Lucene search
K
GithubRecent

33312 matches found

Github Security Blog
Github Security Blog
added 2025/12/18 3:46 p.m.10 views

Amazon S3 Encryption Client for .NET has a Key Commitment Issue

Summary S3 Encryption Client for .NET S3EC is an open-source client-side encryption library used to facilitate writing and reading encrypted records to S3. When the encrypted data key EDK is stored in an "Instruction File" instead of S3's metadata record, the EDK is exposed to an "Invisible...

6CVSS7AI score0.00094EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/18 9:30 a.m.8 views

Duplicate Advisory: Nodemailer is vulnerable to DoS through Uncontrolled Recursion

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rcmh-qjqh-p98v. This link is maintained to preserve external references. Original Description A flaw was found in Nodemailer. This vulnerability allows a denial of service DoS via a crafted email address header...

7.5CVSS5.1AI score0.00409EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/18 6:30 a.m.11 views

Biopython is vulnerable to doctype XML external entity (XXE) injection through Bio.Entrez

Bio.Entrez in Biopython through 1.86 allows doctype XXE...

4.9CVSS7AI score0.00293EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/18 12:34 a.m.7 views

phpMyFAQ contains a CSV injection vulnerability

phpMyFAQ 3.1.12 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into their profile names. Attackers can modify their user profile name with a payload like 'calc|a!z|' to trigger code execution when an administrator exports user data as a CSV fil...

8.8CVSS7.8AI score0.00442EPSS
Exploits1References5Affected Software2
Github Security Blog
Github Security Blog
added 2025/12/17 10:50 p.m.9 views

mcp-server-git has missing path validation when using --repository flag

In mcp-server-git versions prior to 2025.12.18, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repopath arguments in subsequent tool calls were actually within that configured path. This could allow tool calls t...

9.1CVSS6.6AI score0.06197EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/17 10:50 p.m.17 views

mcp-server-git argument injection in git_diff and git_checkout functions allows overwriting local files

In mcp-server-git versions prior to 2025.12.18, the gitdiff and gitcheckout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values e.g., --output=/path/to/file for gitdiff would be interpreted as command-line options rather than git refs,...

7.1CVSS7.3AI score0.0728EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/17 9:30 p.m.7 views

Mattermost fails to check Websocket request for proper UTF-8 format potentially crashing Calls plug-in

Mattermost versions 11.0.x = 11.0.4, 10.12.x = 10.12.2, 10.11.x = 10.11.6 fail to check WebSocket request field for proper UTF-8 format, which allows attacker to crash Calls plug-in via sending malformed request...

6.5CVSS7AI score0.0024EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/17 9:30 p.m.8 views

Mattermost has an Invite Token Replay Vulnerability via Channel Membership Manipulation

Mattermost versions 10.11.x 10.11.5, 11.0.x 11.0.4, 10.12.x 10.12.2 fail to invalidate remote cluster invite tokens when using the legacy version 1 protocol or when the confirming party does not provide a refreshed token, which allows an attacker who has obtained an invite token to authenticate a...

3.7CVSS6.8AI score0.00167EPSS
Exploits0References6Affected Software3
Github Security Blog
Github Security Blog
added 2025/12/17 9:30 p.m.7 views

Mattermost Desktop App exposes sensitive information in its application logs

Mattermost Desktop App versions 6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via reading the application logs. A fix is available for...

3.3CVSS6.8AI score0.001EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/17 8:57 p.m.10 views

Auth0 WordPress has Improper Audience Validation via Auth0-PHP SDK Dependency

Description In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Affected product and versions Projects are affected if they meet the following...

6.9AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/17 8:56 p.m.8 views

Auth0 Symfony SDK has Improper Audience Validation via Auth0-PHP SDK

Description In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Affected product and versions Projects are affected if they meet the following...

6.9AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/17 8:55 p.m.9 views

Auth0 Laravel SDK has Improper Audience Validation via Auth0-PHP SDK dependency

Description In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Affected product and versions Users are affected if they meet the following...

6.9AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/17 8:52 p.m.9 views

Auth0-PHP SDK has Improper Audience Validation

Description In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Affected product and versions Projects are affected if they meet the following...

7.5CVSS6.9AI score0.00368EPSS
Exploits0References14Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/17 7:49 p.m.11 views

mcp-server-git's unrestricted git_init tool allows repository creation at arbitrary filesystem locations

In mcp-server-git versions prior to 2025.9.25, the gitinit tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other tools which required an existing repository, gitinit could operate on any directory accessible to the server proces...

