Lucene search
K
GithubRecent

33367 matches found

Github Security Blog
Github Security Blog
added 2025/12/02 12:38 a.m.8 views

Grav Admin Plugin vulnerable to User Enumeration & Email Disclosure

Grav v1.7.49.5 / Admin v1.10.49.1 – User Enumeration & Email Disclosure Summary A user enumeration and email disclosure vulnerability exists in Grav v1.7.49.5 with Admin plugin v1.10.49.1. The "Forgot Password" functionality at /admin/forgot leaks information about valid usernames and their...

6.5CVSS6.6AI score0.00277EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/02 12:38 a.m.9 views

MCP Watch has a Critical Command Injection in cloneRepo allows Remote Code Execution (RCE) via malicious URL

Summary The MCPScanner class contains a critical Command Injection vulnerability in the cloneRepo method. The application passes the user-supplied githubUrl argument directly to a system shell via execSync without sanitization. This allows an attacker to execute arbitrary commands on the host...

9.8CVSS8.6AI score0.02004EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/02 12:37 a.m.7 views

Grav Admin Plugin is vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/accounts/groups/[group]` parameter `data[readableName]`

Summary A Stored Cross-Site Scripting XSS vulnerability was identified in the /admin/accounts/groups/Grupo endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts into the datareadableName parameter. The injected scripts are stored on the server and...

6.2CVSS5.5AI score0.00182EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/02 12:37 a.m.14 views

Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/pages/[page]` in Multiples parameters

Summary A Stored Cross-Site Scripting XSS vulnerability was identified in the /admin/pages/page endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts into the dataheadermetadata, dataheadertaxonomycategory, and dataheadertaxonomytag parameters. These...

6.2CVSS5.5AI score0.00182EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/02 12:37 a.m.10 views

Grav Exposes Password Hashes Leading to privilege escalation

Exposure of Password Hashes Leading to privilege escalation Severity Rating: Medium Vector: Privilege Escalation CVE: XXX CWE: 200 - Exposure of Sensitive Information CVSS Score: 6.2 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L Analysis It was observed that if a users is given read...

7.2CVSS7.3AI score0.00359EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/02 12:36 a.m.8 views

Grav is vulnerable to a DOS on the admin panel

DOS on the admin panel Severity Rating: Medium Vector: Denial Of Service CVE: XXX CWE: 400 - Uncontrolled Resource Consumption CVSS Score: 4.9 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Analysis A Denial of Service DoS vulnerability has been identified in the application related to...

4.9CVSS6.8AI score0.00339EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/02 12:36 a.m.8 views

Grav has Broken Access Control which allows an Editor to modify the page's YAML Frontmatter to alter form processing actions

Summary Due to a broken access control vulnerability in the /admin/pages/pagename endpoint, an editor user with full permissions to pages can change the functionality of a form after submission. Details Due to improper authorization checks when modifying critical fields on a POST request to...

9.6CVSS6.8AI score0.01252EPSS
Exploits4References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/02 12:36 a.m.8 views

Grav is vulnerable to Arbitrary File Read

Summary - A low privilege user account with page editing privilege can read any server files using "Frontmatter" form. - This includes Grav user account files - /grav/user/accounts/.yaml. This file stores hashed user password, 2FA secret, and the password reset token. - This can allow an adversar...

8.5CVSS6.9AI score0.00397EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/02 12:36 a.m.10 views

Grav is Vulnerable to Security Sandbox Bypass with SSTI (Server Side Template Injection)

Summary Grav CMS is vulnerable to a Server-Side Template Injection SSTI that allows any authenticated user with editor permissions to execute arbitrary code on the remote server, bypassing the existing security sandbox. Details Grav CMS uses a custom sandbox to protect the powerful Twig methods...

8.8CVSS9AI score0.00527EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/02 12:35 a.m.8 views

Grav vulnerable to Privilege Escalation in Grav Admin: Missing Username Uniqueness Check Allows Admin Account Takeover

Summary A privilege escalation vulnerability exists in Grav’s Admin plugin due to the absence of username uniqueness validation when creating users. A user with the create user permission can create a new account using the same username as an existing administrator account, set a new...

