Lucene search
K
GithubRecent

33273 matches found

Github Security Blog
Github Security Blog
‱added 2026/02/02 5:31 p.m.‱6 views

Khoj has an IDOR in Notion OAuth Flow that Enables Index Poisoning

Summary An IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was initiated by that user, allowing attackers to replace victims' Notion...

7.1CVSS5.6AI score0.00361EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/02/02 3:30 p.m.‱9 views

pip Path Traversal vulnerability

When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations...

2CVSS5.4AI score0.0039EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/02/02 2:36 p.m.‱9 views

@backstage/plugin-techdocs-node vulnerable to possible Path Traversal in TechDocs Local Generator

Impact A path traversal vulnerability in the TechDocs local generator allows attackers to read arbitrary files from the host filesystem when Backstage is configured with techdocs.generator.runIn: local. When processing documentation from untrusted sources, symlinks within the docs directory are...

6.5CVSS5.5AI score0.00387EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/02/02 12:31 p.m.‱8 views

H2O has an External Control of File Name or Path vulnerability

A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attackers to write arbitrary data to any file on the server. This is achieved by exploiting the /3/Parse endpoint to inject attacker-controlled data as the header of an empty file, which is then exported using the...

9.1CVSS6.6AI score0.00629EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
‱added 2026/02/02 12:31 p.m.‱6 views

Lollms has an Improper Access Control vulnerability

A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...

8.2CVSS5.5AI score0.00436EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/02/02 12:31 p.m.‱9 views

mlflow Creates of Temporary File in Directory with Insecure Permissions

In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This vulnerability allows an attacker with write access to the /tmp directory to exploit a race condition and overwrite .py files in the virtual...

7CVSS5.9AI score0.00215EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/02/02 12:31 p.m.‱8 views

Hugging Face Text Generation Inference vulnerable to Uncontrolled Resource Consumption

A vulnerability in huggingface/text-generation-inference version 3.3.6 allows unauthenticated remote attackers to exploit unbounded external image fetching during input validation in VLM mode. The issue arises when the router scans inputs for Markdown image links and performs a blocking HTTP GET...

7.5CVSS5.5AI score0.22494EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/02/02 12:31 p.m.‱5 views

llama-index-core vulnerable to Uncontrolled Resource Consumption

The SimpleDirectoryReader component in llamaindex.core version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit numfileslimit is applied after all files in a directory are loaded into memory. Thi...

5.3CVSS5.4AI score0.0037EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/02/02 9:30 a.m.‱6 views

Keycloak Server-Side Request Forgery (SSRF) vulnerability

A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services...

2.7CVSS5.2AI score0.00236EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/02/02 6:30 a.m.‱6 views

foreman_kubevirt disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set

A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...

8.1CVSS5.3AI score0.00274EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/02/02 6:30 a.m.‱9 views

Keycloak Admin API allows an administrator with limited privileges to retrieve sensitive custom attributes

A flaw was found in Keycloak Admin API. This vulnerability allows an administrator with limited privileges to retrieve sensitive custom attributes via the /unmanagedAttributes endpoint, bypassing User Profile visibility settings...

2.7CVSS5.3AI score0.00364EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/02/02 6:30 a.m.‱7 views

fog-kubevirt allows remote attacker to perform MITM attack due to disabled certificate validation

A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle MITM attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in...

8.1CVSS5.4AI score0.00254EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/02/02 6:30 a.m.‱7 views

RaspAP raspap-webgui contains an OS Command Injection vulnerability

RaspAP raspap-webgui versions prior to 3.3.6 contain an OS Command Injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product...

8.8CVSS8.1AI score0.0133EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/02/02 12:30 a.m.‱10 views

Duplicate Advisory: 1-Click RCE via Authentication Token Exfiltration From gatewayUrl

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-g8p2-7wf7-98mq. This link is maintained to preserve external references. Original Description OpenClaw aka clawdbot or Moltbot before 2026.1.29 obtains a gatewayUrl value from a query string and automatically...

8.8CVSS5.6AI score0.08016EPSS
Exploits5References5Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/02/01 5:58 p.m.‱15 views

Rancher CLI skips TLS verification on Rancher CLI login command

Impact A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting...

8.3CVSS5.8AI score0.00153EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/02/01 5:39 p.m.‱7 views

LobeHub Vulnerable to Improper Authorization in Presigned Upload

Summary The file upload feature in Knowledge Base File Upload does not validate the integrity of the upload request, allowing users to intercept and modify the request parameters. As a result, it is possible to create arbitrary files in abnormal or unintended paths. In addition, since lobechat.co...

