33273 matches found
ESPHome vulnerable to denial-of-service via out-of-bounds check bypass in the API component
Summary An integer overflow in the API component's protobuf decoder allows denial-of-service attacks when API encryption is not used. Details The bounds check ptr + fieldlength end in components/api/proto.cpp can overflow when a malicious client sends a large fieldlength value. This affects all...
Swing Music has a Directory Traversal & Filesystem can be accessed by a non-admin user
Summary Swing Music's listfolders function in the /folder/dir-browser endpoint is vulnerable to directory traversal attacks. Any authenticated user including non-admin can browse arbitrary directories on the server filesystem. Details The @api.post"/dir-browser" endpoint lacks proper path...
File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login
Summary The JSONAuth.Auth function contains a logic flaw that allows unauthenticated attackers to enumerate valid usernames by measuring the response time of the /api/login endpoint. Details The vulnerability exists due to a "short-circuit" evaluation in the authentication logic. When a username ...
SiYuan vulnerable to Arbitrary file Read / SSRF
Summary Markdown feature allows unrestricted server side html-rendering which allows arbitary file read LFD and fully SSRF access We in @0xL4ugh @abdoghazy2015, @xtromera, @A-z4ki, @ZeyadZonkorany and @KarimTantawey During playing Null CTF 2025 that helps us solved a challenge with unintended way...
SiYuan Vulnerable to Arbitrary File Read via File Copy Functionality
Summary The SiYuan Note application v3.5.3 contains a logic vulnerability in the /api/file/globalCopyFiles endpoint. The function allows authenticated users to copy files from any location on the server's filesystem into the application's workspace without proper path validation Details The...
Mailpit has a Server-Side Request Forgery (SSRF) via HTML Check API
Server-Side Request Forgery SSRF via HTML Check CSS Download The HTML Check feature /api/v1/message/ID/html-check is designed to analyze HTML emails for compatibility. During this process, the inlineRemoteCSS function automatically downloads CSS files from external tags to inline them for testing...
Orval has a code injection via unsanitized x-enum-descriptions in enum generation
Impact Arbitrary code execution in environments consuming generated clients This issue is similar in nature to the recently-patched MCP vulnerability CVE-2026-22785, but affects a different code path in @orval/core that was not addressed by that fix. The vulnerability allows untrusted OpenAPI...
SiYuan has a Reflected Cross-Site Scripting (XSS) via /api/icon/getDynamicIcon
Summary Reflected XSS in /api/icon/getDynamicIcon due to unsanitized SVG input. Details The endpoint generates SVG images for text icons type=8. The content query parameter is inserted directly into the SVG tag without XML escaping. Since the response Content-Type is image/svg+xml, injecting...
Claude Code Leaks Data via Malicious Environment Configuration Before Trust Confirmation
A vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirmed trust. If a user started Claude Code in an attacker-controller repository, and the repository included a settings file that set ANTHROPICBASEURL...
Duplicate Advisory: Wrangler affected by OS Command Injection in `wrangler pages deploy`
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-36p8-mvp6-cv38. This link is maintained to preserve external references. Original Description SummaryA command injection vulnerability CWE-78 has been found to exist in the wrangler pages deploy command. The iss...
binary-parser library has a code injection vulnerability
A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. The library directly interpolates these values into dynamically generated code without...
Fleet has a JWT signature bypass vulnerability in Azure AD MDM enrollment
Summary A vulnerability in Fleet’s Windows MDM enrollment flow could allow an attacker to submit forged authentication tokens that are not properly validated. Because JWT signatures were not verified, Fleet could accept attacker-controlled identity claims, enabling enrollment of unauthorized...
Fleet has an Access Control vulnerability in debug/pprof endpoints
Summary A broken access control issue in Fleet allowed authenticated users to access debug and profiling endpoints regardless of role. As a result, low-privilege users could view internal server diagnostics and trigger resource-intensive profiling operations. Impact Fleet’s debug/pprof endpoints...
Fleet Windows MDM endpoint has a Cross-site Scripting vulnerability
Summary A cross-site scripting XSS vulnerability in Fleet’s Windows MDM authentication flow could allow an attacker to compromise a Fleet user account. In certain cases, this could lead to administrative access and the ability to perform privileged actions on managed devices. Impact If Windows MD...
AI-supported vulnerability triage with the GitHub Security Lab Taskflow Agent
Triaging security alerts is often very repetitive because false positives are caused by patterns that are obvious to a human auditor but difficult to encode as a formal code pattern. But large language models LLMs excel at matching the fuzzy patterns that traditional tools struggle with, so we at...
