Lucene search
K
GithubRecent

33312 matches found

Github Security Blog
Github Security Blog
added 2026/01/13 9:54 p.m.9 views

GuardDog Zip Bomb Vulnerability in safe_extract() Allows DoS

Summary GuardDog's safeextract function does not validate decompressed file sizes when extracting ZIP archives wheels, eggs, allowing attackers to cause denial of service through zip bombs. A malicious package can consume gigabytes of disk space from a few megabytes of compressed data...

7.5CVSS6.8AI score0.00431EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 9:54 p.m.11 views

TYPO3 CMS Allows Insecure Deserialization via Mailer File Spool

Problem Local platform users who can write to TYPO3’s mail‑file spool directory can craft a file that the system will automatically deserialize without any class restrictions. This flaw allows an attacker to inject and execute arbitrary PHP code in the public scope of the web server. The...

7.8CVSS7.7AI score0.00165EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 9:53 p.m.13 views

Outray cli is vulnerable to race conditions in tunnels creation

Summary A TOCTOU race condition vulnerability allows a user to exceed the set number of active tunnels in their subscription plan. Details Affected conponent: apps/web/src/routes/api/tunnel/register.ts - /tunnel/register endpoint code-: ts // Check if tunnel already exists in database const...

6.3CVSS6.9AI score0.00179EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 9:53 p.m.9 views

Outray has a Race Condition in the cli's webapp

Summary This vulnerability allows a user i.e a free plan user to get more than the desired subdomains due to lack of db transaction lock mechanisms in https://github.com/akinloluwami/outray/blob/main/apps/web/src/routes/api/%24orgSlug/subdomains/index.ts Details - The affected code-: ts //Race...

5.9CVSS6.9AI score0.0021EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 9:52 p.m.9 views

Hono JWK Auth Middleware has JWT algorithm confusion when JWK lacks "alg" (untrusted header.alg fallback)

Summary A flaw in Hono’s JWK/JWKS JWT verification middleware allowed the algorithm specified in the JWT header to influence signature verification when the selected JWK did not explicitly define an algorithm. This could enable JWT algorithm confusion and, in certain configurations, allow forged...

8.2CVSS7AI score0.00118EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 9:51 p.m.12 views

Hono JWT Middleware's JWT Algorithm Confusion via Unsafe Default (HS256) Allows Token Forgery and Auth Bypass

Summary A flaw in Hono’s JWK/JWKS JWT verification middleware allowed the JWT header’s alg value to influence signature verification when the selected JWK did not explicitly specify an algorithm. This could enable JWT algorithm confusion and, in certain configurations, allow forged tokens to be...

8.2CVSS6.9AI score0.00141EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 9:48 p.m.250 views

jaraco.context Has a Path Traversal Vulnerability

Summary There is a Zip Slip path traversal vulnerability in the jaraco.context package affecting setuptools as well, in jaraco.context.tarball function. The vulnerability may allow attackers to extract files outside the intended extraction directory when malicious tar archives are processed. The...

8.6CVSS5.7AI score0.00527EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 9:31 p.m.13 views

Quill is vulnerable to XSS via HTML export feature

A lack of data validation vulnerability in the HTML export feature in Quill in allows Cross-Site Scripting XSS. This issue affects Quill: 2.0.3...

6.1CVSS6.2AI score0.00221EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 9:31 p.m.8 views

Metricbeat affected by multiple denial of service vulnerabilities

Improper Validation of Array Index CWE-129 exists in Metricbeat can allow an attacker to cause a Denial of Service through Input Data Manipulation CAPEC-153 via specially crafted, malformed payloads sent to the Graphite server metricset or Zookeeper server metricset. Additionally, Improper Input...

7.5CVSS5.5AI score0.00327EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 9:31 p.m.14 views

Azure Core is vulnerable to deserialization of untrusted data

Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network...

7.5CVSS7.4AI score0.00776EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 8:37 p.m.10 views

TYPO3 CMS Allows Broken Access Control in Recycler Module

Problem Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the TCA - regardless of whether they had permission to that particular table. This allowed attackers to purge and destroy critical site data, effectively rendering the websit...

8.1CVSS6.8AI score0.0038EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 8:37 p.m.13 views

TYPO3 CMS Allows Broken Access Control in Redirects Module

Problem Backend users with access to the redirects module and write permission on the sysredirect table were able to read, create, and modify any redirect record - without restriction to the user’s own file‑mounts or web‑mounts. This allowed attackers to insert or alter redirects pointing to...

6.4CVSS6.9AI score0.00246EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 8:37 p.m.9 views

TYPO3 CMS Allows Broken Access Control in Edit Document Controller

Problem By exploiting the defVals parameter, attackers could bypass field‑level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited exclude fields of a database table for which the user already has write permission for a...

