Lucene search
+L
GithubRecent

33426 matches found

Github Security Blog
Github Security Blog
added 2025/10/13 6:31 p.m.11 views

Liferay Publications is vulnerable to Incorrect Authorization

Insecure direct object reference IDOR vulnerability in Publications in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated attackers to view publication comments via the...

5.4CVSS6.8AI score0.00225EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/13 6:31 p.m.7 views

llama-index has Insecure Temporary File

The llamaindex library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default, which is world-writable in multi-user environments. This configuration allows local users to overwrite, delete, or corrupt NLTK data files, leading to potential denial of service, dat...

7.8CVSS6.7AI score0.00171EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/13 6:31 p.m.24 views

MongoDB Rust Driver has certificate validation disabled when `tlsInsecure=False` appears in connection string

When tlsInsecure=False appears in a connection string, certificate validation is disabled. This vulnerability affects MongoDB Rust Driver versions prior to v3.2.5...

8CVSS6.8AI score0.00165EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/13 6:31 p.m.10 views

Liferay Publications vulnerable to Authorization Bypass Through User-Controlled Key

Insecure direct object reference IDOR vulnerability in Publications in Liferay Portal 7.3.1 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92, and 7.3 GA through update 36 allows remote authenticated attackers to view the edi...

4.8CVSS6.8AI score0.00264EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/13 5:43 p.m.9 views

CommandKit has incorrect command name exposure in context object for message command aliases

Impact A logic flaw exists in the message command handler of CommandKit that affects how the commandName property is exposed to both middleware functions and command execution contexts when handling command aliases. When a message command is invoked using an alias, the ctx.commandName value...

6.1CVSS7.1AI score0.00152EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/13 1:33 p.m.10 views

Ash Framework: Filter authorization misapplies impossible bypass/runtime policies

Summary When using filter authorization, two edge cases could cause the policy compiler/authorizer to generate a permissive filter: 1. Bypass policies whose condition can never pass at runtime were compiled as ORANDcondition, compiledpolicies, NOTcondition. If the condition could never be true at...

8.6CVSS6.7AI score0.00464EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/13 12:31 p.m.9 views

QGIS QWC2 Cross-Site Scripting vulnerability

Cross-Site Scripting vulnerability in attribute table in QGIS QWC2 2025.08.14 allows an authorized attacker to plant arbitrary JavaScript code in the page...

6.9CVSS6.5AI score0.00395EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/11 1:30 a.m.9 views

cel-rust May Panic During Parsing of Invalid CEL Expressions

Summary Parsing certain malformed CEL expressions can cause the parser to panic, terminating the process. When the crate is used to evaluate untrusted expressions e.g., user-supplied input over an API, an attacker can send crafted input to trigger a denial of service DoS. Remediation Upgrade to...

7.5CVSS7AI score0.00331EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/10 11:46 p.m.19 views

Happy DOM: VM Context Escape can lead to Remote Code Execution

Escape of VM Context gives access to process level functionality Summary Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE Remote Code Execution attacks. A Node.js VM Context is not an isolated environment, and if the user runs untrusted...

7.2CVSS7.5AI score0.00613EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/10 11:45 p.m.9 views

Parallax is vulnerable to DoS via malicious p2p message

Impact A vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. In order to carry out the attack, the attacker establishes a peer connections to the victim, and sends a malicious GetBlockHeadersRequest message...

7AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/10 11:41 p.m.10 views

Astro's `X-Forwarded-Host` is reflected without validation

Summary When running Astro in on-demand rendering mode using a adapter such as the node adapter it is possible to maliciously send an X-Forwarded-Host header that is reflected when using the recommended Astro.url property as there is no validation that the value is safe. Details Astro reflects th...

6.5CVSS7AI score0.0038EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/10 10:55 p.m.13 views

Flowise is vulnerable to arbitrary file exposure through its ReadFileTool

Summary The ReadFileTool in Flowise does not restrict file path access, allowing authenticated attackers to exploit this vulnerability to read arbitrary files from the file system, potentially leading to remote command execution. Details Flowise supports providing ReadFileTool for large models to...

9.9CVSS6.6AI score0.12115EPSS
Exploits1References6Affected Software2
Github Security Blog
Github Security Blog
added 2025/10/10 10:54 p.m.9 views

Authlib : JWE zip=DEF decompression bomb enables DoS

Summary Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable tokens to exhaust memory and CPU and cause denial of service. Details - Affected component...

