Lucene search
K
GithubRecent

33367 matches found

Github Security Blog
Github Security Blog
added 2025/12/08 10:20 p.m.9 views

ZITADEL Vulnerable to Account Takeover via DOM-Based XSS in Zitadel V2 Login

Summary A potential vulnerability exists in ZITADEL's logout endpoint in login V2. This endpoint accepts serval parameters including a postlogoutredirect. When this parameter is specified, users will be redirected to the site that is provided via this parameter. ZITADEL's login UI did not ensure...

8CVSS7.1AI score0.00265EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2025/12/08 10:19 p.m.10 views

ZITADEL Vulnerable to Account Takeover Due to Improper Instance Validation in V2 Login

Summary A potential vulnerability exists in ZITADEL's password reset mechanism in login V2. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset confirmation link. This link, containing a secret code, is then emailed to the...

9.3CVSS7.4AI score0.00322EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2025/12/08 10:19 p.m.9 views

ZITADEL Vulnerable to Unauthenticated Full-Read SSRF via V2 Login

Summary Zitadel is vulnerable to an unauthenticated, full-read SSRF vulnerability. An unauthenticated remote attacker can force Zitadel into making HTTP requests to arbitrary domains, including internal addresses. The server then returns the upstream response to the attacker, enabling data...

9.3CVSS7.1AI score0.0046EPSS
Exploits2References4Affected Software2
Github Security Blog
Github Security Blog
added 2025/12/08 10:18 p.m.6 views

Static Web Server vulnerable to a symbolic link path traversal

Summary Symbolic links symlinks could be used to access files or directories outside the intended web root folder. Details SWS generally does not prevent symlinks from escaping the web server’s root directory. Therefore, if a malicious actor gains access to the web server’s root directory, they...

8.6CVSS6.9AI score0.00362EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/08 10:16 p.m.13 views

@vitejs/plugin-rsc Remote Code Execution through unsafe dynamic imports in RSC server function APIs on development server

Summary Arbitrary Remote Code Execution on development server via unsafe dynamic imports in @vitejs/plugin-rsc server function APIs loadServerAction, decodeReply, decodeAction when integrated into RSC applications that expose server function endpoints. Impact Attackers with network access to the...

9.8CVSS7.9AI score0.00706EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/08 10:15 p.m.9 views

Csla affected by Remote Code Execution via WcfProxy (NetDataContractSerializer)

Impact Versions of CSLA .NET prior to version 6 allow the use of WcfProxy. WcfProxy uses the NetDataContractSerializer NDCS which has known vulnerabilities that can allow remote execution of code during deserialization. NDCS itself is considered obsolete, and you should avoid using WcfProxy or...

9.8CVSS7.4AI score0.00575EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/08 10:15 p.m.12 views

Critical Use-After-Free in Wasmi's Linear Memory

Summary A use-after-free vulnerability has been discovered in the linear memory implementation of Wasmi. This issue can be triggered by a WebAssembly module under certain memory growth conditions, potentially leading to memory corruption, information disclosure, or code execution. Impact -...

8.4CVSS7.3AI score0.00128EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/08 10:7 p.m.12 views

matrix-sdk-base denial of service via custom m.room.join_rules event values

The matrix-sdk-base crate is unable to handle responses that include custom m.room.joinrules values due to a serialization bug. This can be exploited to cause a denial-of-service condition, if a user is invited to a room with non-standard join rules, the crate's sync process will stall, preventin...

7.5CVSS6.7AI score0.00358EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/08 10:3 p.m.8 views

Ruby-saml allows a Libxml2 Canonicalization error to bypass Digest/Signature validation

Summary Ruby-saml up to and including 1.12.4, there is an authentication bypass vulnerability because of an issue at libxml2 canonicalization process used by Nokogiri for document transformation. That allows an attacker to be able to execute a Signature Wrapping attack. The vulnerability does not...

9.3CVSS7.3AI score0.00211EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/08 9:30 p.m.12 views

Ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)

Summary Ruby-saml up to and including 1.12.4, there is an authentication bypass vulnerability because of an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker...

9.3CVSS7.3AI score0.0039EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/08 9:30 p.m.8 views

NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content

Summary A Cross-Site Scripting XSS vulnerability exists in the ui.interactiveimage component of NiceGUI v3.3.1 and earlier. The component renders SVG content using Vue's v-html directive without any sanitization. This allows attackers to inject malicious HTML or JavaScript via the SVG tag. Detail...

