Lucene search
+L
GithubRecent

33367 matches found

github
github
added 2025/11/06 3:12 p.m.6 views

containerd affected by a local privilege escalation via wide permissions on CRI directory

Impact An overly broad default permission vulnerability was found in containerd. - /var/lib/containerd was created with the permission bits 0o711, while it should be created with 0o700 - Allowed local users on the host to potentially access the metadata store and the content store -...

7.8CVSS6.5AI score0.00159EPSS
Exploits1References5Affected Software2
github
github
added 2025/11/05 7:52 p.m.20 views

LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer

Summary Prior to langgraph-checkpoint version 3.0 , LangGraph’s JsonPlusSerializer used as the default serialization protocol for all checkpointing contains a remote code execution RCE vulnerability when deserializing payloads saved in the "json" serialization mode. If an attacker can cause your...

7.4CVSS8.4AI score0.00871EPSS
Exploits0References6Affected Software1
github
github
added 2025/11/05 7:52 p.m.11 views

Parse Server Vulnerable to Server-Side Request Forgery (SSRF) in File Upload via URI Format

Impact A Server-Side Request Forgery SSRF vulnerability in the file upload functionality when trying to upload a Parse.File with uri parameter allows to execute an arbitrary URI. The vulnerability stems from a file upload feature in which Parse Server retrieves the file data from a URI that is...

7.5CVSS7.3AI score0.0061EPSS
Exploits0References7Affected Software1
github
github
added 2025/11/05 7:52 p.m.9 views

IDOR Vulnerabilities in ZITADEL's Organization API allows Cross-Tenant Data Tempering

Summary ZITADEL's Organization V2Beta API contains Insecure Direct Object Reference IDOR vulnerabilities that allow authenticated users with specific administrator roles within one organization to access and modify data belonging to other organizations. Impact ZITADEL's Organization V2Beta API,...

8.7CVSS6.7AI score0.00276EPSS
Exploits0References5Affected Software1
github
github
added 2025/11/05 6:45 p.m.9 views

Weblate leaks the IP of project member inviting user to be reviewer in Audit log

Summary Weblate leaks the IP address of the project member inviting the user to the project in the audit log. Details The audit log included IP addresses from admin-triggered actions, and those could be viewed by invited users. Impact The inviting user's admin's IP address could be leaked to...

3.5CVSS6.8AI score0.00181EPSS
Exploits0References6Affected Software1
github
github
added 2025/11/05 6:45 p.m.35 views

youki container escape and denial of service due to arbitrary write gadgets and procfs write redirects

Impact youki’s apparmor handling performs insufficiently strict write-target validation, which—combined with path substitution during pathname resolution—can allow writes to unintended procfs locations. Weak write-target check youki only verifies that the destination lies somewhere under procfs. ...

10CVSS7AI score0.00243EPSS
Exploits0References8Affected Software1
github
github
added 2025/11/05 6:44 p.m.42 views

youki container escape via "masked path" abuse due to mount race conditions

Impact youki utilizes bind mounting the container's /dev/null as a file mask. When performing this operation, the initial validation of the source /dev/null was insufficient. Specifically, we initially failed to verify whether /dev/null was genuinely present. However, we did perform validation to...

10CVSS6.9AI score0.00236EPSS
Exploits0References5Affected Software1
github
github
added 2025/11/05 6:40 p.m.18 views

runc container escape and denial of service due to arbitrary write gadgets and procfs write redirects

Impact This attack is primarily a more sophisticated version of CVE-2019-19921, which was a flaw which allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process. The...

7.5CVSS7AI score0.00523EPSS
Exploits1References30Affected Software2
github
github
added 2025/11/05 6:31 p.m.9 views

WSO2 Carbon Mediation vulnerable to XML External Entity (XXE) attacks

An XML External Entity XXE vulnerability exists in multiple WSO2 products due to improper configuration of the XML parser. The application parses user-supplied XML without applying sufficient restrictions, allowing resolution of external entities. A successful attack could enable a remote,...

9.1CVSS6.8AI score0.00415EPSS
Exploits0References5Affected Software1
github
github
added 2025/11/05 5:34 p.m.12 views

runc container escape with malicious config due to /dev/console mount and related races

Impact This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target namely, the bind-mount of /dev/pts/$n to /dev/console as configured for all containers that allocate a console. In runc version 1.0.0-rc3 and later...

8.4CVSS6.6AI score0.00523EPSS
Exploits1References11Affected Software1
github
github
added 2025/11/05 4:37 p.m.10 views

runc container escape via "masked path" abuse due to mount race conditions

Impact The OCI runtime specification has a maskedPaths feature that allows for files or directories to be "masked" by placing a mount on top of them to conceal their contents. This is primarily intended to protect against privileged users in non-user-namespaced from being able to write to files o...

