33268 matches found
Keycloak affected by improper invitation token validation
A flaw was found in Keycloak. An attacker can exploit this vulnerability by modifying the organization ID and target email within a legitimate invitation token's JSON Web Token JWT payload. This lack of cryptographic signature verification allows the attacker to successfully self-register into an...
Keycloak fails to verify if an Identity Provider (IdP) is enabled before issuing tokens
A flaw was found in Keycloak. A vulnerability exists in the jwt-authorization-grant flow where the server fails to verify if an Identity Provider IdP is enabled before issuing tokens. The issuer lookup mechanism lookupIdentityProviderFromIssuer retrieves the IdP configuration but does not filter...
Faraday affected by SSRF via protocol-relative URL host override in build_exclusive_url
Impact Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986, protocol-relative URLs e.g. //evil.com/path are treated as network-path references that override the base URL's host/authority...
LangSmith Client SDK Affected by Server-Side Request Forgery via Tracing Header Injection
Summary The LangSmith SDK's distributed tracing feature is vulnerable to Server-Side Request Forgery via malicious HTTP headers. An attacker can inject arbitrary apiurl values through the baggage header, causing the SDK to exfiltrate sensitive trace data to attacker-controlled endpoints. ---...
Craft CMS Vulnerable to potential authenticated Remote Code Execution via malicious attached Behavior
Relationship to Previously Patched Vulnerability This vulnerability is in addition to the RCE vulnerability patched in GHSA-255j-qw47-wjh5. That advisory addressed a similar RCE vulnerability that affected two specific routes: - /index.php?p=admin%2Factions%2Ffields%2Fapply-layout-element-setting...
Craft CMS: GraphQL Asset Mutation Privilege Escalation
There is a Privilege Escalation vulnerability in Craft CMS’s GraphQL API that allows an authenticated user with write access to one asset volume to escalate their privileges and modify/transfer assets belonging to any other volume, including restricted or private volumes to which they should not...
Craft CMS Vulnerable to Stored XSS in Number Prefix & Suffix Fields
Summary A stored XSS vulnerability exists in the Number field type settings. The Prefix and Suffix fields are rendered using the |md|raw Twig filter without proper escaping, allowing script execution when the Number field is displayed on users' profiles. Proof of Concept Required Permissions -...
Craft CMS Vulnerable to SQL Injection in Element Indexes via `criteria[orderBy]`
Summary The element-indexes/get-elements endpoint is vulnerable to SQL Injection via the criteriaorderBy parameter JSON body. The application fails to sanitize this input before using it in the database query. An attacker with Control Panel access can inject arbitrary SQL into the ORDER BY clause...
Craft CMS Vulnerable to SSRF in GraphQL Asset Mutation via Alternative IP Notation
I observed a recent commit intended to mitigate Server-Side Request Forgery SSRF vulnerabilities. While the implemented defense mechanisms are an improvement, I have identified two methods to bypass these protections. This report details the first bypass method involving alternative IP notation,...
Craft CMS Vulnerable to SSRF in GraphQL Asset Mutation via HTTP Redirect
Summary The saveAsset GraphQL mutation validates the initial URL hostname and resolved IP against a blocklist, but Guzzle follows HTTP redirects by default. An attacker can bypass all SSRF protections by hosting a redirect that points to cloud metadata endpoints or any internal IP addresses. ---...
Craft CMS: save_images_Asset graphql mutation can be abused to exfiltrate AWS credentials of underlying host
Summary - The saveimagesAsset graphql mutation allows a user to give a url of an image to download. Url must use a domain, not a raw IP. - Attacker sets up domain attacker.domain with an A record of something like 169.254.169.254 special AWS metadata IP - Attacker invokes saveimagesAsset with url...
Craft CMS Vulnerable to Stored XSS in Entry Types Name
Summary Stored XSS via Entry Type names. The name is not sanitized when displayed in the Entry Types list. --- Proof of Concept Required Permissions Attacker - Admin access only admins have access to the settings page - allowAdminChanges is enabled in production, which is against our security...
Super-linter is vulnerable to command injection via crafted filenames in Super-linter Action
Summary The Super-linter GitHub Action is vulnerable to command injection via crafted filenames. When this action is used in downstream GitHub Actions workflows, an attacker can submit a pull request that introduces a file whose name contains shell command substitution syntax, such as $.... In...
Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig
Denial of Service via proto Key in mergeConfig Summary The mergeConfig function in axios crashes with a TypeError when processing configuration objects containing proto as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse, causing...
Harden-Runner: Bypassing Logging of Outbound Connections Using sendto, sendmsg, and sendmmsg in Harden-Runner (Community Tier)
Summary A security vulnerability has been identified in the Harden-Runner GitHub Action Community Tier that allows outbound network connections to evade audit logging. Specifically, outbound traffic using the sendto, sendmsg, and sendmmsg socket system calls can bypass detection and logging when...
