Lucene search
K
GithubRecent

33273 matches found

Github Security Blog
Github Security Blog
added 2026/01/22 6:6 p.m.12 views

Moonraker affected by LDAP search filter injection

Impact Instances of Moonraker configured with the ldap component enabled are vulnerable to LDAP search filter injection techniques via the login endpoint. The 401 error response message can be used to determine whether or not a search was successful, allowing for brute force methods to discover...

6.9CVSS5.7AI score0.0027EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/22 6:6 p.m.11 views

SurrealDB Affected by Confused Deputy Privilege Escalation through Future Fields and Functions

Unprivileged users for example, those with the database editor role can create or modify fields in records that contain functions or futures. Futures are values which are only computed when the value is queried. The query executes in the context of the querying user, rather than the user who...

6AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/22 6:6 p.m.12 views

Umbraco.Forms CDN may cache sensitive form uploads when processed by ImageSharp

Impact Protected files uploaded through Umbraco Forms may be served to unauthenticated users when a CDN or caching layer is present and ImageSharp processes the request. ImageSharp sets aggressive cache headers by default, which can cause intermediary caches to store and serve files that should...

5.7AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/22 6:4 p.m.36 views

Dragonfly Manager Job API Unauthenticated Access

Summary Dragonfly Manager's Job REST API endpoints lack authentication, allowing unauthenticated attackers to create, query, modify, and delete jobs, potentially leading to resource exhaustion, information disclosure, and service disruption. Affected Products - Product: Dragonfly - Component:...

9.8CVSS5.8AI score0.00713EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/22 6:2 p.m.10 views

Wheel Affected by Arbitrary File Permission Modification via Path Traversal in wheel unpack

Summary - Vulnerability Type: Path Traversal CWE-22 leading to Arbitrary File Permission Modification. - Root Cause Component: wheel.cli.unpack.unpack function. - Affected Packages: 1. wheel Upstream source 2. setuptools Downstream, vendors wheel - Severity: High Allows modifying system file...

7.1CVSS6.4AI score0.00311EPSS
Exploits2References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/22 6:2 p.m.19 views

docling-core vulnerable to Remote Code Execution via unsafe PyYAML usage

Impact A PyYAML-related Remote Code Execution RCE vulnerability, namely CVE-2020-14343, is exposed in docling-core =2.21.0, 2.48.4 and, specifically only if the application uses pyyaml 5.4 and invokes doclingcore.types.doc.DoclingDocument.loadfromyaml passing it untrusted YAML data. Patches The...

10CVSS7.7AI score0.05984EPSS
Exploits2References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/22 6:2 p.m.9 views

Seroval affected by Denial of Service via Deeply Nested Objects

Serialization of objects with extreme depth can exceed the maximum call stack limit. Mitigation: Seroval introduces a depthLimit parameter in serialization/deserialization methods. An error will be thrown if the depth limit is reached...

7.5CVSS5.4AI score0.00403EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/22 6:2 p.m.14 views

Typebot affected by Credential Theft via Client-Side Script Execution and API Authorization Bypass

Summary Client-side script execution in Typebot allows stealing all stored credentials from any user. When a victim previews a malicious typebot by clicking "Run", JavaScript executes in their browser and exfiltrates their OpenAI keys, Google Sheets tokens, and SMTP passwords. The...

7.4CVSS6AI score0.003EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/22 12:31 p.m.12 views

Logback allows an attacker to instantiate classes already present on the class path

ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially...

1.8CVSS5.6AI score0.00159EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/22 6:30 a.m.5 views

pytest has vulnerable tmpdir handling

pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytest-of-user name pattern, which allows local users to cause a denial of service or possibly gain privileges...

6.8CVSS5.8AI score0.0014EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 11:2 p.m.14 views

Soft Serve Affected by an Authentication Bypass

Impact What kind of vulnerability is it? Who is impacted? This issue impacts every Soft Serve instance. A critical authentication bypass allows an attacker to impersonate any user including Admin by "offering" the victim's public key during the SSH handshake before authenticating with their own...

9.8CVSS5.6AI score0.00532EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 11:1 p.m.49 views

Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions

Impact Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their...

8.2CVSS5.6AI score0.01535EPSS
Exploits0References5Affected Software4
Github Security Blog
Github Security Blog
added 2026/01/21 11:0 p.m.12 views

Wrangler affected by OS Command Injection in `wrangler pages deploy`

Summary A command injection vulnerability CWE-78 has been found to exist in the wrangler pages deploy command. The issue occurs because the --commit-hash parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of --commit-hash t...

