Lucene search
+L
GithubRecent

33367 matches found

github
github
added 2025/11/21 3:31 p.m.15 views

Grafana Incorrect Privilege Assignment vulnerability

SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing automated user lifecycle management. In Grafana versions 12.x where SCIM provisioning is enabled and configured, a vulnerability in user...

10CVSS6.8AI score0.17653EPSS
Exploits1References8Affected Software1
github
github
added 2025/11/21 3:31 p.m.11 views

Vault’s Terraform Provider incorrectly set default deny_null_bind parameter for LDAP auth method to false by default

Vault’s Terraform Provider incorrectly set the default denynullbind parameter for the LDAP auth method to false by default, potentially resulting in an insecure configuration. If the underlying LDAP server allowed anonymous or unauthenticated binds, this could result in authentication bypass. Thi...

9.8CVSS7.1AI score0.00503EPSS
Exploits0References6Affected Software1
github
github
added 2025/11/20 10:48 p.m.32 views

OpenFGA Improper Policy Enforcement

Overview OpenFGA v1.4.0 to v1.11.0 openfga-0.1.34 = Helm chart = openfga-0.2.48, v.1.4.0 = docker = v.1.11.0 are vulnerable to improper policy enforcement when certain Check and ListObject calls are executed. Am I Affected? You are affected by this vulnerability if you meet the following...

8.8CVSS6.9AI score0.00261EPSS
Exploits0References4Affected Software1
github
github
added 2025/11/20 9:57 p.m.8 views

Minder does not sandbox http.send in Rego programs

Impact Minder users may fetch content in the context of the Minder server, which may include URLs which the user would not normally have access to for example, if the Minder server is behind a firewall or other network partition. Patches...

6.8AI score
Exploits0References3Affected Software1
github
github
added 2025/11/20 9:30 p.m.22 views

Clerk-js vulnerable to bypass of OAuth authentication flow by manipulating request at OTP verification stage

An issue was discovered in Clerk-js 5.88.0 allowing attackers to bypass the OAuth authentication flow by manipulating the request at the OTP verification stage...

7.2AI score0.00095EPSS
Exploits0References4Affected Software1
github
github
added 2025/11/20 9:29 p.m.9 views

authkit-nextjs may let session cookies be cached in CDNs

In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enabled, this can result in session tokens being included in cached responses and subsequently served to multiple users. Next.js applications...

9.3CVSS6.8AI score0.00342EPSS
Exploits0References5Affected Software1
github
github
added 2025/11/20 9:28 p.m.21 views

@anthropic-ai/claude-code has Sed Command Validation Bypass that Allows Arbitrary File Writes

Due to an error in sed command parsing, it was possible to bypass the Claude Code read-only validation and write to arbitrary files on the host system. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the...

9.8CVSS7.5AI score0.00403EPSS
Exploits0References3Affected Software1
github
github
added 2025/11/20 9:26 p.m.10 views

vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`

Summary The /v1/chat/completions and /tokenize endpoints allow a chattemplatekwargs request parameter that is used in the code before it is properly validated against the chat template. With the right chattemplatekwargs parameters, it is possible to block processing of the API server for long...

6.5CVSS6.8AI score0.00326EPSS
Exploits0References7Affected Software1
github
github
added 2025/11/20 9:23 p.m.11 views

vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs

Summary Users can crash the vLLM engine serving multimodal models by passing multimodal embedding inputs with correct ndim but incorrect shape e.g. hidden dimension is wrong, regardless of whether the model is intended to support such inputs as defined in the Supported Models page. The issue has...

8.3CVSS6.8AI score0.00338EPSS
Exploits0References6Affected Software1
github
github
added 2025/11/20 8:59 p.m.12 views

vLLM deserialization vulnerability leading to DoS and potential RCE

Summary A memory corruption vulnerability that leading to a crash denial-of-service and potentially remote code execution RCE exists in vLLM versions 0.10.2 and later, in the Completions API endpoint. When processing user-supplied prompt embeddings, the endpoint loads serialized tensors using...

8.8CVSS8.3AI score0.00849EPSS
Exploits0References5Affected Software1
github
github
added 2025/11/20 6:31 p.m.9 views

Snipe-IT has Cross-site Scripting vulnerability in CSV import workflow

Snipe-IT v8.3.4 build 20218 contains a reflected cross-site scripting XSS vulnerability in the CSV Import workflow. When an invalid CSV file is uploaded, the application returns a progressmessage value that is rendered as raw HTML in the admin interface. An attacker can intercept and modify the...

6.1CVSS5.7AI score0.0022EPSS
Exploits2References4Affected Software1
github
github
added 2025/11/20 6:31 p.m.12 views

zx Uses Incorrectly-Resolved Name or Reference

When zx is invoked with --prefer-local=, the CLI creates a symlink named ./nodemodules pointing to /nodemodules. Due to a logic error in src/cli.ts linkNodeModules / cleanup, the function returns the target path instead of the alias symlink path. The later cleanup routine removes what it received...