Litestar's FileStore key canonicalization collisions allow response cache mixup/poisoning (ASCII ord + Unicode NFKD)
Summary FileStore maps cache keys to filenames using Unicode NFKD normalization and ord substitution without separators, creating key collisions. When FileStore is used as response-cache backend, an unauthenticated remote attacker can trigger cache key collisions via crafted paths, causing one UR...
Litestar's AllowedHosts has a validation bypass due to unescaped regex metacharacters in configured host patterns
Summary AllowedHosts host validation can be bypassed because configured host patterns are turned into regular expressions without escaping regex metacharacters notably .. A configured allowlist entry like example.com can match exampleXcom Details In litestar.middleware.allowedhosts, allowlist...
Litestar's CORS origin allowlist has a bypass due to unescaped regex metacharacters in allowed origins
Summary CORS origin validation can be bypassed because the allowed-origins allowlist is compiled into a regex without escaping metacharacters notably .. An allowed origin like https://good.example can match https://goodXexample, resulting in Access-Control-Allow-Origin being set for an untrusted...
Fiber has an insecure fallback in utils.UUIDv4() / utils.UUID() — predictable / zero‑UUID on crypto/rand failure
Fiber v2 contains an internal vendored copy of gofiber/utils, and its functions UUIDv4 and UUID inherit the same critical weakness described in the upstream advisory. On Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtaine...
Apache Shiro has an Authentication Bypass
Impact Authentication Bypass: A vulnerability exists in Apache Shiro that allows authentication bypass for static files when served from a case-insensitive filesystem such as the default configuration on macOS or Windows. The issue arises when Shiro's URL filters are configured with lower-case...
Apache Airflow UI Exposes DAG Import Errors to Unauthorized Authenticated Users
Impact Exposure of Sensitive Information: An information disclosure vulnerability exists in the Apache Airflow UI that allows authenticated users to view Import Errors for DAGs they are not authorized to access. In affected versions, the Import Errors view does not correctly filter errors based o...
Apache Airflow Has an Authorization Bypass That Allows Unauthorized Task Log Access
Vulnerability Overview An authorization bypass vulnerability exists in Apache Airflow that allows authenticated users to access task execution logs without the required permissions. The Flaw The vulnerability affects environments using custom roles or granular permission settings. Normally, Airfl...
MCP Run Python Deno Sandbox Misconfiguration Allows SSRF Attacks via Localhost Access
Impact Server-Side Request Forgery SSRF: A security vulnerability exists in the mcp-run-python tool specifically within the Pydantic-AI integration due to an overly permissive Deno sandbox configuration. The tool configures the Deno runtime—which is intended to isolate the execution of untrusted...
MCP Run Python has a Sandbox Escape & Server Takeover Vulnerability
Impact Critical Sandbox Escape & Server Takeover: A critical security vulnerability exists in mcp-run-python due to a lack of isolation between the Python runtime Pyodide and the host JavaScript environment. The runPython and runPythonAsync functions execute Python code using Pyodide without...
jsonpath has Arbitrary Code Injection via Unsafe Evaluation of JSON Path Expressions
Impact Arbitrary Code Injection Remote Code Execution & XSS: A critical security vulnerability affects all versions of the jsonpath package. The library relies on the static-eval module to evaluate JSON Path expressions but fails to properly sanitize or sandbox the input. This allows an attacker ...
xcode-mcp-server vulnerable to Command Injection
A vulnerability was found in r-huijts xcode-mcp-server up to f3419f00117aa9949e326f78cc940166c88f18cb. This affects the function registerXcodeTools of the file src/tools/xcode/index.ts of the component runlldb. The manipulation of the argument args results in command injection. It is possible to...
mcp-maigret vulnerable to command injection
A vulnerability was determined in BurtTheCoder mcp-maigret up to 1.0.12. This affects an unknown part of the file src/index.ts of the component searchusername. Executing a manipulation of the argument Username can lead to command injection. The attack may be launched remotely. Upgrading to versio...
Sliver has DNS C2 OTP Bypass that Allows Unauthenticated Session Flooding and Denial of Service
Summary The DNS C2 listener accepts unauthenticated TOTP bootstrap messages and allocates server-side DNS sessions without validating OTP values, even when EnforceOTP is enabled. Because sessions are stored without a cleanup/expiry path in this flow, an unauthenticated remote actor can repeatedly...
Antrea has invalid enforcement order for network policy rules caused by integer overflow
Impact Antrea's network policy priority assignment system has a uint16 arithmetic overflow bug that causes incorrect OpenFlow priority calculations when handling a large numbers of policies with various priority values. This results in potentially incorrect traffic enforcement. If a user creates ...
Keylime Missing Authentication for Critical Function and Improper Authentication
Impact The Keylime registrar does not enforce mutual TLS mTLS client certificate authentication since version 7.12.0. The registrar's TLS context is configured with ssl.CERTOPTIONAL instead of ssl.CERTREQUIRED, allowing any client to connect to protected API endpoints without presenting a valid...