8.8CVSS7AI score0.07822EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/17 6:31 p.m.9 views

Pagekit CMS has an Insecure Direct Object Reference (IDOR) in its User Role component

An Insecure Direct Object Reference IDOR in Pagekit CMS v1.0.18 allows attackers to escalate privileges. The project was archived as of December 1, 2023...

9.8CVSS7.2AI score0.00429EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/17 6:31 p.m.17 views

jose4j is vulnerable to DoS via compressed JWE content

In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during...

7.5CVSS6.5AI score0.00244EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/17 6:31 p.m.8 views

Pagekit CMS is vulnerable to OS Command Injection via Storage component

An authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arbitrary code via uploading a crafted PHP file. The project is archived as of December 1, 2023...

9.9CVSS7.9AI score0.0045EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/17 6:31 p.m.16 views

Duplicate Advisory: python-jose denial of service via compressed JWE content

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cjwg-qfpm-7377. This link is maintained to preserve external references. Original Description In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS...

5.3CVSS6.8AI score0.00166EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/17 3:34 p.m.8 views

Mattermost has missing redirect URL validation

Mattermost versions 10.11.x = 10.11.4 fail to validate redirect URLs on the /error page, which allows an attacker to redirect a victim to a malicious site via a crafted link opened in a new tab...

6.1CVSS6.7AI score0.00125EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2025/12/17 3:34 p.m.8 views

Mattermost GitHub Plugin Bot Identity Validation Bypass Allows Arbitrary GitHub Reaction Injection

Mattermost versions 10.11.x = 10.11.6 and Mattermost GitHub plugin versions =2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts...

3CVSS7AI score0.00145EPSS
Exploits0References5Affected Software3
Github Security Blog
Github Security Blog
added 2025/12/17 3:34 p.m.5 views

Mattermost has CSRF vulnerability via Calls Widget page

Mattermost versions 11.0.x 11.0.4, 10.12.x = 10.12.2, 10.11.x 10.11.6 and Mattermost Calls versions 1.10.0 fail to implement CSRF protection on the Calls widget page which allows an authenticated attacker to initiate calls and inject messages into channels or direct messages via a malicious webpa...

4.3CVSS6.8AI score0.001EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/17 12:30 p.m.9 views

Apache Airflow Providers Edge3 exposes internal API allowing RCE in web server context

Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if projects installed and configured it on Airflow 2. The Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if projects installed a...

9.8CVSS7.6AI score0.00823EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/16 10:37 p.m.8 views

systeminformation has a Command Injection vulnerability in fsSize() function on Windows

Summary The fsSize function in systeminformation is vulnerable to OS Command Injection CWE-78 on Windows systems. The optional drive parameter is directly concatenated into a PowerShell command without sanitization, allowing arbitrary command execution when user-controlled input reaches this...

8.1CVSS8.3AI score0.12863EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/16 10:35 p.m.10 views

Parse Server is vulnerable to Server-Side Request Forgery (SSRF) via Instagram OAuth Adapter

Impact The Instagram authentication adapter allows clients to specify a custom API URL via the apiURL parameter in authData. This enables SSRF attacks and possibly authentication bypass if malicious endpoints return fake responses to validate unauthorized users. Patches Fixed by hardcoding the...

8.3CVSS7.2AI score0.00291EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/16 10:34 p.m.9 views

Expr has Denial of Service via Unbounded Recursion in Builtin Functions

Several builtin functions in Expr, including flatten, min, max, mean, and median, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation environment contains deeply nested or cyclic data structures, these functions may recurse...

7.5CVSS7.1AI score0.00377EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/16 10:32 p.m.10 views

@vitejs/plugin-rsc has an Arbitrary File Read via `/__vite_rsc_findSourceMapURL` Endpoint

Summary The /viterscfindSourceMapURL endpoint in @vitejs/plugin-rsc allows unauthenticated arbitrary file read during development mode. An attacker can read any file accessible to the Node.js process by sending a crafted HTTP request with a file:// URL in the filename query parameter. Severity:...

7.5CVSS6.6AI score0.00552EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/16 9:24 p.m.10 views

SIPGO is Vulnerable to Response DoS via Nil Pointer Dereference

Description A nil pointer dereference vulnerability was discovered in the SIPGO library's NewResponseFromRequest function that affects all normal SIP operations. The vulnerability allows remote attackers to crash any SIP application by sending a single malformed SIP request without a To header. T...