Turbo Frame responses can restore stale session cookies
Summary A race condition in Turbo Frames allows delayed HTTP responses to restore stale session cookies after session-modifying operations. Details Browsers automatically process Set-Cookie headers from HTTP responses. When a Turbo Frame request is in-flight during a session-modifying action such...
ChatterBot Vulnerable to Denial of Service via Database Connection Pool Exhaustion
Summary ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocations of the getresponse method can exhaust the underlying SQLAlchemy connection pool, resulting in persistent service...
XDocReport affected by a Server-Side Template Injection (SSTI) vulnerability
A Server-Side Template Injection SSTI vulnerability in the FreeMarker component of opensagres XDocReport v1.0.0 to v2.1.0 allows attackers to execute arbitrary code via injecting crafted template expressions...
XDocReport affected by an XML External Entity (XXE) vulnerability
An XML External Entity XXE vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file...
Mailpit has an SMTP Header Injection via Regex Bypass
Vulnerability Report: SMTP Header Injection via Regex Bypass Vulnerable Code: mailpit/internal/smtpd/smtpd.go Executive Summary Mailpit's SMTP server is vulnerable to Header Injection due to an insufficient Regular Expression used to validate RCPT TO and MAIL FROM addresses. An attacker can injec...
Lobe Chat affected by Cross-Site Scripting(XSS) that can escalate to Remote Code Execution(RCE)
Summary A stored Cross-Site Scripting XSS vulnerability in the Mermaid artifact renderer allows attackers to execute arbitrary JavaScript within the application context. This XSS can be escalated to Remote Code Execution RCE. Details The vulnerability exists in the Renderer component responsible...
ImageMagick releases an invalid pointer in BilateralBlur when memory allocation fails
The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But the last element in the set is not properly initialized. This will result in a release of an invalid pointer inside DestroyBilateralTLS when the memory allocation fails...
esm.sh has a path traversal in extractPackageTarball enables file writes from malicious packages
Summary The commit does not actually fix the path traversal bug. path.Clean basically normalizes a path but does not prevent absolute paths in a malicious tar file. PoC This test file can demonstrate the basic idea pretty easily: go package server import "archive/tar" "bytes" "compress/gzip"...
Lobe Chat has IDOR in Knowledge Base File Removal that Allows Cross User File Deletion
Summary knowledgeBase.removeFilesFromKnowledgeBase tRPC ep allows authenticated users to delete files from any knowledge base without verifying ownership. Details userId filter in the database query is commented out, so it's enabling attackers to delete other users' KB files if they know the...
Kimai has an Authenticated Server-Side Template Injection (SSTI)
Kimai 2.45.0 - Authenticated Server-Side Template Injection SSTI Vulnerability Summary | Field | Value | |-------|-------| | Title | Authenticated SSTI via Permissive Export Template Sandbox || Attack Vector | Network | | Attack Complexity | Low | | Privileges Required | High Admin with export...
External Secrets Operator insecurely retrieves secrets through the getSecretKey templating function
Summary The getSecretKey template function, while introduced for senhasegura Devops Secrets Management DSM provider, has the ability to fetch secrets cross-namespaces with the roleBinding of the external-secrets controller, bypassing our security mechanisms. This function was completely removed, ...
@fastify/express vulnerable to Improper Handling of URL Encoding (Hex Encoding)
Summary A security vulnerability exists in @fastify/express where middleware registered with a specific path prefix can be bypassed using URL-encoded characters e.g., /%61dmin instead of /admin. While the middleware engine fails to match the encoded path and skips execution, the underlying Fastif...
Fastify Middie Middleware Path Bypass
Summary A security vulnerability exists in @fastify/middie where middleware registered with a specific path prefix can be bypassed using URL-encoded characters e.g., /%61dmin instead of /admin. While the middleware engine fails to match the encoded path and skips execution, the underlying Fastify...
Pterodactyl endlessly reprocesses/reuploads activity log data due to SQLite max parameters limit not being considered
Summary Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a condition that floods the panel with activity records Details After wings sends activity logs to the panel it deletes the processed activity entries from t...
Pterodactyl websocket endpoints have no visible rate limits or monitoring, allowing for DOS attacks
Summary Websockets within wings lack proper rate limiting and throttling. As a result a malicious user can open a large number of connections and then request data through these sockets, causing an excessive volume of data over the network and overloading the host system memory and cpu...
Pterodactyl improperly locks resources allowing raced queries to create more resources than alloted
Summary Pterodactyl implements rate limits that are applied to the total number of resources e.g. databases, port allocations, or backups that can exist for an individual server. These resource limits are applied on a per-server basis, and validated during the request cycle. However, it is possib...
