Lucene search
K
GithubRecent

33273 matches found

Github Security Blog
Github Security Blog
added 2026/01/28 4:35 p.m.24 views

node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal

Summary node-tar contains a vulnerability where the security check for hardlink entries uses different path resolution semantics than the actual hardlink creation logic. This mismatch allows an attacker to craft a malicious TAR archive that bypasses path traversal protections and creates hardlink...

8.2CVSS6.4AI score0.00541EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/28 4:34 p.m.11 views

DotNetNuke.Core Vulnerable to Stored XSS in Module Deletion Confirmation Modal

A module friendly name could include scripts that will run during some module operations in the Persona Bar...

7.6CVSS5.9AI score0.00249EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/28 4:33 p.m.11 views

DotNetNuke.Core Vulnerable to Stored XSS in Scheduler LogNotes

Extensions could write richtext in log notes which can include scripts that would run in the PersonaBar when displayed...

7.6CVSS5.9AI score0.00226EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/28 4:21 p.m.13 views

Clatter has a PSK Validity Rule Violation issue

Impact Protocol compliance vulnerability. The library allowed post-quantum handshake patterns that violated the PSK validity rule Noise Protocol Framework Section 9.3. This could allow PSK-derived keys to be used for encryption without proper randomization by self-chosen ephemeral randomness,...

9.3CVSS5.8AI score0.00122EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/28 4:20 p.m.16 views

DotNetNuke.Core has a potential XSS vulnerability in modules' header and footer

A content editor could inject scripts in module headers/footers that would run for other users...

6.8CVSS5.9AI score0.0016EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/28 4:18 p.m.17 views

soroban-fixed-point-math has Incorrect Rounding and Overflow Handling in Signed Fixed-Point Math with Negatives

Impact Incorrect rounding direction for signed mul and div operations The mulDivx, y, z function incorrectly handled cases where both the intermediate product $x y$ and the divisor $z$ were negative. The logic assumed that if the intermediate product was negative, the final result must also be...

7.5CVSS5.9AI score0.00372EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/28 4:14 p.m.17 views

vLLM vulnerable to Server-Side Request Forgery (SSRF) through MediaConnector

Summary A Server-Side Request Forgery SSRF vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The loadfromurl and loadfromurlasync methods obtain and process media from URLs provided by users, using different Python parsing libraries when restrictin...

7.1CVSS5.9AI score0.00528EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/28 4:11 p.m.12 views

Ghost vulnerable to XSS via malicious Portal preview links

Impact An attacker was able to craft a malicious link that, when accessed by an authenticated staff user or member, would execute JavaScript with the victim's permissions, potentially leading to account takeover. Vulnerable versions This vulnerability is present in Ghost versions: - v5.43.0 to...

8.8CVSS6AI score0.00255EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/01/28 4:10 p.m.14 views

Hono vulnerable to XSS through ErrorBoundary component

Summary A Cross-Site Scripting XSS vulnerability exists in the ErrorBoundary component of the hono/jsx library. Under certain usage patterns, untrusted user-controlled strings may be rendered as raw HTML, allowing arbitrary script execution in the victim's browser. Details The issue is in the...

4.7CVSS6.2AI score0.00298EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/28 4:6 p.m.15 views

Cap'n Proto has Undefined Behavior in constant::Reader and StructSchema

The safe API functions constant::Reader::get and StructSchema::new rely on PointerReader::getrootunchecked, which can cause undefined behavior UB by constructing arbitrary words or schemas. Reader::get rust pub fn get&self - Result::Reader // ... // UNSAFE: access words without validation...

6AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/28 3:49 p.m.12 views

TaskWeaver has Protection Mechanism Failure and Server-Side Request Forgery (SSRF)

Summary This vulnerability allows a user to escape the container network isolation and access the host’s local services 127.0.0.1 bound on the host. The vulnerability is applicable only on the MacOS and Windows environments while using Docker Desktop, Containerd on Lima VM, or Podman. Details...

6.1AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/28 3:38 p.m.102 views

Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components

A vulnerability affects certain React Server Components packages for versions 19.0.x, 19.1.x, and 19.2.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as CVE-2026-23864. A specially crafted HTTP...

7.5CVSS5.9AI score0.02499EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/28 3:20 p.m.53 views

Next.js has Unbounded Memory Consumption via PPR Resume Endpoint

A denial of service vulnerability exists in Next.js versions with Partial Prerendering PPR enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the Next-Resume: 1 header and processes attacker-controlled postponed state data. Two closely related...

