Lucene search
K
GithubRecent

33187 matches found

Github Security Blog
Github Security Blog
added 2026/06/19 7:21 p.m.6 views

py7zr: Arbitrary File Write Vulnerability

Summary There exists an arbitrary file write vulnerability in py7zr 1.1.0, latest, which allows symbolic links to be recreated outside the destination directory via crafted malicious symbolic link chains. When using extractall to extract an archive, the library restores these symbolic links,...

8CVSS6.3AI score0.00404EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 7:18 p.m.20 views

TypeORM: SQL Injection in UpdateQueryBuilder/SoftDeleteQueryBuilder orderBy (MySQL/MariaDB)

Impact Blind SQL injection vulnerability in UpdateQueryBuilder and SoftDeleteQueryBuilder affecting MySQL and MariaDB users. UpdateQueryBuilder and SoftDeleteQueryBuilder including their addOrderBy variants do not validate the order parameter against an allowlist of permitted values ASC/DESC. The...

6AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 7:18 p.m.8 views

Hugo: security.http.urls deny rules bypassed by alternate IPv4 encodings (SSRF)

Impact The default security.http.urls policy denies requests to loopback, internal, and cloud-metadata IPv4 literals e.g. http://127.0.0.1/, http://169.254.169.254/. The deny rule only matched dotted-decimal notation, so alternate IPv4 encodings of the same addresses — integer, hex, or octal, whi...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 5:47 p.m.8 views

AlchemyCMS: Unauthenticated nested page API leaks restricted & unpublished content

Unauthenticated nested page API leaks restricted & unpublished content - Location: app/controllers/alchemy/api/pagescontroller.rb:28 Api::PagesControllernested - Affected version: Alchemy CMS 8.3.0.dev Rails 8.1.3 Description The unauthenticated GET /api/pages/nested endpoint returns the full pag...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 5:45 p.m.6 views

Hugo: Symlink confinement bypass in os.ReadFile

Affected versions: v0.123.0 through v0.163.0. Earlier versions are not affected. Fixed in: v0.163.1. Severity: Medium. Requires the attacker to be able to place or convince a site author to place a symlink inside a mounted directory — for example, inside a locally-vendored theme under themes/...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 5:45 p.m.14 views

Hugo: XSS via unescaped code-fence language in default code block renderer

Hugo's default code-block renderer wrote the Markdown code-fence language / info-string into the wrapper without HTML escaping. A fence info-string containing a quote and a payload breaks out of the attribute and injects a live script element. This is not an issue if you fully trust every file...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 5:45 p.m.14 views

OpenZeppelin Contracts Wizard: Line terminators in info.securityContact / info.license can inject lines into generated source

Summary The Contracts Wizard generators printed info.securityContact and info.license verbatim into a single-line comment of the generated Solidity, Cairo, Stellar/Soroban, and Stylus source without rejecting line terminators. A newline \n or \r\n in either field ends the comment, so the text aft...

6.1AI score
Exploits0References2Affected Software4
Github Security Blog
Github Security Blog
added 2026/06/19 4:37 p.m.9 views

Nokogiri: Possible Use-After-Free when setting an attribute value via `Nokogiri::XML::Attr#value=` or `#content=`

Summary Nokogiri’s CRuby native extension could leave a Ruby wrapper pointing to freed memory when replacing the value of an XML attribute. If Ruby code had already accessed an attribute child node, Nokogiri::XML::Attrvalue= could free the underlying native child node while the wrapper remained...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 4:37 p.m.9 views

Nokogiri: Possible Use-After-Free in XInclude Processing

Summary XInclude substitution performed by Nokogiri::XML::Nodedoxinclude replaced each in place, freeing the include node along with its children such as and its descendants and any namespaces declared on them. If an application had already exposed one of those nodes or namespaces to Ruby, the...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 4:37 p.m.10 views

Nokogiri: Possible Use-After-Free when directly using `NokogirI::XML::XPathContext` beyond document lifetime

Summary Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XPathContext outlived its document and the document was collected, evaluating an XPath expression could read invalid memory and potentially segfault. This is only reachable when application co...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 4:36 p.m.7 views

Nokogiri: Possible Use-After-Free when setting `Document#root=` to an invalid node type

Summary Nokogiri::XML::Documentroot= validated only that the new root was a Nokogiri::XML::Node, allowing a DTD node to be set as the document root. The result is a heap use-after-free during garbage collection or finalization, leading to an invalid memory read or potentially a segfault. Nokogiri...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 4:36 p.m.8 views

Nokogiri: Possible Out-of-Bounds Read in `Nokogiri::XML::NodeSet#[]`

Summary Nokogiri::XML::NodeSet and its alias slice checked the requested index against the node set's bounds using a 32-bit-truncated copy of the index. A large negative index could pass the check and then be used at full width, reading outside the node set's storage. On CRuby this is an...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 4:36 p.m.10 views

Nokogiri: Null Pointer Dereference calling methods on uninitialized wrapper classes

Summary Nokogiri contains a bug when calling certain methods on allocated-but-uninitialized native wrapper classes that inherit from Nokogiri::XML::Node. This caused a NULL pointer dereference that could crash the process. Nokogiri 1.19.4 checks for missing native data pointers and raises a...

