Lucene search
K
GithubRecent

33255 matches found

Github Security Blog
Github Security Blog
added 2026/02/19 7:40 p.m.7 views

Leaf-kit html escaping does not work on characters that are part of extended grapheme cluster

Summary htmlEscaped in leaf-kit will only escape html special characters if the extended grapheme clusters match, which allows bypassing escaping by using an extended grapheme cluster containing both the special html character and some additional characters. In the case of html attributes, this c...

6.1CVSS5.6AI score0.0023EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/19 7:39 p.m.10 views

Cilium may not enforce host firewall policies when Native Routing, WireGuard and Node Encryption are enabled

Impact Host Policies will incorrectly permit traffic from Pods on other nodes when all of the following configurations are enabled: Native Routing WireGuard Node Encryption beta These options are disabled by default in Cilium. Patches This issue was fixed by 42892. This issue affects: Cilium v1.1...

6.1CVSS5.5AI score0.00126EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/19 7:34 p.m.13 views

Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution

Impact: An RCE vulnerability has been identified in Microsoft Semantic Kernel Python SDK, specifically within the InMemoryVectorStore filter functionality. Patches: The problem has been fixed in python-1.39.4. Users should upgrade this version or higher. Workarounds: Avoid using InMemoryVectorSto...

9.9CVSS5.5AI score0.02914EPSS
Exploits2References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/19 7:32 p.m.12 views

jsPDF has a PDF Injection in AcroForm module allows Arbitrary JavaScript Execution (RadioButton.createOption and "AS" property)

Impact User control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to the following property, a user can inject arbitrary PDF objects, such as JavaScript actions, which a...

9.6CVSS5.8AI score0.0043EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/19 7:32 p.m.8 views

jsPDF has a PDF Object Injection via Unsanitized Input in addJS Method

Impact User control of the argument of the addJS method allows an attacker to inject arbitrary PDF objects into the generated document. By crafting a payload that escapes the JavaScript string delimiter, an attacker can execute malicious actions or alter the document structure, impacting any user...

9.6CVSS5.9AI score0.00817EPSS
Exploits2References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/19 6:31 p.m.9 views

carbon-apimgt does not properly restrict uploaded files

A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location within the deployment via a system REST API. Successful uploads may lead to remote code execution. By leveraging the vulnerability, a malicious actor may perform Remote Code Execution by...

9.1CVSS6.4AI score0.00676EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/19 6:31 p.m.4 views

Duplicate Advisory: chi has an open redirect vulnerability in the RedirectSlashes middleware

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mqqf-5wvp-8fh8. This link is maintained to preserve external references. Original Description An Open Redirect vulnerability in the go-chi/chi =5.2.2 RedirectSlashes function allows remote attackers to redirect...

4.7CVSS5.2AI score0.00215EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/19 6:31 p.m.5 views

Duplicate Advisory: Open Babel has an out-of-bounds read in CIF transform3d::DescribeAsString

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6xw4-2g22-26h8. This link is maintained to preserve external references. Original Description A security vulnerability has been detected in Open Babel up to 3.1.1. The affected element is the function...

8.1CVSS5.2AI score0.00759EPSS
Exploits1References14Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/19 6:31 p.m.6 views

Duplicate Advisory: Open Babel has NULL pointer dereference in MOL2 OBAtom::SetFormalCharge

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4w5w-4fhm-q483. This link is maintained to preserve external references. Original Description A vulnerability was detected in Open Babel up to 3.1.1. The impacted element is the function OBAtom::SetFormalCharge ...

8.1CVSS5.6AI score0.007EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/19 6:31 p.m.10 views

Keycloak: Missing Check on Disabled Client for Docker Registry Protocol

A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that turning the client “Enabled” setting to OFF does not fully prevent access. As a result, previously...

3.8CVSS5.4AI score0.0033EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/19 3:25 p.m.12 views

Kata Container to Guest micro VM privilege escalation

Summary An issue in Kata with Cloud Hypervisor allows a user of the container to modify the file system used by the Guest micro VM ultimately achieving arbitrary code execution as root in said VM. The current understinding is this doesn’t impact the security of the Host or of other containers / V...

9.3CVSS6.2AI score0.00223EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/19 3:25 p.m.8 views

jsPDF Affected by Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions

Impact User control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful GIF file that results in out of memory errors and denial of service. Harmful GIF file...

8.7CVSS5.5AI score0.00717EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/19 3:18 p.m.9 views

Svelte SSR does not validate dynamic element tag names in `<svelte:element>`

When using in server-side rendering, the provided tag name is not validated or sanitized before being emitted into the HTML output. If the tag string contains unexpected characters, it can result in HTML injection in the SSR output. Client-side rendering is not affected...