7.5CVSS5.9AI score0.00363EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/28 3:30 a.m.13 views

billboard.js is vulnerable to XSS during chart option binding

billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding...

6.1CVSS6AI score0.00158EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/28 12:31 a.m.14 views

vlt Mishandles Path Sanitization for tar

vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction...

5.9CVSS5.9AI score0.0018EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/27 10:26 p.m.20 views

PHPUnit Vulnerable to Unsafe Deserialization in PHPT Code Coverage Handling

Overview A vulnerability has been discovered involving unsafe deserialization of code coverage data in PHPT test execution. The vulnerability exists in the cleanupForCoverage method, which deserializes code coverage files without validation, potentially allowing remote code execution if malicious...

7.8CVSS6.5AI score0.00343EPSS
Exploits0References13Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/27 10:15 p.m.16 views

Kargo's `GetConfig()` and `RefreshResource()` API endpoints allow unauthenticated access

Impact A bug was found with authentication checks on the GetConfig API endpoint. This allowed unauthenticated users to access this endpoint by specifying an Authorization header with any non-empty Bearer token value, regardless of validity. This vulnerability did allow for exfiltration of...

7.2CVSS5.8AI score0.00342EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/27 10:13 p.m.12 views

StudioCMS has Authorization Bypass Through User-Controlled Key

Summary StudioCMS contains a Broken Object Level Authorization BOLA vulnerability in the Content Management feature that allows users with the "Visitor" role to access draft content created by Editor/Admin/Owner users. Details The Issue: The endpoint /dashboard/content-management/edit?edit=UUID...

6.5CVSS5.9AI score0.00295EPSS
Exploits2References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/27 8:10 p.m.11 views

PyTorch Vulnerable to Remote Code Execution via Untrusted Checkpoint Files

Summary A vulnerability in PyTorch's weightsonly unpickler allows an attacker to craft a malicious checkpoint file .pth that, when loaded with torch.load..., weightsonly=True, can corrupt memory and potentially lead to arbitrary code execution. Vulnerability Details The weightsonly=True unpickler...

8.8CVSS6.3AI score0.00695EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/27 7:55 p.m.21 views

SandboxJS has Sandbox Escape via Unprotected AsyncFunction Constructor

Summary A sandbox escape vulnerability due to AsyncFunction not being isolated in SandboxFunction Details The library attempts to sandbox code execution by replacing the global Function constructor with a safe, sandboxed version SandboxFunction. This is handled in utils.ts by mapping Function to...

10CVSS6.3AI score0.01122EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/27 7:18 p.m.42 views

Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration

A DoS vulnerability exists in self-hosted Next.js applications that have remotePatterns configured for the Image Optimizer. The image optimization endpoint /next/image loads external images entirely into memory without enforcing a maximum size limit, allowing an attacker to cause out-of-memory...

7.5CVSS5.9AI score0.00444EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/27 7:9 p.m.8 views

Hono has an Arbitrary Key Read in Serve static Middleware (Cloudflare Workers Adapter)

Summary Serve static Middleware for the Cloudflare Workers adapter contains an information disclosure vulnerability that may allow attackers to read arbitrary keys from the Workers environment. Improper validation of user-controlled paths can result in unintended access to internal asset keys...

6.3CVSS6.1AI score0.00419EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/27 7:4 p.m.14 views

Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception

Summary Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control headers such as Cache-Control: private or Cache-Control: no-store, which may result in private or...

5.3CVSS5.9AI score0.00457EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/27 7:1 p.m.10 views

Hono IPv4 address validation bypass in IP Restriction Middleware allows IP spoofing

Summary IP Restriction Middleware in Hono is vulnerable to an IP address validation bypass. The IPV4REGEX pattern and convertIPv4ToBinary function in src/utils/ipaddr.ts do not properly validate that IPv4 octet values are within the valid range of 0-255, allowing attackers to craft malformed IP...

6.5CVSS5.9AI score0.00315EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/27 6:33 p.m.21 views

OctoPrint has Timing Side-Channel Vulnerability in API Key Authentication

Impact OctoPrint versions up to and including 1.11.5 are affected by a theoretical timing attack vulnerability that allows API key extraction over the network. Due to using character based comparison that short-circuits on the first mismatched character during API key validation, rather than a...

6CVSS5.8AI score0.00475EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/27 6:32 p.m.10 views

LibreNMS contains an authenticated SQL Injection vulnerability

LibreNMS 1.46 contains an authenticated SQL Injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnerability by manipulating the 'sort' parameter with crafted SQL Injection techniques to retrieve...

