Lucene search
+L
GithubRecent

33367 matches found

github
github
added 2025/11/13 4:4 p.m.8 views

Incus vulnerable to local privilege escalation through custom storage volumes

Impact This affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the security.shifted property set to true as well as access to the host as an unprivileged user. The most common case for this would ...

8.6CVSS5.8AI score0.00164EPSS
Exploits1References5Affected Software1
github
github
added 2025/11/13 3:55 p.m.10 views

Milvus Proxy has a Critical Authentication Bypass Vulnerability

Impact What kind of vulnerability is it? Who is impacted? An unauthenticated attacker can exploit this vulnerability to bypass all authentication mechanisms in the Milvus Proxy component, gaining full administrative access to the Milvus cluster. This grants the attacker the ability to read, modif...

9.3CVSS6.7AI score0.0107EPSS
Exploits0References7Affected Software1
github
github
added 2025/11/13 3:36 p.m.13 views

sudo-rs doesn't record authenticating user properly in timestamp

Summary When Defaults targetpw or Defaults rootpw is enabled, the password of the target account or root account instead of the invoking user is used for authentication. sudo-rs prior to 0.2.10 incorrectly recorded the invoking user’s UID instead of the authenticated-as user's UID in the...

4.4CVSS7.1AI score0.0017EPSS
Exploits0References5Affected Software1
github
github
added 2025/11/13 3:30 p.m.11 views

pgAdmin 4 has command injection vulnerability on Windows systems

pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup and restore operations, enabling attackers to execute arbitrary system commands by providing specially crafted file path input...

8.8CVSS8.1AI score0.00845EPSS
Exploits0References4Affected Software1
github
github
added 2025/11/13 3:30 p.m.7 views

pgAdmin4 vulnerable to Remote Code Execution (RCE) when running in server mode

pgAdmin versions up to 9.9 are affected by a Remote Code Execution RCE vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical...

9.8CVSS7.8AI score0.12384EPSS
Exploits1References4Affected Software1
github
github
added 2025/11/13 3:30 p.m.7 views

pgAdmin is affected by an LDAP injection vulnerability

pgAdmin = 9.9 is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject special LDAP characters in the username, causing the DC/LDAP server and the client to process an unusual amount of data DOS...

7.5CVSS7.5AI score0.00396EPSS
Exploits0References4Affected Software1
github
github
added 2025/11/13 3:30 p.m.7 views

pgAdmin has vulnerability in LDAP authentication mechanism that allows bypassing TLS certificate verification

pgAdmin = 9.9 is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification...

7.5CVSS7.1AI score0.00196EPSS
Exploits0References4Affected Software1
github
github
added 2025/11/13 12:11 a.m.9 views

Bugsink is vulnerable to unauthenticated remote DoS via crafted Brotli input (via CPU)

Impact In affected versions, a specially crafted Brotli-compressed envelope can cause Bugsink to spend excessive CPU time in decompression, leading to denial of service. This can be done if the DSN is known, which it is in many common setups JavaScript, Mobile Apps. Patches Patched in Bugsink 2.0...

7.5CVSS6.4AI score0.00305EPSS
Exploits0References4Affected Software1
github
github
added 2025/11/13 12:10 a.m.14 views

Bugsink is vulnerable to unauthenticated remote DoS via crafted Brotli input

Impact In affected versions, brotli "bombs" highly compressed brotli streams, such as many zeros can be sent to the server. Since the server will attempt to decompress these streams before applying various maximums, this can lead to exhaustion of the available memory and thus a Denial of Service...

7.5CVSS6.5AI score0.00457EPSS
Exploits0References10Affected Software1
github
github
added 2025/11/13 12:9 a.m.10 views

Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details

Impact The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Parse Server permits any client to execute explain queries without requiring the master key. This exposes: - Database schema...

6.9CVSS6.7AI score0.00407EPSS
Exploits0References5Affected Software1
github
github
added 2025/11/12 9:50 p.m.9 views

Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass

Description The Request class improperly interprets some PATHINFO in a way that leads to representing some URLs with a path that doesn't start with a /. This can allow bypassing some access control rules that are built with this /-prefix assumption. Resolution The Request class now ensures that U...

