Lucene search
K
GithubRecent

33273 matches found

Github Security Blog
Github Security Blog
added 2026/01/14 4:54 p.m.10 views

Shopware Has Improper Control of Generation of Code in Twig rendered views

Impact We fixed with CVE-2023-2017 Twig filters to only be executed with allowed functions. However there was a regression that lead to an array and array crafted PHP Closure not checked being against allow list for the map... override Patches Patched in 6.7.6.1 Workarounds Install the security...

7.2CVSS6.8AI score0.00407EPSS
Exploits1References5Affected Software2
Github Security Blog
Github Security Blog
added 2026/01/14 4:53 p.m.16 views

html2pdf.js contains a cross-site scripting vulnerability

Impact html2pdf.js contains a cross-site scripting XSS vulnerability when given a text source rather than an element. This text is not sufficiently sanitized before being attached to the DOM, allowing malicious scripts to be run on the client browser and risking the confidentiality, integrity, an...

8.7CVSS5.7AI score0.00324EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/14 4:52 p.m.9 views

BlackSheep's ClientSession is vulnerable to CRLF injection

Impact The HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests e.g. insert a new header or even create a new HTTP request. Exploitation requires developers to pass unsanitized user input...

6.3CVSS6.7AI score0.00307EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/14 4:52 p.m.17 views

enclave-vm Vulnerable to Sandbox Escape via Host Error Prototype Chain

A critical sandbox escape vulnerability exists in enclave-vm affected: 2.6.0, patched: 2.7.0 that can allow untrusted, sandboxed JavaScript to execute arbitrary code in the host Node.js runtime. When a tool invocation fails, enclave-vm exposes a host-side Error object to sandboxed code. This Erro...

10CVSS7.8AI score0.00588EPSS
Exploits3References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/14 4:45 p.m.13 views

Weblate leaks information via screenshots

Impact The screenshot images were served directly by the HTTP server without proper access control. This could allow an unauthenticated user to access screenshots after guessing their filename. Patches https://github.com/WeblateOrg/weblate/pull/17516 References Thanks to Lukas May and Michael Leu...

7.5CVSS7AI score0.00323EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/14 12:31 p.m.8 views

Apache Camel camel-neo4j component is vulnerable to cypher injection

Cypher Injection vulnerability in Apache Camel camel-neo4j component. This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0 Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0...

5.3CVSS7.2AI score0.00613EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/14 9:31 a.m.12 views

Chainlit contains an authorization bypass vulnerability

Chainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnerability. If this vulnerability is exploited, threads may be viewed or thread ownership may be obtained by an attacker who can log in to the product...

4.2CVSS6.8AI score0.00217EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/14 12:31 a.m.16 views

Concrete5 CMS contains an XPath injection vulnerability

Concrete5 CMS version 9.1.3 contains an XPath injection vulnerability that allows attackers to manipulate URL path parameters with malicious payloads. Attackers can flood the system with crafted requests to potentially extract internal content paths and system information...

7.3AI score0.00049EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 9:55 p.m.12 views

go-ethereum is vulnerable to high CPU usage leading to DoS via malicious p2p message

Impact An attacker can cause high CPU usage by sending a specially crafted p2p message. More details to be released later. Credit This issue was reported to the Ethereum Foundation Bug Bounty Program by @Yenya030...

7.5CVSS6.9AI score0.00569EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 9:55 p.m.13 views

go-ethereum is vulnerable to DoS via malicious p2p message affecting a vulnerable node

Impact A vulnerable node can be forced to shutdown/crash using a specially crafted message. More details to be released later. Credit This issue was reported to the Ethereum Foundation Bug Bounty Program by DELENE TCHIO ROMUALD...

7.5CVSS6.9AI score0.00636EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 9:54 p.m.9 views

GuardDog Path Traversal Vulnerability Leads to Arbitrary File Overwrite and RCE

Summary A path traversal vulnerability exists in GuardDog's safeextract function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to Arbitrary File Overwrite and Remote Code Execution on systems running GuardDog. CWE: CWE-22 Improper...

