Lucene search
+L
GithubRecent

33426 matches found

Github Security Blog
Github Security Blog
added 2025/09/16 3:32 p.m.15 views

Podman Creates Temporary File with Insecure Permissions

A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the created files...

7.4CVSS6.5AI score0.00596EPSS
Exploits0References18Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/16 3:32 p.m.7 views

Spring Expression language property modification using Spring Cloud Gateway Server WebFlux

Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server Webflux Spring Cloud Gateway Server WebMVC is not vulnerable...

10CVSS6.9AI score0.03311EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/16 3:32 p.m.10 views

Spring Framework annotation detection mechanism may result in improper authorization

The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application may be affected by...

7.5CVSS6.9AI score0.0046EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/16 3:32 p.m.7 views

TYPO3 "Form to Database" extension susceptible to Cross-site Scripting

The extension "Form to Database" is susceptible to Cross-Site Scripting. This issue affects the following versions: before 2.2.5, from 3.0.0 before 3.2.2, from 4.0.0 before 4.2.3, from 5.0.0 before 5.0.2...

2.3CVSS6.9AI score0.00311EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/16 3:32 p.m.14 views

Spring Security annotation detection mechanism has authorization bypass

The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue when using @PreAuthorize and other method security annotations, resulting in an authorization...

7.5CVSS6.9AI score0.00433EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/16 1:54 a.m.10 views

Openfire has potential identity spoofing issue via unsafe CN parsing

Summary Identity spoofing in X.509 client certificate authentication in Openfire allows internal attackers to impersonate other users via crafted certificate subject attributes, due to regex-based extraction of CN from an unescaped, provider-dependent DN string. Analysis Openfire’s SASL EXTERNAL...

5.9CVSS7.1AI score0.0022EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/16 12:30 a.m.11 views

Liferay Stored Cross-site Scripting vulnerability

Stored cross-site scripting XSS vulnerability in a custom object’s /o/c/ API endpoint in Liferay Portal 7.4.3.51 through 7.4.3.109, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 update 51 through update 92, and 7.3 update 33 through update 35 allows remote attackers to inject arbitrary web...

6.1CVSS5.6AI score0.00243EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/16 12:30 a.m.6 views

Liferay has Insecure Default Initialization of Resource issue

In Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions, the default membership type of a newly created site is “Open” which allows any registered users to become a member...

5.4CVSS6.9AI score0.00231EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/15 11:58 p.m.12 views

[email protected] contains malware after npm account takeover

Impact On 8 September 2025, an npm publishing account for is-arrayish was taken over after a phishing attack. Version 0.3.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's ow...

8.8CVSS6.6AI score0.00378EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/15 11:58 p.m.12 views

[email protected] contains malware after npm account takeover

Impact On 8 September 2025, an npm publishing account for error-ex was taken over after a phishing attack. Version 1.3.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own...

8.8CVSS6.6AI score0.00378EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/15 11:32 p.m.12 views

[email protected] contains malware after npm account takeover

Impact On 8 September 2025, the npm publishing account for color-convert was taken over after a phishing attack. Version 3.1.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's...

8.8CVSS6.6AI score0.00378EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/15 10:3 p.m.21 views

[email protected] contains malware after npm account takeover

Impact On 8 September 2025, an npm publishing account for color-name was taken over after a phishing attack. Version 2.0.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own...

8.8CVSS6.6AI score0.00473EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/15 9:30 p.m.13 views

Liferay Portal Uses Default Password

Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35, and older unsupported versions does not limit access to APIs before a user has changed their initial password, whi...

6.9CVSS6.9AI score0.00244EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/15 9:30 p.m.14 views

Liferay DXP Missing Critical Step in Authentication

Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password TOTP to be used multiple times during the validity period, which allows attackers with access to a user’s TOTP to authenticate as the user...

6.5CVSS7.1AI score0.00165EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/15 9:30 p.m.10 views

Liferay Portal Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in Objects in Liferay Portal 7.4.3.20 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an object with a...

6.1CVSS6AI score0.00207EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/15 9:30 p.m.24 views

[email protected] contains malware after npm account takeover

Impact On 8 September 2025, the npm publishing account for debug was taken over after a phishing attack. Version 4.4.2 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own...

8.8CVSS6.6AI score0.00378EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/15 9:29 p.m.12 views

[email protected] contains malware after npm account takeover

Impact On 8 September 2025, the npm publishing account for color was taken over after a phishing attack. Version 5.0.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own...

8.8CVSS6.7AI score0.00378EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/15 9:23 p.m.16 views

[email protected] contains malware after npm account takeover

Impact On 8 September 2025, the npm publishing account for color-string was taken over after a phishing attack. Version 2.1.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's...

8.8CVSS6.7AI score0.00378EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/15 9:22 p.m.10 views

[email protected] contains malware after npm account takeover

Impact On 8 September 2025, the npm publishing account for simple-swizzle was taken over after a phishing attack. Version 0.2.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker'...

8.8CVSS6.7AI score0.00378EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/15 9:21 p.m.8 views

[email protected] contains malware after npm account takeover

Impact On 8 September 2025, the npm publishing account for backslash was taken over after a phishing attack. Version 0.2.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own...