6.5CVSS6.9AI score0.00287EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 8:37 p.m.11 views

Mass Assignment in AdonisJS Lucid Allows Overwriting Internal ORM State

Summary Description A Mass Assignment CWE-915 vulnerability in AdonisJS Lucid may allow a remote attacker who can influence data that is passed into Lucid model assignments to overwrite the internal ORM state. This may lead to logic bypasses and unauthorized record modification within a table or...

8.2CVSS6.9AI score0.00473EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 8:36 p.m.27 views

Malicious website can execute commands on the local system through XSS in the OpenCode web UI

Summary A malicious website can abuse the server URL override feature of the OpenCode web UI to achieve cross-site scripting on http://localhost:4096. From there, it is possible to run arbitrary commands on the local system using the /pty/ endpoints provided by the OpenCode API. Code execution vi...

9.4CVSS6.6AI score0.00914EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 8:35 p.m.12 views

tarteaucitron.js has Regular Expression Denial of Service (ReDoS) vulnerability

Summary A potential Regular Expression Denial of Service ReDoS vulnerability was identified in tarteaucitron.js in the handling of the issuuid parameter. Details The issue was caused by the use of insufficiently constrained regular expressions applied to attacker-controlled input: if...

4.4CVSS7AI score0.00107EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 8:35 p.m.28 views

OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution

Previously reported via email to [email protected] on 2025-11-17 per the security policy in opencode-sdk-js/SECURITY.md. No response received. Summary OpenCode automatically starts an unauthenticated HTTP server that allows any local process—or any website via permissive CORS—to execute arbitrary...

8.8CVSS7.7AI score0.16955EPSS
Exploits7References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 8:30 p.m.16 views

hermes's raw options logging may disclose secrets passed in via subcommand options argument

Thanks, @thunze for reporting this! hermes subcommands take arbitrary options under the -O argument. These have been logged in raw form since https://github.com/softwarepub/hermes/commit/7f64f102e916c76dc44404b77ab2a80f5a4e59b1 in:...

5.9CVSS6.6AI score0.00154EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 8:29 p.m.16 views

Renovate vulnerable to arbitrary command injection via helmv3 manager and malicious Chart.yaml file

Summary The user-provided string repository in the helmv3 manager is appended to the helm registry login command without proper sanitization. Details Adversaries can provide a maliciously crafted Chart.yaml in conjunctions with a tweaked Renovate configuration file to trick Renovate to execute...

8.2AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 8:29 p.m.9 views

Renovate vulnerable to arbitrary command injection via gleam manager and malicious gleam.toml file

Summary The user-provided string depName in the gleam manager is appended to the gleam deps update command without proper sanitization. Details Adversaries can provide a maliciously crafted gleam.toml in conjunctions with a tweaked Renovate configuration file to trick Renovate to execute arbitrar...

8.2AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 8:28 p.m.15 views

Renovate vulnerable to arbitrary command injection via hermit manager and maliciously named dependencies

Summary The user-provided string depName in the hermit manager is appended to the ./hermit install and ./hermit uninstall commands without proper sanitization. Details Adversaries can provide a maliciously named hermit dependency in conjunctions with a tweaked Renovate configuration file to trick...

8.5AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 8:28 p.m.114 views

Renovate vulnerable to arbitrary command injection via npm manager and malicious Renovate configuration

Summary The user-provided string packageName in the npm manager is appended to the npm install command during lock maintenance without proper sanitization. Details Adversaries can provide a maliciously crafted Renovate configuration file to trick Renovate to execute arbitrary code. The...

8.1AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 7:57 p.m.14 views

Renovate vulnerable to arbitrary command injection via kustomize manager and malicious helm repository

Summary The user-provided chart name in the kustomize manager is appended to the helm pull --untar command without proper sanitization. Details Adversaries can provide a maliciously crafted kustomization.yaml in conjunction with a Helm repo's index.yaml file to trick Renovate to execute arbitrary...

8.1AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 7:54 p.m.11 views

Renovate vulnerable to arbitrary command injection via Gradle Wrapper and malicious `distributionUrl`

Summary Renovate can be tricked into executing shell code while updating the Gradle Wrapper. A malicious distributionUrl in gradle/wrapper/gradle-wrapper.properties can lead to command execution in the Renovate runtime. Details When Renovate handles Gradle Wrapper artifacts, it may run a wrapper...