7.3CVSS6.5AI score0.01344EPSS
Exploits0References7Affected Software2
github
github
added 2025/11/12 9:45 p.m.6 views

Evervault Go SDK: Incomplete PCR Validation in Enclave Attestation for non-Evervault hosted Enclaves

Summary A vulnerability was identified in the evervault-go SDK’s attestation verification logic that may allow incomplete documents to pass validation. This may cause the client to trust an enclave operator that does not meet expected integrity guarantees. The exploitability of this issue is...

8.7CVSS6.4AI score0.00134EPSS
Exploits1References5Affected Software1
github
github
added 2025/11/12 9:42 p.m.13 views

OAuth2-Proxy is vulnerable to header smuggling via underscore leading to potential privilege escalation

Impact All deployments of OAuth2 Proxy in front of applications that normalize underscores to dashes in HTTP headers e.g., WSGI-based frameworks such as Django, Flask, FastAPI, and PHP applications. Authenticated users can inject underscore variants of X-Forwarded- headers that bypass the proxy’s...

8.5CVSS6.5AI score0.00633EPSS
Exploits0References9Affected Software1
github
github
added 2025/11/12 9:36 p.m.13 views

Wasmtime provides unsound API access to a WebAssembly shared linear memory

Impact Wasmtime's Rust embedder API contains an unsound interaction where a WebAssembly shared linear memory could be viewed as a type which provides safe access to the host Rust to the contents of the linear memory. This is not sound for shared linear memories, which could be modified in paralle...

1.8CVSS6.6AI score0.00107EPSS
Exploits0References9Affected Software1
github
github
added 2025/11/12 9:30 p.m.14 views

sudo-rs: Partial password reveal is possible after timeout

Summary If a user begins entering a password but does not press return for an extended period, a password timeout may occur. When this happens, the keystrokes that were entered are echoed back to the console. Example Using sudo-rs: geiger@cerberus:$ sudo -s sudo: authenticate Password: sudo-rs:...

3.8CVSS6.6AI score0.00138EPSS
Exploits0References5Affected Software1
github
github
added 2025/11/12 9:27 p.m.10 views

OpenAM: Using arbitrary OIDC requested claims values in id_token and user_info is allowed

Summary If the "claimsparametersupported" parameter is activated, it is possible through the "oidc-claims-extension.groovy" script, to inject the value of choice into a claim contained in the idtoken or in the userinfo. Authorization function requests do not prevent a claims parameter containing ...

9.3CVSS6.9AI score0.00322EPSS
Exploits0References5Affected Software1
github
github
added 2025/11/12 9:24 p.m.10 views

changedetection.io: Stored XSS in Watch update via API

Summary A Stored Cross Site Scripting is present in the changedetection.io Watch update API due to unsufficient security checks. Details Tested on changedetection.io version v0.50.24 console REPOSITORY TAG IMAGE ID CREATED SIZE ghcr.io/dgtlmoon/changedetection.io latest 0367276509a0 23 hours ago...

5.4CVSS6.1AI score0.00441EPSS
Exploits1References7Affected Software1
github
github
added 2025/11/12 6:31 p.m.10 views

jose2go is vulnerable to a JWT bomb attack through its decode function

An issue was discovered in dvsekhvalnov jose2go 1.5.0 thru 1.7.0 allowing an attacker to cause a Denial-of-Service DoS via crafted JSON Web Encryption JWE token with an exceptionally high compression ratio...

7.5CVSS6.9AI score0.00248EPSS
Exploits1References4Affected Software1
github
github
added 2025/11/12 6:31 p.m.8 views

Observability Operator is vulnerable to Incorrect Privilege Assignment through its Custom Resource MonitorStack

A flaw was found in the Observability Operator. The Operator creates a ServiceAccount with ClusterRole upon deployment of the Namespace-Scoped Custom Resource MonitorStack. This issue allows an adversarial Kubernetes Account with only namespaced-level roles, for example, a tenant controlling a...

8.8CVSS6.7AI score0.00318EPSS
Exploits0References7Affected Software1
github
github
added 2025/11/12 12:30 p.m.8 views

TYPO3 Modules Extension has Improper Authentication vulnerability

Improper Authentication vulnerability in TYPO3 Extension "Modules" codingms/modules. This issue affects Extension "Modules": before 4.3.11, from 5.0.0 before 5.7.4, from 6.0.0 before 6.4.2, from 7.0.0 before 7.5.5...

