Lucene search
K
GithubRecent

33312 matches found

Github Security Blog
Github Security Blog
added 2025/12/15 3:30 p.m.9 views

django-allauth's Okta and NetIQ implementations used a mutable identifier for authorization decisions

An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferredusername as the identifier for third-party provider accounts. That value may be mutable and should therefore be avoided for authorization decisions. The providers are now using sub instead...

5.4CVSS7.3AI score0.00143EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/15 12:30 p.m.9 views

Apache Airflow exposes secret values to authenticated UI users via rendered templates

A vulnerability in Apache Airflow allowed authenticated UI users to view secret values in rendered templates due to secrets not being properly redacted, potentially exposing secrets to users without the appropriate authorization. Users are recommended to upgrade to version 3.1.4, which fixes this...

6.5CVSS6.6AI score0.00413EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/15 12:30 p.m.10 views

Elasticsearch PKI Realm Authentication Bypass Vulnerability Allows User Impersonation Through Crafted Client Certificates

Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to have such a crafted client certificate signed by a legitimate, trusted Certificate Authority...

7.4CVSS6.8AI score0.00162EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/15 12:30 a.m.6 views

Mayan EDMS has an Open Redirect through the /authentication/ file

A flaw has been found in Mayan EDMS up to 4.10.1. The impacted element is an unknown function of the file /authentication/. This manipulation causes open redirect. It is possible to initiate the attack remotely. The exploit has been published and may be used. Upgrading to version 4.10.2 is...

6.1CVSS6.6AI score0.00408EPSS
Exploits1References12Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/15 12:30 a.m.11 views

kube-controller-manager is vulnerable to half-blind Server Side Request Forgery through in-tree Portworx StorageClass

A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...

5.8CVSS6.8AI score0.00361EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/15 12:30 a.m.14 views

MJML allows mj-include directory traversal due to an incomplete fix for CVE-2020-12827

MJML before 5.0.0-alpha.9 allows mj-include directory traversal to test file existence and in the type="css" case read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827...

7.2CVSS7.1AI score0.02657EPSS
Exploits4References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/15 12:30 a.m.10 views

Mayan EDMS is vulnerable to XSS through the /authentication/ file

A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.10.2 is...

6.1CVSS5.6AI score0.00399EPSS
Exploits1References12Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/14 6:31 p.m.8 views

snail-job is vulnerable to Code Injection through QLExpressEngine.doEval function

A vulnerability was found in aizuda snail-job up to 1.6.0. Affected by this vulnerability is the function QLExpressEngine.doEval of the file snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/strategy/QLExpressEngine.java. The manipulation results in...

6.5CVSS6.9AI score0.00308EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/14 6:30 a.m.8 views

Sequoia PGP has Subtraction Overflow when aes_key_unwrap function is provided ciphertext that is too short

In Sequoia before 2.1.0, aeskeyunwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet...

5.3CVSS7AI score0.00302EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/13 6:30 p.m.10 views

Universal Tool Calling Protocol (UTCP) client library for Python vulnerable to Trust Boundary Violation through Manual JSON specification

The vulnerability arises when a client fetches a tools’ JSON specification, known as a Manual, from a remote Manual Endpoint. While a provider may initially serve a benign manual e.g., one defining an HTTP tool call, earning the clients’ trust, a malicious provider can later change the manual to...

7.5CVSS7AI score0.00223EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/12 10:12 p.m.11 views

aircompressor Snappy and LZ4 Java-based decompressor implementation can leak information from reused output buffer

Summary Incorrect handling of malformed data in Java-based decompressor implementations for Snappy and LZ4 allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the output buffer is reused without being cleared, this may lead to disclosure of...

7.5CVSS5.6AI score0.00369EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2025/12/12 9:31 p.m.11 views

Vuetify has a Cross-site Scripting (XSS) vulnerability in the VDatePicker component

Improper neutralization of the title date in the 'VDatePicker' component in Vuetify, allows unsanitized HTML to be inserted into the page. This can lead to a Cross-Site Scripting XSS https://owasp.org/www-community/attacks/xss attack. The vulnerability occurs because the 'title-date-format'...

6.3CVSS5.8AI score0.0017EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/12 9:31 p.m.9 views

Vuetify has a Prototype Pollution vulnerability

The Preset configuration feature of Vuetify is vulnerable to Prototype Pollution due to the internal 'mergeDeep' utility function used to merge options with defaults. Using a specially-crafted, malicious preset can result in polluting all JavaScript objects with arbitrary properties, which can...

