Lucene search
K
GithubRecent

33268 matches found

Github Security Blog
Github Security Blog
added 2026/02/03 8:59 p.m.9 views

Qwik City CSRF protection middleware does not work properly for content type header with parameters (eg. multipart/form-data)

Summary A typo in the regular expression within isContentType causes incorrect parsing of certain Content-Type headers. Impact An attacker can bypass Qwik City’s Origin-based CSRF protections and perform forged form submissions, potentially causing unauthorized state changes...

7.1CVSS5.4AI score0.00129EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 8:58 p.m.7 views

Qwik City Open Redirect via fixTrailingSlash

Summary Description An Open Redirect CWE-601 vulnerability in Qwik City's default request handler middleware allows a remote attacker to redirect users to arbitrary protocol-relative URLs. Successful exploitation permits attackers to craft convincing phishing links that appear to originate from t...

6.9CVSS5.7AI score0.00237EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 8:49 p.m.8 views

Qwik City has a CSRF Protection Bypass via Content-Type Header Validation

Summary Qwik City’s server-side request handler inconsistently interprets HTTP request headers, which can be abused by a remote attacker to circumvent form submission CSRF protections using specially crafted or multi-valued Content-Type headers. Impact A vulnerability in checkCSRF lets an attacke...

5.9CVSS5.6AI score0.00159EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 8:49 p.m.9 views

Prototype Pollution via FormData Processing in Qwik City

Summary A Prototype Pollution vulnerability exists in the formToObj function within @builder.io/qwik-city middleware. The function processes form field names with dot notation e.g., user.name to create nested objects, but fails to sanitize dangerous property names like proto, constructor, and...

10CVSS5.5AI score0.00624EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 8:47 p.m.8 views

Qwik SSR XSS via Unsafe Virtual Node Serialization

Summary Description A Cross-site Scripting CWE-79 vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successful exploitation permits script execution in a...

6.1CVSS6AI score0.00307EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 7:41 p.m.60 views

@isaacs/brace-expansion has Uncontrolled Resource Consumption

Summary @isaacs/brace-expansion is vulnerable to a Denial of Service DoS issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the...

9.2CVSS5.5AI score0.00481EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 7:33 p.m.7 views

Claude Code has a Command Injection in find Command Bypasses User Approval Prompt

Due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of untrusted commands through the find command. Reliably exploiting this required the ability to add untrusted content into a Claude Code context window. Users on standard Claude...

8.8CVSS5.8AI score0.00562EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 7:32 p.m.11 views

Claude Code has a Path Restriction Bypass via ZSH Clobber which Allows Arbitrary File Writes

Due to a Bash command validation flaw in parsing ZSH clobber syntax, it was possible to bypass directory restrictions and write files outside the current working directory without user permission prompts. Exploiting this required the user to use ZSH and the ability to add untrusted content into a...

7.7CVSS5.5AI score0.00464EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 7:22 p.m.14 views

HtmlSanitizer has a bypass via template tag

Impact If the template tag is allowed, its contents are not sanitized. The template tag is a special tag that does not usually render its contents, unless the shadowrootmode attribute is set to open or closed. The lack of sanitization of the template tag brings up two bypasses: 1. it is still...

6.3CVSS5.4AI score0.00241EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 7:17 p.m.11 views

bytes has integer overflow in BytesMut::reserve

Details In the unique reclaim path of BytesMut::reserve, the condition rs if vcapacity = newcap + offset uses an unchecked addition. When newcap + offset overflows usize in release builds, this condition may incorrectly pass, causing self.cap to be set to a value that exceeds the actual allocated...

7.5CVSS5.4AI score0.00559EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 7:15 p.m.7 views

Claude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled Domains

Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a startsWith function to validate trusted domains e.g., docs.python.org, modelcontextprotocol.io, this could have enabled attackers to register domains like...

7.4CVSS5.5AI score0.00338EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 7:1 p.m.9 views

OpenSTAManager has an SQL Injection in the Stampe Module

Vulnerability Details Location - File: modules/stampe/actions.php - Line: 26 - Vulnerable Code: php case 'update': if !emptyintvalpost'predefined' && !emptypost'module' $dbo-query'UPDATE zzprints SET predefined = 0 WHERE idmodule = '.post'module'; // ↑ Direct concatenation without prepare...

