Impact Application crashes with stack overflow when user use XML builder with prserveOrder:true for following or similar input 'foo': 'bar': '@V': 'baz' Cause: arrToStr was not validating if the input is an array or a string and treating all non-array values as text content. What kind of...

7.5CVSS5.8AI score0.00478EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/26 10:25 p.m.9 views

Svelte: XSS via HTML Comment Injection in SSR Error Boundary Hydration Markers

Errors from transformError were not correctly escaped prior to being embedded in the HTML output, causing potential HTML injection and XSS if attacker-controlled content is returned from transformError...

5.4CVSS5.4AI score0.00226EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/26 10:24 p.m.6 views

Svelte vulnerable to XSS during SSR with contenteditable `bind:innerText` and `bind:textContent`

The contents of bind:innerText and bind:textContent on contenteditable elements were not properly escaped. This could enable HTML injection and Cross-site Scripting XSS if rendering untrusted data as the binding's initial value on the server...

6.1CVSS5.4AI score0.00214EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/26 10:22 p.m.14 views

WireGuard Portal is Vulnerable to Privilege Escalation via User Self-Update to Admin Level

Privilege Escalation to Admin via User Self-Update in wg-portal Summary Any authenticated non-admin user can become a full administrator by sending a single PUT request to their own user profile endpoint with "IsAdmin": true in the JSON body. After logging out and back in, the session picks up...

8.8CVSS5.5AI score0.00306EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/26 10:20 p.m.12 views

MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity

The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing. Go's standard library performs case-insensitive matching of JSON keys to struct field tags — a field tagged json:"method" would also match "Method", "METHOD", etc. Additionally, Go's standard...

7.5CVSS5.4AI score0.00255EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/26 10:15 p.m.7 views

wger: IDOR in nutritional_values endpoints exposes private dietary data via direct ORM lookup

Summary Three nutritionalvalues action endpoints fetch objects via Model.objects.getpk=pk — a raw ORM call that bypasses the user-scoped queryset. Any authenticated user can read another user's private nutrition plan data, including caloric intake and full macro breakdown, by supplying an arbitra...

4.3CVSS5.5AI score0.0026EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/26 10:15 p.m.8 views

wger: IDOR via user-unscoped cache keys on routine API actions exposes workout data

Summary Five routine detail action endpoints check a cache before calling self.getobject. Cache keys are scoped only by pk — no user ID is included. When a victim has previously accessed their routine via the API, an attacker can retrieve the cached response for the same PK without any ownership...

3.5CVSS5.5AI score0.00245EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/26 10:13 p.m.10 views

wger: IDOR in RepetitionsConfig and MaxRepetitionsConfig API leak other users' workout data

Summary RepetitionsConfigViewSet and MaxRepetitionsConfigViewSet return all users' repetition config data because their getqueryset calls .all instead of filtering by the authenticated user. Any registered user can enumerate every other user's workout structure. Details...

4.3CVSS5.5AI score0.00257EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/26 10:10 p.m.10 views

minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments

Summary matchOne performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent GLOBSTAR segments and the input path does not match. The time complexity is OCn, k -- binomial -- where n is the number of path segments and k is the number of globstars. With k=11 and...

7.5CVSS5.5AI score0.00517EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/26 10:7 p.m.20 views

minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions

Summary Nested extglobs produce regexps with nested unbounded quantifiers e.g. ?:?:a|b, which exhibit catastrophic backtracking in V8. With a 12-byte pattern a|b and an 18-byte non-matching input, minimatch stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes...

7.5CVSS5.6AI score0.00472EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/26 8:0 p.m.11 views

Terraform Provider for Linode Debug Logs Vulnerable to Sensitive Information Exposure

Impact The Terraform Provider for Linode versions prior to v3.9.0 logged sensitive information including some passwords, StackScript content, object storage data, and NodeBalancer TLS keys in debug logs without redaction. Important: Provider debug logging is not enabled by default. This issue is...

7.7CVSS5.6AI score0.00469EPSS
Exploits0References7Affected Software3
Github Security Blog
Github Security Blog
added 2026/02/26 7:55 p.m.10 views

pypdf: Manipulated FlateDecode XFA streams can exhaust RAM

Impact An attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode. Patches This has been fixed in pypdf==6.7.3. Workarounds If...

8.7CVSS5.3AI score0.00348EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/26 7:54 p.m.14 views

dottie is vulnerable to Prototype Pollution bypass via non-first path segments in set() and transform()

Summary dottie versions 2.0.4 through 2.0.6 contain an incomplete fix for CVE-2023-26132. The prototype pollution guard introduced in commit 7d3aee1 only validates the first segment of a dot-separated path, allowing an attacker to bypass the protection by placing proto at any position other than...

