Lucene search
K
GithubRecent

33312 matches found

Github Security Blog
Github Security Blog
added 2026/01/05 11:10 p.m.12 views

AIOHTTP vulnerable to DoS when bypassing asserts

Summary When assert statements are bypassed, an infinite loop can occur, resulting in a DoS attack when processing a POST body. Impact If optimisations are enabled -O or PYTHONOPTIMIZE=1, and the application includes a handler that uses the Request.post method, then an attacker may be able to...

8.7CVSS7.1AI score0.00337EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/05 11:9 p.m.10 views

AIOHTTP vulnerable to brute-force leak of internal static file path components

Summary Path normalization for static files prevents path traversal, but opens up the ability for an attacker to ascertain the existence of absolute path components. Impact If an application uses web.static not recommended for production deployments, it may be possible for an attacker to ascertai...

6.3CVSS6.8AI score0.00313EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/05 11:9 p.m.10 views

AIOHTTP has unicode match groups in regexes for ASCII protocol elements

Summary The parser allows non-ASCII decimals to be present in the Range header. Impact There is no known impact, but there is the possibility that there's a method to exploit a request smuggling vulnerability. ---- Patch:...

6.9CVSS6.9AI score0.00236EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/05 10:58 p.m.9 views

AIOHTTP's unicode processing of header values could cause parsing discrepancies

Summary The Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters. Impact If a pure Python version of aiohttp is installed i.e. without the usual C extensions or AIOHTTPNOEXTENSIONS is enabled, then an attacker may be able to execute a request smuggling...

6.5CVSS7.2AI score0.00213EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/05 10:58 p.m.10 views

AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb

Summary A zip bomb can be used to execute a DoS against the aiohttp server. Impact An attacker may be able to send a compressed request that when decompressed by aiohttp could exhaust the host's memory. ------ Patch: https://github.com/aio-libs/aiohttp/commit/2b920c39002cee0ec5b402581779bbaaf7c91...

7.5CVSS7.1AI score0.00487EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/05 10:58 p.m.12 views

`vega-functions` vulnerable to Cross-site Scripting via `setdata` function

Impact For sites that allow users to supply untrusted user input, malicious use of an internal function not part of the public API could be used to run unintentional javascript XSS. Patches Fixed in vega-functions 6.1.1 Workarounds There is no workaround besides upgrading. Using...

7.2CVSS6.3AI score0.00184EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/05 10:56 p.m.17 views

Vega XSS via expression abusing vlSelectionTuples function array map calls in environments with satisfactory function gadgets in the global scope

Impact Applications meeting these two conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used. 1. Use vega in an application that attaches both vega library and a vega.View instance similar to the Vega Editor to the global window, or has an...

9.3CVSS7AI score0.00452EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/05 10:55 p.m.18 views

Spinnaker vulnerable to SSRF due to improper restrictions on http from user input

Impact The primary impact is allowing users to fetch data from a remote URL. This data can be then injected into Spinnaker pipelines via helm or other methods to extract things LIKE idmsv1 authentication data. This ALSO includes calling INTERNAL Spinnaker API's via a get and similar endpoints...

7.9CVSS6.9AI score0.00155EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/05 9:30 p.m.15 views

Anthropic's MCP TypeScript SDK has a ReDoS vulnerability

Impact A ReDoS vulnerability in the UriTemplate class allows attackers to cause denial of service. The partToRegExp function generates a regex pattern with nested quantifiers ^/+?:,^/+ for exploded template variables e.g., /id, ?tags, causing catastrophic backtracking on malicious input. Who is...

8.7CVSS6.6AI score0.00399EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/05 9:30 p.m.12 views

evershop allows unauthenticated attackers to force server to initiate HTTP request via "GET /images" API

A Blind Server-Side Request Forgery SSRF vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to force the server to initiate an HTTP request via the "GET /images" API. The vulnerability occurs due to insufficient validation of the "src" query parameter, which permits...