6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 4:36 p.m.11 views

Nokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-2020-26247

Summary The NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema see CVE-2020-26247, was not correctly enforced on the JRuby implementation. As a result, a schema parsed with default options could still cause external resources to be fetched over the network, potential...

4.3CVSS6AI score0.01109EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 4:35 p.m.11 views

Nokogiri: Possible Use-After-Free when `Nokogiri::XML::Document#encoding=` raises an exception

Summary Calling Documentencoding= with an invalid encoding e.g., a non-string, or a string containing a null byte raises an exception, but only after freeing the document's current encoding string without replacing it. The document is left referencing freed memory, so the next call to...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 4:35 p.m.8 views

OpenTofu: Possible arbitrary file read during certain git operations via a maliciously crafted URL

Impact Possible data exposure. Summary While downloading packages from a maliciously crafted URL, some git operations against that URL could allow arbitrary file read. This might allow disclosure of confidential information. Details OpenTofu relies on go-getter for downloading packages like...

7.5CVSS6AI score0.00583EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 3:12 p.m.13 views

Agentic-Flow: OS Command Injection in agentic-flow MCP server tools via unsanitized tool-parameter interpolation into execSync

Summary agentic-flow versions = 2.0.13 MCP server tools interpolated attacker-influenceable tool parameters e.g. agent, task, name, language, agentdb arguments directly into shell command strings passed to execSync. A malicious value reaching any of the affected MCP tools could break out of the...

6.1AI score
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 3:12 p.m.10 views

ouroboros-ai: Incomplete fix of CVE-2026-47211: untrusted project .env can still reach RCE via omitted execution-routing keys

Impact The CVE-2026-47211 fix 0.39.0 added UNTRUSTEDENVDENYLIST to stop an untrusted project-directory .env from redirecting execution. The denylist was incomplete — several execution-routing keys of the same RCE class were omitted, so a malicious cloned repo can still reach arbitrary command...

6.1AI score0.00557EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 3:11 p.m.15 views

JupyterLab: Stored XSS in extension manager through package metadata unsanitized URI protocol

A malicious PyPI package can place a javascript: URL in its project.urls metadata. JupyterLab's Extension Manager renders this as the extension's home-page link without validating the protocol, so a user who clicks the extension name executes attacker-controlled JavaScript in the JupyterLab origi...

5.9AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 3:9 p.m.7 views

DotVVM: Unrestricted file upload

Impact All users of DotVVM with configured file upload storage are affected. DotVVM allows anyone to upload files to the application, potentially causing denial of service by filling the disk. Patches Since version 4.3.15, 4.2.11 and 5.0.0-preview09, DotVVM requires all file upload request to hav...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 3:8 p.m.8 views

DotVVM: Missing authorization in AuthorizeActionFilter

Impact All users of the AuthorizeActionFilter class are affected. The AuthorizeActionFilter simply does nothing, no “hacking” is needed to bypass the filter. Patches DotVVM 4.3.15, 4.2.11 and 5.0.0-preview09 fix this. Workarounds As a workaround, you can use the AuthorizeAttribute instead. It...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 3:8 p.m.8 views

ReDoS in DotVVM routing

Impact This impacts users which use multiple unconstrained route parameters not separated by a /. For instance, the following code is vulnerable: var route = new DotvvmRoute"edit/a-b-c/done", null, "testpage", null, null, configuration; var adversarialInput = "edit/" + new string'-', 32000;...

5.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 3:1 p.m.7 views

agent-coderag: Gradle Wrapper Execution During Dependency Discovery Enables Arbitrary Code Execution

Gradle Wrapper Execution During Dependency Discovery Enables Arbitrary Code Execution Summary agent-coderag unconditionally executes a repository-controlled gradlew script during its default sync dependency-discovery flow. An attacker who can induce a victim to index a malicious Gradle repository...

6.5AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 3:0 p.m.9 views

Entire CLI: Path traversal in checkpoint session metadata allows arbitrary file write during resume/rewind

Impact A path traversal vulnerability in Entire CLI allows an attacker with push access to the checkpoints repository to craft malicious checkpoint metadata that causes entire session resume or entire checkpoint rewind to write attacker-controlled transcript data outside of the expected session...