7.2CVSS6AI score0.0033EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/01/30 9:30 p.m.‱8 views

geopandas SQL Injection Vulnerability in to_postgis() Allows Information Disclosure

SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the topostgis function being used to write GeoDataFrames to a PostgreSQL database...

8.6CVSS5.9AI score0.00385EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/01/30 9:30 p.m.‱5 views

Salt junos Module Vulnerable to Code Injection via Specially Crafted YAML Payload

Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process...

7.8CVSS6.3AI score0.00179EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/01/30 9:30 p.m.‱10 views

Salt Authentication Protocol Version Downgrade Allows Minion Impersonation

Salt contains an authentication protocol version downgrade weakness that can allow a malicious minion to bypass newer authentication/security features by using an older request payload format, enabling minion impersonation and circumventing protections introduced in response to prior issues...

7.5CVSS5.9AI score0.00407EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/01/30 9:28 p.m.‱9 views

PsySH has Local Privilege Escalation via CWD .psysh.php auto-load

Summary PsySH automatically loads and executes a .psysh.php file from the Current Working Directory CWD on startup. If an attacker can write to a directory that a victim later uses as their CWD when launching PsySH, the attacker can trigger arbitrary code execution in the victim's context. When t...

7.3CVSS6.4AI score0.0028EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/01/30 9:17 p.m.‱11 views

Orval has Code Injection via unsanitized x-enum-descriptions using JS comments

CVE-2026-23947 had an incomplete fix While the current jsStringEscape function properly handles single quotes ', double quotes " and other characters, it fails to sanitize and / characters. This allows attackers to break out of JavaScript comment blocks using / sequences and inject arbitrary code...

9.8CVSS6AI score0.0075EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/01/30 8:38 p.m.‱14 views

CAI find_file Agent Tool has Command Injection Vulnerability Through Argument Injection

Summary The CAI Cybersecurity AI framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via subprocess.Popen with shell=True, allowing attackers to execute arbitrary commands on the host system. Vulnerable...

9.6CVSS6.2AI score0.008EPSS
Exploits3References5Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/01/30 8:10 p.m.‱13 views

fast-xml-parser has RangeError DoS Numeric Entities Bug

Summary A RangeError vulnerability exists in the numeric entity processing of fast-xml-parser when parsing XML with out-of-range entity code points e.g., or . This causes the parser to throw an uncaught exception, crashing any application that processes untrusted XML input. Details The...

7.5CVSS5.9AI score0.00559EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/01/30 7:35 p.m.‱10 views

Vendure vulnerable to timing attack that enables user enumeration in NativeAuthenticationStrategy

Summary The NativeAuthenticationStrategy.authenticate method is vulnerable to a timing attack that allows attackers to enumerate valid usernames email addresses. Details In packages/core/src/config/auth/native-authentication-strategy.ts, the authenticate method returns immediately if a user is no...

6.9CVSS5.9AI score0.00364EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/01/30 3:31 p.m.‱11 views

Undertow Servlets Vulnerable to Remote DoS via OutOfMemoryError when Passed Large Parameter Names

A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames can cause an OutOfMemoryError when the client sends a request with large parameter names. This issue can be exploited by an unauthorized user to cause a remote denial-of-service DoS attack...

7.5CVSS5.8AI score0.00575EPSS
Exploits0References15Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/01/30 2:43 p.m.‱13 views

Umbraco.Forms has Path Traversal and File Enumeration Vulnerabilities in Linux/Mac

Impact It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud runs in a Windows environment, Cloud users aren't affected. Patches This issue affect...

6.5CVSS5.9AI score0.0042EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/01/30 9:30 a.m.‱11 views

Llama Stack exposes secret in initialization log

Llama Stack aka llama-stack before 0.4.0rc3 does not censor the pgvector password in the initialization log...

3.2CVSS5.9AI score0.00219EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/01/29 10:21 p.m.‱15 views

deepHas vulnerable to Prototype Pollution via constructor.prototype

Summary A prototype pollution vulnerability exists in version 1.0.7 of the deephas npm package that allows an attacker to modify global object behavior. This issue was fixed in version 1.0.8. Details The vulnerability resides in the add function and indexer function implemented within deepHas.js...