6.5CVSS7.2AI score0.00175EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/05 9:30 p.m.10 views

evershop allows unauthenticated attackers to exhaust application server's resources via "GET /images" API

A Denial of Service DoS vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to exhaust the application server's resources via the "GET /images" API. The application fails to limit the height of the use-element shadow tree or the dimensions of pattern tiles during the...

7.5CVSS7AI score0.00291EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/05 8:25 p.m.13 views

Harvest May Expose OS Default SSH Login Password Via SUSE Virtualization Interactive Installer

Impact Projects using the SUSE Virtualization Harvester environment are vulnerable to this exploit if they are using the 1.5.x or 1.6.x interactive installer to either create a new cluster or add new hosts to an existing cluster. The environment is not affected if the PXE boot mechanism is utiliz...

9.8CVSS7AI score0.00473EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/05 8:2 p.m.17 views

Redaxo has Path Traversal in Backup Addon Leading to Arbitrary File Read

Summary Authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon's file export functionality. Details The Backup addon does not validate the EXPDIR POST parameter against the UI-generated allowlist of permitted directories. An...

8.3CVSS6.9AI score0.00493EPSS
Exploits3References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/05 7:57 p.m.9 views

ERC7984ERC20Wrapper: once a wrapper is filled, subsequent wrap requests do not revert and result in loss of funds.

Impact The ERC7984 contract tracks total supply using a confidential euint64 value. If a call to the internal mint function would result in the total supply overflowing, the call fails silently. The wrap and onTransferReceived functions in ERC7984ERC20Wrapper assume that mint won't fail silently...

6.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/05 7:43 p.m.10 views

gix-date can create non-utf8 string with `TimeBuf::as_str`

The function gixdate::parse::TimeBuf::asstr can create an illegal string containing non-utf8 characters. This violates the safety invariant of TimeBuf and can lead to undefined behavior when consuming the string. The bug can be prevented by adding str::fromutf8 to the function TimeBuf::write...

7.1CVSS7.3AI score0.00193EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/05 7:43 p.m.10 views

Sliver Vulnerable to Pre-Auth Memory Exhaustion via NoEncoder Bypass

Summary A specially crafted nonce routes unauthenticated requests through the NoEncoder path, where startSessionHandler reads the entire request body without limits, allowing attacker-driven memory exhaustion and process crash. Details - server/encoders/encoders.go: EncoderFromNonce returns...

7AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/05 7:42 p.m.12 views

badkeys vulnerable to ASCII control character injection on console via malformed input

Impact An attacker may inject content with ASCII control characters like vertical tabs, ANSI escape sequences, etc., that can create misleading output of the badkeys command-line tool. This impacts scanning DKIM keys both --dkim and --dkim-dns, SSH keys --ssh-lines mode, and filenames in various...

5.3CVSS6.9AI score0.00302EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/05 6:50 p.m.16 views

Craft CMS vulnerable to potential authenticated Remote Code Execution via malicious attached Behavior

Note that attackers must have administrator access to the Craft Control Panel for this to work. Users should update to the patched versions 5.8.21 and 4.16.17 to mitigate the issue. Resources: https://github.com/craftcms/cms/commit/6e608a1a5bfb36943f94f584b7548ca542a86fef...

8.6CVSS8.7AI score0.00812EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/05 6:49 p.m.9 views

Unauthenticated Craft CMS users can trigger a database backup

Unauthenticated users can trigger database backup operations the updater/backup action, potentially leading to resource exhaustion or information disclosure. Users should update to the patched versions 5.8.21 and 4.16.17 to mitigate the issue. Craft 3 users should update to the latest Craft 4 and...

9.1CVSS6.7AI score0.00471EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/05 6:30 p.m.6 views

Duplicate Advisory: ComfyUI-Manager has an Unprotected Alternate Channel (CWE-420)

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-95pq-hr8p-f5g7. This link is maintained to preserve external references. Original Description An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuratio...