6.5CVSS6.5AI score0.00418EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/10 10:53 p.m.11 views

Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret

A vulnerability in Allstar’s Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret: https://github.com/ossf/allstar/blob/294ae985cc2facd0918e8d820e4196021aa0b914/pkg/reviewbot/reviewbot.goL59 The value used for the secret token was compiled into t...

8.2CVSS7.2AI score0.00369EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/10 10:53 p.m.10 views

python-ldap is Vulnerable to Improper Encoding or Escaping of Output and Improper Null Termination

Summary ldap.dn.escapednchars escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form \00. Any application that uses this helper to construct DNs from untrusted input can be made to consistently fail before a request is sent to the LDAP...

6.9CVSS7.2AI score0.00427EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/10 10:51 p.m.9 views

python-ldap has sanitization bypass in ldap.filter.escape_filter_chars

Summary The sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue parameter, and the non-default escapemode=1 is configured. Details The method ldap.filter.escapefilterchars supports 3...

6.9CVSS7.2AI score0.00301EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/10 9:31 p.m.10 views

Liferay Portal is vulnerable to CSRF through publication comments

Cross-site request forgery CSRF vulnerability in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to add and edit publication comments...

5.1CVSS7.1AI score0.00175EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/10 9:31 p.m.10 views

PowerJob OpenAPIController is missing authorization

A security vulnerability has been detected in PowerJob up to 5.1.2. This vulnerability affects unknown code of the file /openApi/runJob of the component OpenAPIController. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit has been disclosed publicl...

7.5CVSS5.5AI score0.00426EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/10 9:31 p.m.9 views

Bagisto is vulnerable to XSS through Admin Panel's product creation path

An authenticated stored XSS vulnerability exists in the Bagisto 2.3.6 admin panel's product creation path, allowing an attacker to upload a crafted SVG file containing malicious JavaScript code. This vulnerability can be exploited by an authenticated admin user to execute arbitrary JavaScript in...

8.3CVSS6.6AI score0.00383EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/10 8:28 p.m.18 views

Sinatra is vulnerable to ReDoS through ETag header value generation

Summary There is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response and you are using Ruby = 3.2...

7.5CVSS6.9AI score0.00458EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/10 8:26 p.m.8 views

Authlib is vulnerable to Denial of Service via Oversized JOSE Segments

Summary Authlib’s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url‑encoded header or signature spans hundreds of megabytes. During verification, Authlib decodes and parses the full input before it is rejected, driving...

7.5CVSS7.2AI score0.00596EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/10 6:31 p.m.10 views

PowerJob has Missing Authorization in its /user/list file

A weakness has been identified in PowerJob up to 5.1.2. This affects the function list of the file /user/list. This manipulation causes missing authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited...

6.9CVSS5.3AI score0.01013EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/10 5:33 p.m.5 views

Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing

Summary Rack::RequestPOST reads the entire request body into memory for Content-Type: application/x-www-form-urlencoded, calling rack.input.readnil without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of...

7.5CVSS6.9AI score0.00605EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/10 5:31 p.m.10 views

Rack has a Possible Information Disclosure Vulnerability

Summary A possible information disclosure vulnerability existed in Rack::Sendfile when running behind a proxy that supports x-sendfile headers such as Nginx. Specially crafted headers could cause Rack::Sendfile to miscommunicate with the proxy and trigger unintended internal requests, potentially...

5.8CVSS6.4AI score0.00434EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/10 5:3 p.m.8 views

quic-go: Panic occurs when queuing undecryptable packets after handshake completion

Summary A misbehaving or malicious server can trigger an assertion in a quic-go client and crash the process by sending a premature HANDSHAKEDONE frame during the handshake. Impact A misbehaving or malicious server can cause a denial-of-service DoS attack on the quic-go client by triggering an...

7.5CVSS6.8AI score0.00438EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/10 3:31 p.m.8 views

Liferay Portal is vulnerable to XSS through its workflow process builder

Cross-site scripting XSS vulnerability in workflow process builder in Liferay Portal 7.4.3.21 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 21 through update 92 allows remote authenticated attackers to inject arbitrary web script or HT...

5.4CVSS6AI score0.00208EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/10 3:31 p.m.13 views

Alt Redirect: Potential Authentication Bypass by Spoofing through query-string stripping logic flaw

The Alt Redirect 1.6.3 addon for Statamic fails to consistently strip query string parameters when the "Query String Strip" feature is enabled. Case variations, encoded keys, and duplicates are not removed, allowing attackers to bypass sanitization. This may lead to cache poisoning, parameter...

