Lucene search
K
GithubRecent

33190 matches found

Github Security Blog
Github Security Blog
added 2026/06/18 1:1 p.m.9 views

ZITADEL: Server-Side Request Forgery (SSRF) and Denylist Bypass in Outgoing HTTP Components

Summary A Server-Side Request Forgery SSRF vulnerability was discovered in Zitadel affecting: HTTP Notification Channels: Used as an alternative to SMTP/Twilio configurations, sending payloads to user-defined URLs via HTTP POST webhooks. OIDC BackChannel Logout: Terminates sessions across differe...

6.1AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/18 12:40 p.m.6 views

Cotonti: Stored Cross-Site Scripting in the Personal File Storage (PFS) module

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to stored Cross-Site Scripting in the Personal File Storage PFS module. A folder title pfftitle is imported with the 'TXT' filter, which does not strip or encode HTML the tag check in cotimport is disabled, so an authenticated user can...

7.6CVSS5.9AI score0.00171EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/18 12:40 p.m.6 views

Cotonti: Cross-Site Request Forgery in the Personal File Storage (PFS) module

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the Personal File Storage PFS module. In modules/pfs/inc/pfs.editfolder.php, the folder update action 'a=update' updates folder metadata title, description, public/gallery flags without calling cotcheckxg ...

5.4CVSS5.9AI score0.00116EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/18 12:40 p.m.7 views

Cotonti: Cross-Site Request Forgery in the Personal File Storage (PFS) module

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the Personal File Storage PFS module. In modules/pfs/inc/pfs.main.php, the file upload action 'a=upload' processes uploaded files without calling cotcheckxg to validate the anti-CSRF token, even though...

8.6CVSS6AI score0.00177EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/18 12:40 p.m.7 views

Cotonti: Cross-Site Request Forgery in the administration rights handler

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the administration rights handler. In system/admin/admin.rights.php, the rights update action 'a=update' modifies group access rights including via cotauthaddgroup without calling cotcheckxg to validate th...

9.6CVSS6.2AI score0.00227EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/18 12:32 a.m.8 views

marimo contains a reflected cross-site scripting vulnerability in the notebook page

marimo before 0.23.9 contains a reflected cross-site scripting vulnerability in the notebook page that allows unauthenticated attackers to inject arbitrary JavaScript by exploiting improper escaping of single quotes in the file query parameter reflected into an inline JavaScript string literal...

6.1CVSS5AI score0.00239EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 9:34 p.m.6 views

Hermes Agent contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin validation

Hermes Agent before 0.16.0 contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin validation. FastAPI HTTP middleware does not execute for WebSocket upgrade requests on /api/pty, /api/ws, /api/pub, and /api/events endpoints, enabling...

8.7CVSS6AI score0.006EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 9:34 p.m.10 views

Hermes Agent creates response_store.db and webhook_subscriptions.json with world-readable permissions (mode 0o644)

Hermes Agent before 0.16.0 creates responsestore.db and webhooksubscriptions.json with world-readable permissions mode 0o644, exposing conversation history and HMAC secrets to local users. Attackers with local filesystem access can read these files directly to obtain sensitive data including...

6.8CVSS5.8AI score0.00108EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 9:34 p.m.6 views

Pimcore CMS Twig Sandbox Bypass via SecurityPolicy checkMethodAllowed

Pimcore CMS/DXP version 12.3.8 contains a sandbox bypass vulnerability that allows authenticated administrative attackers to execute arbitrary methods on PHP objects by exploiting empty checkMethodAllowed and checkPropertyAllowed implementations in the custom Twig SecurityPolicy. Attackers can...

8.6CVSS6.7AI score0.00623EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 6:52 p.m.13 views

CakePHP Authentication: Open redirect weakness via backslash bypass

Impact The getLoginRedirect method contains a weakness to backslash bypasses allowing redirect targets with attacker controlled hostnames. Patches 3.3.6 and 4.1.1 contain a fix for this issue. Workarounds If you are unable to upgrade, you should consider adding application validation to the...

5.1CVSS5.3AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 6:49 p.m.10 views

Avo: Missing Authorization in Avo Association Attach Endpoint Allows Unauthorized Relationship Manipulation and Privilege Escalation

Summary A critical missing authorization flaw exists in Avo's association attach workflow. The UI and GET /resources/:resource/:id/:related/new path can check attach?, but the actual write endpoint, POST /resources/:resource/:id/:related, does not run the same authorization check before mutating...

