Lucene search
+L
GithubRecent

33396 matches found

Github Security Blog
Github Security Blog
added 2025/10/22 4:46 p.m.10 views

Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality

Summary An authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role such as an administrator can exploit this vulnerability to execute arbitrary SQL commands. This can lea...

7.2CVSS8.1AI score0.00395EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/22 4:45 p.m.21 views

Scapy Session Loading Vulnerable to Arbitrary Code Execution via Untrusted Pickle Deserialization

Summary An unsafe deserialization vulnerability in Scapy Internally, this triggers: python main.py SESSION = pickle.loadgzip.opensessionname, "rb" Since no validation or restriction is performed on the deserialized object, any code embedded via reduce will be executed immediately. This makes it...

8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/22 4:35 p.m.12 views

Borrowck Scarifices exposes uninitialized memory in any_as_u8_slice

The safe function anyasu8slice can create byte slices that reference uninitialized memory when used with types containing padding bytes. The function uses slice::fromrawparts to create a &u8 covering the entire size of a type, including padding bytes. According to Rust's documentation, fromrawpar...

7.2AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/22 4:0 p.m.20 views

Top security researcher shares their bug bounty process

As we wrap Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to spotlight another top performing security researcher who participates in the GitHub Security Bug Bounty Program, Andr e Storfjord Kristiansen! GitHub is dedicated to maintaining the security and reliability of the...

7.3AI score
Exploits0
Github Security Blog
Github Security Blog
added 2025/10/22 3:31 p.m.11 views

Hugging Face Smolagents XPath injection vulnerability in the search_item_ctrl_f function

Hugging Face Smolagents version 1.20.0 contains an XPath injection vulnerability in the searchitemctrlf function located in src/smolagents/visionwebbrowser.py. The function constructs an XPath query by directly concatenating user-supplied input into the XPath expression without proper sanitizatio...

5.4CVSS7AI score0.00252EPSS
Exploits2References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/22 3:21 p.m.11 views

Hono Improper Authorization vulnerability

Improper Authorization in Hono JWT Audience Validation Hono’s JWT authentication middleware did not validate the aud Audience claim by default. As a result, applications using the middleware without an explicit audience check could accept tokens intended for other audiences, leading to potential...

8.1CVSS6.7AI score0.0035EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/21 9:57 p.m.11 views

Direct Ring Buffer has uninitialized memory exposure in create_ring_buffer

The safe function createringbuffer allocates a buffer using Vec::withcapacity followed by setlen, creating a Box containing uninitialized memory. This leads to undefined behavior when functions like writeslices create typed slices e.g., &mut bool over the uninitialized memory, violating Rust's...

7AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/21 9:54 p.m.7 views

orx-pinned-vec has undefined behavior in index_of_ptr with empty slices

The safe function indexofptr causes undefined behavior when called with an empty slice. The issue occurs in the line ptr.addslice.len - 1 which underflows when slice.len is 0, creating a pointer with a massive offset. According to Rust's safety rules, creating such a pointer causes immediate...

7.2AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/21 9:46 p.m.13 views

Nautobot Single Source of Truth (SSoT) has an unauthenticated ServiceNow configuration URL

The servicenow config URL is using a generic django View with no authentication. URL: /plugins/ssot/servicenow/config/ Impact What kind of vulnerability is it? Who is impacted? An Unauthenticated attacker could access this page to view the Service Now public instance name e.g...

5.3CVSS7AI score0.00268EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/21 9:33 p.m.10 views

code16 Sharp vulnerable to Cross Site Scripting (XSS)

code16 Sharp v9.6.6 is vulnerable to Cross Site Scripting XSS src/Form/Fields/SharpFormUploadField.php...

6.1CVSS6.3AI score0.00296EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/21 9:33 p.m.10 views

Liferay Portal reflected cross-site scripting (XSS) vulnerability in the google_gaget

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q3.0 through 2025.Q3.2, 2025.Q2.0 through 2025.Q2.12, 2025.Q1.0 through 2025.Q1.17, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13,...

6.9CVSS5.9AI score0.00224EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/21 8:26 p.m.7 views

NeuVector is shipping cryptographic material into its binary

Impact NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations when NeuVector stores the data. In the patched version, NeuVector leverages the Kubernetes secre...

6.5CVSS6.8AI score0.00242EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/21 8:25 p.m.10 views

NeuVector telemetry sender is vulnerable to MITM and DoS

Impact This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server at https://upgrades.neuvector-upgrade-responder.livestock.rancher.io. In affected...

