Lucene search
K
GithubRecent

33268 matches found

Github Security Blog
Github Security Blog
•added 2026/02/05 12:27 a.m.•11 views

FUXA Unauthenticated Remote Code Execution via Admin JWT Minting

Note GitHub incorrectly stated this vulnerability is identical to CVE-2025-69970, which describes the fact that authentication is disabled by default. This advisory describes an exploit chain that enables authentication bypass via the heartbeat refresh endpoint when authentication is enabled. Thi...

10CVSS6.3AI score0.00677EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 11:21 p.m.•15 views

EVE Has Partially Predetermined Vault Key

Impact The deriveVaultKey function calls retrieveCloudKey which always returns "foobarfoobarfoobarfoobarfoobarfo". When merged with the randomly generated 32-byte key using mergeKeys 16 bytes from each, the last 16 bytes are always "arfoobarfoobarfo". This enables an attacker with physical access...

7.8CVSS7.2AI score0.00134EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 11:14 p.m.•11 views

EVE Doesn't Protect Rootfs

Impact Measured boot validates BIOS, grub, kernel cmdline, and initrd but not the entire rootfs. Thus, an attacker can create an EVE-OS rootfs squashfs image with some files modified and take out the disk and replace the existing rootfs image without that being detected by measure boot and remote...

8.8CVSS8.1AI score0.00125EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 11:12 p.m.•9 views

EVE Seals Vault Key With SHA1 PCRs

Impact The vault key is sealed using SHA1 PCRs instead of SHA256 PCRs Thus an attacker with physical access to an EVE-OS device can try to brute force creating a kernel or rootfs image which produces the same SHA1 PCR but with malicious content. Patches Fixed in 9.4.3-lts and 10.1.0 Workarounds N...

8.8CVSS7.8AI score0.0011EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 9:38 p.m.•6 views

EVE Doesn't Protect Config Partition with Measured Boot

Impact Config partition measurement was moved from PCR 13 to PCR 14 in a commit, but PCR 14 was not added to the list of PCRs that seal/unseal the vault key. As a result, an attacker can remove the disk, use another server to modify the files in the config partition, and then re-insert the disk...

8.8CVSS7.8AI score0.00159EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 9:36 p.m.•9 views

EVE's Debug Functions Unlockable Without Triggering Measured Boot

Impact On boot, Pillar checks for /config/GlobalConfig/global.json and overrides system configuration if present. This allows enabling debug functions like SSH debug.enable.ssh, USB keyboard debug.enable.usb, and VNC access app.allow.vnc without triggering the measured boot. Thus, a user with...

8.8CVSS7.8AI score0.00159EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 9:32 p.m.•7 views

Winter CMS has Stored Cross-site Scripting (XSS) in Asset Manager

Impact Affected versions of Winter CMS allow users with access to the CMS Asset Manager were able to upload SVGs without automatic sanitization. To actively exploit this security issue, an attacker would need access to the Backend with a user account with the following permission: cms.manageasset...

3.5CVSS5.4AI score0.00251EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 8:47 p.m.•9 views

EVE Freely Allocates Buffer on The Stack With Data From Socket

Impact VTPM server listens on port 8877, exposing limited TPM functionality. The server reads 4 bytes as a uint32 size header, then allocates that amount on the stack for incoming data. This allows Denial of Service attacks against the vTPM service. An workload a container or VM running on EVE-OS...

9.9CVSS5.4AI score0.00541EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 8:46 p.m.•10 views

EVE: SSH as Root Unlockable Without Triggering Measured Boot

Impact On boot, the Pillar container checks for /config/authorizedkeys. If present with a valid public key, it enables SSH on port 22 with root login. The /config partition is not protected by measured boot, is mutable and unencrypted. This enables an attacker with physical access to the device t...

8.8CVSS5.4AI score0.00159EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 8:43 p.m.•7 views

EVE Doesn't Measure Config Partition From 2 Fronts

Impact PCR14 is not included in the list of PCRs that seal/unseal the vault key. Additionally, the vault key uses SHA1 PCRs instead of SHA256. Thus an attacker with physical access can take out the disk, use a different computer to modify the files in the /config partition, and re-insert the disk...

8.8CVSS5.4AI score0.00106EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 8:36 p.m.•9 views

git2 has potential undefined behavior when dereferencing Buf struct

If the Buf struct is dereferenced immediately after calling new or default on the Buf struct, a null pointer is passed to the unsafe function slice::fromrawparts. According to the safety section documentation of the function, data must be non-null and aligned even for zero-length slices or slices...