8.8CVSS7.1AI score0.00278EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/02 12:35 a.m.10 views

Keycloak has debug default bind address

A vulnerability exists in Keycloak's server distribution where enabling debug mode --debug insecurely defaults to binding the Java Debug Wire Protocol JDWP port to all network interfaces 0.0.0.0. This exposes the debug port to the local network, allowing an attacker on the same network segment to...

6.8CVSS7.9AI score0.00399EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/02 12:31 a.m.6 views

Snipe-IT allows stored XSS via the Locations "Country" field

Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to inject JavaScript that executes in another user's session...

5.4CVSS5.9AI score0.00161EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/02 12:29 a.m.7 views

maxminddb's `Reader::open_mmap` unsoundly marks unsafe memmap operation as safe

maxminddb prior to version 0.27 declared Reader::openmmap as safe despite wrapping an inherently unsafe memmap2 operation with no extra step done to guarantee safety. This could have led to undefined behaviour if the file were to be modified on disk while the memory map was still active...

6.8AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/02 12:27 a.m.17 views

Werkzeug safe_join() allows Windows special device names

Werkzeug's safejoin function allows path segments with Windows device names. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every directory. sendfromdirectory uses safejoin to safely serve files at user-specified paths under a director...

6.3CVSS6.8AI score0.00474EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/02 12:27 a.m.8 views

rtvm-interpreter lacks sufficient checks in public API

The affected function is unsound due to insufficient checks on public struct field...

6.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/01 9:30 p.m.7 views

Snipe-IT is vulnerable to stored cross-site scripting

Snipe-IT before 8.3.4 allows stored XSS, allowing a low-privileged authenticated user to inject JavaScript that executes in an administrator's session, enabling privilege escalation...

5.4CVSS6.7AI score0.00148EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/01 9:30 p.m.10 views

Mattermost fails to validate user permissions when deleting comments in Boards

Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to validate user permissions when deleting comments in Boards, which allows an authenticated user with the editor role to delete comments created by other users...

4.3CVSS6.8AI score0.00158EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2025/12/01 9:29 p.m.21 views

Better Auth affected by external request basePath modification DoS

Summary Affected versions of Better Auth allow an external request to configure baseURL when it isn’t defined through any other means. This can be abused to poison the router’s base path, causing all routes to return 404 for all users. This issue is only exploitable when baseURL is not explicitly...

7.2AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/01 8:44 p.m.18 views

Nodemailer’s addressparser is vulnerable to DoS caused by recursive calls

Summary A DoS can occur that immediately halts the system due to the use of an unsafe function. Details According to RFC 5322, nested group structures a group inside another group are not allowed. Therefore, in lib/addressparser/index.js, the email address parser performs flattening when nested...

7.5CVSS7.1AI score0.00409EPSS
Exploits1References7Affected Software2
Github Security Blog
Github Security Blog
added 2025/12/01 7:7 p.m.10 views

Spotipy has a XSS vulnerability in its OAuth callback server

Summary XSS vulnerability in OAuth callback server allows JavaScript injection through unsanitized error parameter. Attackers can execute arbitrary JavaScript in the user's browser during OAuth authentication. Details Vulnerable Code: spotipy/oauth2.py lines 1238-1274 RequestHandler.doGET The...

3.6CVSS6.1AI score0.00141EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/01 7:7 p.m.45 views

fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib

Summary The fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The vulnerability affects the main code path of fontTools.varLib, used by the fonttools varLib CLI and...

9.8CVSS8.3AI score0.00496EPSS
Exploits9References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/01 6:59 p.m.10 views

Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic

Impact CiliumNetworkPolicys which use egress.toGroups.aws.securityGroupsIds to reference AWS security group IDs that do not exist or are not attached to any network interface may unintentionally allow broader outbound access than intended by the policy authors. In such cases, the toCIDRset sectio...

5.5CVSS6.9AI score0.00161EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/01 6:59 p.m.10 views

XWiki Jetty Package (XJetty) allows accessing any application file through URL

Impact In an instance which is using the XWiki Jetty package XJetty, a context is exposed to statically access any file located in the webapp/ folder. It allows accessing files which might contains credentials, like http://myhots/webapps/xwiki/WEB-INF/xwiki.cfg,...

