Lucene search
K
GithubRecent

33273 matches found

Github Security Blog
Github Security Blog
added 2026/01/26 9:30 p.m.11 views

KubeVirt Guest Agent DoS via Excessive Network Interface Reports

A flaw was found in KubeVirt. A user within a virtual machine VM, if the guest agent is active, can exploit this by causing the agent to report an excessive number of network interfaces. This action can overwhelm the system's ability to store VM configuration updates, effectively blocking changes...

6.4CVSS5.8AI score0.0026EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/26 9:30 p.m.7 views

Duplicate Advisory: go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2464-8j7c-4cjm. This link is maintained to preserve external references. Original Description A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using...

5.3CVSS5.7AI score0.00357EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/26 9:30 p.m.6 views

Duplicate Advisory: gix-date can create non-utf8 string with `TimeBuf::as_str`

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6mw6-mj76-grwc. This link is maintained to preserve external references. Original Description A flaw was found in gix-date. The gixdate::parse::TimeBuf::asstr function can generate strings containing invalid...

7.1CVSS5.7AI score0.00193EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/26 9:29 p.m.8 views

pnpm has Path Traversal via arbitrary file permission modification

Summary When pnpm processes a package's directories.bin field, it uses path.join without validating the result stays within the package root. A malicious npm package can specify "directories": "bin": "../../../../tmp" to escape the package directory, causing pnpm to chmod 755 files at arbitrary...

6.7CVSS6AI score0.00244EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/26 9:17 p.m.9 views

BentoML has a Path Traversal via Bentofile Configuration

Summary BentoML's bentofile.yaml configuration allows path traversal attacks through multiple file path fields description, docker.setupscript, docker.dockerfiletemplate, conda.environmentyml. An attacker can craft a malicious bentofile that, when built by a victim, exfiltrates arbitrary files fr...

7.4CVSS6AI score0.00437EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/26 9:2 p.m.10 views

pnpm: Binary ZIP extraction allows arbitrary file write via path traversal (Zip Slip)

Summary A path traversal vulnerability in pnpm's binary fetcher allows malicious packages to write files outside the intended extraction directory. The vulnerability has two attack vectors: 1 Malicious ZIP entries containing ../ or absolute paths that escape the extraction root via AdmZip's...

6.5CVSS5.9AI score0.00396EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/26 9:2 p.m.11 views

pnpm has Windows-specific tarball Path Traversal

Summary A path traversal vulnerability in pnpm's tarball extraction allows malicious packages to write files outside the package directory on Windows. The path normalization only checks for ./ but not .. On Windows, backslashes are directory separators, enabling path traversal. This vulnerability...

6.5CVSS5.9AI score0.00433EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/26 9:2 p.m.8 views

pnpm scoped bin name Path Traversal allows arbitrary file creation outside node_modules/.bin

Summary A path traversal vulnerability in pnpm's bin linking allows malicious npm packages to create executable shims or symlinks outside of nodemodules/.bin. Bin names starting with @ bypass validation, and after scope normalization, path traversal sequences like ../../ remain intact. Details Th...

6.5CVSS5.9AI score0.00438EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/26 9:2 p.m.10 views

pnpm has symlink traversal in file:/git dependencies

Summary When pnpm installs a file: directory or git: dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path e.g., /etc/passwd, /.ssh/idrsa causes pnpm to copy that file's contents...

6.7CVSS6.1AI score0.00469EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/26 6:57 p.m.7 views

vm2 has a Sandbox Escape

In vm2 for version 3.10.0, Promise.prototype.then Promise.prototype.catch callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. js const VM = require"vm2"; const code = const error = new Error; error.name = Symbol; const f = async = error.stack...

10CVSS6AI score0.01222EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/26 6:55 p.m.8 views

dcap-qvl has Missing Verification for QE Identity

Impact This vulnerability involves a critical gap in the cryptographic verification process within the dcap-qvl. The library fetches QE Identity collateral including qeidentity, qeidentitysignature, and qeidentityissuerchain from the PCCS. However, it skips to verify the QE Identity signature...

