Lucene search
+L
GithubRecent

33396 matches found

Github Security Blog
Github Security Blog
added 2025/11/04 2:30 p.m.11 views

Jellysweep uses uncontrolled data in image cache API endpoint

Impact The /api/images/cache which is used to download media posters from the server accepted an url parameter, which was directly passed to the cache package and that downloaded the poster from this URL. This URL parameter can be used to make the jellysweep server download arbitrary content. The...

8.9CVSS7AI score0.00289EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/03 9:50 p.m.9 views

Shaman has soundness issues and is unmaintained

shaman::cryptoutil::writeu64vle and other functions mentioned above cannot garantee memory safety of getunchecked later if both length are zero. shaman is unmaintained...

7.3AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/03 9:49 p.m.12 views

lakeFS affected by unauthenticated access to API usage metrics

Impact Missing authentication in the /api/v1/usage-report/summary endpoint allows anyone to retrieve aggregate API usage counts. While no sensitive data is disclosed, the endpoint may reveal information about service activity or uptime. Patches Upgrade to v1.70.1 Workarounds Any ONE of these is...

5.3CVSS7AI score0.00274EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/03 9:48 p.m.16 views

motionEye vulnerable to RCE via unsanitized motion config parameter

Summary A command injection vulnerability in MotionEye allows attackers to achieve Remote Code Execution RCE by supplying malicious values in configuration fields exposed via the Web UI. Because MotionEye writes user-supplied values directly into Motion configuration files without sanitization,...

7.2CVSS8.6AI score0.18993EPSS
Exploits17References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/03 8:24 p.m.9 views

OpenMage vulnerable to XSS in Admin Notifications

Summary OpenMage versions v20.15.0 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin with direct database access or the admin notification feed source to inject malicious scripts into vulnerable fields. Malicious JavaScript may be execute...

4.8CVSS5.3AI score0.00216EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/03 8:13 p.m.8 views

MantisBT unauthorized disclosure of private project column configuration

Impact Due to insufficient access-level checks, any non-admin user having access to manageconfigcolumnspage.php typically project managers having MANAGER role can use the Copy From action to retrieve the columns configuration from a private project they have no access to. Access to the reverse...

5.3CVSS6.9AI score0.00241EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/03 8:12 p.m.18 views

MantisBT lacks verification when changing a user's email address

When a user edits their profile to change their e-mail address, the system saves it without validating that it actually belongs to the user. Impact This could result in storing an invalid email address, preventing the user from receiving system notifications. Notifications sent to another person'...

5.4CVSS6.5AI score0.00149EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/03 6:31 p.m.13 views

@react-native-community/cli has arbitrary OS command injection

The Metro Development Server, which is opened by the React Native CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary...

9.8CVSS8AI score0.62378EPSS
Exploits5References16Affected Software2
Github Security Blog
Github Security Blog
added 2025/11/03 5:7 p.m.8 views

MantisBT Vulnerable to Denial-of-Service (DoS) via Excessive Note Length

A lack of server-side validation for note length in MantisBT allows attackers to permanently corrupt issue activity logs by submitting extremely long notes tested with 4,788,761 characters. Once such a note is added: Impact - The entire activity stream becomes unviewable UI fails to render. - New...

7.5CVSS6.8AI score0.00375EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/03 5:7 p.m.9 views

MantisBT vulnerable to authentication bypass for some passwords due to PHP type juggling

Due to an incorrect use of loose == instead of strict === comparison in the authentication code1, PHP type juggling will cause interpretation of certain MD5 hashes as numbers, specifically those matching scientific notation. 1:...

9.1CVSS5.9AI score0.00326EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/01 3:30 a.m.13 views

Liferay Portal and DXP do not check permissions of images in a blog entry

Blogs in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions does not check permission of images in a blog entry, which allows remote attackers ...

6.9CVSS6.9AI score0.00267EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/01 12:30 a.m.13 views

Liferay Portal and DXP use an incorrect cache-control header

The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions uses an incorrect cache-control heade...

5.5CVSS6.7AI score0.00123EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2025/10/31 9:31 p.m.9 views

Liferay Portal and DXP affected by multiple cross-site scripting (XSS) vulnerabilities in web content template’s select structure page

Multiple cross-site scripting XSS vulnerabilities in web content template’s select structure page in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 35 through update 92 allow remote attackers to inject arbitrary we...

6.1CVSS5.9AI score0.00214EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/31 9:24 p.m.12 views

Agno session state overwrites between different sessions/users

Impact Under certain conditions under high concurrency, when sessionstate is passed to an Agent or Team during run or arun calls, a race condition can occur, causing a sessionstate to be assigned and persisted to the incorrect session. This may result in user data from one session being exposed t...

7.1CVSS6.7AI score0.00146EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/31 6:31 p.m.9 views

Liferay Portal Vulnerable to Reflected XSS via the selectedLanguageId Parameter

Reflected cross-site scripting XSS vulnerability in Languauge Override in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 update 4 through update 92 allows remote attackers to inject arbitrary web script or HTML via the...