9.8CVSS7.3AI score0.00946EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 9:54 p.m.9 views

GuardDog Zip Bomb Vulnerability in safe_extract() Allows DoS

Summary GuardDog's safeextract function does not validate decompressed file sizes when extracting ZIP archives wheels, eggs, allowing attackers to cause denial of service through zip bombs. A malicious package can consume gigabytes of disk space from a few megabytes of compressed data...

7.5CVSS6.8AI score0.00431EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 9:54 p.m.11 views

TYPO3 CMS Allows Insecure Deserialization via Mailer File Spool

Problem Local platform users who can write to TYPO3’s mail‑file spool directory can craft a file that the system will automatically deserialize without any class restrictions. This flaw allows an attacker to inject and execute arbitrary PHP code in the public scope of the web server. The...

7.8CVSS7.7AI score0.00165EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 9:53 p.m.13 views

Outray cli is vulnerable to race conditions in tunnels creation

Summary A TOCTOU race condition vulnerability allows a user to exceed the set number of active tunnels in their subscription plan. Details Affected conponent: apps/web/src/routes/api/tunnel/register.ts - /tunnel/register endpoint code-: ts // Check if tunnel already exists in database const...

6.3CVSS6.9AI score0.00179EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 9:53 p.m.9 views

Outray has a Race Condition in the cli's webapp

Summary This vulnerability allows a user i.e a free plan user to get more than the desired subdomains due to lack of db transaction lock mechanisms in https://github.com/akinloluwami/outray/blob/main/apps/web/src/routes/api/%24orgSlug/subdomains/index.ts Details - The affected code-: ts //Race...

5.9CVSS6.9AI score0.0021EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 9:52 p.m.9 views

Hono JWK Auth Middleware has JWT algorithm confusion when JWK lacks "alg" (untrusted header.alg fallback)

Summary A flaw in Hono’s JWK/JWKS JWT verification middleware allowed the algorithm specified in the JWT header to influence signature verification when the selected JWK did not explicitly define an algorithm. This could enable JWT algorithm confusion and, in certain configurations, allow forged...

8.2CVSS7AI score0.00118EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 9:51 p.m.12 views

Hono JWT Middleware's JWT Algorithm Confusion via Unsafe Default (HS256) Allows Token Forgery and Auth Bypass

Summary A flaw in Hono’s JWK/JWKS JWT verification middleware allowed the JWT header’s alg value to influence signature verification when the selected JWK did not explicitly specify an algorithm. This could enable JWT algorithm confusion and, in certain configurations, allow forged tokens to be...

8.2CVSS6.9AI score0.00141EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 9:48 p.m.250 views

jaraco.context Has a Path Traversal Vulnerability

Summary There is a Zip Slip path traversal vulnerability in the jaraco.context package affecting setuptools as well, in jaraco.context.tarball function. The vulnerability may allow attackers to extract files outside the intended extraction directory when malicious tar archives are processed. The...

8.6CVSS5.7AI score0.00527EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 9:31 p.m.13 views

Quill is vulnerable to XSS via HTML export feature

A lack of data validation vulnerability in the HTML export feature in Quill in allows Cross-Site Scripting XSS. This issue affects Quill: 2.0.3...

6.1CVSS6.2AI score0.00221EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 9:31 p.m.8 views

Metricbeat affected by multiple denial of service vulnerabilities

Improper Validation of Array Index CWE-129 exists in Metricbeat can allow an attacker to cause a Denial of Service through Input Data Manipulation CAPEC-153 via specially crafted, malformed payloads sent to the Graphite server metricset or Zookeeper server metricset. Additionally, Improper Input...

7.5CVSS5.5AI score0.00327EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 9:31 p.m.14 views

Azure Core is vulnerable to deserialization of untrusted data

Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network...