5.4AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 6:48 p.m.12 views

Deno: Denial of service via non-ASCII bytes in WebSocket response headers

Summary A Deno program that opens a client WebSocket connection could be crashed by the remote server. While handling the WebSocket handshake response, Deno parsed the Sec-WebSocket-Protocol and Sec-WebSocket-Extensions response headers in a way that assumed their bytes were always printable ASCI...

4.3CVSS5.5AI score0.00183EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 6:47 p.m.11 views

HAPI FHIR: XXE in XsltUtilities.saxonTransform via unhardened Saxon TransformerFactory

Summary org.hl7.fhir.utilities.XsltUtilities exposes two parallel families of XSLT transform helpers. The transform... overloads obtain their TransformerFactory from the project's hardened helper XMLUtil.newXXEProtectedTransformerFactory which sets ACCESSEXTERNALDTD="" and...

8.7CVSS5.5AI score0.00309EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 6:47 p.m.14 views

HAPI FHIR: Incomplete fix for CVE-2026-45367: DSTU2 FHIRPathEngine.matches() missing RegexTimeout protection allows ReDoS

Summary The fix for CVE-2026-45367 added RegexTimeout protection to the matches function in DSTU2016MAY, DSTU3, R4, R4B, and R5, but the DSTU2 module was incompletely patched. In org.hl7.fhir.dstu2, replaceMatches was updated while matches at line 2462 still calls the raw String.matchessw without...

7.5CVSS5.3AI score0.00354EPSS
Exploits0References2Affected Software4
Github Security Blog
Github Security Blog
added 2026/06/17 6:43 p.m.14 views

Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak

Summary Unauthenticated users can upload any amount of data to the server without any limitations. No need for any prior knowledge, only network access to Langflow. This can lead to space exhaustion on the server. In adition, in the response, the absolute path of the uploaded file is reported to...

9.3CVSS5.3AI score0.00332EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 6:42 p.m.9 views

handlebars.java FileTemplateLoader Path Traversal

Impact Any application that passes user-controlled input to Handlebars.compile using a FileTemplateLoader or ClassPathTemplateLoader is vulnerable to arbitrary file read. This is a realistic attack surface for web applications that use template names from URL path parameters, request parameters, ...

7.5CVSS5.5AI score0.00414EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 6:41 p.m.13 views

Filament: Disabled RichEditor field state can be used for XSS

In Filament v3, a disabled RichEditor field rendered its raw state without sanitizing HTML. Where the data stored in this field's state isn't sanitized already when the form state was filled, an attacker could plant malicious HTML or JavaScript and achieve XSS that executes for users who view the...

7.6CVSS5.2AI score0.00168EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 6:39 p.m.13 views

LangChain4j: SQL injection via metadata filters in langchain4j-mariadb and langchain4j-pgvector

Summary The MariaDB and pgvector embedding stores build metadata-filter SQL by string-concatenating filter keys and, in MariaDB, string values directly into the query without adequate escaping. A crafted metadata key in EmbeddingSearchRequest.filter can break out of its SQL context and inject...

5.8AI score
Exploits0References2Affected Software2
Github Security Blog
Github Security Blog
added 2026/06/17 6:35 p.m.9 views

earmark: Stored XSS via unescaped HTML attribute values

Improper Neutralization of Script in Attributes in a Web Page vulnerability in pragdave earmark allows stored cross-site scripting via unescaped HTML attribute values. 'Elixir.Earmark.Transform':makeatt1/2 in lib/earmark/transform.ex splices attribute values verbatim between two literal " bytes: ...

4.8CVSS5AI score0.00133EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 6:35 p.m.7 views

Duplicate Advisory: picklescan has Arbitrary file read using `io.FileIO`

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9726-w42j-3qjr. This link is maintained to preserve external references. Original Description picklescan before 0.0.35 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers t...

8.7CVSS5.6AI score0.00509EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 6:35 p.m.18 views

Duplicate Advisory: PickleScan's profile.run blocklist mismatch allows exec() bypass

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7wx9-6375-f5wh. This link is maintained to preserve external references. Original Description picklescan before 1.0.4 contains an incomplete blocklist for the profile module that fails to block the module-level...

9.8CVSS6.3AI score0.0046EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 6:35 p.m.8 views

Duplicate Advisory: picklescan missing detection by simple obfuscation of a `builtins.eval` call

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9m3x-qqw2-h32h. This link is maintained to preserve external references. Original Description picklescan before 1.0.1 contains an unsafe deserialization vulnerability allowing unauthenticated users to execute...