5.5AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 8:34 p.m.•8 views

EPyT-Flow vulnerable to unsafe JSON deserialization (__type__)

Impact EPyT-Flow’s REST API parses attacker-controlled JSON request bodies using a custom deserializer myloadfromjson that supports a type field. When type is present, the deserializer dynamically imports an attacker-specified module/class and instantiates it with attacker-supplied arguments. Thi...

10CVSS5.6AI score0.00657EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 8:33 p.m.•7 views

n8n's domain allowlist bypass enables credential exfiltration

Impact A vulnerability in the HTTP Request node's credential domain validation allowed an authenticated attacker to send requests with credentials to unintended domains, potentially leading to credential exfiltration. This only might affect user who have credentials that use wildcard domain...

6.5CVSS5.5AI score0.00275EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 8:24 p.m.•6 views

openmls has improper tag validation

Membership and confirmation tags may not be checked correctly due to a missing length check. Any tag that is shorter than the expected tag, but matches up to its length, as well as any empty tag is considered valid. Impact The vulnerability affects a secondary authentication guarantee that MLS...

5.6AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 8:17 p.m.•18 views

Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern

Impact A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories. Example: apiVersion: storage.k8s.io/v1 kind: StorageClass metadata:...

9.9CVSS5.7AI score0.00581EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 8:7 p.m.•12 views

survey-pdf Upgraded jsPDF Version Due to Security Vulnerability

The following security vulnerability was identified in jsPDF versions = 4.0.0 and included the fix in the following survey-pdf releases: v1.12.59 v2.5.5 Action Users should upgrade survey-pdf in their projects to v1.12.59+ or v2.5.5+ immediately. Notes No other survey-pdf dependencies are affecte...

5.4AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 8:6 p.m.•14 views

OpenClaw vulnerable to Unauthenticated Local RCE via WebSocket config.apply

Summary An unauthenticated local client could use the Gateway WebSocket API to write config via config.apply and set unsafe cliPath values that were later used for command discovery, enabling command injection as the gateway user. Impact A local process on the same machine could execute arbitrary...

8.4CVSS5.8AI score0.00639EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 8:4 p.m.•25 views

@modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse

Summary Cross-client data leak via two distinct issues: 1 reusing a single StreamableHTTPServerTransport across multiple client requests, and 2 reusing a single McpServer/Server instance across multiple transports. Both are most common in stateless deployments. Impact This advisory covers two...

7.1CVSS5.5AI score0.00267EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 8:2 p.m.•7 views

godot-mcp has Command Injection via unsanitized projectPath

Impact A Command Injection vulnerability in godot-mcp allows remote code execution. The executeOperation function passed user-controlled input e.g., projectPath directly to exec, which spawns a shell. An attacker could inject shell metacharacters like $command or &calc to execute arbitrary comman...

7.8CVSS6.5AI score0.00853EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 7:46 p.m.•6 views

Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage

Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage Summary This vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user including low-privileged CI/CD Developers to obtain the global API Token signing key by accessing the...

8.8CVSS5.9AI score0.00393EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 7:42 p.m.•10 views

n8n has a Python sandbox escape

Impact A vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code outside the intended security boundary. Only authenticated users are able to execute code through Task Runners. This issue affected any deployment in which the...

9.9CVSS6.4AI score0.00526EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 7:39 p.m.•8 views

n8n Merge Node has Arbitrary File Write leading to RCE

Impact A vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or modify workflows to write arbitrary files to the n8n server's filesystem potentially leading to remote code execution. Patches The issue has been fixed in n8n version 2.4.0, 1.118.0...

9.4CVSS6.1AI score0.00664EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 7:36 p.m.•9 views

n8n Vulnerable to Arbitrary File Write on Remote Systems via SSH Node

Impact When workflows process uploaded files and transfer them to remote servers via the SSH node without validating their metadata the vulnerability can lead to files being written to unintended locations on those remote systems potentially leading to remote code execution on those systems. As a...

8.1CVSS6.5AI score0.01713EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 7:35 p.m.•10 views

n8n Has Stored Cross-site Scripting via Markdown Rendering in Workflow UI

Impact A Cross-site Scripting XSS vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content. An authenticated user with permission to create or modify workflows could abuse this to execute scripts...

8.5CVSS5.5AI score0.00187EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 7:2 p.m.•8 views

OpenClaw Vulnerable to Local File Inclusion via MEDIA: Path Extraction

Summary The isValidMedia function in src/media/parse.ts allows arbitrary file paths including absolute paths, home directory paths, and directory traversal sequences. An agent can read any file on the system by outputting MEDIA:/path/to/file, exfiltrating sensitive data to the user/channel. Detai...

