Lucene search
K
GithubRecent

33312 matches found

Github Security Blog
Github Security Blog
added 2026/01/08 8:42 p.m.28 views

React Router has XSS Vulnerability

A XSS vulnerability exists in in React Router's meta/ APIs in Framework Mode when generating script:ld+json tags which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the tag. !NOTE This does not impact applications using Declarative Mode or Data Mod...

7.6CVSS6.5AI score0.00448EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2026/01/08 8:40 p.m.13 views

RustFS has IAM deny_only Short-Circuit that Allows Privilege Escalation via Service Account Minting

Summary A flawed denyonly short-circuit in RustFS IAM allows a restricted service account or STS credential to self-issue an unrestricted service account, inheriting the parent’s full privileges. This enables privilege escalation and bypass of session/inline policy restrictions. Details akin to...

9.8CVSS7.3AI score0.00378EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/08 8:36 p.m.13 views

RustFS has IAM Incorrect Authorization in ImportIam that Allows Privilege Escalation

Summary The ImportIam admin API validates permissions using ExportIAMAction instead of ImportIAMAction, allowing a principal with export-only IAM permissions to perform import operations. Since importing IAM data performs privileged write actions creating/updating users, groups, policies, and...

8.8CVSS7.1AI score0.00392EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/08 8:32 p.m.8 views

Kirby is missing permission checks in the content changes API

TL;DR This vulnerability affects all Kirby sites where user permissions are configured to prevent specific roles from performing write actions, specifically by disabling the update permission with the intent to prevent modifications to site content. If developers haven't configured any user...

5.8CVSS7AI score0.00189EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/08 8:27 p.m.9 views

NiceGUI has Redis connection leak via tab storage causes service degradation

Summary An unauthenticated attacker can exhaust Redis connections by repeatedly opening and closing browser tabs on any NiceGUI application using Redis-backed storage. Connections are never released, leading to service degradation when Redis hits its connection limit. NiceGUI continues accepting...

5.3CVSS7AI score0.0051EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/08 8:16 p.m.10 views

NiceGUI apps which use `ui.sub_pages` vulnerable to zero-click XSS

Summary An unsafe implementation in the pushstate event listener used by ui.subpages allows an attacker to manipulate the fragment identifier of the URL, which they can do despite being cross-site, using an iframe. Details The problem is traced as follows: 1. On pushstate, handleStateEvent is...

7.2CVSS6.5AI score0.00233EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/08 8:12 p.m.11 views

CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages

Multiple CoreDNS server implementations gRPC, HTTPS, and HTTP/3 lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent connections, streams, or sending oversized request bodies. The issue is simila...

8.7CVSS7.1AI score0.00412EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/08 8:8 p.m.14 views

NiceGUI apps are vulnerable to XSS which uses `ui.sub_pages` and render arbitrary user-provided links

Summary An unsafe implementation in the click event listener used by ui.subpages, combined with attacker-controlled link rendering on the page, causes an XSS when the user actively clicks on the link. Details 1. On click, eventually subpagesnavigate event is emitted...

6.1CVSS6.3AI score0.00238EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/08 8:0 p.m.13 views

NiceGUI is vulnerable to XSS via Unescaped URL in ui.navigate.history.push() / replace()

Summary XSS risk exists in NiceGUI when developers pass attacker-controlled strings into ui.navigate.history.push or ui.navigate.history.replace. These helpers are documented as History API wrappers for updating the browser URL without page reload. However, if the URL argument is embedded into...

6.1CVSS6.6AI score0.00243EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/08 7:51 p.m.13 views

Werkzeug safe_join() allows Windows special device names with compound extensions

Werkzeug's safejoin function allows path segments with Windows device names that have file extensions or trailing spaces. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every directory. Windows still accepts them with any file extensio...

6.3CVSS6.8AI score0.00424EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/08 5:25 p.m.13 views

picklescan has Arbitrary file read using `io.FileIO`

Summary Unsafe pickle deserialization allows unauthenticated attackers to read arbitrary server files and perform SSRF. By chaining io.FileIO and urllib.request.urlopen, an attacker can bypass RCE-focused blocklists to exfiltrate sensitive data example: /etc/passwd to an external server. Details...

8.7CVSS6.9AI score0.00509EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/08 6:31 a.m.11 views

Keycloak has Incorrect Behavior Order: Authorization Before Parsing and Canonicalization

A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the "Bearer" authentication scheme. It accepts non-standard characters such as tabs as separators and tolerates case variations that deviate from RFC 6750 specifications...

5.3CVSS6.9AI score0.00361EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/08 12:31 a.m.11 views

wolfSSL Python module vulnerable to Improper Authentication

A vulnerability in the handling of verifymode = CERTREQUIRED in the wolfssl Python package wolfssl-py causes client certificate requirements to not be fully enforced. Because the WOLFSSLVERIFYFAILIFNOPEERCERT flag was not included, the behavior effectively matched CERTOPTIONAL: a peer certificate...