9.9CVSS6.1AI score0.01393EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 10:58 p.m.25 views

OpenTofu has High CPU usage in "tofu init" with maliciously-crafted module packages in .zip format

Impact Unauthenticated denial of service. Summary When installing module packages from attacker-controlled sources, tofu init may cause high CPU usage when encountering maliciously-crafted .zip archives for either provider or module distribution packages. Those who depend on modules or providers...

6.6AI score
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 10:52 p.m.10 views

Triton VM has a Soundness Vulnerability due to Improper Sampling of Randomness

In affected versions of Triton VM, the verifier failed to correctly sample randomness in the FRI sub-protocol. Malicious provers can exploit this to craft proofs for arbitrary statements that this verifier accepts as valid, undermining soundness. Protocols that rely on proofs and the supplied...

5.7AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 10:49 p.m.12 views

Backstage has a Possible SSRF when reading from allowed URL's in `backend.reading.allow`

Impact The FetchUrlReader component, used by the catalog and other plugins to fetch content from URLs, followed HTTP redirects automatically. This allowed an attacker who controls a host listed in backend.reading.allow to redirect requests to internal or sensitive URLs that are not on the...

3.7CVSS5.7AI score0.00201EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 10:40 p.m.10 views

@backstage/cli-common has a possible `resolveSafeChildPath` Symlink Chain Bypass

Impact The resolveSafeChildPath utility function in @backstage/backend-plugin-api, which is used to prevent path traversal attacks, failed to properly validate symlink chains and dangling symlinks. An attacker could bypass the path validation by: 1. Symlink chains: Creating link1 → link2 → /outsi...

6.3CVSS5.6AI score0.0043EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 10:36 p.m.11 views

Backstage has a Possible Symlink Path Traversal in Scaffolder Actions

Impact Multiple Scaffolder actions and archive extraction utilities were vulnerable to symlink-based path traversal attacks. An attacker with access to create and execute Scaffolder templates could exploit symlinks to: 1. Read arbitrary files via the debug:log action by creating a symlink pointin...

9.1CVSS5.8AI score0.00478EPSS
Exploits0References4Affected Software3
Github Security Blog
Github Security Blog
added 2026/01/21 10:27 p.m.10 views

FastAPI Api Key has a timing side-channel in verify_key that allows statistical key validity detection

Impact Timing side-channel vulnerability in verifykey. The method applied a random delay only on verification failures, allowing an attacker to statistically distinguish valid from invalid API keys by measuring response latencies. With enough repeated requests, an adversary could infer whether a...

3.7CVSS5.6AI score0.00254EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 10:23 p.m.9 views

Flux Operator Web UI Impersonation Bypass via Empty OIDC Claims

A privilege escalation vulnerability exists in the Flux Operator Web UI authentication code that allows an attacker to bypass Kubernetes RBAC impersonation and execute API requests with the operator's service account privileges. After OIDC token claims are processed through CEL expressions, there...

5.3CVSS5.9AI score0.00303EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 10:19 p.m.13 views

Copier safe template has arbitrary filesystem write access via directory symlinks when _preserve_symlinks: true

Impact Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it turns out, a safe template can currently write to arbitrary directories outside the...

7.1CVSS5.8AI score0.00224EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 10:8 p.m.11 views

Copier safe template has arbitrary filesystem read access via symlinks when _preserve_symlinks: false

Impact Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it turns out, a safe template can currently include arbitrary files/directories outsid...

6.8CVSS5.7AI score0.002EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 10:0 p.m.15 views

Argo Workflows affected by stored XSS in the artifact directory listing

Summary Stored XSS in the artifact directory listing allows any workflow author to execute arbitrary JavaScript in another user’s browser under the Argo Server origin, enabling API actions with the victim’s privileges. Details The directory listing response in server/artifacts/artifactserver.go...

7.3CVSS5.8AI score0.00337EPSS
Exploits1References7Affected Software2
Github Security Blog
Github Security Blog
added 2026/01/21 6:30 p.m.14 views

phpPgAdmin contains a remote command execution vulnerability

phpPgAdmin 7.13.0 contains a remote command execution vulnerability that allows authenticated attackers to execute arbitrary system commands through SQL query manipulation. Attackers can create a custom table, upload a malicious .txt file, and use the COPY FROM PROGRAM command to execute operatin...

6.3AI score0.00262EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 5:5 p.m.7 views

Seroval affected by Denial of Service via Array serialization

Overriding encoded array lengths by replacing them with an excessively large value causes the deserialization process to significantly increase processing time. Mitigation: Seroval no longer encodes array lengths. Instead, it computes length using Array.prototype.length during deserialization...