8.6CVSS6.8AI score0.00285EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/12 9:31 p.m.12 views

Liferay Portal and DXP Instance Admin can execute code using Objects Actions and Validations

In Liferay Portal 7.4.3.27 through 7.4.3.42, and Liferay DXP 2024.Q1.1 through 2024.Q1.20, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 27 through update 42 Liferay PaaS, and Liferay Self-Hosted, the Objects module does not restrict the use of Groovy scripts in Object...

7.5CVSS7.9AI score0.00389EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/12 8:20 p.m.6 views

Lightning Flow Scanner Vulnerable to Code Injection via Unsafe Use of `new Function()` in APIVersion Rule

Impact The APIVersion rule uses new Function to evaluate expression strings. A malicious crafted flow metadata file can cause arbitrary JavaScript execution during scanning. An attacker could execute arbitrary JavaScript during a scan by supplying a malicious expression within rule configuration ...

8.4CVSS7.2AI score0.00169EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/12 8:15 p.m.13 views

Finality Provider vulnerable to anti-slashing bypassing due to misconfiguration

Summary The anti-slashing is not effective if the attacker can access EOTS manager endpoints. Impact If the EOTS manager endpoints are open to public without HMAC protection, the attacker can manually cause slashing of the finality provider through the RPC endpoints. Report credits go to:...

5.5AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/12 7:22 p.m.9 views

NeuVector OpenID Connect is vulnerable to man-in-the-middle (MITM)

Impact NeuVector supports login authentication through OpenID Connect. However, the TLS verification which verifies the remote server's authenticity and integrity for OpenID Connect is not enforced by default. As a result this may expose the system to man-in-the-middle MITM attacks. Starting from...

8.8CVSS7AI score0.00321EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/12 6:30 p.m.8 views

Weaviate OSS has a Path Traversal Vulnerability via Backup ZipSlip

An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craft an entry name with an absolute path e.g., /etc/... or use parent directory traversal ../../.. to escape the restore root when a backup is restored, potentially creating or...

7.2CVSS7.2AI score0.00785EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/12 6:30 p.m.12 views

Apache StreamPark: Use the user’s password as the secret key Vulnerability

When encrypting sensitive data, weak encryption keys that are fixed or directly generated based on user passwords are used. Attackers can obtain these keys through methods such as reverse engineering, code leaks, or password guessing, thereby decrypting stored or transmitted encrypted data, leadi...

5.9CVSS7.3AI score0.0022EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/12 6:30 p.m.12 views

Weaviate OSS has path traversal vulnerability via the Shard Movement API

An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the "Pause file activity" state and the FileReplicationService is reachable can read arbitrary files...

4.9CVSS6.9AI score0.00435EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/12 6:30 p.m.12 views

MineAdmin has an insecure default password

Insecure permissions in the scheduled tasks feature of MineAdmin v3.x allows attackers to execute arbitrary commands and execute a full account takeover...

9.8CVSS7.7AI score0.0043EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/12 5:21 p.m.12 views

Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up

It was discovered that the fix for CVE-2025-55184 in React Server Components was incomplete and did not fully mitigate denial-of-service conditions across all payload types. As a result, certain crafted inputs could still trigger excessive resource consumption. This vulnerability affects React...

7.5CVSS5.6AI score0.65592EPSS
Exploits10References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/12 4:41 p.m.14 views

Vite Plugin React has a Source Code Exposure Vulnerability in React Server Components

Impact @vitejs/plugin-rsc vendors react-server-dom-webpack, which contained a vulnerability in versions prior to 19.2.3. See details in React repository's advisory https://github.com/facebook/react/security/advisories/GHSA-925w-6v3x-g4j4 Patches Upgrade immediately to @vitejs/[email protected] or...

6.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/12 4:41 p.m.8 views

Vite Plugin React has a Denial of Service Vulnerability in React Server Components

Impact @vitejs/plugin-rsc vendors react-server-dom-webpack, which contained a vulnerability in versions prior to 19.2.3. See details in React repository's advisory https://github.com/facebook/react/security/advisories/GHSA-7gmr-mq3h-m5h9 Patches Upgrade immediately to @vitejs/[email protected] or...

6.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/12 4:32 p.m.13 views

Denial of Service Vulnerability in React Server Components

Impact It was found that the fix to address CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a specific case. We recommend updating immediately. The vulnerability exists in versions 19.0.2, 19.1.3, and 19.2.2 of: - react-server-dom-webpac...