LookupResources Cursor section tampering can crash SpiceDB process via tuple.MustParse panic
Description A malformed or tampered-with LookupResources Cursor token can cause a panic in the SpiceDB process if it fails to parse. If an attacker were able to make requests to a SpiceDB instance, they could affect its availability. Reproduction If one was to take a cursor from a LookupResources...
Duplicate Advisory: Keylime Missing Authentication for Critical Function and Improper Authentication
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4jqp-9qjv-57m2. This link is maintained to preserve external references. Original Description A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Laye...
`uniswap-utils` was removed from crates.io for malicious code
It depended on the evm-units crate, which appeared to be attempting to steal cryptocurrency...
`sha-rust` was removed from crates.io for malicious code
It appeared to be attempting to steal credentials from local files...
`finch-rust` was removed from crates.io for malicious code
It depended on the sha-rust crate, which appeared to be attempting to steal credentials from local files...
`polymarket-clients-sdk` was removed from crates.io for malicious code
It appeared to be typosquatting existing crate polymarket-client-sdk clients vs client and attempting to steal credentials from local files. The malicious crate had 6 versions published on 2026-02-05 and had been downloaded only 59 times. There were no crates depending on this crate on crates.io...
`evm-units` was removed from crates.io for malicious code
It appeared to be attempting to steal cryptocurrency...
Blocklist Bypass possible via ECDSA Signature Malleability
Impact When using P256 certificates which is not the default configuration, it is possible to evade a blocklist entry created against the fingerprint of a certificate by using ECDSA Signature Malleability to use a copy of the certificate with a different fingerprint. In order for this to affect a...
AdonisJS vulnerable to Denial of Service (DoS) via Unrestricted Memory Buffering in PartHandler during File Type Detection
Summary A Denial of Service DoS vulnerability CWE-400 exists in the multipart file handling logic of @adonisjs/bodyparser. When processing file uploads, the multipart parser may accumulate an unbounded amount of data in memory while attempting to detect file types, potentially leading to excessiv...
Gogs has authorization bypass in repository deletion API
Summary The DELETE /api/v1/repos/:owner/:repo endpoint lacks necessary permission validation middleware. Consequently, any user with read access including read-only collaborators can delete the entire repository. This vulnerability stems from the API route configuration only utilizing the...
Gogs vulnerable to Stored XSS via Mermaid diagrams
Summary Stored XSS via mermaid diagrams due to usage of vulnerable renderer library Details Gogs introduced support for rendering mermaid diagrams in version 0.13.0. Currently used version of the library mermaid 11.9.0 is vulnerable to at least two XSS scenarios with publicly available payloads...
A single post-release of dydx-v4-client contained obfuscated multi-stage loader
A PyPI user account compromised by an attacker and was able to upload a malicious version 1.1.5.post1 of the dydx-v4-client package. This version contains a highly obfuscated multi-stage loader that ultimately executes malicious code on the host system. While the final payload is not visible...
Phlex XSS protection bypass via attribute splatting, dynamic tags, and href values
Impact During a security audit conducted with Claude Opus 4.6 and GPT-5.3-Codex, we identified three specific ways to bypass the XSS cross-site-scripting protection built into Phlex. 1. The first bypass could happen if user-provided attributes with string keys were splatted into HTML tag, e.g...
AdonisJS multipart body parsing has Prototype Pollution issue
Description A Prototype Pollution vulnerability CWE-1321 in AdonisJS multipart form-data parsing may allow a remote attacker to manipulate object prototypes at runtime. This impacts @adonisjs/bodyparser through version 10.1.2 and 11.x prerelease versions prior to 11.0.0-next.8. This issue has bee...
Claude Code has Sandbox Escape via Persistent Configuration Injection in settings.json
Claude Code's bubblewrap sandboxing mechanism failed to properly protect the .claude/settings.json configuration file when it did not exist at startup. While the parent directory was mounted as writable and .claude/settings.local.json was explicitly protected with read-only constraints,...
Claude Code has Permission Deny Bypass Through Symbolic Links
Claude Code failed to strictly enforce deny rules configured in settings.json when accessing files through symbolic links. If a user explicitly denied Claude Code access to a file such as /etc/passwd and Claude Code had access to a symbolic link pointing to that file, it was possible for Claude...
Claude Code Vulnerable to Command Injection via Piped sed Command Bypasses File Write Restrictions
Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude folder and paths outside the project scope. Exploiting this require...
Claude Code Vulnerable to Command Injection via Directory Change Bypasses Write Protection
Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd command to navigate into sensitive directories like .claude, it was possible to bypass write protection and create or modify files without user confirmation. Reliabl...
[actix-files] Panic triggered by empty Range header in GET request for static file
Summary A GET request for a static file served by actix-files with an empty Range header triggers a panic. With panic = "abort", a remote user may crash the process on-demand. Details actix-files assumes that HttpRange::parse, when Ok, always returns a vector with at least one element. When parse...
actix-files has a possible exposure of information vulnerability
Summary When passing a non-existing folder to the actixfiles::Files::new method causes the actix server to expose unexpected files. Details The actix-files library exposes a Files struct that configures an actix service to serve the files in a folder as static assets. Below you can find the...