6.5CVSS5.6AI score0.00745EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 6:52 p.m.•12 views

Alist vulnerable to Path Traversal in multiple file operation handlers

Summary The application contains a Path Traversal vulnerability CWE-22 in multiple file operation handlers. An authenticated attacker can bypass directory-level authorisation by injecting traversal sequences into filename components, enabling unauthorised file removal, movement and copying across...

8.8CVSS5.6AI score0.00721EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 6:41 p.m.•7 views

Alist has Insecure TLS Config

Summary The application disables TLS certificate verification by default for all outgoing storage driver communications, making the system vulnerable to Man-in-the-Middle MitM attacks. This enables the complete decryption, theft, and manipulation of all data transmitted during storage operations,...

9.1CVSS5.4AI score0.00234EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 6:38 p.m.•10 views

n8n has OS Command Injection in Git Node

Impact Vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host. Patches The issue has been fixed in n8n versions 2.5.0, and 1.123.10. Users should upgrade to this version...

9.9CVSS5.9AI score0.00568EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 6:25 p.m.•8 views

n8n's Improper File Access Controls Allow Arbitrary File Read by Authenticated Users

Impact A vulnerability in the file access controls allows authenticated users with permission to create or modify workflows to read sensitive files from the n8n host system. This can be exploited to obtain critical configuration data and user credentials, leading to complete account takeover of a...

9.9CVSS5.4AI score0.00306EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 6:15 p.m.•11 views

n8n's Improper CSP Enforcement in Webhook Responses May Allow Stored XSS

Impact A Cross-site Scripting XSS vulnerability has been identified in the handling of webhook responses and related HTTP endpoints. Under certain conditions, the Content Security Policy CSP sandbox protection intended to isolate HTML responses may not be applied correctly. An authenticated user...

8.5CVSS5.5AI score0.00224EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 6:3 p.m.•22 views

n8n Has Expression Escape Vulnerability Leading to RCE

Impact Additional exploits in the expression evaluation of n8n have been identified and patched following CVE-2025-68613. An authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on th...

9.9CVSS6AI score0.97875EPSS
Exploits29References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 6:2 p.m.•9 views

Apollo Serve vulnerable to Denial of Service with `startStandaloneServer`

Impact The default configuration of startStandaloneServer from @apollo/server/standalone is vulnerable to Denial of Service DoS attacks through specially crafted request bodies with exotic character set encodings. This issue does not affect users that use @apollo/server as a dependency for...

7.5CVSS5.5AI score0.00628EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
•added 2026/02/04 5:49 p.m.•6 views

n8n Vulnerable to Command Injection in Community Package Installation

Impact A Command Injection vulnerability was identified in n8n’s community package installation functionality. The issue allowed authenticated users with administrative permissions to execute arbitrary system commands on the n8n host under specific conditions. Important context - Exploitation...

9.4CVSS5.8AI score0.01343EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 5:48 p.m.•11 views

n8n's Unsafe Buffer Allocation Allows In-Process Memory Disclosure in Task Runner

Impact The use of Buffer.allocUnsafe and Buffer.allocUnsafeSlow in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized buffers could contain residual data from within the same Node.js process for example, data from prior requests, tasks, secrets, or tokens,...

7.7CVSS5.9AI score0.00364EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 12:31 p.m.•9 views

Neo4j Enterprise and Community vulnerable to a potential information disclosure

Neo4j Enterprise and Community editions versions prior to 2026.01.3 and 5.26.21 are vulnerable to a potential information disclosure by a user who has ability to access the local log files. The "obfuscateliterals" option in the query logs does not redact error information, exposing unredacted dat...

4.8CVSS5.5AI score0.00144EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 12:31 p.m.•7 views

Apache Answer Exposure of Private Personal Information to an Unauthorized Actor vulnerability

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 1.7.1. An unauthenticated API endpoint incorrectly exposes full revision history for deleted content. This allows unauthorized users to retrieve restricted o...

7.5CVSS5.3AI score0.00619EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 12:30 a.m.•5 views

ingress-nginx has Improper Check for Unusual or Exceptional Conditions

A security issue was discovered in ingress-nginx where the protection afforded by the auth-url Ingress annotation may not be effective in the presence of a specific misconfiguration. If the ingress-nginx controller is configured with a default custom-errors configuration that includes HTTP errors...

