Lucene search
K
GithubRecent

33273 matches found

Github Security Blog
Github Security Blog
added 2026/01/21 1:2 a.m.9 views

ESPHome vulnerable to denial-of-service via out-of-bounds check bypass in the API component

Summary An integer overflow in the API component's protobuf decoder allows denial-of-service attacks when API encryption is not used. Details The bounds check ptr + fieldlength end in components/api/proto.cpp can overflow when a malicious client sends a large fieldlength value. This affects all...

7.5CVSS5.5AI score0.00273EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 1:2 a.m.13 views

Swing Music has a Directory Traversal & Filesystem can be accessed by a non-admin user

Summary Swing Music's listfolders function in the /folder/dir-browser endpoint is vulnerable to directory traversal attacks. Any authenticated user including non-admin can browse arbitrary directories on the server filesystem. Details The @api.post"/dir-browser" endpoint lacks proper path...

5.3CVSS5.8AI score0.00511EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 1:2 a.m.12 views

File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login

Summary The JSONAuth.Auth function contains a logic flaw that allows unauthenticated attackers to enumerate valid usernames by measuring the response time of the /api/login endpoint. Details The vulnerability exists due to a "short-circuit" evaluation in the authentication logic. When a username ...

5.3CVSS6AI score0.00417EPSS
Exploits1References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/01/21 1:2 a.m.13 views

SiYuan vulnerable to Arbitrary file Read / SSRF

Summary Markdown feature allows unrestricted server side html-rendering which allows arbitary file read LFD and fully SSRF access We in @0xL4ugh @abdoghazy2015, @xtromera, @A-z4ki, @ZeyadZonkorany and @KarimTantawey During playing Null CTF 2025 that helps us solved a challenge with unintended way...

8.8CVSS5.5AI score0.00522EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 1:1 a.m.11 views

SiYuan Vulnerable to Arbitrary File Read via File Copy Functionality

Summary The SiYuan Note application v3.5.3 contains a logic vulnerability in the /api/file/globalCopyFiles endpoint. The function allows authenticated users to copy files from any location on the server's filesystem into the application's workspace without proper path validation Details The...

8.3CVSS5.9AI score0.00436EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 1:1 a.m.12 views

Mailpit has a Server-Side Request Forgery (SSRF) via HTML Check API

Server-Side Request Forgery SSRF via HTML Check CSS Download The HTML Check feature /api/v1/message/ID/html-check is designed to analyze HTML emails for compatibility. During this process, the inlineRemoteCSS function automatically downloads CSS files from external tags to inline them for testing...

7.5CVSS5.6AI score0.00396EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 1:1 a.m.11 views

Orval has a code injection via unsanitized x-enum-descriptions in enum generation

Impact Arbitrary code execution in environments consuming generated clients This issue is similar in nature to the recently-patched MCP vulnerability CVE-2026-22785, but affects a different code path in @orval/core that was not addressed by that fix. The vulnerability allows untrusted OpenAPI...

9.8CVSS6.3AI score0.0075EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 1:0 a.m.9 views

SiYuan has a Reflected Cross-Site Scripting (XSS) via /api/icon/getDynamicIcon

Summary Reflected XSS in /api/icon/getDynamicIcon due to unsanitized SVG input. Details The endpoint generates SVG images for text icons type=8. The content query parameter is inserted directly into the SVG tag without XML escaping. Since the response Content-Type is image/svg+xml, injecting...

6.1CVSS5.6AI score0.00263EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 1:0 a.m.18 views

Claude Code Leaks Data via Malicious Environment Configuration Before Trust Confirmation

A vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirmed trust. If a user started Claude Code in an attacker-controller repository, and the repository included a settings file that set ANTHROPICBASEURL...

7.5CVSS5.6AI score0.2297EPSS
Exploits2References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 12:31 a.m.13 views

Duplicate Advisory: Wrangler affected by OS Command Injection in `wrangler pages deploy`

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-36p8-mvp6-cv38. This link is maintained to preserve external references. Original Description SummaryA command injection vulnerability CWE-78 has been found to exist in the wrangler pages deploy command. The iss...

9.9CVSS6.1AI score0.01393EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/20 9:31 p.m.9 views

binary-parser library has a code injection vulnerability

A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. The library directly interpolates these values into dynamically generated code without...

6.5CVSS6.5AI score0.00505EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/20 8:55 p.m.11 views

Fleet has a JWT signature bypass vulnerability in Azure AD MDM enrollment

Summary A vulnerability in Fleet’s Windows MDM enrollment flow could allow an attacker to submit forged authentication tokens that are not properly validated. Because JWT signatures were not verified, Fleet could accept attacker-controlled identity claims, enabling enrollment of unauthorized...