7.5CVSS5.6AI score0.00395EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 4:57 p.m.9 views

seroval affected by Denial of Service via RegExp serialization

Overriding RegExp serialization with extremely large patterns can exhaust JavaScript runtime memory during deserialization. Additionally, overriding RegExp serialization with patterns that trigger catastrophic backtracking can lead to ReDoS Regular Expression Denial of Service. Mitigation: Serova...

7.5CVSS5.4AI score0.00481EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 4:38 p.m.13 views

Tendenci Affected by Authenticated Remote Code Execution via Pickle Deserialization

A critical deserialization vulnerability exists in Tendenci Helpdesk module NOTE, by default, Helpdesk is NOT enabled, affecting the version 15.3.11 and earlier. This vulnerability allows remote code execution RCE by an authenticated user with staff security level due to using Python's pickle...

9.8CVSS7AI score0.01338EPSS
Exploits1References11Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 4:36 p.m.9 views

@envelop/graphql-modules has a Race Condition vulnerability

Summary Context race condition when using useGraphQLModules plugin Details Related to: https://github.com/graphql-hive/graphql-modules/security/advisories/GHSA-53wg-r69p-v3r7 When 2 or more parallel requests are made which trigger the same service, the context of the requests is mixed up in the...

5.6AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 4:19 p.m.9 views

go-tuf improperly validates the configured threshold for delegations

Security Disclosure: Improper validation of configured threshold for delegations Summary A compromised or misconfigured TUF repository can have the configured value of signature thresholds set to 0, which effectively disables signature verification. Impact Unathorized modification to TUF metadata...

7.5CVSS5.5AI score0.00196EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 4:19 p.m.9 views

go-tuf affected by client DoS via malformed server response

Security Disclosure: Client DoS via malformed server response Summary If the TUF repository or any of its mirrors returns invalid TUF metadata JSON valid JSON but not well formed TUF metadata, the client will panic during parsing, causing a DoS. The panic happens before any signature is validated...

7.5CVSS5.5AI score0.0053EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 4:13 p.m.33 views

sm-crypto Affected by Signature Forgery in SM2-DSA

Summary A signature forgery vulnerability exists in the SM2 signature verification logic of sm-crypto. Under default configurations, an attacker can forge valid signatures for arbitrary public keys. If the message space contains sufficient redundancy, the attacker can fix the prefix of the messag...

7.5CVSS5.7AI score0.00194EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 4:13 p.m.9 views

sm-crypto Affected by Signature Malleability in SM2-DSA

Summary A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library. An attacker can derive a new valid signature for a previously signed message from an existing signature. Credit This vulnerability was discovered by: - XlabAI Team of Tencent...

7.5CVSS5.5AI score0.0019EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 4:13 p.m.8 views

sm-crypto Affected by Private Key Recovery in SM2-PKE

Summary A private key recovery vulnerability exists in the SM2 decryption logic of sm-crypto. By interacting with the SM2 decryption interface multiple times, an attacker can fully recover the private key within approximately several hundred interactions. Credit This vulnerability was discovered...

9.1CVSS5.5AI score0.00209EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 4:13 p.m.11 views

CoreShop Vulnerable to SQL Injection via Admin customer-company-modifier

SQL Injection in CustomerTransformerController Summary An error-based SQL Injection vulnerability was identified in the CustomerTransformerController within the CoreShop admin panel. The affected endpoint improperly interpolates user-supplied input into a SQL query, leading to database error...

6.9CVSS6.2AI score0.00381EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 4:12 p.m.11 views

vLLM affected by RCE via auto_map dynamic module loading during model initialization

Summary vLLM loads Hugging Face automap dynamic modules during model resolution without gating on trustremotecode, allowing attacker-controlled Python code in a model repo/path to execute at server startup. --- Impact An attacker who can influence the model repo/path local directory or remote...

9.8CVSS5.9AI score0.00737EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 3:47 p.m.8 views

mailqueue TYPO3 extension affected by Insecure Deserialization in QueueableFileTransport

Description The extension extends TYPO3’s FileSpool component, which was vulnerable to Insecure Deserialization prior to TYPO3-CORE-SA-2026-004. Since the related fix is overwritten by the extension, using the extension with a patched TYPO3 core version still allows for Insecure Deserialization,...

5.2CVSS5.5AI score0.00122EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 3:41 p.m.12 views

seroval Affected by Remote Code Execution via JSON Deserialization

Improper input handling in the JSON deserialization component can lead to arbitrary JavaScript code execution. The vulnerability can be exploited via overriding constant value and error deserialization, which allows indirect access to unsafe JS evaluation. This requires at least the ability to...

7.5CVSS6AI score0.00519EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 3:41 p.m.11 views

seroval Affected by Prototype Pollution via JSON Deserialization

Due to improper input validation, a malicious object key can lead to prototype pollution during JSON deserialization. This affects only JSON deserialization functionality. As there is no known workaround, please upgrade to the latest version...