7.5CVSS7.4AI score0.00776EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 8:37 p.m.10 views

TYPO3 CMS Allows Broken Access Control in Recycler Module

Problem Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the TCA - regardless of whether they had permission to that particular table. This allowed attackers to purge and destroy critical site data, effectively rendering the websit...

8.1CVSS6.8AI score0.0038EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 8:37 p.m.13 views

TYPO3 CMS Allows Broken Access Control in Redirects Module

Problem Backend users with access to the redirects module and write permission on the sysredirect table were able to read, create, and modify any redirect record - without restriction to the user’s own file‑mounts or web‑mounts. This allowed attackers to insert or alter redirects pointing to...

6.4CVSS6.9AI score0.00246EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 8:37 p.m.9 views

TYPO3 CMS Allows Broken Access Control in Edit Document Controller

Problem By exploiting the defVals parameter, attackers could bypass field‑level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited exclude fields of a database table for which the user already has write permission for a...

6.5CVSS6.9AI score0.00287EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 8:37 p.m.11 views

Mass Assignment in AdonisJS Lucid Allows Overwriting Internal ORM State

Summary Description A Mass Assignment CWE-915 vulnerability in AdonisJS Lucid may allow a remote attacker who can influence data that is passed into Lucid model assignments to overwrite the internal ORM state. This may lead to logic bypasses and unauthorized record modification within a table or...

8.2CVSS6.9AI score0.00473EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 8:36 p.m.27 views

Malicious website can execute commands on the local system through XSS in the OpenCode web UI

Summary A malicious website can abuse the server URL override feature of the OpenCode web UI to achieve cross-site scripting on http://localhost:4096. From there, it is possible to run arbitrary commands on the local system using the /pty/ endpoints provided by the OpenCode API. Code execution vi...

9.4CVSS6.6AI score0.00914EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 8:35 p.m.12 views

tarteaucitron.js has Regular Expression Denial of Service (ReDoS) vulnerability

Summary A potential Regular Expression Denial of Service ReDoS vulnerability was identified in tarteaucitron.js in the handling of the issuuid parameter. Details The issue was caused by the use of insufficiently constrained regular expressions applied to attacker-controlled input: if...

4.4CVSS7AI score0.00107EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 8:35 p.m.28 views

OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution

Previously reported via email to [email protected] on 2025-11-17 per the security policy in opencode-sdk-js/SECURITY.md. No response received. Summary OpenCode automatically starts an unauthenticated HTTP server that allows any local process—or any website via permissive CORS—to execute arbitrary...

8.8CVSS7.7AI score0.16955EPSS
Exploits7References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 8:30 p.m.16 views

hermes's raw options logging may disclose secrets passed in via subcommand options argument

Thanks, @thunze for reporting this! hermes subcommands take arbitrary options under the -O argument. These have been logged in raw form since https://github.com/softwarepub/hermes/commit/7f64f102e916c76dc44404b77ab2a80f5a4e59b1 in:...

5.9CVSS6.6AI score0.00154EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 8:29 p.m.16 views

Renovate vulnerable to arbitrary command injection via helmv3 manager and malicious Chart.yaml file

Summary The user-provided string repository in the helmv3 manager is appended to the helm registry login command without proper sanitization. Details Adversaries can provide a maliciously crafted Chart.yaml in conjunctions with a tweaked Renovate configuration file to trick Renovate to execute...

8.2AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 8:29 p.m.9 views

Renovate vulnerable to arbitrary command injection via gleam manager and malicious gleam.toml file

Summary The user-provided string depName in the gleam manager is appended to the gleam deps update command without proper sanitization. Details Adversaries can provide a maliciously crafted gleam.toml in conjunctions with a tweaked Renovate configuration file to trick Renovate to execute arbitrar...

