Lucene search
K
GithubRecent

33312 matches found

Github Security Blog
Github Security Blog
added 2025/12/26 3:30 a.m.10 views

Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources

Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources...

5.3CVSS6.9AI score0.00238EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/26 3:30 a.m.9 views

Gitea doesn't adequately enforce branch deletion permissions after merging a pull request.

In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request...

5.3CVSS6.9AI score0.00251EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/26 3:30 a.m.10 views

Gitea allows attackers to add attachments with forbidden file extensions

Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API...

8.2CVSS6.9AI score0.00295EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/26 3:30 a.m.10 views

Gitea mishandles authorization for deletion of releases

Gitea before 1.25.2 mishandles authorization for deletion of releases...

5.3CVSS7AI score0.00349EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/24 9:30 a.m.7 views

Mattermost doesn't verify that post actions invoking `/share-issue-publicly` were created by the Jira plugin

Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 fail to verify that post actions invoking /share-issue-publicly were created by the Jira plugin which allowed a malicious Mattermost user to exfiltrate Jira tickets when victim users interacted with affecte...

4.1CVSS6.8AI score0.00146EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2025/12/24 9:30 a.m.11 views

Mattermost doesn't validate user channel membership when attaching Mattermost posts as comments to Jira issues

Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 fails to validate user channel membership when attaching Mattermost posts as comments to Jira issues, which allows an authenticated attacker with access to the Jira plugin to read post content and attachmen...

4.3CVSS6.7AI score0.00165EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2025/12/23 11:52 p.m.10 views

Strengthening supply chain security: Preparing for the next malware campaign

The open source ecosystem continues to face organized, adaptive supply chain threats that spread through compromised credentials and malicious package lifecycle scripts. The most recent example is the multi-wave Shai-Hulud campaign. While individual incidents differ in their mechanics and speed,...

7.1AI score
Exploits0
Github Security Blog
Github Security Blog
added 2025/12/23 9:30 p.m.11 views

Hugging Face smolagents: Unsafe deserialization in Remote Python Executor leads to RCE

Hugging Face smolagents Remote Python Executor Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face smolagents. Authentication is not required to exploit this...

10CVSS6.3AI score0.0083EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/23 8:8 p.m.16 views

LangChain serialization injection vulnerability enables secret extraction

Context A serialization injection vulnerability exists in LangChain JS's toJSON method and subsequently when string-ifying objects using JSON.stringify. The method did not escape objects with 'lc' keys when serializing free-form data in kwargs. The 'lc' key is used internally by LangChain to mark...

9.1CVSS7.3AI score0.00746EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2025/12/23 7:31 p.m.9 views

httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage

Summary There may be an SSRF vulnerability in httparty. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. Details When httparty receives a path argument that is an absolute URL, it ignores the baseuri field. As a result, if ...

8.8CVSS6.7AI score0.0026EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/23 6:46 p.m.10 views

LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs

Summary A serialization injection vulnerability exists in LangChain's dumps and dumpd functions. The functions do not escape dictionaries with 'lc' keys when serializing free-form dictionaries. The 'lc' key is used internally by LangChain to mark serialized objects. When user-controlled data...

9.3CVSS7.8AI score0.1383EPSS
Exploits5References9Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/23 6:30 p.m.9 views

Cadmium CMS has a background arbitrary file upload vulnerability

Cadmium CMS v.0.4.9 has a background arbitrary file upload vulnerability in /admin/content/filemanager/uploads...

9.8CVSS7.2AI score0.00328EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/23 6:30 p.m.11 views

Home Assistant Core before is vulnerable to Directory Traversal

Home Assistant Core before v2025.8.0 is vulnerable to Directory Traversal. The Downloader integration does not fully validate file paths during concatenation, leaving a path traversal vulnerability...

4CVSS7AI score0.00362EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/23 6:19 p.m.11 views

LibreNMS Alert Rule API Cross-Site Scripting Vulnerability

Please find POC file here https://trendmicro-my.sharepoint.com/:u:/p/kholoudaltookhy/IQCfcnOE5ykQSb6Fm-HFI872AZzeIJxU-3aDk0jheXNE?e=zkN76d ZDI-CAN-28575: LibreNMS Alert Rule API Cross-Site Scripting Vulnerability -- CVSS ----------------------------------------- 4.3:...

