Lucene search
K
GithubRecent

33268 matches found

Github Security Blog
Github Security Blog
added 2026/02/17 4:45 p.m.38 views

OpenClaw's Browser Relay /cdp websocket is missing auth which could allow cross-tab cookie access

Summary In affected versions, the Browser Relay /cdp WebSocket endpoint did not require an authentication token. As a result, a website running in the browser could potentially connect to the local relay via loopback WebSocket and use CDP to access cookies from other open tabs and run JavaScript ...

8.1CVSS5.8AI score0.00295EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2026/02/17 4:44 p.m.38 views

OpenClaw's Windows cmd.exe parsing may bypass exec allowlist/approval gating

Summary On Windows nodes, exec requests were executed via cmd.exe /d /s /c . In allowlist/approval-gated mode, the allowlist analysis did not model Windows cmd.exe parsing and metacharacter behavior. A crafted command string could cause cmd.exe to interpret additional operations for example comma...

9.8CVSS5.8AI score0.00499EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 4:43 p.m.12 views

OpenClaw has an arbitrary transcript path file write via gateway sessionFile

Summary In OpenClaw versions prior to 2026.2.12, the gateway accepted an untrusted sessionFile path when resolving the session transcript file. This could allow an authenticated gateway client to create and append OpenClaw session transcript records at an arbitrary path on the gateway host...

8.1CVSS6.7AI score0.00363EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 4:43 p.m.23 views

OpenClaw Hook Session Key Override Enables Targeted Cross-Session Routing

Summary The issue is not deterministic session keys by itself. The exploitable path was accepting externally supplied sessionKey values on authenticated hook ingress, allowing a hook token holder to route messages into chosen sessions. Affected Behavior - POST /hooks/agent accepted payload...

5.5AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 4:37 p.m.6 views

Weblate has an argument injection in management console

Impact The SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to ssh-add. Patches https://github.com/WeblateOrg/weblate/pull/17722 Workarounds Properly limit access to the management console. References This issue was...

9.1CVSS5.5AI score0.00447EPSS
Exploits3References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 4:37 p.m.35 views

OpenClaw's gateway connect could skip device identity checks when auth.token was present but not yet validated

Summary The gateway WebSocket connect handshake could allow skipping device identity checks when auth.token was present but not yet validated. Details In src/gateway/server/ws-connection/message-handler.ts, the device-identity requirement could be bypassed based on the presence of a non-empty...

9.8CVSS5.6AI score0.00357EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 4:14 p.m.11 views

Rack has a Directory Traversal via Rack:Directory

Summary Rack::Directory’s path check used a string prefix match on the expanded path. A request like /../rootexample/ can escape the configured root if the target path starts with the root string, allowing directory listing outside the intended root. Details In directory.rb,...

7.5CVSS5.6AI score0.00665EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 4:13 p.m.7 views

BSV Blockchain SDK has an Authentication Signature Data Preparation Vulnerability

BRC-104 Authentication Signature Data Preparation Vulnerability Summary A critical cryptographic vulnerability in the TypeScript SDK's BRC-104 authentication implementation caused incorrect signature data preparation, resulting in signature incompatibility between SDK implementations and potentia...

5.4CVSS5.8AI score0.00286EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 3:31 p.m.14 views

Apache Arrow: Potential use-after-free when reading IPC file with pre-buffering

Use After Free vulnerability in Apache Arrow C++. This issue affects Apache Arrow C++ from 15.0.0 through 23.0.0. It can be triggered when reading an Arrow IPC file but not an IPC stream with pre-buffering enabled, if the IPC file contains data with variadic buffers such as Binary View and String...

7CVSS5.6AI score0.00807EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 12:31 p.m.6 views

Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates

Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updating configuration properties on extension components that have specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required to add the annotated component to...

8.7CVSS5.6AI score0.0075EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/16 3:32 p.m.7 views

Mattermost fails to enforce invite permissions when updating team settings

Mattermost versions 10.11.x = 10.11.9 fail to enforce invite permissions when updating team settings, which allows team administrators without proper permissions to bypass restrictions and add users to their team via API requests. Mattermost Advisory ID: MMSA-2025-00561...

3.8CVSS5.5AI score0.00157EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/02/16 3:32 p.m.7 views

Mattermost fails to properly validate team membership when processing channel mentions

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate team membership when processing channel mentions which allows authenticated users to determine the existence of teams and their URL names via posting channel shortlinks and observing the...