9.8CVSS5.6AI score0.00303EPSS
Exploits2References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/26 7:53 p.m.6 views

Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users

Summary A vulnerability in Fleet’s configuration API could expose Google Calendar service account credentials to authenticated users with low-privilege roles. This may allow unauthorized access to Google Calendar resources associated with the service account. Impact Fleet returns configuration da...

6.5CVSS5.5AI score0.00241EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/26 7:45 p.m.6 views

Weblate: Missing access control for the AddonViewSet API exposes all addon configurations

Impact Users were able to obtain add-on configuration via API. Patches https://github.com/WeblateOrg/weblate/pull/18107 https://github.com/WeblateOrg/weblate/pull/18164 References Weblate thanks @lighthousekeeper1212 for responsible disclosure...

4.3CVSS5.3AI score0.00303EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/26 7:40 p.m.9 views

Fleet: Authorization Bypass in certificate template batch deletion for team administrators

Summary A broken authorization check in Fleet’s certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. Impact Fleet supports certificate templates that are scoped to individual teams. In affected...

6.5CVSS5.3AI score0.00191EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/26 7:38 p.m.11 views

Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint

Summary A vulnerability in Fleet’s Android MDM Pub/Sub handling could allow unauthenticated requests to trigger device unenrollment events. This may result in unauthorized removal of individual Android devices from Fleet management. Impact If Android MDM is enabled, an attacker could send a craft...

6.3CVSS5.6AI score0.00262EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/26 7:35 p.m.7 views

Fleet: Device lock PIN can be predicted if lock time is known

Summary Fleet generated device lock and wipe PINs using a predictable algorithm based solely on the current Unix timestamp. Because no secret key or additional entropy was used, the resulting PIN could potentially be derived if the approximate time the device was locked is known. Impact Fleet’s...

5.5CVSS5.5AI score0.00124EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/26 3:58 p.m.9 views

n8n: Webhook Forgery on Github Webhook Trigger

Impact An attacker who knows the webhook URL of a workflow using the GitHub Webhook Trigger node could send unsigned POST requests and trigger the workflow with arbitrary data. The node did not implement the HMAC-SHA256 signature verification that GitHub provides to authenticate webhook deliverie...

6.3CVSS5.6AI score0.00186EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/26 3:56 p.m.14 views

n8n: SQL Injection in MySQL, PostgreSQL, and Microsoft SQL nodes

Impact An authenticated user with permission to create or modify workflows and access to a database credential could unknowingly create a workflow that was vulnerable to SQL injection, even while expecting inputs to be handled safely through escaped parameters. By supplying specially crafted tabl...

9.6CVSS5.7AI score0.00217EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/26 3:23 p.m.9 views

Vikunja has Path Traversal in CLI Restore

Summary Path Traversal Zip Slip and Denial of Service DoS vulnerability discovered in the Vikunja CLI's restore functionality. Details The restoreConfig function in vikunja/pkg/modules/dump/restore.go of the https://github.com/go-vikunja/vikunja/tree/main repository fails to sanitize file paths...

7.2CVSS5.8AI score0.00739EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/26 3:22 p.m.7 views

TerriaJS-Server has a domain validation bypass vulnerability in its proxy allowlist

Impact A validation bug allows an attacker to proxy domains not explicitly allowed in the proxyableDomains configuration. The validation only checks if a hostname ended with an allowed domain. This meant: If example.com is allowed in proxyableDomains: - ✅ example.com is allowed correct - ✅...

8.7CVSS5.3AI score0.00241EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/26 3:20 p.m.9 views

psd-tools: Compression module has unguarded zlib decompression, missing dimension validation, and hardening gaps

Summary A security review of the psdtools.compression module conducted against the fix/invalid-rle-compression branch, commits 7490ffa–2a006f5 identified the following pre-existing issues. The two findings introduced and fixed by those commits Cython buffer overflow, IndexError on lone repeat...

9.1CVSS5.7AI score0.0041EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/26 3:18 p.m.11 views

Mailpit is Vulnerable to Server-Side Request Forgery (SSRF) via Link Check API

Summary The Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side Request Forgery SSRF. The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering private/internal IP addresses. The response returns status codes and statu...

8.6CVSS5.8AI score0.00468EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/26 3:16 p.m.45 views

mcp-server-git : Path traversal in git_add allows staging files outside repository boundaries

In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. The tool used GitPython's repo.index.add, which did not enforce working-tree boundary checks for relative paths. As a result,...