8.4CVSS6.9AI score0.0067EPSS
Exploits4References7Affected Software1
github
github
added 2025/11/05 3:31 p.m.17 views

Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects.

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class Q, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the connector argument...

9.1CVSS8AI score0.19396EPSS
Exploits10References12Affected Software1
github
github
added 2025/11/05 3:31 p.m.14 views

Django has a denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a consequence, django.http.HttpResponseRedirect, django.http.HttpResponsePermanentRedirect, and the shortcut django.shortcuts.redirect were subject to a...

7.5CVSS6.9AI score0.0193EPSS
Exploits1References10Affected Software1
github
github
added 2025/11/05 12:30 p.m.9 views

Apache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode

An attacker with a valid read-only account can bypass Doris MCP Server’s read-only mode due to improper access control, allowing modifications that should have been prevented by read-only restrictions. Impact: Bypasses read-only mode; attackers with read-only access may perform unauthorized...

5.4CVSS6.9AI score0.00336EPSS
Exploits0References6Affected Software1
github
github
added 2025/11/05 3:30 a.m.11 views

expr-eval does not restrict functions passed to the evaluate function

The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted variables object into the evaluate function and trigger arbitrary...

9.8CVSS7.9AI score0.02285EPSS
Exploits0References12Affected Software2
github
github
added 2025/11/04 6:58 p.m.9 views

Kgateway transformation policy template can emit files from the container

Summary The transformation policy template feature in Kgateway versions through 2.0.4 allows users with TrafficPolicy creation permissions to craft transformations that read and expose arbitrary files from the dataplane container filesystem. Description Impact Users with permissions to create a...

6.8AI score
Exploits0References6Affected Software1
github
github
added 2025/11/04 6:39 p.m.10 views

kgateway is missing xDS authorization

Summary The xDS interface in Kgateway versions 2.0.0 through 2.0.4 lacks authentication, allowing any client with unrestricted network access to the xDS port to retrieve potentially sensitive configuration data including certificate data, backend service information, routing rules, and cluster...

5.3CVSS6.8AI score0.00154EPSS
Exploits0References6Affected Software1
github
github
added 2025/11/04 3:48 p.m.9 views

Protobuf Maven Plugin protocDigest is ignored when using protoc from PATH

Summary The expected protocDigest is ignored when protoc is taken from the PATH. Details The documentation for the protocDigest parameter says: ... Users may wish to specify this if using a PATH-based binary ... However, when specifying PATH the protocDigest is not actually checked because the co...

7.1AI score
Exploits0References3Affected Software1
github
github
added 2025/11/04 3:43 p.m.12 views

MARIN3R: Cross-Namespace Vulnerability in the Operator

Summary Cross-namespace Secret access vulnerability in DiscoveryServiceCertificate allows users to bypass RBAC and access Secrets in unauthorized namespaces. Affected Versions All versions prior to v0.13.4 Patched Versions v0.13.4 and later Impact Users with permission to create...

8.7CVSS6.3AI score0.00197EPSS
Exploits0References6Affected Software1
github
github
added 2025/11/04 3:42 p.m.11 views

OctoPrint vulnerable to XSS in Action Commands Notification and Prompt

Impact OctoPrint versions up to and including 1.11.3 are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Action Command notification and prompt popups generated by the printer. An attacker who successfully convinces a victim to print a specially crafted fil...

4.6CVSS6.9AI score0.0015EPSS
Exploits0References4Affected Software1
github
github
added 2025/11/04 3:31 p.m.8 views

Dosage vulnerable to a Directory Traversal through crafted HTTP responses

Impact When downloadinging comic images, Dosage constructs target file names from different aspects of the remote comic page URL, image URL, page content, etc.. While the basename is properly stripped of directory-traversing characters, the file extension is taken from the HTTP Content-Type heade...

8.8CVSS7.1AI score0.00443EPSS
Exploits0References4Affected Software1
github
github
added 2025/11/04 3:31 p.m.14 views

DSPy does not properly restrict file reads

The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the “PythonInterpreter” class...

5.9CVSS6.9AI score0.00323EPSS
Exploits0References3Affected Software1
github
github
added 2025/11/04 2:30 p.m.10 views

Jellysweep uses uncontrolled data in image cache API endpoint

Impact The /api/images/cache which is used to download media posters from the server accepted an url parameter, which was directly passed to the cache package and that downloaded the poster from this URL. This URL parameter can be used to make the jellysweep server download arbitrary content. The...

8.9CVSS7AI score0.00289EPSS
Exploits0References4Affected Software1
github
github
added 2025/11/03 9:50 p.m.8 views

Shaman has soundness issues and is unmaintained

shaman::cryptoutil::writeu64vle and other functions mentioned above cannot garantee memory safety of getunchecked later if both length are zero. shaman is unmaintained...