7.5CVSS7AI score0.19152EPSS
Exploits3References5Affected Software3
Github Security Blog
Github Security Blog
added 2025/12/12 3:30 p.m.13 views

Apache StreamPark uses a Weak Encryption Algorithm

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...

7.5CVSS7.1AI score0.0022EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/12 3:30 p.m.29 views

Apache StreamPark has a hard-coded encryption key

In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the system uses a fixed, immutable key for encryption instead of dynamically generating or securely configuring the key. Attackers may obtain...

9.8CVSS6.6AI score0.00456EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/12 12:30 p.m.9 views

Apache HugeGraph-Server: RAFT and deserialization vulnerability

A remote code execution vulnerability exists where a malicious Raft node can exploit insecure Hessian deserialization within the PD store. The fix enforces IP-based authentication to restrict cluster membership and implements a strict class whitelist to harden the Hessian serialization process...

8.8CVSS8.7AI score0.00805EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/12 12:30 a.m.6 views

FoF Pretty Mail has a server-side template injection vulnerability

FoF Pretty Mail 1.1.2 contains a server-side template injection vulnerability that allows administrative users to inject malicious code into email templates. Attackers can execute system commands by inserting crafted template expressions that trigger arbitrary code execution during email generati...

8.6CVSS8.5AI score0.00504EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/11 10:49 p.m.21 views

Next Server Actions Source Code Exposure

A vulnerability affects certain React packages for versions 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as CVE-2025-55183. A malicious HTTP request can...

5.3CVSS7.1AI score0.62405EPSS
Exploits7References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/11 10:49 p.m.28 views

Next Vulnerable to Denial of Service with Server Components

A vulnerability affects certain React packages for versions 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as CVE-2025-55184. A malicious HTTP request can...

7.5CVSS6.8AI score0.65592EPSS
Exploits10References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/11 10:36 p.m.13 views

Denial of Service Vulnerability in React Server Components

Impact There is a denial of service vulnerability in React Server Components. React recommends updating immediately. The vulnerability exists in versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1 of: - react-server-dom-webpack - react-server-dom-parcel - react-server-dom-turbopack...

7.5CVSS7AI score0.65592EPSS
Exploits10References5Affected Software3
Github Security Blog
Github Security Blog
added 2025/12/11 10:36 p.m.13 views

Source Code Exposure Vulnerability in React Server Components

Impact There is a source code exposure vulnerability in React Server Components. React recommends updating immediately. The vulnerability exists in versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1 of: - react-server-dom-webpack - react-server-dom-parcel - react-server-dom-turbopa...

5.3CVSS7AI score0.62405EPSS
Exploits7References5Affected Software3
Github Security Blog
Github Security Blog
added 2025/12/11 9:31 p.m.12 views

pgadmin4 has a Meta-Command Filter Command Execution

The PLAIN restore meta-command filter introduced in pgAdmin as part of the fix for CVE-2025-12762 does not detect meta-commands when a SQL file begins with a UTF-8 Byte Order Mark EF BB BF or other special byte sequences. The implemented filter uses the function hasmetacommands, which scans raw...

9.1CVSS7.9AI score0.00866EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/11 6:36 p.m.8 views

Servify-express rate limit issue

Impact The Express server uses express.json without a size limit, which can allow attackers to send extremely large request bodies. This may lead to excessive memory usage, degraded performance, or process crashes, resulting in a Denial of Service DoS. Any application using the JSON parser withou...

8.7CVSS6.9AI score0.00352EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/11 5:1 p.m.12 views

AzuraCast Vulnerable to Pre-Auth File Deletion & Admin RCE

An API endpoint that is intended for internal use by the SFTP software sftpgo was mistakenly exposed to the public-facing HTTP API for AzuraCast installations. This would allow a user with specific internal knowledge of a station's operations to craft a custom HTTP request that would affect the...

3.7CVSS6.6AI score0.00213EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/11 4:48 p.m.13 views

gardenctl is vulnerable to Command Injection when used with non‑POSIX shells

A security vulnerability was discovered in gardenctl when it is used with non‑POSIX shells such as Fish and PowerShell. Such setup could allow an attacker with administrative privileges for a Gardener project to craft malicious credential values in infrastructure Secret objects that break out of...