6.1AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 2:50 p.m.9 views

parse-server: Denial of service via exponential-time processing of deeply nested query operators

Impact Parse Server is vulnerable to denial of service. A remote attacker can send a single, small query 1 KB containing deeply nested query condition operators. Parse Server processes the nested structure with exponential time complexity, which blocks the Node.js event loop and makes the server...

5.9AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 2:46 p.m.8 views

Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK install_packages()

Summary The AWS Bedrock AgentCore Python SDK bedrock-agentcore is an open-source SDK that enables developers to build, deploy, and manage agents on AWS Bedrock AgentCore. An issue exists in the installpackages method of the Code Interpreter client where crafted package name arguments can bypass...

8.4CVSS6.3AI score0.00302EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 2:45 p.m.8 views

tract: Arbitrary file read via unsanitized ONNX external_data `location` (path traversal) on model load in tract-onnx

Summary tract the tract-onnx crate resolves an ONNX tensor's external-data location by joining it onto the model directory without any sanitization. Because location comes from the untrusted .onnx file, a malicious model can make tract open and read an arbitrary local file at load time, with the...

6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 2:39 p.m.9 views

CedarJava has policy injection vulnerability

Summary CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. Under certain circumstances, improper input handling could allow policy injection. Impact Cedar-expression injection via unescaped toCedarExpr The toCedarExpr metho...

6.2AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 2:38 p.m.13 views

CedarJava has type confusion vulnerability

Summary CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. Under certain circumstances, improper input handling could allow type confusion across the Java-Rust FFI boundary. Impact Record-to-Entity type confusion across the...

6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 2:37 p.m.8 views

guzzlehttp/guzzle: Dot-Only Cookie Domains Match All Hosts

Impact CookieJar incorrectly accepts cookies with a dot-only Domain attribute, such as Domain=., Domain=.., Domain=..., and whitespace-padded variants such as Domain= . . In affected versions, SetCookie::matchesDomain removes leading dots from the cookie domain, normalizing dot-only values to the...

5.8CVSS5.9AI score0.00111EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 2:35 p.m.11 views

guzzlehttp/psr7: CRLF Injection in HTTP Start-Line Serialization

Impact guzzlehttp/psr7 did not reject CR/LF characters in certain first-party HTTP start-line fields: the request method, protocol version, and response reason phrase. If an application placed attacker-controlled data into one of those fields and later serialized the PSR-7 message as raw HTTP/1.x...

4.8CVSS5.8AI score0.00158EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 2:35 p.m.11 views

OpenFGA: OIDC audience validation skipped when --authn-oidc-audience is unset

Description OpenFGA's OIDC authenticator skipped JWT audience aud validation when no audience was configured. In deployments where one identity provider issues tokens for multiple services, a token minted for an unrelated service could authenticate to OpenFGA. Preconditions This applies if the...

6.8CVSS5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 2:34 p.m.11 views

undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching

Impact When undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring, rather than the case-insensitive exact match specified by RFC 6265. Non-spec values are silently mapped to one of the three standard tokens: -...

3.7CVSS5.9AI score0.00248EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 2:22 p.m.14 views

undici WebSocket client vulnerable to denial of service via fragment count bypass

Impact The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of fragments. A malicious WebSocket server can stream many small or empty continuation frames that each pass per-frame and cumulative-size...

7.5CVSS5.9AI score0.00759EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 2:21 p.m.16 views

undici vulnerable to HTTP header injection via Set-Cookie percent-decoding

Impact undici's cookie parser in parseSetCookie percent-decodes cookie values via qsUnescape, turning encoded sequences like %0D%0A, %00, %3B, and %3D into their literal byte equivalents. RFC 6265 §5.4 does not specify any decoding and browsers do not decode either. Applications that parse a...

5.9CVSS6AI score0.00257EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 2:20 p.m.10 views

undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse

Impact When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination. This cause...

8.8CVSS6.4AI score0.00323EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 2:19 p.m.12 views

undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse

Impact Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes. When the client dispatches the next request on that socket, it...

3.7CVSS5.8AI score0.00228EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 2:17 p.m.10 views

guzzlehttp/guzzle: Silent HTTPS-Proxy Downgrade to Cleartext

Impact The built-in cURL handlers GuzzleHttp\Handler\CurlHandler and GuzzleHttp\Handler\CurlMultiHandler, used by default whenever the PHP cURL extension is available accept an https:// proxy — a proxy reached over a TLS-encrypted connection — through the proxy request option, client-level proxy...