8.7CVSS7AI score0.01378EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/01 6:59 p.m.23 views

Withdrawn Advisory: express improperly controls modification of query properties

Withdrawn Advisory This advisory has been withdrawn because it describes a correctness bug, not a vulnerability with real security impact. This link is maintained to preserve external references. Original Description Impact when using the extended query parser in express 'query parser': 'extended...

6.7AI score0.00014EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/01 6:30 p.m.6 views

Apache Struts is Vulnerable to DoS via File Leak

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue...

7.5CVSS7AI score0.01456EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/01 3:30 p.m.10 views

FeehiCMS is vulnerable to reverse tabnabbing

Reverse Tabnabbing vulnerability in FeehiCMS 2.1.1 in the Comments Management function...

4.6CVSS7AI score0.00168EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/01 3:30 p.m.9 views

FeehiCMS is vulnerable to cross-site scripting via the id parameter of the User Update function

Cross Site Scripting XSS vulnerability in FeehiCMS 2.1.1 via the id parameter of the User Update function ?r=user%2Fupdate...

6.1CVSS6.1AI score0.00205EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/01 3:30 p.m.7 views

FeehiCMS fails to enforce server-side immutability

FeehiCMS version 2.1.1 fails to enforce server-side immutability for parameters that are presented to clients as "read-only." An authenticated attacker can intercept and modify the parameter in transit and the backend accepts the changes. This can lead to unintended username changes...

6.5CVSS6.8AI score0.0023EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/01 6:30 a.m.10 views

NutzBoot Incorrect Privilege Assignment vulnerability

A security vulnerability has been detected in nutzam NutzBoot up to 2.6.0-SNAPSHOT. This impacts an unknown function of the file nutzboot-demo/nutzboot-demo-simple/nutzboot-demo-simple-web3j/src/main/java/io/nutz/demo/simple/module/EthModule.java of the component Transaction API. The manipulation...

9.8CVSS6.6AI score0.00409EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/01 6:30 a.m.10 views

NutzBoot vulnerable to information disclosure

A security flaw has been discovered in nutzam NutzBoot up to 2.6.0-SNAPSHOT. The impacted element is an unknown function of the file nutzboot-demo/nutzboot-demo-simple/nutzboot-demo-simple-web3j/src/main/java/io/nutz/demo/simple/module/EthModule.java of the component Ethereum Wallet Handler...

5.3CVSS6.6AI score0.0023EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/01 6:30 a.m.9 views

NutzBoot vulnerable to deserialization

A weakness has been identified in nutzam NutzBoot up to 2.6.0-SNAPSHOT. This affects the function getInputStream of the file nutzcloud/nutzcloud-literpc/src/main/java/org/nutz/boot/starter/literpc/impl/endpoint/http/HttpServletRpcEndpoint.java of the component LiteRpc-Serializer. Executing...

6.3CVSS6.6AI score0.00317EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/30 9:30 a.m.7 views

yungifez Skuul School Management System vulnerable to XSS via SVG

A weakness has been identified in yungifez Skuul School Management System up to 2.6.5. This vulnerability affects unknown code of the file /dashboard/schools/1/edit of the component SVG File Handler. This manipulation causes cross site scripting. The attack is possible to be carried out remotely...

4.8CVSS5.8AI score0.00239EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/30 9:30 a.m.7 views

Skuul School Management System has a Sensitive Data Exposure Vulnerability in Uploaded Images

A security vulnerability has been detected in yungifez Skuul School Management System up to 2.6.5. This issue affects some unknown processing of the file /user/profile of the component Image Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The...

6.5CVSS6.2AI score0.00322EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/30 3:30 a.m.8 views

trytond does not enforce access rights for the route of the HTML editor.

Tryton trytond 6.0 before 7.6.11 does not enforce access rights for the route of the HTML editor. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70...

7.1CVSS6.7AI score0.00196EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/30 3:30 a.m.13 views

trytond does not enforce access rights for data export

Tryton trytond 6.0 before 7.6.11 does not enforce access rights for data export. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70...

6.5CVSS6.9AI score0.00208EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/30 3:30 a.m.6 views

Tryton sao allows XSS via an HTML attachment

Tryton sao aka tryton-sao before 7.6.9 allows XSS via an HTML attachment. This is fixed in 7.6.9, 7.4.19, 7.0.38, and 6.0.67...