8.2CVSS7AI score0.00436EPSS
Exploits0References4Affected Software1
github
github
added 2025/11/10 9:34 p.m.10 views

Soft Serve is vulnerable to SSRF through its Webhooks

SUMMARY We have identified and verified an SSRF vulnerability where webhook URLs are not validated, allowing repository administrators to create webhooks targeting internal services, private networks, and cloud metadata endpoints. AFFECTED COMPONENTS VERIFIED 1. Webhook Creation...

9.1CVSS6.9AI score0.00335EPSS
Exploits1References5Affected Software1
github
github
added 2025/11/10 9:30 p.m.11 views

TorrentPier is Vulnerable to Authenticated SQL Injection through Moderator Control Panel's topic_id parameter

Summary An authenticated SQL injection vulnerability exists in the moderator control panel modcp.php. Users with moderator permissions can exploit this vulnerability by supplying a malicious topicid t parameter. This allows an authenticated moderator to execute arbitrary SQL queries, leading to t...

8.8CVSS6.1AI score0.00412EPSS
Exploits1References4Affected Software1
github
github
added 2025/11/10 9:4 p.m.18 views

CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection

Impact The XML Validator used by cyclonedx-core-java was not configured securely, making the library vulnerable to XML External Entity XXE injection. The fix for GHSA-683x-4444-jxh8 / CVE-2024-38374 has been incomplete in that it only fixed parsing of XML BOMs, but not validation. Patches The...

7.5CVSS7.4AI score0.00359EPSS
Exploits0References7Affected Software1
github
github
added 2025/11/10 6:30 a.m.8 views

Cloudinary Node SDK is vulnerable to Arbitrary Argument Injection through parameters that include an ampersand

Versions of the package cloudinary before 2.7.0 are vulnerable to Arbitrary Argument Injection due to improper parsing of parameter values containing an ampersand. An attacker can inject additional, unintended parameters. This could lead to a variety of malicious outcomes, such as bypassing...

8.8CVSS6.8AI score0.00356EPSS
Exploits0References5Affected Software1
github
github
added 2025/11/09 9:30 p.m.7 views

EverShop is vulnerable to Unauthorized Order Information Access (IDOR)

A vulnerability was detected in EverShop up to 2.0.1. Affected is an unknown function of the file /src/modules/oms/graphql/types/Order/Order.resolvers.js of the component Order Handler. The manipulation of the argument uuid results in improper control of resource identifiers. The attack may be...

6.3CVSS4.5AI score0.00453EPSS
Exploits1References7Affected Software1
github
github
added 2025/11/09 9:30 a.m.8 views

Skuul School Management System has an Insecure Direct Object Reference (IDOR) Vulnerability in View Fee Invoice

A security flaw has been discovered in yungifez Skuul School Management System up to 2.6.5. The impacted element is an unknown function of the file /dashboard/fees/fee-invoices/ of the component View Fee Invoice. Performing manipulation of the argument invoiceid results in improper control of...

5.3CVSS6.5AI score0.00366EPSS
Exploits1References7Affected Software1
github
github
added 2025/11/07 11:17 p.m.11 views

Duplicate Advisory: ProsemirrorToHtml has a Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-52c5-vh7f-26fx. This link is maintained to preserve external references. Original Description Impact The prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute...

6.8AI score
Exploits0References5Affected Software1
github
github
added 2025/11/07 11:17 p.m.16 views

Insecure Deserialization (pickle) in pdfminer.six CMap Loader — Local Privesc

🚀 Overview This report demonstrates a real-world privilege escalation vulnerability in pdfminer.six due to unsafe usage of Python's pickle module for CMap file loading. It shows how a low-privileged user can gain root access or escalate to any service account by exploiting insecure deserializatio...

8.6CVSS8.7AI score0.00314EPSS
Exploits1References4Affected Software1
github
github
added 2025/11/07 8:52 p.m.21 views

Arbitrary Code Execution in pdfminer.six via Crafted PDF Input

Summary pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The CMapDB.loaddata function in pdfminer.six uses pickle.loads to deserialize pickle files. These pickle files are supposed to be part of the pdfminer.six distribution stored in th...