5.9CVSS5.9AI score0.00106EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 2:17 p.m.10 views

NL Portal Backend Libraries: Unauthenticated form resolver forwards the privileged Objecten-API token to a caller-supplied URL (SSRF)

Summary The public GraphQL resolvers getFormDefinitionByObjectenApiUrlurl and the deprecated getFormDefinitionByIdid fetch a caller-supplied URL using the privileged Objecten-API token. Because the /graphql endpoint is permitAll and these resolvers do not declare a CommonGroundAuthentication...

6AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 2:16 p.m.7 views

canto-saas-api: OAuth credentials exposed in URL query string and exception messages

Summary In affected versions, the OAuth2 token request sends appid, appsecret, refreshtoken and code as URL query parameters of the POST request to https://oauth./oauth/api/oauth2/token. Request URLs are commonly recorded in access logs, proxy logs and APM traces, so the application secret and...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 2:13 p.m.8 views

canto-saas-api: Authenticated API requests can be redirected via unencoded path variables

Summary In affected versions, Request::buildRequestUrl inserts path variables into the request URL without URL encoding implode'/', $pathVariables. All request classes implementing getPathVariables are affected, e.g. GetContentDetailsRequest scheme, contentId. If a consuming application passes...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 1:58 p.m.10 views

Tilt: Missing authentication on the network-exposed Tilt HUD server

Summary The Tilt HUD HTTP server exposes state-changing and sensitive-read endpoints with no authentication. When the HUD is bound to a non-loopback address, a network attacker can trigger the developer's pre-defined Tiltfile resources, tamper with Tiltfile arguments, read full engine state...

6AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 1:53 p.m.9 views

Tilt: Cross-site WebSocket hijacking of the Tilt HUD stream

Summary The Tilt HUD WebSocket /ws/view is gated by a CSRF token, but the token is served by an unauthenticated endpoint and the upgrader accepts any client that omits an Origin header. When the HUD is network-exposed, an attacker can open the HUD stream and read the developer's session state...

5.8AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 1:52 p.m.7 views

Tilt: Unauthenticated pprof debug endpoints on the Tilt HUD server

Summary The Tilt HUD server mounts Go's net/http/pprof handlers under /debug with no access control. When the HUD is network-exposed, an attacker can read process memory — including session and apiserver tokens — and hold the process under profiling. Details A blank import of net/http/pprof...

6AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 1:35 p.m.7 views

Network-AI: Improper Neutralization of Special Elements used in an OS Command

Summary The agent sandbox gates shell commands behind an allowlist SandboxPolicy.isCommandAllowed, which THREATMODEL.md calls the main control against a compromised agent Adversary 3.2. The allowlist glob-matches the whole command string, but ShellExecutor runs that string through /bin/sh -c. So...

6.5AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 1:34 p.m.8 views

Network-AI: CVE-2026-46701 fix incomplete — empty default secret still authorizes all requests

Advisory / Disclosure Network-AI — CVE-2026-46701 fix is incomplete: the "Empty Default Secret" unauth path survives Target: Jovancoding/Network-AI npm network-ai, latest v5.7.1 Status: the advisory "Unauthenticated Cross-Origin MCP Tool Invocation via Empty Default Secret" named three flaws. The...

9.1CVSS5.9AI score0.00297EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 6:31 a.m.8 views

ts-deepmerge: Prototype Method Override leads to DoS

Versions of the package ts-deepmerge before 8.0.0 are vulnerable to Uncaught Exception due to the improper handling of built-in Object.prototype methods such as toString, valueOf. When user-controlled input contains these keys with non-function values, the resulting merged object becomes broken —...

6.9CVSS5.9AI score0.00308EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 6:31 a.m.6 views

Canonical MicroCeph: path traversal issue in the remote-import AP

Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate such as enrolled cluster members or join token can manipulate files in an imported remote cluster within the...

5CVSS5.9AI score0.00208EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 12:31 a.m.6 views

Duplicate Advisory: PraisonAI has Memory State Leakage and Path Traversal in MultiAgent Context Handling

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-766v-q9x3-g744. This link is maintained to preserve external references. Original Description PraisonAI before 1.5.115 contains a path traversal vulnerability in MultiAgentMonitor that fails to sanitize agent ID...

8.8CVSS6AI score0.00687EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 12:31 a.m.11 views

Duplicate Advisory: PraisonAI: Coarse-Grained Tool Approval Cache Bypasses Per-Invocation Consent for Shell Commands

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-ffp3-3562-8cv3. This link is maintained to preserve external references. Original Description PraisonAI before 1.5.128 caches tool approval decisions by tool name only, not by invocation arguments, allowing...

6.8CVSS5.8AI score0.00116EPSS
Exploits0References4Affected Software1
Total number of security vulnerabilities33187