6.5CVSS6.9AI score0.00213EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/10 3:31 p.m.8 views

Liferay Portal Commerce is vulnerable to XSS through account "name" field

Stored cross-site scripting XSS vulnerability in Commerce’s view order page in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 8 through update 92 allows remote attackers to inject arbitrary web script or HTML via ...

5.4CVSS5.5AI score0.00205EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/10 3:31 p.m.11 views

Liferay Portal's Membership page is vulnerable to XSS through “name“ text field

Stored cross-site scripting XSS vulnerability on the Membership page in Account Settings in Liferay Portal 7.4.3.21 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 21 through update 92 allows remote authenticated attackers to inject...

5.4CVSS5.4AI score0.00205EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/10 12:30 p.m.7 views

rardecode: DoS risk due to unrestricted RAR dictionary sizes

rardecode versions = 2.1.1 fail to restrict the dictionary size when reading large RAR dictionary sizes, which allows an attacker to provide a specially crafted RAR file and cause Denial of Service via an Out Of Memory Crash...

6.5CVSS6.9AI score0.00349EPSS
Exploits1References4Affected Software2
Github Security Blog
Github Security Blog
added 2025/10/10 12:30 p.m.12 views

Apache StreamPark contains an Incorrect Execution-Assigned Permissions vulnerability

Incorrect Execution-Assigned Permissions vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 before 2.1.6. Users are recommended to upgrade to version 2.1.6, which fixes the issue. Version 2.1.6 has yet to be published in the Maven registry...

7.3CVSS7AI score0.00517EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/10 12:30 p.m.17 views

Elasticsearch: Insertion of Sensitive Information into Log File via reindex API

Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex...

5.7CVSS6.6AI score0.0023EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/10 6:30 a.m.9 views

Withdrawn Advisory: cross-zip is vulnerable to Directory Traversal through selective use of zip/unzip operations

Withdrawn Advisory This advisory has been withdrawn because it does not discuss a valid vulnerability. This link is maintained to preserve external references. Original Description All versions of the package cross-zip are vulnerable to Directory Traversal via consecutive usage of zipSync and...

6.7AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/10 6:30 a.m.8 views

drupal-pattern-lab/unified-twig-extensions is vulnerable to XXS

Versions of the package drupal-pattern-lab/unified-twig-extensions from 0.0.0 are vulnerable to Cross-site Scripting XSS due to insufficient filtering of data. Note: This is exploitable only if the code is executed outside of Drupal; the function is intended to be shared between Drupal and Patter...

4.8CVSS6.7AI score0.00203EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/09 10:29 p.m.9 views

BBOT's insufficient sanitization issues in gitdumper.py can lead to RCE

Summary bbot's gitdumper.py insufficiently sanitises a .git/config file, leading to Remote Code Execution RCE. bbot's gitdumper.py can be made to consume a malicious .git/index file, leading to arbitrary file write which can be used to achieve Remote Code Execution RCE. Impact A user who uses bbo...

9.6CVSS8AI score0.00447EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/09 10:29 p.m.9 views

BBOT's git_clone.py can expose users' GitHub API keys to an attacker-controlled webserver

Summary Due to unsafe URL handling, bbot's gitclone.py can be made to leak a user's github.com API key to an attacker-controlled webserver. Impact A user who has placed their github.com API key in the configuration for any of the following modules: githubcodesearch githubworkflows gitlab gitclone...

4.7CVSS6.8AI score0.00213EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/09 10:22 p.m.6 views

BBOT's various issues in unarchive.py can cause arbitrary file write and RCE

Summary Various issues in bbot's unarchive.py allow a malicious site to cause bbot to write arbitrary files to arbitrary locations. This can be used to achieve Remote Code Execution RCE. Impact A user who uses bbot to scan a malicious webserver may have arbitrary code executed on their system...

9.6CVSS8AI score0.00658EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/09 10:15 p.m.6 views

Amazon.IonDotnet is vulnerable to Denial of Service attacks

Summary Amazon.IonDotnet is a library for the Dotnet language that is used to read and write Amazon Ion data. An issue exists where, under certain circumstances, the library could an infinite loop, resulting in denial of service. As of August 20, 2025, this library has been deprecated and will no...

8.7CVSS7AI score0.00403EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/09 9:31 p.m.9 views

Liferay Portal is vulnerable to XSS through its Calendar Events parameters

Multiple cross-site scripting XSS vulnerabilities with Calendar events in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 update 35 through update 92, and 7.3 update 25 through update 36 allow remote attackers to inject...

