Lucene search
+L
GithubRecent

33426 matches found

Github Security Blog
Github Security Blog
added 2025/09/24 9:30 p.m.11 views

ts-fns has prototype pollution vulnerability

A prototype pollution vulnerability exists in the ts-fns package versions prior to 13.0.7, where insufficient validation of user-provided keys in the assign function allows attackers to manipulate the Object.prototype chain. By leveraging this flaw, adversaries may inject arbitrary properties int...

6.5CVSS7.7AI score0.004EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/24 9:30 p.m.6 views

mpregular vulnerable to prototype pollution

mpregular is a package that provides a small program development framework based on RegularJS. A Prototype Pollution vulnerability in the mp.addEventHandler function of mpregular version 0.2.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload,...

7.5CVSS6.7AI score0.00386EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/24 9:30 p.m.11 views

Duplicate Advisory: rollbar vulnerable to prototype pollution

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r8c2-2qwq-94p6. This link is maintained to preserve external references. Original Description rollbar is a package designed to effortlessly track and debug errors in JavaScript applications. This package include...

7.5CVSS6.8AI score0.00365EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/24 9:30 p.m.10 views

Llama Stack could potentially allow for remote code execution

Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolveastbytype function which could potentially allow for remote code execution...

5.3CVSS8.1AI score0.0047EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/24 9:30 p.m.8 views

messageformat has a prototype pollution vulnerability

The messageformat package, an implementation of the Unicode MessageFormat 2 specification for JavaScript, is vulnerable to prototype pollution due to improper handling of message key paths in versions prior to 2.3.0. The flaw arises when processing nested message keys containing special character...

7.5CVSS6.9AI score0.00372EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/24 9:30 p.m.9 views

json-schema-editor-visual vulnerable to prototype pollution

json-schema-editor-visual is a package that provides jsonschema editor. A Prototype Pollution vulnerability in the setData and deleteData function of json-schema-editor-visual versions thru 1.1.1 allows attackers to inject or delete properties on Object.prototype via supplying a crafted payload,...

6.5CVSS6.7AI score0.003EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/24 9:30 p.m.11 views

node-cube vulnerable to prototype pollution

The node-cube package prior to version 5.0.0 contains a vulnerability in its handling of prototype chain initialization, which could allow an attacker to inject properties into the prototype of built-in objects. This issue, categorized under CWE-1321, arises from improper validation of...

6.5CVSS7.6AI score0.00382EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/24 9:30 p.m.5 views

sassdoc-extras vulnerable to prototype pollution

A Prototype Pollution vulnerability in the byGroupAndType function of sassdoc-extras v2.5.1 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service DoS as the minimum consequence...

7.5CVSS6.7AI score0.00386EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/24 9:30 p.m.9 views

csvjson vulnerable to prototype injection

A Prototype Pollution vulnerability in the toCsv function of csvjson versions thru 5.1.0 allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service DoS as the minimum consequence...

7.5CVSS6.7AI score0.00365EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/24 9:30 p.m.7 views

web3-core-subscriptions has a Prototype Pollution vulnerability

The web3-core-subscriptions is a package designed to manages web3 subscriptions. A Prototype Pollution vulnerability in the attachToObject function of web3-core-subscriptions version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causi...

7.5CVSS6.7AI score0.00365EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/24 9:30 p.m.6 views

web3-core-method is vulnerable to prototype pollution

web3-core-method is a package designed to creates the methods on the web3 modules. A Prototype Pollution vulnerability in the attachToObject function of web3-core-method version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing...

7.5CVSS6.7AI score0.00365EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/24 8:11 p.m.7 views

Star Citizen EmbedVideo Extension Stored XSS through wikitext caused by usage of non-reserved data attributes

Summary The EmbedVideo extension allows adding arbitrary attributes to an HTML element, allowing for stored XSS through wikitext. Details The attributes of an iframe are populated with the value of an unreserved data attribute data-iframeconfig that can be set via wikitext:...

8.6CVSS6.6AI score0.00282EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/24 8:5 p.m.11 views

Mastra Docs MCP Server `@mastra/mcp-docs-server` Leads to Information Exposure

The Mastra Docs MCP Server package @mastra/mcp-docs-server is a server designed to provide documentation context to AI agentic workflows, such as those used in AI-powered IDEs. Resources: Package URL: https://www.npmjs.com/package/@mastra/mcp-docs-server ----- Overview The @mastra/mcp-docs-server...

