Lucene search
+L
GithubRecent

33426 matches found

Github Security Blog
Github Security Blog
added 2025/10/03 2:16 p.m.7 views

Claude Code can execute commands prior to the startup trust dialog

Due to a bug in the startup trust dialog implementation, Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires a user to start Claude Code in an untrusted directory. Users on standard Claude Code auto-update...

8.8CVSS7.4AI score0.30227EPSS
Exploits6References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/02 9:23 p.m.13 views

Canonical LXD CSRF Vulnerability When Using Client Certificate Authentication with the LXD-UI

Description OIDC authentication uses cookies with the SameSite=Strict attribute, preventing cookies from being sent with requests from other sites. Therefore, CSRF does not occur as long as web services in a Same Site relationship same eTLD+1 with the origin running LXD-UI are trusted. However,...

8.8CVSS7.2AI score0.00119EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/02 9:21 p.m.6 views

Canonical LXD Arbitrary File Read via Template Injection in Snapshot Patterns

Impact In LXD's instance snapshot creation functionality, the Pongo2 template engine is used in the snapshots.pattern configuration for generating snapshot names. While code execution functionality has not been found in this template engine, it has file reading capabilities, creating a...

7.1CVSS7.8AI score0.00342EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/02 9:20 p.m.8 views

Canonical LXD Source Container Identification Vulnerability via cmdline Spoofing in devLXD Server

Impact In LXD's devLXD server, the source container identification process uses process cmdline command line information, allowing attackers to impersonate other containers by spoofing process names. The core issue lies in the findContainerForPID function in lxd/apidevlxd.go. This function...

6.8CVSS7AI score0.00326EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/02 9:19 p.m.10 views

Canonical LXD Vulnerable to Privilege Escalation via WebSocket Connection Hijacking in Operations API

Impact LXD's operations API includes secret values necessary for WebSocket connections when retrieving information about running operations. These secret values are used for authentication of WebSocket connections for terminal and console sessions. Therefore, attackers with only read permissions...

8.1CVSS7.7AI score0.00193EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/02 9:16 p.m.13 views

Canonical LXD Project Existence Determination Through Error Handling in Image Export Function

Impact In LXD's images export API /1.0/images/fingerprint/export, implementation differences in error handling allow determining project existence without authentication. Specifically, in the following code, errors when multiple images match are directly returned to users as API responses:...

6.9CVSS7.5AI score0.00317EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/02 9:15 p.m.7 views

Canonical LXD Path Traversal Vulnerability in Instance Log File Retrieval Function

Impact Although outside the scope of this penetration test, a path traversal vulnerability exists in the validLogFileName function that validates log file names in lxd/instancelogs.go in the LXD 5.0 LTS series. This vulnerability was fixed in PR 15022 in February 2025, and is fixed in at least LX...

7.1CVSS7.1AI score0.00541EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/02 9:15 p.m.11 views

Canonical LXD Project Existence Determination Through Error Handling in Image Get Function

Impact The LXD /1.0/images endpoint is implemented as an AllowUntrusted API that requires no authentication, making it accessible to users without accounts. This API allows determining project existence through differences in HTTP status codes when accessed with the project parameter...

6.9CVSS6.5AI score0.0036EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/02 4:24 p.m.7 views

DataChain Vulnerable to Deserialization of Untrusted Data from Environment Variables

The DataChain library reads serialized objects from environment variables such as DATACHAINMETASTORE and DATACHAINWAREHOUSE in the loader.py module. An attacker with the ability to set these environment variables can trigger code execution when the application loads...

2.5CVSS7.7AI score0.0015EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/02 12:31 p.m.12 views

Apache Kylin Server-Side Request Forgery (SSRF) Vulnerability

Server-Side Request Forgery SSRF vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected. Users are recommended to upgrade to version 5.0.3, which fixes the issue...

7.3CVSS7.1AI score0.00499EPSS
Exploits0References7Affected Software7
Github Security Blog
Github Security Blog
added 2025/10/02 12:31 p.m.7 views

Apache Kylin Files or Directories Accessible to External Parties

Files or Directories Accessible to External Parties vulnerability in Apache Kylin. You are fine as long as the Kylin's system and project admin access is well protected. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the...

7.5CVSS7AI score0.01251EPSS
Exploits0References7Affected Software7
Github Security Blog
Github Security Blog
added 2025/10/02 12:31 p.m.10 views

Apache Kylin Authentication Bypass Vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the issue...