5.4CVSS5.5AI score0.00189EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/19 3:18 p.m.8 views

Svelte affected by cross-site scripting via spread attributes in Svelte SSR

Versions of svelte prior to 5.51.5 are vulnerable to cross-site scripting XSS during server-side rendering. When using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads user-controlled or external...

5.4CVSS5.2AI score0.00189EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/19 3:18 p.m.9 views

Svelte affected by XSS in SSR `<option>` element

In certain circumstances, the server-side rendering output of an element does not properly escape its content, potentially allowing HTML injection in the SSR output. Client-side rendering is not affected...

5.4CVSS5.5AI score0.00182EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/19 3:18 p.m.11 views

Cache poisoning in @sveltejs/adapter-vercel

Versions of @sveltejs/adapter-vercel prior to 6.3.2 are vulnerable to cache poisoning. An internal query parameter intended for Incremental Static Regeneration ISR is accessible on all routes, allowing an attacker to cause sensitive user-specific responses to be cached and served to other users...

5.3CVSS5.5AI score0.00258EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/19 3:17 p.m.11 views

Unsoundness in opt-in ARMv8 assembly backend for `keccak`

Summary The asm! block enabled by the off-by-default asm feature, when enabled on ARMv8 targets, misspecified the operand type for all of its operands, using in for pointers and values which were subsequently mutated by operations performed within the assembly block. Impact It's unclear what...

5.5AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/19 3:17 p.m.14 views

Unauthorized npm publish of [email protected] with modified postinstall script

Description On February 17, 2026 at 3:26 AM PT, an unauthorized party used a compromised npm publish token to publish an update to Cline CLI on the NPM registry: [email protected]. The published package contains a modified package.json with an added postinstall script: "postinstall": "npm install -g...

5.6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/19 3:16 p.m.11 views

Kargo has an Authorization Bypass Vulnerability in Batch Resource Creation API Endpoints

Summary The batch resource creation endpoints of both Kargo's legacy gRPC API and newer REST API accept multi-document YAML payloads. When either endpoint creates a Project resource, creation of subsequent resources from that same payload belonging in that Project's underlying Kubernetes namespac...

9.9CVSS6.5AI score0.00423EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/19 3:16 p.m.9 views

Kargo has Missing Authorization Vulnerabilities in Approval & Promotion REST API Endpoints

Summary Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the ability to manage promotion-related resources from the ability to trigger promotions,...

5.3CVSS5.9AI score0.00175EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 10:44 p.m.21 views

Fabric.js Affected by Stored XSS via SVG Export

fabric.js applies escapeXml to text content during SVG export src/shapes/Text/TextSVGExportMixin.ts:186 but fails to apply it to other user-controlled string values that are interpolated into SVG attribute markup. When attacker-controlled JSON is loaded via loadFromJSON and later exported via...

7.6CVSS6AI score0.00281EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 10:44 p.m.6 views

OpenClaw affected by Stored XSS in Control UI via unsanitized assistant name/avatar in inline script injection

Summary Stored XSS in the OpenClaw Control UI when rendering assistant identity name/avatar into an inline tag without script-context-safe escaping. A crafted value containing could break out of the script tag and execute attacker-controlled JavaScript in the Control UI origin. Affected Packages ...

5.8CVSS5.8AI score0.00228EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 10:44 p.m.10 views

OpenClaw hardened the skill download target directory validation

Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.2.14 - Fixed in: planned release 2026.2.15 Impact A bug in download skill installation allowed targetDir values from skill frontmatter to resolve outside the per-skill tools directory if not strictly validated. In th...

6.8CVSS5.4AI score0.00166EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 10:44 p.m.12 views

OpenClaw's sandbox config hash sorted primitive arrays and suppressed needed container recreation

Description normalizeForHash in src/agents/sandbox/config-hash.ts recursively sorted arrays that contained only primitive values. This made order-sensitive sandbox configuration arrays hash to the same value even when order changed. In OpenClaw sandbox flows, this hash is used to decide whether...

4.8CVSS5.6AI score0.00157EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 10:43 p.m.9 views

OpenClaw session tool visibility hardening and Telegram webhook secret fallback

Vulnerability In some shared-agent deployments, OpenClaw session tools sessionslist, sessionshistory, sessionssend allowed broader session targeting than some operators intended. This is primarily a configuration/visibility-scoping issue in multi-user environments where peers are not equally...

6.9CVSS5.6AI score0.00105EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 10:43 p.m.18 views

OpenClaw: Telegram bot token exposure via logs

Vulnerability Telegram bot tokens can appear in error messages and stack traces for example, when request URLs include https://api.telegram.org/bot/.... OpenClaw previously logged these strings without redaction, which could leak the bot token into logs, crash reports, CI output, or support...