7.5CVSS7.5AI score0.01361EPSS
Exploits3References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/05 6:10 p.m.12 views

Craft CMS vulnerable to potential authenticated Remote Code Execution via Twig SSTI

For this to work, users must have administrator access to the Craft Control Panel, and allowAdminChanges must be enabled for this to work, which is against Craft CMS' recommendations for any non-dev environment...

8.8CVSS6.8AI score0.00787EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/05 6:2 p.m.11 views

Craft CMS vulnerable to Server-Side Request Forgery (SSRF) via GraphQL Asset Upload Mutation

The Craft CMS GraphQL saveAsset mutation is vulnerable to Server-Side Request Forgery SSRF. This vulnerability arises because the file input, specifically its url parameter, allows the server to fetch content from arbitrary remote locations without proper validation. Attackers can exploit this by...

6.8CVSS7.3AI score0.00427EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/05 5:42 p.m.9 views

Craft CMS vulnerable to potential information disclosure via unchecked asset relocation

Authenticated users on a Craft installation could potentially expose sensitive assets via their user profile photo via maliciously crafted requests. Users should update to the patched versions 5.8.21 and 4.16.17 to mitigate the issue. Resources:...

7.1CVSS6.8AI score0.00232EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/05 5:35 p.m.27 views

jsPDF has Local File Inclusion/Path Traversal vulnerability

Impact User control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file contents of arbitrary files in the local file system the node proce...

9.2CVSS6.8AI score0.02058EPSS
Exploits2References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/05 3:32 p.m.12 views

Apache SIS has Improper Restriction of XML External Entity Reference vulnerability

Improper Restriction of XML External Entity Reference vulnerability in Apache SIS. It is possible to write XML files in such a way that, when parsed by Apache SIS, an XML file reveals to the attacker the content of a local file on the server running Apache SIS. This vulnerability impacts the...

6.5CVSS6.6AI score0.00582EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/05 3:7 p.m.29 views

flagd: Multiple Go Runtime CVEs Impact Security and Availability

Summary In 2025, several vulnerabilities in the Go Standard Library were disclosed, impacting Go-based applications like flagd the evaluation engine for OpenFeature. These CVEs primarily focus on Denial of Service DoS through resource exhaustion and Race Conditions in database handling. | CVE ID ...

7.5CVSS6.9AI score0.00626EPSS
Exploits2References4Affected Software3
Github Security Blog
Github Security Blog
added 2026/01/05 2:59 p.m.12 views

MessagePack for Java Vulnerable to Remote DoS via Malicious EXT Payload Allocation

Summary Affected Components: org.msgpack.core.MessageUnpacker.readPayload org.msgpack.core.MessageUnpacker.unpackValue org.msgpack.value.ExtensionValue.getData A denial-of-service vulnerability exists in MessagePack for Java when deserializing .msgpack files containing EXT32 objects with...

7.5CVSS6.6AI score0.0055EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/05 9:30 a.m.16 views

Vaadin vulnerable to Cross-site Scripting

Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting XSS if caption content is derived from user input. In Vaadin Framework 7 and 8, the Action class is a general-purpose class that may be used by multiple components. The fixed version...

4.8CVSS6.3AI score0.00327EPSS
Exploits0References5Affected Software3
Github Security Blog
Github Security Blog
added 2026/01/05 9:30 a.m.9 views

Apache Kyuubi Server vulnerable to Path Traversal

Any client who can access to Apache Kyuubi Server via Kyuubi frontend protocols can bypass server-side config kyuubi.session.local.dir.allow.list and use local files which are not listed in the config. This issue affects Apache Kyuubi: from 1.6.0 through 1.10.2. Users are recommended to upgrade t...

8.8CVSS6.8AI score0.00892EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/02 11:4 p.m.12 views

listmonk Vulnerable to Stored XSS Leading to Admin Account Takeover

Security Advisory: Stored XSS Leading to Admin Account Takeover Affected Versions: ≤ 5.1.0 Vulnerability Type: CWE-79: Stored Cross-Site Scripting --- Summary A lower-privileged user with campaign management permissions can inject malicious JavaScript into campaigns or templates. When a...

