Lucene search
K
GithubRecent

33187 matches found

Github Security Blog
Github Security Blog
added 2026/06/23 6:3 p.m.10 views

OctoPrint has possible file exfiltration via query parameters on upload endpoints

Impact OctoPrint versions up until and including 1.11.7 as well as 2.0.0rc1 and 2.0.0rc2 contain a vulnerability that allows an attacker with the FILEUPLOAD permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the upload folder where they then can be...

5.4CVSS5.8AI score0.00256EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/23 5:59 p.m.9 views

Glances has arbitrary file write and command execution via `secure_popen` redirection and chaining operators in AMP command configuration

Summary The securepopen function in glances/secure.py interprets file redirection, | pipe, and && command chaining operators in command strings. These operators are applied without any validation on the target file path, piped command, or chained command. When Application Monitoring Process AMP...

7.8CVSS6.3AI score0.00866EPSS
Exploits3References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/23 5:43 p.m.9 views

Budibase has nonymous NoSQL operator injection via published-app query templates

Summary enrichContext at packages/server/src/sdk/workspace/queries/queries.ts:121-138 substitutes parameter values into the raw JSON body of a query, then JSON.parses the result. The validator validateQueryInputs at packages/server/src/api/controllers/query/index.ts:61-71 rejects only Handlebars...

10CVSS5.9AI score0.00538EPSS
Exploits2References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/23 5:42 p.m.9 views

AVideo has an incomplete fix of CVE-2026-33482: sanitizeFFmpegCommand still allows a single '&' (background operator), giving OS command execution at the same execAsync sh -c sink

Summary The fix for CVE-2026-33482 GHSA-pmj8-r2j7-xg6c is incomplete. That advisory reported that sanitizeFFmpegCommand plugin/API/standAlone/functions.php failed to strip $... command substitution, allowing OS command injection at the execAsync sh -c sink. The fix commit 25c8ab90 added $, , , , ...

8.1CVSS6.2AI score0.02061EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/23 5:33 p.m.12 views

Gogs's Unauthenticated Jupyter Notebook (ipynb) Sanitizer allows arbitrary data: URIs leading to XSS

Summary The Jupyter Notebook ipynb sanitizer endpoint at POST /-/api/sanitizeipynb allows arbitrary data: URIs without proper restrictions, potentially leading to Cross-Site Scripting XSS. The endpoint uses bluemonday.UGCPolicy with p.AllowURLSchemes"data" which permits all data URI schemes...

6.4CVSS6.1AI score0.00677EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/23 5:33 p.m.14 views

OpenAM Unauthenticated Session Hijacking via Information Exposure in CDCServlet

Summary Description An Information Exposure Through Sent Data CWE-201 issue in OpenAM's Cross-Domain Single Sign-On CDSSO servlet allows a logged-in user's raw OpenAM session token to be POSTed to an attacker-controlled URL. This impacts OpenAM Community Edition through version 16.0.6. This issue...

5.7AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/23 5:33 p.m.16 views

OpenAM Authenticated Privilege Escalation via Raw Token Disclosure Session RPC

Summary Description An insufficient authorization CWE-285 and information exposure CWE-200 issue in OpenAM's session management endpoint allows a low-privileged authenticated user to retrieve active session credentials belonging to other users, including those with higher privileges. This affects...

9.8CVSS7.2AI score0.01978EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/23 5:15 p.m.8 views

OctoPrint has XSS in its Suppressed Command Notifications

Impact OctoPrint versions up to and including 1.11.7 as well as 2.0.0rc1 and 2.0.0rc2 are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Suppressed Command notifications popups generated by the printer. An attacker who successfully convinces a victim to...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/23 5:13 p.m.10 views

Gogs Vulnerable to Unauthenticated Organization Teams Information Disclosure via API

Summary Gogs has an unauthenticated information disclosure vulnerability. The GET /api/v1/orgs/:orgname/teams endpoint at internal/route/api/v1/orgteam.go:8 returns all teams for any organization without requiring authentication. The route group at internal/route/api/v1/api.go:380-385 lacks the...

6.9CVSS5.8AI score0.01553EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/23 5:12 p.m.9 views

Gogs has Unauthenticated Asymmetric Denial of Service (DoS) via SSH Handshake Stall (File Descriptor Exhaustion)

The Gogs built-in Go SSH server is vulnerable to an unauthenticated, asymmetric Denial of Service DoS attack. The application accepts inbound TCP connections and passes them to golang.org/x/crypto/ssh.NewServerConn inside a new goroutine without enforcing any read/write deadlines on the underlyin...