7.3AI score
Exploits0References3Affected Software1
github
github
added 2025/11/03 9:49 p.m.12 views

lakeFS affected by unauthenticated access to API usage metrics

Impact Missing authentication in the /api/v1/usage-report/summary endpoint allows anyone to retrieve aggregate API usage counts. While no sensitive data is disclosed, the endpoint may reveal information about service activity or uptime. Patches Upgrade to v1.70.1 Workarounds Any ONE of these is...

5.3CVSS7AI score0.00274EPSS
Exploits0References4Affected Software1
github
github
added 2025/11/03 9:48 p.m.16 views

motionEye vulnerable to RCE via unsanitized motion config parameter

Summary A command injection vulnerability in MotionEye allows attackers to achieve Remote Code Execution RCE by supplying malicious values in configuration fields exposed via the Web UI. Because MotionEye writes user-supplied values directly into Motion configuration files without sanitization,...

7.2CVSS8.6AI score0.18993EPSS
Exploits17References4Affected Software1
github
github
added 2025/11/03 8:24 p.m.7 views

OpenMage vulnerable to XSS in Admin Notifications

Summary OpenMage versions v20.15.0 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin with direct database access or the admin notification feed source to inject malicious scripts into vulnerable fields. Malicious JavaScript may be execute...

4.8CVSS5.3AI score0.00216EPSS
Exploits1References4Affected Software1
github
github
added 2025/11/03 8:13 p.m.8 views

MantisBT unauthorized disclosure of private project column configuration

Impact Due to insufficient access-level checks, any non-admin user having access to manageconfigcolumnspage.php typically project managers having MANAGER role can use the Copy From action to retrieve the columns configuration from a private project they have no access to. Access to the reverse...

5.3CVSS6.9AI score0.00241EPSS
Exploits1References5Affected Software1
github
github
added 2025/11/03 8:12 p.m.18 views

MantisBT lacks verification when changing a user's email address

When a user edits their profile to change their e-mail address, the system saves it without validating that it actually belongs to the user. Impact This could result in storing an invalid email address, preventing the user from receiving system notifications. Notifications sent to another person'...

5.4CVSS6.5AI score0.00149EPSS
Exploits1References5Affected Software1
github
github
added 2025/11/03 6:31 p.m.13 views

@react-native-community/cli has arbitrary OS command injection

The Metro Development Server, which is opened by the React Native CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary...

9.8CVSS8AI score0.62378EPSS
Exploits5References16Affected Software2
github
github
added 2025/11/03 5:7 p.m.8 views

MantisBT Vulnerable to Denial-of-Service (DoS) via Excessive Note Length

A lack of server-side validation for note length in MantisBT allows attackers to permanently corrupt issue activity logs by submitting extremely long notes tested with 4,788,761 characters. Once such a note is added: Impact - The entire activity stream becomes unviewable UI fails to render. - New...

7.5CVSS6.8AI score0.00375EPSS
Exploits0References6Affected Software1
github
github
added 2025/11/03 5:7 p.m.8 views

MantisBT vulnerable to authentication bypass for some passwords due to PHP type juggling

Due to an incorrect use of loose == instead of strict === comparison in the authentication code1, PHP type juggling will cause interpretation of certain MD5 hashes as numbers, specifically those matching scientific notation. 1:...

9.1CVSS5.9AI score0.00326EPSS
Exploits0References6Affected Software1
github
github
added 2025/11/01 3:30 a.m.13 views

Liferay Portal and DXP do not check permissions of images in a blog entry

Blogs in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions does not check permission of images in a blog entry, which allows remote attackers ...

6.9CVSS6.9AI score0.00267EPSS
Exploits0References6Affected Software1
github
github
added 2025/11/01 12:30 a.m.13 views

Liferay Portal and DXP use an incorrect cache-control header

The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions uses an incorrect cache-control heade...

5.5CVSS6.7AI score0.00123EPSS
Exploits0References6Affected Software2
github
github
added 2025/10/31 9:31 p.m.9 views

Liferay Portal and DXP affected by multiple cross-site scripting (XSS) vulnerabilities in web content template’s select structure page

Multiple cross-site scripting XSS vulnerabilities in web content template’s select structure page in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 35 through update 92 allow remote attackers to inject arbitrary we...

6.1CVSS5.9AI score0.00214EPSS
Exploits0References4Affected Software1
github
github
added 2025/10/31 9:24 p.m.11 views

Agno session state overwrites between different sessions/users

Impact Under certain conditions under high concurrency, when sessionstate is passed to an Agent or Team during run or arun calls, a race condition can occur, causing a sessionstate to be assigned and persisted to the incorrect session. This may result in user data from one session being exposed t...

