Lucene search
+L
GithubRecent

33367 matches found

github
github
added 2025/11/18 6:21 p.m.18 views

LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name`

Summary A Reflected Cross-Site Scripting XSS vulnerability was identified in the LibreNMS application at the /maps/nodeimage endpoint. The Image Name parameter is reflected in the HTTP response without proper output encoding or sanitization, allowing an attacker to craft a URL that, when visited ...

6.2CVSS5.5AI score0.00221EPSS
Exploits0References3Affected Software1
github
github
added 2025/11/18 6:1 p.m.8 views

Kirby CMS has cross-site scripting (XSS) in the changes dialog

TL;DR This vulnerability affects all Kirby 5 sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to update page titles or usernames. The attack requires user interaction by another Panel user and cannot be automated. ---- Introductio...

5.4CVSS6.7AI score0.00159EPSS
Exploits0References4Affected Software1
github
github
added 2025/11/18 5:42 p.m.10 views

XWiki AdminTools application doesn't set permissions on the AdminTools space

Impact Users without admin rights have access to AdminTools.SpammedPages. Details View rights are not restricted only to admin users for AdminTools.SpammedPages. While no data is visible to non admin users, the page is still accessible. Workarounds Set the view rights for the AdminTools space to ...

5.3CVSS6.9AI score0.00207EPSS
Exploits0References3Affected Software1
github
github
added 2025/11/17 7:6 p.m.14 views

Flowise has Authentication Bypass Using Unprotected Registration Endpoint (/register)

Summary An unauthenticated attacker can exploit the unprotected registration endpoint /register to create a new user and bypass authentication. Details Critical vulnerability in Flowise 3.0.1 on-premise deployment allows unauthenticated attackers to exploit the /api/v1/account/register endpoint t...

7.5AI score
Exploits0References2Affected Software1
github
github
added 2025/11/17 6:15 p.m.8 views

@dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via welcome message

Description Since version 4.12.0, Dependency-Track users with the SYSTEMCONFIGURATION permission can configure a "welcome message", which is HTML that is to be rendered on the login page for branding purposes. When rendering the welcome message, Dependency-Track versions before 4.13.6 did not...

4.8CVSS7.1AI score0.00218EPSS
Exploits0References6Affected Software1
github
github
added 2025/11/17 5:38 p.m.13 views

glob CLI: Command injection via -c/--cmd executes matches with shell:true

Summary The glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c is used, matched filenames are passed to a shell with shell: true, enabling shell metacharacters in filenames to...

7.5CVSS8.6AI score0.03136EPSS
Exploits1References5Affected Software1
github
github
added 2025/11/17 5:37 p.m.7 views

phpMyFAQ has Authenticated SQL Injection in Configuration Update Functionality

Summary An authenticated SQL injection vulnerability in the main configuration update functionality of phpMyFAQ v4.0.13 and prior allows a privileged user with 'Configuration Edit' permissions to execute arbitrary SQL commands. Successful exploitation can lead to a full compromise of the database...

7.2CVSS9AI score0.00755EPSS
Exploits1References4Affected Software2
github
github
added 2025/11/17 9:30 a.m.10 views

OpenStack Keystone allows /v3/ec2tokens or /v3/s3tokens request with valid AWS Signature to provide Keystone authorization.

OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization...

7.5CVSS6.8AI score0.00219EPSS
Exploits0References4Affected Software1
github
github
added 2025/11/17 6:30 a.m.8 views

vlife-base has Path Traversal vulnerability

A security vulnerability has been detected in wwwlike vlife up to 2.0.1. This issue affects the function create of the file vlife-base/src/main/java/cn/wwwlike/sys/api/SysFileApi.java of the component VLifeApi. Such manipulation of the argument fileName leads to path traversal. It is possible to...

