33332 matches found
Neuron MySQLWriteTool allows arbitrary/destructive SQL when exposed to untrusted prompts (agent “footgun”)
Impact MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare + execute without semantic restrictions. This is consistent with the name “write tool”, but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause...
Neuron MySQLSelectTool “read-only” bypass via `SELECT ... INTO OUTFILE` (file write → potential RCE)
Impact MySQLSelectTool is intended to be a read-only SQL tool e.g., for LLM agent querying. However, validation based on the first keyword e.g., SELECT and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can...
Filament multi-factor authentication (app) recovery codes can be used multiple times
A flaw in the handling of recovery codes for app-based multi-factor authentication allows the same recovery code to be reused indefinitely. This issue does not affect email-based MFA. It also only applies when recovery codes are enabled. If an attacker gains access to both the user's password and...
CNA Plugins Portmap nftables backend can intercept non-local traffic
Background The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. For example, if a host has the IP 198.51.100.42, a container may request that all packets to 198.51.100.42:53 be forwarded to the container's network. Vulnerability When t...
SiYuan vulnerable to RCE via zip slip and Command Injection via PandocBin
Summary Siyuan is vulnerable to RCE. The issue stems from a "Zip Slip" vulnerability during zip file extraction, combined with the ability to overwrite system executables and subsequently trigger their execution. Steps to reproduce 1. Authenticate 2. Create zip slip payload with path traversal...
SiYuan: ZipSlip -> Arbitrary File Overwrite -> RCE
Summary Function importZipMd is vulnerable to ZipSlip which allows an authenticated user to overwrite files on the system. Details An authenticated user with access to the import functionality in notes is able to overwrite any file on the system, the vulnerable function is importZipMd, this can...
HTTP/HTTPS Traffic Interception Bypass in mad-proxy
A vulnerability in mad-proxy versions = 0.3 allows attackers to bypass HTTP/HTTPS traffic interception rules, potentially exposing sensitive traffic...
RCE via ZipSlip and symbolic links in argoproj/argo-workflows
Summary The patch deployed against CVE-2025-62156 is ineffective against malicious archives containing symbolic links. Details The untar code that handles symbolic links in archives is unsafe. Concretely, the computation of the link's target and the subsequent check are flawed:...
Umbraco Vulnerable to Improper File Access and Credential Exposure in Dictionary Import Functionality
Impact Due to unsafe handling and deletion of temporary files during the dictionary upload process, an attacker with access to the backoffice can trigger predictable requests to temporary file paths. The application’s error responses HTTP 500 when a file exists, 404 when it does not allow the...
Elysia affected by arbitrary code injection through cookie config
Arbitrary code execution from cookie config. If dynamic cookies are enabled ie there exists a schema for cookies, the cookie config is injected into the compiled route without first being sanitised. Availability of this exploit is generally low, as it requires write access to either the Elysia...
Elysia vulnerable to prototype pollution with multiple standalone schema validation
Prototype pollution vulnerability in mergeDeep after merging results of two standard schema validations with the same key. Due to the ordering of merging, there must be an any type that is set as a standalone guard, to allow for the proto prop to be merged. When combined with GHSA-8vch-m3f4-q8jf...
Open Redirect Vulnerability in Taguette
Summary An Open Redirect vulnerability exists in Taguette that allows attackers to craft malicious URLs that redirect users to arbitrary external websites after authentication. This can be exploited for phishing attacks where victims believe they are interacting with a trusted Taguette instance b...
NiceGUI has a path traversal in app.add_media_files() allows arbitrary file read
Summary A directory traversal vulnerability in NiceGUI's App.addmediafiles allows a remote attacker to read arbitrary files on the server filesystem. Details Hello, I am Seungbin Yang, a university student studying cybersecurity. While reviewing the source code of the repository, I discovered a...
Babylon Incorrect FP inactive accounting in costaking creates “phantom stake” that earns rewards after BTC unbond
Summary A state consistency bug in x/costaking can leave a BTC delegator with non-zero ActiveSatoshis Phatom Stake even after they have fully unbonded their BTC delegation, if their Finality Provider FP drops out of the active set in the exact same babylon block height. This creates a “phantom...
Babylon Nil BlockHash in BLS vote extensions triggers panics in consensus handlers
Summary A vulnerability exists in Babylon’s BLS vote extension processing where a malicious active validator can submit a VoteExtension with the blockhash field omitted from the protobuf serialization. Because protobuf fields are optional, unmarshalling succeeds but leaves BlockHash as nil. Babyl...