6.1CVSS5.8AI score0.00221EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/31 5:31 p.m.16 views

Ansible does not collect garbage after playbook run

A flaw was found in Ansible Base when using the awsssm connection plugin as its garbage collector is not happening after the playbook run is completed. Files would remain in the bucket exposing the data. This issue directly affects data confidentiality...

5.5CVSS5.1AI score0.00319EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/31 9:30 a.m.12 views

cryptidy allows code execution via untrusted data due to pickle.loads

cryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aesdecryptmessage in symmetricencryption.py...

8.8CVSS7.7AI score0.00228EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/31 12:30 a.m.15 views

Scrapy is vulnerable to a denial of service (DoS) attack due to flaws in brotli decompression implementation

Scrapy versions up to 2.13.3 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of...

7.5CVSS7.1AI score0.00509EPSS
Exploits0References10Affected Software2
Github Security Blog
Github Security Blog
added 2025/10/30 9:30 p.m.9 views

Liferay Portal is vulnerable to XSS in the Blogs widget

Cross-site scripting XSS vulnerability in the Blogs widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allow...

5.4CVSS6.1AI score0.00201EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/30 9:30 p.m.10 views

sqls-server/sqls is vulnerable to command injection in the config command

sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands. This issue has been patched via commit...

7.5CVSS8.1AI score0.01129EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/30 6:31 p.m.29 views

Liferay Portal is vulnerable to DNS rebinding attacks

By default, Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions is vulnerable to DNS rebinding attacks, which allow...

6.1CVSS6.7AI score0.0021EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/30 6:31 p.m.29 views

Duplicate Advisory: Keras keras.utils.get_file API is vulnerable to a path traversal attack

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hjqc-jx6g-rwp9. This link is maintained to preserve external references. Original Description The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a pat...

6.9AI score
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/30 5:22 p.m.12 views

Statamic Vulnerable to Superadmin Account Takeover via Stored Cross-Site Scripting and Lack of Proper X-CSRF-TOKEN Server-Side Validation

Impact Stored XSS vulnerabilities in Collections and Taxonomies allow authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. This affects: - Control panel users with permission to create or edit Collections and...

8CVSS6.4AI score0.00279EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/30 5:13 p.m.19 views

node-tar has a race condition leading to uninitialized memory exposure

Summary Using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. Details See: https://github.com/isaacs/node-tar/issues/445 https://github.com/isaacs/node-tar/pull/446 Regression happene...

6.1CVSS6.5AI score0.00128EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/30 5:10 p.m.11 views

gnark-crypto allows unchecked memory allocation during vector deserialization

The issue has been reported by @raefko from @fuzzinglabs. Excerpts from the report: A critical vulnerability exists in the gnark-crypto library's Vector.ReadFrom function that allows an attacker to trigger arbitrary memory allocation by crafting malicious input data. An attacker can cause the...

7.4AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/30 5:8 p.m.14 views

Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode

Summary When using subrequest authentication, Anubis did not perform validation of the redirect URL and redirects user to any URL scheme. While most modern browsers do not allow a redirect to javascript: URLs, it could still trigger dangerous behavior in some cases. GET...

5.1CVSS6.9AI score0.00528EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/30 5:4 p.m.14 views

n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook

Impact A remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use of the Commit operation in the Git Node can inadvertently trigg...

8.8CVSS8.4AI score0.00772EPSS
Exploits3References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/30 3:32 p.m.12 views

Byaidu PDFMathTranslate vulnerable to open redirect

An open redirect vulnerability exists in Byaidu PDFMathTranslate v1.9.9 that allows attackers to craft URLs that cause the application to redirect users to arbitrary external websites via the file parameter to the /gradioapi endpoint. This vulnerability could be exploited for phishing attacks or ...

6.1CVSS6.9AI score0.00206EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/30 12:31 p.m.11 views

Apache Airflow's create action can upsert existing Pools/Connections/Variables

User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action...

4.6CVSS7.1AI score0.00396EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/30 12:31 p.m.9 views

Apache Airflow `/api/v2/dagReports` executes DAG Python in API

API users via /api/v2/dagReports could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available...

5.4CVSS7.7AI score0.00476EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/30 12:31 p.m.11 views

Apache Airflow has a command injection vulnerability in "example_dag_decorator"

An example dag exampledagdecorator had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production not default or the example dag code copied to build your own...

4.6CVSS7.4AI score0.00448EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/30 12:31 a.m.12 views

Drupal Simple OAuth (OAuth2) & OpenID Connect allows Authentication Bypass

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Simple OAuth OAuth2 & OpenID Connect allows Authentication Bypass. This issue affects Simple OAuth OAuth2 & OpenID Connect: from 6.0.0 before 6.0.7...

7.5CVSS7AI score0.00343EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/30 12:31 a.m.11 views

Drupal CivicTheme Design System allows Cross-Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal CivicTheme Design System allows Cross-Site Scripting XSS. This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0...

6.1CVSS5.8AI score0.00184EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/30 12:31 a.m.14 views

Drupal Acquia DAM allows Forceful Browsing

Missing Authorization vulnerability in Drupal Acquia DAM allows Forceful Browsing. This issue affects Acquia DAM: from 0.0.0 before 1.1.5...