9.3CVSS5.9AI score0.00208EPSS
Exploits0References3Affected Software4
Github Security Blog
Github Security Blog
added 2026/01/26 6:31 p.m.12 views

Withdrawn Advisory: eslint has a Stack Overflow when serializing objects with circular references

Withdrawn Advisory This advisory has been withdrawn because RuleTester is used for testing rules during development and results in a error rather than crashing the application. Original Description There is a Stack Overflow vulnerability in eslint before 9.26.0 when serializing objects with...

5.5CVSS5.1AI score0.00163EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/26 12:30 p.m.12 views

Apache Continuum vulnerable to Command Injection through Installations REST API

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Continuum. This issue affects Apache Continuum: all versions. Attackers with access to the Installations REST API can use this to invoke arbitrary commands on the...

9.9CVSS5.9AI score0.03732EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/26 12:30 p.m.11 views

Apache Karaf Decanter has Deserialization of Untrusted Data in its Log Socket Collector

Deserialization of Untrusted Data vulnerability in Apache Karaf Decanter. The Decanter Log Socket Collector exposes port 4560 without authentication. If the collector exposes allowed classes property, this configuration can be bypassed. The Log Socket Collector is vulnerable to deserialization of...

3.7CVSS5.8AI score0.00655EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/26 12:30 p.m.11 views

Apache Hadoop HDFS Native Client has Out-of-bounds Write Vulnerability

Out-of-bounds Write vulnerability in Apache Hadoop HDFS native client. This issue affects Apache Hadoop: from 3.2.0 before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

7.3CVSS5.8AI score0.00862EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/23 8:17 p.m.11 views

phpMyFAQ: Public API endpoints expose emails and invisible questions

Summary Several public API endpoints return email addresses and non‑public records e.g. open questions with isVisible=false. Details OpenQuestionController::list calls Question::getAll with the default showAll=true, returning invisible questions and their emails. Similar exposures exist in...

7.5CVSS5.4AI score0.00375EPSS
Exploits1References3Affected Software2
Github Security Blog
Github Security Blog
added 2026/01/23 8:17 p.m.13 views

phpMyFAQ: /api/setup/backup accessible to any authenticated user (authz missing)

Summary Authenticated non‑admin users can call /api/setup/backup and trigger a configuration backup. The endpoint only checks authentication, not authorization, and returns a link to the generated ZIP. Details SetupController.php uses userIsAuthenticated but does not verify that the requester has...

6.5CVSS5.5AI score0.01734EPSS
Exploits3References3Affected Software2
Github Security Blog
Github Security Blog
added 2026/01/23 8:17 p.m.11 views

phpMyFAQ: Attachment download allowed without dlattachment right (broken access control)

Summary A logged‑in user without the dlattachment right can download FAQ attachments. This is due to a permissive permission check in attachment.php that treats the mere presence of a right key as authorization and a flawed group/user logic expression. Details In attachment.php, the access decisi...

6.5CVSS5.5AI score0.0042EPSS
Exploits1References3Affected Software2
Github Security Blog
Github Security Blog
added 2026/01/23 6:31 p.m.14 views

LavaLite CMS affected by a stored cross-site scripting vulnerability

LavaLite CMS versions up to and including 10.1.0 contain a stored cross-site scripting vulnerability in the package creation and search functionality. Authenticated users can supply crafted HTML or JavaScript in the package Name or Description fields that is stored and later rendered without prop...

5.4CVSS5AI score0.00198EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/23 6:31 p.m.14 views

miniserve affected by a TOCTOU and symlink race vulnerability

A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization when uploads are enabled can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination...

6.8CVSS5.7AI score0.00299EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/23 6:31 p.m.9 views

Free5gc NRF is vulnerable to scope validation bypass via maliciously crafted targetNF value

An issue was discovered in Free5gc NRF 1.4.0. In the access-token generation logic of free5GC, the AccessTokenScopeCheck function in file internal/sbi/processor/accesstoken.go bypasses all scope validation when the attacker uses a crafted targetNF value. This allows attackers to obtain an access...

9.1CVSS5.6AI score0.00307EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/23 4:56 p.m.16 views

CometBFT has inconsistencies between how commit signatures are verified and how block time is derived

CSA-2026-001: Tachyon Description Name: CSA-2026-001: Tachyon Criticality: Critical Catastrophic Impact; Possible Likelihood per ACMv1.2 Affected versions: All versions of CometBFT Affected users: Validators and protocols relying on block timestamps Description A consensus-level vulnerability was...