ZITADEL Vulnerable to Account Takeover via DOM-Based XSS in Zitadel V2 Login
Summary A potential vulnerability exists in ZITADEL's logout endpoint in login V2. This endpoint accepts serval parameters including a postlogoutredirect. When this parameter is specified, users will be redirected to the site that is provided via this parameter. ZITADEL's login UI did not ensure...
ZITADEL Vulnerable to Account Takeover Due to Improper Instance Validation in V2 Login
Summary A potential vulnerability exists in ZITADEL's password reset mechanism in login V2. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset confirmation link. This link, containing a secret code, is then emailed to the...
ZITADEL Vulnerable to Unauthenticated Full-Read SSRF via V2 Login
Summary Zitadel is vulnerable to an unauthenticated, full-read SSRF vulnerability. An unauthenticated remote attacker can force Zitadel into making HTTP requests to arbitrary domains, including internal addresses. The server then returns the upstream response to the attacker, enabling data...
Static Web Server vulnerable to a symbolic link path traversal
Summary Symbolic links symlinks could be used to access files or directories outside the intended web root folder. Details SWS generally does not prevent symlinks from escaping the web server’s root directory. Therefore, if a malicious actor gains access to the web server’s root directory, they...
@vitejs/plugin-rsc Remote Code Execution through unsafe dynamic imports in RSC server function APIs on development server
Summary Arbitrary Remote Code Execution on development server via unsafe dynamic imports in @vitejs/plugin-rsc server function APIs loadServerAction, decodeReply, decodeAction when integrated into RSC applications that expose server function endpoints. Impact Attackers with network access to the...
Csla affected by Remote Code Execution via WcfProxy (NetDataContractSerializer)
Impact Versions of CSLA .NET prior to version 6 allow the use of WcfProxy. WcfProxy uses the NetDataContractSerializer NDCS which has known vulnerabilities that can allow remote execution of code during deserialization. NDCS itself is considered obsolete, and you should avoid using WcfProxy or...
Critical Use-After-Free in Wasmi's Linear Memory
Summary A use-after-free vulnerability has been discovered in the linear memory implementation of Wasmi. This issue can be triggered by a WebAssembly module under certain memory growth conditions, potentially leading to memory corruption, information disclosure, or code execution. Impact -...
matrix-sdk-base denial of service via custom m.room.join_rules event values
The matrix-sdk-base crate is unable to handle responses that include custom m.room.joinrules values due to a serialization bug. This can be exploited to cause a denial-of-service condition, if a user is invited to a room with non-standard join rules, the crate's sync process will stall, preventin...
Ruby-saml allows a Libxml2 Canonicalization error to bypass Digest/Signature validation
Summary Ruby-saml up to and including 1.12.4, there is an authentication bypass vulnerability because of an issue at libxml2 canonicalization process used by Nokogiri for document transformation. That allows an attacker to be able to execute a Signature Wrapping attack. The vulnerability does not...
Ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)
Summary Ruby-saml up to and including 1.12.4, there is an authentication bypass vulnerability because of an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker...
NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content
Summary A Cross-Site Scripting XSS vulnerability exists in the ui.interactiveimage component of NiceGUI v3.3.1 and earlier. The component renders SVG content using Vue's v-html directive without any sanitization. This allows attackers to inject malicious HTML or JavaScript via the SVG tag. Detail...
Altcha Proof-of-Work obfuscation mode cryptanalytic break
A cryptanalytic break in Altcha Proof-of-Work obfuscation mode version 0.8.0 and later allows for remote visitors to recover the Proof-of-Work nonce in constant time via mathematical deduction...
NiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style Injection
Summary A Cross-Site Scripting XSS vulnerability exists in ui.addcss, ui.addscss, and ui.addsass functions in NiceGUI v3.3.1 and earlier. These functions allow developers to inject styles dynamically. However, they lack proper sanitization or encoding for the JavaScript context they generate. An...
n8n vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook
Impact The n8n Git node allows workflows to set arbitrary Git configuration values through the Add Config operation. When an attacker-controlled workflow sets core.hooksPath to a directory within the cloned repository containing a Git hook such as pre-commit, Git executes that hook during...
memos vulnerability allows the creation of arbitrary accounts
Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request...
memos vulnerability allows arbitrarily modification or deletion registered identity providers
Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service DoS...
memos lacks file name validation or verification
A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal...
memos vulnerability allows arbitrarily modification or deletion of attachments
Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users...
memos vulnerability allows arbitrarily reactions deletion
Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos...
robrichards/xmlseclibs has an Libxml2 Canonicalization error which can bypass Digest/Signature validation
Summary An authentication bypass vulnerability exists due to a flaw in the libxml2 canonicalization process, which is used by xmlseclibs during document transformation. This weakness allows an attacker to generate a valid signature once and reuse it indefinitely. In practice, a signature created...