9.8CVSS5.6AI score0.00246EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 3:40 p.m.12 views

Laravel Redis Horizontal Scaling Insecure Deserialization

Impact This vulnerability affects Laravel Reverb versions prior to v1.7.0 when horizontal scaling is enabled REVERBSCALINGENABLED=true. The exploitability of this vulnerability is increased because Redis servers are commonly deployed without authentication. With horizontal scaling enabled, Reverb...

9.8CVSS5.8AI score0.00878EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 3:31 p.m.9 views

Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin

Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components. Only deployments that meet all of the following criteria ar...

8.2CVSS5.6AI score0.00491EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 3:31 p.m.9 views

Apache Solr: Insufficient file-access checking in standalone core-creation requests

The "create core" API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of and attempt to read file-system paths that should be disallowed by Solr's "allowPaths" security setting...

7.1CVSS5.5AI score0.00654EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 3:31 p.m.9 views

Keycloak Admin REST API exposes backend schema and rules

A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control...

2.7CVSS5.4AI score0.0032EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 9:31 a.m.11 views

Keycloak services allows the issuance of access and refresh tokens for disabled users

A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the issuance of access and refresh tokens for disabled users, leading to unauthorized use of previously revoked privileges, via a business logic vulnerability in the Token Exchange implementation when a...

6.5CVSS5.4AI score0.00443EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 6:31 a.m.10 views

Keycloak does not validate and update refresh token usage atomically

A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. Thi...

3.1CVSS5.4AI score0.00282EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 1:6 a.m.10 views

ImageMagick has a NULL pointer dereference in MSL parser via <comment> tag before image load

Summary NULL pointer dereference in MSL Magick Scripting Language parser when processing tag before any image is loaded. Version - ImageMagick 7.x tested on current main branch - Commit: HEAD Steps to Reproduce Method 1: Using ImageMagick directly bash magick MSL:poc.msl out.png Method 2: Using...

7.5CVSS5.5AI score0.0043EPSS
Exploits1References3Affected Software19
Github Security Blog
Github Security Blog
added 2026/01/21 1:6 a.m.9 views

ImageMagick has a Memory Leak in LoadOpenCLDeviceBenchmark() when parsing malformed XML

Summary A memory leak vulnerability exists in the LoadOpenCLDeviceBenchmark function in MagickCore/opencl.c. When parsing a malformed OpenCL device profile XML file that contains closing tags, the function fails to release allocated memory for string members platformname, vendorname, name, versio...

5.7AI score
Exploits0References3Affected Software19
Github Security Blog
Github Security Blog
added 2026/01/21 1:5 a.m.18 views

Race Condition in node-tar Path Reservations via Unicode Ligature Collisions on macOS APFS

TITLE: Race Condition in node-tar Path Reservations via Unicode Sharp-S ß Collisions on macOS APFS AUTHOR: Tomás Illuminati Details A race condition vulnerability exists in node-tar v7.5.3 this is to an incomplete handling of Unicode path collisions in the path-reservations system. On...

8.8CVSS5.9AI score0.00233EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 1:5 a.m.12 views

ImageMagick MSL: Stack overflow via infinite recursion in ProcessMSLScript

Summary Stack overflow via infinite recursion in MSL Magick Scripting Language command when writing to MSL format. Version - ImageMagick 7.x tested on current main branch - Commit: HEAD - Requires: libxml2 support for MSL parsing Steps to Reproduce Method 1: Using ImageMagick directly bash magick...

5.5CVSS5.5AI score0.00161EPSS
Exploits1References4Affected Software18
Github Security Blog
Github Security Blog
added 2026/01/21 1:5 a.m.14 views

Swift W3C TraceContext vulnerable to a malformed HTTP header causing a crash

Impact A denial-of-service vulnerability due to improper input validation allows a remote attacker to crash the service via a malformed HTTP header. Allows crashing the process with data coming from the network when used with, for example, an HTTP server. Most common way of using Swift W3C Trace...

5.3CVSS5.7AI score0.00392EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2026/01/21 1:4 a.m.13 views

AlchemyCMS: Authenticated Remote Code Execution (RCE) via eval injection in ResourcesHelper

Summary A vulnerability was discovered during a manual security audit of the AlchemyCMS source code. The application uses the Ruby eval function to dynamically execute a string provided by the resourcehandler.enginename attribute in Alchemy::ResourcesHelperresourceurlproxy. Details The...

9.9CVSS6.1AI score0.00426EPSS
Exploits0References8Affected Software1
Total number of security vulnerabilities33273