5.6AI score
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/23 4:28 p.m.11 views

XWiki Affected by Reflected Cross-Site Scripting (XSS) in Error Messages

Impact A reflected cross site scripting XSS vulnerability in XWiki allows an attacker to execute arbitrary actions in XWiki with the rights of the victim if the attacker manages to trick a victim into visiting a crafted URL. If the victim has administrative or programming rights, those rights can...

6.5CVSS5.4AI score0.00503EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/23 3:31 p.m.19 views

protobuf affected by a JSON recursion depth bypass

A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...

8.2CVSS5.6AI score0.00613EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/23 9:30 a.m.5 views

Hibernate vulnerable to SQL Injection

A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive informatio...

8.3CVSS6AI score0.00782EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/23 6:31 a.m.14 views

Moodle affected by a code injection vulnerability

A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient validation of restore input, which leads to unintended interpretation by core restore routines. Successful exploitation could result in a...

8.8CVSS5.8AI score0.00528EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/23 6:31 a.m.9 views

Langflow affected by Remote Code Execution via validate_code() exec()

Langflow execglobals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific...

9.8CVSS6.6AI score0.10371EPSS
Exploits8References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/23 6:31 a.m.13 views

Duplicate Advisory: npm cli Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Duplicate Advisory This advisory has been withdrawn because describes a dependency bump and therefore, per CVE CNA rule 4.1.12, is a duplicate of GHSA-34x7-hfp2-rc4v/CVE-2026-24842. Additionally, per https://github.com/npm/cli/issues/8939issuecomment-3862719883, npm cli should not be listed as an...

7CVSS7.5AI score0.00286EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/23 6:31 a.m.6 views

Duplicate Advisory: gemini-mcp-tool vulnerable to OS command injection and @file exfiltration via prompt quoting (CVE-2026-0755)

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4h5r-5jm8-jxjm. This link is maintained to preserve external references. Original Description gemini-mcp-tool execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote...

9.8CVSS9.2AI score0.03336EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/23 12:31 a.m.11 views

Gitea does not properly validate repository ownership when linking attachments to releases

Gitea does not properly validate repository ownership when linking attachments to releases. An attachment uploaded to a private repository could potentially be linked to a release in a different public repository, making it accessible to unauthorized users...

9.1CVSS5.5AI score0.00415EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/23 12:31 a.m.11 views

Gitea does not properly validate ownership when toggling OpenID URI visibility

Gitea does not properly validate ownership when toggling OpenID URI visibility. An authenticated user may be able to change the visibility settings of other users' OpenID identities...

6.5CVSS5.5AI score0.00277EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/23 12:31 a.m.11 views

Gitea may send release notification emails for private repositories to users whose access has been revoked

Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from public to private, users who previously watched the repository may continue to receive release notifications, potentially disclosing release titles, tags,...

3.5CVSS5.3AI score0.00237EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/23 12:31 a.m.10 views

Gitea has improper access control for uploaded attachments

Gitea does not properly verify repository context when deleting attachments. A user who previously uploaded an attachment to a repository may be able to delete it after losing access to that repository by making the request through a different repository they can access...

7.5CVSS5.4AI score0.00358EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/23 12:31 a.m.8 views

Gitea improperly exposes issue titles and repository names through previously started stopwatches

Gitea's stopwatch API does not re-validate repository access permissions. After a user's access to a private repository is revoked, they may still view issue titles and repository names through previously started stopwatches...

6.5CVSS5.4AI score0.00333EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/23 12:31 a.m.9 views

Gitea does not properly validate repository ownership when deleting Git LFS locks

Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository may be able to delete LFS locks belonging to other repositories...

9.1CVSS5.4AI score0.00415EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/23 12:31 a.m.9 views

Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface

Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface. A user with read access to pull requests may be able to cancel auto-merges scheduled by other users...

4.3CVSS5.4AI score0.00303EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/23 12:31 a.m.8 views

Gitea improperly exposes issue and pull request titles

Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...

6.5CVSS5.4AI score0.00344EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/23 12:31 a.m.13 views

Gitea does not properly validate project ownership in organization project operations

Gitea does not properly validate project ownership in organization project operations. A user with project write access in one organization may be able to modify projects belonging to a different organization...