6.5CVSS7.2AI score0.00541EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/24 6:59 p.m.12 views

Command Injection in adb-mcp MCP Server

Command Injection in adb-mcp MCP Server The MCP Server at https://github.com/srmorete/adb-mcp is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. The MCP Server is also published publicly to npm at...

9.8CVSS8.3AI score0.0227EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/24 6:57 p.m.11 views

Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions

When using Claude Code with Yarn installed, Yarn config files can trigger code execution when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins and yarnPath could be executed prior to the user accepting the risks of working in an untruste...

9.8CVSS7.3AI score0.00341EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/24 6:57 p.m.16 views

Omni Wireguard SideroLink potential escape

Overview Omni and each Talos machine establish a peer-to-peer P2P SideroLink connection using WireGuard to mutually authenticate and authorize access. In this setup, Omni assigns a random IPv6 address to each Talos machine from a /64 network block. Omni itself uses the fixed ::1 address within th...

5.4CVSS7.1AI score0.00182EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/24 6:57 p.m.12 views

tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball

Impact v3.1.0, v2.1.3, v1.16.5 and below Patches Has been patched in 3.1.1, 2.1.4, and 1.16.6 Workarounds You can use the ignore option to ignore non files/directories. js ignore , header // pass files & directories, ignore e.g. symlinks return header.type !== 'file' && header.type !== 'directory...

8.7CVSS7AI score0.00516EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/24 6:30 p.m.8 views

counterpart vulnerable to prototype pollution

A vulnerability exists in the counterpart library for Node.js and the browser due to insufficient sanitization of user-controlled input in translation key processing. The affected versions prior to 0.18.6 allow attackers to manipulate the library's translation functionality by supplying malicious...

6.5CVSS8.1AI score0.00452EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/24 6:30 p.m.13 views

CSVTOJSON has a prototype pollution vulnerability

The csvtojson package, a tool for converting CSV data to JSON with customizable parsing capabilities, contains a prototype pollution vulnerability in versions prior to 2.0.10. This issue arises due to insufficient sanitization of nested header names during the parsing process in the parserjsonarr...

8.6CVSS6.6AI score0.00292EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/24 6:30 p.m.8 views

min-document vulnerable to prototype pollution

A vulnerability exists in the 'min-document' package prior to version 2.19.1, stemming from improper handling of namespace operations in the removeAttributeNS method. By processing malicious input involving the proto property, an attacker can manipulate the prototype chain of JavaScript objects,...

5.3CVSS7.5AI score0.00329EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/24 6:30 p.m.10 views

messageformat prototype pollution vulnerability

The Runtime components of messageformat package for Node.js version 3.0.1 contain a prototype pollution vulnerability. Due to insufficient validation of nested message keys during the processing of message data, an attacker can manipulate the prototype chain of JavaScript objects by providing...

5.3CVSS7.1AI score0.0032EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/24 6:30 p.m.11 views

Mangati NovoSGA XSS vulnerability in /admin

A security flaw has been discovered in Mangati NovoSGA up to 2.2.9. The impacted element is an unknown function of the file /admin of the component SVG File Handler. Performing manipulation of the argument logoNavbar/logoLogin results in cross site scripting. Remote exploitation of the attack is...

4.8CVSS5.6AI score0.00288EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/24 3:31 p.m.26 views

pip's fallback tar extraction doesn't check symbolic links point to extraction directory

When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python versi...

5.9CVSS7.8AI score0.00438EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/24 12:30 p.m.12 views

Apache ZooKeeper: Insufficient Permission Check in AdminServer Snapshot/Restore Commands

Improper permission checks in the AdminServer allow an authenticated client with insufficient privileges to invoke the snapshot and restore commands. The intended requirement is authentication and authorization on the root path / with ALL permission for these operations; however, affected version...

4.3CVSS6.7AI score0.00294EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/24 9:30 a.m.13 views

Apache IoTDB: DoS Vulnerability

A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.3.3 through 1.3.4, from 2.0.1-beta through 2.0.4. Users are recommended to upgrade to version 2.0.5, which fixes the issue...