8.8CVSS6AI score0.00374EPSS
Exploits3References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 6:47 p.m.9 views

jsonwebtoken has Type Confusion that leads to potential authorization bypass

Summary: It has been discovered that there is a Type Confusion vulnerability in jsonwebtoken, specifically, in its claim validation logic. When a standard claim such as nbf or exp is provided with an incorrect JSON type Like a String instead of a Number, the library’s internal parsing mechanism...

7.5CVSS5.8AI score0.00443EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 6:44 p.m.7 views

OpenSTAManager has a SQL Injection in ajax_complete.php (get_sedi endpoint)

Summary A SQL Injection vulnerability exists in the ajaxcomplete.php endpoint when handling the getsedi operation. An authenticated attacker can inject malicious SQL code through the idanagrafica parameter, leading to unauthorized database access. Proof of Concept Vulnerable Code File:...

8.8CVSS5.9AI score0.00381EPSS
Exploits3References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 6:42 p.m.10 views

Cloudflare Agents SDK has Insecure Direct Object Reference (IDOR) via Header-Based Email Routing

Summary An Insecure Direct Object Reference CWE-639 has been found to exist in createHeaderBasedEmailResolver function within the Cloudflare Agents SDK. The issue occurs because the Message-ID and References headers are parsed to derive the target agentName and agentId without proper validation o...

6.9CVSS5.5AI score0.00366EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 6:35 p.m.10 views

Wagtail has improper permission handling on admin preview endpoints

Impact Due to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge of a model's fields can craft a form submission to obtain a preview rendering of any page, snippet or site setting object for which previews are enabled, consisting of any data...

5.1CVSS5.5AI score0.00343EPSS
Exploits0References13Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 6:30 p.m.9 views

FUXA allows Remote Code Execution (RCE) via the project import functionality.

FUXA v1.2.7 allows Remote Code Execution RCE via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise...

9.8CVSS5.7AI score0.00416EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 6:30 p.m.9 views

Duplicate Advisory: FUXA contains a hard-coded credential vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c8m8-3jcr-6rj5. This link is maintained to preserve external references. Original Description FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a...

9.8CVSS5.8AI score0.02036EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 6:30 p.m.9 views

Boltz contains an insecure deserialization vulnerability in its molecule loading functionality

Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. An attacker with the ability to place a malicious pickle file in a directory processed by boltz can achie...

8.4CVSS6.4AI score0.00143EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 6:30 p.m.7 views

Podinfo affected by Arbitrary File Upload that leads to Stored Cross-Site Scripting (XSS)

Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to upload arbitrary files via crafted POST request to the /store endpoint. The application renders uploaded content without a restrictive Content-Security-Policy CSP or adequate Content-Type validation, leading to Stored...

6.1CVSS5.5AI score0.00244EPSS
Exploits4References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 6:30 p.m.7 views

FUXA contains an insecure default configuration vulnerability

FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with authentication disabled. This allows unauthenticated remote attackers to access sensitive API...

9.3CVSS5.5AI score0.00463EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 6:30 p.m.9 views

Duplicate Advisory: Insecure Deserialization (pickle) in pdfminer.six CMap Loader — Local Privesc

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f83h-ghpp-7wcc. This link is maintained to preserve external references. Original Description pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The...

7.8AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 6:30 p.m.5 views

FUXA contains an Unrestricted File Upload vulnerability

FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the /api/upload API endpoint. The endpoint lacks authentication mechanisms, allowing unauthenticated remote attackers to upload arbitrary files. This can be exploited to overwrite critical system files such as the SQLite user...

9.8CVSS6AI score0.00726EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 6:30 p.m.8 views

Apache Syncope: Console XXE on Keymaster parameters

Improper Restriction of XML External Entity Reference vulnerability in Apache Syncope Console. An administrator with adequate entitlements to create or edit Keymaster parameters via Console can construct malicious XML text to launch an XXE attack, thereby causing sensitive data leakage occurs. Th...