8.6CVSS6.6AI score0.00179EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/21 8:25 p.m.14 views

NeuVector Enforcer is vulnerable to Command Injection and Buffer overflow

Impact A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTERRPCPORT and CLUSTERLANPORT to generate a command to be executed via popen, without first sanitising their values. The entry process of the enforcer container is the monitor process. When the...

9.9CVSS7.5AI score0.0043EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/21 6:53 p.m.6 views

uv has differential in tar extraction with PAX headers

Impact In versions 0.9.4 and earlier of uv, tar archives containing PAX headers with file size overrides were not handled properly. As a result, an attacker could contrive a source distribution as a tar archive that would extract differently when installed via uv versus other Python package...

8.1CVSS7.6AI score0.00688EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/21 6:30 p.m.8 views

ProcessWire CMS vulnerable to resource-exhaustion Denial of Service

ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to upload a crafted ZIP to Language Support that is auto-extracted without limits prior to validation, enabling resource-exhaustion Denial of Service...

6.5CVSS6.9AI score0.00395EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/21 6:30 p.m.12 views

Liferay Portal fails to verify messages from the cluster network is trusted

Improper Authentication in Liferay Portal 7.4.0 through 7.4.3.132, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to send malicious data to the Lifer...

6.9CVSS7.2AI score0.00164EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/21 6:4 p.m.7 views

Cosmos EVM Vulnerability

Patches Patched in versions v0.3.1, v0.4.2, and in the v0.5.0 release. More information will be disclosed at a later point to ensure chains have time to safely upgrade. Workarounds No workarounds for chains that make use of static or dynamic precompiles. Upgrading is strongly recommended. Testing...

6.7AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/21 6:3 p.m.6 views

Shopware Customer Orders can be canceled, even if refunds are disabled

Refunds in general can be enabled through the administration setting core.cart.enableOrderRefunds in the cart panel.Which visually shows and hides the button. However, using a custom crafted request, a customer can still cancel his own orders.As this is not checked inside the route and also not i...

6.9AI score
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2025/10/21 6:3 p.m.4 views

Shopware exposes sensitive user information via CSV export mapping

Impact Malicious actors can exploit this finding to export sensitive customer information from a Shopware application, including password hashes and password reset tokens. In SaaS deployments, this primarily affects customer accounts. In on-premise deployments, however, it also includes the hashe...

6.5AI score
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2025/10/21 6:2 p.m.10 views

Shopware vulnerable to Server-Side Request Forgery (SSRF) – order invoice

Impact This vulnerability allows malicious actors to force the application server to send HTTP requests to both external and internal servers. In certain cases, this may lead to access to internal resources such as databases, file systems, or other services that are not supposed to be directly...

7AI score
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2025/10/21 6:2 p.m.10 views

Shopware vulnerable to path traversal via Plugin upload

Impact Malicious actors can exploit this vulnerability to write files within arbitrary directories on the filesystem of the Shopware web container. This could allow them to gain persistent shell access by uploading a PHP-shell file to an accessible folder. It is important to note that this...

7.2AI score
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2025/10/21 6:2 p.m.12 views

Shopware vulnerable to MediaVisibilityRestrictionSubscriber bypass when reading media entities by aggregating fields individually

In Shopware core and platform versions before 6.6.10.7 and 6.7.3.1, media visibility restrictions applied by MediaVisibilityRestrictionSubscriber are not enforced for aggregation API requests. Authorization filters are only injected during standard entity reads; aggregation queries can be...

6.5AI score
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2025/10/21 3:42 p.m.8 views

astral-tokio-tar Vulnerable to PAX Header Desynchronization

Summary Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives with PAX-extended headers containing size overrides, the parser...

8.1CVSS7.8AI score0.00688EPSS
Exploits1References8Affected Software2
Github Security Blog
Github Security Blog
added 2025/10/21 3:9 p.m.9 views

Koa Vulnerable to Open Redirect via Trailing Double-Slash (//) in back Redirect Logic

Summary: A bypass was discovered in the Koa.js framework affecting its back redirect functionality. In certain circumstances, an attacker can manipulate the Referer header to force a user’s browser to navigate to an external, potentially malicious website. This occurs because the implementation...