9.8CVSS5.8AI score0.00226EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/20 8:55 p.m.12 views

Fleet has an Access Control vulnerability in debug/pprof endpoints

Summary A broken access control issue in Fleet allowed authenticated users to access debug and profiling endpoints regardless of role. As a result, low-privilege users could view internal server diagnostics and trigger resource-intensive profiling operations. Impact Fleet’s debug/pprof endpoints...

8.7CVSS5.5AI score0.00246EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2026/01/20 8:52 p.m.13 views

Fleet Windows MDM endpoint has a Cross-site Scripting vulnerability

Summary A cross-site scripting XSS vulnerability in Fleet’s Windows MDM authentication flow could allow an attacker to compromise a Fleet user account. In certain cases, this could lead to administrative access and the ability to perform privileged actions on managed devices. Impact If Windows MD...

5.5CVSS5.2AI score0.00209EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/01/20 7:52 p.m.13 views

AI-supported vulnerability triage with the GitHub Security Lab Taskflow Agent

Triaging security alerts is often very repetitive because false positives are caused by patterns that are obvious to a human auditor but difficult to encode as a formal code pattern. But large language models LLMs excel at matching the fuzzy patterns that traditional tools struggle with, so we at...

6.3AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/01/20 6:58 p.m.11 views

Turbo Frame responses can restore stale session cookies

Summary A race condition in Turbo Frames allows delayed HTTP responses to restore stale session cookies after session-modifying operations. Details Browsers automatically process Set-Cookie headers from HTTP responses. When a Turbo Frame request is in-flight during a session-modifying action such...

4.8CVSS5.6AI score0.00242EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/20 6:36 p.m.11 views

ChatterBot Vulnerable to Denial of Service via Database Connection Pool Exhaustion

Summary ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocations of the getresponse method can exhaust the underlying SQLAlchemy connection pool, resulting in persistent service...

7.5CVSS5.7AI score0.00494EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/20 6:31 p.m.8 views

XDocReport affected by a Server-Side Template Injection (SSTI) vulnerability

A Server-Side Template Injection SSTI vulnerability in the FreeMarker component of opensagres XDocReport v1.0.0 to v2.1.0 allows attackers to execute arbitrary code via injecting crafted template expressions...

9.8CVSS6.1AI score0.00504EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/20 6:31 p.m.8 views

XDocReport affected by an XML External Entity (XXE) vulnerability

An XML External Entity XXE vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file...

9.8CVSS6AI score0.00492EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/20 5:54 p.m.12 views

Mailpit has an SMTP Header Injection via Regex Bypass

Vulnerability Report: SMTP Header Injection via Regex Bypass Vulnerable Code: mailpit/internal/smtpd/smtpd.go Executive Summary Mailpit's SMTP server is vulnerable to Header Injection due to an insufficient Regular Expression used to validate RCPT TO and MAIL FROM addresses. An attacker can injec...

5.3CVSS5.8AI score0.01441EPSS
Exploits4References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/20 5:54 p.m.15 views

Lobe Chat affected by Cross-Site Scripting(XSS) that can escalate to Remote Code Execution(RCE)

Summary A stored Cross-Site Scripting XSS vulnerability in the Mermaid artifact renderer allows attackers to execute arbitrary JavaScript within the application context. This XSS can be escalated to Remote Code Execution RCE. Details The vulnerability exists in the Renderer component responsible...

6.4CVSS5.9AI score0.00123EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/20 5:25 p.m.6 views

ImageMagick releases an invalid pointer in BilateralBlur when memory allocation fails

The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But the last element in the set is not properly initialized. This will result in a release of an invalid pointer inside DestroyBilateralTLS when the memory allocation fails...

9.8CVSS5.4AI score0.00336EPSS
Exploits0References5Affected Software19
Github Security Blog
Github Security Blog
added 2026/01/20 5:21 p.m.13 views

esm.sh has a path traversal in extractPackageTarball enables file writes from malicious packages

Summary The commit does not actually fix the path traversal bug. path.Clean basically normalizes a path but does not prevent absolute paths in a malicious tar file. PoC This test file can demonstrate the basic idea pretty easily: go package server import "archive/tar" "bytes" "compress/gzip"...

8.7CVSS6.2AI score0.00476EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/20 5:14 p.m.14 views

Lobe Chat has IDOR in Knowledge Base File Removal that Allows Cross User File Deletion

Summary knowledgeBase.removeFilesFromKnowledgeBase tRPC ep allows authenticated users to delete files from any knowledge base without verifying ownership. Details userId filter in the database query is commented out, so it's enabling attackers to delete other users' KB files if they know the...