7.6AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 7:54 p.m.14 views

UmbracoForms Vulnerable to Remote Code Execution via Untrusted WSDL Compilation in Dynamic SOAP Client Generation

Impact Within Umbraco Forms, configuring a malicious URL on the Webservice data source can result in Remote Code Execution. This affects all Umbraco Forms versions running on .NET Framework up to and including version 8. Patches The affected Umbraco Forms versions are all End-of-Life EOL and not...

7.5CVSS7.3AI score0.00681EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 7:15 p.m.20 views

Gin-vue-admin has arbitrary file upload vulnerability caused by path traversal

Impact Gin-vue-admin = v2.8.7 has a path traversal vulnerability in the breakpoint resume upload functionality. Attacker can upload any files on any directory. Path traversal vulnerabilities occur when a web application accepts user-supplied file paths without proper validation, allowing attacker...

8.6CVSS7.6AI score0.00938EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 7:12 p.m.13 views

orval MCP client is vulnerable to a code injection attack.

Impact The MCP server generation logic relies on string manipulation that incorporates the summary field from the OpenAPI specification without proper validation or escaping. This allows an attacker to "break out" of the string literal and inject arbitrary code. Here is an example OpenAPI with th...

9.8CVSS6.9AI score0.00709EPSS
Exploits2References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 7:2 p.m.16 views

ComfyUI-Manager is Vulnerable to CRLF Injection in Configuration Handler

Impact Vulnerability Type: CRLF Injection via ConfigParser An attacker can inject special characters into HTTP query parameters to add arbitrary configuration values to the config.ini file. This can lead to security setting tampering or modification of application behavior. Affected Users: Users...

7.5CVSS7.2AI score0.00311EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 7:1 p.m.11 views

openc3-api Vulnerable to Unauthenticated Remote Code Execution

Summary OpenC3 COSMOS contains a critical remote code execution vulnerability reachable through the JSON-RPC API. When a JSON-RPC request uses the string form of certain APIs, attacker-controlled parameter text is parsed into values using Stringconverttovalue. For array-like inputs, converttovalu...

10CVSS8.5AI score0.00536EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 6:47 p.m.12 views

Fulcio is vulnerable to Server-Side Request Forgery (SSRF) via MetaIssuer Regex Bypass

Security Disclosure: SSRF via MetaIssuer Regex Bypass Summary Fulcio's metaRegex function uses unanchored regex, allowing attackers to bypass MetaIssuer URL validation and trigger SSRF to arbitrary internal services. Since the SSRF only can trigger GET requests, the request cannot mutate state. T...

5.8CVSS7.1AI score0.0022EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 6:47 p.m.14 views

Envoy Extension Policy lua scripts injection causes arbitrary command execution

Impact Envoy Gateway allows users to create Lua scripts that are executed by Envoy proxy using the EnvoyExtensionPolicy resource. Administrators can use Kubernetes RBAC to grant users the ability to create EnvoyExtensionPolicy resources. Lua scripts in policies are executed in two contexts: An...

8.8CVSS8AI score0.00567EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 6:45 p.m.9 views

virtualenv Has TOCTOU Vulnerabilities in Directory Creation

Impact TOCTOU Time-of-Check-Time-of-Use vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a race condition between directory existence checks and creation to redirect virtualenv's appdat...

4.5CVSS6.4AI score0.00085EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 6:44 p.m.11 views

filelock Time-of-Check-Time-of-Use (TOCTOU) Symlink Vulnerability in SoftFileLock

Vulnerability Summary Title: Time-of-Check-Time-of-Use TOCTOU Symlink Vulnerability in SoftFileLock Affected Component: filelock package - SoftFileLock class File: src/filelock/soft.py lines 17-27 CWE: CWE-362, CWE-367, CWE-59 --- Description A TOCTOU race condition vulnerability exists in the...

5.3CVSS6.8AI score0.00115EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 6:44 p.m.11 views

vLLM is vulnerable to DoS in Idefics3 vision models via image payload with ambiguous dimensions

Summary Users can crash the vLLM engine serving multimodal models that use the Idefics3 vision model implementation by sending a specially crafted 1x1 pixel image. This causes a tensor dimension mismatch that results in an unhandled runtime error, leading to complete server termination. Details T...

7.5CVSS6.8AI score0.00403EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 3:11 p.m.12 views

Mailpit is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) allowing unauthenticated access to emails

Summary The Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking CSWSH vulnerability. An attacker can host a malicious website that, when visited by a developer running Mailpit locally,...

6.5CVSS6.6AI score0.00208EPSS
Exploits2References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 3:10 p.m.27 views

RustCrypto: Signatures has timing side-channel in ML-DSA decomposition

Summary A timing side-channel was discovered in the Decompose algorithm which is used during ML-DSA signing to generate hints for the signature. Details The analysis was performed using a constant-time analyzer that examines compiled assembly code for instructions with data-dependent timing...