6.5CVSS5.4AI score0.00287EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/26 3:16 p.m.14 views

Storybook Dev Server is Vulnerable to WebSocket Hijacking

Summary The WebSocket functionality in Storybook's dev server, used to create and update stories, is vulnerable to WebSocket hijacking. This vulnerability only affects the Storybook dev server; production builds are not impacted. Details Exploitation requires a developer to visit a malicious...

9.6CVSS5.9AI score0.00542EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/26 3:14 p.m.10 views

Fleet has an SQL Injection vulnerability via backtick escape in ORDER BY parameter

Summary A SQL Injection vulnerability in Fleet’s software versions API allowed authenticated users to inject arbitrary SQL expressions via the orderkey query parameter. Due to unsafe use of goqu.I when constructing the ORDER BY clause, specially crafted input could escape identifier quoting and b...

8.8CVSS6.2AI score0.00301EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/25 11:0 p.m.13 views

Parse Server: Account takeover via JWT algorithm confusion in Google auth adapter

Impact An unauthenticated attacker can forge a Google authentication token with alg: "none" to log in as any user linked to a Google account, without knowing their credentials. All deployments with Google authentication enabled are affected. Patches The fix hardcodes the expected RS256 algorithm...

9.3CVSS5.5AI score0.00176EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/25 11:0 p.m.8 views

Rust has Critical Stored XSS in Preview Modal, leading to Administrative Account Takeover

Summary A Stored Cross-Site Scripting XSS vulnerability in the RustFS Console allows an attacker to execute arbitrary JavaScript in the context of the management console. By bypassing the PDF preview logic, an attacker can steal administrator credentials from localStorage, leading to full account...

9CVSS6AI score0.06029EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/25 10:59 p.m.9 views

LangChain Community: redirect chaining can lead to SSRF bypass via RecursiveUrlLoader

Summary A redirect-based Server-Side Request Forgery SSRF bypass exists in RecursiveUrlLoader in @langchain/community. The loader validates the initial URL but allows the underlying fetch to follow redirects automatically, which permits a transition from a safe public URL to an internal or metada...

7.4CVSS5.6AI score0.00371EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/25 10:59 p.m.13 views

LangGraph: BaseCache Deserialization of Untrusted Data may lead to Remote Code Execution

Context A Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable cache backends that inherit from BaseCache and opt nodes into caching via CachePolicy. Prior to langgraph-checkpoint 4.0.0, BaseCache defaults to JsonPlusSerializerpicklefallback=True. When...

6.6CVSS6.7AI score0.00698EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/25 10:57 p.m.8 views

esm.sh has SSRF localhost/private-network bypass in `/http(s)` module route

Summary An SSRF vulnerability CWE-918 exists in esm.sh’s /https fetch route. The service tries to block localhost/internal targets, but the validation is based on hostname string checks and can be bypassed using DNS alias domains for example, 127.0.0.1.nip.io resolving to 127.0.0.1. This allows a...

8.6CVSS5.7AI score0.00339EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/25 10:42 p.m.16 views

Angular SSR is vulnerable to SSRF and Header Injection via request handling pipeline

A Server-Side Request Forgery SSRF vulnerability has been identified in the Angular SSR request handling pipeline. The vulnerability exists because Angular’s internal URL reconstruction logic directly trusts and consumes user-controlled HTTP headers specifically the Host and X-Forwarded- family t...

9.2CVSS5.7AI score0.00497EPSS
Exploits1References6Affected Software3
Github Security Blog
Github Security Blog
added 2026/02/25 10:41 p.m.9 views

Angular SSR has an Open Redirect via X-Forwarded-Prefix

An Open Redirect vulnerability exists in the internal URL processing logic in Angular SSR. The logic normalizes URL segments by stripping leading slashes; however, it only removes a single leading slash. When an Angular SSR application is deployed behind a proxy that passes the X-Forwarded-Prefix...

6.9CVSS5.6AI score0.00302EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/25 10:40 p.m.7 views

Vikunja: Stored XSS via Unsanitized SVG Attachment Upload Leads to Token Exposure

Details The application allows users to upload SVG files as task attachments. SVG is an XML-based format that supports JavaScript execution through elements such as tags or event handlers like onload. The application does not sanitize SVG content before storing it. When the uploaded SVG file is...

