Lucene search
K
GithubRecent

33273 matches found

Github Security Blog
Github Security Blog
added 2026/01/16 8:58 p.m.16 views

Crawl4AI Has Local File Inclusion in Docker API via file:// URLs

A local file inclusion vulnerability exists in the Crawl4AI Docker API. The /executejs, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing attackers to read arbitrary files from the server filesystem. Attack Vector: json POST /executejs "url": "file:///etc/passwd", "scripts":...

9.2CVSS6.9AI score0.00609EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/16 7:22 p.m.11 views

SiYuan Has a Stored Cross-Site Scripting (XSS) Vulnerability via Unrestricted SVG File Upload

Summary A Stored Cross-Site Scripting XSS vulnerability exists in SiYuan Note. The application does not sanitize uploaded SVG files. If a user uploads and views a malicious SVG file e.g., imported from an untrusted source, arbitrary JavaScript code is executed in the context of their authenticate...

6.1CVSS5.5AI score0.00251EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/16 7:21 p.m.8 views

Active Job - Object injection security vulnerability

Active Job vulnerability: An Active Job bug allowed String arguments to be deserialized as if they were Global IDs, an object injection security vulnerability...

7.3AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/16 7:20 p.m.11 views

ActiveRecord-JDBC-Adapter (AR-JDBC) lib/arjdbc/jdbc/adapter.rb sql.gsub() Function SQL Injection

ActiveRecord-JDBC-Adapter AR-JDBC contains a flaw that may allow carrying out an SQL injection attack. The issue is due to the sql.gsub function in lib/arjdbc/jdbc/adapter.rb not properly sanitizing user-supplied input before using it in SQL queries. This may allow a remote attacker to inject or...

7.8AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/16 7:19 p.m.13 views

pyasn1 has a DoS vulnerability in decoder

Summary After reviewing pyasn1 v0.6.1 a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. Details The integer issue can be found in the decoder as reloid += subId 7 + nextSubId,:...

7.5CVSS6.9AI score0.00679EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/16 4:58 p.m.14 views

Weblate wlc path traversal vulnerability: Unsanitized API slugs in download command

Impact Multi-translation download could write to an arbitrary location when instructed by a crafted server. Patches https://github.com/WeblateOrg/wlc/pull/1128 Workarounds Do not use wlc download with untrusted servers. References This issue was reported to us by wh1zee via HackerOne...

8CVSS7AI score0.00337EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/16 4:58 p.m.19 views

Dask Distributed is Vulnerable to Remote Code Execution via Jupyter Proxy and Dashboard

Impact When Jupyter Lab, jupyter-server-proxy and Dask distributed are all run together it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting XSS bug in the Dask dashboard. It is possible for attackers to craft a phishing URL that assumes...

6.1CVSS6.2AI score0.00205EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/16 3:49 p.m.13 views

Deno has an incomplete fix for command-injection prevention on Windows — case-insensitive extension bypass

Summary A prior patch aimed to block spawning Windows batch/shell files by returning an error when a spawned path’s extension matched .bat or .cmd. That check performs a case-sensitive comparison against lowercase literals and therefore can be bypassed when the extension uses alternate casing for...

9.8CVSS7.2AI score0.02084EPSS
Exploits2References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/16 3:49 p.m.11 views

Deno node:crypto doesn't finalize cipher

Summary The vulnerability allows an attacker to have infinite encryptions. This can lead to naive attempts at brute forcing, as well as more refined attacks with the goal to learn the server secrets. PoC js import crypto from "node:crypto"; const key = crypto.randomBytes32; const iv =...

9.2CVSS7AI score0.00195EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/16 3:48 p.m.10 views

RustFS's RPC signature verification logs shared secret

Summary Invalid RPC signatures cause the server to log the shared HMAC secret and expected signature, which exposes the secret to log readers and enables forged RPC calls. Details In crates/ecstore/src/rpc/httpauth.rs:115-122 , the invalid signature branch logs sensitive data: rs if signature !=...

7.5CVSS6.7AI score0.00472EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/16 3:31 p.m.11 views

Nu Html Checker (vnu) contains a Server-Side Request Forgery (SSRF) vulnerability

Nu Html Checker validator.nu contains a restriction bypass that allows remote attackers to make the server perform arbitrary HTTP/HTTPS requests to internal resources, including localhost services. While the validator implements hostname-based protections to block direct access to localhost and...

6.9CVSS7.3AI score0.00425EPSS
Exploits1References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/01/16 3:31 p.m.21 views

Livewire Filemanager does not restrict uploaded file types

Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malicious php file that can then be executed via the /storage/ URL if a commonly performed setup proce...