6.9CVSS5.9AI score0.00547EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/23 5:10 p.m.10 views

Gogs has Path Traversal in organization name that results in RCE through Git hooks

Summary Organization names containing path traversal sequences ../ are accepted by Gogs, and repositories under them are written to paths following these path traversals. This allows storing/retrieving data for repositories at arbitrary locations on the filesystem. By creating nested structure of...

10CVSS6.1AI score0.01107EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/23 5:10 p.m.11 views

Gogs: LFS dedupe path leaks private repo content across tenants

Summary Git LFS storage is content-addressed by OID alone /// but per-repo authorization lives in the lfsobject table keyed repoid, oid. serveUpload skips re-uploading when the OID file already exists on disk and inserts a new repoid, oid row pointing at it without verifying the request body hash...

7.1CVSS6AI score0.00236EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/23 5:9 p.m.10 views

Gogs: UploadRepoFiles writes outside repo working tree via committed parent sym

Summary Repository.UploadRepoFiles checks for symlinks only on the leaf of the upload target osx.IsSymlinktargetPath. The siblings UpdateRepoFile, DeleteRepoFile, and GetDiffPreview use hasSymlinkInPath, which lstats every component — UploadRepoFiles is the lone outlier. An attacker with repo-wri...

9CVSS6.2AI score0.00474EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/23 5:3 p.m.7 views

Gogs allows users to write to readonly repositories using receive-pack + service=git-upload-pack confusion

Summary Git smart HTTP authorizes POST …/git-receive-pack using the client-supplied service query string so ?service=git-upload-pack is evaluated as read access while routing still runs git receive-pack, allowing push where only read should be allowed. Details Gogs' Git Smart HTTP handler for...

7.1CVSS6.1AI score0.00427EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/23 5:3 p.m.9 views

Gogs's password-reset tokens use account-activation lifetime, ignoring RESET_PASSWORD_CODE_LIVES

Summary Password-reset tokens are generated using conf.Auth.ActivateCodeLives the account-activation lifetime, not conf.Auth.ResetPasswordCodeLives. The token lifetime is baked into the token itself at generation time and is re-extracted from the token at verification time, making...

6.8CVSS6.1AI score0.00202EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/23 5:3 p.m.9 views

Gogs's write-level collaborators can mutate admin-only repository settings via API

Summary Three API endpoints — PATCH /api/v1/repos/:owner/:repo/issue-tracker, PATCH /api/v1/repos/:owner/:repo/wiki, and POST /api/v1/repos/:owner/:repo/mirror-sync — are gated by reqRepoWriter rather than reqRepoAdmin. The equivalent operations in the web UI sit behind reqRepoAdmin, which requir...

7.1CVSS6AI score0.00478EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/23 5:2 p.m.9 views

Gogs has DOM-based XSS via Milestone Name on New Issue Page

Summary The fix for GHSA-vgjm-2cpf-4g7c DOM-based XSS via milestone selection was only applied to templates/repo/issue/viewcontent.tmpl but not to templates/repo/issue/newform.tmpl. An attacker can store an HTML/JavaScript payload in a milestone name, and when any user opens the New Issue page an...

4.8CVSS6AI score0.00483EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/23 5:2 p.m.33 views

Gogs vulnerable to RCE via git rebase --exec argument injection in pull request merge

Gogs: RCE via git rebase --exec Argument Injection in PR Merge Summary Gogs allows authenticated users to achieve Remote Code Execution RCE on the server by creating a pull request with a specially crafted branch name that injects the --exec flag into the git rebase command during the "Rebase...

9.9CVSS6.3AI score0.01029EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/23 5:1 p.m.6 views

Gogs has a Migration Redirect Bypass that Leads to Internal Repository Theft

Migration URL validation bypass via HTTP redirect to blocked internal endpoints Summary A Server-Side Request Forgery SSRF vulnerability exists in the repository migration functionality. The application validates only the initially submitted URL hostname, but git clone --mirror follows HTTP...