9.4CVSS6.3AI score0.00717EPSS
Exploits4References4Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/01/29 10:5 p.m.‱11 views

malcontent vulnerable to symlink Path Traversal via handleSymlink argument confusion in archive extraction

malcontent could be made to create symlinks outside the intended extraction directory when scanning a specially crafted tar or deb archive. The handleSymlink function received arguments in the wrong order, causing the symlink target to be used as the symlink location. Additionally, symlink target...

5.5CVSS5.8AI score0.00167EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/01/29 10:4 p.m.‱10 views

malcontent OCI image pull credential exfiltration via malicious registry token realm

Malcontent could be made to expose Docker registry credentials if it scanned a specially crafted OCI image reference. Malcontent uses google/go-containerregistry for OCI image pulls, which by default uses the Docker credential keychain. A malicious registry could return a WWW-Authenticate header...

6.5CVSS5.8AI score0.00336EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/01/29 3:32 p.m.‱12 views

Unfurl's debug mode cannot be disabled due to string config parsing (Werkzeug debugger exposure)

Summary The Unfurl web app enables Flask debug mode even when configuration sets debug = False. The config value is read as a string and passed directly to app.rundebug=..., so any non-empty string evaluates truthy. This leaves the Werkzeug debugger active by default. Details - unfurl/app.py:weba...

6.3AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/01/29 3:31 p.m.‱9 views

Unfurl's unbounded zlib decompression allows decompression bomb DoS

Summary The compressed data parser uses zlib.decompress without a maximum output size. A small, highly compressed payload can expand to a very large output, causing memory exhaustion and denial of service. Details - unfurl/parsers/parsecompressed.py calls zlib.decompressdecoded with no size limit...

8.7CVSS5.9AI score0.00508EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/01/29 3:21 p.m.‱20 views

Juju has broken CMR authorization

Impact Cross-model Relation authorization is broken and has a potential security vulnerability. If the controller does not have the root key to verify the macaroon or if the macaroon has expired, an unvalidated and therefore untrusted macaroon is used to extract declared caveats. Facts from these...

2.1CVSS5.9AI score0.00133EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/01/29 3:18 p.m.‱11 views

Maker.js has Unsafe Property Copying in makerjs.extendObject

Summary The makerjs.extendObject function copies properties from source objects without proper validation, potentially exposing applications to security risks. The function lacks hasOwnProperty checks and does not filter dangerous keys, allowing inherited properties and potentially malicious...

9.8CVSS5.9AI score0.00879EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/01/29 3:15 p.m.‱21 views

SiYuan has Arbitrary File Write via /api/file/copyFile leading to RCE

Summary The /api/file/copyFile endpoint does not validate the dest parameter, allowing authenticated users to write files to arbitrary locations on the filesystem. This can lead to Remote Code Execution RCE by writing to sensitive locations such as cron jobs, SSH authorizedkeys, or shell...

9.1CVSS6.2AI score0.01017EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/01/29 3:4 p.m.‱13 views

AutoGPT is Vulnerable to RCE via Disabled Block Execution

Summary AutoGPT Platform's block execution endpoints both main web API and external API allow executing blocks by UUID without checking the disabled flag. Any authenticated user can execute the disabled BlockInstallationBlock, which writes arbitrary Python code to the server filesystem and execut...

9.4CVSS6.6AI score0.01147EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/01/29 3:0 p.m.‱19 views

React Server Components have multiple Denial of Service Vulnerabilities

Impact It was found that the fixes to address DoS in React Server Components were incomplete and we found multiple denial of service vulnerabilities still exist in React Server Components. We recommend updating immediately. The vulnerability exists in versions 19.0.0, 19.0.1, 19.0.2, 19.0.3,...

7.5CVSS5.9AI score0.02499EPSS
Exploits0References5Affected Software3
Github Security Blog
Github Security Blog
‱added 2026/01/28 11:0 p.m.‱15 views

SiYuan File Read API Case Sensitivity Bypass can Lead to Path Traversal

File Read Interface Case Bypass Vulnerability Vulnerability Name File Read Interface Case Bypass Vulnerability Overview The /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can...

7.5CVSS5.6AI score0.00505EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/01/28 10:20 p.m.‱9 views

soroban-sdk has overflow in Bytes::slice, Vec::slice, GenRange::gen_range for u64

Impact Arithmetic overflow can be triggered in the Bytes::slice, Vec::slice, and Prng::genrange for u64 methods in the soroban-sdk in versions prior to and including 25.0.1. Contracts that pass user-controlled or computed range bounds to Bytes::slice, Vec::slice, or Prng::genrange may silently...