7.5CVSS7AI score0.01224EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2025/10/01 9:31 p.m.8 views

Django vulnerable to partial directory traversal via archives

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract function, used by the "startapp --template" and "startproject --template" commands, allows partial directory traversal via an archive with file paths sharing a common...

6.5CVSS6.9AI score0.0085EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/01 9:31 p.m.10 views

Dolibarr vulnerable to RCE via the computed field parameter

Dolibarr ERP & CRM v21.0.1 were discovered to contain a remote code execution RCE vulnerability in the User module configuration via the computed field parameter...

8.8CVSS8.5AI score0.00469EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/01 9:31 p.m.8 views

Django vulnerable to SQL injection in column aliases

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.extra are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the kwarg...

9.8CVSS8AI score0.00583EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/01 9:21 p.m.10 views

Auth0 Symfony SDK Does Not Properly Handle File Types in Bulk User Import

Overview In applications built with the Auth0-PHP SDK, the Bulk User Import endpoint does not validate the file path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths or URLs. Am I affected? You are affected by this vulnerability if you meet the...

3.3CVSS7.1AI score0.00329EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/01 9:21 p.m.10 views

Auth0 Wordpress plugin Does Not Properly Handle File Types in Bulk User Import

Overview In applications built with the Auth0-PHP SDK, the Bulk User Import endpoint does not validate the file path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths or URLs. Am I affected? You are affected by this vulnerability if you meet the...

3.3CVSS7.1AI score0.00329EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/01 9:21 p.m.12 views

laravel-auth0 SDK Does Not Properly Handle File Types in Bulk User Import

Overview In applications built with the Auth0-PHP SDK, the Bulk User Import endpoint does not validate the file path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths or URLs. Am I affected? You are affected by this vulnerability if you meet the...

3.3CVSS7.1AI score0.00329EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/01 9:20 p.m.10 views

auth0-PHP SDK Does Not Properly Handle File Types in Bulk User Import

Overview In applications built with the Auth0-PHP SDK, the Bulk User Import endpoint does not validate the file path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths or URLs. Am I affected? You are affected by this vulnerability if you meet the...

3.3CVSS7.1AI score0.00329EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/01 9:20 p.m.15 views

marimo vulnerable to proxy abuse of /mpl/{port}/

Summary The /mpl// endpoint, which is accessible without authentication on default Marimo installations allows for external attackers to reach internal services and arbitrary ports. Details From our understanding, this route is used internally to provide access to interactive matplotlib...

7.7AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/01 9:4 p.m.14 views

risc0 vulnerable to arbitrary code execution in guest via memory safety failure in `sys_read`

Arbitrary code execution in guest via memory safety failure in sysread In affected versions of risc0-zkvm-platform, when the zkVM guest calls sysread, the host is able to use a crafted response to write to an arbitrary memory location in the guest. This capability can be leveraged to execute...

9.3CVSS8.3AI score0.00432EPSS
Exploits0References5Affected Software4
Github Security Blog
Github Security Blog
added 2025/10/01 6:30 p.m.21 views

Fiora chat group avatar is vulnerable to XSS via SVG files

File upload vulnerability in Fiora chat application 1.0.0 through user avatar upload functionality. The application fails to validate SVG file content, allowing malicious SVG files with embedded foreignObject elements containing iframe tags and JavaScript event handlers onmouseover to be uploaded...

8.8CVSS7.5AI score0.00481EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/01 6:30 p.m.12 views

Fiora chat user avatar is vulnerable to XSS via SVG files

Cross Site Scripting XSS vulnerability in Fiora chat application 1.0.0 allows arbitrary JavaScript execution when malicious SVG files are rendered by other users...

5.4CVSS6.2AI score0.00262EPSS
Exploits2References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/01 3:53 p.m.8 views

@plone/volto vulnerable to potential DoS by invoking specific URL by anonymous user

Impact When visiting a specific URL, an anonymous user could cause the NodeJS server part of Volto to quit with an error. Patches The problem has been patched and the patch has been backported to Volto major versions down until 16. It is advised to upgrade to the latest patch release of your...

8.7CVSS6.8AI score0.00408EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/01 3:30 p.m.9 views

SPDK is vulnerable to buffer overflow in the NVMe-oF target component

Storage Performance Development Kit SPDK 25.05 is vulnerable to Buffer Overflow in the NVMe-oF target component in SPDK - lib/nvmf...

5.5CVSS7.1AI score0.00305EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/01 12:30 p.m.11 views

Apache Pyfory python is vulnerable to deserialization of untrusted data

Deserialization of untrusted data in python in pyfory versions 0.12.0 through 0.12.2, or the legacy pyfury versions from 0.1.0 through 0.10.3: allows arbitrary code execution. An application is vulnerable if it reads pyfory serialized data from untrusted sources. An attacker can craft a data stre...