8.7CVSS7AI score0.00487EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/16 9:22 p.m.13 views

Better Auth's rou3 Dependency has Double-Slash Path Normalization which can Bypass disabledPaths Config and Rate Limits

Summary An issue in the underlying router library rou3 can cause /path and //path to be treated as identical routes. If your environment does not normalize incoming URLs e.g., by collapsing multiple slashes, this can allow bypasses of disabledPaths and path-based rate limits. Details Better Auth...

7AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/16 8:52 p.m.12 views

filelock has a TOCTOU race condition which allows symlink attacks during lock file creation

Impact A Time-of-Check-Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation where filelock checks if a file exists before opening it with OTRUNC. An attack...

6.5CVSS6.4AI score0.00184EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/16 8:46 p.m.6 views

PyMdown Extensions has a ReDOS bug in its Figure Capture extension

Impact This issue describes a ReDOS bug found within the figure caption extension pymdownx.blocks.caption . In systems that take unchecked user content, this could cause long hangs when processing the data if a malicious payload was crafted. Patches This issue is patched in Release 10.16.1...

6.9CVSS6.9AI score0.00356EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/16 8:43 p.m.10 views

Libredesk has Improper Neutralization of HTML Tags in a Web Page

Summary LibreDesk is vulnerable to stored HTML injection in the contact notes feature. When adding notes via POST /api/v1/contacts/id/notes, the backend automatically wraps user input in tags. However, by intercepting the request and removing the tag, an attacker can inject arbitrary HTML element...

8.6CVSS6.8AI score0.00193EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/16 7:37 p.m.9 views

tRPC has possible prototype pollution in `experimental_nextAppDirCaller`

Note that this vulnerability is only present when using experimentalcaller / experimentalnextAppDirCaller. Summary A Prototype Pollution vulnerability exists in @trpc/server's formDataToObject function, which is used by the Next.js App Router adapter. An attacker can pollute Object.prototype by...

8.5CVSS7AI score0.00357EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/16 7:36 p.m.8 views

Parse Server has a Cross-Site Scripting (XSS) vulnerability via Unescaped Mustache Template Variables

Impact A Reflected Cross-Site Scripting XSS vulnerability exists in Parse Server's password reset and email verification HTML pages. Patches The patch escapes user controlled values that are inserted into the HTML pages. Workarounds None. Resources -...

6.1CVSS5.9AI score0.00183EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/16 6:31 p.m.9 views

ABP Account Module has an Open Redirect through Improper validation in its register function

An open redirect vulnerability exists in the Account module in Volosoft ABP Framework = 5.1.0 and 10.0.0-rc.2. Improper validation of the returnUrl parameter in the register function allows an attacker to redirect users to arbitrary external domains...

5.3CVSS7AI score0.00239EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/16 3:30 p.m.11 views

openshift-apiserver: SSRF via Missing IP/Network-Range Validation in User-Supplied Image References

A flaw was found in ose-openshift-apiserver. This vulnerability allows internal network enumeration, service discovery, limited information disclosure, and potential Denial of Service DoS through Server-Side Request Forgery SSRF due to missing IP address and network-range validation when processi...

6.4CVSS5.8AI score0.00306EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/16 12:43 a.m.11 views

ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay

Impact A cryptographic semantic binding flaw in ALTCHA libraries allows challenge payload splicing, which may enable replay attacks. The HMAC signature does not unambiguously bind challenge parameters to the nonce, allowing an attacker to reinterpret a valid proof-of-work submission with a modifi...

6.5CVSS6.7AI score0.00262EPSS
Exploits0References13Affected Software5
Github Security Blog
Github Security Blog
added 2025/12/15 11:37 p.m.8 views

Fickling has Code Injection vulnerability via pty.spawn()

Fickling Assessment Based on the test case provided in the original report below, this bypass was caused by pty missing from our block list of unsafe module imports as previously documented in 108, rather than the unused variable heuristic. This led to unsafe pickles based on pty.spawn being...

8.5CVSS8AI score0.00235EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/15 11:35 p.m.8 views

Fickling has missing detection for marshal.loads and types.FunctionType in unsafe modules list

Fickling Assessment Based on the test case provided in the original report below, this bypass was caused by marshal and types missing from the block list of unsafe module imports, Fickling started blocking both modules to address this issue. This was fixed in...

8.5CVSS7.8AI score0.00237EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/15 11:28 p.m.11 views

Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder

Summary The io.netty.handler.codec.http.HttpRequestEncoder CRLF injection with the request uri when constructing a request. This leads to request smuggling when HttpRequestEncoder is used without proper sanitization of the uri. Details The HttpRequestEncoder simply UTF8 encodes the uri without...

