Lucene search
K
GithubRecent

33268 matches found

Github Security Blog
Github Security Blog
added 2026/02/12 3:54 p.m.9 views

Traefik: TCP readTimeout bypass via STARTTLS on Postgres

Impact There is a potential vulnerability in Traefik managing STARTTLS requests. An unauthenticated client can bypass Traefik entrypoint respondingTimeouts.readTimeout by sending the 8-byte Postgres SSLRequest STARTTLS prelude and then stalling, causing connections to remain open indefinitely,...

7.5CVSS5.9AI score0.00709EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/12 3:29 p.m.25 views

FrankenPHP's unicode case-folding length expansion causes incorrect split_path index (SCRIPT_NAME/PATH_INFO confusion) in FrankenPHP

Summary FrankenPHP’s CGI path splitting logic improperly handles Unicode characters during case conversion. The logic computes the split index for finding .php on a lowercased copy of the request path but applies that byte index to the original path. Because strings.ToLower in Go can increase the...

9.8CVSS6.2AI score0.0058EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/12 3:29 p.m.10 views

FrankenPHP leaks session data between requests in worker mode

Summary When running FrankenPHP in worker mode, the $SESSION superglobal is not correctly reset between requests. This allows a subsequent request processed by the same worker to access the $SESSION data of the previous request potentially belonging to a different user before sessionstart is...

8.7CVSS5.6AI score0.00356EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/12 3:29 p.m.12 views

webtransport-go: Memory Exhaustion Attack due to Missing Cleanup of Streams Map

Summary An attacker can cause unbounded memory consumption repeatedly creating and closing many WebTransport streams. Closed streams were not removed from an internal session map, preventing garbage collection of their resources. Details webtransport-go maintains an internal map tracking...

5.3CVSS5.5AI score0.00366EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/12 3:29 p.m.12 views

webtransport-go: CloseWithError can block indefinitely

Summary An attacker can cause a denial of service in webtransport-go by preventing or indefinitely delaying WebTransport session closure. A malicious peer can withhold QUIC flow control credit on the CONNECT stream, blocking transmission of the WTCLOSESESSION capsule and causing the close operati...

7.5CVSS5.7AI score0.00413EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/12 3:28 p.m.20 views

webtransport-go: Memory Exhaustion Attack due to Missing Length Check in WT_CLOSE_SESSION Capsule

Summary An attacker can cause excessive memory consumption in webtransport-go's session implementation by sending a WTCLOSESESSION capsule containing an excessively large Application Error Message. The implementation does not enforce the draft-mandated limit of 1024 bytes on this field, allowing ...

7.5CVSS6.1AI score0.00413EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/12 9:30 a.m.12 views

Grafana has a Cross-site Scripting issue

Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasources with the Jaeger HTTP API appear to be affected; Jaeger gRPC and Tempo ...

6.8CVSS5.8AI score0.00239EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/12 6:30 a.m.10 views

markdown-it is has a Regular Expression Denial of Service (ReDoS)

Versions of the package markdown-it from 13.0.0 and before 14.1.1 are vulnerable to Regular Expression Denial of Service ReDoS due to the use of the regex /+$/ in the linkify function. An attacker can supply a long sequence of characters followed by a non-matching character, which triggers...

7.5CVSS5.5AI score0.00503EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/12 3:31 a.m.6 views

next-mdx-remote affected by arbitrary code execution in React server-side rendering of untrusted MDX content

The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content...

8.8CVSS6.5AI score0.00582EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/12 12:31 a.m.11 views

Duplicate Advisory: Keras vulnerable to arbitrary file read in the model loading mechanism (HDF5 integration)

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-3m4q-jmj6-r34q. This link is maintained to preserve external references. Original Description Arbitrary file read in the model loading mechanism HDF5 integration in Keras versions 3.0.0 through 3.13.1 on all...

7.5CVSS5.3AI score0.00298EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/11 9:30 p.m.44 views

DiskCache has unsafe pickle deserialization

DiskCache python-diskcache through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache...

9.8CVSS6.4AI score0.00521EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/11 9:30 p.m.12 views

ajv has ReDoS when using `$data` option

ajv Another JSON Schema Validator through version 8.17.1 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax $data reference, which is passed directly to the JavaScript RegExp constructor...

7.5CVSS5.9AI score0.00492EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/11 7:49 p.m.12 views

Milvus: Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise

Summary Milvus exposes TCP port 9091 by default with two critical authentication bypass vulnerabilities: 1. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath default: by-dev, enabling arbitrary expression evaluation. 2. The full REST API...

