Lucene search
K
GithubRecent

33268 matches found

Github Security Blog
Github Security Blog
added 2026/02/06 6:54 p.m.9 views

client-certificate-auth Vulnerable to Open Redirect via Host Header Injection in HTTP-to-HTTPS redirect

Summary Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated Host header, allowing an attacker to redirect users to arbitrary domains. Vulnerable Code javascript //...

6.1CVSS5.5AI score0.00168EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/06 6:52 p.m.10 views

MCP-Salesforce's arbitrary attribute access leads to disclosure of Salesforce auth token

Impact Disclosure of Salesforce OAuth bearer tokens used by the MCP. Patches fix applied in 0.1.10 Workarounds Rotate any Salesforce tokens/credentials used by MCP-Salesforce...

8.7CVSS5.3AI score0.00409EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/06 6:51 p.m.17 views

Pydantic AI has Stored XSS via Path Traversal in Web UI CDN URL

Summary A Path Traversal vulnerability in the Pydantic AI web UI allows an attacker to serve arbitrary JavaScript in the context of the application by crafting a malicious URL. If a victim clicks the link or visits it via an iframe, attacker-controlled code executes in their browser, enabling the...

7.1CVSS5.9AI score0.00324EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/02/06 6:37 p.m.35 views

Semantic Kernel has Arbitrary File Write via AI Agent Function Calling in .NET SDK

Impact What kind of vulnerability is it? Who is impacted? An Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. Developers who have built applications which include Microsoft's Semantic Kernel .NET SDK and...

9.9CVSS5.5AI score0.0195EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2026/02/06 6:34 p.m.9 views

SCEditor has DOM XSS via emoticon URL/HTML injection

If an attacker has the ability control configuration options passed to sceditor.create, like emoticons, charset, etc. then it's possible for them to trigger an XSS attack due to lack of sanitisation of configuration options. Proof of concept: js sceditor.createtextarea, emoticons: dropdown: ':':...

5.4CVSS5.3AI score0.00216EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/06 6:32 p.m.23 views

Pydantic AI has Server-Side Request Forgery (SSRF) in URL Download Handling

Summary A Server-Side Request Forgery SSRF vulnerability exists in Pydantic AI's URL download functionality. When applications accept message history from untrusted sources, attackers can include malicious URLs that cause the server to make HTTP requests to internal network resources, potentially...

8.6CVSS5.6AI score0.00579EPSS
Exploits1References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/02/06 6:30 p.m.8 views

Gophish is vulnerable to Incorrect Access Control

Gophish = 0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context...

7.6CVSS5.4AI score0.00267EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/06 6:30 p.m.13 views

Mattermost Confluence plugin doesn't properly escape user-controlled display names in HTML template rendering

Mattermost Confluence plugin version 1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connectio...

7.7CVSS5.8AI score0.00189EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/06 6:25 p.m.7 views

OpenSTAManager has a SQL Injection in the Prima Nota module

Summary Critical Error-Based SQL Injection vulnerability in the Prima Nota Journal Entry module of OpenSTAManager v2.9.8 allows authenticated attackers to extract complete database contents including user credentials, customer PII, and financial records through XML error messages by injecting...

8.7CVSS6.1AI score0.00344EPSS
Exploits3References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/06 6:24 p.m.19 views

OpenSTAManager has a SQL Injection vulnerability in the Scadenzario bulk operations module

Summary Critical Error-Based SQL Injection vulnerability in the Scadenzario Payment Schedule bulk operations module of OpenSTAManager v2.9.8 allows authenticated attackers to extract complete database contents including user credentials, customer PII, and financial records through XML error...

8.7CVSS6.1AI score0.00356EPSS
Exploits4References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/06 6:23 p.m.64 views

OpenSTAManager has a Time-Based Blind SQL Injection with Amplified Denial of Service

Summary Critical Time-Based Blind SQL Injection vulnerability affecting multiple search modules in OpenSTAManager v2.9.8 allows authenticated attackers to extract sensitive database contents including password hashes, customer data, and financial records through time-based Boolean inference attac...

8.7CVSS6.1AI score0.00366EPSS
Exploits3References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/06 6:19 p.m.10 views

OpenSTAManager has a Time-Based Blind SQL Injection in Article Pricing Module

Summary Critical Time-Based Blind SQL Injection vulnerability in the article pricing module of OpenSTAManager v2.9.8 allows authenticated attackers to extract complete database contents including user credentials, customer data, and financial records through time-based Boolean inference attacks...

8.7CVSS6AI score0.00366EPSS
Exploits3References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/06 6:16 p.m.9 views

Gogs vulnerable to arbitrary file deletion via Path Traversal in wiki page update

Summary A Path Traversal vulnerability exists in the updateWikiPage function of Gogs. The vulnerability allows an authenticated user with write access to a repository's wiki to delete arbitrary files on the server by manipulating the oldtitle parameter in the wiki editing form. Vulnerability...