3.7CVSS5.6AI score0.00194EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/20 5:7 p.m.11 views

Kimai has an Authenticated Server-Side Template Injection (SSTI)

Kimai 2.45.0 - Authenticated Server-Side Template Injection SSTI Vulnerability Summary | Field | Value | |-------|-------| | Title | Authenticated SSTI via Permissive Export Template Sandbox || Attack Vector | Network | | Attack Complexity | Low | | Privileges Required | High Admin with export...

6.8CVSS5.9AI score0.00389EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/20 4:37 p.m.10 views

External Secrets Operator insecurely retrieves secrets through the getSecretKey templating function

Summary The getSecretKey template function, while introduced for senhasegura Devops Secrets Management DSM provider, has the ability to fetch secrets cross-namespaces with the roleBinding of the external-secrets controller, bypassing our security mechanisms. This function was completely removed, ...

9.3CVSS5.5AI score0.00175EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/20 4:35 p.m.13 views

@fastify/express vulnerable to Improper Handling of URL Encoding (Hex Encoding)

Summary A security vulnerability exists in @fastify/express where middleware registered with a specific path prefix can be bypassed using URL-encoded characters e.g., /%61dmin instead of /admin. While the middleware engine fails to match the encoded path and skips execution, the underlying Fastif...

8.4CVSS5.5AI score0.00321EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/20 4:34 p.m.11 views

Fastify Middie Middleware Path Bypass

Summary A security vulnerability exists in @fastify/middie where middleware registered with a specific path prefix can be bypassed using URL-encoded characters e.g., /%61dmin instead of /admin. While the middleware engine fails to match the encoded path and skips execution, the underlying Fastify...

8.8CVSS5.7AI score0.00457EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/20 4:30 p.m.12 views

Pterodactyl endlessly reprocesses/reuploads activity log data due to SQLite max parameters limit not being considered

Summary Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a condition that floods the panel with activity records Details After wings sends activity logs to the panel it deletes the processed activity entries from t...

8.3CVSS5.7AI score0.00475EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/20 4:30 p.m.9 views

Pterodactyl websocket endpoints have no visible rate limits or monitoring, allowing for DOS attacks

Summary Websockets within wings lack proper rate limiting and throttling. As a result a malicious user can open a large number of connections and then request data through these sockets, causing an excessive volume of data over the network and overloading the host system memory and cpu...

8.3CVSS5.5AI score0.00251EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/20 4:30 p.m.12 views

Pterodactyl improperly locks resources allowing raced queries to create more resources than alloted

Summary Pterodactyl implements rate limits that are applied to the total number of resources e.g. databases, port allocations, or backups that can exist for an individual server. These resource limits are applied on a per-server basis, and validated during the request cycle. However, it is possib...

6.5CVSS5.6AI score0.00212EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/20 4:29 p.m.13 views

WeasyPrint has a Server-Side Request Forgery (SSRF) Protection Bypass via HTTP Redirect

Summary A Server-Side Request Forgery SSRF Protection Bypass exists in WeasyPrint's defaulturlfetcher. The vulnerability allows attackers to access internal network resources such as localhost services or cloud metadata endpoints even when a developer has implemented a custom urlfetcher to block...

7.5CVSS5.8AI score0.00501EPSS
Exploits2References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/20 3:33 p.m.9 views

Keycloak’s OpenID Connect Dynamic Client Registration feature affected by Server-Side Request Forgery (SSRF)

A flaw was identified in Keycloak’s OpenID Connect Dynamic Client Registration feature when clients authenticate using privatekeyjwt. The issue allows a client to specify an arbitrary jwksuri, which Keycloak then retrieves without validating the destination. This enables attackers to coerce the...

5.8CVSS5.7AI score0.00363EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/20 3:30 a.m.9 views

MineAdmin May Expose Sensitive Information to an Unauthorized Actor

A security vulnerability has been detected in MineAdmin 1.x/2.x. Affected is an unknown function of the file /system/getFileInfoById. Such manipulation of the argument ID leads to information disclosure. It is possible to launch the attack remotely. The attack requires a high level of complexity...

5.3CVSS4.9AI score0.00409EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/20 3:30 a.m.16 views

MineAdmin improperly refreshes tokens

A weakness has been identified in MineAdmin 1.x/2.x. This impacts the function refresh of the file /system/refresh of the component JWT Token Handler. This manipulation causes insufficient verification of data authenticity. It is possible to initiate the attack remotely. The attack is considered ...