6.9CVSS5.5AI score0.00579EPSS
Exploits0References6Affected Software1
github
github
added 2025/11/17 6:30 a.m.10 views

lsFusion Platform has a Path Traversal vulnerability

A vulnerability was determined in lsfusion platform up to 6.1. Affected by this vulnerability is the function UploadFileRequestHandler of the file platform/web-client/src/main/java/lsfusion/http/controller/file/UploadFileRequestHandler.java. Executing manipulation of the argument sid can lead to...

9.8CVSS7.2AI score0.00574EPSS
Exploits1References7Affected Software1
github
github
added 2025/11/17 6:30 a.m.13 views

lsFusion Server is vulnerable to Path Traversal through its unpackFile function

A weakness has been identified in lsfusion platform up to 6.1. This vulnerability affects the function unpackFile of the file server/src/main/java/lsfusion/server/physics/dev/integration/external/to/file/ZipUtils.java. This manipulation causes path traversal. It is possible to initiate the attack...

9.1CVSS6.3AI score0.00559EPSS
Exploits1References6Affected Software1
github
github
added 2025/11/17 6:30 a.m.10 views

lsFusion Platform has a Path Traversal vulnerability

A vulnerability was found in lsfusion platform up to 6.1. Affected is the function DownloadFileRequestHandler of the file web-client/src/main/java/lsfusion/http/controller/file/DownloadFileRequestHandler.java. Performing manipulation of the argument Version results in path traversal. Remote...

6.9CVSS5.4AI score0.00686EPSS
Exploits1References7Affected Software1
github
github
added 2025/11/14 10:9 p.m.7 views

Memos' Access Tokens Stay Valid after User Password Change

Summary Access Tokens are used to authenticate application access. When a user changes their password, the existing list of Access Tokens stay valid instead of expiring. If a user finds that their account has been compromised, they can update their password. The bad actor though will still have...

7.5CVSS7AI score0.00278EPSS
Exploits1References6Affected Software1
github
github
added 2025/11/14 9:52 p.m.11 views

AstrBot is vulnerable to RCE with hard-coded JWT signing keys

Summary AstrBot uses a hard-coded JWT signing key, allowing attackers to execute arbitrary commands by installing a malicious plugin. Details AstrBot uses a hard-coded JWT signing key, which allows attackers to bypass the authentication mechanism. Once bypassed, the attacker can install a Python...

7.3CVSS7.9AI score0.00281EPSS
Exploits2References7Affected Software1
github
github
added 2025/11/14 9:49 p.m.13 views

Apollo Federation has Improper Enforcement of Access Control on Transitive Fields

Summary A vulnerability in Apollo Federation's composition logic did not enforce that fields depending on protected data through @requires and/or @fromContext directives have the same access control requirements as the fields they reference. This allowed queries to access protected fields...

6.5AI score
Exploits0References6Affected Software1
github
github
added 2025/11/14 9:45 p.m.9 views

Directus is Vulnerable to Stored Cross-site Scripting

Summary A stored cross-site scripting XSS vulnerability exists that allows users with upload files and edit item permissions to inject malicious JavaScript through the Block Editor interface. Attackers can bypass Content Security Policy CSP restrictions by combining file uploads with iframe srcdo...

5.5CVSS5.8AI score0.00241EPSS
Exploits1References4Affected Software1
github
github
added 2025/11/14 9:45 p.m.11 views

Directus has Improper Permission Handling on Deleted Fields

Summary Directus does not properly clean up field-level permissions when a field is deleted. If a new field with the same name is created later, the system automatically re-applies the old permissions, which can lead to unauthorized access. Details When a field is removed from a collection, its...

5.4CVSS6.7AI score0.00187EPSS
Exploits1References4Affected Software1
github
github
added 2025/11/14 9:30 p.m.11 views

Duplicate Advisory: Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mm7p-fcc7-pg87. This link is maintained to preserve external references. Original Description A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient...

7.5CVSS6.2AI score0.00544EPSS
Exploits0References9Affected Software1
github
github
added 2025/11/14 9:11 p.m.10 views

ZITADEL is vulnerable to Account Takeover with deactivated Instance IdP

Summary A vulnerability in ZITADEL's federation process allowed auto-linking users from external identity providers to existing users in ZITADEL even if the corresponding IdP was not active or if the organization did not allow federated authentication. Impact This vulnerability stems from the...