5.4CVSS5.9AI score0.00205EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/09 5:8 p.m.13 views

Python Social Auth - Django has unsafe account association

Impact Upon authentication, the user could be associated by e-mail even if the associatebyemail pipeline was not included. This could lead to account compromise when a third-party authentication service does not validate provided e-mail addresses or doesn't require unique e-mail addresses. Patche...

6.3CVSS7AI score0.00514EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/09 3:40 p.m.10 views

Better Auth: Unauthenticated API key creation through api-key plugin

Summary A critical authentication bypass was identified in the API key creation and update endpoints. An attacker could create or modify API keys for arbitrary users by supplying a victim’s user ID in the request body. Due to a flaw in how the authenticated user was derived, the endpoints could...

9.3CVSS9.1AI score0.18012EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/09 3:31 p.m.7 views

Apache Flink CDC is vulnerable to SQL Injection through maliciously crafted identifiers

Apache Flink CDC version 3.0.0 to before 3.5.0 are vulnerable to a SQL injection via maliciously crafted identifiers eg. crafted database name or crafted table name. Even through only the logged-in database user can trigger the attack, users are recommended to update Flink CDC version to 3.5.0...

8.8CVSS8AI score0.00424EPSS
Exploits0References6Affected Software5
Github Security Blog
Github Security Blog
added 2025/10/09 3:26 p.m.25 views

n8n: Execute Command Node Allows Authenticated Users to Run Arbitrary Commands on Host

Impact The Execute Command node in n8n allows execution of arbitrary commands on the host system where n8n runs. While this functionality is intended for advanced automation and can be useful in certain workflows, it poses a security risk if all users with access to the n8n instance are not fully...

7.5AI score
Exploits0References2Affected Software2
Github Security Blog
Github Security Blog
added 2025/10/09 3:21 p.m.13 views

Flowise is vulnerable to arbitrary file write through its WriteFileTool

Summary The WriteFileTool in Flowise does not restrict the file path for reading, allowing authenticated attackers to exploit this vulnerability to write arbitrary files to any path in the file system, potentially leading to remote command execution. Details Flowise supports providing WriteFileTo...

9.9CVSS7.5AI score0.12115EPSS
Exploits1References7Affected Software2
Github Security Blog
Github Security Blog
added 2025/10/09 3:19 p.m.6 views

pyLoad CNL and captcha handlers allow Code Injection via unsanitized parameters

Summary pyLoad web interface contained insufficient input validation in both the Captcha script endpoint and the Click'N'Load CNL Blueprint. This flaw allowed untrusted user input to be processed unsafely, which could be exploited by an attacker to inject arbitrary content into the web UI or...

8.1CVSS6.3AI score0.00387EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/09 2:22 p.m.6 views

scio is vunerable to Remote Command Execution through PyTorch

Impact PyTorch reported a critical vulnerability when using torch.load, even with option weightsonly=True, for torch = 2.6, starting from scio = 1.0.1 currently in dev state. Workarounds You can manually check that you are using torch = 2.6...

6.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/08 11:32 p.m.9 views

Keycloak Potential Variable Reference in Model Storage Services

A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes placeholders within imported realm documents, potentially referencing environment variables. This substitution process allows for injection attacks when crafted realm documents are...

4.9CVSS6.9AI score0.0046EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/08 9:30 p.m.11 views

Casdoor is vulnerable to Improper Authorization

An issue in the permission verification module and organization/application editing interface in Casdoor before 2.63.0 allows remote authenticated administrators of any organization within the system to bypass the system's permission verification mechanism by directly concatenating URLs after log...

7.2CVSS6.8AI score0.00613EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/08 8:33 p.m.8 views

Opencast's Paella Player 7 is vulnerable to Cross-Site Scripting

Prior to Opencast 17.8 and 18.2 the paella would include and render some user inputs metadata like title, description, etc. unfiltered and unmodified. Impact The vulnerability allows attackers to inject and malicious HTML and JavaScript in the player, which would then be executed in the browsers ...

5.4CVSS7.2AI score0.00198EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/08 7:34 p.m.13 views

FlowiseAI/Flosise has File Upload vulnerability

Summary A file upload vulnerability in FlowiseAI allows authenticated users to upload arbitrary files without proper validation. This enables attackers to persistently store malicious Node.js web shells on the server, potentially leading to Remote Code Execution RCE. Details The system fails to...

8.8CVSS7.7AI score0.10036EPSS
Exploits2References11Affected Software1
Total number of security vulnerabilities33426