9.3CVSS6.8AI score0.00272EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/08 12:31 a.m.9 views

records-mover Injection vulnerability

A weakness has been identified in bluelabsio records-mover up to 1.5.4. The affected element is an unknown function of the component Table Object Handler. This manipulation causes SQL Injection. The attack needs to be launched locally. Upgrading to version 1.6.0 is sufficient to fix this issue...

5.3CVSS7.4AI score0.00174EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/07 9:31 p.m.5 views

Bio-Formats performs unsafe Java deserialization of attacker-controlled memoization cache files (.bfmemo) during image processing

Bio-Formats versions up to and including 8.3.0 perform unsafe Java deserialization of attacker-controlled memoization cache files .bfmemo during image processing. The loci.formats.Memoizer class automatically loads and deserializes memo files associated with images without validation, integrity...

7.8CVSS8.1AI score0.0044EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/07 9:31 p.m.12 views

Bio-Formats has an XML External Entity (XXE) vulnerability

Bio-Formats versions up to and including 8.3.0 contain an XML External Entity XXE vulnerability in the Leica Microsystems metadata parsing component e.g., XLEF. The parser uses an insecurely configured DocumentBuilderFactory when processing Leica XML-based metadata files, allowing external entity...

7.1CVSS6.6AI score0.00142EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/07 8:38 p.m.33 views

`IterMut` violates Stacked Borrows by invalidating internal pointer

Affected versions of this crate contain a soundness issue in the IterMut iterator implementation. The IterMut::next and IterMut::nextback methods temporarily create an exclusive reference to the key when dereferencing the internal node pointer. This invalidates the shared pointer held by the...

6.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/07 7:33 p.m.24 views

OpenMetadata's Server-Side Template Injection (SSTI) in FreeMarker email templates leads to RCE

OpenMetadata RCE Vulnerability - Proof of Concept Executive Summary CRITICAL Remote Code Execution vulnerability confirmed in OpenMetadata v1.11.2 via Server-Side Template Injection SSTI in FreeMarker email templates. Credit - @lnlinh31, @satthusaosan, @TheMacCuoi, @get-wright, @Ohnooo1234,...

9.4CVSS6.1AI score0.0076EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/07 7:29 p.m.8 views

CoreShop Vulnerable to SQL Injection via Admin Reports

Affected Versions - CoreShop 4.1.2 Demo tested Demo | CoreShop - Earlier versions may also be affected if the same code path exists Summary A blind SQL injection vulnerability exists in the application that allows an authenticated administrator-level user to extract database contents using...

4.9CVSS8.1AI score0.00391EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/07 7:28 p.m.13 views

loggingredactor converts non-string types to string types in logs

Impact Non-string types are converted into string types, leading to type errors in %d conversions. Patches The problem has been patched in version 0.0.6. Workarounds None without patching. Resources Issue report: https://github.com/armurox/loggingredactor/issues/7 Release:...

5.3CVSS7AI score0.00228EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/07 7:28 p.m.18 views

Preact has JSON VNode Injection issue

Impact Vulnerability Type: HTML Injection via JSON Type Confusion Affected Versions: Preact 10.26.5 through 10.28.1 Severity: Low to Medium see below Who is Impacted? Applications using affected Preact versions are vulnerable if they meet all of the following conditions: 1. Pass unmodified,...

9.2CVSS6.8AI score0.00227EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/07 7:22 p.m.14 views

n8n's Missing Stripe-Signature Verification Allows Unauthenticated Forged Webhooks

Impact An authentication bypass in the Stripe Trigger node allows unauthenticated parties to trigger workflows by sending forged Stripe webhook events. The Stripe Trigger creates and stores a Stripe webhook signing secret when registering the webhook endpoint, but incoming webhook requests were n...

6.5CVSS7.4AI score0.00432EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/07 7:22 p.m.15 views

Miniflux Media Proxy SSRF via /proxy endpoint allows access to internal network resources

Summary Miniflux's media proxy endpoint GET /proxy/encodedDigest/encodedURL can be abused to perform Server-Side Request Forgery SSRF. An authenticated user can cause Miniflux to generate a signed proxy URL for attacker-chosen media URLs embedded in feed entry content, including internal addresse...

6.5CVSS6.8AI score0.00258EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/07 7:20 p.m.26 views

n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling

Impact A vulnerability in n8n allows an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker. This could result in exposure of sensitive information stored on the system...

10CVSS7.1AI score0.71647EPSS
Exploits18References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/07 7:18 p.m.16 views

Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API)

Impact urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip,...