9.1CVSS5.4AI score0.00392EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/22 10:30 p.m.10 views

Container and Containerization archive extraction does not guard against escapes from extraction base directory.

Summary The ArchiveReader.extractContents function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system...

7.8CVSS5.5AI score0.00244EPSS
Exploits1References3Affected Software2
Github Security Blog
Github Security Blog
added 2026/01/22 9:41 p.m.12 views

Freeform Craft Plugin CP UI (builder/integrations) has Stored Cross-Site Scripting (XSS) issue

Summary An authenticated, low-privilege user able to create/edit forms can inject arbitrary HTML/JS into the Craft Control Panel CP builder and integrations views. User-controlled form labels and integration metadata are rendered with dangerouslySetInnerHTML without sanitization, leading to store...

5.4CVSS5.9AI score0.00253EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/22 9:33 p.m.19 views

Spring Security has a broken timing attack mitigation implemented in DaoAuthenticationProvide

The fix applied in CVE-2025-22228 inadvertently broke the timing attack mitigation implemented in DaoAuthenticationProvider. This can allow attackers to infer valid usernames or other authentication behavior via response-time differences under certain configurations...

7.4CVSS5.5AI score0.00568EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/22 8:28 p.m.11 views

sigstore legacy TUF client allows for arbitrary file writes with target cache path traversal

Summary The legacy TUF client pkg/tuf/client.go, which supports caching target files to disk, constructs a filesystem path by joining a cache base directory with a target name sourced from signed target metadata, but it does not validate that the resulting path stays within the cache base...

5.8CVSS5.7AI score0.0037EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/22 8:26 p.m.9 views

Incus container image templating arbitrary host file read and write

Summary A user with the ability to launch a container with a custom image e.g a member of the ‘incus’ group can use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file read, and host arbitrary file write, ultimately resulting in arbitrary command...

8.7CVSS6.2AI score0.00731EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/22 8:21 p.m.8 views

Incus container environment configuration newline injection

Summary A user with the ability to launch a container with a custom YAML configuration e.g a member of the ‘incus’ group can create an environment variable containing newlines, which can be used to add additional configuration items in the container’s lxc.conf due to the newline injection. This c...

8.7CVSS5.9AI score0.00471EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/22 6:41 p.m.8 views

Rekor affected by Server-Side Request Forgery (SSRF) via provided public key URL

Summary /api/v1/index/retrieve supports retrieving a public key via a user-provided URL, allowing attackers to trigger SSRF to arbitrary internal services. Since the SSRF only can trigger GET requests, the request cannot mutate state. The response from the GET request is not returned to the calle...

5.3CVSS5.8AI score0.00332EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/22 6:41 p.m.9 views

Rekor's COSE v0.0.1 entry type nil pointer dereference in Canonicalize via empty Message

Summary Rekor’s cose v0.0.1 entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message. validate returns nil success when message is empty, leaving sign1Msg uninitialized, and Canonicalize later dereferences v.sign1Msg.Payload. Impa...

5.3CVSS5.5AI score0.00384EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/22 6:30 p.m.11 views

Sentencepiece has a a heap overflow issue

Invalid memory access in Sentencepiece versions less than 0.2.1 when using a vulnerable model file, which is not created in the normal training procedure...

8.5CVSS5.4AI score0.00163EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/22 6:30 p.m.17 views

orjson does not limit recursion for deeply nested JSON documents

The orjson.dumps function in orjson before 3.11.6 does not limit recursion for deeply nested JSON documents...

7.5CVSS5.8AI score0.0055EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/22 6:30 p.m.7 views

Beam Exposes sensitive information via joinCleanPath function

Directory Traversal vulnerability in Beam beta9 v.0.1.552 allows a remote attacker to obtain sensitive information via the joinCleanPath function...

6CVSS5.9AI score0.00881EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/22 6:9 p.m.14 views

Orval Mock Generation Code Injection via const

I am reporting a code injection vulnerability in Orval’s mock generation pipeline affecting @orval/mock in both the 7.x and 8.x series. This issue is related in impact to the previously reported enum x-enumDescriptions https://github.com/advisories/GHSA-h526-wf6g-67jv, but it affects a different...

9.8CVSS6AI score0.00678EPSS
Exploits0References11Affected Software1
Total number of security vulnerabilities33273