6.9CVSS5.6AI score0.00142EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 10:42 p.m.12 views

OpenClaw: Docker container escape via unvalidated bind mount config injection

Summary A configuration injection issue in the Docker tool sandbox could allow dangerous Docker options bind mounts, host networking, unconfined profiles to be applied, enabling container escape or host data access. Affected Packages / Versions - Package: openclaw npm - Affected versions: =...

9.8CVSS5.5AI score0.00479EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 10:42 p.m.20 views

OpenClaw: Unsanitized CWD path injection into LLM prompts

Overview OpenClaw embedded the current working directory workspace path into the agent system prompt without sanitization. If an attacker can cause OpenClaw to run inside a directory whose name contains control/format characters for example newlines or Unicode bidi/zero-width markers, those...

8.6CVSS5.5AI score0.00205EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 10:41 p.m.12 views

Keras has a Local File Disclosure via HDF5 External Storage During Keras Weight Loading

Summary TensorFlow / Keras continues to honor HDF5 “external storage” and ExternalLink features when loading weights. A malicious .weights.h5 or a .keras archive embedding such weights can direct loadweights to read from an arbitrary readable filesystem path. The bytes pulled from that path...

7.5CVSS5.8AI score0.00298EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 10:41 p.m.9 views

pypdf possibly has long runtimes for malformed FlateDecode streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires a malformed /FlateDecode stream, where the byte-by-byte decompression is used. Patches This has been fixed in pypdf==6.7.1. Workarounds If you cannot upgrade yet, consider applying the chang...

6.9CVSS5.5AI score0.00168EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 10:41 p.m.8 views

pypdf has possible long runtimes/large memory usage for large /ToUnicode streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text extraction. Patches This has been fixed in pypdf==6.7.1. Workarounds ...

6.9CVSS5.5AI score0.00168EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 10:40 p.m.7 views

pypdf has a possible infinite loop when processing TreeObject

Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires accessing the children of a TreeObject, for example as part of outlines. Patches This has been fixed in pypdf==6.7.1. Workarounds If you cannot upgrade yet, consider applying the changes...

6.9CVSS5.5AI score0.00168EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 10:40 p.m.9 views

RediSearch Query Injection in @langchain/langgraph-checkpoint-redis

Summary A query injection vulnerability exists in the @langchain/langgraph-checkpoint-redis package's filter handling. The RedisSaver and ShallowRedisSaver classes construct RediSearch queries by directly interpolating user-provided filter keys and values without proper escaping. RediSearch has...

6.5CVSS5.8AI score0.03722EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 10:38 p.m.171 views

minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern

Summary minimatch is vulnerable to Regular Expression Denial of Service ReDoS when a glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string. Each compiles to a separate ^/? regex group, and when the match fails, V8's regex engine...

8.7CVSS5.3AI score0.00519EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 10:37 p.m.10 views

filippo.io/edwards25519 MultiScalarMult produces invalid results or undefined behavior if receiver is not the identity

Point.MultiScalarMult failed to initialize its receiver. If the method was called on an initialized point that is not the identity point, MultiScalarMult produced an incorrect result. If the method was called on an uninitialized point, the behavior was undefined. In particular, if the receiver wa...

6.3CVSS5.6AI score0.00366EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 10:36 p.m.22 views

Command Injection via Unsanitized `locate` Output in `versions()` — systeminformation

Command Injection via Unsanitized locate Output in versions — systeminformation Package: systeminformation npm Tested Version: 5.30.7 Affected Platform: Linux Author: Sebastian Hildebrandt Weekly Downloads: 5,000,000+ Repository: https://github.com/sebhildebrandt/systeminformation Severity: Mediu...

8.8CVSS6.1AI score0.0115EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 10:36 p.m.170 views

Go Ethereum Improperly Validates the ECIES Public Key in RLPx Handshake

Impact Through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. Patches The issue is resolved in the v1.16.9 and v1.17.0 releases of Geth. We recommend rotating the node key after applying the upgrade, which can be done by removing the...

7.5CVSS5.5AI score0.00447EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 10:35 p.m.9 views

Go Ethereum affected by DoS via malicious p2p message

Impact A vulnerable node can be forced to shutdown/crash using a specially crafted message. More details to be released later. Patches The problem is resolved in the v1.16.9 and v1.17.0 releases of Geth. Credit This issue was reported to the Ethereum Foundation Bug Bounty Program by Waleed Ahmed...

8.7CVSS5.5AI score0.0058EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 10:34 p.m.13 views

Go Ethereum affected by DoS via malicious p2p message

Impact An attacker can cause high memory usage by sending a specially-crafted p2p message. More details to be released later. Patches The issue is resolved in the v1.17.0 release. Credit This issue was reported to the Ethereum Foundation Bug Bounty Program by @revofusion...