5.4CVSS6.2AI score0.03417EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/23 6:17 p.m.12 views

Local Deep Research is Vulnerable to Server-Side Request Forgery (SSRF) in Download Service

Summary The download service downloadservice.py makes HTTP requests using raw requests.get without utilizing the application's SSRF protection saferequests.py. This can allow attackers to access internal services and attempt to reach cloud provider metadata endpoints AWS/GCP/Azure, as well as...

6.5CVSS6.7AI score0.00274EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/22 9:36 p.m.7 views

Fedify has ReDoS Vulnerability in HTML Parsing Regex

Hi Fedify team! 👋 Thank you for your work on Fedify—it's a fantastic library for building federated applications. While reviewing the codebase, I discovered a Regular Expression Denial of Service ReDoS vulnerability that I'd like to report. I hope this helps improve the project's security. ---...

7.5CVSS7.5AI score0.00481EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/22 9:30 p.m.8 views

Piranha has stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability in the Page Settings module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Excerpt field...

6.1CVSS5.5AI score0.00175EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/22 9:30 p.m.10 views

Umbraco CMS has an arbitrary file upload vulnerability

An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code via uploading a crafted PDF file. While Umbraco provides hooks to perform file validation, it does not do implement filtering by default. Users are expected to implement their own validation...

10CVSS6AI score0.00502EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/22 9:30 p.m.8 views

Piranha has stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability in the Media module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field...

6.1CVSS5.6AI score0.00175EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/22 8:20 p.m.15 views

Marshmallow has DoS in Schema.load(many)

Impact Schema.loaddata, many=True is vulnerable to denial of service attacks. A moderately sized request can consume a disproportionate amount of CPU time. Patches 4.1.2, 3.26.2 Workarounds py Fail fast def loadmanyschema, data, kwargs: if not isinstancedata, list: raise ValidationError'Invalid...

5.3CVSS6.8AI score0.00252EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/22 8:8 p.m.17 views

KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential

Impact An Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The vulnerability stems from an incorrect or insufficient path validation when loading the Service Account...

8.2CVSS7.3AI score0.00433EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/22 4:19 p.m.20 views

n8n Vulnerable to Remote Code Execution via Expression Injection

Impact n8n contains a critical Remote Code Execution RCE vulnerability in its workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from...

9.9CVSS8.2AI score0.97875EPSS
Exploits29References8Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/22 12:30 p.m.6 views

Mattermost with Jira plugin enabled has Incorrect Implementation of Authentication Algorithm

Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions =4.4.0 fail to enforce authentication and issue-key path restrictions in the Jira plugin, which allows an unauthenticated attacker who knows ...

8.3CVSS7.1AI score0.00227EPSS
Exploits0References9Affected Software2
Github Security Blog
Github Security Blog
added 2025/12/20 5:42 p.m.13 views

Cowrie has a SSRF vulnerability in wget/curl emulation enabling DDoS amplification

Summary A Server-Side Request Forgery SSRF vulnerability in Cowrie's emulated shell mode allows unauthenticated attackers to abuse the honeypot as an amplification vector for HTTP-based denial-of-service attacks against arbitrary third-party hosts. Details When Cowrie operates in emulated shell...

7.5CVSS7.3AI score0.00616EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/19 10:53 p.m.13 views

External Control of File Name or Path in Langflow

Vulnerability Overview If an arbitrary path is specified in the request body's fspath, the server serializes the Flow object into JSON and creates/overwrites a file at that path. There is no path restriction, normalization, or allowed directory enforcement, so absolute paths e.g., /etc/poc.txt ar...

7.1CVSS7AI score0.03631EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/19 10:52 p.m.6 views

Langflow vulnerable to Server-Side Request Forgery

Vulnerability Overview Langflow provides an API Request component that can issue arbitrary HTTP requests within a flow. This component takes a user-supplied URL, performs only normalization and basic format checks, and then sends the request using a server-side httpx client. It does not block...