8.2AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 8:28 p.m.15 views

Renovate vulnerable to arbitrary command injection via hermit manager and maliciously named dependencies

Summary The user-provided string depName in the hermit manager is appended to the ./hermit install and ./hermit uninstall commands without proper sanitization. Details Adversaries can provide a maliciously named hermit dependency in conjunctions with a tweaked Renovate configuration file to trick...

8.5AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 8:28 p.m.114 views

Renovate vulnerable to arbitrary command injection via npm manager and malicious Renovate configuration

Summary The user-provided string packageName in the npm manager is appended to the npm install command during lock maintenance without proper sanitization. Details Adversaries can provide a maliciously crafted Renovate configuration file to trick Renovate to execute arbitrary code. The...

8.1AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 7:57 p.m.14 views

Renovate vulnerable to arbitrary command injection via kustomize manager and malicious helm repository

Summary The user-provided chart name in the kustomize manager is appended to the helm pull --untar command without proper sanitization. Details Adversaries can provide a maliciously crafted kustomization.yaml in conjunction with a Helm repo's index.yaml file to trick Renovate to execute arbitrary...

8.1AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 7:54 p.m.11 views

Renovate vulnerable to arbitrary command injection via Gradle Wrapper and malicious `distributionUrl`

Summary Renovate can be tricked into executing shell code while updating the Gradle Wrapper. A malicious distributionUrl in gradle/wrapper/gradle-wrapper.properties can lead to command execution in the Renovate runtime. Details When Renovate handles Gradle Wrapper artifacts, it may run a wrapper...

7.6AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 7:54 p.m.14 views

UmbracoForms Vulnerable to Remote Code Execution via Untrusted WSDL Compilation in Dynamic SOAP Client Generation

Impact Within Umbraco Forms, configuring a malicious URL on the Webservice data source can result in Remote Code Execution. This affects all Umbraco Forms versions running on .NET Framework up to and including version 8. Patches The affected Umbraco Forms versions are all End-of-Life EOL and not...

7.5CVSS7.3AI score0.00681EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 7:15 p.m.18 views

Gin-vue-admin has arbitrary file upload vulnerability caused by path traversal

Impact Gin-vue-admin = v2.8.7 has a path traversal vulnerability in the breakpoint resume upload functionality. Attacker can upload any files on any directory. Path traversal vulnerabilities occur when a web application accepts user-supplied file paths without proper validation, allowing attacker...

8.6CVSS7.6AI score0.00938EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 7:12 p.m.13 views

orval MCP client is vulnerable to a code injection attack.

Impact The MCP server generation logic relies on string manipulation that incorporates the summary field from the OpenAPI specification without proper validation or escaping. This allows an attacker to "break out" of the string literal and inject arbitrary code. Here is an example OpenAPI with th...

9.8CVSS6.9AI score0.00709EPSS
Exploits2References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 7:2 p.m.16 views

ComfyUI-Manager is Vulnerable to CRLF Injection in Configuration Handler

Impact Vulnerability Type: CRLF Injection via ConfigParser An attacker can inject special characters into HTTP query parameters to add arbitrary configuration values to the config.ini file. This can lead to security setting tampering or modification of application behavior. Affected Users: Users...

7.5CVSS7.2AI score0.00311EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 7:1 p.m.11 views

openc3-api Vulnerable to Unauthenticated Remote Code Execution

Summary OpenC3 COSMOS contains a critical remote code execution vulnerability reachable through the JSON-RPC API. When a JSON-RPC request uses the string form of certain APIs, attacker-controlled parameter text is parsed into values using Stringconverttovalue. For array-like inputs, converttovalu...

10CVSS8.5AI score0.00536EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 6:47 p.m.12 views

Fulcio is vulnerable to Server-Side Request Forgery (SSRF) via MetaIssuer Regex Bypass

Security Disclosure: SSRF via MetaIssuer Regex Bypass Summary Fulcio's metaRegex function uses unanchored regex, allowing attackers to bypass MetaIssuer URL validation and trigger SSRF to arbitrary internal services. Since the SSRF only can trigger GET requests, the request cannot mutate state. T...