9.8CVSS6.8AI score0.34346EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/11 6:39 p.m.8 views

Vikunja Vulnerable to XSS Via Task Preview

Summary The task preview component creates a unparented div. The div's innerHtml is set to the unescaped description of the task Details In the TaskGlanceTooltip.vue it temporarily creates a div and sets the innerHtml to the description here. Since there is no escaping on either the server or...

8.6CVSS5.5AI score0.00227EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/11 6:31 p.m.13 views

nanotar is vulnerable to path traversal in parseTar() and parseTarGzip()

nanotar through 0.2.0 has a path traversal vulnerability in parseTar and parseTarGzip that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal sequence...

9.8CVSS5.8AI score0.00841EPSS
Exploits2References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/11 6:17 p.m.8 views

Statamic CMS vulnerable to privilege escalation via stored cross-site scripting

Impact Stored XSS vulnerability in content titles allow authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Malicious user must have an account with control panel access and content creation permissions. This...

8.7CVSS5.4AI score0.00293EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/11 4:53 p.m.11 views

Statamic CMS's missing authorization allows access to assets

Impact Users without permission to view assets are able are able to download them and view their metadata. Logged-out users and users without permission to access the control panel are unable to take advantage of this. Patches This has been fixed in 5.73.6 and 6.2.5...

4.3CVSS5.4AI score0.00285EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/11 3:30 p.m.9 views

Phraseanet vulnerable to stored cross-site scripting through crafted file names

Phraseanet 4.0.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through crafted file names during document uploads. Attackers can upload files with embedded SVG scripts that execute in the browser, potentially stealing cookies or...

6.4CVSS5.2AI score0.00251EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/11 3:30 p.m.11 views

Kimai 2 vulnerable to persistent cross-site scripting in the timesheet descriptions

Kimai 2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into timesheet descriptions. Attackers can insert SVG-based XSS payloads in the description field to execute arbitrary JavaScript when the page is loaded and viewed by other users...

6.4CVSS5.5AI score0.00261EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/11 3:13 p.m.14 views

set-in Affected by Prototype Pollution

Summary A prototype pollution vulnerability exists in the the npm package set-in =2.0.1. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key, it is still possible to pollute Object.prototype via a crafted input using...

9.8CVSS6AI score0.00461EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/11 3:13 p.m.10 views

@langchain/community affected by SSRF Bypass in RecursiveUrlLoader via insufficient URL origin validation

Description The RecursiveUrlLoader class in @langchain/community is a web crawler that recursively follows links from a starting URL. Its preventOutside option enabled by default is intended to restrict crawling to the same site as the base URL. The implementation used String.startsWith to compar...

4.1CVSS5.5AI score0.00371EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/11 3:13 p.m.11 views

Pion DTLS's usage of random nonce generation with AES GCM ciphers risks leaking the authentication key

Impact Pion DTLS versions v1.0.0 through v3.0.10 use random nonce generation with AES GCM ciphers, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack". Patches Upgrade to v3.1.1 or late...

5.9CVSS5.6AI score0.00619EPSS
Exploits0References8Affected Software3
Github Security Blog
Github Security Blog
added 2026/02/11 2:23 p.m.9 views

LangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages

Server-Side Request Forgery SSRF in ChatOpenAI Image Token Counting Summary The ChatOpenAI.getnumtokensfrommessages method fetches arbitrary imageurl values without validation when computing token counts for vision-enabled models. This allows attackers to trigger Server-Side Request Forgery SSRF...

3.7CVSS5.9AI score0.00379EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/11 2:23 p.m.13 views

Leaky JWTs in OpenMetadata exposing highly-privileged bot users

Summary Calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services Glue / Redshift / Postgres Details Any read-only user can gain access to a highly privileged account, typically which has the Ingestion Bot Role. This enables destructive changes...

7.6CVSS5.5AI score0.00331EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/11 2:22 p.m.13 views

Pillow affected by out-of-bounds write when loading PSD images

Impact An out-of-bounds write may be triggered when loading a specially crafted PSD image. Pillow = 10.3.0 users are affected. Patches Pillow 12.1.1 will be released shortly with a fix for this. Workarounds Image.open has a formats parameter that can be used to prevent PSD images from being opene...

8.6CVSS5.5AI score0.00367EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/10 9:32 p.m.20 views

Microsoft Security Advisory CVE-2026-21218 | .NET Security Feature Bypass Vulnerability

Microsoft Security Advisory CVE-2026-21218 | .NET Security Feature Bypass Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do...