7.5CVSS7AI score0.0028EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/30 12:31 a.m.14 views

Liferay Portal vulnerable to password enumeration

Password enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows remote attackers t...

6.3CVSS7.1AI score0.00368EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/30 12:31 a.m.10 views

Drupal Plausible tracking is vulnerable to XSS

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Plausible tracking allows Cross-Site Scripting XSS. This issue affects Plausible tracking: from 0.0.0 before 1.0.2...

6.1CVSS5.9AI score0.00177EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/30 12:31 a.m.11 views

Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables

Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables. This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2...

5.3CVSS6.9AI score0.00276EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/30 12:31 a.m.11 views

Drupal JSON Field is vulnerable to XSS

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal JSON Field allows Cross-Site Scripting XSS. This issue affects JSON Field: from 0.0.0 before 1.5...

6.1CVSS5.9AI score0.00184EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/30 12:31 a.m.12 views

Drupal Access code allows Brute Force Attempts

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force. This issue affects Access code: from 0.0.0 before 2.0.5...

6.3CVSS7.2AI score0.00225EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/30 12:31 a.m.10 views

Drupal Umami Analytics allows Cross-Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Umami Analytics allows Cross-Site Scripting XSS. This issue affects Umami Analytics: from 0.0.0 before 1.0.1...

3.8CVSS5.9AI score0.00184EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/30 12:31 a.m.11 views

Drupal CivicTheme Design System allows Forceful Browsing

Incorrect Authorization vulnerability in Drupal CivicTheme Design System allows Forceful Browsing. This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0...

7.5CVSS7AI score0.0028EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/30 12:31 a.m.13 views

Drupal Currency allows Cross Site Request Forgery

Cross-Site Request Forgery CSRF vulnerability in Drupal Currency allows Cross Site Request Forgery. This issue affects Currency: from 0.0.0 before 3.5.0...

6.5CVSS6.9AI score0.00121EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/29 10:21 p.m.15 views

LangGraph SQLite Checkpoint Filter Key SQL Injection POC for SqliteStore

Summary LangGraph's SQLite store implementation contains SQL injection vulnerabilities using direct string concatenation without proper parameterization, allowing attackers to inject arbitrary SQL and bypass access controls. Details /langgraph/libs/checkpoint-sqlite/langgraph/store/sqlite/base.py...

7.3CVSS8.3AI score0.00178EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/29 10:21 p.m.8 views

Zitadel May Bypass Second Authentication Factor

Summary A vulnerability in Zitadel's token verification prematurely marked sessions as authenticated when only one factor was verified. Impact Zitadel provides an API for managing sessions, enabling custom login experiences in a dedicated UI or direct integration into applications. Session Tokens...

9.8CVSS7.3AI score0.00336EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2025/10/29 10:21 p.m.10 views

Zitadel allows brute-forcing authentication factors

Summary A vulnerability in Zitadel allowed brute-force attack on OTP, TOTP and password allowing to impersonate the attacked user. Impact An attacker can perform an online brute-force attack on OTP, TOTP, and passwords. While Zitadel allows preventing online brute force attacks in scenarios like...

9.8CVSS6.9AI score0.00353EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2025/10/29 10:20 p.m.11 views

ZITADEL Vulnerable to Account Takeover via Malicious Forwarded Header Injection

Impact A potential vulnerability exists in ZITADEL's password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset confirmation link. This link, containing a secret code, is then emailed to the user. If an...

8.8CVSS7.4AI score0.00345EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/29 10:13 p.m.8 views

OpenUSD File Parsing Use-After-Free Remote Code Execution Vulnerability

Patch This is fixed with commit b953092, with the fix available in OpenUSD 25.11 and onwards. Summary We have been advised by Zero Day Initiative that our usage of the USD framework may constitute a Use-After-Free Remote Code Execution Vulnerability. They have sent us the attached file illustrati...

7.4AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/29 10:12 p.m.36 views

uv allows ZIP payload obfuscation through parsing differentials

Impact In versions 0.9.5 and earlier of uv, ZIP archives were handled in a manner that enabled two parsing differentials against other components of the Python packaging ecosystem: 1. Central directory entries in a ZIP archive can contain comment fields. However, uv would assume that these fields...

6.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/29 9:49 p.m.11 views

CKAN vulnerable to fixed session IDs

Impact Session ids could be fixed by an attacker if the site is configured with server-side session storage CKAN uses cookie-based session storage by default. The attacker would need to either set a cookie on the victim's browser or steal the victim's currently valid session. Session identifiers...

6.1CVSS6.6AI score0.00269EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/29 9:48 p.m.16 views

DNN Insufficient Access Control - Image Upload allows for Site Content Overwrite

Summary The default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. Description An unauthenticated user can upload and replace existing files allowing defacing a website and combined with other issue, injection XSS payloads...

10CVSS6.8AI score0.44656EPSS
Exploits3References3Affected Software1
Total number of security vulnerabilities33396