7.5CVSS7AI score0.00562EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/24 9:30 a.m.11 views

Apache IoTDB: Deserialization of untrusted Data

Summary Apache IoTDB deserializes data from external inputs without sufficient validation, allowing attacker-controlled serialized objects to be processed. In environments where a compatible gadget chain is reachable, this can be abused to execute arbitrary code or alter server state; at minimum ...

5.3CVSS7.6AI score0.00457EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2025/09/24 3:30 a.m.10 views

Liferay Portal and DXP does not properly expire sessions

Summary Liferay Portal/DXP contains an Insufficient Session Expiration issue where the Single Logout SLO API may fail to invalidate a user’s previous session. An attacker can reuse a stale session via the SLO endpoint to gain an authenticated context. Affected Versions The following platform...

6.5CVSS6.7AI score0.00165EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/23 6:30 p.m.9 views

WSO2 Identity Server Apps allows content spoofing in logs

A content spoofing issue exists in WSO2 Identity Server Apps, specifically in the Authentication Portal, due to improper handling of authentication error messages. When an authentication failure occurs, the portal previously accepted an authFailureMsg value supplied via URL and rendered it in the...

4.3CVSS6.9AI score0.002EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/23 6:30 p.m.14 views

GP247 and S-Cart have a stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability in the Admin Log Viewer of S-Cart =10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator's browser when they view the security log page, which...

5.4CVSS5.3AI score0.00201EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2025/09/23 5:45 p.m.9 views

astral-tokio-tar has a path traversal in tar extraction

Impact In versions 0.5.3 and earlier of astral-tokio-tar, tar archives may extract outside of their intended destination directory when using the Entry::unpackinraw API. Additionally, the Entry::allowexternalsymlinks control which defaults to true could be bypassed via a pair of symlinks that...

8.6CVSS7.8AI score0.00202EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/23 5:37 p.m.11 views

Http4s vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section

Summary http4s is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section. This vulnerability could enable attackers to: - Bypass front-end servers security controls - Launch targeted attacks against active users - Poison web caches Pre-requisites for the exploitatio...

7.5CVSS7.2AI score0.00346EPSS
Exploits1References4Affected Software3
Github Security Blog
Github Security Blog
added 2025/09/23 3:31 p.m.11 views

WSO2 carbon-apimgt affected by an authenticated stored cross-site scripting (XSS) vulnerability

An authenticated stored Cross-Site Scripting XSS vulnerability exists in WSO2 API Manager components carbon-apimgt due to insufficient validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document whose...

4.8CVSS5.9AI score0.00173EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2025/09/23 3:31 p.m.9 views

Hugging Face Transformers vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer

The huggingface/transformers library, versions prior to 4.53.0, is vulnerable to Regular Expression Denial of Service ReDoS in the AdamWeightDecay optimizer. The vulnerability arises from the douseweightdecay method, which processes user-controlled regular expressions in the includeinweightdecay...

7.5CVSS6.8AI score0.00467EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/23 3:9 p.m.29 views

DNN vulnerable to Reflected Cross-Site Scripting (XSS) using url to profile

Summary A reflected cross-site scripting XSS vulnerability exists under certain conditions, using a specially crafter url to view a user profile Description DNN’s URL/path handling and template rendering can allow specially crafted input to be reflected into a user profile that are returned to th...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/23 3:9 p.m.9 views

DNN Vulnerable to Stored XSS Using Backend Admin Credentials

Summary Users that can edit modules could set a title that includes scripts. Description Some users administrators and content editors can set html in module titles and that could include javascript which could be used for XSS based attacks. With the addition of more roles being able to set modul...

4.8CVSS6.2AI score0.00171EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/23 3:9 p.m.8 views

DNN Vulnerable to Stored Cross-Site Scripting (XSS) in the Prompt module

Summary The Prompt module allows execution of commands that can return raw HTML. Malicious input, even if sanitized for display elsewhere, can be executed when processed through certain commands, leading to potential script execution XSS. Description The application sanitizes most user-submitted...

9CVSS7.2AI score0.0051EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/23 12:32 a.m.8 views

Liferay Portal and DXP audit events record password reminder answers

In Liferay Portal 7.4.0 through 7.4.3.112, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions the audit events records a user’s password reminder answer, which allows remote...

6.9CVSS7AI score0.00328EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/23 12:32 a.m.13 views

Liferay Portal and DXP does not properly check permission with import and export tasks

Batch Engine in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.7, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 does not properly check permission with import and export tasks, which allows remote authenticated users to access the exported data via...