9.8CVSS8AI score0.41255EPSS
Exploits2References7Affected Software2
Github Security Blog
Github Security Blog
added 2025/10/01 9:30 a.m.30 views

QOS.CH logback-core is vulnerable to Arbitrary Code Execution through file processing

QOS.CH logback-core versions up to 1.5.18 contain an ACE vulnerability in conditional configuration file processing in Java applications. This vulnerability allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting a malicious environment...

7CVSS7.7AI score0.00181EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/01 12:30 a.m.12 views

Liferay Portal Vulnerable to XSS in Web Content translation

Stored Cross-site Scripting XSS vulnerabilities in Web Content translation in Liferay Portal 7.4.0 through 7.4.3.112, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allow remote...

5.4CVSS5.9AI score0.00205EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/30 9:31 p.m.9 views

Liferay Portal Vulnerable to IDOR via audit events

Insecure Direct Object Reference IDOR vulnerability with audit events in Liferay Portal 7.4.0 through 7.4.3.117, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported...

5.3CVSS6.5AI score0.00269EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2025/09/30 9:6 p.m.12 views

github.com/MANTRA-Chain/mantrachain/x/tokenfactory tx gas limit is not enforced in send hooks

Impact send hooks can spend more gas than what's remained in tx, combined with recursive calls in the wasm contract, can amplify the gas consumption exponentially. Patches It's patched in v4.0.2 and v5.0.0 Workarounds Is there a way for users to fix or remediate the vulnerability without upgradin...

8.8CVSS6.8AI score0.00312EPSS
Exploits0References6Affected Software4
Github Security Blog
Github Security Blog
added 2025/09/30 6:32 p.m.14 views

Argo CD Unauthenticated Remote DoS via malformed Azure DevOps git.push webhook

Summary In the default configuration, webhook.azuredevops.username and webhook.azuredevops.password not set, Argo CD’s /api/webhook endpoint crashes the entire argocd-server process when it receives an Azure DevOps Push event whose JSON array resource.refUpdates is empty. The slice index 0 is...

7.5CVSS7.4AI score0.00549EPSS
Exploits1References5Affected Software2
Github Security Blog
Github Security Blog
added 2025/09/30 6:30 p.m.6 views

validator.js has a URL validation bypass vulnerability in its isURL function

A URL validation bypass vulnerability exists in validator.js prior to version 13.15.20. The isURL function uses '://' as a delimiter to parse protocols, while browsers use ':' as the delimiter. This parsing difference allows attackers to bypass protocol and domain validation by crafting URLs...

6.1CVSS6.1AI score0.00302EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/30 6:30 p.m.10 views

Joomla! CMS vulnerable to XSS via the input filter

Improper handling of input could lead to a cross-site scripting XSS vector in the checkAttribute method of the input filter framework class...

4.8CVSS6AI score0.00293EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/30 6:30 p.m.11 views

FormCMS has an improper access control vulnerability in the /api/schemas/history/[schemaId] endpoint

An improper access control vulnerability in FormCms v0.5.4 in the /api/schemas/history/schemaId endpoint allows unauthenticated attackers to access historical schema data if a valid schemaId is known or guessed...

6.5CVSS7AI score0.00306EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/30 6:30 p.m.26 views

Finance.js vulnerable to DoS via the seekZero() parameter

An issue in finance.js v.4.1.0 allows a remote attacker to cause a denial of service via the seekZero parameter...

7.5CVSS6.9AI score0.00496EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/30 6:30 p.m.29 views

Finance.js vulnerable to DoS via the IRR function’s depth parameter

Finance.js v4.1.0 contains a Denial of Service DoS vulnerability via the IRR function’s depth parameter. Improper handling of the recursion/iteration limit can lead to excessive CPU usage, causing application stalls or crashes...

7.5CVSS6.9AI score0.00496EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/30 6:28 p.m.14 views

argo-cd vulnerable unauthenticated DoS via malformed Gogs webhook payload

Summary Unpatched Argo CD versions are vulnerable to malicious API requests which can crash the API server and cause denial of service to legitimate clients. With the default configuration, no webhook.gogs.secret set, Argo CD’s /api/webhook endpoint will crash the entire argocd-server process whe...