6.1CVSS5.6AI score0.00232EPSS
Exploits2References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/08 9:30 p.m.12 views

Altcha Proof-of-Work obfuscation mode cryptanalytic break

A cryptanalytic break in Altcha Proof-of-Work obfuscation mode version 0.8.0 and later allows for remote visitors to recover the Proof-of-Work nonce in constant time via mathematical deduction...

9.1CVSS7AI score0.00192EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/08 9:30 p.m.8 views

NiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style Injection

Summary A Cross-Site Scripting XSS vulnerability exists in ui.addcss, ui.addscss, and ui.addsass functions in NiceGUI v3.3.1 and earlier. These functions allow developers to inject styles dynamically. However, they lack proper sanitization or encoding for the JavaScript context they generate. An...

6.1CVSS6AI score0.00232EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/08 9:30 p.m.14 views

n8n vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook

Impact The n8n Git node allows workflows to set arbitrary Git configuration values through the Add Config operation. When an attacker-controlled workflow sets core.hooksPath to a directory within the cloned repository containing a Git hook such as pre-commit, Git executes that hook during...

9.4CVSS6.8AI score0.00616EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/08 6:30 p.m.9 views

memos vulnerability allows the creation of arbitrary accounts

Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request...

7.5CVSS6.9AI score0.00223EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/08 6:30 p.m.11 views

memos lacks file name validation or verification

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal...

4.3CVSS7.1AI score0.00185EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/08 6:30 p.m.9 views

memos vulnerability allows arbitrarily modification or deletion registered identity providers

Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service DoS...

6.5CVSS6.9AI score0.00245EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/08 6:30 p.m.12 views

memos vulnerability allows arbitrarily reactions deletion

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos...

4.3CVSS6.9AI score0.00173EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/08 6:30 p.m.9 views

memos vulnerability allows arbitrarily modification or deletion of attachments

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users...

5.4CVSS6.9AI score0.00156EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/08 5:57 p.m.11 views

robrichards/xmlseclibs has an Libxml2 Canonicalization error which can bypass Digest/Signature validation

Summary An authentication bypass vulnerability exists due to a flaw in the libxml2 canonicalization process, which is used by xmlseclibs during document transformation. This weakness allows an attacker to generate a valid signature once and reuse it indefinitely. In practice, a signature created...

7.5CVSS7.1AI score0.00226EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/08 5:57 p.m.13 views

Fiber Utils UUIDv4 and UUID Silent Fallback to Predictable Values

Summary Critical security vulnerabilities exist in both the UUIDv4 and UUID functions of the github.com/gofiber/utils package. When the system's cryptographic random number generator crypto/rand fails, both functions silently fall back to returning predictable UUID values, the zero UUID...

9.8CVSS7.4AI score0.00409EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2025/12/08 5:56 p.m.9 views

1Panel IP Access Control Bypass via Untrusted X-Forwarded-For Headers

Summary The server trusts all reverse-proxy headers by default, so any remote client can spoof X-Forwarded-For to bypass IP-based protections AllowIPs, API IP whitelist, “localhost-only” checks. All IP-based access control becomes ineffective. Details - Gin is created with defaults gin.Default,...

6.5CVSS7AI score0.00204EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2025/12/08 5:56 p.m.20 views

1Panel – CAPTCHA Bypass via Client-Controlled Flag

Summary A CAPTCHA bypass vulnerability in the 1Panel authentication API allows an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA protections could be bypassed,...

7.5CVSS7.2AI score0.00405EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2025/12/08 4:43 p.m.13 views

Traefik Inverted TLS Verification Logic in ingress-nginx Provider

Impact There is a potential vulnerability in Traefik NGINX provider managing the nginx.ingress.kubernetes.io/proxy-ssl-verify annotation. The provider inverts the semantics of the nginx.ingress.kubernetes.io/proxy-ssl-verify annotation. Setting the annotation to "on" intending to enable backend T...

5.9CVSS6.9AI score0.00213EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/08 4:42 p.m.17 views

Path Normalization Bypass in Traefik Router + Middleware Rules

Impact There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path; if the request path contains an encoded restricted character from the followin...

6.9CVSS7AI score0.00344EPSS
Exploits1References5Affected Software3
Github Security Blog
Github Security Blog
added 2025/12/08 4:26 p.m.12 views

Astro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765

Authentication Bypass via Double URL Encoding in Astro Bypass for CVE-2025-64765 / GHSA-ggxq-hp9w-j794 --- Summary A double URL encoding bypass allows any unauthenticated attacker to bypass path-based authentication checks in Astro middleware, granting unauthorized access to protected routes. Whi...