5.3CVSS5.9AI score0.00353EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/01/28 9:41 p.m.‱26 views

NocoDB has Prototype Pollution in Connection Test Endpoint, Leading to DoS

Summary An authenticated user with org-level-creator permissions can exploit prototype pollution in the /api/v2/meta/connection/test endpoint, causing all database write operations to fail application-wide until server restart. While the pollution technically bypasses SUPERADMIN authorization...

4.9CVSS5.9AI score0.00348EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/01/28 9:41 p.m.‱11 views

NocoDB has Blind SSRF via Unvalidated HEAD Request in uploadViaURL Functionality

Summary A blind Server-Side Request Forgery SSRF vulnerability exists in the uploadViaURL functionality due to an unprotected HEAD request. While the subsequent file retrieval logic correctly enforces SSRF protections, the initial metadata request executes without validation. This allows limited...

6.4CVSS6AI score0.00198EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/01/28 9:41 p.m.‱10 views

NocoDB has Unvalidated Redirect in Login Flow via continueAfterSignIn Parameter

Summary An unvalidated redirect open redirect vulnerability exists in NocoDB’s login flow due to missing validation of the continueAfterSignIn parameter. During authentication, NocoDB processes a user-controlled redirect value and conditionally performs client-side navigation without enforcing an...

7.1CVSS6.3AI score0.00269EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/01/28 9:41 p.m.‱20 views

NocoDB Vulnerable to Stored Cross-Site Scripting via SVG upload

Summary A stored Cross-site Scripting XSS vulnerability exists in NocoDB’s attachment handling mechanism. Authenticated users can upload malicious SVG files containing embedded JavaScript, which are later rendered inline and executed in the browsers of other users who view the attachment. Because...

9.4CVSS5.9AI score0.00385EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/01/28 9:34 p.m.‱21 views

DotNetNuke.Core Vulnerable to Stored XSS via Module Title

Module title supports richtext which could include scripts that would execute in certain scenarios...

9.1CVSS5.9AI score0.00188EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/01/28 9:28 p.m.‱8 views

Symfony's incorrect argument escaping under MSYS2/Git Bash can lead to destructive file operations on Windows

Summary The Symfony Process component did not correctly treat some characters notably = as “special” when escaping arguments on Windows. When PHP is executed from an MSYS2-based environment e.g. Git Bash and Symfony Process spawns native Windows executables, MSYS2’s argument/path conversion can...

6.3CVSS5.8AI score0.00201EPSS
Exploits1References7Affected Software2
Github Security Blog
Github Security Blog
‱added 2026/01/28 8:39 p.m.‱13 views

EGroupware has SQL Injection in Nextmatch Filter Processing

Summary Critical Authenticated SQL Injection in Nextmatch Widget Filter Processing A critical SQL Injection vulnerability exists in the core components of EGroupware, specifically in the Nextmatch filter processing. The flaw allows authenticated attackers to inject arbitrary SQL commands into the...

8.8CVSS6AI score0.0036EPSS
Exploits3References5Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/01/28 6:30 p.m.‱8 views

Tendenci is Vulnerable to CSV Formula Injection through its Contact Form Message Field

Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payloads like '=10+20+cmd|' /C calc'!A0' in the message field to trigger arbitrary command execution when...

9.8CVSS5.8AI score0.10683EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/01/28 6:30 p.m.‱15 views

JSONPath vulnerable to Prototype Pollution due to insufficient input validation of object keys in lib/index.js

The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution...

9.8CVSS5.3AI score0.00399EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/01/28 6:30 p.m.‱16 views

BrowserStack Local vulnerable to Command Injection through logfile variable

The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js...

7.8CVSS5.9AI score0.00705EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
‱added 2026/01/28 4:44 p.m.‱13 views

ML-DSA Signature Verification Accepts Signatures with Repeated Hint Indices

Affected Crate: ml-dsa Affected Versions: v0.1.0-rc.2 and commits since b01c3b7 Severity: Medium Reporter: Oren Yomtov Fireblocks Summary The ML-DSA signature verification implementation in the RustCrypto ml-dsa crate incorrectly accepts signatures with repeated duplicate hint indices. According ...

5.3CVSS5.8AI score0.00299EPSS
Exploits0References13Affected Software1
Total number of security vulnerabilities33273