4.9CVSS5.2AI score0.00827EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 6:30 p.m.8 views

Apache Syncope: Reflected XSS on Enduser Login

Reflected XSS in Apache Syncope's Enduser Login page. An attacker that tricks a legitimate user into clicking a malicious link and logging in to Syncope Enduser could steal that user's credentials. This issue affects Apache Syncope: from 3.0 through 3.0.15, from 4.0 through 4.0.3. Users are...

6.8CVSS5.3AI score0.00362EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 6:17 p.m.8 views

FacturaScripts has SQL Injection in Autocomplete Actions

Summary FacturaScripts contains a critical SQL Injection vulnerability in the autocomplete functionality that allows authenticated attackers to extract sensitive data from the database including user credentials, configuration settings, and all stored business data. The vulnerability exists in th...

8.8CVSS6.1AI score0.00473EPSS
Exploits3References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 6:14 p.m.11 views

FacturaScripts has SQL Injection in API ORDER BY Clause

Summary FacturaScripts contains a critical SQL Injection vulnerability in the REST API that allows authenticated API users to execute arbitrary SQL queries through the sort parameter. The vulnerability exists in the ModelClass::getOrderBy method where user-supplied sorting parameters are directly...

8.8CVSS6.2AI score0.00473EPSS
Exploits3References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 5:52 p.m.14 views

JinJava Bypass through ForTag leads to Arbitrary Java Execution

Impact Vulnerability Type: Sandbox Bypass / Remote Code Execution Affected Component: Jinjava Affected Users: - Organizations using HubSpot's Jinjava template rendering engine for user-provided template content - Any system that renders untrusted Jinja templates using HubSpot's Jinjava...

9.8CVSS6.2AI score0.00889EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 5:43 p.m.14 views

Unstructured has Path Traversal via Malicious MSG Attachment that Allows Arbitrary File Write

A Path Traversal vulnerability in the partitionmsg function allows an attacker to write or overwrite arbitrary files on the filesystem when processing malicious MSG files with attachments. Impact An attacker can craft a malicious .msg file with attachment filenames containing path traversal...

9.8CVSS6.3AI score0.00616EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 5:42 p.m.10 views

Compressing Vulnerable to Arbitrary File Write via Symlink Extraction

Arbitrary File Write via Symlink Extraction in github.com/node-modules/compressing Brief Introduction The compressing npm package extracts TAR archives while restoring symbolic links without validating their targets. By embedding symlinks that resolve outside the intended extraction directory, an...

8.4CVSS5.8AI score0.00334EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 5:37 p.m.6 views

RustFS Logs Sensitive Credentials in Plaintext

Summary RustFS logs sensitive credential material access key, secret key, session token to application logs at INFO level. This results in credentials being recorded in plaintext in log output, which may be accessible to internal or external log consumers and could lead to compromise of sensitive...

7.5CVSS5.5AI score0.00245EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 5:31 p.m.14 views

RustFS has SourceIp bypass via spoofed X-Forwarded-For/Real-IP headers

Summary IP-based access control can be bypassed: getconditionvalues trusts client-supplied X-Forwarded-For/X-Real-Ip without verifying a trusted proxy, so any reachable client can spoof aws:SourceIp and satisfy IP-allowlist policies. Details - Vulnerable code: rustfs/src/auth.rs:289-304 sets...

8.7CVSS5.5AI score0.00211EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 5:21 p.m.6 views

Decidim's private data exports can lead to data leaks

Impact Private data exports can lead to data leaks in cases where the UUID generation causes collisions for the generated UUIDs. The bug was introduced by 13571 and affects Decidim versions 0.30.0 or newer currently 2025-09-23. This issue was discovered by running the following spec several times...

8.2CVSS5.5AI score0.00262EPSS
Exploits0References8Affected Software2
Github Security Blog
Github Security Blog
added 2026/02/03 3:30 p.m.9 views

Django has an SQL Injection issue

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. .QuerySet.orderby is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in FilteredRelation. Earlier,...

8.5CVSS5.6AI score0.00802EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 3:30 p.m.13 views

Django has an SQL Injection issue

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. FilteredRelation is subject to SQL injection in column aliases via control characters, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet methods annotate, aggregat...