8.8CVSS6.6AI score0.00378EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/15 8:37 p.m.8 views

HackMD MCP Server has Server-Side Request Forgery (SSRF) vulnerability

Impact A Server-Side Request Forgery SSRF vulnerability that affects all users running the HackMD MCP server in HTTP mode. Attackers could exploit this vulnerability by passing arbitrary hackmdApiUrl values through HTTP headers Hackmd-Api-Url or base64-encoded JSON query parameters. This allows...

6.9CVSS7AI score0.00332EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/15 8:31 p.m.10 views

Ghost vulnerable to Server Side Request Forgery (SSRF) via oEmbed Bookmark

Impact A vulnerability in Ghost's oEmbed mechanism allows staff users to exfiltrate data from internal systems via SSRF. Vulnerable versions This vulnerability is present in Ghost v5.99.0 to v5.130.3 to and Ghost v6.0.0 to v6.0.8. Patches v5.130.4 and v6.0.9 contain a fix for this issue. Referenc...

6.5CVSS6.8AI score0.00483EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/15 8:30 p.m.12 views

Flowise has unsandboxed remote code execution via Custom MCP

Summary The Custom MCPs feature is designed to execute OS commands, for instance, using tools like npx to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access controls RBAC. Furthermore, the default installation of...

7.8AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/15 8:11 p.m.9 views

Flowise has arbitrary file access due to missing chat flow id validation

Summary Missing chat flow id validation allows an attacker to access arbitrary file. Details Commit https://github.com/FlowiseAI/Flowise/commit/8bd3de41533de78e4ef6c980e5704a1f9cb7ae6f and https://github.com/FlowiseAI/Flowise/commit/c2b830f279e454e8b758da441016b2234f220ac7 added check for filenam...

7AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/15 8:0 p.m.13 views

Flowise has an Arbitrary File Read

Summary An arbitrary file read vulnerability in the chatId parameter supplied to both the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints allows unauthenticated users to read unintended files on the local filesystem. In the default Flowise configuration this allows...

6.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/15 7:59 p.m.33 views

Flowise has Remote Code Execution vulnerability

Description Cause of the Vulnerability The CustomMCP node allows users to input configuration settings for connecting to an external MCP Model Context Protocol server. This node parses the user-provided mcpServerConfig string to build the MCP server configuration. However, during this process, it...

10CVSS8AI score0.90183EPSS
Exploits21References10Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/15 7:53 p.m.6 views

FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability

Summary --- A Server-Side Request Forgery SSRF vulnerability was discovered in the /api/v1/fetch-links endpoint of the Flowise application. This vulnerability allows an attacker to use the Flowise server as a proxy to access internal network web services and explore their link structures. The...

7.5CVSS6.9AI score0.04666EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/15 7:51 p.m.59 views

FlowiseAI Pre-Auth Arbitrary Code Execution

Summary An authenticated admin user of FlowiseAI can exploit the Supabase RPC Filter component to execute arbitrary server-side code without restriction. By injecting a malicious payload into the filter expression field, the attacker can directly trigger JavaScript's execSync to launch reverse...

6.5CVSS8.4AI score0.00594EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/15 6:31 p.m.6 views

Open Web Analytics Server is vulnerable to SQL Injection

Open Web Analytics OWA before 1.8.1 allows SQL injection...

5CVSS7.6AI score0.00385EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/15 6:31 p.m.8 views

Apache Fory Deserialization of Untrusted Data vulnerability

A vulnerability in Apache Fory allows a remote attacker to cause a Denial of Service DoS. The issue stems from the insecure deserialization of untrusted data. An attacker can supply a large, specially crafted data payload that, when processed, consumes an excessive amount of CPU resources during...

6.5CVSS7.1AI score0.0059EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/15 6:31 p.m.12 views

Liferay Portal has Improper Validation of Specified Quantity in Input

Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions may incorrectly identify the subdomain of a domain name and create a supercookie, whic...

7.5CVSS6.9AI score0.00375EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2025/09/15 6:31 p.m.9 views

Liferay Portal has External Control of System or Configuration Settings

Remote staging in Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not properly obtain the remote address of the live site from th...

5.3CVSS6.7AI score0.0029EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/15 6:31 p.m.12 views

Liferay Portal vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected...

6.1CVSS5.9AI score0.00199EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/15 5:30 p.m.8 views

FUSE-Rust: Uninitalized memory read and leak caused by fuser crate

During the creation of a new libfuse session with fusesessionnew, the operation list was passed as NULL incorrectly. libfuse expects this argument to always point to list of operations. This caused uninitialized memory read and leaks in libfuse.so...

6.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/15 5:14 p.m.9 views

Stored XSS in n8n LangChain Chat Trigger Node via initialMessages Parameter

Impact A stored Cross-Site Scripting XSS vulnerability was identified in the @n8n/n8n-nodes-langchain.chatTrigger node in n8n. If an authorized user configures the node with malicious JavaScript in the initialMessages field and enables public access, the script will be executed in the browser of...