8.3CVSS6.9AI score0.0008EPSS
Exploits0References7Affected Software1
github
github
added 2025/11/20 6:31 p.m.8 views

OSV-SCALIBR has NULL Pointer Dereference

A bug in the filesystem traversal fallback path causes fs/diriterate/diriterate.go:Next to overindex an empty slice when ReadDir returns nil for an empty directory, resulting in a panic index out of range and an application crash denial of service in OSV-SCALIBR...

4.8CVSS6.9AI score0.00097EPSS
Exploits0References3Affected Software1
github
github
added 2025/11/20 5:48 p.m.17 views

md-to-pdf vulnerable to arbitrary JavaScript code execution when parsing front matter

Summary A Markdown front-matter block that contains JavaScript delimiter causes the JS engine in gray-matter library to execute arbitrary code in the Markdown to PDF converter process of md-to-pdf library, resulting in remote code execution. Details md-to-pdf uses the gray-matter library to parse...

10CVSS8.8AI score0.00916EPSS
Exploits0References4Affected Software1
github
github
added 2025/11/20 5:42 p.m.10 views

LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templates

Context A template injection vulnerability exists in LangChain's prompt template system that allows attackers to access Python object internals through template syntax. This vulnerability affects applications that accept untrusted template strings not just template variables in ChatPromptTemplate...

8.3CVSS6.8AI score0.00476EPSS
Exploits0References5Affected Software1
github
github
added 2025/11/20 5:36 p.m.44 views

@hpke/core reuses AEAD nonces

Summary The public SenderContext Seal API has a race condition which allows for the same AEAD nonce to be re-used for multiple Seal calls. This can lead to complete loss of Confidentiality and Integrity of the produced messages. Details The SenderContext Seal implementation allows for concurrent...

9.1CVSS7AI score0.00193EPSS
Exploits0References5Affected Software1
github
github
added 2025/11/20 3:30 p.m.11 views

phppgadmin contains a SQL injection vulnerability

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. The application passes user-controlled input from $REQUEST'query' directly to the browseQuery function without proper sanitization. An authenticated attacker can exploit this vulnerability to execute...

6.5CVSS8.4AI score0.00256EPSS
Exploits0References5Affected Software1
github
github
added 2025/11/20 3:30 p.m.13 views

phppgadmin contains an incorrect access control vulnerability

phpPgAdmin 7.13.0 and earlier contains an incorrect access control vulnerability in sql.php at lines 68-76. The application allows unauthorized manipulation of session variables by accepting user-controlled parameters 'subject', 'server', 'database', 'queryid' without proper validation or access...

6.1CVSS7.1AI score0.00195EPSS
Exploits0References4Affected Software1
github
github
added 2025/11/20 3:30 p.m.10 views

@perfood/couch-auth may expose session tokens, passwords

Session tokens and passwords in couch-auth 0.21.2 are stored in JavaScript objects and remain in memory without explicit clearing in src/user.ts lines 700-707. This creates a window of opportunity for sensitive data extraction through memory dumps, debugging tools, or other memory access...

6.5CVSS6.8AI score0.00186EPSS
Exploits0References5Affected Software1
github
github
added 2025/11/20 3:30 p.m.8 views

phppgadmin vulnerable to Cross-site Scripting

phpPgAdmin versions 7.13.0 and earlier contain multiple cross-site scripting XSS vulnerabilities across various components. User-supplied inputs from $REQUEST parameters are reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php...

6.1CVSS6.4AI score0.00203EPSS
Exploits0References6Affected Software1
github
github
added 2025/11/20 3:30 p.m.9 views

phppgadmin contains a SQL injection vulnerability

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. The application directly executes user-supplied SQL queries from the $REQUEST'query' parameter without any sanitization or parameterization via $data-conn-Execute$REQUEST'query'. An authenticated...

6.5CVSS8.3AI score0.00238EPSS
Exploits0References4Affected Software1
github
github
added 2025/11/20 3:30 p.m.10 views

Resty has a Path Traversal vulnerability

A security vulnerability has been detected in Dreampie Resty versions up to the 1.3.1.SNAPSHOT. This affects the function Request of the file /resty-httpclient/src/main/java/cn/dreampie/client/HttpClient.java of the component HttpClient Module. Such manipulation of the argument filename leads to...

8.1CVSS6.5AI score0.00658EPSS
Exploits1References6Affected Software1
github
github
added 2025/11/19 11:16 p.m.11 views

golang.org/x/crypto/ssh/agent vulnerable to panic if message is malformed due to out of bounds read

SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read...

