Lucene search
K
GithubRecent

33312 matches found

Github Security Blog
Github Security Blog
added 2026/01/12 4:10 p.m.12 views

MindsDB has improper sanitation of filepath that leads to information disclosure and DOS

Summary BlueRock discovered an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. Details The PUT handler in file.py directly joins user-controlled data into a...

9.1CVSS5.9AI score0.19213EPSS
Exploits2References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/12 9:30 a.m.10 views

MLFlow is vulnerable to DNS rebinding attacks due to a lack of Origin header validation

MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against REST endpoints. An...

8.1CVSS6.9AI score0.00193EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/11 3:31 p.m.19 views

Apache Struts 2 is Missing XML Validation

Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue...

8.1CVSS7AI score0.23054EPSS
Exploits1References4Affected Software3
Github Security Blog
Github Security Blog
added 2026/01/11 12:30 p.m.9 views

AcademySoftwareFoundation OpenColorIO has an out-of-bounds vulnerability

A vulnerability was found in AcademySoftwareFoundation OpenColorIO up to 2.5.0. This issue affects the function ConvertToRegularExpression of the file src/OpenColorIO/FileRules.cpp. Performing a manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has...

4.8CVSS6.5AI score0.00165EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/10 3:31 p.m.7 views

QuestDB UI's Web Console is Vulnerable to Cross-Site Scripting

A security flaw has been discovered in questdb ui up to 1.11.9. Impacted is an unknown function of the component Web Console. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Upgrading t...

5.1CVSS5.6AI score0.00242EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/10 12:30 p.m.10 views

LIEF is vulnerable to segmentation fault

A security flaw has been discovered in lief-project LIEF up to 0.17.1. Affected by this issue is the function Parser::parsebinary of the file src/ELF/Parser.tcc of the component ELF Binary Parser. The manipulation results in null pointer dereference. The attack must be initiated from a local...

5.5CVSS6.2AI score0.00242EPSS
Exploits1References11Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/10 12:30 a.m.8 views

Salesforce Uni2TS has a Code Injection vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS: through 1.2.0...

9.8CVSS5.5AI score0.00372EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/09 10:35 p.m.15 views

SM2-PKE has Unchecked AffinePoint Decoding (unwrap) in decrypt()

Summary A denial-of-service vulnerability exists in the SM2 PKE decryption path where an invalid elliptic-curve point C1 is decoded and the resulting value is unwrapped without checking. Specifically, AffinePoint::fromencodedpoint&encodedc1 may return a None/CtOption::None when the supplied...

7.5CVSS7.2AI score0.00375EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/09 10:29 p.m.14 views

Fickling vulnerable to detection bypass due to "builtins" blindness

Fickling's assessment Fickling started emitting AST nodes for builtins imports in order to match them during analysis https://github.com/trailofbits/fickling/commit/9f309ab834797f280cb5143a2f6f987579fa7cdf. Original report Summary Fickling works by Pickle bytecode -- AST -- Security analysis...

9.3CVSS7.5AI score0.00264EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/09 10:27 p.m.14 views

SM2-PKE has 32-bit Biased Nonce Vulnerability

Summary A critical vulnerability exists in the SM2 Public Key Encryption PKE implementation where the ephemeral nonce k is generated with severely reduced entropy. A unit mismatch error causes the nonce generation function to request only 32 bits of randomness instead of the expected 256 bits. Th...

8.7CVSS6.5AI score0.00245EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/09 9:31 p.m.9 views

Shiori is vulnerable to authentication bypass via a brute force attack

A lack of rate limiting in the login page of shiori v1.7.4 and below allows attackers to bypass authentication via a brute force attack...

6.5CVSS7.1AI score0.00367EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/09 9:12 p.m.10 views

Fickling has Static Analysis Bypass via Incomplete Dangerous Module Blocklist

Fickling's assessment ctypes, importlib, runpy, code and multiprocessing were added the list of unsafe imports https://github.com/trailofbits/fickling/commit/9a2b3f89bd0598b528d62c10a64c1986fcb09f66, https://github.com/trailofbits/fickling/commit/eb299b453342f1931c787bcb3bc33f3a03a173f9,...

9.3CVSS8.7AI score0.00554EPSS
Exploits1References11Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/09 9:5 p.m.17 views

Fickling vulnerable to use of ctypes and pydoc gadget chain to bypass detection

Fickling's assessment pydoc and ctypes were added to the list of unsafe imports https://github.com/trailofbits/fickling/commit/b793563e60a5e039c5837b09d7f4f6b92e6040d1. Original report Summary Both ctypes and pydoc modules arent explictly blocked. Even other existing pickle scanning tools like...