6.1CVSS4.6AI score0.0028EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/20 8:27 p.m.8 views

Taguette vulnerable to cross-site scripting via tag name, tag description, document name and document description

Impact An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. Patches Users should upgrade to Taguette 1.5.0. References -...

5.4CVSS6.8AI score0.00165EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/20 8:8 p.m.7 views

Taguette password reset link poisoning

Impact An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for an attacker to request password reset email containing a malicious link, allowing the attacker to set the email if clicked by the victim. Patches Users should upgrade to Taguette 1.5.0. References -...

7.1CVSS7AI score0.00237EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/20 8:3 p.m.11 views

Uptime Kuma Server-side Template Injection (SSTI) in Notification Templates Allows Arbitrary File Read

Summary In some Notification types e.g., Webhook, Telegram, the send function allows user-controlled renderTemplate input. This leads to a Server-side Template Injection SSTI vulnerability that can be exploited to read arbitrary files from the server. Details The root cause is how Uptime Kuma...

6.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/20 7:54 p.m.10 views

vite allows server.fs.deny bypass via backslash on Windows

Summary Files denied by server.fs.deny were sent if the URL ended with \ when the dev server is running on Windows. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - running the de...

6CVSS7AI score0.01016EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/20 6:30 p.m.12 views

NetBird VPN does not remove the default password of an admin account

NetBird VPN when installed using vendor's provided script failed to remove or change default password of an admin account created by ZITADEL. This issue affects instances installed using vendor's provided script. This issue may affect instances created with Docker if the default password was not...

9.3CVSS7.1AI score0.00389EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/20 5:55 p.m.17 views

Actual Sync-server Gocardless service is logging sensitive data including bearer tokens and account numbers

Summary The GoCardless components in Actualbudget in are logging responses to STDOUT in a parsed format using console.logand console.debug Which in this version of node is an alias for console.log. This is exposing sensitive information in log files including, but not limited to: - Gocardless...

6.9AI score
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/20 3:33 p.m.12 views

rollbar vulnerable to prototype pollution

Impact Prototype pollution potential with the utility function rollbar/src/utility.set. No impact when using the published public interface. If application code directly imports set from rollbar/src/utility and then calls set with untrusted input in the second argument, it is vulnerable to...

7.5CVSS7.2AI score0.00365EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/20 3:31 p.m.7 views

Citizen vulnerable to stored XSS in sticky header button messages

Summary The JS implementation for copying button labels to the sticky header in the Citizen skin unescapes HTML characters, allowing for stored XSS through system messages. Details In the copyButtonAttributes function in stickyHeader.js, when copying the button labels, the innerHTML of the new...

6.5CVSS6AI score0.00418EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/20 3:30 p.m.7 views

TastyIgniter vulnerable to Cross-Site Scripting

Cross-Site Scripting XSS vulnerability exists in TastyIgniter 3.7.7, affecting the /admin/mediamanager component. Attackers can upload a malicious SVG file containing JavaScript code. When an administrator previews the file, the code executes in their browser context, allowing the attacker to...

8.8CVSS6.2AI score0.00558EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/20 3:30 p.m.6 views

Apache Syncope allows malicious administrators to inject Groovy code

Apache Syncope offers the ability to extend / customize the base behavior on every deployment by allowing to provide custom implementations of a few Java interfaces; such implementations can be provided either as Java or Groovy classes, with the latter being particularly attractive as the machine...

7.2CVSS7.1AI score0.23107EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/18 6:30 p.m.8 views

Apache Geode: CSRF attacks through GET requests to the Management and Monitoring REST API that can execute gfsh commands on the target system

Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authenticated user. This...

8.8CVSS7AI score0.00332EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/18 6:30 a.m.8 views

Cargo Mediawiki Extension vulnerable to Cross-site Scripting

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS. This issue affects Mediawiki - Cargo Extension befor 3.8.3...

6.9CVSS6.1AI score0.00418EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/17 9:31 p.m.11 views

MCMS vulnerable SQL injection via the content_title parameter

A SQL injection vulnerability in the contenttitle parameter of the /cms/content/list endpoint in MCMS 5.5.0 through 6.0.1 allows remote attackers to execute arbitrary SQL queries via unsanitized input in the FreeMarker template rendering...