5.4CVSS5.7AI score0.00222EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/15 4:46 p.m.15 views

Envoy: Race condition in Dynamic Forward Proxy leads to use-after-free and segmentation faults

Summary A use-after-free UAF vulnerability in Envoy's DNS cache causes abnormal process termination. Envoy may reallocate memory when processing a pending DNS resolution, causing list iterator to reference freed memory. Details The vulnerability exists in Envoy's Dynamic Forward Proxy...

7.5CVSS6.8AI score0.0044EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/15 4:28 p.m.9 views

Before action, Ash's hooks may execute in certain scenarios despite a request being forbidden

Summary Certain bulk action calls with a beforetransaction hook and no aftertransaction hook, will call the beforetransaction hook before authorization is checked and a Forbidden error is returned, when called as a bulk action. The impact is that a malicious user could cause a beforetransaction t...

7.1CVSS6.8AI score0.00293EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/15 3:31 p.m.8 views

Temporal OSS Server Vulnerable to Allocation of Resources Without Limits or Throttling

Insufficiently specific bounds checking on authorization header could lead to denial of service in the Temporal server on all platforms due to excessive memory allocation. This issue affects all platforms and versions of OSS Server prior to 1.26.3, 1.27.3, and 1.28.1 i.e., fixed in 1.26.3, 1.27.3...

6.9CVSS6.7AI score0.00362EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/15 3:31 p.m.13 views

mcp-kubernetes-server has an OS Command Injection vulnerability

feiskyer/mcp-kubernetes-server through 0.1.11 allows OS command injection via the /mcp/kubectl endpoint. The handler constructs a shell command with user-supplied arguments and executes it with subprocess using shell=True, enabling injection through shell metacharacters e.g., ;, &&, $, even when...

9.8CVSS7.8AI score0.01224EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/15 3:31 p.m.8 views

mcp-kubernetes-server has a Command Injection vulnerability

mcp-kubernetes-server does not correctly enforce the --disable-write / --disable-delete protections when commands are chained. The server only inspects the first token to decide whether an operation is write/delete, which allows a read-like command to be followed by a write action using shell...

5.3CVSS7.2AI score0.00281EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/15 1:58 p.m.13 views

serde_yml crate is unsound and unmaintained

Using serdeyml::ser::Serializer.emitter can cause a segmentation fault, which is unsound. The GitHub project for serdeyml was archived after unsoundness issues were raised. If you rely on this crate, it is highly recommended switching to a maintained alternative. Recommended alternatives -...

7AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/15 1:57 p.m.8 views

LibYML: `libyml::string::yaml_string_extend` is unsound and unmaintained

In version 0.0.4, libyml::string::yamlstringextend was revised resulting in undefined behaviour, which is unsound. The GitHub project for libyml was archived after unsoundness issues were raised. If you rely on this crate, it is highly recommended switching to a maintained alternative. Recommende...

7.1AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/15 1:55 p.m.8 views

MetaMask SDK indirectly exposed via malicious [email protected] dependency

Who is affected? This advisory only applies to developers who use MetaMask SDK in the browser and who, on Sept 8th 2025 between 13:00–15:30 UTC, performed one of the following actions and then deployed their application: - Installed MetaMask SDK into a project with a lockfile for the first time -...

7AI score
Exploits0References4Affected Software3
Github Security Blog
Github Security Blog
added 2025/09/15 1:37 p.m.6 views

fast-able is vulnerable to DoS attack through insecure method

The public accessible struct SyncVec has a public safe method getunchecked. It accept a parameter index and used in the getunchecked without sufficient checks as mentioned here...

7AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/15 12:31 p.m.6 views

Chaos Controller Manager is vulnerable to OS command injection

The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster...

9.8CVSS8.5AI score0.03269EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/15 12:31 p.m.10 views

Mattermost makes Use of Weak Hash

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.1, 10.9.x = 10.9.3 fail to properly validate cache keys for link metadata which allows authenticated users to access unauthorized posts and poison link previews via hash collision attacks on FNV-1 hashing...

4.3CVSS6.8AI score0.00141EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2025/09/15 12:31 p.m.9 views

Chaos Controller Manager is vulnerable to OS command injection

The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster...

9.8CVSS8.5AI score0.02814EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/15 12:31 p.m.7 views

Chaos Mesh's Chaos Controller Manager is Missing Authentication for Critical Function

The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service...

7.5CVSS7.2AI score0.00987EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/15 12:31 p.m.8 views

Liferay Portal has stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote authenticated attacke...

4.8CVSS5.3AI score0.00219EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/15 12:31 p.m.9 views

Mattermost Open Redirect vulnerability

Mattermost versions 10.10.x = 10.10.1, 10.5.x = 10.5.9, 10.9.x = 10.9.4 fail to validate the redirectto parameter, allowing an attacker to craft a malicious link that, once a user authenticates with their SAML provider, could post the user’s cookies to an attacker-controlled URL...

7.6CVSS6.8AI score0.00161EPSS
Exploits0References6Affected Software2
Total number of security vulnerabilities33426