Lucene search
K
GithubRecent

33367 matches found

Github Security Blog
Github Security Blog
added 2025/11/26 11:18 p.m.12 views

Angular is Vulnerable to XSRF Token Leakage via Protocol-Relative URLs in Angular HTTP Client

The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery XSRF token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol...

7.7CVSS6.9AI score0.00584EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/26 10:11 p.m.12 views

Better Auth's multi-session sign-out hook allows forged cookies to revoke arbitrary sessions

Summary A vulnerability was identified in the multi-session plugin for Better Auth, specifically in the /sign-out after-hook. The hook trusts raw multi-session cookies and forwards the extracted values directly to internalAdapter.deleteSessions without verifying the cookie signature. Because cook...

7AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/26 10:9 p.m.14 views

willitmerge has a Command Injection vulnerability

willitmerge describes itself as a command line tool to check if pull requests are mergeable. There is a Command Injection vulnerability in version [email protected]. Resources: Project's GitHub source code: https://github.com/shama/willitmerge/ Project's npm package:...

9.8CVSS7.4AI score0.02413EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/26 10:8 p.m.7 views

node-forge has ASN.1 Unbounded Recursion

Summary An Uncontrolled Recursion CWE-674 vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service DoS via stack exhaustion when parsing untrusted DER...

8.7CVSS6.9AI score0.00381EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/26 10:7 p.m.9 views

node-forge is vulnerable to ASN.1 OID Integer Truncation

Summary MITRE-Formatted CVE Description An Integer Overflow CWE-190 vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwis...

6.3CVSS6.8AI score0.00282EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/26 10:7 p.m.11 views

node-forge has an Interpretation Conflict vulnerability via its ASN.1 Validator Desynchronization

Summary CVE-2025-12816 has been reserved by CERT/CC Description An Interpretation Conflict CWE-436 vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may...

8.6CVSS6.9AI score0.00705EPSS
Exploits1References13Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/26 9:31 p.m.7 views

Overhang Tutor Discloses Sensitive Information due to Improper Cache-Control

An issue was discovered in Overhang.IO tutor-open-edx overhangio/tutor 20.0.2 allowing local unauthorized attackers to gain access to sensitive information due to the absence of proper cache-control HTTP headers and client-side session checks...

3.3CVSS6.6AI score0.00199EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/26 9:31 p.m.12 views

OpenStack's Mistral Client has a local file inclusion vulnerability

The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' feature that may result in disclosure of arbitrary local files content...

6.5CVSS6.7AI score0.00408EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/26 7:35 p.m.11 views

Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack

Summary Developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. Due to the longstanding decision by the Ray Development team to not implement any sort of authentication on critical endpoints, like the /api/jobs &...

9.4CVSS7.5AI score0.00345EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/26 7:33 p.m.8 views

Valibot has a ReDoS vulnerability in `EMOJI_REGEX`

Summary The EMOJIREGEX used in the emoji action is vulnerable to a Regular Expression Denial of Service ReDoS attack. A short, maliciously crafted string e.g., 100 characters can cause the regex engine to consume excessive CPU time minutes, leading to a Denial of Service DoS for the application...

7.5CVSS7.1AI score0.00296EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/26 7:33 p.m.7 views

OneUptime Unauthorized User Creation via API

Summary A low-permission user can create new accounts through a direct API request instead of being restricted to the intended interface. PoC A low-permission user sends a crafted API request to the user-creation endpoint and the system creates the account successfully. Impact This allows attacke...

8.8CVSS6.8AI score0.00275EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/26 9:31 a.m.11 views

Hive Metastore Server is vulnerable to SQL Injection

SQL injection vulnerability in Hive Metastore Server HMS when processing delete column statistics requests via the Thrift APIs. The vulnerability is only exploitable by trusted/authorized users/applications that are allowed to call directly the Thrift APIs. In most real-world deployments, HMS is...

5.4CVSS8.3AI score0.00343EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2025/11/26 9:31 a.m.9 views

Apache Druid’s Kerberos authenticator uses a weak fallback secret

Apache Druid’s Kerberos authenticator uses a weak fallback secret when the druid.auth.authenticator.kerberos.cookieSignatureSecret configuration is not explicitly set. In this case, the secret is generated using ThreadLocalRandom, which is not a crypto-graphically secure random number generator...

9.8CVSS7.1AI score0.00597EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/25 11:53 p.m.13 views

REDAXO CMS is vulnerable to Reflected XSS in Mediapool Info Banner via args[types]

Summary A reflected Cross-Site Scripting XSS vulnerability exists in the Mediapool view where the request parameter argstypes is rendered into an info banner without HTML-escaping. This allows arbitrary JavaScript execution in the backend context when an authenticated user visits a crafted link...