9.3CVSS7AI score0.00346EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/09 9:4 p.m.10 views

Fickling Blocklist Bypass: cProfile.run()

Fickling's assessment cProfile was added to the list of unsafe imports https://github.com/trailofbits/fickling/commit/dc8ae12966edee27a78fe05c5745171a2b138d43. Original report Description Summary Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because ...

9.3CVSS8.2AI score0.0044EPSS
Exploits1References11Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/09 8:52 p.m.11 views

Fickling has a bypass via runpy.run_path() and runpy.run_module()

Fickling's assessment runpy was added to the list of unsafe imports https://github.com/trailofbits/fickling/commit/9a2b3f89bd0598b528d62c10a64c1986fcb09f66. Original report Summary Fickling versions up to and including 0.1.6 do not treat Python’s runpy module as unsafe. Because of this, a malicio...

9.3CVSS8.3AI score0.00425EPSS
Exploits1References11Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/09 8:12 p.m.11 views

October CMS Vulnerable to Stored XSS via Branding Styles

A cross-site scripting XSS vulnerabilities was identified in October CMS backend configuration forms: - Branding and Appearances Styles A user with the Customize Backend Styles permission could inject malicious HTML/JS into the stylesheet input at Settings → Branding & Appearance → Styles. A...

6.1CVSS6.2AI score0.00183EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/09 7:53 p.m.11 views

mnl has segmentation fault and invalid memory read in `mnl::cb_run`

The function mnl::cbrun is marked as safe but exhibits unsound behavior when processing malformed Netlink message buffers. Passing a crafted byte slice to mnl::cbrun can trigger memory violations. The function does not sufficiently validate the input buffer structure before processing, leading to...

7AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/09 7:48 p.m.13 views

pypdf has possible long runtimes for malformed startxref

Impact An attacker who exploits this vulnerability can craft a PDF which leads to possibly long runtimes for invalid startxref entries. When rebuilding the cross-reference table, PDF files with lots of whitespace characters become problematic. Only the non-strict reading mode is affected. Patches...

6.9CVSS6.8AI score0.00391EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/09 7:48 p.m.12 views

pypdf has possible long runtimes for missing /Root object with large /Size values

Impact An attacker who exploits this vulnerability can craft a PDF which leads to possibly long runtimes for actually invalid files. This can be achieved by omitting the /Root entry in the trailer, while using a rather large /Size value. Only the non-strict reading mode is affected. Patches This...

6.9CVSS6.9AI score0.00391EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/09 7:39 p.m.14 views

jose-swift has JWT Signature Verification Bypass via None Algorithm

Summary An authentication bypass vulnerability allows any unauthenticated attacker to forge arbitrary JWT tokens by setting "alg": "none" in the token header. The library's verification functions immediately return true for such tokens without performing any cryptographic verification, enabling...

7.4AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/09 7:21 p.m.21 views

WeKnora has Command Injection in MCP stdio test

Vulnerability Description --- Vulnerability Overview This issue is a command injection vulnerability CWE-78 that allows authenticated users to inject stdioconfig.command/args into MCP stdio settings, causing the server to execute subprocesses using these injected values. The root causes are as...

9.9CVSS7.7AI score0.01747EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/09 7:19 p.m.10 views

WeKnora vulnerable to SQL Injection

Summary After WeKnora enables its Agent service, it allows users to call database query tools. Due to lax code backend verification, attackers can use prompts to bypass query restrictions and obtain sensitive information from the target server and database. Details Source - File:...

9.8CVSS6AI score0.00353EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/09 6:56 p.m.14 views

AWS SDK for .NET V4 adopted defense in depth enhancement for region parameter value

Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. A defense-in-depth enhancement has been implemented in th...

3.7CVSS6.7AI score0.00201EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/09 6:52 p.m.31 views

Angular has XSS Vulnerability via Unsanitized SVG Script Attributes

A Cross-Site Scripting XSS vulnerability has been identified in the Angular Template Compiler. The vulnerability exists because Angular’s internal sanitization schema fails to recognize the href and xlink:href attributes of SVG elements as a Resource URL context. In a standard security model,...