7.5CVSS5.6AI score0.01015EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/10 9:31 p.m.8 views

mongo-go-driver has Heap Out-of-Bounds Read in GSSAPI Error Handling

The mongo-go-driver repository contains CGo bindings for GSSAPI Kerberos authentication on Linux and macOS. The C wrapper implementation contains a heap out-of-bounds read vulnerability due to incorrect assumptions about string termination in the GSSAPI standard. Since GSSAPI buffers are not...

6.9CVSS5.3AI score0.00223EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2026/02/10 9:27 p.m.34 views

cryptography Vulnerable to a Subgroup Attack Due to Missing Subgroup Validation for SECT Curves

Vulnerability Summary The publickeyfromnumbers or EllipticCurvePublicNumbers.publickey, EllipticCurvePublicNumbers.publickey, loadderpublickey and loadpempublickey functions do not verify that the point belongs to the expected prime-order subgroup of the curve. This missing validation allows an...

8.2CVSS5.6AI score0.00341EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/10 6:30 p.m.7 views

Azure AI Language Authoring Elevation of Privilege Vulnerability can Lead to RCE

Deserialization of untrusted data in the Azure AI Language Conversations Authoring client library for Python allows an unauthorized attacker to execute code over a network...

9.8CVSS5.7AI score0.02344EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/10 6:30 p.m.14 views

CASL Ability is Vulnerable to Prototype Pollution

CASL Ability, versions 2.4.0 through 6.7.4, contains a prototype pollution vulnerability...

9.8CVSS5.4AI score0.00624EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/10 2:33 p.m.16 views

cap-go/capacitor-native-biometric Authentication Bypass

There is a potential issue with the cap-go/capacitor-native-biometric library. --- Summary The cap-go/capacitor-native-biometric library was found to be subject to an authentication bypass as the current implementation of the onAuthenticationSucceeded does not appear to handle a...

5.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/10 2:33 p.m.9 views

Emmett-Core: Unhandled CookieError Exception Causing Denial of Service

Summary The cookies property in emmettcore.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticated attackers to trigger HTTP 500 errors and cause denial of service. Details Location: emmettcore/http/wrappers/init.py line 64...

7.5CVSS5.6AI score0.00271EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/10 12:30 p.m.7 views

Keycloak logs sensitive headers

A flaw was found in Keycloak. When the logging format is configured to a verbose, user-supplied pattern such as the pre-defined 'long' pattern, sensitive headers including Authorization and Cookie are disclosed to the logs in cleartext. An attacker with read access to the log files can extract...

5CVSS5.8AI score0.00141EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/10 12:30 p.m.9 views

Apache Druid Vulnerable to Authentication Bypass

Affected Products and Versions Apache Druid Affected Versions: 0.17.0 through 35.x all versions prior to 36.0.0 Prerequisites: druid-basic-security extension enabled LDAP authenticator configured Underlying LDAP server permits anonymous bind ...

9.8CVSS5.6AI score0.01034EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/10 12:30 p.m.29 views

Apache Shiro Affected by an Observable Timing Discrepancy Vulnerability

Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1., 2. before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough, tha...

2.5CVSS5.6AI score0.00219EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/10 12:29 a.m.13 views

Cube Core is vulnerable to Denial of Service (DoS) via crafted request

Impact It is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. Affected Versions: = 1.1.17 Mitigation: Upgrade to a patched version: - 1.5.13 and later regular release - 1.4.2 active LTS release References The issue was reported by...

6.5CVSS5.5AI score0.00391EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/10 12:29 a.m.15 views

Cube Core is vulnerable to privilege escalation via a specially crafted request

Impact It is possible to make a specially crafted request with a valid API token that leads to privilege escalation. Affected Versions: ≥= 0.27.19 Mitigation: Upgrade to a patched version: - 1.5.13 and later regular release - 1.4.2 active LTS release - 1.0.14 end-of-life LTS release References Th...

7.7CVSS5.5AI score0.00352EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/10 12:29 a.m.19 views

FUXA Affected by a Path Traversal Sanitization Bypass

Summary A flaw in the path sanitization logic allows an authenticated attacker with administrative privileges to bypass directory traversal protections. By using nested traversal sequences e.g., ....//, an attacker can write arbitrary files to the server filesystem, including sensitive directorie...