7.3CVSS5.9AI score0.00453EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/25 10:38 p.m.11 views

RustFS: Missing Post Policy Validation leads to Arbitrary Object Write

Summary RustFS does not validate policy conditions in presigned POST uploads PostObject, allowing attackers to bypass content-length-range, starts-with, and Content-Type constraints. This enables unauthorized file uploads exceeding size limits, uploads to arbitrary object keys, and content-type...

9.1CVSS5.8AI score0.00265EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/25 10:37 p.m.8 views

Rollup 4 has Arbitrary File Write via Path Traversal

Summary The Rollup module bundler specifically v4.x and present in current source is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker to control output filenames e.g., via CLI named inputs, manual chunk aliases, or...

9.8CVSS6.2AI score0.01402EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/25 10:34 p.m.55 views

Basic FTP has Path Traversal Vulnerability in its downloadToDir() method

The basic-ftp library contains a path traversal vulnerability in the downloadToDir method. A malicious FTP server can send directory listings with filenames containing path traversal sequences ../ that cause files to be written outside the intended download directory. Source-to-Sink Flow 1. SOURC...

9.8CVSS6AI score0.00528EPSS
Exploits2References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/25 10:33 p.m.9 views

Astro has memory exhaustion DoS due to missing request body size limit in Server Actions

Summary Astro server actions have no default request body size limit, which can lead to memory exhaustion DoS. A single large POST to a valid action endpoint can crash the server process on memory-constrained deployments. Details On-demand rendered sites built with Astro can define server actions...

7.5CVSS5.7AI score0.00415EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/25 10:31 p.m.5 views

zae-limiter: DynamoDB hot partition throttling enables per-entity Denial of Service

Summary All rate limit buckets for a single entity share the same DynamoDB partition key namespace/ENTITYid. A high-traffic entity can exceed DynamoDB's per-partition throughput limits 1,000 WCU/sec, causing throttling that degrades service for that entity — and potentially co-located entities in...

5.3CVSS5.4AI score0.00228EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/25 10:28 p.m.9 views

n8n Vulnerable to Stored XSS via Various Nodes

Impact An authenticated user with permission to create or modify workflows could inject arbitrary scripts into pages rendered by the n8n application using different techniques on various nodes Form Trigger node, Chat Trigger node, Send & Wait node, Webhook Node, and Chat Node. Scripts injected by...

8.5CVSS5.7AI score0.00185EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/25 10:5 p.m.12 views

n8n: Expression Sandbox Escape Leads to RCE

Impact Additional exploits in the expression evaluation of n8n have been identified and patched following CVE-2025-68613. An authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on th...

9.9CVSS5.8AI score0.97875EPSS
Exploits29References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/25 10:2 p.m.8 views

Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change

Summary The application allows users to set weak passwords e.g., 1234, password without enforcing minimum strength requirements. Additionally, active sessions remain valid after a user changes their password. An attacker who compromises an account via brute-force or credential stuffing can mainta...

9.1CVSS5.4AI score0.00428EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/25 10:1 p.m.5 views

Vikunja has Reflected HTML Injection via filter Parameter in its Projects Module

Summary Vikunja is an open-source self-hosted task management platform with 3,300+ GitHub stars. A reflected HTML injection vulnerability exists in the Projects module where the filter URL parameter is rendered into the DOM without output encoding when the user clicks "Filter." While and are...

6.1CVSS5.7AI score0.00221EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/25 9:54 p.m.9 views

n8n has Arbitrary Command Execution via File Write and Git Operations

Impact An authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specific configuration files and then triggering a git operation, the attacker could execute arbitrary she...

9CVSS6.4AI score0.00718EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/25 9:23 p.m.14 views

n8n has Potential Remote Code Execution via Merge Node

Impact An authenticated user with permission to create or modify workflows could leverage the Merge node's SQL query mode to execute arbitrary code and write arbitrary files on the n8n server. Patches The issues have been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to...

9.4CVSS6.3AI score0.00765EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/25 9:23 p.m.11 views

n8n has a Sandbox Escape in its JavaScript Task Runner

Impact An authenticated user with permission to create or modify workflows could exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary code outside the sandbox boundary. On instances using internal Task Runners default runner mode, this could result in full compromise...

9.9CVSS6AI score0.00596EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/25 9:22 p.m.13 views

n8n has Arbitrary File Read via Python Code Node Sandbox Escape

Impact An authenticated user with permission to create or modify workflows could use the Python Code node to escape the sandbox. The sandbox did not sufficiently restrict access to certain built-in Python objects, allowing an attacker to exfiltrate file contents or achieve RCE. On instances using...

9.9CVSS5.4AI score0.00352EPSS
Exploits0References6Affected Software1
Total number of security vulnerabilities33227