9.8CVSS7.1AI score0.00472EPSS
Exploits0References7Affected Software1
github
github
added 2025/11/14 8:57 p.m.12 views

Flowise does not Prevent Bypass of Password Confirmation - Unverified Password Change

Summary Bypass of Password Confirmation - Unverified Password Change authenticated change without current password An authenticated user is allowed to change their account password without supplying the current password or any additional verification. The application does not verify the actor’s...

6.7AI score
Exploits0References4Affected Software1
github
github
added 2025/11/14 8:56 p.m.13 views

Flowise doesn't Prevent Bypass of Password Confirmation through Unverified Email Change (credentials)

Summary Unverified Email Change - Email as part of Credential / Unverified Account Recovery Channel Change The application allows changing the account email address used as a login identifier and/or password recovery address without verifying the requester’s authority to make that change no...

7.1AI score
Exploits0References4Affected Software1
github
github
added 2025/11/14 8:50 p.m.5 views

Flowise Fails to Invalidate Existing Sessions After Password Changes

Summary Failure to Invalidate Existing Sessions After Password Change Persistent Session / Session Invalidity Failure. Details After a user changes their password, the application does not invalidate other active sessions or session tokens that were established before the change. An attacker who...

6.4AI score
Exploits0References3Affected Software1
github
github
added 2025/11/14 8:42 p.m.17 views

Shopware 6's password recovery link does not expire after email change

Summary When a customer changes their email address after requesting a password reset, the old password reset link tied to the previous email remains valid. An attacker with access to the old email inbox is potentially able to reset the customer’s password even after the user changes their email...

7AI score
Exploits0References7Affected Software1
github
github
added 2025/11/14 8:33 p.m.16 views

PrivateBin vulnerable to malicious filename use for self-XSS / HTML injection locally for users

Summary Dragging a file whose filename contains HTML is reflected verbatim into the page via the drag-and-drop helper, so any user who drops a crafted file on PrivateBin will execute arbitrary JavaScript within their own session self-XSS. This allows an attacker who can entice a victim to drag or...

5.4CVSS7.2AI score0.00118EPSS
Exploits1References4Affected Software1
github
github
added 2025/11/14 8:33 p.m.46 views

PrivateBin's template-switching feature allows arbitrary local file inclusion through path traversal

Summary An unauthenticated Local File Inclusion exists in the template-switching feature: if templateselection is enabled in the configuration, the server trusts the template cookie and includes the referenced PHP file. An attacker can read sensitive data or, if they manage to drop a PHP file...

5.8CVSS8.2AI score0.00482EPSS
Exploits0References4Affected Software1
github
github
added 2025/11/14 6:31 p.m.8 views

expr-eval vulnerable to Prototype Pollution

npm package expr-eval is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue...

7.3CVSS7.7AI score0.00459EPSS
Exploits1References11Affected Software2
github
github
added 2025/11/14 5:46 p.m.10 views

@apollo/composition has Improper Enforcement of Access Control on Interface Types and Fields

Summary A vulnerability in Apollo Federation's composition logic allowed some queries to Apollo Router to improperly bypass access controls on types/fields. Apollo Federation incorrectly allowed user-defined access control directives on interface types/fields, which could be bypassed by instead...

7.5CVSS6.6AI score0.00389EPSS
Exploits0References6Affected Software1
github
github
added 2025/11/14 2:29 p.m.6 views

js-yaml has prototype pollution in merge (<<)

Impact In js-yaml 4.1.0, 4.0.0, and 3.14.1 and below, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution proto. All users who parse untrusted yaml documents may be impacted. Patches Problem is patched in js-yaml 4.1.1 and 3.14.2...