5.3CVSS7AI score0.00484EPSS
Exploits0References6Affected Software1
github
github
added 2025/11/19 11:1 p.m.5 views

golang.org/x/crypto/ssh allows an attacker to cause unbounded memory consumption

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption...

5.3CVSS7.1AI score0.00533EPSS
Exploits0References6Affected Software1
github
github
added 2025/11/19 9:0 p.m.12 views

OpenSTAManager has Authenticated SQL Injection in API via 'display' parameter

Summary An authenticated SQL Injection vulnerability in the API allows any user, regardless of permission level, to execute arbitrary SQL queries. By manipulating the display parameter in an API request, an attacker can exfiltrate, modify, or delete any data in the database, leading to a full...

8.8CVSS8.4AI score0.0033EPSS
Exploits0References3Affected Software1
github
github
added 2025/11/19 8:33 p.m.21 views

Claude Code vulnerable to command execution prior to startup trust dialog

When using Claude Code with Yarn installed, Yarn config files can trigger code execution when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins and yarnPath could be executed prior to the user accepting the risks of working in an untruste...

9.8CVSS7.3AI score0.0045EPSS
Exploits0References3Affected Software1
github
github
added 2025/11/19 8:31 p.m.10 views

esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript

Summary The esm.sh CDN service contains a Template Literal Injection vulnerability CWE-94 in its CSS-to-JavaScript module conversion feature. When a CSS file is requested with the ?module query parameter, esm.sh converts it to a JavaScript module by embedding the CSS content directly into a...

9.6CVSS7.5AI score0.00448EPSS
Exploits1References4Affected Software1
github
github
added 2025/11/19 8:30 p.m.13 views

esm.sh CDN service has arbitrary file write via tarslip

Summary The esm.sh CDN service is vulnerable to a Path Traversal CWE-22 vulnerability during NPM package tarball extraction. An attacker can craft a malicious NPM package containing specially crafted file paths e.g., package/../../tmp/evil.js. When esm.sh downloads and extracts this package, file...

9.8CVSS7.4AI score0.0051EPSS
Exploits1References4Affected Software1
github
github
added 2025/11/19 8:9 p.m.74 views

Astro Cloudflare adapter has Stored Cross-site Scripting vulnerability in /_image endpoint

Summary A Cross-Site Scripting XSS vulnerability exists in Astro when using the @astrojs/cloudflare adapter with output: 'server'. The built-in image optimization endpoint /image uses isRemoteAllowed from Astro’s internal helpers, which unconditionally allows data: URLs. When the endpoint receive...

6.1CVSS6.3AI score0.00223EPSS
Exploits1References4Affected Software1
github
github
added 2025/11/19 8:3 p.m.10 views

Astro's middleware authentication checks based on url.pathname can be bypassed via url encoded values

A mismatch exists between how Astro normalizes request paths for routing/rendering and how the application’s middleware reads the path for validation checks. Astro internally applies decodeURI to determine which route to render, while the middleware uses context.url.pathname without applying the...

6.9CVSS6.5AI score0.00481EPSS
Exploits1References4Affected Software1
github
github
added 2025/11/19 8:0 p.m.10 views

Astro vulnerable to reflected XSS via the server islands feature

Summary After some research it appears that it is possible to obtain a reflected XSS when the server islands feature is used in the targeted application, regardless of what was intended by the component templates. Details Server islands run in their own isolated context outside of the page reques...

7.1CVSS6.6AI score0.00456EPSS
Exploits1References4Affected Software1
github
github
added 2025/11/19 7:43 p.m.8 views

Astro Development Server has Arbitrary Local File Read

Summary A vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote attackers to read any image file accessible to t...

3.5CVSS6.9AI score0.00402EPSS
Exploits1References4Affected Software1
github
github
added 2025/11/19 6:47 p.m.9 views

authentik's invitation expiry is delayed by at least 5 minutes

Summary In previous authentik versions, invitations were considered valid regardless if they are expired or not, thus relying on background tasks to clean up expired ones. In a normal scenario this can take up to 5 minutes because the cleanup of expired objects is scheduled to run every 5 minutes...

5.8CVSS6.9AI score0.00221EPSS
Exploits0References4Affected Software1
github
github
added 2025/11/19 6:13 p.m.12 views

authentik allows a deactivated Service account to authenticate to OAuth

Summary When authenticating with clientid and clientsecret to an OAuth provider, authentik creates a service account for the provider. In previous authentik versions, authentication for this account was possible even when the account was deactivated. Other permissions are correctly applied and...

4.8CVSS7.1AI score0.00197EPSS
Exploits0References4Affected Software1
github
github
added 2025/11/19 12:30 p.m.10 views

Apache Causeway vulnerable to deserialization in Java

Apache Causeway faces Java deserialization vulnerabilities that allow remote code execution RCE through user-controllable URL parameters. These vulnerabilities affect all applications using Causeway's ViewModel functionality and can be exploited by authenticated attackers to execute arbitrary cod...