8.1CVSS5.7AI score0.00654EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/06 6:14 p.m.14 views

Gogs has arbitrary file read/write via Path Traversal in Git hook editing

Vulnerability Description In the endpoint: /username/reponame/settings/hooks/git/:name the :name parameter: Is URL-decoded by macaron routing, allowing decoded slashes / Is then passed directly to: go git.Repository.Hook"customhooks", name which internally resolves the path as: go...

6.5CVSS5.5AI score0.00456EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/06 6:10 p.m.12 views

Gogs user can update repository content with read-only permission

Vulnerability Description The endpoint PUT /repos/:owner/:repo/contents/ does not require write permissions and allows access with read permission only via repoAssignment. After passing the permission check, PutContents invokes UpdateRepoFile, which results in: Commit creation Execution of git pu...

6.5CVSS5.8AI score0.00282EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/06 6:8 p.m.11 views

Gogs has a Denial of Service issue

Summary An authenticated user can cause a DOS attack. If one of the repo files is deleted before synchronization, it will cause the application to crash. Details If GetMirrorByRepoID fails, the error log dereferencing null pointer. This happens if the repository no longer exits...

6.5CVSS5.4AI score0.00336EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/06 6:6 p.m.11 views

OpenSTAManager has a SQL Injection in Scadenzario Print Template

Summary An authenticated SQL Injection vulnerability in OpenSTAManager's Scadenzario Payment Schedule print template allows any authenticated user to extract sensitive data from the database, including admin credentials, customer information, and financial records. The vulnerability enables...

8.7CVSS5.8AI score0.00354EPSS
Exploits3References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/06 6:4 p.m.18 views

OpenSTAManager has a SQL Injection in ajax_select.php (componenti endpoint)

Summary A SQL Injection vulnerability exists in the ajaxselect.php endpoint when handling the componenti operation. An authenticated attacker can inject malicious SQL code through the optionsmatricola parameter. Proof of Concept Vulnerable Code File: modules/impianti/ajax/select.php:122-124 php...

8.8CVSS5.9AI score0.00423EPSS
Exploits3References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/06 5:59 p.m.16 views

OpenSTAManager has an OS Command Injection in P7M File Processing

Summary A critical OS Command Injection vulnerability exists in the P7M signed XML file decoding functionality. An authenticated attacker can upload a ZIP file containing a .p7m file with a malicious filename to execute arbitrary system commands on the server. Vulnerable Code File:...

9.4CVSS6.1AI score0.01755EPSS
Exploits13References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/06 5:54 p.m.168 views

Gogs Vulnerable to 2FA Bypass via Recovery Code

Contact OpenAI Security Research at [email protected] to engage on this report. See PDF report for easier reading. Security Advisory: 2FA Bypass via Recovery Code Vulnerability Type: 2FA Authentication Bypass Affected Software: GOGS Severity: High Date: Aug 5, 2025 Discoverer: OpenAI...

8.8CVSS5.8AI score0.00424EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/06 5:49 p.m.12 views

Gogs's update .git/config file allows remote command execution

Summary Due to the insufficient patch for the https://github.com/gogs/gogs/security/advisories/GHSA-wj44-9vcg-wjq7, it's still possible to update files in the .git directory and achieve remote command execution. Details Function UpdateRepoFile security check under some if conditions. While...

9.8CVSS5.4AI score0.01229EPSS
Exploits3References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/06 3:31 p.m.8 views

Neo4j Enterprise and Community editions have insufficient escaping of unicode characters in query log

Insufficient escaping of unicode characters in query log in Neo4j Enterprise and Community editions prior to 2026.01 can lead to XSS if the user opens the logs in a tool that treats them as HTML. There is no security impact on Neo4j products, but this advisory is released as a precaution to treat...

5.4CVSS5.2AI score0.00207EPSS
Exploits2References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/05 9:57 p.m.12 views

Sliver Vulnerable to Website Path Traversal / Arbitrary File Read (Authenticated)

Summary A Path Traversal vulnerability in the website content subsystem lets an authenticated operator read arbitrary files on the Sliver server host. This is an authenticated Path Traversal / arbitrary file read issue, and it can expose credentials, configs, and keys. Affected Component - Websit...

6.5CVSS5.6AI score0.00485EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/05 9:46 p.m.17 views

OpenFGA Improper Policy Enforcement

Impact OpenFGA v1.8.5 to v1.11.2 openfga-0.2.22 = Helm chart = openfga-0.2.51, v.1.8.5 = docker = v.1.11.2 are vulnerable to improper policy enforcement when certain Check calls are executed. Affected Users Users are affected by this vulnerability if all of the following preconditions are met: -...