8.7CVSS6AI score0.00384EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/23 4:52 p.m.7 views

Gogs Vulnerable to Privilege Escalation via Collaboration Access Mode Validation

Summary A repository admin collaborator can escalate their privileges to owner-level access by exploiting an off-by-one error in the ChangeCollaborationAccessMode function. Vulnerable Code In internal/database/repocollaboration.go, line 129: go func r Repository ChangeCollaborationAccessModeuserI...

7CVSS5.9AI score0.00499EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/23 4:42 p.m.9 views

Gogs has an Open Redirect via redirect_to

Summary An open redirect vulnerability exists in Gogs where attacker-controlled redirectto parameters can bypass validation, allowing redirection to arbitrary external sites. Details All redirects in Gogs that are validated via the IsSameSite function are vulnerable: go func IsSameSiteurl string...

5.4CVSS5.9AI score0.00554EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/23 12:3 a.m.10 views

Gogs has the ability to import local repositories via Mirror Settings

Summary The Gogs Mirror Settings functionality provide an alternative way from the well protected New Migration functionality for any authenticated users to import local repositories. This issue stems from a lack of validation of SaveAddress function. Details Here is the function implementation o...

8.1CVSS5.8AI score0.00569EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/23 12:2 a.m.10 views

Gogs Vulnerable to CSRF Leading to Organization Owner Takeover

Summary In Gogs 0.14.1, organization team member management can be performed via GET requests without CSRF protection. If a victim who is an organization owner is logged in and is tricked into visiting a crafted link, an attacker-controlled user can be added to the Owners team. As a result, the...

8.8CVSS5.8AI score0.00248EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/22 11:59 p.m.8 views

Gogs Missing Authorization in Attachment Download

Summary In Gogs 0.14.1, GET /attachments/:uuid returns the raw attachment file without verifying whether the requester has view permission for the associated Issue/Comment/Release or the repository. In a test environment with REQUIRESIGNINVIEW = false, we confirmed that an unauthenticated user ca...

7.5CVSS5.8AI score0.00422EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/22 11:58 p.m.8 views

Gogs has Stored XSS in `.ipynb` Preview

Summary Although .ipynb previews are sanitized on the server side via /-/api/sanitizeipynb, the inserted content is re-rendered on the client side without sanitization using marked on elements with the .nb-markdown-cell class. During this process, links containing schemes such as javascript: can ...

8.9CVSS5.8AI score0.00429EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/22 11:58 p.m.6 views

Gogs has DoS in rendering issue index pattern

Summary Special template of issue index pattern may cause panic. Details in internal/markup/markup.go go link = fmt.Sprintf%s, com.Expandmetas"format", metas, m Issue index pattern is rendered to link with com.Expand. However, com.Expand is not safe. go i = strings.Indextemplate, "" if s, ok :=...

3.5CVSS5.8AI score0.00284EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/22 11:48 p.m.5 views

@actual-app/web has CSV Formula Injection in Transaction Export via Imported Payee/Notes Fields

Summary exportToCSV and exportQueryToCSV in packages/loot-core/src/server/transactions/export/export-to-csv.ts pass user-controlled Payee, Notes, Account, and Category strings to csv-stringify with no cast callback and no formula-prefix neutralization. Strings that begin with =, +, -, @, tab, or...

4.2CVSS5.9AI score0.00286EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/22 11:39 p.m.9 views

@budibase/backend-core has potential SSRF DNS rebinding bypass in outbound fetch validation

Summary Authenticated users with automation permissions can bypass Budibase's SSRF blacklist through DNS rebinding. The outbound fetch flow validates a hostname against the blacklist before the request is sent, but the actual socket connection later performs a separate DNS lookup through...

8.5CVSS5.9AI score0.00202EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/22 11:33 p.m.11 views

Budibase has arbitrary file read by workspace-builder via PWA-zip symlink upload

Summary POST /api/pwa/process-zip at packages/server/src/api/routes/static.ts:24 accepts a builder-uploaded .zip, extracts it with [email protected] into a temp directory, then for each entry listed in icons.json validates the icon path, opens it, and streams the bytes into MinIO. The resulting...

9.6CVSS5.9AI score0.00494EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/22 11:20 p.m.9 views

Budibase: Mass Assignment in Webhook Trigger Allows Cross-Workspace Automation Execution via appId Override

Summary The webhook trigger endpoint in Budibase is publicly accessible and passes the full HTTP request body into automation execution parameters. A mass assignment vulnerability in externalTrigger allows an attacker to overwrite the internal appId property by including it in the webhook POST...