5.3CVSS6.4AI score0.00414EPSS
Exploits0References6Affected Software1
github
github
added 2025/11/14 12:30 p.m.6 views

Mattermost allows system administrators to access password hashes and MFA secrets

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11, 10.12.x = 10.12.0 fail to sanitize user data which allows system administrators to access password hashes and MFA secrets via the POST /api/v4/users/userid/email/verify/member endpoint...

4.9CVSS7AI score0.00272EPSS
Exploits0References8Affected Software2
github
github
added 2025/11/14 9:30 a.m.10 views

Mattermost allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect URL

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11, 10.12.x = 10.12.0 fail to validate the relationship between the post being updated and the MSTeams plugin OAuth flow which allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect URL...

5.4CVSS6.8AI score0.00179EPSS
Exploits0References8Affected Software2
github
github
added 2025/11/14 9:30 a.m.7 views

Mattermost fails to properly restrict access to archived channel search API

Mattermost versions 11 fail to properly restrict access to archived channel search API which allows guest users to discover archived public channels via the /api/v4/teams/teamid/channels/searcharchived endpoint...

4.3CVSS6.9AI score0.00188EPSS
Exploits0References4Affected Software5
github
github
added 2025/11/14 9:30 a.m.7 views

Mattermost allows regular users to access archived channel content and files

Mattermost versions 11.0 fail to properly enforce the "Allow users to view archived channels" setting which allows regular users to access archived channel content and files via the "Open in Channel" functionality from followed threads...

4.3CVSS6.7AI score0.00164EPSS
Exploits0References4Affected Software2
github
github
added 2025/11/14 9:30 a.m.9 views

Mattermost does not enforce MFA on WebSocket connections

Mattermost versions 11 fail to enforce multi-factor authentication on WebSocket connections which allows unauthenticated users to access sensitive information via WebSocket events...

7.5CVSS6.9AI score0.00297EPSS
Exploits0References4Affected Software2
github
github
added 2025/11/14 12:30 a.m.19 views

golang.org/x/crypto/ssh/agent has a potential denial of service

SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process...

7.5CVSS6.7AI score0.00632EPSS
Exploits1References5Affected Software1
github
github
added 2025/11/13 11:7 p.m.10 views

Directus Vulnerable to Information Leakage in Existing Collections

Summary: An observable difference in error messaging was found in the Directus REST API. The /items/collection API returns different error messages for these two cases: 1. A user tries to access an existing collection which they are not authorized to access. 2. A user tries to access a non-existi...

4.3CVSS6.7AI score0.00328EPSS
Exploits1References4Affected Software2
github
github
added 2025/11/13 11:6 p.m.7 views

Directus's conceal fields are searchable if read permissions enabled

Summary A vulnerability allows authenticated users to search concealed/sensitive fields when they have read permissions. While actual values remain masked , successful matches can be detected through returned records, enabling enumeration attacks on sensitive data. Details The system permits sear...

6.5CVSS6.9AI score0.0027EPSS
Exploits0References4Affected Software2
github
github
added 2025/11/13 11:1 p.m.7 views

LXD vulnerable to a local privilege escalation through custom storage volumes

Impact This affects any LXD user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the security.shifted property set to true as well as access to the host as an unprivileged user. The most common case for this would be...

7AI score
Exploits0References8Affected Software1
github
github
added 2025/11/13 10:59 p.m.10 views

Duplicate Advisory: ProsemirrorToHtml has a Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-52c5-vh7f-26fx. This link is maintained to preserve external references. Original Description Impact The prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute...

5.9AI score
Exploits0References6Affected Software1
github
github
added 2025/11/13 10:58 p.m.8 views

SpiceDB WriteRelationships fails silently if payload is too big

Impact Users who 1. use the exclusion operator somewhere in their authorization schema 1. have configured their SpiceDB server such that --write-relationships-max-updates-per-call is bigger than 6500 1. issue calls to WriteRelationships with a large enough number of updates that cause the payload...