6.1CVSS5.8AI score0.00233EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/25 11:18 p.m.11 views

libnftnl has Heap-based Buffer Overflow in nftnl::Batch::with_page_size (nftnl-rs)

A heap-buffer-overflow vulnerability exists in the Rust wrapper for libnftnl, triggered via the nftnl::Batch::withpagesize constructor. When a small or malformed page size is provided, the underlying C code allocates an insufficient buffer, leading to out-of-bounds writes during batch...

7.3AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/25 10:55 p.m.7 views

OneUptime is Vulnerable to Privilege Escalation via Login Response Manipulation

Summary During the login process, the server response included a parameter called isMasterAdmin. By intercepting and modifying this parameter value from false to true, a user is able to gain access to the admin dashboard interface. However, despite accessing the admin panel, the user does not hav...

8.2CVSS7AI score0.0027EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/25 10:10 p.m.19 views

OWASP Java HTML Sanitizer is vulnerable to XSS via noscript tag and improper style tag sanitization

Summary It is observed that OWASP java html sanitizer is vulnerable to XSS if HtmlPolicyBuilder allows noscript and style tags with allowTextIn inside the style tag. This could lead to XSS if the payload is crafted in such a way that it does not sanitise the CSS and allows tags which is not...

8.6CVSS6.3AI score0.00231EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/25 9:42 p.m.9 views

Better Auth Passkey Plugin allows passkey deletion through IDOR

Summary Affected versions of the better-auth passkey plugin allow users with any valid session to delete arbitrary passkeys via their ID using POST /passkey/delete-passkey. Details ctx.body.id is implicitly trusted and used in passkey deletion queries. better-auth applications configured with...

6.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/25 9:32 p.m.15 views

OpenSearch is vulnerable to DoS via complex query_string inputs

A vulnerability in OpenSearch allows attackers to cause Denial of Service DoS by submitting complex querystring inputs. This issue affects all OpenSearch versions below 2.19.4 and versions 3.0.0 through 3.2.0...

8.3CVSS6.5AI score0.0048EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/25 8:48 p.m.6 views

Contao is vulnerable to cross-site scripting in templates

Impact It is possible to inject code into the template output that will be executed in the browser in the front end and back end. Patches Update to Contao 4.13.57, 5.3.42 or 5.6.5. Workarounds Do not use the affected templates or patch them manually. Refsources...

4.8CVSS7.1AI score0.00145EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/25 8:43 p.m.5 views

Contao is vulnerable to remote code execution in template closures

Impact Backend users with precise control over the contents of template closures can execute arbitrary PHP functions that do not have required parameters. Patches Update to Contao 4.13.57, 5.3.42 or 5.6.5 Workarounds Manually patch the Contao\Template::once method. Resources...

6.6CVSS7.4AI score0.00159EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/25 8:42 p.m.17 views

cggmp24 and cggmp21 are vulnerable to signature forgery through altered presignatures

Impact This attack is against presignatures used in very specific context: Presignatures + HD wallets derivation: security level reduces to 85 bits \ Previously users could generate a presignature, and then choose a HD derivation path while issuing a partial signature via...

8.2CVSS6.5AI score0.00185EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2025/11/25 8:41 p.m.10 views

cggmp21 has a missing check in the ZK proof used in CGGMP21

Impact cggmp21 concerns a missing check in the ZK proof that enables an attack in which a single malicious signer can reconstruct full private key. Patches cggmp21 v0.6.3 is a patch release that contains a fix that introduces this specific missing check However, cggmp21 recommends upgrading to...

9.3CVSS6.7AI score0.00166EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2025/11/25 8:40 p.m.10 views

VictoriaMetrics' Snappy Decoder DoS Vulnerability is Causing OOM

Impact Affected versions are vulnerable to DoS attacks because the snappy decoder ignored VictoriaMetrics request size limits allowing malformed blocks to trigger excessive memory use. This could lead to OOM errors and service instability. The fix enforces block-size checks based on MaxRequest...

2.7CVSS6.9AI score0.00305EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/25 8:39 p.m.8 views

Fugue is Vulnerable to Remote Code Execution by Pickle Deserialization via FlaskRPCServer

Summary The Fugue framework implements an RPC server system for distributed computing operations. In the core functionality of the RPC server implementation, I found that the decode function in fugue/rpc/flask.py directly uses cloudpickle.loads to deserialize data without any sanitization. This...