9.8CVSS5.3AI score0.00571EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/16 12:30 p.m.10 views

Apache Airflow proxy credentials for various providers might leak in task logs

In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result,...

7.5CVSS5.7AI score0.01979EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/16 12:30 p.m.11 views

Mattermost is vulnerable to DoS due to infinite re-renders on API errors

Mattermost versions 10.11.x = 10.11.8, 11.1.x = 11.1.1, 11.0.x = 11.0.6 fail to prevent infinite re-renders on API errors which allows authenticated users to cause application-level DoS via triggering unbounded component re-render loops...

6.8CVSS6.8AI score0.00274EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/16 12:30 p.m.10 views

Apache Airflow secrets in rendered templates could contain parts of sensitive values when truncated

In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed core maxtemplatedfieldlength, sensitive values could be exposed in cleartext in the Rendered Templates UI. This occurred because serialization of those fields used a secrets masker instance that did not include...

7.5CVSS6.8AI score0.00586EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/16 9:31 a.m.10 views

Mattermost is vulnerable to CPU exhaustion via crafted HTTP request

Mattermost versions 10.11.x = 10.11.8 fail to validate input size before processing hashtags which allows an authenticated attacker to exhaust CPU resources via a single HTTP request containing a post with thousands space-separated tokens...

6.5CVSS6.8AI score0.00318EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/16 6:30 a.m.9 views

PlantUML is vulnerable to Stored XSS due to insufficient sanitization of interactive attributes in GraphViz diagrams

Versions of the package net.sourceforge.plantuml:plantuml before 1.2026.0 are vulnerable to Stored XSS due to insufficient sanitization of interactive attributes in GraphViz diagrams. As a result, a crafted PlantUML diagram can inject malicious JavaScript into generated SVG output, leading to...

6.1CVSS6.3AI score0.00303EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/15 10:58 p.m.12 views

Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall

Impact There is a potential vulnerability in Traefik ACME TLS certificates' automatic generation: the ACME TLS-ALPN fast path can allow unauthenticated clients to tie up goroutines and file descriptors indefinitely when the ACME TLS challenge is enabled. A malicious client can open many...

7.5CVSS7AI score0.00321EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2026/01/15 10:41 p.m.10 views

solspace/craft-freeform Exposed to Known Axios Vulnerabilities via Precompiled Assets

Summary The latest versions of both 4.x and 5.x are using Axios versions 1.7.5 and as such are subject to known vulnerabilities as per: https://security.snyk.io/package/npm/axios Details We've had this flagged up in a pen test, which indicates the issue stems from this script: /freeform/plugin.js...

7AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/15 10:40 p.m.9 views

solspace/craft-freeform Vulnerable to XSS in `PhpSpreadsheet` HTML Writer Due to Unsanitized Styling Data

Summary Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. \PhpOffice\PhpSpreadsheet\Writer\Html doesn't sanitize spreadsheet styling...

7.8AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/15 10:15 p.m.11 views

devalue vulnerable to denial of service due to memory/CPU exhaustion in devalue.parse

Summary Certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse input from untrusted sources. This affects applications using devalue.parse on externally-supplied data. The root cause is the ArrayBuffer...

7.5CVSS6.8AI score0.0057EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/15 9:31 p.m.12 views

Vert.x Web static handler component cache can be manipulated to deny the access to static files

The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component used b...

6.9CVSS6.8AI score0.00343EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/15 9:14 p.m.12 views

lakeFS is Missing Timestamp Validation in S3 Gateway Authentication

Impact LakeFS's S3 gateway does not validate timestamps in authenticated requests, allowing replay attacks. An attacker who captures a valid signed request e.g., through network interception, logs, or compromised systems can replay that request until credentials are rotated, even after the reques...

6.5CVSS6.9AI score0.00239EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/15 8:14 p.m.10 views

Pepr Has Overly Permissive RBAC ClusterRole in Admin Mode

Severity: LOW Target: /workspace/pepr/src/lib/assets/rbac.ts Endpoint: Kubernetes RBAC configuration Method: Deployment Response / Rationale Pepr defaults to rbacMode: "admin" because the initial experience is designed to be frictionless for new users. This mode ensures that users can deploy and...

4.3CVSS6.6AI score0.00227EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/15 8:13 p.m.9 views

svelte vulnerable to Cross-site Scripting

Summary An XSS vulnerability exists in Svelte 5.46.0-2 resulting from improper escaping of hydratable keys. If these keys incorporate untrusted user input, arbitrary JavaScript can be injected into server-rendered HTML. Details When using the hydratable function, the first argument is used as a k...