4.3CVSS5.5AI score0.00162EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/02/16 12:30 p.m.7 views

pretix unsafely evaluates variables in emails

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained two security-relevant bugs: - It was possible to exfiltrate informati...

9CVSS5.5AI score0.00243EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/16 12:30 p.m.7 views

Mattermost fails to sanitize sensitive data in WebSocket messages

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to sanitize sensitive data in WebSocket messages which allows authenticated users to exfiltrate password hashes and MFA secrets via profile nickname updates or email verification events. Mattermost Advisory ID:...

5.7CVSS5.5AI score0.00198EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/02/16 12:30 p.m.7 views

Mattermost Plugin Zoom fail to validate user identity and post ownership in the {{/api/v1/askPMI}} endpoint

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 and Mattermost Plugin Zoom versions =1.11.0 fail to validate user identity and post ownership in the /api/v1/askPMI endpoint which allows unauthorized users to start Zoom meetings as any user and overwrite arbitrary posts via...

4.3CVSS5.7AI score0.00152EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/16 12:30 p.m.7 views

Mattermost fails to properly validate login method restrictions

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Mattermost Advisory ID: MMSA-2025-00548...

5.4CVSS5.5AI score0.00172EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/02/16 12:30 p.m.9 views

Mattermost Plugin Zoom allows any logged-in user to change Zoom meeting restrictions for arbitrary channels

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 and Mattermost Plugin Zoom versions =1.11.0 fail to validate the authenticated user when processing /plugins/zoom/api/v1/channel-preference, which allows any logged-in user to change Zoom meeting restrictions for arbitrary...

4.3CVSS5.7AI score0.00152EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/16 6:31 a.m.8 views

MindsDB affected by a SSRF vulnerability

A security vulnerability has been detected in MindsDB up to 25.14.1. This vulnerability affects the function clearfilename of the file mindsdb/utilities/security.py of the component File Upload. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The...

7.3CVSS5AI score0.00226EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/14 6:30 a.m.8 views

ImapEngine affected by command injection via the ID command parameters

Versions of the package directorytree/imapengine before 1.22.3 are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the id function in ImapConnection.php due to improperly escaping user input before including it in IMAP ID commands...

7.6CVSS5.6AI score0.00351EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/13 10:49 p.m.8 views

Known affected by Account Takeover via Password Reset Token Leakage

Summary A Critical Broken Authentication vulnerability exists in Known 1.6.2. The application leaks the password reset token within a hidden HTML input field on the password reset page. This allows any unauthenticated attacker to retrieve the reset token for any user by simply querying the user's...

9.8CVSS5.8AI score0.00714EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/13 9:4 p.m.11 views

Cloudflare Agents has a Reflected Cross-Site Scripting (XSS) vulnerability in AI Playground site

Summary A Reflected Cross-Site Scripting XSS vulnerability was discovered in the AI Playground's OAuth callback handler. The errordescription query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the contex...

5.9AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/13 9:2 p.m.10 views

`polymarket-client-sdks` was removed from crates.io for malicious code

It appeared to be typosquatting existing crate polymarket-client-sdk sdks vs sdk and attempting to steal credentials from local files. The malicious crate had 1 version published on 2026-02-09 and had been downloaded only 33 times. There were no crates depending on this crate on crates.io. Thanks...

5.4AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/13 8:55 p.m.12 views

rPGP's integrity protection of encrypted data was not always checked

Summary For some messages, rPGP returned incorrectly decrypted data without signaling that integrity protection was invalid. Details When decrypting SEIPD Symmetrically Encrypted and Integrity Protected Data Packet, rPGP previously did not under all circumstances report the absence of valid...

5.5AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/13 8:54 p.m.9 views

rPGP affected by crash in message handling for deeply nested messages

Summary Previous rPGP versions could be caused to crash with a "stack overflow" when parsing messages that contain deeply nested message layers, such as messages with many signatures. rPGP 0.19.0 resolves this issue with a more robust message handling implementation via...

5.5AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/13 8:54 p.m.17 views

rPGP vulnerable to parser crash on crafted RSA secret key packets through CVE-2026-21895

Summary It was possible to trigger an unhandled edge case in the Rust Crypto rsa crate through rPGP packet parsing functionality, and crash the process that runs rPGP. This problem has been patched in a new rsa version. The new release of rPGP ensures a patched version of the rsa crate is in use,...