7.7CVSS6.5AI score0.0576EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/19 9:32 p.m.7 views

Tuta Mail has DOM attribute and CSS injection in its Contact Viewer feature

Impact Users importing contacts from untrusted sources. Specifically crafted contact data can lead to some of DOM modifications for the link button next to the field e.g. the link address can be overriden. CSS can be manipulated to give the button arbitrary look and change it's size so that any...

6.9AI score
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/19 9:31 p.m.11 views

Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization

A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm administrator to trigger deserialization of untrusted Java objects via a malicious LDAP server configuration. Mitigation Disable LDAP referrals in all LDAP user providers in all realms...

5.5CVSS6.5AI score0.00408EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/19 9:30 p.m.4 views

Kimai contains a SameSite cookie vulnerability

Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers can trick victims into executing a crafted PHP script that captures and writes session cookie information to a file, enabling potential session...

9.8CVSS5.5AI score0.00496EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/19 9:10 p.m.12 views

FastAPI Users Vulnerable to 1-click Account Takeover in Apps Using FastAPI SSO

Description The OAuth login state tokens are completely stateless and carry no per-request entropy or any data that could link them to the session that initiated the OAuth flow. generatestatetoken is always called with an empty statedata dict, so the resulting JWT only contains the fixed audience...

8.8CVSS6.9AI score0.00222EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/19 7:17 p.m.7 views

Orejime has executable code in HTML attributes

Impact On HTML elements handled by Orejime, one could run malicious code by embedding javascript: code within data attributes. When consenting to the related purpose, Orejime would turn data attributes into unprefixed ones i.e. data-href into href, thus executing the code. This shouldn't have any...

6.1CVSS7AI score0.00183EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/19 3:31 p.m.8 views

pretix has Broken Access Control Allowing Cross-User File Access via UUID

An API endpoint allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only...

7CVSS6.8AI score0.00226EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/19 3:31 p.m.8 views

pretix has Broken Access Control Allowing Cross-User File Access via UUID

Multiple API endpoints allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only...

7CVSS6.8AI score0.00226EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/19 12:31 p.m.10 views

Apache NiFi GetAsanaObject Processor has Remote Code Execution via Unsafe Deserialization

Apache NiFi 1.20.0 through 2.6.0 include the GetAsanaObject Processor, which requires integration with a configurable Distribute Map Cache Client Service for storing and retrieving state information. The GetAsanaObject Processor used generic Java Object serialization and deserialization without...

8.8CVSS6.7AI score0.00435EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/19 6:30 a.m.11 views

FastAPI SSP is vulnerable to Cross-site Request Forgery (CSRF) through improper OAuth parameter validation

Versions of the package fastapi-sso before 0.19.0 are vulnerable to Cross-site Request Forgery CSRF due to the improper validation of the OAuth state parameter during the authentication callback. While the getloginurl method allows for state generation, it does not persist the state or bind it to...

6.9CVSS6.9AI score0.00311EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/19 12:31 a.m.8 views

Filebeat Beats has Buffer Overflow via Malformed Syslog Message or Malicious Tokenizer Pattern in Dissect Configuration

Improper Validation of Specified Index, Position, or Offset in Input CWE-1285 in Filebeat Syslog parser and the Libbeat Dissect processor can allow a user to trigger a Buffer Overflow CAPEC-100 and cause a denial of service panic/crash of the Filebeat process via either a malformed Syslog message...

6.5CVSS6.9AI score0.00168EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2025/12/19 12:31 a.m.9 views

Elasticsearch Packetbeat has Excessive Allocation of Memory and CPU via Malicious IPv4 Fragments

Allocation of resources without limits or throttling CWE-770 allows an unauthenticated remote attacker to cause excessive allocation CAPEC-130 of memory and CPU via the integration of malicious IPv4 fragments, leading to denial-of-service in Packetbeat...

5.3CVSS7.2AI score0.00309EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2025/12/19 12:31 a.m.9 views

Elasticsearch has Excessive Allocation of Resources via Submission of Oversized User Settings Data

Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can allow a low-privileged authenticated user to cause Excessive Allocation CAPEC-130 causing a persistent denial of service OOM crash via submission of oversized user settings data...