8.6CVSS7.6AI score0.00314EPSS
Exploits1References7Affected Software1
github
github
added 2025/11/07 6:46 p.m.19 views

KubeVirt Vulnerable to Arbitrary Host File Read and Write

Summary The hostDisk feature in KubeVirt allows mounting a host file or directory owned by the user with UID 107 into a VM. However, the implementation of this feature and more specifically the DiskOrCreate option which creates a file if it doesn't exist, has a logic bug that allows an attacker t...

8.5CVSS6.9AI score0.00212EPSS
Exploits1References6Affected Software1
github
github
added 2025/11/07 6:30 p.m.10 views

AstrBot has an arbitrary file read vulnerability in function _encode_image_bs64

AstrBot Project v3.5.22 has an arbitrary file read vulnerability in function encodeimagebs64. Since the encodeimagebs64 function defined in entities.py opens the image specified by the user in the request body and returns the image content as a base64-encoded string without checking the legitimac...

6.5CVSS6.9AI score0.00308EPSS
Exploits1References3Affected Software1
github
github
added 2025/11/07 6:30 p.m.13 views

AstrBot contains a directory traversal vulnerability

AstrBot Project v3.5.22 contains a directory traversal vulnerability. The handler function installpluginupload of the interface '/plugin/install-upload' parses the filename from the request body provided by the user, and directly uses the filename to assign to filepath without checking the validi...

7.5CVSS6.9AI score0.00754EPSS
Exploits1References3Affected Software1
github
github
added 2025/11/07 5:37 p.m.28 views

Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events

Summary Open WebUI v0.6.33 and below contains a code injection vulnerability in the Direct Connections feature that allows malicious external model servers to execute arbitrary JavaScript in victim browsers via Server-Sent Event SSE execute events. This leads to authentication token theft, comple...

8CVSS8.2AI score0.07874EPSS
Exploits1References4Affected Software1
github
github
added 2025/11/07 3:25 p.m.17 views

Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE

Summary The functionality that inserts custom prompts into the chat window is vulnerable to DOM XSS when 'Insert Prompt as Rich Text' is enabled, since the prompt body is assigned to the DOM sink .innerHtml without sanitisation. Any user with permissions to create prompts can abuse this to plant ...

8.7CVSS7.4AI score0.00467EPSS
Exploits2References5Affected Software1
github
github
added 2025/11/07 3:30 a.m.8 views

Vercel’s AI SDK's filetype whitelists can be bypassed when uploading files

A vulnerability in Vercel’s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. This issue may have allowed users to bypass filetype whitelists when uploading files. All users are encouraged to upgrade...

5.3CVSS6.9AI score0.00259EPSS
Exploits0References5Affected Software1
github
github
added 2025/11/07 3:30 a.m.10 views

Nuxt DevTools vulnerable to cross-site scripting (XSS)

A vulnerability in Nuxt DevTools has been fixed in version 2.6.4. This issue may have allowed Nuxt auth token extraction via XSS under certain configurations. All users are encouraged to upgrade...

6.9CVSS6.4AI score0.00231EPSS
Exploits1References5Affected Software1
github
github
added 2025/11/06 11:48 p.m.13 views

Soft Serve does not sanitize ANSI escape sequences in user input

Impact In several places where the user can insert data e.g. names, ANSI escape sequences are not being removed, which can then be used, for example, to show fake alerts. In the same token, git messages, when printed, are also not being sanitized. Places in which this was found: 1. Repository...

4.6CVSS6.8AI score0.00174EPSS
Exploits0References4Affected Software1
github
github
added 2025/11/06 11:36 p.m.9 views

KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes

Summary Short summary of the problem. Make the impact and severity as clear as possible. It is possible to trick the virt-handler component into changing the ownership of arbitrary files on the host node to the unprivileged user with UID 107 due to mishandling of symlinks when determining the roo...

5CVSS7.4AI score0.0021EPSS
Exploits1References6Affected Software1
github
github
added 2025/11/06 11:35 p.m.10 views

KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes

Summary The permissions granted to the virt-handler service account, such as the ability to update VMI and patch nodes, could be abused to force a VMI migration to an attacker-controlled node. Details Following the GitHub security advisory published on March 23 2023, a ValidatingAdmissionPolicy w...

6.9CVSS5.5AI score0.00254EPSS
Exploits1References3Affected Software1
github
github
added 2025/11/06 11:35 p.m.12 views

KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation

Summary Short summary of the problem. Make the impact and severity as clear as possible. A logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the VMI. This can...