6.4CVSS5.5AI score0.00198EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/02 10:51 p.m.13 views

Bagisto is vulnerable to SSTI via name parameters provided by non-admin low-privilege users

Summary SSTI is possible via first name and last name parameters provided by lowest-privileged users. Details 1. Go to http://127.0.0.1:8000/ and login or signup 2. Go to http://127.0.0.1:8000/customer/account/profile 3. Now edit the first name and last name to 77 4. Notice it appears as 49 POC -...

8.8CVSS7.2AI score0.00455EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/02 10:50 p.m.13 views

Bagisto has IDOR in Customer Order Reorder Functionality

Summary An Insecure Direct Object Reference vulnerability in the customer order reorder function allows any authenticated customer to add items from another customer's order to their own shopping cart by manipulating the order ID parameter. This exposes sensitive purchase information and enables...

7.1CVSS6.6AI score0.00274EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/02 10:13 p.m.13 views

Bagisto has Normal & Blind SSTI from low-privilege user when ordering product

Summary SSTI when normal customer orders any product in add address step can inject value run in admin view. Details As normal user 1. Go to http://127.0.0.1:8000/ 2. Add order to cart and continue to checkout 3. In step of add address inject this value 77 in any input As admin 1. Go to...

9.8CVSS6.9AI score0.00835EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/02 9:56 p.m.10 views

Bagisto SSTI vulnerability in type parameter can lead to RCE

Summary SSTI is possible in Bagisto via type parameter can lead to RCE and other exploitations. Details 1. Go to http://127.0.0.1:8000/admin/reporting/products/view?type=77 Impact Can lead to RCE, command injection...

9.8CVSS7.2AI score0.01228EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/02 9:16 p.m.17 views

Bagisto has HTML Filter Bypass that Enables Stored XSS

Summary A stored Cross-Site Scripting XSS vulnerability exists in Bagisto 2.3.8 within the CMS page editor. Although the platform normally attempts to sanitize tags, the filtering can be bypassed by manipulating the raw HTTP POST request before submission. As a result, arbitrary JavaScript can be...

8.4CVSS6.1AI score0.00489EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/02 9:14 p.m.8 views

Bagisto Missing Authentication on Installer API Endpoints

Vulnerable Code File: packages/Ibkul/Installer/src/Routes/Ib.php groupfunction Route::controllerInstallerController::class-\groupfunction Route::get'install', 'index'-\name'installer.index'; Route::middlewareStartSession::class-\prefix'install/api'-\groupfunction Route::post'env-file-setup',...

9.8CVSS7.3AI score0.00583EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/02 9:11 p.m.13 views

Langflow Missing Authentication on Critical API Endpoints

Summary Multiple critical API endpoints in Langflow are missing authentication controls, allowing any unauthenticated user to access sensitive user conversation data, transaction histories, and perform destructive operations including message deletion. This affects endpoints handling personal dat...

9.3CVSS7.3AI score0.20655EPSS
Exploits1References5Affected Software2
Github Security Blog
Github Security Blog
added 2026/01/02 6:58 p.m.11 views

AdonisJS Path Traversal in Multipart File Handling

Summary Description A Path Traversal CWE-22 vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This impacts @adonisjs/bodyparser through version 10.1.1 and 11.x prerelease versions prior to...

9.2CVSS7.5AI score0.01063EPSS
Exploits3References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/02 3:30 p.m.11 views

Duplicate Advisory: Reflected XSS in go-httpbin due to unrestricted client control over Content-Type

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-528q-4pgm-wvg2. This link is maintained to preserve external references. Original Description A cross-site scripting XSS vulnerability in mccutchen httpbin v2.17.1 allows attackers to execute arbitrary web scrip...