7.1CVSS6.7AI score0.00146EPSS
Exploits0References3Affected Software1
github
github
added 2025/10/31 6:31 p.m.8 views

Liferay Portal Vulnerable to Reflected XSS via the selectedLanguageId Parameter

Reflected cross-site scripting XSS vulnerability in Languauge Override in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 update 4 through update 92 allows remote attackers to inject arbitrary web script or HTML via the...

6.1CVSS5.8AI score0.00221EPSS
Exploits0References3Affected Software1
github
github
added 2025/10/31 5:31 p.m.16 views

Ansible does not collect garbage after playbook run

A flaw was found in Ansible Base when using the awsssm connection plugin as its garbage collector is not happening after the playbook run is completed. Files would remain in the bucket exposing the data. This issue directly affects data confidentiality...

5.5CVSS5.1AI score0.00319EPSS
Exploits0References6Affected Software1
github
github
added 2025/10/31 9:30 a.m.11 views

cryptidy allows code execution via untrusted data due to pickle.loads

cryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aesdecryptmessage in symmetricencryption.py...

8.8CVSS7.7AI score0.00228EPSS
Exploits1References4Affected Software1
github
github
added 2025/10/31 12:30 a.m.15 views

Scrapy is vulnerable to a denial of service (DoS) attack due to flaws in brotli decompression implementation

Scrapy versions up to 2.13.3 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of...

7.5CVSS7.1AI score0.00509EPSS
Exploits0References10Affected Software2
github
github
added 2025/10/30 9:30 p.m.9 views

Liferay Portal is vulnerable to XSS in the Blogs widget

Cross-site scripting XSS vulnerability in the Blogs widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allow...

5.4CVSS6.1AI score0.00201EPSS
Exploits0References3Affected Software1
github
github
added 2025/10/30 9:30 p.m.10 views

sqls-server/sqls is vulnerable to command injection in the config command

sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands. This issue has been patched via commit...

7.5CVSS8.1AI score0.01129EPSS
Exploits0References7Affected Software1
github
github
added 2025/10/30 6:31 p.m.28 views

Liferay Portal is vulnerable to DNS rebinding attacks

By default, Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions is vulnerable to DNS rebinding attacks, which allow...

6.1CVSS6.7AI score0.0021EPSS
Exploits0References4Affected Software1
github
github
added 2025/10/30 6:31 p.m.28 views

Duplicate Advisory: Keras keras.utils.get_file API is vulnerable to a path traversal attack

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hjqc-jx6g-rwp9. This link is maintained to preserve external references. Original Description The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a pat...

6.9AI score
Exploits0References6Affected Software1
github
github
added 2025/10/30 5:22 p.m.11 views

Statamic Vulnerable to Superadmin Account Takeover via Stored Cross-Site Scripting and Lack of Proper X-CSRF-TOKEN Server-Side Validation

Impact Stored XSS vulnerabilities in Collections and Taxonomies allow authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. This affects: - Control panel users with permission to create or edit Collections and...

8CVSS6.4AI score0.00279EPSS
Exploits0References5Affected Software1
github
github
added 2025/10/30 5:13 p.m.18 views

node-tar has a race condition leading to uninitialized memory exposure

Summary Using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. Details See: https://github.com/isaacs/node-tar/issues/445 https://github.com/isaacs/node-tar/pull/446 Regression happene...

6.1CVSS6.5AI score0.00128EPSS
Exploits0References7Affected Software1
github
github
added 2025/10/30 5:10 p.m.11 views

gnark-crypto allows unchecked memory allocation during vector deserialization

The issue has been reported by @raefko from @fuzzinglabs. Excerpts from the report: A critical vulnerability exists in the gnark-crypto library's Vector.ReadFrom function that allows an attacker to trigger arbitrary memory allocation by crafting malicious input data. An attacker can cause the...

7.4AI score
Exploits0References5Affected Software1
github
github
added 2025/10/30 5:8 p.m.14 views

Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode

Summary When using subrequest authentication, Anubis did not perform validation of the redirect URL and redirects user to any URL scheme. While most modern browsers do not allow a redirect to javascript: URLs, it could still trigger dangerous behavior in some cases. GET...

5.1CVSS6.9AI score0.00528EPSS
Exploits0References5Affected Software1
github
github
added 2025/10/30 5:4 p.m.14 views

n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook

Impact A remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use of the Commit operation in the Git Node can inadvertently trigg...

8.8CVSS8.4AI score0.00772EPSS
Exploits3References5Affected Software1
github
github
added 2025/10/30 3:32 p.m.11 views

Byaidu PDFMathTranslate vulnerable to open redirect

An open redirect vulnerability exists in Byaidu PDFMathTranslate v1.9.9 that allows attackers to craft URLs that cause the application to redirect users to arbitrary external websites via the file parameter to the /gradioapi endpoint. This vulnerability could be exploited for phishing attacks or ...

6.1CVSS6.9AI score0.00206EPSS
Exploits0References5Affected Software1
Total number of security vulnerabilities33367