7.5CVSS4.9AI score0.00216EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/20 12:30 a.m.12 views

Chainlit contain a server-side request forgery (SSRF) vulnerability

Chainlit versions prior to 2.9.4 contain a server-side request forgery SSRF vulnerability in the /project/element update flow when configured with the SQLAlchemy data layer backend. An authenticated client can provide a user-controlled url value in an Element, which is fetched by the SQLAlchemy...

8.3CVSS5.8AI score0.04439EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/20 12:30 a.m.11 views

MineAdmin has Incorrect Privilege Assignment

A vulnerability was identified in MineAdmin 1.x/2.x. The impacted element is an unknown function of the file /system/cache/view of the component View Interface. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. The exploit is publicly available a...

8.8CVSS5AI score0.0032EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/20 12:30 a.m.9 views

MineAdmin May Expose Sensitive Information to an Unauthorized Actor

A security flaw has been discovered in MineAdmin 1.x/2.x. This affects an unknown function of the component Swagger. The manipulation results in information disclosure. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was...

7.5CVSS5AI score0.00685EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/19 9:30 a.m.9 views

Apache Linkis: Password Exposure

When org.apache.linkis.metadata.util.HiveUtils.decode fails to perform Base64 decoding, it records the complete input parameter string in the log via logger.errorstr + "decode failed", e. If the input parameter contains sensitive information such as Hive Metastore keys, plaintext passwords will b...

6.5CVSS5.5AI score0.00403EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/19 9:30 a.m.11 views

Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass

A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigger a vulnerability that allows...

7.5CVSS5.6AI score0.00744EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/18 9:30 a.m.10 views

Open Chinese Convert has Out-of-bounds Write

A weakness has been identified in BYVoid OpenCC up to 1.1.9. This vulnerability affects the function opencc::MaxMatchSegmentation of the file src/MaxMatchSegmentation.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been made...

5.5CVSS5.6AI score0.0023EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/17 6:30 p.m.8 views

risesoft-y9 Digital-Infrastructure has a SQL injection vulnerability

A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can lead to sql injection. The attack can be...

7.5CVSS5.3AI score0.00364EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/16 9:16 p.m.26 views

node-tar is Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization

Summary The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwrite via hardlinks and...

8.2CVSS7.6AI score0.00334EPSS
Exploits2References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/16 9:15 p.m.325 views

REC in MCPJam inspector due to HTTP Endpoint exposes

Summary MCPJam inspector is the local-first development platform for MCP servers. The Latest version Versions 1.4.2 and earlier are vulnerable to remote code execution RCE vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leadi...

9.8CVSS8.2AI score0.43671EPSS
Exploits35References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/16 9:9 p.m.12 views

GraphQL Modules has a Race Condition issue

Summary Originally reported as an issue 2613 but should be elevated to a security issue as the ExecutionContext is often used to pass authentication tokens from incoming requests to services loading data from backend APIs. Details When 2 or more parallel requests are made which trigger the same...

8.7CVSS5.7AI score0.00465EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/16 9:4 p.m.13 views

Veramo is Vulnerable to SQL Injection in Veramo Data Store ORM

Summary An SQL injection vulnerability exists in the @veramo/data-store package that allows any authenticated user to execute arbitrary SQL queries against the database. The vulnerability is caused by insufficient validation of the column parameter in the order array of query requests. Details...

8.6AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/16 9:3 p.m.12 views

Skipper is vulnerable to arbitrary code execution through lua filters

Impact Arbitrary code execution through lua filters. The default skipper configuration before v0.23 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The configuration...

8.8CVSS7.3AI score0.00473EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/16 9:2 p.m.16 views

svelte is vulnerable to XSS with textarea bind:value

Summary A server-side rendered with two-way bound value does not have its value correctly escaped in the rendered HTML. Details In SSR, does not have its value escaped when it is rendered into the HTML as .... PoC Put this in a server-side-rendered Svelte component: let value = test'"alert'BIM';;...

6.7AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/16 9:0 p.m.9 views

CakePHP PaginatorHelper::limitControl() vulnerable to reflected cross-site-scripting

Impact The PaginatorHelper::limitControl method has a cross-site-scripting vulnerability via query string parameter manipulation. Patches This issue has been fixed in 5.2.12 and 5.3.1 Workarounds If you are unable to upgrade, you should avoid using Paginator::limitControl until you can upgrade...

5.4CVSS6.9AI score0.00252EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/16 8:59 p.m.24 views

Crawl4AI is Vulnerable to Remote Code Execution in Docker API via Hooks Parameter

A critical remote code execution vulnerability exists in the Crawl4AI Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The import builtin was included in the allowed builtins, allowing attackers to import arbitrary modules an...

10CVSS8.6AI score0.01589EPSS
Exploits0References8Affected Software1
Total number of security vulnerabilities33273