5.3CVSS7AI score0.00347EPSS
Exploits1References4Affected Software1
github
github
added 2025/11/06 11:35 p.m.10 views

KubeVirt's Improper TLS Certificate Management Handling Allows API Identity Spoofing

Summary Due to improper TLS certificate management, a compromised virt-handler could impersonate virt-api by using its own TLS credentials, allowing it to initiate privileged operations against another virt-handler. Details Give all details on the vulnerability. Pointing to the incriminated sourc...

6.3CVSS5.8AI score0.00181EPSS
Exploits1References6Affected Software1
github
github
added 2025/11/06 11:33 p.m.12 views

KubeVirt Arbitrary Container File Read

Summary Short summary of the problem. Make the impact and severity as clear as possible. Mounting a user-controlled PVC disk within a VM allows an attacker to read any file present in the virt-launcher pod. This is due to erroneous handling of symlinks defined within a PVC. Details Give all detai...

6.5CVSS5.6AI score0.00475EPSS
Exploits1References6Affected Software1
github
github
added 2025/11/06 11:32 p.m.8 views

KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer

Summary Short summary of the problem. Make the impact and severity as clear as possible. A flawed implementation of the Kubernetes aggregation layer's authentication flow could enable bypassing RBAC controls. Details Give all details on the vulnerability. Pointing to the incriminated source code ...

4.7CVSS7.6AI score0.00139EPSS
Exploits1References6Affected Software1
github
github
added 2025/11/06 11:32 p.m.14 views

containerd CRI server: Host memory exhaustion through Attach goroutine leak

Impact A bug was found in containerd's CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. Repetitive calls of CRI Attach e.g., kubectl attach could increase the memory usage of containerd. Patches This bug has been fixed in the following containerd...

6.9CVSS6.7AI score0.00162EPSS
Exploits1References4Affected Software2
github
github
added 2025/11/06 9:31 p.m.9 views

MQTT does not validate hostnames

A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle MITM attack...

7.4CVSS6.6AI score0.00343EPSS
Exploits0References5Affected Software1
github
github
added 2025/11/06 3:47 p.m.11 views

Apollo Router Affected by an Access Control Bypass on Polymorphic Types

Summary A vulnerability in Apollo Router allowed for unauthenticated queries to access data that required additional access controls. Router incorrectly handled access control directives on interface types/fields and their implementing object types/fields, applying them to interface types/fields...

7.5CVSS6.9AI score0.00313EPSS
Exploits0References6Affected Software1
github
github
added 2025/11/06 3:45 p.m.10 views

Apollo Router Improperly Enforces Renamed Access Control Directives

Summary A vulnerability in Apollo Router allowed for unauthorized access to protected data through schema elements with access control directives @authenticated, @requiresScopes, and @policy that were renamed via @link imports. Router did not enforce renamed access control directives on schema...

7.5CVSS6.9AI score0.003EPSS
Exploits0References4Affected Software1
github
github
added 2025/11/06 3:44 p.m.9 views

Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values

Impact The prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute values. While tag content is properly escaped, attribute values are not, allowing attackers to inject arbitrary JavaScript code. Who is impacted: - Any application using...

7.6CVSS5.9AI score0.00216EPSS
Exploits0References7Affected Software1
github
github
added 2025/11/06 3:44 p.m.33 views

OpenTofu affected denials of service in "tofu init" with maliciously-crafted module package responses

Impact Unauthenticated denial of service. Summary When installing module packages from attacker-controlled sources, tofu init may use unbounded memory, cause high CPU usage, or crash when encountering maliciously-crafted TLS certificate chains or tar archives. Those who depend on modules or...

7.5CVSS7.6AI score0.00526EPSS
Exploits0References12Affected Software1
github
github
added 2025/11/06 3:13 p.m.8 views

Open redirect endpoint in Datasette

Impact Deployed instances of Datasette prior to 0.65.2 and 1.0a21 include an open redirect vulnerability. Hits to the path //example.com/foo/bar/ the trailing slash is required will redirect the user to https://example.com/foo/bar. Patches This problem has been patched in both Datasette 0.65.2 an...

6.9CVSS6.7AI score0.00389EPSS
Exploits0References6Affected Software1
Total number of security vulnerabilities33367