6.9CVSS7.3AI score0.00481EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/08 4:25 p.m.23 views

Withdrawn Advisory: Emby Server API Vulnerability allowing to gain administrative access without precondition

Withdrawn Advisory This advisory has been withdrawn because it incorrectly listed MediaBrowser.Server.Core as vulnerable. CVE-2025-64113 affects Emby Server versions 4.9.1.80 and prior, and Emby Server Beta versions 4.9.2.6 and prior. Original Description Impact This vulnerability affects all Emb...

9.8CVSS7.7AI score0.00613EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/06 12:31 a.m.11 views

Langflow CORS misconfiguration enables Account Takeover and RCE

Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration alloworigins='' with allowcredentials=True combined with a refresh token cookie configured as SameSite=None allows a malicio...

9.4CVSS6.5AI score0.7889EPSS
Exploits3References12Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/05 10:2 p.m.11 views

Strimzi allows unrestricted access to all Secrets in the same Kubernetes namespace from Kafka Connect and MirrorMaker 2 operands

Impact In some situations, Strimzi creates an incorrect Kubernetes Role which grants the Apache Kafka Connect and Apache Kafka MirrorMaker 2 operands the GET access to all Kubernetes Secrets that exist in the given Kubernetes namespace. The exact scenario when this happens is when: Apache Kafka...

7.4CVSS7.1AI score0.00187EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/05 6:57 p.m.11 views

nitro-tpm-pcr-compute may allow kernel command line modification by an account operator

Summary Adding default PCR12 validation to ensure that account operators can not modify kernel command line parameters, potentially bypassing root filesystem integrity validation. Attestable AMIs are based on the systemd Unified Kernel Image UKI concept which uses systemd-boot to create a single...

7AI score
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/05 6:54 p.m.17 views

yawkat LZ4 Java has a possible information leak in Java safe decompressor

Summary Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the output buffer is reused without being cleared, this may lea...

8.2CVSS6.9AI score0.00562EPSS
Exploits0References4Affected Software4
Github Security Blog
Github Security Blog
added 2025/12/05 6:19 p.m.7 views

Sigstore Timestamp Authority allocates excessive memory during request parsing

Impact Excessive memory allocation Function api.ParseJSONRequest currently splits via a call to strings.Split an optionally-provided OID which is untrusted data on periods. Similarly, function api.getContentType splits the Content-Type header which is also untrusted data on an application string...

7.5CVSS6.9AI score0.00411EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/05 6:18 p.m.7 views

Fulcio allocates excessive memory during token parsing

Function identity.extractIssuerURL currently splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request with an invalid OIDC identity token in the payload containing many period characters, a call to extractIssuerURL incurs...

7.5CVSS6.9AI score0.00191EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/05 6:15 p.m.17 views

urllib3 streaming API improperly handles highly compressed data

Impact urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP...

8.9CVSS6.7AI score0.00633EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/05 6:15 p.m.14 views

urllib3 allows an unbounded number of links in the decompression chain

Impact urllib3 supports chained HTTP encoding algorithms for response content according to RFC 9110 e.g., Content-Encoding: gzip, zstd. However, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps...

8.9CVSS6.8AI score0.00633EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/05 6:14 p.m.12 views

Envoy's TLS certificate matcher for `match_typed_subject_alt_names` may incorrectly treat certificates containing an embedded null byte

Summary Envoy’s mTLS certificate matcher for matchtypedsubjectaltnames may incorrectly treat certificates containing an embedded null byte \0 inside an OTHERNAME SAN value as valid matches. Details This occurs when the SAN is encoded as a BMPSTRING or UNIVERSALSTRING, and its UTF-8 conversion...

7.1CVSS6.9AI score0.00164EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/05 6:12 p.m.9 views

Envoy forwards early CONNECT data in TCP proxy mode

Summary Forwarding of early CONNECT data in TCP proxy mode. Details Per RFC 7231-4.3.6 the sender of CONNECT and all inbound proxies switch to tunnel mode only after receiving 2xx response. However in TCP proxy mode, Envoy accepts client data before it has issued a 2xx response and eagerly proxie...