6.1CVSS5.8AI score0.00235EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/01/02 3:28 p.m.8 views

Signal K Server vulnerable to JWT Token Theft via WebSocket Enumeration and Unauthenticated Polling

SignalK Server exposes two features that can be chained together to steal JWT authentication tokens without any prior authentication. The attack combines WebSocket-based request enumeration with unauthenticated polling of access request status. Unauthenticated WebSocket Request Enumeration: When ...

9.1CVSS6.9AI score0.00492EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/02 3:26 p.m.10 views

Signal K Server Vulnerable to Access Request Spoofing

The SignalK access request system has two related features that when combined by themselves and with the infromation disclosure vulnerability enable convincing social engineering attacks against administrators. When a device creates an access request, it specifies three fields: clientId,...

8.8CVSS6.7AI score0.00272EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/02 3:23 p.m.12 views

Signal K Server Vulnerable to Remote Code Execution via Malicious npm Package

The SignalK appstore interface allows administrators to install npm packages through a REST API endpoint. While the endpoint validates that the package name exists in the npm registry as a known plugin or webapp, the version parameter accepts arbitrary npm version specifiers including URLs. npm...

8.6CVSS8AI score0.00645EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/02 3:22 p.m.7 views

Signal K Server Vulnerable to Unauthenticated Information Disclosure via Exposed Endpoints

Note This is a separate issue from the RCE vulnerability State Pollution currently being patched. While related to tokensecurity.js, it involves different endpoints and risks. Summary An unauthenticated information disclosure vulnerability allows any user to retrieve sensitive system information,...

5.3CVSS6.2AI score0.00338EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/02 3:20 p.m.11 views

Signal K Server Vulnerable to Denial of Service via Unrestricted Access Request Flooding

Summary A Denial of Service DoS vulnerability allows an unauthenticated attacker to crash the SignalK Server by flooding the access request endpoint /signalk/v1/access/requests. This causes a "JavaScript heap out of memory" error due to unbounded in-memory storage of request objects. Details The...

7.5CVSS7.1AI score0.00519EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/02 3:11 p.m.8 views

Signal K Server has Unauthenticated State Pollution leading to Remote Code Execution (RCE)

Summary An unauthenticated attacker can pollute the internal state restoreFilePath of the server via the /skServer/validateBackup endpoint. This allows the attacker to hijack the administrator's "Restore" functionality to overwrite critical server configuration files e.g., security.json,...

9.6CVSS9AI score0.17934EPSS
Exploits3References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/01 6:30 p.m.10 views

Apache StreamPipes has Improper Privilege Management issue

A user with a legitimate non-administrator account can exploit a vulnerability in the user ID creation mechanism in Apache StreamPipes that allows them to swap the username of an existing user with that of an administrator. This vulnerability allows an attacker to gain administrative control over...

8.1CVSS7AI score0.14786EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/01 9:30 a.m.8 views

Feast vulnerable to Deserialization of Untrusted Data

A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0, specifically in the Kubernetes materializer job located at feast/sdk/python/feast/infra/computeengines/kubernetes/main.py. The vulnerability arises from the use of yaml.load..., Loader=yaml.Loader to...

7.8CVSS8.3AI score0.00264EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/01 6:30 a.m.8 views

Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists

In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists...

5.3CVSS7.2AI score0.00356EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/31 10:7 p.m.42 views

Trix has a stored XSS vulnerability through its attachment attribute

Impact The Trix editor, in versions prior to 2.1.16, is vulnerable to XSS attacks through attachment payloads. An attacker could inject malicious code into a data-trix-attachment attribute that, when rendered as HTML and clicked on, could execute arbitrary JavaScript code within the context of th...

6.5AI score
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2025/12/31 10:5 p.m.59 views

serverless MCP Server vulnerable to Command Injection in list-projects tool

Summary A command injection vulnerability exists in the Serverless Framework's built-in MCP server package @serverless/mcp. This vulnerability only affects users of the experimental MCP server feature serverless mcp, which represents less than 0.1% of Serverless Framework users. The core Serverle...

7.5CVSS9.4AI score0.01944EPSS
Exploits2References6Affected Software1
Total number of security vulnerabilities33312