7.5CVSS7AI score0.00563EPSS
Exploits1References5Affected Software3
Github Security Blog
Github Security Blog
added 2025/09/30 6:11 p.m.12 views

Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload

Summary Unpatched Argo CD versions are vulnerable to malicious API requests which can crash the API server and cause denial of service to legitimate clients. With the default configuration, no webhook.bitbucketserver.secret set, Argo CD’s /api/webhook endpoint will crash the entire argocd-server...

7.5CVSS7AI score0.00549EPSS
Exploits1References5Affected Software3
Github Security Blog
Github Security Blog
added 2025/09/30 6:1 p.m.13 views

Repository Credentials Race Condition Crashes Argo CD Server

Summary A race condition in the repository credentials handler can cause the Argo CD server to panic and crash when concurrent operations are performed on the same repository URL. Details The vulnerability is located in numerous repository related handlers in the util/db/repositorysecrets.go file...

6.5CVSS6.8AI score0.00441EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2025/09/30 5:1 p.m.20 views

figma-developer-mcp vulnerable to command injection in get_figma_data tool

Summary A command injection vulnerability exists in the figma-developer-mcp MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to childprocess.exec, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote...

8CVSS9.5AI score0.07417EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/30 12:30 p.m.13 views

check-branches is vulnerable to command Injection

All versions of the package check-branches are vulnerable to Command Injection. check-branches is a command-line tool that is interacted with locally, or via CI, to confirm no conflicts exist in git branches. However, the library follows these conventions which can be abused: 1. It trusts branch...

9.8CVSS7.1AI score0.0139EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/30 12:30 p.m.19 views

@nubosoftware/node-static failure to catch exception can result in server crash

This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server...

7.5CVSS6.5AI score0.00489EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/30 12:30 a.m.13 views

Liferay Portal vulnerable to reflected cross-site scripting on the page configuration page

Reflected cross-site scripting XSS vulnerability on the page configuration page in Liferay Portal 7.4.3.102 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, and 2023.Q3.5 allows remote attackers to inject arbitrary web script or HTML via the...

6.1CVSS5.8AI score0.00224EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/30 12:30 a.m.8 views

Liferay Portal vulnerable to cross-site scripting in the Calendar widget

Cross-site scripting XSS vulnerability in the Calendar widget in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.6, 7.4 update 35 through update 92, and 7.3 update 25 through update 36 allows remote attackers to inject arbitrary we...

6.1CVSS6AI score0.00207EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/30 12:30 a.m.27 views

Liferay Portal vulnerable to cross-site scripting in the Calendar widget

Multiple cross-site scripting XSS vulnerabilities in the Calendar widget when inviting users to a event in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.6, 7.4 update 35 through update 92, and 7.3 update 25 through update 35 allo...

5.4CVSS5.9AI score0.00197EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2025/09/30 12:30 a.m.12 views

Liferay Portal vulnerable to cross-site scripting in the related asset selector

Multiple stored cross-site scripting XSS vulnerability in the related asset selector in Liferay Portal 7.4.3.50 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.7, and 7.4 update 50 through update 92 allows remote authenticated attackers to inject arbitrar...

5.4CVSS5.5AI score0.00205EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/30 12:30 a.m.9 views

Liferay Portal vulnerable to reflected cross-site scripting via the `redirect` parameter

Multiple reflected cross-site scripting XSS vulnerabilities in Liferay Portal 7.4.3.74 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 74 through update 92 allow remote attackers to inject arbitrary web script or HTML via the redirect...

6.1CVSS6.1AI score0.00199EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/30 12:30 a.m.26 views

Liferay Portal vulnerable to path traversal and denial-of-service in the ComboServlet

Possible path traversal vulnerability and denial-of-service in the ComboServlet in Liferay Portal 7.4.0 through 7.4.3.107, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 35, and older...

8.2CVSS7.2AI score0.00464EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2025/09/30 12:30 a.m.7 views

Liferay Portal vulnerable to cross-site scripting in the web content template

Cross-site scripting XSS vulnerability in web content template in Liferay Portal 7.4.3.4 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted...

5.4CVSS5.8AI score0.00197EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2025/09/29 8:40 p.m.12 views

Coder AgentAPI exposed user chat history via a DNS rebinding attack

Summary AgentAPI prior to version 0.4.0 was susceptible to a client-side DNS rebinding attack when hosted over plain HTTP on localhost. Impact An attacker could have gained access to the /messages endpoint served by the Agent API. This allowed for the unauthorized exfiltration of sensitive user...

6.5CVSS6.3AI score0.00397EPSS
Exploits1References9Affected Software1
Total number of security vulnerabilities33426