3.1CVSS5.4AI score0.00278EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 12:30 a.m.•8 views

ingress-nginx's `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to t...

8.8CVSS6.3AI score0.00485EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 12:30 a.m.•9 views

ingress-nginx's `rules.http.paths.path` Ingress field can be used to inject configuration into nginx

A security issue was discovered in ingress-nginx. Tthe rules.http.paths.path Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that in...

8.8CVSS6.3AI score0.00501EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 12:30 a.m.•9 views

ingress-nginx vulnerable to Allocation of Resources Without Limits or Throttling

A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, which may result in the ingress-nginx...

6.5CVSS5.5AI score0.0046EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 12:14 a.m.•10 views

Navidrome affected by Denial of Service and disk exhaustion via oversized `size` parameter in `/rest/getCoverArt` and `/share/img/<token>` endpoints

Summary Authenticated users can crash the Navidrome server by supplying an excessively large size parameter to /rest/getCoverArt or to a shared-image URL /share/img/. When processing such requests, the server attempts to create an extremely large resized image, causing uncontrolled memory growth...

9.2CVSS5.5AI score0.00455EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 12:12 a.m.•12 views

Navidrome has XSS via comment from song metadata

Summary An XSS vulnerability in the frontend allows a malicious attacker to inject code through the comment metadata of a song to exfiltrate user credentials. An attacker's maliciously crafted song has to be added to Navidrome to exploit the vulnerability. Details The frontend is using React. In...

6.1CVSS5.6AI score0.00297EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 12:9 a.m.•13 views

melange has a path traversal in license-path which allows reading files outside workspace

An attacker who can influence a melange configuration file e.g., through pull request-driven CI or build-as-a-service scenarios could read arbitrary files from the host system. The LicensingInfos function in pkg/config/config.go reads license files specified in copyright.license-path without...

5.5CVSS5.5AI score0.00168EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 12:9 a.m.•10 views

melange affected by potential host command execution via license-check YAML mode patch pipeline

An attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds input-derived values series paths, patch filenames, and numeric parameters into shell scripts without proper quoting or...

7.8CVSS6AI score0.00175EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/04 12:7 a.m.•8 views

apko affected by potential unbounded resource consumption in expandapk.ExpandApk on attacker-controlled .apk streams

An attacker who controls or compromises an APK repository used by apko could cause resource exhaustion on the build host. The ExpandApk function in pkg/apk/expandapk/expandapk.go expands .apk streams without enforcing decompression limits, allowing a malicious repository to serve a small,...

7.5CVSS5.5AI score0.00366EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
•added 2026/02/03 11:58 p.m.•9 views

apko affected by unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams

expandapk.Split drains the first gzip stream of an APK archive via io.Copyio.Discard, gzi without explicit bounds. With an attacker-controlled input stream, this can force large gzip inflation work and lead to resource exhaustion availability impact. The Split function reads the first tar header,...

5.5CVSS5.4AI score0.00106EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/03 11:57 p.m.•16 views

apko has a path traversal in apko dirFS which allows filesystem writes outside base

A Path Traversal vulnerability was discovered in apko's dirFS filesystem abstraction. An attacker who can supply a malicious APK package e.g., via a compromised or typosquatted repository could create directories or symlinks outside the intended installation root. The MkdirAll, Mkdir, and Symlink...

7.5CVSS5.4AI score0.00369EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/03 11:48 p.m.•10 views

melange pipeline working-directory could allow command injection

An attacker who can provide build input values, but not modify pipeline definitions, could execute arbitrary shell commands if the pipeline uses $vars. or $inputs. substitutions in working-directory. The field is embedded into shell scripts without proper quote escaping. Fix: Fixed with e51ca30c,...

8.8CVSS5.8AI score0.00176EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/03 11:47 p.m.•7 views

melange QEMU runner could write files outside workspace directory

An attacker who can influence the tar stream from a QEMU guest VM could write files outside the intended workspace directory on the host. The retrieveWorkspace function extracts tar entries without validating that paths stay within the workspace, allowing Path Traversal via ../ sequences. Fix:...

8.4CVSS5.4AI score0.00167EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/02/03 9:13 p.m.•12 views

PrestaShop affected by time based enumeration in FO login form

Impact A time-based user enumeration vulnerability in the user authentication functionality of PrestaShop. This vulnerability allows an attacker to determine whether a customer account exists in the system by measuring response times. Patches 8.2.4 and 9.0.3 Workarounds none References Found by L...

5.3CVSS5.5AI score0.00269EPSS
Exploits0References5Affected Software1
Total number of security vulnerabilities33268