8.6CVSS7.5AI score0.01216EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/10 12:28 a.m.17 views

go-git improperly verifies data integrity values for .idx and .pack files

Impact A vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would likely result in unexpected errors such as object not found. For context, clients fetch...

4.3CVSS5.6AI score0.00136EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/10 12:28 a.m.8 views

FUXA Unauthenticated Remote Arbitrary Scheduler Write

Summary An authorization bypass vulnerability in the FUXA allows an unauthenticated, remote attacker to create and modify arbitrary schedulers, exposing connected ICS/SCADA environments to follow-on actions. This vulnerability affects FUXA version 1.2.8 through version 1.2.10. This has been patch...

9.3CVSS5.8AI score0.11393EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/10 12:27 a.m.20 views

FUXA Unauthenticated Remote Code Execution in Node-RED Integration

Summary Description An authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This affects FUXA version 1.2.8 through version 1.2.10. This has been patched in FUXA version 1.2.11. Impact...

9.8CVSS6.3AI score0.00977EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/10 12:25 a.m.15 views

amphp/http-server affected by HTTP/2 DDoS vulnerability

Versions of amphp/http-server prior to 3.4.4 for the 3.x release branch and prior to 2.1.10 for the 2.x release branch are vulnerable to the HTTP/2 "MadeYouReset" DoS attack described by CVE-2025-8671 and https://kb.cert.org/vuls/id/767506. In versions 3.4.4 and 2.1.10, stream reset protection ha...

7.5CVSS5.4AI score0.04604EPSS
Exploits3References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/10 12:25 a.m.9 views

unity-cli Exposes Plaintext Credentials in Debug Logs (sign-package command)

The sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via JSON.stringify without sanitization, exposing secrets to shell history, CI/CD logs, and log...

5.9CVSS5.6AI score0.00132EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/10 12:25 a.m.15 views

Adminer has an Unauthenticated Persistent DoS via Array Injection in ?script=version Endpoint

Summary Adminer v5.4.1 has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from any source. An attacker can POST version parameter which P...

7.5CVSS5.7AI score0.01586EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/10 12:25 a.m.10 views

File Browser has a Path-Based Access Control Bypass via Multiple Leading Slashes in URL

Summary An authenticated user can bypass the application's "Disallow" file path rules by modifying the request URL. By adding multiple slashes e.g., //private/ to the path, the authorization check fails to match the rule, while the underlying filesystem resolves the path correctly, granting...

8.1CVSS5.6AI score0.00461EPSS
Exploits2References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/10 12:24 a.m.14 views

@nyariv/sandboxjs has host prototype pollution from sandbox via array intermediary (sandbox escape)

Summary A sandbox escape vulnerability allows sandboxed code to mutate host built-in prototypes by laundering the isGlobal protection flag through array literal intermediaries. When a global prototype reference e.g., Map.prototype, Set.prototype is placed into an array and retrieved, the isGlobal...

10CVSS5.8AI score0.00552EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/10 12:22 a.m.10 views

File Browser has an Authentication Bypass in User Password Update

Security Advisory: Authentication Bypass in User Password Update Summary A case-sensitivity flaw in the password validation logic allows any authenticated user to change their password or an admin to change any user's password without providing the current password. By using Title Case field name...

5.4CVSS5.6AI score0.00325EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/10 12:22 a.m.11 views

FroshAdminer Adminer UI is accessible without admin session

Summary Unauthenticated access to Adminer UI Details The Adminer route /admin/adminer was accessible without Shopware admin authentication. The route was configured with authrequired=false and performed no session validation, exposing the Adminer UI to unauthenticated users. Note: Database access...

6.9CVSS5.5AI score0.00362EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/10 12:21 a.m.11 views

Bitcoinrb Vulnerable to Command injection via RPC

Summary: Remote Code Execution Unsafe handling of request parameters in the RPC HTTP server results in command injection Details In lib/bitcoin/rpc/httpserver.rb line 30-39, the JSON body of a POST request is parsed into command and args variables. These values are then passed to send, which is...

6.5AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/09 9:31 p.m.12 views

Keycloak Affected by Broken Access Control Vulnerability in the UserManagedPermissionService

A flaw was found in Keycloak. A significant Broken Access Control vulnerability exists in the UserManagedPermissionService UMA Protection API. When updating or deleting a UMA policy associated with multiple resources, the authorization check only verifies the caller's ownership against the first...

5.4CVSS5.4AI score0.00287EPSS
Exploits0References10Affected Software1
Total number of security vulnerabilities33268