9.6CVSS6.6AI score0.00461EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/22 11:19 p.m.10 views

@actual-app/sync-server: Disabled OpenID users keep access through existing session tokens

Summary In OpenID multi-user mode, disabling a user only blocks future OpenID login for that identity. Existing Actual session tokens for the disabled user remain valid, so the user can continue calling authenticated server endpoints after an administrator has disabled the account. Details The...

8.3CVSS5.9AI score0.00441EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/22 11:19 p.m.9 views

Budibase: POST /api/attachments/:datasourceId/url is unauthenticated and lets anonymous callers mint S3 PUT pre-signed URLs using stored datasource IAM credentials

Summary The Budibase server route POST /api/attachments/:datasourceId/url packages/server/src/api/routes/static.ts is registered with only the recaptcha middleware. There is no authorized... middleware in the chain. The controller...

9.4CVSS6AI score0.00415EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/22 11:15 p.m.17 views

Budibase: Unauthenticated S3 signed upload URL generation allows arbitrary writes with stored datasource credentials

The application server exposes an unauthenticated endpoint that generates S3 PutObject presigned URLs using credentials stored in a workspace datasource. The route is protected only by the recaptcha middleware and does not require authentication, table permission, datasource permission, or builde...

7.4CVSS6AI score0.0029EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/22 11:8 p.m.9 views

Budibase has an Account Impersonation Issue — Chat Identity Link Hijacking via Missing Consent & CSRF

Title Chat Identity Link Hijacking — Attacker Can Silently Map Their Slack/Discord Identity to Any Authenticated Budibase User's Account Severity High — CVSS 3.1: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N = 7.3 Affected Product - Product: Budibase - Version: 3.37.2 introduced in this version - Componen...

7.3CVSS5.9AI score0.00192EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/22 11:7 p.m.27 views

zeroconf: Unvalidated rdlength in record payload readers allows LAN-local cache corruption via crafted mDNS packet

Impact readcharacterstring and readstring in src/zeroconf/protocol/incoming.py sliced self.dataself.offset : self.offset + length and advanced self.offset by the declared length without checking it against self.datalen. Python's slice silently returns fewer bytes when the end index runs past the...

5.9AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/22 11:0 p.m.8 views

devbridge-autocomplete has XSS in its default formatters: formatGroup and formatResult fail to escape HTML in untrusted inputs

Summary The default formatGroup and formatResult functions in devbridge-autocomplete concatenate values into HTML without escaping, allowing XSS when an attacker controls or can taint the suggestion data source. Details 1. formatGroup — category is interpolated raw. src/format.ts: ts function...

5.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/22 10:57 p.m.7 views

scimPatch vulnerable to prototype pollution via unfiltered keys in patch

Summary scim-patch performs prototype pollution when applying a SCIM PATCH operation whose value object contains a key like "proto.someProp". After one such patch, Object.prototype.someProp is set process-wide, affecting every plain object in the Node process. Any service that calls scimPatch on...

5.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/22 10:57 p.m.13 views

nebula-mesh's stores enrollment tokens unhashed in SQLite

internal/store/sqlite.go:1177,1192,1221,1245 — the enrollmenttokens.token column holds the raw UUID token. ConsumeToken does WHERE token = ? against the raw string. Compare with operatorapikeys.keyhash, which is SHA-256 hex constructed in internal/api/middleware.go:51-53. Affected All released...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/22 10:45 p.m.9 views

Budibase: SSRF via OAuth2 token endpoint URL reaches internal hosts and cloud metadata

Summary fetchToken in the OAuth2 SDK makes a POST to a builder-supplied URL with plain node-fetch, skipping the blacklist.isBlacklisted check that every other outbound fetch path in the codebase uses. The Joi schema for the OAuth2 URL has no scheme or host restriction. Alice, a builder, points an...

8.5CVSS5.9AI score0.00174EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/22 10:45 p.m.9 views

skillctl: argument injection, path traversal in --dest, FIFO/device DoS, hardlink exfiltration, and commit-trailer forgery

Impact Following the path-safety patches in GHSA-wx3m-whqv-xv47 v0.1.2, a comprehensive multi-angle audit surfaced five further vulnerabilities, now patched in v0.1.3: 1. sourcesha argument injection in git ls-tree CRITICAL. InstalledSkill.sourcesha deserialized from .skills.toml committed,...

6AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/22 10:44 p.m.8 views

Gogs has SSRF in webhook deliveries

Summary The fix for CVE-2022-1285 prevents adding webooks or running webhooks with URLs with a hostname that resolves in localCIDRs. However, webhooks still follow redirects allowing to access hostname inside localCIDRs. This was already communicated in the initial report but it looks like there...

8.3CVSS6.8AI score0.01193EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/22 9:42 p.m.7 views

@actual-app/sync-server's missing authorization on GET /secret/:name allows non-admin OpenID users to enumerate admin-configured bank-sync secrets

Summary In @actual-app/sync-server, the GET /secret/:name endpoint app-secrets.js:53 checks only that the caller has a valid session — it does not verify the caller is an admin. The sibling POST /secret/ handler does enforce an admin check in OpenID mode, exposing an authorization asymmetry. Any...

4.3CVSS5.8AI score0.00342EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/22 9:42 p.m.6 views

@actual-app/cli `--format csv` Output Vulnerable to CSV Formula Injection via Custom `escapeCsv` Helper

Summary @actual-app/cli ships a hand-rolled CSV serializer in packages/cli/src/output.ts used whenever the global --format csv option is passed whose escapeCsv helper only handles RFC 4180 delimiter/quote/newline escaping. It does not neutralize the standard CSV formula-injection prefixes =, +, -...

4.6CVSS6.1AI score0.00188EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/22 9:31 p.m.6 views

Glances: XML-RPC Server Missing Host Header Validation Enables DNS Rebinding Attack

Summary The Glances XML-RPC server glances -s, implemented in glances/server.py does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. CVE-2026-32632 patched in 4.5.2 added TrustedHostMiddleware to the REST/WebUI server; the MCP server has had equivalent protectio...

5.3CVSS6.1AI score0.00156EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/22 9:27 p.m.5 views

Glances: XML-RPC Multi-Origin CORS Configuration Silently Falls Back to Wildcard (Incomplete Fix for CVE-2026-33533)

Summary The Glances XML-RPC server glances -s introduced a configurable CORS origin list in version 4.5.3 as a mitigation for CVE 2026-33533. However, the implementation silently falls back to Access-Control-Allow-Origin: whenever corsorigins contains more than one entry. An operator who configur...

7.4CVSS5.9AI score0.00409EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/22 9:21 p.m.6 views

Glances has Insecure Pickle Deserialization in its Version Cache that Leads to Arbitrary Code Execution

Summary glances/outdated.py uses pickle.load to read a version-check cache file stored at a predictable, world-accessible path /.cache/glances/glances-version.db or $XDGCACHEHOME/glances/glances-version.db. No integrity check, signature verification, or format validation is performed before...

7.8CVSS6.6AI score0.00303EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/22 9:14 p.m.10 views

Glances is Vulnerable to Command Injection via KVM/QEMU VM Domain Names in glances/plugins/vms/engines/virsh.py

Summary The Glances KVM/QEMU monitoring engine glances/plugins/vms/engines/virsh.py passes VM domain names, read directly from virsh list --all output, into f-string command templates that are processed by securepopen. securepopen is explicitly designed to interpret &&, |, and as shell operators...

7.8CVSS6.6AI score0.00213EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/22 9:10 p.m.5 views

OpenDJ Pre-Auth RCE via Java Deserialization in JMX RMI

Summary Description A Deserialization of Untrusted Data CWE-502 issue in OpenDJ's JMX RMI connector allows an unauthenticated remote attacker to deserialize arbitrary Java objects on the server. The vulnerability exists because the platform reads and processes attacker-controlled bytes prior to...

6.1AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/22 8:59 p.m.6 views

motionEye: Authentication possible via password hash

Summary An authentication bypass vulnerability exists due to improper trust in client-controlled cookies. The application accepts user-supplied cookie values containing a username and password-hash-derived value as sufficient authentication material. These cookies can be set or modified prior to...

6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/22 8:43 p.m.5 views

Spinnaker has uon-safe yaml deserialization, allowing RCE when using specific types

Impact There's an unsafe YAML processing vulnerability that bypasses safe deserialization. This impacts users when when performing: CloudFormation deployments CloudFoundry Baking The usage of a non-safe constructor use allows arbitrary loading of Java classes leading to RCE. Patches 2025.3.3,...

6AI score
Exploits0References2Affected Software2
Total number of security vulnerabilities33187