6.3CVSS8.8AI score0.09442EPSS
Exploits0References8Affected Software4
github
github
added 2025/11/19 12:31 a.m.12 views

MongoDB driver extension affected by mongoc_bulk_operation_t's read of invalid memory

A mongocbulkoperationt may read invalid memory if large options are passed...

6.9CVSS6.9AI score0.0019EPSS
Exploits0References9Affected Software1
github
github
added 2025/11/18 9:32 p.m.9 views

Modular Max Serve has Unsafe Deserialization vulnerability

Unsafe Deserialization vulnerability in Modular Max Serve before 25.6, specifically when the "--experimental-enable-kvcache-agent" feature is used allowing attackers to execute arbitrary code...

8.4CVSS7.5AI score0.00297EPSS
Exploits1References8Affected Software1
github
github
added 2025/11/18 7:2 p.m.9 views

XWiki view file macro: User can view content of office file without view rights on the attachment

Summary A user with no view rights on a page may see the content of an office attachment displayed with the view file macro. Details If on a public page is displayed an office attachment from a restricted page, a user with no view rights on the restricted page can view the attachment content, no...

6.8CVSS6.8AI score0.00258EPSS
Exploits0References3Affected Software1
github
github
added 2025/11/18 6:48 p.m.8 views

LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint

Summary A Boolean-Based Blind SQL Injection vulnerability was identified in the LibreNMS application at the /ajaxoutput.php endpoint. The hostname parameter is interpolated directly into an SQL query without proper sanitization or parameter binding, allowing an attacker to manipulate the query...

5.5CVSS7.9AI score0.03278EPSS
Exploits1References3Affected Software1
github
github
added 2025/11/18 6:32 p.m.9 views

Backdrop CMS Host Header Injection vulnerability

Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests, leading to redirects to malicious domains and potential session hijacking via cookie injection...

6.1CVSS7.4AI score0.00186EPSS
Exploits1References4Affected Software1
github
github
added 2025/11/18 6:32 p.m.6 views

Drupal core allows Object Injection

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8...

5.9CVSS7AI score0.00228EPSS
Exploits0References3Affected Software1
github
github
added 2025/11/18 6:32 p.m.6 views

Drupal core allows Content Spoofing

User Interface UI Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8...

4.3CVSS6.9AI score0.00198EPSS
Exploits0References3Affected Software1
github
github
added 2025/11/18 6:32 p.m.8 views

Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels

Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before...

3.7CVSS6.5AI score0.00249EPSS
Exploits0References3Affected Software1
github
github
added 2025/11/18 6:32 p.m.5 views

Drupal core allows Forceful Browsing

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8...

5.3CVSS7AI score0.00287EPSS
Exploits0References3Affected Software1
github
github
added 2025/11/18 6:32 p.m.18 views

Mattermost allows other users to determine when users had read channels via channel member objects

Mattermost versions 10.11.x = 10.11.3, and 10.5.x = 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects...

3.5CVSS6.5AI score0.00148EPSS
Exploits0References8Affected Software2
github
github
added 2025/11/18 6:32 p.m.5 views

Drupal Simple multi step form allows Cross-Site Scripting

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Simple multi step form allows Cross-Site Scripting XSS.This issue affects Simple multi step form: from 0.0.0 before 2.0.0...

3.5CVSS5.9AI score0.00151EPSS
Exploits0References3Affected Software1
github
github
added 2025/11/18 6:32 p.m.6 views

Drupal Email TFA allows Functionality Bypass

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Email TFA allows Functionality Bypass. This issue affects Email TFA: from 0.0.0 before 2.0.6...

5.4CVSS7AI score0.00183EPSS
Exploits0References3Affected Software1
github
github
added 2025/11/18 6:32 p.m.8 views

Eclipse Jersey has a Race Condition

In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain...

9.4CVSS6.8AI score0.00277EPSS
Exploits0References13Affected Software1
github
github
added 2025/11/18 6:26 p.m.11 views

joserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token Payloads

Summary The ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause Python logging to record an arbitrarily large, forged JWT payload. Details In situations where a misconfigured — or entirely absent — production-grade web server sits in front of a Python...

9.2CVSS7.1AI score0.00329EPSS
Exploits1References7Affected Software1
github
github
added 2025/11/18 6:24 p.m.12 views

LibreNMS has Weak Password Policy

Summary A Weak Password Policy vulnerability was identified in the user management functionality of the LibreNMS application. This vulnerability allows administrators to create accounts with extremely weak and predictable passwords, such as 12345678. This exposes the platform to brute-force and...

3.7CVSS7.4AI score0.00227EPSS
Exploits1References3Affected Software1
Total number of security vulnerabilities33367