6.5CVSS7.3AI score0.00292EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/15 10:32 p.m.8 views

Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR)

Impact It was possible to retrieve user notification settings or list all users via API. Patches https://github.com/WeblateOrg/weblate/pull/17256 References Thanks to Hector Ruiz Ruiz & NaxusAI for responsibly disclosing this vulnerability to Weblate...

4.3CVSS6.9AI score0.00235EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/15 10:1 p.m.11 views

Weblate's over‑permissive webhook endpoint enables mass repository updates and component enumeration

Impact It was possible to trigger repository updates for many repositories via a crafted webhook payload. Patches https://github.com/WeblateOrg/weblate/pull/17221 Workarounds Disabling webhooks completely using ENABLEHOOKS avoids this vulnerability. References Thanks to Hector Ruiz Ruiz & NaxusAI...

5.3CVSS6.8AI score0.00235EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/15 10:0 p.m.13 views

Withdrawn Advisory: LikeC4 has RCE through vulnerable React and Next.js versions

Withdrawn Advisory This advisory has been withdrawn because LikeC4 isn’t impacted by CVE-2025-55182 because it doesn’t ship React. React is a peer dependency. Original Description LikeC4 uses React and Next.js: which contain known RCE vulnerabilities, as seen in CVE-2025-55182. 2025-12-15 Edit: t...

10CVSS7AI score0.99562EPSS
Exploits374References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/15 8:59 p.m.7 views

Misskey has a login rate limit bypass via spoofed X-Forwarded-For header

Summary When using an untrusted reverse proxy or not using a reverse proxy at all, attackers can bypass IP rate limiting by adding a forged X-Forwarded-For header. Starting with version 2025.9.1, an option trustProxy has been added in config file to prevent this from happening. However, it is...

6.9CVSS6.9AI score0.00296EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/15 8:55 p.m.7 views

misskey.js's export data contains private post data

Summary After adding private posts followers, direct that you do not have permission to view to your favorites or clips, you can export them to view the contents of the private posts. PoC 1. Create an account X for testing and an account Y for private posts on the same server. 2. Send appropriate...

7.1CVSS6.7AI score0.00274EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/15 7:58 p.m.9 views

Weblate has improper validation upon invitation acceptance

Impact It was possible to accept an invitation opened by a different Weblate user. Patches https://github.com/WeblateOrg/weblate/pull/16913 Workarounds Users should avoid leaving Weblate sessions with an unattended opened invitation. References Thanks to Nahid0x for responsibly disclosing this...

9.8CVSS6.9AI score0.00324EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/15 6:30 p.m.11 views

Misconfigured Internal Proxy in runtimes-inventory-rhel8-operator Grants Standard Users Full Cluster Administrator Access

A flaw was found in runtimes-inventory-rhel8-operator. An internal proxy component is incorrectly configured. Because of this flaw, the proxy attaches the cluster's main administrative credentials to any command it receives, instead of only the specific reports it is supposed to handle. This allo...

8.7CVSS6.7AI score0.00225EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/15 6:30 p.m.11 views

Grav is vulnerable to Stored XSS through authenticated user-edited content

grav before v1.7.49.5 has a Stored Cross-Site Scripting Stored XSS vulnerability in the page editing functionality. An authenticated low-privileged user with permission to edit content can inject malicious JavaScript payloads into editable fields. The payload is stored on the server and later...

5.4CVSS5.5AI score0.00138EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/15 6:30 p.m.9 views

Grav may be vulnerable to SSRF attack via Twig Templates

In grav 1.7.49.5, a SSRF Server-Side Request Forgery vector may be triggered via Twig templates when page content is processed by Twig and the configuration allows undefined PHP functions to be registered...

9.1CVSS6.9AI score0.00252EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/15 6:30 p.m.7 views

OpenShift GitOps authenticated attackers can obtain cluster root access through forged ArgoCD custom resources

A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources CRs that trick the system into granting them elevated permissions in other namespaces, including privileged namespaces. An authenticated attacker can then use these elevated permissions to create privileged...

9.1CVSS6.6AI score0.00642EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/15 3:30 p.m.10 views

django-allauth does not reject access tokens for inactive users

An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as isactive=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected...

5.4CVSS7AI score0.00143EPSS
Exploits0References6Affected Software1
Total number of security vulnerabilities33312