8.9CVSS6.5AI score0.02667EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/07 7:7 p.m.17 views

pnpm v10+ Bypass "Dependency lifecycle scripts execution disabled by default"

pnpm v10+ Git Dependency Script Execution Bypass Summary A security bypass vulnerability in pnpm v10+ allows git-hosted dependencies to execute arbitrary code during pnpm install, circumventing the v10 security feature "Dependency lifecycle scripts execution disabled by default". While pnpm v10...

9.8CVSS8.7AI score0.01023EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/07 7:6 p.m.15 views

pnpm Has Lockfile Integrity Bypass that Allows Remote Dynamic Dependencies

Summary HTTP tarball dependencies and git-hosted tarballs are stored in the lockfile without integrity hashes. This allows the remote server to serve different content on each install, even when a lockfile is committed. Details When a package depends on an HTTP tarball URL, pnpm's tarball resolve...

8.8CVSS7AI score0.0031EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/07 6:51 p.m.21 views

pnpm vulnerable to Command Injection via environment variable substitution

Summary A command injection vulnerability exists in pnpm when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve remote code execution RCE in build environments...

7.8CVSS9.7AI score0.00949EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/07 6:36 p.m.14 views

RustFS gRPC GetMetrics deserialization panic enables remote DoS

Summary A malformed gRPC GetMetrics request causes getmetrics to unwrap failed deserialization of metrictype/opts, panicking the handler thread and enabling remote denial of service of the metrics endpoint. Details - Vulnerable code: rustfs/src/storage/tonicservice.rs:1775-1782: - MetricType and...

6.9CVSS6.8AI score0.00284EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/07 6:30 p.m.8 views

terminal-controller-mcp vulnerable to Command Injection

A command injection vulnerability in the executecommand function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary commands via a crafted input...

10CVSS8.2AI score0.01891EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/07 6:30 p.m.9 views

fast-filesystem-mcp has a Path Traversal vulnerability

fast-filesystem-mcp version 3.4.0 contains a critical path traversal vulnerability in its file operation tools including fastreadfile. This vulnerability arises from improper path validation that fails to resolve symbolic links to their actual physical paths. The safePath and isPathAllowed...

7.5CVSS6.7AI score0.00583EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/07 6:30 p.m.41 views

Undertow HTTP server core doesn't properly validate the Host header in incoming HTTP requests

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests. As a result, requests containing malformed or malicious Host headers are processed withou...

9.6CVSS6.6AI score0.01179EPSS
Exploits0References20Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/07 6:15 p.m.13 views

RustFS Path Traversal Vulnerability

RustFS Path Traversal Vulnerability Vulnerability Details - CVE ID: - Severity: Critical CVSS estimated 9.9 - Impact: Arbitrary File Read/Write - Component: /rustfs/rpc/readfilestream endpoint - Root Cause: Insufficient path validation in crates/ecstore/src/disk/local.rs:1791 Vulnerable Code rust...

9.8CVSS7.2AI score0.06558EPSS
Exploits3References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/07 6:9 p.m.14 views

Quarkus REST has potential worker thread starvation when HTTP connection is closed while waiting to write

A vulnerability exists in the HTTP layer of Quarkus REST related to response handling. When a response is being written, the framework waits for previously written response chunks to be fully transmitted before proceeding. If the client connection is dropped during this waiting period, the...

7.5CVSS6.8AI score0.00349EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/07 12:31 p.m.13 views

OpenFlagr contains an authentication bypass vulnerability in the HTTP middleware

OpenFlagr versions prior to and including 1.1.18 contain an authentication bypass vulnerability in the HTTP middleware. Due to improper handling of path normalization in the whitelist logic, crafted requests can bypass authentication and access protected API endpoints without valid credentials...

9.3CVSS7AI score0.00439EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/07 12:31 p.m.22 views

Microsoft Playwright MCP Server vulnerable to DNS Rebinding Attack; Allows Attackers Access to All Server Tools

Microsoft Playwright MCP Server versions prior to 0.0.40 fails to validate the Origin header on incoming connections. This allows an attacker to perform a DNS rebinding attack via a victim’s web browser and send unauthorized requests to a locally running MCP server, resulting in unintended...

7.2CVSS6.7AI score0.01148EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/07 12:31 p.m.11 views

carbone Code Injection vulnerability

A weakness has been identified in carboneio carbone up to fbcd349077ad0e8748be73eab2a82ea92b6f8a7e. This impacts an unknown function of the file lib/input.js of the component Formatter Handler. Executing a manipulation can lead to improperly controlled modification of object prototype attributes...

5CVSS5.1AI score0.00275EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/06 7:22 p.m.12 views

Directus has open redirect in SAML

Security Advisory: Open Redirect in Directus SAML Authentication Summary An open redirect vulnerability exists in the Directus SAML authentication callback endpoint. The RelayState parameter is used in redirects without proper validation against an allowlist of permitted domains. Vulnerability...