8.4CVSS7.9AI score0.00208EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/11 4:48 p.m.8 views

quic-go HTTP/3 QPACK Header Expansion DoS

Summary An attacker can cause excessive memory allocation in quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section many unique header names and/or large values. The implementation builds an http.Header used on th...

5.3CVSS6.9AI score0.00338EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/11 3:30 p.m.14 views

PowerJob has a server-side request forgery vulnerability in PingPongUtils.java

A vulnerability was identified in PowerJob up to 5.1.2. This vulnerability affects the function checkConnectivity of the file src/main/java/tech/powerjob/common/utils/net/PingPongUtils.java of the component Network Request Handler. The manipulation of the argument targetIp/targetPort leads to...

9.8CVSS6.3AI score0.00323EPSS
Exploits3References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/10 9:35 p.m.16 views

Improper Validation of Query Parameters in Auth0 Next.js SDK

Description An input-validation flaw in the returnTo parameter in the Auth0 Next.js SDK could allow attackers to inject unintended OAuth query parameters into the Auth0 authorization request. Successful exploitation may result in tokens being issued with unintended parameters Am I Affected? You a...

5.7CVSS6.8AI score0.0023EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/10 9:31 p.m.9 views

Race condition in the Okta Java SDK

Description In the Okta Java SDK, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. Affected product and versions You may be affected if you meet the...

8.4CVSS7AI score0.00185EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/10 9:31 p.m.23 views

1Panel contains a cross-site request forgery (CSRF) vulnerability in the panel name management functionality

1Panel versions 1.10.33 through 2.0.15 contain a cross-site request forgery CSRF vulnerability in the panel name management functionality. The affected endpoint does not implement CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that...

5.1CVSS7AI score0.00179EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/10 9:31 p.m.9 views

1Panel contains a cross-site request forgery (CSRF) vulnerability in the web port configuration functionality

1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery CSRF vulnerability in the web port configuration functionality. The port-change endpoint lacks CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that submits a...

7.1CVSS7AI score0.0015EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/10 9:31 p.m.11 views

Improper Request Caching Lookup in the Auth0 Next.js SDK

Description When using affected versions of the Next.js SDK, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. Am I Affected? You are affected if you meet the following preconditions: - Applications using the auth0/nextjs-aut...

5.4CVSS6.8AI score0.00178EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/10 9:30 p.m.23 views

Improper Memory Cleanup in the Okta Java SDK

Description In the Okta Java SDK, specific multithreaded implementations may encounter memory issues as threads are not properly cleaned up after requests are completed. Over time, this can degrade performance and availability in long-running applications and may result in a denial-of-service...

5.3CVSS6.9AI score0.00237EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/10 8:21 p.m.6 views

Pyrofork has a Path Traversal in download_media Method

Summary The downloadmedia method in Pyrofork does not sanitize filenames received from Telegram messages before using them in file path construction. This allows a remote attacker to write files to arbitrary locations on the filesystem by sending a specially crafted document with path traversal...

6.5CVSS7.7AI score0.00271EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/10 8:11 p.m.11 views

Formio improperly authorized permission elevation through specially crafted request path

Security Advisory: Unauthorized permission elevation through specially crafted request path Summary: A flaw in path handling could allow an attacker to access protected API endpoints by sending a crafted request path. This issue could result in unauthorized data disclosure under certain...

8.7CVSS6.4AI score0.00273EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/10 6:30 p.m.5 views

Algernon Cross-Site Scripting vulnerability

Cross-site Scripting vulnerability in Algernon v1.17.4 allows attackers to execute arbitrary code via injecting a crafted payload into a filename...

6.1CVSS7.1AI score0.00401EPSS
Exploits2References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/10 6:30 p.m.8 views

Jenkins Redpen - Pipeline Reporter for Jira Plugin has a path traversal vulnerability

Jenkins Redpen - Pipeline Reporter for Jira Plugin 1.054.v7b9517b6b202 and earlier does not correctly perform path validation of the workspace directory while uploading artifacts to Jira, allowing attackers with Item/Configure permission to retrieve files present on the Jenkins controller workspa...

4.3CVSS6.8AI score0.00301EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/10 6:30 p.m.73 views

Jenkins Coverage Plugin has a stored cross-site scripting (XSS) vulnerability

Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and earlier does not validate the configured coverage results ID when creating coverage results, only when submitting the job configuration through the UI, allowing attackers with Item/Configure permission to use a javascript: scheme URL as identifier ...

8CVSS6AI score0.00262EPSS
Exploits0References4Affected Software1
Total number of security vulnerabilities33312