6.1CVSS6AI score0.00301EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/15 8:12 p.m.9 views

solspace/craft-freeform Has a DoS Vulnerability

Summary Freeform plugin v4.1.29 uses vulnerable Axios ^1.7.7 allowing unauthenticated attackers to crash servers via malicious data: URIs causing memory exhaustion CVE-2025-58754. Freeform version: 4.1.29 Craft CMS version: 4.16.8 Impact When Axios runs on Node.js and is given a URL with the data...

7.5CVSS6.1AI score0.0106EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/15 8:11 p.m.10 views

alextselegidis/easyappointments is Vulnerable to CSRF Protection Bypass

Summary application/core/EASecurity.php::csrfverify only enforces CSRF for POST requests and returns early for non-POST methods. Several application endpoints perform state-changing operations while accepting parameters from GET or $REQUEST, so an attacker can perform CSRF by forcing a victim's...

8.8CVSS7.2AI score0.00203EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/15 8:10 p.m.14 views

h3 v1 has Request Smuggling (TE.TE) issue

I was digging into h3 v1 specifically v1.15.4 and found a critical HTTP Request Smuggling vulnerability. Basically, readRawBody is doing a strict case-sensitive check for the Transfer-Encoding header. It explicitly looks for "chunked", but per the RFC, this header should be case-insensitive. The...

9.8CVSS6.9AI score0.00576EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/15 8:10 p.m.14 views

Arcane Has a Command Injection in Arcane Updater Lifecycle Labels That Enables RCE

Summary Arcane’s updater service supported lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-update that allowed defining a command to run before or after a container update. The label value is passed directly to /bin/sh -c without sanitizati...

9CVSS7.7AI score0.01643EPSS
Exploits6References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/15 6:31 p.m.17 views

Umbraco CMS contains a server-side request forgery vulnerability

Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...

6.9CVSS7AI score0.00343EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/15 6:31 p.m.10 views

Aimeos contains a SQL injection vulnerability in the json api 'sort' parameter

Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requests to the jsonapi/review endpoint...

8.8CVSS8AI score0.00307EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/15 6:17 p.m.10 views

RustCrypto Utilities cmov: `thumbv6m-none-eabi` compiler emits non-constant time assembly when using `cmovnz`

Summary thumbv6m-none-eabi Cortex M0, M0+ and M1 compiler emits non-constant time assembly when using cmovnz portable version. I did not found any other target with the same behaviour but I did not go through all targets supported by Rust. Details It seems that, during mask computation, an LLVM...

9.8CVSS6.9AI score0.00498EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/15 6:17 p.m.11 views

Zitadel has a user enumeration vulnerability in Login UIs

Summary A user enumeration vulnerability has been discovered in Zitadel's login interfaces. An unauthenticated attacker can exploit this flaw to confirm the existence of valid user accounts by iterating through usernames and userIDs. Impact The login UIs in version 1 and 2 provide the possibility...

5.3CVSS6AI score0.00362EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/15 6:14 p.m.13 views

Pimcore Web2Print Tools Bundle "Favourite Output Channel Configuration" Missing Function Level Authorization

Summary The application fails to enforce proper server-side authorization checks on the API endpoint responsible for managing "Favourite Output Channel Configurations." Testing revealed that an authenticated backend user without explicitely lacking permissions for this feature was still able to...

5.4CVSS6.9AI score0.00265EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/15 6:13 p.m.11 views

Pimcore's Admin Classic Bundle is Missing Function Level Authorization on "Predefined Properties" Listing

Summary The API endpoint for listing Predefined Properties in the Pimcore platform lacks adequate server-side authorization checks. Predefined Properties are configurable metadata definitions e.g., name, key, type, default value used across documents, assets, and objects to standardize custom...

4.3CVSS6.6AI score0.00331EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/15 6:12 p.m.8 views

Pimcore is Vulnerable to Broken Access Control: Missing Function Level Authorization on "Static Routes" Listing

Summary The application fails to enforce proper server-side authorization checks on the API endpoint responsible for reading or listing static routes. In Pimcore, static routes are custom URL patterns defined via the backend interface or the var/config/staticroutes.php file, including details lik...

6.5CVSS7.2AI score0.00319EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/15 6:11 p.m.9 views

Pimcore ENV Variables and Cookie Informations are exposed in http_error_log

Summary The httperrorlog file stores the $COOKIE and $SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through the Pimcore backend. Details It’s better to remove both lines, as this information make...