5.3CVSS6.6AI score0.00282EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/05 6:12 p.m.7 views

Envoy crashes when JWT authentication is configured with the remote JWKS fetching

Summary Envoy crashes when JWT authentication is configured with the remote JWKS fetching, allowmissingorfailed is enabled, multiple JWT tokens are present in the request headers and the JWKS fetch fails. Details This is caused by a re-entry bug in the JwksFetcherImpl. When the first token's JWKS...

6.5CVSS7.2AI score0.00497EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/04 10:3 p.m.9 views

Open WebUI Vulnerable to Stored DOM XSS via Note 'Download PDF'

Summary A Stored XSS vulnerability has been discovered in Open-WebUI's Notes PDF download functionality. An attacker can import a Markdown file containing malicious SVG tags into Notes, allowing them to execute arbitrary JavaScript code and steal session tokens when a victim downloads the note as...

8.7CVSS5.9AI score0.002EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/04 10:3 p.m.18 views

Open WebUI vulnerable to Server-Side Request Forgery (SSRF) via Arbitrary URL Processing in /api/v1/retrieval/process/web

Summary A Server-Side Request Forgery SSRF vulnerability in Open WebUI allows any authenticated user to force the server to make HTTP requests to arbitrary URLs. This can be exploited to access cloud metadata endpoints AWS/GCP/Azure, scan internal networks, access internal services behind...

8.5CVSS7.1AI score0.04117EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/04 9:31 p.m.7 views

Logrus is vulnerable to DoS when using Entry.Writer()

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving...

7.5CVSS6.7AI score0.00585EPSS
Exploits1References11Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/04 6:30 p.m.13 views

Apache Tika has XXE vulnerability

Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers 1.13-1.28.5 modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988...

9.8CVSS7.2AI score0.79807EPSS
Exploits5References4Affected Software3
Github Security Blog
Github Security Blog
added 2025/12/04 6:30 p.m.7 views

ComposioHQ has a directory traversal vulnerability

Directory Traversal vulnerability in ComposioHQ v.0.7.20 allows a remote attacker to obtain sensitive information via the downloadfileordir function...

7.5CVSS6.7AI score0.00822EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/04 6:30 p.m.8 views

open-webui is Vulnerable to Incorrect Access Control

open-webui v0.6.33 is vulnerable to Incorrect Access Control. The API /api/tasks/stop/ directly accesses and cancels tasks without verifying user ownership, enabling attackers a normal user to stop arbitrary LLM response tasks...

4.3CVSS7.1AI score0.00263EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/04 5:24 p.m.12 views

libcrux incorrectly calculates on aarch64

On platforms without the core::arch::aarch64::vxarqu64 intrinsic, an unverified fallback in libcrux-intrinsics v0.0.3 passed incorrect arguments and produced wrong results. This corrupted SHA-3 digests and caused libcrux-ml-kem and libcrux-ml-dsa to sample incorrectly, yielding incorrect shared...

7AI score
Exploits0References5Affected Software3
Github Security Blog
Github Security Blog
added 2025/12/04 4:57 p.m.9 views

Central Dogma's Login Function Has an Open Redirect Vulnerability

Impact Successful exploitation of this vulnerability could allow an attacker to craft a malicious link that, when clicked by a victim, redirects them to a phishing website designed to mimic the legitimate Central Dogma login page. This could result in the compromise of user accounts and...

6.1CVSS6.9AI score0.00146EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/04 4:55 p.m.6 views

Anthropic Sandbox Runtime Incorrectly Implemented Network Sandboxing

Due to a bug in sandboxing logic, sandbox-runtime did not properly enforce a network sandbox if the sandbox policy did not configure any allowed domains. This could allow sandboxed code to make network requests outside of the sandbox. A patch for this was released in v0.0.16. Thank you to...

1.8CVSS7.2AI score0.00142EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/04 4:54 p.m.14 views

auth0/node-jws Improperly Verifies HMAC Signature

Overview An improper signature verification vulnerability exists when using auth0/node-jws with the HS256 algorithm under specific conditions. Am I Affected? You are affected by this vulnerability if you meet all of the following preconditions: 1. Application uses the auth0/node-jws implementatio...

7.5CVSS6.9AI score0.002EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/04 3:30 p.m.9 views

alexusmai laravel-file-manager is vulnerable to Directory Traversal via the unzip/extraction functionality

alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths...

9.1CVSS7AI score0.00894EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/04 12:31 p.m.6 views

Ansible Community General Collection is vulnerable to exposure of sensitive information

A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure IE of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and...

5.5CVSS6.4AI score0.00117EPSS
Exploits0References7Affected Software1
Total number of security vulnerabilities33367