6.1CVSS7.1AI score0.00196EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/01/06 6:14 p.m.9 views

rsa crate has potential panic on a prime being equal to 1

When creating a RSA private key from its components, the construction panics, instead of returning an error, when one of the primes is 1. Discovered by Christian Reitter from Radically Open Security during a security review for Proton AG...

6.9CVSS6.9AI score0.00405EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/06 6:4 p.m.11 views

Parsl Monitoring Visualization Vulnerable to SQL Injection

Affected Product: Parsl Python Parallel Scripting Library Component: parsl.monitoring.visualization Vulnerability Type: SQL Injection CWE-89 Severity: High CVSS Rating Recommended: 7.5 - 8.6 URL: https://github.com/Parsl/parsl/blob/master/parsl/monitoring/visualization/views.py Summary A SQL...

7.3CVSS7.9AI score0.00235EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/06 6:0 p.m.22 views

Bypassing Kyverno Policies via Double Policy Exceptions

Summary If a cluster has a Kyverno policy in enforce mode and there are two exceptions, this allows the policy to be bypassed, even if the first exception is more restrictive than the second. Details The following policy was applied: yaml apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata:...

7AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/06 5:53 p.m.14 views

Bokeh server applications have Incomplete Origin Validation in WebSockets

This vulnerability allows for Cross-Site WebSocket Hijacking CSWSH of a deployed Bokeh server instance. Scope This vulnerability is only relevant to deployed Bokeh server instances. There is no impact on static HTML output, standalone embedded plots, or Jupyter notebook usage. This vulnerability...

7.4CVSS7.1AI score0.00159EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/06 5:48 p.m.26 views

n8n Vulnerable to RCE via Arbitrary File Write

Impact n8n is affected by an authenticated Remote Code Execution RCE vulnerability. Under certain conditions, an authenticated user may be able to cause untrusted code to be executed by the n8n service. This could result in full compromise of the affected instance. Both self-hosted and n8n Cloud...

9.9CVSS7.4AI score0.05258EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/06 5:44 p.m.12 views

Mailpit Proxy Endpoint has Server-Side Request Forgery (SSRF) vulnerability

Summary A Server-Side Request Forgery SSRF vulnerability exists in Mailpit's /proxy endpoint that allows attackers to make requests to internal network resources. Description The /proxy endpoint allows requests to internal network resources. While it validates http:// and https:// schemes, it doe...

5.8CVSS6.9AI score0.00755EPSS
Exploits2References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/06 5:32 p.m.10 views

MONAI has Path Traversal (Zip Slip) in NGC Private Bundle Download

Summary A Path Traversal Zip Slip vulnerability exists in MONAI's downloadfromngcprivate function. The function uses zipfile.ZipFile.extractall without path validation, while other similar download functions in the same codebase properly use the existing safeextractmember function. This appears t...

5.3CVSS7.2AI score0.00311EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/06 5:20 p.m.11 views

Pterodactyl TOTPs can be reused during validity window

Summary When a user signs into an account with 2FA enabled they are prompted to enter a token. When that token is used, it is not sufficiently marked as used in the system allowing an attacker that intercepts that token to then use it in addition to a known username/password during the token...

6.5CVSS6.9AI score0.00321EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/06 5:18 p.m.13 views

Pterodactyl does not revoke SFTP access when server is deleted or permissions reduced

Summary Pterodactyl does not revoke active SFTP connections when a user is removed from a server instance or has their permissions changes with respect to file access over SFTP. This allows a user that was already connected to SFTP to remain connected and access files even after their permissions...

7.5CVSS6.8AI score0.00218EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2026/01/05 11:13 p.m.12 views

AIOHTTP Vulnerable to Cookie Parser Warning Storm

Summary Reading multiple invalid cookies can lead to a logging storm. Impact If the cookies attribute is accessed in an application, then an attacker may be able to trigger a storm of warning-level logs using a specially crafted Cookie header. ---- Patch:...

6.9CVSS6.8AI score0.00332EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/05 11:13 p.m.10 views

AIOHTTP vulnerable to DoS through chunked messages

Summary Handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. Impact If an application makes use of the request.read method in an endpoint, it may be possible for an attacker to cause the server to spend a moderate amount of blocking CPU...

8.7CVSS6.7AI score0.00338EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/05 11:13 p.m.13 views

AIOHTTP vulnerable to denial of service through large payloads

Summary A request can be crafted in such a way that an aiohttp server's memory fills up uncontrollably during processing. Impact If an application includes a handler that uses the Request.post method, an attacker may be able to freeze the server by exhausting the memory. ----- Patch:...

8.7CVSS6.9AI score0.00347EPSS
Exploits0References4Affected Software1
Total number of security vulnerabilities33312