6.9CVSS5.5AI score0.00405EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/13 8:53 p.m.13 views

Child processes spawned by Renovate incorrectly have full access to environment variables

When Renovate spawns child processes, their access to environment variables is filtered to an allowlist, to prevent unauthorized access to privileged credentials that the Renovate process has access to. Since 42.68.1 2025-12-30, this filtering had been inadvertently removed, and so any child...

5.6AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/13 8:52 p.m.25 views

Wildfly Elytron integration susceptible to brute force attacks via CLI

Impact A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI. Patches The default behaviour has been changed in...

8.1CVSS5.3AI score0.00817EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/13 8:5 p.m.31 views

Bug fixes in hpke-rs, hpke-rs-rust-crypto

We publish a GitHub security advisory for any releases whose CHANGELOG includes bug-fixes, and encourage our users to upgrade. The latest releases of the hpke-rs and hpke-rs-rust-crypto crates contain the following bug-fixes: hpke-rs - 127: Fix KemAlgorithm::TryFrom mapping where 0x004D incorrect...

5.5AI score
Exploits0References12Affected Software2
Github Security Blog
Github Security Blog
added 2026/02/13 6:31 p.m.9 views

beautiful-mermaid contains an SVG attribute injection issue that can lead to cross-site scripting (XSS)

beautiful-mermaid versions prior to 0.1.3 contain an SVG attribute injection issue that can lead to cross-site scripting XSS when rendering attacker-controlled Mermaid diagrams. User-controlled values from Mermaid style and classDef directives are interpolated into SVG attribute values without...

5.3CVSS5.5AI score0.00505EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/13 4:16 p.m.16 views

sqlparse: formatting list of tuples leads to denial of service

Summary The below gist hangs while attempting to format a long list of tuples. This was found while drafting a regression test for Dja ngo 5.2's composite primary key feature, which allows querying composite fields with tuples...

5.5AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/13 4:16 p.m.13 views

lakeFS vulnerable to path traversal in local block adapter allow cross-namespace and sibling directory access

Summary Two path traversal vulnerabilities in the local block adapter allow authenticated users to read and write files outside their designated storage boundaries. Details The local block adapter in pkg/block/local/adapter.go had two path traversal vulnerabilities: 1. Prefix Bypass Vulnerability...

8.1CVSS5.5AI score0.0039EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/13 12:31 p.m.7 views

Mattermost doesn't properly validate channel membership at the time of data retrieval

Mattermost versions 10.11.x = 10.11.9 fail to properly validate channel membership at the time of data retrieval which allows a deactivated user to learn team names they should not have access to via a race condition in the /commonteams API endpoint.. Mattermost Advisory ID: MMSA-2025-00549...

3.1CVSS5.5AI score0.00199EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/13 12:31 p.m.10 views

Apache Avro Java SDK is Vulnerable to Code Injection

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 o...

7.3CVSS5.5AI score0.00602EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/13 12:31 p.m.9 views

Mattermost doesn't validate user permissions when creating Jira issues from Mattermost posts

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...

4.3CVSS5.5AI score0.00239EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/13 3:31 a.m.8 views

Cloudflare Agents is Vulnerable to Reflected Cross-Site Scripting in the AI Playground's OAuth callback handler

Summary A Reflected Cross-Site Scripting XSS vulnerability was discovered in the AI Playground's OAuth callback handler. The errordescription query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the contex...

6.2CVSS5.9AI score0.00371EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/12 10:14 p.m.10 views

NeuVector scanner insecurely handles passwords as command arguments

Impact A vulnerability has been identified in the NeuVector scanner where the scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive credentials to local users. This may allow unauthorized access to registries or the NeuVector...

3.8CVSS5.4AI score0.00091EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/12 10:13 p.m.9 views

Directus Vulnerable to User Enumeration via Password Reset Timing Attack

Summary A timing-based user enumeration vulnerability exists in the password reset functionality. When an invalid reseturl parameter is provided, the response time differs by approximately 500ms between existing and non-existing users, enabling reliable user enumeration. Details The password rese...