5.4CVSS6.1AI score0.00144EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/30 3:30 a.m.8 views

Tryton sao allows XSS because it does not escape completion values

Tryton sao aka tryton-sao before 7.6.11 allows XSS because it does not escape completion values. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.69...

5.4CVSS6.3AI score0.00144EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/30 3:30 a.m.9 views

trytond allows remote attackers to obtain sensitive trace-back (server setup) information

Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back server setup information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70...

4.3CVSS6.8AI score0.00251EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/28 6:30 p.m.15 views

LZ4 Java Compression has Out-of-bounds memory operations which can cause DoS

Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input. This is fixed in a forked release: at.yawk.lz4:lz4-java version 1.8.1. The original project has been archived:...

8.8CVSS6.7AI score0.00647EPSS
Exploits0References6Affected Software4
Github Security Blog
Github Security Blog
added 2025/11/28 3:30 p.m.10 views

Duplicate Advisory: Keras keras.utils.get_file API is vulnerable to a path traversal attack

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hjqc-jx6g-rwp9. This link is maintained to preserve external references. Original Description Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.getfile function when extractin...

8CVSS7.6AI score0.00592EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/28 6:32 a.m.10 views

Mustangproject allows exfiltrating files via XXE attacks

Mustang before 2.16.3 allows exfiltrating files via XXE attacks...

2.8CVSS7AI score0.00108EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2025/11/28 6:32 a.m.7 views

Peppol-py is vulnerable to XXE attacks due to Saxon configuration

Peppol-py before 1.1.1 allows XXE attacks because of the Saxon configuration. When validating XML-based invoices, the XML parser could read files from the filesystem and expose their content to a remote host...

5CVSS6.9AI score0.00299EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/27 6:30 p.m.14 views

ThingsBoard allows an authenticated user to upload malicious SVG images

ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Gallery", leading to a Stored Cross-Site Scripting XSS vulnerability. The exploit can be triggered when any user accesses the public API endpoint of the malicious SVG images, or if t...

5.7AI score0.00033EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/27 6:30 p.m.8 views

Mattermost fails to to verify the token used during code exchange

Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to to verify that the token used during the code exchange originates from the same authentication flow, which allows an authenticated user to perform account takeover via a specially crafted email...

9.9CVSS7.3AI score0.0031EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2025/11/27 6:30 p.m.15 views

Mattermost fails to sanitize team email addresses

Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/channelid/commonteams endpoint...

4.3CVSS6.8AI score0.00187EPSS
Exploits0References9Affected Software2
Github Security Blog
Github Security Blog
added 2025/11/27 6:30 p.m.9 views

Mattermost fails to properly validate OAuth state tokens during OpenID Connect authentication

Mattermost versions 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12, 11.0.x = 11.0.3 fail to properly validate OAuth state tokens during OpenID Connect authentication which allows an authenticated attacker with team creation privileges to take over a user account via manipulation of...

9.9CVSS6.7AI score0.0031EPSS
Exploits0References9Affected Software2
Github Security Blog
Github Security Blog
added 2025/11/27 12:30 p.m.9 views

Apache SkyWalking has a stored XSS vulnerability

There is an Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache SkyWalking. This issue affects Apache SkyWalking versions = 10.2.0. Users are recommended to upgrade to version 10.3.0, which fixes the issue. Version 10.3.0 has not been uploaded to th...

6.1CVSS6.6AI score0.00625EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/27 12:30 p.m.10 views

pretix has Email Content Injection Through Maliciously Formatted Names

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. If the name of the attendee contained HTML or Markdown formatting, this was rendered as HTML i...

6.1CVSS5.4AI score0.00155EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/27 6:31 a.m.14 views

Validator is Vulnerable to Incomplete Filtering of One or More Instances of Special Elements

Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength function that does not take into account Unicode variation selectors \uFE0F, \uFE0E appearing in a sequence which lead to improper string length...

8.7CVSS7AI score0.00454EPSS
Exploits2References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/27 3:30 a.m.35 views

Ray's New Token Authentication is Disabled By Default

Anyscale Ray 2.52.0 contains an insecure default configuration in which token-based authentication for Ray management interfaces including the dashboard and Jobs API is disabled unless explicitly enabled by setting RAYAUTHMODE=token. In the default unauthenticated state, a remote attacker with...

8.2AI score0.00474EPSS
Exploits5References10Affected Software1
Total number of security vulnerabilities33367