WeasyPrint has a Server-Side Request Forgery (SSRF) Protection Bypass via HTTP Redirect
Summary A Server-Side Request Forgery SSRF Protection Bypass exists in WeasyPrint's defaulturlfetcher. The vulnerability allows attackers to access internal network resources such as localhost services or cloud metadata endpoints even when a developer has implemented a custom urlfetcher to block...
Keycloak’s OpenID Connect Dynamic Client Registration feature affected by Server-Side Request Forgery (SSRF)
A flaw was identified in Keycloak’s OpenID Connect Dynamic Client Registration feature when clients authenticate using privatekeyjwt. The issue allows a client to specify an arbitrary jwksuri, which Keycloak then retrieves without validating the destination. This enables attackers to coerce the...
MineAdmin May Expose Sensitive Information to an Unauthorized Actor
A security vulnerability has been detected in MineAdmin 1.x/2.x. Affected is an unknown function of the file /system/getFileInfoById. Such manipulation of the argument ID leads to information disclosure. It is possible to launch the attack remotely. The attack requires a high level of complexity...
MineAdmin improperly refreshes tokens
A weakness has been identified in MineAdmin 1.x/2.x. This impacts the function refresh of the file /system/refresh of the component JWT Token Handler. This manipulation causes insufficient verification of data authenticity. It is possible to initiate the attack remotely. The attack is considered ...
Chainlit contain a server-side request forgery (SSRF) vulnerability
Chainlit versions prior to 2.9.4 contain a server-side request forgery SSRF vulnerability in the /project/element update flow when configured with the SQLAlchemy data layer backend. An authenticated client can provide a user-controlled url value in an Element, which is fetched by the SQLAlchemy...
MineAdmin has Incorrect Privilege Assignment
A vulnerability was identified in MineAdmin 1.x/2.x. The impacted element is an unknown function of the file /system/cache/view of the component View Interface. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. The exploit is publicly available a...
MineAdmin May Expose Sensitive Information to an Unauthorized Actor
A security flaw has been discovered in MineAdmin 1.x/2.x. This affects an unknown function of the component Swagger. The manipulation results in information disclosure. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was...
Apache Linkis: Password Exposure
When org.apache.linkis.metadata.util.HiveUtils.decode fails to perform Base64 decoding, it records the complete input parameter string in the log via logger.errorstr + "decode failed", e. If the input parameter contains sensitive information such as Hive Metastore keys, plaintext passwords will b...
Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass
A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigger a vulnerability that allows...
Open Chinese Convert has Out-of-bounds Write
A weakness has been identified in BYVoid OpenCC up to 1.1.9. This vulnerability affects the function opencc::MaxMatchSegmentation of the file src/MaxMatchSegmentation.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been made...
risesoft-y9 Digital-Infrastructure has a SQL injection vulnerability
A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can lead to sql injection. The attack can be...
node-tar is Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization
Summary The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwrite via hardlinks and...
REC in MCPJam inspector due to HTTP Endpoint exposes
Summary MCPJam inspector is the local-first development platform for MCP servers. The Latest version Versions 1.4.2 and earlier are vulnerable to remote code execution RCE vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leadi...
GraphQL Modules has a Race Condition issue
Summary Originally reported as an issue 2613 but should be elevated to a security issue as the ExecutionContext is often used to pass authentication tokens from incoming requests to services loading data from backend APIs. Details When 2 or more parallel requests are made which trigger the same...
Veramo is Vulnerable to SQL Injection in Veramo Data Store ORM
Summary An SQL injection vulnerability exists in the @veramo/data-store package that allows any authenticated user to execute arbitrary SQL queries against the database. The vulnerability is caused by insufficient validation of the column parameter in the order array of query requests. Details...
Skipper is vulnerable to arbitrary code execution through lua filters
Impact Arbitrary code execution through lua filters. The default skipper configuration before v0.23 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The configuration...
svelte is vulnerable to XSS with textarea bind:value
Summary A server-side rendered with two-way bound value does not have its value correctly escaped in the rendered HTML. Details In SSR, does not have its value escaped when it is rendered into the HTML as .... PoC Put this in a server-side-rendered Svelte component: let value = test'"alert'BIM';;...
CakePHP PaginatorHelper::limitControl() vulnerable to reflected cross-site-scripting
Impact The PaginatorHelper::limitControl method has a cross-site-scripting vulnerability via query string parameter manipulation. Patches This issue has been fixed in 5.2.12 and 5.3.1 Workarounds If you are unable to upgrade, you should avoid using Paginator::limitControl until you can upgrade...
Crawl4AI is Vulnerable to Remote Code Execution in Docker API via Hooks Parameter
A critical remote code execution vulnerability exists in the Crawl4AI Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The import builtin was included in the allowed builtins, allowing attackers to import arbitrary modules an...