6.4CVSS7AI score0.00173EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 3:7 p.m.11 views

HAXcms Has Stored XSS Vulnerability that May Lead to Account Takeover

Summary Stored XSS Leading to Account Takeover Details The Exploit Chain: 1.Upload: The attacker uploads an .html file containing a JavaScript payload. 2.Execution: A logged-in administrator is tricked into visiting the URL of this uploaded file. 3.Token Refresh: The JavaScript payload makes a...

8CVSS6.2AI score0.01036EPSS
Exploits3References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 3:2 p.m.9 views

RustCrypto Has Insufficient Length Validation in decrypt() in SM2-PKE

Summary A denial-of-service vulnerability exists in the SM2 public-key encryption PKE implementation: the decrypt path performs unchecked slice::splitat operations on input buffers derived from untrusted ciphertext. An attacker can submit short/undersized ciphertext or carefully-crafted DER-encod...

7.5CVSS7.3AI score0.00279EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 2:58 p.m.14 views

Cosign verification accepts any valid Rekor entry under certain conditions

Impact A Cosign bundle can be crafted to successfully verify an artifact even if the embedded Rekor entry does not reference the artifact's digest, signature or public key. When verifying a Rekor entry, Cosign verifies the Rekor entry signature, and also compares the artifact's digest, the user's...

5.5CVSS7AI score0.00077EPSS
Exploits1References5Affected Software2
Github Security Blog
Github Security Blog
added 2026/01/13 2:57 p.m.21 views

n8n: Webhook Node IP Whitelist Bypass via Partial String Matching

Impact The Webhook node’s IP whitelist validation performed partial string matching instead of exact IP comparison. As a result, an incoming request could be accepted if the source IP address merely contained the configured whitelist entry as a substring. This issue affected instances where...

5.3CVSS6.8AI score0.00253EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 2:56 p.m.12 views

Jervis's AES CBC Mode is Without Authentication

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL682-L684...

8.7CVSS6.9AI score0.00172EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 2:56 p.m.11 views

Jervis Has a JWT Algorithm Confusion Vulnerability

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL244-L249 The code doesn't validate that the JWT header specifies "alg":"RS256". Impact Depending on the broader system, this could allow JWT...

6.9CVSS7AI score0.00128EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 2:55 p.m.11 views

Jervis Has Weak Random for Timing Attack Mitigation

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL593-L594 Uses java.util.Random which is not cryptographically secure. Impact If an attacker can predict the random delays, they may still be...

8.2CVSS6.9AI score0.00231EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 2:53 p.m.12 views

Jervis's Salt for PBKDF2 derived from password

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL869-L870...

8.7CVSS7AI score0.00116EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 2:52 p.m.14 views

Jervis Has a SHA-256 Hex String Padding Bug

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL622-L626 padLeft32, '0' should be padLeft64, '0'. SHA-256 produces 32 bytes = 64 hex characters. Impact Inconsistent hash lengths when leadi...

8.7CVSS7.2AI score0.00147EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 2:51 p.m.12 views

Jervis has Deterministic AES IV Derivation from Passphrase

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL866-L874...

8.7CVSS7AI score0.00202EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/13 2:28 p.m.11 views

Jervis Has a RSA PKCS#1 Padding Vulnerability

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL463-L465...

8.7CVSS6.9AI score0.00128EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/12 6:7 p.m.13 views

Weblate wlc has insecure API key configuration

Impact Historically, wlc supported providing unscoped API keys in the setting. This practice was discouraged for years, but the code was never removed. This might cause the API key to be used against different server. Patches https://github.com/WeblateOrg/wlc/pull/1098 Workarounds Remove unscoped...

5.5CVSS7.2AI score0.00164EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/12 4:13 p.m.8 views

Weblate command-line client susceptible to SSL verification skip

Impact The SSL verification would be skipped for some crafted URLs. Patches https://github.com/WeblateOrg/wlc/pull/1097 Workarounds Avoid using untrusted wlc configurations, as that might cause insecure connections. References This issue was reported to us by wh1zee via HackerOne...

5.5CVSS7AI score0.00134EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/12 4:12 p.m.12 views

Label Studio is vulnerable to full account takeover by chaining Stored XSS + IDOR in User Profile via custom_hotkeys field

Prologue These vulnerabilities have been found and chained by DCODX-AI. Validation of the exploit chain has been confirmed manually. Summary A persistent stored cross-site scripting XSS vulnerability exists in the customhotkeys functionality of the application. An authenticated attacker or one wh...

8.6CVSS6.4AI score0.00243EPSS
Exploits1References6Affected Software1
Total number of security vulnerabilities33312