8.8CVSS8.7AI score0.00635EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/25 7:7 p.m.16 views

GeoServer is vulnerable to Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature

Description An XML External Entity XXE vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap. However, this input is not sufficiently sanitized or restricted, allowing an attacker to define external entities within the XML...

9.8CVSS7.2AI score0.67357EPSS
Exploits4References5Affected Software2
Github Security Blog
Github Security Blog
added 2025/11/25 6:41 p.m.9 views

GeoServer has a Reflected Cross-Site Scripting (XSS) vulnerability in its WMS GetFeatureInfo HTML format

Summary A reflected cross-site scripting XSS vulnerability exists in the WMS GetFeatureInfo HTML output format that enables a remote attacker to execute arbitrary JavaScript code in a victim's browser through specially crafted SLDBODY parameters. Details The WMS service setting that controls HTML...

6.1CVSS5.9AI score0.00258EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2025/11/25 6:32 p.m.14 views

REDAXO CMS is vulnerable to XSS through its module management component

A stored cross-site scripting XSS vulnerability in the module management component in REDAXO CMS 5.20.0 allows remote users to inject arbitrary web script or HTML via the Output code field in modules. The payload is executed when a user views or edits an article by adding slice that uses the...

4.8CVSS5.6AI score0.0027EPSS
Exploits2References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/25 6:32 p.m.11 views

REDAXO CMS is vulnerable to RCE attack through its template management component

A Remote Code Execution RCE vulnerability in the template management component in REDAXO CMS 5.20.0 allows remote authenticated administrators to execute arbitrary operating system commands by injecting PHP code into an active template. The payload is executed when visitors access frontend pages...

7.2CVSS8AI score0.00812EPSS
Exploits2References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/25 6:32 p.m.12 views

Duplicate Advisory: Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4hx9-48xh-5mxr. This link is maintained to preserve external references. Original Description A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm...

5.5CVSS6.3AI score0.00408EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/25 2:20 p.m.10 views

body-parser is vulnerable to denial of service when url encoding is used

Impact body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage...

6.9CVSS6.7AI score0.0035EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/25 2:18 p.m.8 views

Grype has a credential disclosure vulnerability in its JSON output

A credential disclosure vulnerability was found in Grype, affecting versions v0.68.0 through v0.104.0. If registry credentials are defined and the output of grype is written using the --file or --output json= option, the registry credentials will be included unsanitized in the output file. Impact...

8.2CVSS6.8AI score0.00133EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/24 11:35 p.m.7 views

OMERO.web uses jquery-form library, which may be vulnerable to XSS attack

Impact OMERO.web uses the jquery-form library throughout to handle form submission and response processing. Due to some unpatched potential vulnerabilities in jquery-form, OMERO.web 5.29.2 and earlier may be susceptible to XSS attacks. Patches User should upgrade OMERO.web to 5.29.3 or higher...

6.4AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/24 11:34 p.m.6 views

Babylon's BIP322 signature implementation is not fully compliant to the spec

Summary The BIP-322 signature verification does not enforce the SIGHASH value to be SIGHASHALL, and therefore is not strictly following the spec. Impact Non-compliant BIP-322 signatures in proof of possessions can be accepted by the chain...

6.9AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/24 11:32 p.m.6 views

Babylon's malformed vote extensions are not rejected

Summary Adversarial validators can send large vote extensions by using non-existing protobuf tags. This will result in the rejection of the subsequent block proposal. Eventually, all block proposals will be rejected by all validators. Impact A small group of adversarial validators can cause a cha...

6.9AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/24 11:31 p.m.7 views

LF Edge eKuiper is vulnerable to Arbitrary File Read/Write via unsanitized names and zip extraction

Summary Multiple path traversal and unsafe path handling vulnerabilities were discovered in eKuiper prior to the fixes implemented in PR lf-edge/ekuiper3911. The issues allow attacker-controlled input rule names, schema versions, plugin names, uploaded file names, and ZIP entries to influence fil...

7AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/24 10:42 p.m.14 views

pypdf's LZWDecode streams be manipulated to exhaust RAM

Impact An attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the LZWDecode filter. This is a follow up to GHSA-jfx9-29x2-rv3j to align the default limit with the one for zlib. Patche...

8.7CVSS6.8AI score0.0032EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/24 10:13 p.m.8 views

Formwork CMS has Stored Cross-Site Scripting Vulnerebility in Blog Tags

Summary Inserting unsanitized data into the blog tag field in Formwork CMS results in stored cross‑site scripting XSS. Any user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controlled script executed in their browser. Because the issue is...