Fiber Utils UUIDv4 and UUID Silent Fallback to Predictable Values
Summary Critical security vulnerabilities exist in both the UUIDv4 and UUID functions of the github.com/gofiber/utils package. When the system's cryptographic random number generator crypto/rand fails, both functions silently fall back to returning predictable UUID values, the zero UUID...
1Panel IP Access Control Bypass via Untrusted X-Forwarded-For Headers
Summary The server trusts all reverse-proxy headers by default, so any remote client can spoof X-Forwarded-For to bypass IP-based protections AllowIPs, API IP whitelist, “localhost-only” checks. All IP-based access control becomes ineffective. Details - Gin is created with defaults gin.Default,...
1Panel – CAPTCHA Bypass via Client-Controlled Flag
Summary A CAPTCHA bypass vulnerability in the 1Panel authentication API allows an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA protections could be bypassed,...
Traefik Inverted TLS Verification Logic in ingress-nginx Provider
Impact There is a potential vulnerability in Traefik NGINX provider managing the nginx.ingress.kubernetes.io/proxy-ssl-verify annotation. The provider inverts the semantics of the nginx.ingress.kubernetes.io/proxy-ssl-verify annotation. Setting the annotation to "on" intending to enable backend T...
Path Normalization Bypass in Traefik Router + Middleware Rules
Impact There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path; if the request path contains an encoded restricted character from the followin...
Astro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765
Authentication Bypass via Double URL Encoding in Astro Bypass for CVE-2025-64765 / GHSA-ggxq-hp9w-j794 --- Summary A double URL encoding bypass allows any unauthenticated attacker to bypass path-based authentication checks in Astro middleware, granting unauthorized access to protected routes. Whi...
Withdrawn Advisory: Emby Server API Vulnerability allowing to gain administrative access without precondition
Withdrawn Advisory This advisory has been withdrawn because it incorrectly listed MediaBrowser.Server.Core as vulnerable. CVE-2025-64113 affects Emby Server versions 4.9.1.80 and prior, and Emby Server Beta versions 4.9.2.6 and prior. Original Description Impact This vulnerability affects all Emb...
Langflow CORS misconfiguration enables Account Takeover and RCE
Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration alloworigins='' with allowcredentials=True combined with a refresh token cookie configured as SameSite=None allows a malicio...
Strimzi allows unrestricted access to all Secrets in the same Kubernetes namespace from Kafka Connect and MirrorMaker 2 operands
Impact In some situations, Strimzi creates an incorrect Kubernetes Role which grants the Apache Kafka Connect and Apache Kafka MirrorMaker 2 operands the GET access to all Kubernetes Secrets that exist in the given Kubernetes namespace. The exact scenario when this happens is when: Apache Kafka...
nitro-tpm-pcr-compute may allow kernel command line modification by an account operator
Summary Adding default PCR12 validation to ensure that account operators can not modify kernel command line parameters, potentially bypassing root filesystem integrity validation. Attestable AMIs are based on the systemd Unified Kernel Image UKI concept which uses systemd-boot to create a single...
yawkat LZ4 Java has a possible information leak in Java safe decompressor
Summary Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the output buffer is reused without being cleared, this may lea...
Sigstore Timestamp Authority allocates excessive memory during request parsing
Impact Excessive memory allocation Function api.ParseJSONRequest currently splits via a call to strings.Split an optionally-provided OID which is untrusted data on periods. Similarly, function api.getContentType splits the Content-Type header which is also untrusted data on an application string...
Fulcio allocates excessive memory during token parsing
Function identity.extractIssuerURL currently splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request with an invalid OIDC identity token in the payload containing many period characters, a call to extractIssuerURL incurs...
urllib3 streaming API improperly handles highly compressed data
Impact urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP...
urllib3 allows an unbounded number of links in the decompression chain
Impact urllib3 supports chained HTTP encoding algorithms for response content according to RFC 9110 e.g., Content-Encoding: gzip, zstd. However, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps...