Lucene search
+L
GithubRecent

33396 matches found

Github Security Blog
Github Security Blog
added 2025/10/27 9:30 p.m.11 views

Liferay Portal Vulnerable to Cross-Site Scripting

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected int...

5.4CVSS6AI score0.00202EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/27 8:46 p.m.13 views

Keycloak TLS Client-Initiated Renegotiation Denial of Service

Keycloak is vulnerable to a Denial of Service DoS attack due to the default JDK setting that permits Client-Initiated Renegotiation in TLS 1.2. An unauthenticated remote attacker can repeatedly initiate TLS renegotiation requests to exhaust server CPU resources, making the service unavailable...

7.5CVSS7AI score0.00656EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/27 8:19 p.m.11 views

Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations

Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...

8.9CVSS6.8AI score0.13848EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/27 8:18 p.m.9 views

Wasmtime vulnerable to segfault when using component resources

Impact The implementation of component-model related host-to-wasm trampolines in Wasmtime contained a bug where it's possible to carefully craft a component, which when called in a specific way, would crash the host with a segfault or assert failure. This bug was introduced in the release of...

3.1CVSS6.6AI score0.00405EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/27 8:15 p.m.11 views

BBOT's gitlab.py exposes globally configured "gitlab" API key

Summary bbot's gitlab.py sends the user's "gitlab" API key to on-premise GitLab instances. If a user has configured a gitlab.com API key using this mechanism, it may be leaked to an attacker-controlled server. Impact A user with a "gitlab" API key configured who uses bbot to scan a malicious...

4.7CVSS6.8AI score0.00213EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/27 8:12 p.m.11 views

InventoryGui allows item duplication with experimental "Bundle" item in GUIs which use GuiStorageElement

Impact Any plugin using the GuiStorageElement is impacted when used on a server which allows the currently experimental Bundle items. Patches Patched with https://github.com/Phoenix616/InventoryGui/commit/00e684bd689ebc60bcb5b83ce4ef3c5a01778494 "backported" to 1.6.3-SNAPSHOT Update to...

5.9CVSS6.9AI score0.00238EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/27 8:12 p.m.11 views

InventoryGui affected by item duplication in GUIs which use GuiStorageElement

Impact Any plugin using the GuiStorageElement is impacted. Patches Patched with https://github.com/Phoenix616/InventoryGui/commit/27a52ef6d934a1c232e110e0010e4aa810c27029 "backported" to 1.6.1-SNAPSHOT Update to 1.6.2-SNAPSHOT to guarantee that it's included! Workarounds Don't use the...

5CVSS7AI score0.0023EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/27 6:31 p.m.11 views

Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences

Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console...

9.6CVSS6.9AI score0.09917EPSS
Exploits0References11Affected Software3
Github Security Blog
Github Security Blog
added 2025/10/27 6:31 p.m.17 views

Apache Tomcat Vulnerable to Relative Path Traversal

The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the...

7.5CVSS9.3AI score0.66535EPSS
Exploits4References13Affected Software3
Github Security Blog
Github Security Blog
added 2025/10/27 6:31 p.m.10 views

pg8000 SQL injection vulnerability via a specially crafted Python list input

SQL injection vulnerability in tlocke pg8000 1.31.4 allows remote attackers to execute arbitrary SQL commands via a specially crafted Python list input to function pg8000.native.literal...

9.6CVSS8.7AI score0.00328EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/27 6:31 p.m.4 views

Apache Tomcat Vulnerable to Improper Resource Shutdown or Release

If an error occurred including exceeding limits during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and...

5.3CVSS6.9AI score0.01139EPSS
Exploits0References11Affected Software3
Github Security Blog
Github Security Blog
added 2025/10/27 4:20 p.m.11 views

Constellation has insecure LUKS2 persistent storage partitions which may be opened and used

Summary A malicious host may provide a crafted LUKS2 volume to a confidential computing guest that is using the OpenCryptDevice feature. The guest will open the volume and write secret data using a volume key known to the attacker. The attacker can also pre-load data on the device, which could...

8.3CVSS6.6AI score0.00105EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/26 6:30 a.m.12 views

LangGraph's SQLite store implementation has a SQL Injection Vulnerability

A SQL injection vulnerability exists in the langchain-ai/langgraph repository, specifically in the LangGraph's SQLite store implementation. The affected version is langgraph-checkpoint-sqlite 2.0.10. The vulnerability arises from improper handling of filter operators $eq, $ne, $gt, $lt, $gte, $lt...

7.3CVSS7.9AI score0.00162EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/25 12:30 a.m.12 views

Bouncy Castle Vulnerable to Uncontrolled Resource Consumption

Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All API modules, Legion of the Bouncy Castle Inc. Bouncy Castle for Java LTS bcprov-lts8on on All API modules allows Excessive Allocation. This vulnerability is associated wi...

5.9CVSS7AI score0.00142EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2025/10/24 7:15 p.m.14 views

Hono vulnerable to Vary Header Injection leading to potential CORS Bypass

Summary A flaw in the CORS middleware allowed request Vary headers to be reflected into the response, enabling attacker-controlled Vary values and potentially affecting cache behavior. Details The middleware previously copied the Vary header from the request when origin was not set to "". Since...

6.7AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/24 3:27 p.m.11 views

Rancher exposes sensitive information through audit logs

Impact Note: The exploitation of this issue requires that the malicious user have access to Rancher’s audit log storage. A vulnerability has been identified in Rancher Manager, where sensitive information, including secret data, cluster import URLs, and registration tokens, is exposed to any enti...

4.3CVSS6.6AI score0.00271EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/24 3:27 p.m.8 views

Karmada Dashboard API Unauthorized Access Vulnerability

Impact This is an authentication bypass vulnerability in the Karmada Dashboard API. The backend API endpoints e.g., /api/v1/secret, /api/v1/service did not enforce authentication, allowing unauthenticated users to access sensitive cluster information such as Secrets and Services directly. Althoug...

8.7CVSS6.8AI score0.00607EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/24 3:6 p.m.12 views

Rancher user retains access to clusters despite Global Role removal

Impact A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that: - Have a on in rule for resources - Hav...

4.3CVSS6.7AI score0.00208EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/24 12:30 a.m.7 views

Liferay Portal ComboServlet denial of service via large file combination

The ComboServlet in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit the number or size of the files i...

7.5CVSS6.9AI score0.00508EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/23 9:31 p.m.16 views

Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON

Vault and Vault Enterprise "Vault" are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for +HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393...

7.5CVSS6.8AI score0.00517EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/23 9:31 p.m.7 views

Liferay Portal Self Cross-site scripting (XSS) vulnerability on the edit Knowledge Base article page

Self Cross-site scripting XSS vulnerability on the edit Knowledge Base article page in Liferay Portal 7.4.0 through 7.4.3.101, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, and older unsupported versions allows remote attackers to inject...

6.1CVSS6AI score0.00192EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/23 9:31 p.m.15 views

HashiCorp Vault and Vault Enterprise's AWS Auth method may be susceptible to authentication bypass

Vault and Vault Enterprise's "Vault" AWS Auth method may be susceptible to authentication bypass if the role of the configured boundprincipaliam is the same across AWS accounts, or uses a wildcard. This vulnerability is fixed in Vault Community Edition 1.21.0 and Vault Enterprise 1.21.0, 1.20.5,...

8.1CVSS7AI score0.00494EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/23 9:31 p.m.8 views

MCMS reflected cross-site scripting (XSS) vulnerability

A reflected cross-site scripting XSS vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload...

6.1CVSS6AI score0.00184EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/23 8:31 p.m.10 views

rollbar vulnerable to Prototype Pollution in merge()

Impact Prototype pollution vulnerability in merge. If application code calls rollbar.configure with untrusted input, prototype pollution is possible. Patches Fixed in 2.26.5 and 3.0.0-beta5. Workarounds Ensure that values passed to rollbar.configure do not contain untrusted input. References Fixe...

5.9CVSS7.2AI score0.00358EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/23 6:31 p.m.10 views

Piranha CMS vulnerable to stored cross-site scripting (XSS)

A stored cross-site scripting XSS vulnerability in the /manager/pages component of Piranha CMS v12.0 allows attackers to execute arbitrary web scripts or HTML via creating a page and injecting a crafted payload into the Markdown blocks...

6.1CVSS5.5AI score0.00263EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/23 4:1 p.m.11 views

Kottster app reinitialization can be re-triggered allowing command injection in development mode

Impact Development mode only. Kottster contains a pre-authentication remote code execution RCE vulnerability when running in development mode. The vulnerability combines two issues: 1. The initApp action can be called repeatedly without checking if the app is already initialized, allowing attacke...

9.2CVSS8.6AI score0.00749EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/23 4:1 p.m.10 views

OpenBao AWS Plugin Vulnerable to Cross-Account IAM Role Impersonation in AWS Auth Method

Impact This is a cross-account impersonation vulnerability in the auth-aws plugin. The vulnerability allows an IAM role from an untrusted AWS account to authenticate by impersonating a role with the same name in a trusted account, leading to unauthorized access. This impacts all users of the...

8.1CVSS6.9AI score0.00242EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/23 3:30 p.m.9 views

Keycloak does not invalidate offline sessions when the offline_access scope is removed

A flaw was found in Keycloak. An offline session continues to be valid when the offlineaccess scope is removed from the client. The refresh token is accepted and you can continue to request new tokens for the session. As it can lead to a situation where an administrator removes the scope, and...

5.4CVSS6.5AI score0.00272EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/23 3:30 p.m.14 views

Keycloak does not invalidate sessions when "Remember Me" is disabled

A flaw was found in Keycloak. Keycloak does not immediately enforce the disabling of the "Remember Me" realm setting on existing user sessions. Sessions created while "Remember Me" was active retain their extended session lifetime until they expire, overriding the administrator's recent security...

5.4CVSS6.4AI score0.00214EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/23 3:30 p.m.8 views

Liferay Portal and DXP do not properly restrict access to OpenAPI

Liferay Portal 7.4.0 through 7.4.3.109, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not properly restrict access to OpenAPI in certain circumstances, which allows remote attackers...

6.9CVSS6.8AI score0.00384EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/23 12:31 p.m.10 views

Moodle's error handling leads to sensitive information disclosure

An error-handling issue in the Moodle router r.php could cause the application to display internal directory listings when specific HTTP headers were not properly configured...

5.3CVSS6.9AI score0.00274EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/23 12:31 p.m.9 views

Moodle exposed the names of hidden groups to users

Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information...

6.5CVSS6.7AI score0.00246EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/23 12:31 p.m.8 views

Moodle does not properly enforce MFA

A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts...

5.4CVSS7.1AI score0.00234EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/23 12:31 p.m.7 views

Moodle has a time restriction bypass

An issue in Moodle's timed assignment feature allowed students to bypass the time restriction, potentially giving them more time than allowed to complete an assessment...

5.4CVSS7AI score0.00204EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/23 12:31 p.m.5 views

Moodle vulnerable to brute-force password guesses

Moodle's mobile and web service authentication endpoints did not sufficiently restrict repeated password attempts, making them susceptible to brute-force attacks...

7.5CVSS7.2AI score0.00385EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/23 12:31 p.m.8 views

Moodle sends quiz-related messages to inactive/suspended users

Moodle failed to verify enrolment status correctly when sending quiz notifications. As a result, suspended or inactive users might receive quiz-related messages, leaking limited course information...

4.3CVSS6.9AI score0.00208EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/23 12:31 p.m.9 views

Moodle course access permissions are not properly checked in course_output_fragment_course_overview

A flaw was found in the course overview output function where user access permissions were not fully enforced. This could allow unauthorized users to view information about courses they should not have access to, potentially exposing limited course details...

4.3CVSS6.2AI score0.00223EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/23 6:31 a.m.8 views

Slack Nebula may accept arbitrary source IP addresses

Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network...

4.9CVSS7.1AI score0.00199EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/22 9:47 p.m.14 views

binary_vec_io access memory out-of-bounds in binary_read_to_ref and binary_write_from_ref

Safe functions accept a single &T or &mut T but multiply by n to create slices extending beyond allocated memory when n 1. These functions use fromrawparts to create slices larger than the underlying allocation, violating memory safety. The binaryvecio repository is archived and unmaintained...

6.9AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/22 9:31 p.m.8 views

Liferay Portal and DXP are Missing Authorization in Collection Provider

Missing Authorization in Collection Provider component in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19...

6.5CVSS6.8AI score0.00242EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/22 9:31 p.m.11 views

Liferay Portal and Liferay DXP vulnerable to reflected cross-site scripting (XSS)

A reflected cross-site scripting XSS vulnerability, resulting from a regression, has been identified in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through...

4.8CVSS6.1AI score0.00216EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/22 7:55 p.m.10 views

OpenBao and Vault Leak []byte Fields in Audit Logs

Impact OpenBao's audit log did not appropriately redact fields when relevant subsystems sent byte response parameters rather than strings. This includes, but is not limited to: - sys/raw with use of encoding=base64, all data would be emitted unredacted to the audit log. - Transit, when performing...

5.7CVSS6.7AI score0.00299EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/22 7:41 p.m.12 views

Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl

Impact EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password serverSecretKey using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted from limited state/seed information e.g., start time window, substantially...

5.9CVSS6.8AI score0.00182EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/22 7:40 p.m.12 views

pypdf can exhaust RAM via manipulated LZWDecode streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter. Patches This has been fixed in pypdf==6.1.3. Workarounds If you cannot upgrade yet, consider applying the changes from P...

8.7CVSS6.8AI score0.00402EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/22 7:40 p.m.10 views

pypdf possibly loops infinitely when reading DCT inline images without EOF marker

Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page which has an inline image using the DCTDecode filter. Patches This has been fixed in pypdf==6.1.3. Workarounds If you cannot upgrade yet, consider...

8.7CVSS6.8AI score0.00402EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/22 7:38 p.m.12 views

Vert.x-Web vulnerable to Stored Cross-site Scripting in directory listings via file names

Description - In the StaticHandlerImplsendDirectoryListing... method under the text/html branch, file and directory names are directly embedded into the href, title, and link text without proper HTML escaping. - As a result, in environments where an attacker can control file names, injecting...

6.4CVSS7.2AI score0.00265EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/22 7:38 p.m.10 views

Vert.x-Web Access Control Flaw in StaticHandler’s Hidden File Protection for Files Under Hidden Directories

Description There is a flaw in the hidden file protection feature of Vert.x Web’s StaticHandler when setIncludeHiddenfalse is configured. In the current implementation, only files whose final path segment i.e., the file name begins with a dot . are treated as “hidden” and are blocked from being...

7.5CVSS6.6AI score0.00459EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/22 7:37 p.m.15 views

OpenBao leaks HTTPRawBody in Audit Logs

Impact OpenBao's audit log experienced a regression wherein raw HTTP bodies used by few endpoints were not correctly redacted HMAC'd. This impacted the following subsystems: - When using the ACME functionality of PKI, this would result in short-lived ACME verification challenge codes being leaked...

7.5CVSS6.8AI score0.00286EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/22 5:8 p.m.10 views

ncurses exposes uninitialized memory in string reading functions

Multiple string reading functions expose uninitialized memory by setting length to capacity when no null terminator is found. This allows reading uninitialized memory which may contain sensitive data from previous allocations. The ncurses-rs repository is archived and unmaintained...

6.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/22 4:47 p.m.14 views

aiomysql allows arbitrary access to client files through vulnerability of a malicious MySQL server

Summary The client-side settings are not checked before sending local files to MySQL server, which allows obtaining arbitrary files from the client using a rogue server. Details It is possible to create a rogue MySQL server that emulates authorization, ignores client flags and requests arbitrary...

8.2CVSS6.5AI score0.00354EPSS
Exploits0References5Affected Software1
Total number of security vulnerabilities33396