8.3CVSS5.6AI score0.00754EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 3:30 p.m.9 views

Django has an SQL Injection issue

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on RasterField only implemented on PostGIS allows remote attackers to inject SQL via the band index parameter. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluate...

8.3CVSS5.7AI score0.09436EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 3:30 p.m.9 views

Django has Observable Timing Discrepancy

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsgi allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series such as 5.0.x,...

5.3CVSS5.5AI score0.00713EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 3:30 p.m.6 views

Django has Inefficient Algorithmic Complexity

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. django.utils.text.Truncator.chars and Truncator.words methods with html=True and the truncatecharshtml and truncatewordshtml template filters allow a remote attacker to cause a potential denial-of-service via...

7.5CVSS5.5AI score0.00993EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 3:30 p.m.8 views

Django has Inefficient Algorithmic Complexity

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. ASGIRequest allows a remote attacker to cause a potential denial-of-service via a crafted request with multiple duplicate headers. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not...

7.5CVSS5.5AI score0.00993EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 12:30 p.m.8 views

Moodle Affected by Improper Restriction of Excessive Authentication Attempts

A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts...

7.5CVSS5.5AI score0.00417EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 12:30 p.m.9 views

Moodle vulnerable to Cross-site Scripting

A flaw was found in Moodle. A remote attacker could exploit a reflected Cross-Site Scripting XSS vulnerability in the policy tool return URL. This vulnerability arises from insufficient sanitization of URL parameters, allowing attackers to inject malicious scripts through specially crafted links...

6.1CVSS5.8AI score0.00333EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 12:30 p.m.7 views

Moodle Open Redirect vulnerability

A flaw was found in Moodle. An Open Redirect vulnerability in the OAuth login flow allows a remote attacker to redirect users to attacker-controlled pages after they have successfully authenticated. This occurs due to insufficient validation of redirect parameters, which could lead to phishing...

6.1CVSS5.5AI score0.00226EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 12:30 p.m.8 views

Moodle has an authorization logic flaw

A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. This could enable unauthorized users to obtain badges they are not entitled to, potentially leading to...

9.8CVSS5.3AI score0.00272EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 12:30 p.m.9 views

Moodle Inserts Sensitive Information Into Sent Data

A flaw was found in moodle. During anonymous assignment submissions, user identifiers were inadvertently exposed in URLs. This data exposure allows unauthorized viewers to see internal user IDs, compromising the intended anonymity and potentially leading to information disclosure...

5.3CVSS5.3AI score0.00314EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 12:30 p.m.17 views

Moodle authentication bypass vulnerability

A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability LTI Provider. The issue arises from the LTI authentication handlers failing to enforce the user's suspension status, enabling unauthorized access...

8.1CVSS5.4AI score0.00373EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 12:30 p.m.8 views

Moodle vulnerable to Cross-site Scripting

A flaw was found in Moodle. This vulnerability, known as Cross-site Scripting XSS, occurs due to insufficient checks on user-provided data in the formula editor's arithmetic expression fields. A remote attacker could inject malicious code into these fields. When other users view these expressions...

7.3CVSS5.6AI score0.00266EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 12:30 p.m.9 views

Moodle formula injection vulnerability

A flaw was found in Moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, when exported and opened in a spreadsheet, allows arbitrary formulas to execute. This can lead to...

7.8CVSS5.7AI score0.00251EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 12:30 p.m.11 views

Moodle Cross-site Scripting (XSS) vulnerability

A flaw was found in Moodle. This Cross-site Scripting XSS vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface...

7.3CVSS5.4AI score0.00232EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 12:30 a.m.9 views

Tendenci CMS contains a stored Cross-site Scripting (XSS) vulnerability in the Forums module

A stored cross-site scripting XSS vulnerability in the Forums module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

5.4CVSS5.6AI score0.00235EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 12:30 a.m.10 views

Tendenci CMS Contains a Cross-site Scripting Vulnerability in its Jobs Module

A stored cross-site scripting XSS vulnerability in the Jobs module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

5.4CVSS5.6AI score0.00235EPSS
Exploits1References4Affected Software1
Total number of security vulnerabilities33268