8.5CVSS6.2AI score0.00444EPSS
Exploits1References7Affected Software2
Github Security Blog
Github Security Blog
added 2026/01/09 6:41 p.m.14 views

XWiki Full Calendar Macro vulnerable to SQL injection through Calendar.JSONService

Impact Anyone who has view rights on the Calendar.JSONService page, including guest users can exploit this vulnerability by accessing database info or starting a DoS attack. Workarounds Remove the Calendar.JSONService page. This will however break some functionalities. References Jira issue:...

10CVSS8AI score0.00282EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/09 6:35 p.m.11 views

XWiki Full Calendar Macro vulnerable to data leak through Calendar.JSONService

Impact Anyone who has view rights on the Calendar.JSONService page, including guest users can exploit this vulnerability by accessing database info, with the exception of passwords. Workarounds Remove the Calendar.JSONService page. This will however break some functionalities. References Jira...

5.3CVSS7AI score0.00236EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/09 6:12 p.m.13 views

October CMS Vulnerable to Stored XSS via Editor and Branding Styles

A cross-site scripting XSS vulnerabilities was identified in October CMS backend configuration forms: - Editor Settings Markup Styles A user with the Global Editor Settings permission could inject malicious HTML/JS into the stylesheet input at Settings → Editor Settings → Markup Styles. A special...

6.1CVSS6.2AI score0.00183EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/09 9:31 a.m.23 views

FASTJSON Includes Functionality from Untrusted Control Sphere

Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, there may be calls to certain public methods of that class. Depending on the behavior of those methods, there may be JNDI injection with an...

10CVSS7.2AI score0.0069EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/08 10:40 p.m.8 views

Authlib has 1-click Account Takeover vulnerability

Security Advisory: Cache-Backed State Storage CSRF in Authlib The Security Labs team at Snyk has reported a security issue affecting Authlib, identified during a recent research project. The Snyk Security Labs team has identified a vulnerability that can result in a one-click account takeover in...

8.8CVSS5.8AI score0.00237EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/08 10:12 p.m.13 views

AWS SDK for Swift adopted defense in depth enhancement for region parameter value

CVSSv3.1 Rating: 3.7 LOW Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. A defense-in-depth enhancement h...

6.7AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/08 10:4 p.m.44 views

JavaScript SDK v2 users should add validation to the region parameter value in or migrate to v3

CVSSv3.1 Rating: 3.7 LOW Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. Per the AWS shared responsibilit...

6.6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/08 9:52 p.m.66 views

AWS SDK for JavaScript v3 adopted defense in depth enhancement for region parameter value

CVSSv3.1 Rating: 3.7 LOW Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. A defense-in-depth enhancement h...

6.7AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/08 9:47 p.m.178 views

vLLM introduced enhanced protection for CVE-2025-62164

Summary The fix here for CVE-2025-62164 is not sufficient. The fix only disables prompt embeds by default rather than addressing the root cause, so the DoS vulnerability remains when the feature is enabled. Details vLLM's pending change attempts to fix the root cause, which is the missing sparse...

8.8CVSS6.8AI score0.00849EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/08 9:46 p.m.10 views

AWS SDK for Rust v1 adopted defense in depth enhancement for region parameter value

Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. A defense-in-depth enhancement has been implemented in th...

6.7AI score
Exploits0References4Affected Software100
Github Security Blog
Github Security Blog
added 2026/01/08 9:36 p.m.13 views

Ghost has SQL Injection in Members Activity Feed

Impact A vulnerability in Ghost's /ghost/api/admin/members/events endpoint allows users with authentication credentials for the Admin API to execute arbitrary SQL. Vulnerable versions This vulnerability is present in Ghost v5.90.0 to v5.130.5 to and Ghost v6.0.0 to v6.10.3. Patches v5.130.6 and...

7.2CVSS7.6AI score0.00413EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/08 9:36 p.m.15 views

Ghost has SSRF via External Media Inliner

Impact A vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF. Vulnerable versions This vulnerability is present in Ghost v5.38.0 to v5.130.5 to and Ghost v6.0.0 ...

5.1CVSS7.1AI score0.00265EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/08 9:32 p.m.9 views

Ghost has Staff Token permission bypass

Impact A vulnerability in Ghost's handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be accessible via Staff Session authentication. External systems that have been authenticated via Staff Tokens for Admin/Owner-role users would have had...

8.1CVSS7.1AI score0.00494EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/08 9:30 p.m.19 views

Elliptic Uses a Cryptographic Primitive with a Risky Implementation

The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 has leading zeros and is susceptible to cryptanalysis, which can lead to secret key exposure. This...

5.6CVSS6.8AI score0.00161EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/08 9:29 p.m.13 views

Ghost has Staff 2FA bypass

Impact A vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. Vulnerable versions This vulnerability is present in Ghost v5.105.0 to v5.130.5 to and Ghost v6.0.0 to v6.10.3. Patches v5.130.6 and v6.11.0 contain a fix for this issue. References Ghost thanks Sho Odagiri of G...

8.1CVSS6.9AI score0.00367EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/08 9:28 p.m.9 views

Spree API has Unauthenticated IDOR - Guest Address

Summary An Unauthenticated Insecure Direct Object Reference IDOR vulnerability was identified that allows an unauthenticated attacker to access guest address information without supplying valid credentials or session cookies. Details During testing, it was observed that all guest users can make a...

7.5CVSS6.9AI score0.00383EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/08 9:27 p.m.9 views

Spree API has Authenticated Insecure Direct Object Reference (IDOR) via Order Modification

Summary An Authenticated Insecure Direct Object Reference IDOR vulnerability was identified that allows an authenticated user to retrieve other users’ address information by modifying an existing order. By editing an order they legitimately own and manipulating address identifiers in the request,...

6.5CVSS6.8AI score0.00371EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/08 9:22 p.m.13 views

Salvo is vulnerable to reflected XSS in the list_html function

Summary The function listhtml generates an file view of a folder which includes a render of the current path, in which its inserted in the HTML without proper sanitation, leading to reflected XSS. The request path is decoded and normalized in the matching stage but is not inserted raw in the HTML...

8.8CVSS7.2AI score0.003EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/08 9:16 p.m.9 views

Salvo is vulnerable to stored XSS in the list_html function by uploading files with malicious names

Summary The function listhtml generates a file view of a folder without sanitizing the files or folders names, potentially leading to XSS in cases where a website allows access to public files using this feature, allowing anyone to upload a file. Details The vulnerable snippet of code is the...

8.8CVSS6.6AI score0.003EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/08 9:13 p.m.12 views

Shakapacker has environment variable leak via EnvironmentPlugin that exposes secrets to client-side bundles

Summary Since 2017, the default webpack plugins have passed the entire process.env to EnvironmentPlugin. This pattern exposed ALL build environment variables to client-side JavaScript bundles whenever application code or any dependency referenced process.env.VARIABLENAME. This is not a regression...

7.1AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/08 9:1 p.m.13 views

Soft Serve is missing an authorization check in LFS lock deletion

LFS Lock Force-Delete Authorization Bypass Summary An authorization bypass in the LFS lock deletion endpoint allows any authenticated user with repository write access to delete locks owned by other users by setting the force flag. The vulnerable code path processes force deletions before...

5.4CVSS7.2AI score0.00273EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/08 8:57 p.m.13 views

React Router has CSRF issue in Action/Server Action Request Processing

React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when using React Server Actions in the new unstable RSC modes. !NOTE This does not impact your application if you are using Declarative...

6.5CVSS5.5AI score0.00128EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2026/01/08 8:54 p.m.37 views

React Router vulnerable to XSS via Open Redirects

React Router and Remix v1/v2 SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if developers are creating redirect paths...

8CVSS7.1AI score0.0077EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2026/01/08 8:50 p.m.10 views

React Router SSR XSS in ScrollRestoration

A XSS vulnerability exists in in React Router's API in Framework Mode when using the getKey/storageKey props during Server-Side Rendering which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the keys. !NOTE This does not impact applications if...

8.2CVSS6.5AI score0.00472EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2026/01/08 8:48 p.m.10 views

React Router has unexpected external redirect via untrusted paths

An attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate, , or redirect, the app performs a navigation/redirect to an external URL. This is only an issue if developers pass untrusted content into navigation paths in their application code...

6.5CVSS6.8AI score0.00198EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/08 8:45 p.m.25 views

React Router has Path Traversal in File Session Storage

If applications use createFileSessionStorage from @react-router/node or @remix-run/node/@remix-run/deno in Remix v2 with an unsigned cookie, it is possible for an attacker to cause the session to try to read/write from a location outside the specified session file directory. The success of the...

9.1CVSS6.7AI score0.16104EPSS
Exploits0References3Affected Software3
Total number of security vulnerabilities33312