7.1CVSS5.8AI score0.00399EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/27 6:2 p.m.16 views

Kyverno Denial of Service via Context Variable Amplification in Policy Engine

Summary Unbounded memory consumption in Kyverno's policy engine allows users with policy creation privileges to cause Denial of Serviceby crafting policies that exponentially amplify string data through context variables. Details For example, the random JMESPath function in...

7.7CVSS5.9AI score0.00531EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/27 6:1 p.m.17 views

Kyverno Cross-Namespace Privilege Escalation via Policy apiCall

Summary A critical authorization boundary bypass in namespaced Kyverno Policy apiCall. The resolved urlPath is executed using the Kyverno admission controller ServiceAccount, with no enforcement that the request is limited to the policy’s namespace. As a result, any authenticated user with...

9.9CVSS6AI score0.00516EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/27 3:30 p.m.17 views

n8n Unsafe Workflow Expression Evaluation Allows Remote Code Execution

n8n contains a critical Remote Code Execution RCE vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An...

9.9CVSS6.3AI score0.18071EPSS
Exploits2References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/27 3:30 p.m.11 views

askbot inexhaustive permissions check allows any user to modify a different user's profile picture

All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other application users. This issue affects askbot: 0.12.2...

5.3CVSS5.9AI score0.00318EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/27 9:30 a.m.7 views

jsonrpc4j has Infinite Loop in RPC Stream Writer

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in briandilley jsonrpc4j src/main/java/com/googlecode/jsonrpc4j modules. This vulnerability is associated with program files NoCloseOutputStream.Java. This issue affects jsonrpc4j: through 1.6.0...

5.3CVSS5.9AI score0.00419EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/27 9:30 a.m.8 views

Quick-Media Batik Codec FIX package has Code Injection vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in liuyueyi quick-media plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/png modules. This vulnerability is associated with program files PNGImageEncoder.Java. This issue affects all...

5.3CVSS5.9AI score0.00401EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/27 9:30 a.m.14 views

Quick-Media Batik Codec FIX Package has Buffer Overflow Vulnerability in PNG Codec

Improper Verification of Cryptographic Signature vulnerability in liuyueyi quick-media plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/util modules. This vulnerability is associated with program files SeekableOutputStream.Java. This issue affects all versions...

5.3CVSS5.9AI score0.00341EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/27 9:30 a.m.10 views

weixin4j has Improperly Controlled Sequential Memory Allocation

Improperly Controlled Sequential Memory Allocation vulnerability in foxinmy weixin4j weixin4j-base/src/main/java/com/foxinmy/weixin4j/util modules. This vulnerability is associated with program files CharArrayBuffer.Java, ClassUtil.Java. This issue affects all versions of weixin4j. A path is...

6.3CVSS5.9AI score0.00432EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/27 12:59 a.m.5 views

oneshot has potential Use After Free when used asynchronously

There is a race condition that can lead to a use-after-free if a oneshot::Receiver is polled but then dropped instead of polled to completion. This could happen if the receiver future was cancelled while receiving, for example by being wrapped in a timeout future or similar. When the Receiver is...

5.9AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/27 12:57 a.m.13 views

gmrtd ReadFile Vulnerable to Denial of Service via Excessive TLV Length Values

Unbounded TLV length in ReadFile can cause Denial of Service Summary A Denial of Service vulnerability was identified in ReadFile where unbounded TLV length values could lead to excessive CPU and memory usage when processing data from a malicious or non-compliant NFC source. This issue has been...

6.5CVSS5.9AI score0.00265EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/27 12:55 a.m.20 views

Dozzle Agent Label-Based Access Control Bypass Allows Unauthorized Container Shell Access

Summary A flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters for example, label=env=dev to obtain an interactive root shell in out‑of‑scope containers for example, env=prod on the same agent host by directly targeting their container IDs. Note: Tested on v9.0....

9.9CVSS5.8AI score0.00385EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/27 12:48 a.m.10 views

Wasmtime segfault or unused out-of-sandbox load with f64.copysign operator on x86-64

On x86-64 platforms with AVX Wasmtime's compilation of the f64.copysign WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are disabled this can result in a uncaught segfault due to loading from unmapped guard pages. With guard pages disabled...