8.8CVSS5.4AI score0.00308EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/05 9:33 p.m.10 views

@nyariv/sandboxjs vulnerable to sandbox escape via TOCTOU bug on keys in property accesses

Summary A sandbox escape vulnerabilities due to a mismatch between the key on which the validation is performed and the key used for accessing properties. Details Even though the key used in property accesses b in the code below is annotated as string, this is never enforced:...

10CVSS5.7AI score0.00489EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/05 9:29 p.m.11 views

OpenCloud Affected by Public Link Exploit

Impact A security issue was discovered in Reva that enables a malicious user to bypass the scope validation of a public link. That allows it to access resources outside the scope of a public link. OpenCloud uses Reva as one of its core components and thus it is affected. Patches Update to OpenClo...

5.5AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/05 9:22 p.m.17 views

qdrant has arbitrary file write via `/logger` endpoint

Summary It is possible to append to arbitrary files via /logger endpoint. Minimal privileges are required read-only access. Tested on Qdrant 1.15.5 Details POST /logger Source code link endpoint accepts an attacker-controlled ondisk.logfile path. There are no authorization checks but authenticati...

8.8CVSS6.2AI score0.0049EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/05 9:19 p.m.8 views

Unauthenticated Spree Commerce users can access all guest addresses

Summary A critical IDOR vulnerability exists in Spree Commerce's guest checkout flow that allows any guest user to bind arbitrary guest addresses to their order by manipulating address ID parameters. This enables unauthorized access to other guests' personally identifiable information PII includi...

8.7CVSS5.9AI score0.00599EPSS
Exploits1References13Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/05 9:13 p.m.9 views

Unauthenticated Spree Commerce users can view completed guest orders by Order ID

Unauthenticated users can view completed guest orders by Order ID GHSL-2026-029 The OrdersControllershow action permits viewing completed guest orders by order number alone, without requiring the associated order token. Order lookup without enforcing token requirement in OrdersControllershow: rub...

8.7CVSS5.5AI score0.00441EPSS
Exploits1References11Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/05 9:8 p.m.8 views

NiceGUI's Path Traversal via Unsanitized FileUpload.name Enables Arbitrary File Write

Summary NiceGUI's FileUpload.name property exposes client-supplied filename metadata without sanitization, enabling path traversal when developers use the pattern UPLOADDIR / file.name. Malicious filenames containing ../ sequences allow attackers to write files outside intended directories, with...

7.5CVSS6.6AI score0.03212EPSS
Exploits3References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/05 9:5 p.m.12 views

@nyariv/sandboxjs has a Sandbox Escape vulnerability

Summary As Map is in SAFEPROTOYPES, it's prototype can be obtained via Map.prototype. By overwriting Map.prototype.has the sandbox can be escaped. Details This is effectively equivalent to CVE-2026-25142, but without lookupGetter let was used during testing, it turns out the let implementation is...

10CVSS5.4AI score0.00645EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/05 9:4 p.m.10 views

@nyariv/sandboxjs has Sandbox Escape via Prototype Whitelist Bypass and Host Prototype Pollution

Summary A sandbox escape is possible by shadowing hasOwnProperty on a sandbox object, which disables prototype whitelist enforcement in the property-access path. This permits direct access to proto and other blocked prototype properties, enabling host Object.prototype pollution and persistent...

10CVSS5.6AI score0.00636EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/05 9:2 p.m.13 views

payload-preferences has Cross-Collection IDOR in Access Control (Multi-Auth Environments)

Impact A cross-collection Insecure Direct Object Reference IDOR vulnerability exists in the payload-preferences internal collection. In multi-auth collection environments using Postgres or SQLite with default serial/auto-increment IDs, authenticated users from one auth collection can read and...

5.4CVSS5.3AI score0.00193EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/05 8:51 p.m.22 views

@payloadcms/drizzle has SQL Injection in JSON/RichText Queries on PostgreSQL/SQLite Adapters

Impact When querying JSON or richText fields, user input was directly embedded into SQL without escaping, enabling blind SQL Injection attacks. An unauthenticated attacker could extract sensitive data emails, password reset tokens and achieve full account takeover without password cracking. Users...

9.8CVSS5.8AI score0.00453EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/05 8:41 p.m.10 views

@nyariv/sandboxjs has a Sandbox Escape issue

Summary The return values of functions aren't wrapped. Object.values/Object.entries can be used to get an Array containing the host's Function constructor, by using Array.prototype.at you can obtain the hosts Function constructor, which can be used to execute arbitrary code outside of the sandbox...

10CVSS6AI score0.00782EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/05 8:32 p.m.11 views

OpenCloud Reva has a Public Link Exploit

Impact A security issue was discovered in Reva based products that enables a malicious user to bypass the scope validation of a public link, allowing it to access resources outside the scope of a public link. Details Public link shares in OpenCloud are bound to a specific scope usually a file or...