6.5CVSS6.7AI score0.00275EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/19 12:31 a.m.12 views

Elasticsearch privileged authenticated users can cause DoS through Excessive Resource Allocation

Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can allow an authenticated user with snapshot restore privileges to cause Excessive Allocation CAPEC-130 of memory and a denial of service DoS via crafted HTTP request...

4.9CVSS6.7AI score0.00329EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/18 11:20 p.m.8 views

Weblate is vulnerable to RCE through Git config file overwrite

Impact It was possible to overwrite Git configuration remotely and override some of its behavior. Resources Thanks to Jason Marcello for responsible disclosure...

9.1CVSS6.9AI score0.00489EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/18 10:58 p.m.11 views

Weblate has an arbitrary file read via symbolic links

Impact It was possible to read arbitrary files from the server file system using crafted symbolic links in the repository. Resources Thanks to Jason Marcello for responsible disclosure...

7.7CVSS6.9AI score0.00344EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/18 10:3 p.m.14 views

nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows

Summary On Windows, converting a notebook containing SVG output to a PDF results in unauthorized code execution. Specifically, a third party can create a inkscape.bat file that defines a Windows batch script, capable of arbitrary code execution. When a user runs jupyter nbconvert --to pdf on a...

8.5CVSS7.6AI score0.00233EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/18 9:31 p.m.12 views

Apache Log4j does not verify the TLS hostname in its Socket Appender

The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName configuration attribute or the log4j2.sslVerifyHostName system property is set to true. This issue may allow a...

6.3CVSS6.8AI score0.00743EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/18 6:52 p.m.12 views

AWS SDK for PHP's S3 Encryption Client has a Key Commitment Issue

Summary S3 Encryption Client for PHP is an open-source client-side encryption library used to facilitate writing and reading encrypted records to S3. When the encrypted data key EDK is stored in an "Instruction File" instead of S3's metadata record, the EDK is exposed to an "Invisible Salamanders...

6CVSS7AI score0.00176EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/18 6:51 p.m.7 views

AWS SDK for Ruby's S3 Encryption Client has a Key Commitment Issue

Summary S3 Encryption Client for Ruby is an open-source client-side encryption library used to facilitate writing and reading encrypted records to S3. When the encrypted data key EDK is stored in an "Instruction File" instead of S3's metadata record, the EDK is exposed to an "Invisible Salamander...

6CVSS7AI score0.00185EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/18 6:50 p.m.8 views

Amazon S3 Encryption Client has a Key Commitment Issue

Summary S3 Encryption Client for Go is an open-source client-side encryption library used to facilitate writing and reading encrypted records to S3. When the encrypted data key EDK is stored in an "Instruction File" instead of S3's metadata record, the EDK is exposed to an "Invisible Salamanders"...

6CVSS7AI score0.00094EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/18 6:49 p.m.8 views

Storybook manager bundle may expose environment variables during build

On December 11th, the Storybook team received a responsible disclosure alerting them to a potential vulnerability in certain built and published Storybooks. The vulnerability is a bug in how Storybook handles environment variables defined in a .env file, which could, in specific circumstances, le...

7.3CVSS6.4AI score0.00235EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/18 6:45 p.m.124 views

tinacms is vulnerable to arbitrary code execution

Summary tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. Details The gray-matter package executes by default the code in the markdown file's front matter. tinacms...

8.8CVSS8.3AI score0.00393EPSS
Exploits1References4Affected Software3
Github Security Blog
Github Security Blog
added 2025/12/18 6:30 p.m.24 views

Ollama Platform has missing authentication enabling attackers to perform model management operations

A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management operations...

9.8CVSS7.3AI score0.00632EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/18 3:47 p.m.12 views

Amazon S3 Encryption Client for Java has a Key Commitment Issue

Summary S3 Encryption Client for Java is an open-source client-side encryption library used to facilitate writing and reading encrypted records to S3. When the encrypted data key EDK is stored in an "Instruction File" instead of S3's metadata record, the EDK is exposed to an "Invisible Salamander...

6CVSS7AI score0.00103EPSS
Exploits0References6Affected Software1
Total number of security vulnerabilities33312