5.5CVSS5.9AI score0.00214EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/26 11:49 p.m.10 views

go-tuf Path Traversal in TAP 4 Multirepo Client Allows Arbitrary File Write via Malicious Repository Names

Security Vulnerability: Path Traversal in TAP 4 Multirepo Client Summary go-tuf's TAP 4 Multirepo Client uses the map file repository name string repoName as a filesystem path component when selecting the local metadata cache directory. If an application accepts a map file from an untrusted sourc...

4.7CVSS5.9AI score0.00211EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/26 11:37 p.m.11 views

pypdf has possible Infinite Loop when processing outlines/bookmarks

Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires accessing the outlines/bookmarks. Patches This has been fixed in pypdf 6.6.2. Workarounds If projects cannot upgrade yet, consider applying the changes from PR 3610...

5.1CVSS5.8AI score0.00388EPSS
Exploits2References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/26 11:36 p.m.11 views

MobSF has Stored XSS via Manifest Analysis - Dialer Code Host Field

Summary A Stored Cross-site Scripting XSS vulnerability in MobSF's Android manifest analysis allows an attacker to execute arbitrary JavaScript in the context of a victim's browser session by uploading a malicious APK. The android:host attribute from elements is rendered in HTML reports without...

8.1CVSS6.1AI score0.0031EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/26 11:34 p.m.13 views

Saltcorn's Reflected XSS and Command Injection vulnerabilities can be chained for 1-click-RCE

Summary 1. There is a reflected XSS vulnerability in the GET /admin/edit-codepage/:name route through the name parameter. This can be used to hijack the session of an admin if they click a specially crafted link. 2. Additionally, there is a Command Injection vulnerability in GET /admin/backup. Th...

6AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/26 11:29 p.m.8 views

Gakido vulnerable to HTTP Header Injection (CRLF Injection)

A vulnerability was discovered in Gakido that allowed HTTP Header Injection through CRLF Carriage Return Line Feed sequences in user-supplied header values and names. When making HTTP requests with user-controlled header values containing \r\n CRLF, \n LF, or \x00 null byte characters, an attacke...

5.3CVSS6AI score0.0036EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/26 11:28 p.m.7 views

Python-Multipart has Arbitrary File Write via Non-Default Configuration

Summary A Path Traversal vulnerability exists when using non-default configuration options UPLOADDIR and UPLOADKEEPFILENAME=True. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting a malicious filename. Details When UPLOADDIR is set and UPLOADKEEPFILENAME is...

8.6CVSS6AI score0.02228EPSS
Exploits5References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/26 11:26 p.m.10 views

Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName

Impact When running Skipper as an Ingress controller, users with permissions to create an Ingress and a Service of type ExternalName can create routes that enable them to use Skipper's network access to reach internal services. Patches https://github.com/zalando/skipper/releases/tag/v0.24.0...

8.1CVSS5.9AI score0.00267EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/26 9:34 p.m.11 views

sigstore CSRF possibility in OIDC authentication during signing

Summary The sigstore-python OAuth authentication flow is susceptible to Cross-Site Request Forgery. Details OAuthSession creates a unique "state" and sends it as a parameter in the authentication request but the "state" in the server response seems not not be cross-checked with this value. Fix...

5CVSS5.9AI score0.00158EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/26 9:31 p.m.14 views

AssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion

An XML External Entity XXE vulnerability exists in org.assertj.core.util.xml.XmlStringPrettyFormatter: the toXmlDocumentString method initializes DocumentBuilderFactory with default settings, without disabling DTDs or external entities. This formatter is used by the isXmlEqualToCharSequence...

9.1CVSS5.9AI score0.00542EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/26 9:30 p.m.20 views

Keycloak's missing timestamp validation allows attackers to extend SAML response validity periods

A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language SAML setup, it fails to validate the NotOnOrAfter timestamp within the SubjectConfirmationData. This allows an attacker to delay the expiration of SAML...

3.1CVSS5.8AI score0.00369EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/26 9:30 p.m.10 views

GI-DocGen vulnerable to Reflected XSS via unescaped query strings

A flaw was found in GI-DocGen. This vulnerability allows arbitrary JavaScript execution in the context of the page — enabling DOM access, session cookie theft and other client-side attacks — via a crafted URL that supplies a malicious value to the q GET parameter reflected DOM XSS...

6.1CVSS6AI score0.00337EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/26 9:30 p.m.7 views

Hibernate Reactive Vulnerable to DoS via Connection Pool Exhaustion

A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. This action may lead to leaking connections from the database connection pool, potentially causing a Denial of Service DoS by...

4.3CVSS5.8AI score0.00376EPSS
Exploits0References6Affected Software1
Total number of security vulnerabilities33273