8.2CVSS5.5AI score0.00273EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/05 6:38 p.m.12 views

webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior

Summary When experiments.buildHttp is enabled, webpack’s HTTPS resolver HttpUriPlugin can be bypassed to fetch resources from hosts outside allowedUris by using crafted URLs that include userinfo username:password@host. If allowedUris enforcement relies on a raw string prefix check e.g.,...

3.7CVSS5.6AI score0.002EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/05 6:35 p.m.15 views

webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects → SSRF + cache persistence

Summary When experiments.buildHttp is enabled, webpack’s HTTPS resolver HttpUriPlugin enforces allowedUris only for the initial URL, but does not re-validate allowedUris after following HTTP 30x redirects. As a result, an import that appears restricted to a trusted allow-list can be redirected to...

3.7CVSS5.6AI score0.002EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/05 6:30 p.m.7 views

Microweber has a Cross-site Scripting vulnerability

Cross-site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The iss...

6.1CVSS6.1AI score0.0027EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/05 6:30 p.m.10 views

pgadmin4 affected by a Restore restriction bypass via key disclosure vulnerability

pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract t...

7.4CVSS5.8AI score0.00392EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/05 6:30 p.m.8 views

Microweber Cross-site Scripting vulnerability

There is a Cross-site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "relid" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The...

6.1CVSS6.2AI score0.0027EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/05 6:2 p.m.11 views

FrankenPHP has delayed propagation of security fixes in upstream base images

Delayed propagation of security fixes in upstream base images Summary Vulnerability in base Docker images PHP, Go, and Alpine not automatically propagating to FrankenPHP images. FrankenPHP's container images were previously built only when specific version tags were updated or when manual trigger...

9.8CVSS5.5AI score0.47621EPSS
Exploits7References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/05 5:57 p.m.4 views

time vulnerable to stack exhaustion Denial of Service attack

Impact When user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary,...

6.8CVSS5.3AI score0.00291EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/05 5:49 p.m.11 views

Sandbox escape via infinite recursion and error objects

Note: The npm package has moved to @enclave-vm/core formerly enclave-vm. All fixed versions and guidance refer to @enclave-vm/core. Summary The existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the err...

8.8CVSS5.8AI score0.0023EPSS
Exploits1References5Affected Software2
Github Security Blog
Github Security Blog
added 2026/02/05 5:41 p.m.11 views

NiceGUI's XSS vulnerability in ui.markdown() allows arbitrary JavaScript execution through unsanitized HTML content

Description The ui.markdown component uses the markdown2 library to convert markdown content to HTML, which is then rendered via innerHTML. By default, markdown2 allows raw HTML to pass through unchanged. This means that if an application renders user-controlled content through ui.markdown, an...

6.1CVSS5.4AI score0.00241EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/05 9:31 a.m.5 views

web2py has an Open Redirect Vulnerability

web2py versions 2.27.1-stable+timestamp.2023.11.16.08.03.57 and prior contain an Open Redirect vulnerability. If this vulnerability is exploited, the user may be redirected to an arbitrary website when accessing a specially crafted URL. As a result, the user may become a victim of a phishing atta...

5.1CVSS5.5AI score0.00294EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/05 12:38 a.m.9 views

FUXA Unauthenticated Remote Arbitrary Device Tag Write

Summary Description An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. This affects FUXA through version 1.2.9. This issue has been patched in FUXA version 1.2.10. Impact This affects all deployments, including those...

9.3CVSS5.5AI score0.00479EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/05 12:37 a.m.17 views

FUXA Unauthenticated Remote Code Execution via Arbitrary File Write in Upload API

Summary Description A path traversal vulnerability in FUXA allows an unauthenticated, remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This affects FUXA through version 1.2.9. This issue has been patched in FUXA version 1.2.10. Impact This affects all...

9.8CVSS5.7AI score0.02675EPSS
Exploits3References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/05 12:36 a.m.12 views

FUXA Unauthenticated Remote Code Execution via Hardcoded JWT Secret in Default Configuration

Description An insecure default configuration in FUXA allows an unauthenticated, remote attacker to gain administrative access and execute arbitrary code on the server. This affects FUXA through version 1.2.9 when authentication is enabled, but the administrator JWT secret is not configured. This...

9.8CVSS6.3AI score0.00759EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/05 12:33 a.m.14 views

FUXA Unauthenticated Exposure of Plaintext Database Credentials

Description An information disclosure vulnerability in FUXA allows an unauthenticated, remote attacker to retrieve sensitive administrative database credentials. This affects FUXA through version 1.2.9. This issue has been patched in FUXA version 1.2.10. Impact This affects all deployments,...

9.1CVSS5.5AI score0.00269EPSS
Exploits0References5Affected Software1
Total number of security vulnerabilities33268