6.5CVSS5.6AI score0.00178EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/24 9:52 p.m.10 views

Sentry's sensitive headers are leaked when `sendDefaultPii` is set to `true`

Impact In version 10.11.0, a change to how the SDK collects request data in Node.js applications caused certain incoming HTTP headers to be added as trace span attributes. When sendDefaultPii: true was set, a few headers that were previously redacted - including Authorization and Cookie - were...

5CVSS6.6AI score0.00305EPSS
Exploits0References9Affected Software12
Github Security Blog
Github Security Blog
added 2025/11/24 9:51 p.m.11 views

OpenBao is Vulnerable to Privileged Operator Identity Group Root Escalation

Impact Similar to HCSEC-2025-13 / CVE-2025-5999, a privileged operator could use the identity group subsystem to add a root policy to a group identity group, escalating their or another user's permissions in the system. Specifically this is an issue when: 1. An operator in the root namespace has...

7.5CVSS6.8AI score0.00322EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/24 8:5 p.m.15 views

new-api is vulnerable to SSRF Bypass

Summary A recently patched SSRF vulnerability contains a bypass method that can bypass the existing security fix and still allow SSRF to occur. Because the existing fix only applies security restrictions to the first URL request, a 302 redirect can bypass existing security measures and successful...

8.5CVSS6.9AI score0.00265EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/24 6:31 p.m.7 views

Keylime allows users to register new agents by recycling existing UUIDs when using different TPM devices

A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module TPM device but claiming an existing agent's unique identifier UUID. This action overwrites the legitimate agent's identity, enabling the...

8.2CVSS7.2AI score0.00388EPSS
Exploits0References15Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/24 6:31 p.m.8 views

Free5GC is vulnerable to DoS via the Nudm_SubscriberDataManagement API

An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via the NudmSubscriberDataManagement API...

6.5CVSS6.8AI score0.00319EPSS
Exploits0References14Affected Software2
Github Security Blog
Github Security Blog
added 2025/11/24 6:31 p.m.10 views

NSSF panic due to nil pointer dereference when expiry field is omitted in NSSAIAvailability POST

An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the NnssfNSSAIAvailability API...

7.5CVSS6.9AI score0.0031EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/24 6:31 p.m.9 views

Free5GC is vulnerable to DoS through its Npcf_BDTPolicyControl POST API

An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the NpcfBDTPolicyControl API...

6.5CVSS6.9AI score0.00209EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/24 3:30 p.m.7 views

Apache Syncope's AES encryption stores hard-coded passwords in internal database

Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option. When AES is configured, the default key value, hard-coded in the source code, is always used. This allows a malicious attacker, once obtained...

7.5CVSS6.8AI score0.00448EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/21 6:19 p.m.10 views

thread-amount Vulnerable to Resource Exhaustion (Memory and Handle Leaks) on Windows and macOS

Affected versions of this crate contain resource leaks when querying thread counts on Windows and Apple platforms. Windows The threadamount function calls CreateToolhelp32Snapshot but fails to close the returned HANDLE using CloseHandle. Repeated calls to this function will cause the handle count...

8.7CVSS6.3AI score0.00309EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/21 6:6 p.m.12 views

SpiceDB: LookupResources with Multiple Entrypoints across Different Definitions Can Return Incomplete Results

Impact If your schema includes the following characteristics: 1. You have a permission defined in terms of a union + 1. That union references the same relation on both sides, but one side arrows to a different permission Then you might have missing LookupResources results when checking the...

6.3CVSS5.6AI score0.00194EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/21 6:3 p.m.11 views

MLX has Wild Pointer Dereference in load_gguf()

Summary Segmentation fault in mlx::core::loadgguf when loading malicious GGUF files. Untrusted pointer from external gguflib library is dereferenced without validation, causing application crash. Environment: - OS: Ubuntu 20.04.6 LTS - Compiler: Clang 19.1.7 Vulnerability Location: mlx/io/gguf.cp...

7.5CVSS7.1AI score0.00336EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/21 6:2 p.m.9 views

MLX has heap-buffer-overflow in load()

Summary Heap buffer overflow in mlx::core::load when parsing malicious NumPy .npy files. Attacker-controlled file causes 13-byte out-of-bounds read, leading to crash or information disclosure. Environment: - OS: Ubuntu 20.04.6 LTS - Compiler: Clang 19.1.7 Vulnerability The parser reads a 118-byte...

9.1CVSS7.2AI score0.00467EPSS
Exploits1References6Affected Software1
Total number of security vulnerabilities33367