7.5CVSS5.5AI score0.00578EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 10:33 p.m.20 views

uTLS has a fingerprint vulnerability from missing padding extension for Chrome 120

The padding extension was incorrectly removed in utls for the non-pq variant of Chrome 120 fingerprint. Chrome removed this extension only when sending pq keyshares. Only this fingerprint is affected since newer fingerprints have pq keyshares by default and older fingerprints have this extension...

5.5AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 10:33 p.m.5 views

uTLS has a fingerprint vulnerability from GREASE ECH mismatch for Chrome parrots

There is a fingerprint mismatch with Chrome when using GREASE ECH, having to do with ciphersuite selection. When Chrome selects the preferred ciphersuite in the outer ClientHello and the ciphersuite for ECH, it does so consistently based on hardware support. That means, for example, if it prefers...

5.3CVSS5.5AI score0.00154EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 10:31 p.m.9 views

LibreNMS has a Time-Based Blind SQL Injection in address-search.inc.php

Summary A time-based blind SQL injection vulnerability exists in address-search.inc.php via the address parameter. When a crafted subnet prefix is supplied, the prefix value is concatenated directly into an SQL query without proper parameter binding, allowing an attacker to manipulate query logic...

8.8CVSS6AI score0.04054EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 10:30 p.m.8 views

LibreNMS has a Stored XSS in Alert Rule

Summary A stored Cross-Site Scripting XSS vulnerability exists in LibreNMS " . e$ruledisplay . " PoC Request PoC: POST /alert-rule HTTP/1.1 Host: 192.168.236.131 User-Agent: Mozilla/5.0 X11; Linux x8664; rv:140.0 Gecko/20100101 Firefox/140.0 Accept: application/json, text/javascript, /; q=0.01...

4.8CVSS5.5AI score0.00238EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 10:30 p.m.11 views

LibreNMS: SQL Injection in ajax_table.php spreads through a covert data stream.

Summary SQL Injection in IPv6 Address Search functionality via address parameter A SQL injection vulnerability exists in the ajaxtable.php endpoint. The application fails to properly sanitize or parameterize user input when processing IPv6 address searches. Specifically, the address parameter is...

9.3CVSS6.7AI score0.0744EPSS
Exploits2References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 10:8 p.m.11 views

LibreNMS has a Stored XSS in Custom OID - unit parameter missing strip_tags()

Summary The unit parameter in Custom OID functionality lacks striptags sanitization while other fields name, oid, datatype are sanitized. The unsanitized value is stored in the database and rendered without HTML escaping, allowing Stored XSS. Details Vulnerable Input Processing...

5.4CVSS5.4AI score0.00227EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 10:7 p.m.7 views

LibreNMS /port-groups name Stored Cross-Site Scripting

Summary /port-groups name Stored Cross-Site Scripting - HTTP POST - Request-URIs: "/port-groups" - Vulnerable parameters: "name" - Attacker must be authenticated with "admin" privileges. - When a user adds a port group, an HTTP POST request is sent to the Request-URI "/port-groups". The name of t...

5.1CVSS5.5AI score0.00216EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 10:7 p.m.7 views

LibreNMS /device-groups name Stored Cross-Site Scripting

Summary /device-groups name Stored Cross-Site Scripting - HTTP POST - Request-URIs: "/device-groups" - Vulnerable parameters: "name" - Attacker must be authenticated with "admin" privileges. - When a user adds a device group, an HTTP POST request is sent to the Request-URI "/device-groups". The...

5.1CVSS5.5AI score0.00216EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 10:7 p.m.6 views

LibreNMS affected by reflected xss via email field

Summary reflected xss via email field Details 1. visit http://127.0.0.1/settings/alerting/email 2. in the email address input but this payload 3. notice the alert PoC - video attached with the report https://github.com/user-attachments/assets/c1b443f5-85c6-4545-b04f-def06d82b42e Impact can lead t...

6.1CVSS5.5AI score0.00291EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 9:57 p.m.19 views

Nokogiri does not check the return value from xmlC14NExecute

Summary Nokogiri's CRuby extension fails to check the return value from xmlC14NExecute in the method Nokogiri::XML::Documentcanonicalize and Nokogiri::XML::Nodecanonicalize. When canonicalization fails, an empty string is returned instead of raising an exception. This incorrect return value may...

5.6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 9:51 p.m.7 views

Systeminformation has a Command Injection via unsanitized interface parameter in wifi.js retry path

Summary A command injection vulnerability in the wifiNetworks function allows an attacker to execute arbitrary OS commands via an unsanitized network interface parameter in the retry code path. Details In lib/wifi.js, the wifiNetworks function sanitizes the iface parameter on the initial call lin...

8.4CVSS6.5AI score0.01233EPSS
Exploits1References4Affected Software1
Total number of security vulnerabilities33255