5.3CVSS5.5AI score0.00349EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2026/02/12 10:12 p.m.7 views

Bug-Fixes in `libcrux-ecdh`, `libcrux-ed25519`, `libcrux-psq`

In accordance with our security policy for libcrux, we publish a GitHub security advisory for any releases whose CHANGELOG includes bug-fixes, and encourage our users to upgrade. The latest releases of the libcrux-ecdh, libcrux-ed25519 and libcrux-psq crates contain the following bug-fixes:...

5.5AI score
Exploits0References12Affected Software3
Github Security Blog
Github Security Blog
added 2026/02/12 10:11 p.m.15 views

MagicLink: Insecure Deserialization of MagicLink Actions Leads to Remote Code Execution

Description MagicLink stores serialized action objects in the magiclinks.action database column and deserializes them without integrity validation or class allowlisting in src/MagicLink.php and src/Actions/ResponseAction.php. An attacker with the ability to manipulate database records e.g., via S...

6.1AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/12 10:11 p.m.8 views

SurrealDB vulnerable to Denial of Service through scripting function memory edge case

In SurrealDB instances with the scripting capability enabled --allow-scripting, users with the ability to run arbitrary queries can trigger a server crash due to a memory-safety bug in the underlying JS engine. The SurrealDB instance terminates instantly, requiring a manual restart. The query...

6.1AI score
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/12 10:11 p.m.11 views

`sha-rst` was removed from crates.io for malicious code

This crate was used as a dependency by finchclirust and finch-rst and contained a malware payload to exfiltrate credentials. The malicious crate had 1 version published on 2025-12-08 and had been downloaded 22 times. Other than the other crates above that were part of the attack, no other crates...

5.5AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/12 10:10 p.m.8 views

`finch_cli_rust` was removed from crates.io for malicious code

This attempts to typosquat the existing crate finchcli to steal credentials from local files. The malicious crate had 1 version published on 2025-12-08 and had been downloaded 18 times. There were no crates depending on this crate on crates.io. Thanks to Matthias Zepper of NGI Sweden for reportin...

5.4AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/12 10:10 p.m.6 views

`finch-rst` was removed from crates.io for malicious code

This attempts to typosquat the existing crate finch to steal credentials from local files. The malicious crate had 1 version published on 2025-12-08 and had been downloaded 21 times. There were no crates depending on this crate on crates.io. Thanks to Matthias Zepper of NGI Sweden for reporting...

5.4AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/12 10:6 p.m.9 views

Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC

Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC This vulnerability exists in the Air Traffic Controller ATC component of Yoke, a Kubernetes deployment tool. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller...

8.8CVSS6.9AI score0.004EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/12 10:6 p.m.6 views

Unauthenticated Admission Webhook Endpoints in Yoke ATC

Unauthenticated Admission Webhook Endpoints in Yoke ATC This vulnerability exists in the Air Traffic Controller ATC component of Yoke, a Kubernetes deployment tool. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send...

7.5CVSS6.4AI score0.0041EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/12 10:6 p.m.6 views

golang.org/x/net/html has a Quadratic Parsing Complexity issue

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to Denial of Service DoS if an attacker provides specially crafted HTML content...

5.3CVSS5.3AI score0.00502EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/12 6:30 p.m.10 views

@farmfe/core is Missing Origin Validation in WebSocket

npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development hot module reloading server does not validate origin when connecting to a WebSocket client. This allows attackers to surveil developers running Farm who visit their webpage and steal source code that is leake...

6.5CVSS5.6AI score0.00191EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/12 5:4 p.m.14 views

CediPay Affected by Improper Input Validation in Payment Processing

A vulnerability in CediPay allows attackers to bypass input validation in the transaction API. Affected users: All deployments running versions prior to the patched release. Risk: Exploitation could result in unauthorized transactions, exposure of sensitive financial data, and compromise of payme...

8.8CVSS5.4AI score0.00268EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/12 5:4 p.m.14 views

qs's arrayLimit bypass in comma parsing allows denial of service

Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma: true is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in...

7.5CVSS5.5AI score0.00478EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/12 3:54 p.m.8 views

XWiki vulnerable to click-jacking through CSS injection in comments

Impact It's possible using comments to inject CSS that would transform the full wiki in a link area leading to a malicious page. All versions of XWiki are impacted by this kind of attack. Patches The problem has been patched not by preventing injecting CSS in comments, which is currently a featur...

6.1CVSS5.7AI score0.00279EPSS
Exploits0References9Affected Software1
Total number of security vulnerabilities33268