8.6CVSS6.7AI score0.00393EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/15 6:10 p.m.11 views

@sveltejs/kit has memory amplification DoS vulnerability in Remote Functions binary form deserializer (application/x-sveltekit-formdata)

Summary The experimental form remote function uses a binary data format containing a representation of submitted form data. A specially-crafted payload can cause the server to allocate a large amount of memory, causing DoS via memory exhaustion. Details When a form is submitted to a remote functi...

8.2CVSS7.4AI score0.00527EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/15 6:10 p.m.12 views

Devalue is vulnerable to denial of service due to memory exhaustion in devalue.parse

Summary Certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse input from untrusted sources. This affects applications using devalue.parse on externally-supplied data. The root cause is the typed array...

7.5CVSS6.8AI score0.0057EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/15 6:9 p.m.10 views

SvelteKit is vulnerable to denial of service and possible SSRF when using prerendering

Summary Versions of SvelteKit are vulnerable to a server side request forgery SSRF and denial of service DoS under certain conditions. Details Affected versions from 2.44.0 onwards are vulnerable to DoS if: - your app has at least one prerendered route export const prerender = true Affected...

9.1CVSS6.4AI score0.00466EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2026/01/15 5:58 p.m.11 views

DPanel has an arbitrary file deletion vulnerability in /api/common/attach/delete interface

Summary DPanel has an arbitrary file deletion vulnerability in the /api/common/attach/delete interface. Authenticated users can delete arbitrary files on the server via path traversal. Details When a user logs into the administrative backend, this interface can be used to delete files. The...

8.1CVSS7.3AI score0.00598EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/15 3:31 p.m.13 views

Duplicate Advisory: Google Keras Allocates Resources Without Limits or Throttling in the HDF5 weight loading component

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mgx6-5cf9-rr43. This link is maintained to preserve external references. Original Description Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 throu...

7.6CVSS6.7AI score0.00299EPSS
Exploits3References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/15 3:31 p.m.12 views

Keycloak has an improper input validation vulnerability

A flaw was found in Keycloak. This improper input validation vulnerability occurs because Keycloak accepts RFC-compliant matrix parameters in URL path segments, while common reverse proxy configurations may ignore or mishandle them. A remote attacker can craft requests to mask path segments,...

3.7CVSS6.6AI score0.00354EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/14 9:46 p.m.18 views

Algolia Search & Discovery for Magento 2 Has Untrusted Data Handling

Impact Versions of the Algolia Search & Discovery extension for Magento 2 prior to 3.17.2 and 3.16.2 contain a vulnerability where data read from the database was treated as a trusted source during job execution. If an attacker is able to modify records used by the extension’s indexing queue, thi...

7.1AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/14 9:34 p.m.115 views

jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch

Impact Attempting to parse a patch whose filename headers contain the line break characters \r, \u2028, or \u2029 can cause the parsePatch method to enter an infinite loop. It then consumes memory without limit until the process crashes due to running out of memory. Applications are therefore...

7.5CVSS5.7AI score0.00562EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/14 9:18 p.m.16 views

chi has an open redirect vulnerability in the RedirectSlashes middleware

Summary The RedirectSlashes function in middleware/strip.go does not perform correct input validation and can lead to an open redirect vulnerability. Details The RedirectSlashes function performs a Trim to all forward slash / characters, while prepending a single one at the begining of the path...

4.7CVSS6.7AI score0.00215EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/14 9:15 p.m.13 views

Pimcore Has an Incomplete Patch for CVE-2023-30848

Summary An incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQL comments -- and catching syntax errors, the fix is insufficient. Attackers can still...

8.8CVSS7.9AI score0.00724EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/14 9:6 p.m.22 views

Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion

Impact The fetch API supports chained HTTP encoding algorithms for response content according to RFC 9110 e.g., Content-Encoding: gzip, br. This is also supported by the undici decompress interceptor. However, the number of links in the decompression chain is unbounded and the default maxHeaderSi...

7.5CVSS9AI score0.00433EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/14 6:45 p.m.7 views

Community-powered security with AI: an open source framework for security research

Since its founding in 2019, GitHub Security Lab has had one primary goal: community-powered security. We believe that the best way to improve software security is by sharing knowledge and tools, and by using open source software so that everybody is empowered to audit the code and report any...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/01/14 6:31 p.m.8 views

pH7-Social-Dating-CMS affected by a stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the user profile Description field...

5.4CVSS5AI score0.00257EPSS
Exploits1References4Affected Software1
Total number of security vulnerabilities33273