6.9CVSS5.8AI score0.0024EPSS
Exploits0References4Affected Software1
github
github
added 2025/11/13 10:46 p.m.14 views

Astro vulnerable to URL manipulation via headers, leading to middleware and CVE-2025-61925 bypass

Summary In impacted versions of Astro using on-demand rendering, request headers x-forwarded-proto and x-forwarded-port are insecurely used, without sanitization, to build the URL. This has several consequences the most important of which are: - Middleware-based protected route bypass only via...

6.5CVSS6.3AI score0.01189EPSS
Exploits2References6Affected Software1
github
github
added 2025/11/13 10:38 p.m.8 views

Astro development server error page is vulnerable to reflected Cross-site Scripting

Summary A Reflected Cross-Site Scripting XSS vulnerability exists in Astro's development server error pages when the trailingSlash configuration option is used. An attacker can inject arbitrary JavaScript code that executes in the victim's browser context by crafting a malicious URL. While this...

6.1CVSS5.3AI score0.00239EPSS
Exploits1References6Affected Software1
github
github
added 2025/11/13 10:36 p.m.30 views

File Browser has risk of HTTP Request/Response smuggling through vulnerable dependency

The standard library net/http package dependency used by File Browser improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. I can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a...

9.1CVSS7AI score0.00778EPSS
Exploits0References3Affected Software1
github
github
added 2025/11/13 10:34 p.m.11 views

File Browser is Vulnerable to Insecure Direct Object Reference (IDOR) in Share Deletion Function

Summary It has been found an Insecure Direct Object Reference IDOR vulnerability in the FileBrowser application's share deletion functionality. This vulnerability allows any authenticated user with share permissions to delete other users' shared links without authorization checks. The impact is...

8.8CVSS6.6AI score0.0042EPSS
Exploits1References4Affected Software1
github
github
added 2025/11/13 10:32 p.m.13 views

Vega Cross-Site Scripting (XSS) via expressions abusing toString calls in environments using the VEGA_DEBUG global variable

Impact Applications meeting 2 conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used. 1. Use vega in an application that attaches vega library and a vega.View instance similar to the Vega Editor to the global window 2. Allow user-defined...

8.1CVSS6.9AI score0.00383EPSS
Exploits0References7Affected Software3
github
github
added 2025/11/13 10:22 p.m.7 views

AWS Advanced NodeJS Wrapper: Privilege Escalation in Aurora PostgreSQL instance

Description of Vulnerability: An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rdssuperuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service RDS...

6.9AI score
Exploits0References4Affected Software1
github
github
added 2025/11/13 10:22 p.m.8 views

AWS Advanced Go Wrapper: Privilege Escalation in Aurora PostgreSQL Instance

Description of Vulnerability: An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rdssuperuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service RDS...

5.8AI score
Exploits0References4Affected Software10
github
github
added 2025/11/13 10:22 p.m.11 views

Amazon Web Services Advanced JDBC Wrapper: Privilege Escalation in Aurora PostgreSQL instance

Description of Vulnerability: An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rdssuperuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service RDS...

6.9AI score
Exploits0References4Affected Software1
github
github
added 2025/11/13 10:22 p.m.11 views

AWS Advanced Python Wrapper: Privilege Escalation in Aurora PostgreSQL instance

Description of Vulnerability: An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rdssuperuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service RDS...

8.6CVSS6.9AI score0.00438EPSS
Exploits0References9Affected Software1
github
github
added 2025/11/13 6:31 p.m.19 views

Duplicate Advisory: Keycloak allows Binding to an Unrestricted IP Address

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-j4vq-q93m-4683. This link is maintained to preserve external references. Original Description A vulnerability exists in Keycloak's server distribution where enabling debug mode --debug insecurely defaults to...

6.8CVSS7.5AI score0.00399EPSS
Exploits0References8Affected Software1
github
github
added 2025/11/13 6:31 p.m.21 views

Mattermost Incorrect Authorization vulnerability

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to properly validate team membership permissions in the Add Channel Member API, which allows users from one team to access user metadata and channel membership information from other teams via the API endpoint...

4.3CVSS6.7AI score0.00177EPSS
Exploits0References6Affected Software5
Total number of security vulnerabilities33367