9.8CVSS8.6AI score0.00594EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/17 9:31 p.m.7 views

ThingsBoard vulnerable to stored cross-site scripting (XSS) vulnerability in the dashboard's Image Upload Gallery feature

ThingsBoard versions 4.2.1 contain a stored cross-site scripting XSS vulnerability in the dashboard's Image Upload Gallery feature. An attacker can upload an SVG file containing malicious JavaScript, which may be executed when the file is rendered in the UI. This issue results from insufficient...

6.2CVSS5.1AI score0.00353EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/17 6:31 p.m.12 views

Duplicate Advisory: FlowiseAI Pre-Auth Arbitrary Code Execution

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7944-7c6r-55vv. This link is maintained to preserve external references. Original Description Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supaba...

6.5CVSS8.2AI score0.00594EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/17 6:31 p.m.9 views

Keras framework vulnerable to deserialization of untrusted data

Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3, enabling a maliciously uploaded Keras file containing a TorchModuleWrapper class to run arbitrary code on an end user’s system when loaded despite safe mode being...

9.8CVSS7.4AI score0.00699EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/17 6:8 p.m.9 views

pyquokka is Vulnerable to Remote Code Execution by Pickle Deserialization via FlightServer

Description In the FlightServer class of the pyquokka framework, the doaction method directly uses pickle.loads to deserialize action bodies received from Flight clients without any sanitization or validation, which results in a remote code execution vulnerability. The vulnerable code is located...

9.8CVSS8.9AI score0.00779EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/17 6:5 p.m.6 views

ibexa/fieldtype-richtext has an XSS vulnerability via acronym custom tag in Rich Text

Impact This security advisory resolves an XSS vulnerability in acronym custom tag in Rich Text, in the back office of the DXP. Back office access and varying levels of editing and management permissions are required to exploit this vulnerability. This typically means Editor or Administrator role,...

6.4AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/17 6:3 p.m.11 views

Ash has authorization bypass when bypass policy condition evaluates to true

Summary Bypass policies incorrectly authorize requests when their condition evaluates to true but their authorization checks fail and no other policies apply. Impact Resources with bypass policies can be accessed without proper authorization when: - Bypass condition evaluates to true - Bypass...

8.6CVSS7.3AI score0.00805EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/17 5:59 p.m.10 views

ibexa/admin-ui has an XSS vulnerability in Cancel/Reschedule future publication modal

Impact This security advisory resolves an XSS vulnerability in image asset names, content language names and future publishing in the back office of the DXP. Back office access and varying levels of editing and management permissions are required to exploit this vulnerability. This typically mean...

6.4AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/17 5:58 p.m.9 views

ezsystems/ezplatform-admin-ui has an XSS vulnerability in Cancel/Reschedule future publication modal

Impact This security advisory resolves an XSS vulnerability in image asset names, content language names and future publishing in the back office of the DXP. Back office access and varying levels of editing and management permissions are required to exploit this vulnerability. This typically mean...

6.4AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/17 5:58 p.m.9 views

ibexa/user login enumerates user accounts

Impact In v5, error messages could provide enough information to tell whether a user exists or not. This is resolved by ensuring the error messages are sufficiently ambigious. Patches See "Patched versions". Workarounds None. Resources...

6.6AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/17 5:46 p.m.13 views

Lobe Chat vulnerable to Server-Side Request Forgery with native web fetch module

Vulnerability Description --- Vulnerability Overview - When the client sends an arbitrary URL array and impl: "naive" to the tRPC endpoint tools.search.crawlPages, the server issues outbound HTTP requests directly to those URLs. There is no defensive logic that restricts or validates requests to...

3CVSS7AI score0.003EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/17 5:39 p.m.10 views

Keycloak error_description injection on error pages that can trigger phishing attacks

Keycloak’s account console accepts arbitrary text in the errordescription query parameter. This text is directly rendered in error pages without validation or sanitization. While HTML encoding prevents XSS, an attacker can craft URLs with misleading messages e.g., fake support phone numbers or...

4.3CVSS6.9AI score0.00291EPSS
Exploits0References8Affected Software2
Github Security Blog
Github Security Blog
added 2025/10/17 5:8 p.m.12 views

OpenBao has potential Denial of Service vulnerability when processing malicious unauthenticated JSON requests

Summary JSON objects after decoding might use more memory than their serialized version. It is possible to tune a JSON to maximize the factor between serialized memory usage and deserialized memory usage similar to a zip bomb. While reproducing the issue, we could reach a factor of about 35. This...

7.5CVSS6.8AI score0.00647EPSS
Exploits0References8Affected Software1
Total number of security vulnerabilities33396