5.3CVSS6.8AI score0.00234EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2025/09/23 12:32 a.m.9 views

Liferay Portal and DXP allows users to add a note to a different virtual instance

Insecure Direct Object Reference IDOR vulnerability with commerce order notes in Liferay Portal 7.3.5 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to add a...

5.3CVSS6.9AI score0.00255EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/23 12:29 a.m.9 views

Our plan for a more secure npm supply chain

Open source software is the bedrock of the modern software industry. Its collaborative nature and vast ecosystem empower developers worldwide, driving efficiency and progress at an unprecedented scale. This scale also presents unique vulnerabilities that are continually tested and under attack by...

7.1AI score
Exploits0
Github Security Blog
Github Security Blog
added 2025/09/22 9:51 p.m.9 views

DNN affected by Stored Cross-Site Scripting (XSS) in Profile Biography field

Summary Users can use special syntax to inject javascript code in their profile biography field. Although there was sanitization in place, it did not cover all possible scenarios Description When embedding information in the Biography field, even if that field is not rich-text, users could inject...

6.3CVSS6.8AI score0.00166EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/22 9:10 p.m.11 views

DNN allows loading unused themes on anonymous clients through query parameters

Summary Arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on unsuspecting clients without knowledge of the site owner. Details Many people who run DNN sites have a number of installed theme...

6.5CVSS7.7AI score0.00322EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/22 9:9 p.m.9 views

Mesh Connect JS SDK Vulnerable to Cross Site Scripting via createLink.openLink

Summary The lack of sanitization of URLs protocols in the createLink.openLink function enables the execution of arbitrary JavaScript code within the context of the parent page. Details...

8.2CVSS7.3AI score0.00438EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/22 6:30 p.m.9 views

Liferay has a stored cross-site scripting (XSS) vulnerability via a a publication’s “Name” text field

Stored cross-site scripting XSS vulnerability in the notifications widget in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web scripts or HTML via a crafte...

5.4CVSS5.3AI score0.00197EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/22 6:30 p.m.10 views

H2O affected by a deserialization vulnerability

A deserialization vulnerability exists in h2oai/h2o-3 versions = 3.46.0.7, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and...

9.8CVSS7.3AI score0.00847EPSS
Exploits1References4Affected Software2
Github Security Blog
Github Security Blog
added 2025/09/22 6:4 p.m.13 views

CodeChecker has a buffer overflow in the log command

Summary CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldlogger library, which is executed by the CodeChecker log command. Details Unsafe usage of strcpy function in the internal ldlogger library allows attackers to trigger a buffer overflow by supplying...

7.8CVSS7.3AI score0.00174EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/22 6:3 p.m.11 views

Mailgen: HTML injection vulnerability in plaintext e-mails

HTML Injection and XSS Filter Bypass in Plaintext Emails Summary An HTML injection vulnerability in plaintext emails generated by Mailgen has been discovered. Your project is affected if you use the Mailgen.generatePlaintextemail; method and pass in user-generated content. The issue was discovere...

6.9CVSS6.9AI score0.00409EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/22 6:1 p.m.7 views

`git-comiters` Command Injection vulnerability

Background on the vulnerability This vulnerability manifests with the library's primary exported API: gitCommitersoptions, callback which allows specifying options such as cwd for current working directory and revisionRange as a revision pointer, such as HEAD. However, the library does not saniti...

8.8CVSS7.8AI score0.0228EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/22 6:1 p.m.11 views

@conventional-changelog/git-client has Argument Injection vulnerability

Background on exploitation This vulnerability manifests with the library's getTags API, which allows specifying extra parameters passed to the git log command. In another API by this library - getRawCommits there are secure practices taken to ensure that the extra parameter path is unable to inje...

5.3CVSS7.5AI score0.00202EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/22 3:40 p.m.5 views

Ammonia incorrectly handles embedded SVG and MathML leading to mutation XSS after removal

Affected versions of this crate did not correctly strip namespace-incompatible tags in certain situations, causing it to incorrectly account for differences between HTML, SVG, and MathML. This vulnerability only has an effect when the svg or math tag is allowed, because it relies on a tag being...

6.9AI score
Exploits0References3Affected Software1
Total number of security vulnerabilities33426