5.8CVSS7.1AI score0.0022EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 6:47 p.m.14 views

Envoy Extension Policy lua scripts injection causes arbitrary command execution

Impact Envoy Gateway allows users to create Lua scripts that are executed by Envoy proxy using the EnvoyExtensionPolicy resource. Administrators can use Kubernetes RBAC to grant users the ability to create EnvoyExtensionPolicy resources. Lua scripts in policies are executed in two contexts: An...

8.8CVSS8AI score0.00567EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 6:45 p.m.9 views

virtualenv Has TOCTOU Vulnerabilities in Directory Creation

Impact TOCTOU Time-of-Check-Time-of-Use vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a race condition between directory existence checks and creation to redirect virtualenv's appdat...

4.5CVSS6.4AI score0.00085EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 6:44 p.m.11 views

filelock Time-of-Check-Time-of-Use (TOCTOU) Symlink Vulnerability in SoftFileLock

Vulnerability Summary Title: Time-of-Check-Time-of-Use TOCTOU Symlink Vulnerability in SoftFileLock Affected Component: filelock package - SoftFileLock class File: src/filelock/soft.py lines 17-27 CWE: CWE-362, CWE-367, CWE-59 --- Description A TOCTOU race condition vulnerability exists in the...

5.3CVSS6.8AI score0.00115EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 6:44 p.m.11 views

vLLM is vulnerable to DoS in Idefics3 vision models via image payload with ambiguous dimensions

Summary Users can crash the vLLM engine serving multimodal models that use the Idefics3 vision model implementation by sending a specially crafted 1x1 pixel image. This causes a tensor dimension mismatch that results in an unhandled runtime error, leading to complete server termination. Details T...

7.5CVSS6.8AI score0.00403EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 3:11 p.m.12 views

Mailpit is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) allowing unauthenticated access to emails

Summary The Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking CSWSH vulnerability. An attacker can host a malicious website that, when visited by a developer running Mailpit locally,...

6.5CVSS6.6AI score0.00208EPSS
Exploits2References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 3:10 p.m.26 views

RustCrypto: Signatures has timing side-channel in ML-DSA decomposition

Summary A timing side-channel was discovered in the Decompose algorithm which is used during ML-DSA signing to generate hints for the signature. Details The analysis was performed using a constant-time analyzer that examines compiled assembly code for instructions with data-dependent timing...

6.4CVSS7AI score0.00173EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 3:7 p.m.11 views

HAXcms Has Stored XSS Vulnerability that May Lead to Account Takeover

Summary Stored XSS Leading to Account Takeover Details The Exploit Chain: 1.Upload: The attacker uploads an .html file containing a JavaScript payload. 2.Execution: A logged-in administrator is tricked into visiting the URL of this uploaded file. 3.Token Refresh: The JavaScript payload makes a...

8CVSS6.2AI score0.01036EPSS
Exploits3References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 3:2 p.m.9 views

RustCrypto Has Insufficient Length Validation in decrypt() in SM2-PKE

Summary A denial-of-service vulnerability exists in the SM2 public-key encryption PKE implementation: the decrypt path performs unchecked slice::splitat operations on input buffers derived from untrusted ciphertext. An attacker can submit short/undersized ciphertext or carefully-crafted DER-encod...

7.5CVSS7.3AI score0.00279EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 2:58 p.m.14 views

Cosign verification accepts any valid Rekor entry under certain conditions

Impact A Cosign bundle can be crafted to successfully verify an artifact even if the embedded Rekor entry does not reference the artifact's digest, signature or public key. When verifying a Rekor entry, Cosign verifies the Rekor entry signature, and also compares the artifact's digest, the user's...

5.5CVSS7AI score0.00077EPSS
Exploits1References5Affected Software2
Total number of security vulnerabilities33273