9.8CVSS6AI score0.00519EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 6:35 p.m.7 views

Duplicate Advisory: Picklescan (scan_pytorch) Bypass via dynamic eval MAGIC_NUMBER

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-97f8-7cmv-76j2. This link is maintained to preserve external references. Original Description picklescan before 1.0.3 contains a scanning bypass vulnerability in the scanpytorch function that allows attackers to...

7.1CVSS6AI score0.00434EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 6:35 p.m.7 views

katello: missing repository authorization in content_uploads exposes cross-product content existence

A flaw was found in Katello's of Red Hat Satellite. A content upload functionality where insufficient authorization checks in the ContentUploadsController allowed users with the editproducts permission to query content information for repositories outside the products they were authorized to...

4.3CVSS5.3AI score0.00197EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 6:35 p.m.14 views

Duplicate Advisory: PickleScan's pkgutil.resolve_name has a universal blocklist bypass

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vvpj-8cmc-gx39. This link is maintained to preserve external references. Original Description picklescan before 1.0.4 fails to block pkgutil.resolvename, allowing attackers to bypass the entire blocklist by...

10CVSS5.8AI score0.00623EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 6:35 p.m.7 views

Duplicate Advisory: Picklescan Bypasses Unsafe Globals Check using pty.spawn

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hgrh-qx5j-jfwx. This link is maintained to preserve external references. Original Description PickleScan before 0.0.33 fails to include the pty.spawn function in its unsafe globals list, allowing attackers to...

8.8CVSS6AI score0.00384EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 6:35 p.m.7 views

Duplicate Advisory: Picklescan does not block ctypes

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4675-36f9-wf6r. This link is maintained to preserve external references. Original Description picklescan before 0.0.33 fails to block the ctypes module, allowing attackers to achieve remote code execution by...

9.8CVSS6.5AI score0.00757EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 6:35 p.m.9 views

pdfkit: Path traversal in from_string

In JazzCore python-pdfkit 1.0.0, the fromstring method enables the execution of JavaScript code within the context of the server application and the exfiltration of local files...

8.4CVSS5.5AI score0.00392EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 6:35 p.m.9 views

Duplicate Advisory: Picklescan has pickle parsing logic flaw that leads to malicious pickle file bypass

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9gvj-pp9x-gcfr. This link is maintained to preserve external references. Original Description picklescan before 0.0.27 contains a parsing logic error in the listglobals function when handling STACKGLOBAL opcodes...

9.8CVSS5.2AI score0.00475EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 6:35 p.m.12 views

OpenStack Horizon RC file generation does not escape special characters in project names

OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability...

6CVSS5.3AI score0.0019EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 6:35 p.m.6 views

Duplicate Advisory: Picklescan vulnerable to Arbitrary File Writing

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-m273-6v24-x4m4. This link is maintained to preserve external references. Original Description picklescan before 0.0.33 contains an arbitrary file writing vulnerability that allows attackers to bypass the dangero...

9.8CVSS5.9AI score0.00624EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 6:35 p.m.6 views

Duplicate Advisory: Picklescan has Incomplete List of Disallowed Inputs

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-84r2-jw7c-4r5q. This link is maintained to preserve external references. Original Description picklescan before 0.0.33 contains an incomplete deny-list that fails to block pydoc.locate and operator.methodcaller...

9.8CVSS6.1AI score0.00623EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 6:35 p.m.8 views

Apache Shiro: LDAP DN Injection in DefaultLdapRealm

A remote attacker can inject LDAP special characters into the Distinguished Name DN construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN template without any escaping of RFC 2253 special characters. This allows an attacker to manipulate th...

9.1CVSS5.3AI score0.00494EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 6:35 p.m.8 views

Apache Airflow SFTP provider: Path traversal in SFTPHook.retrieve_directory

A path traversal in the SFTP provider SFTPHook.retrievedirectory / SFTPOperatoroperation=get let a malicious or compromised remote SFTP server write files outside the configured local destination directory via crafted directory-entry names. No Airflow account is required — the attack surface is a...

9.1CVSS5.3AI score0.00626EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 6:35 p.m.9 views

Apache DolphinScheduler: An incorrect authorization vulnerability allows authenticated users to access alert instances associated with alert groups they do not have permission to access.

Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

6.5CVSS5.3AI score0.00433EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 6:35 p.m.6 views

Apache DolphinScheduler: Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects

Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue...

4.9CVSS5AI score0.00437EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 6:35 p.m.26 views

Apache DolphinScheduler: Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access.

Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access. This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue...

6.5CVSS5.2AI score0.00312EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 6:35 p.m.9 views

Apache DolphinScheduler: The `/v2` experimental interface lacks permission checks

Incorrect Authorization vulnerability of /v2 experimental interface in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

9.1CVSS5.2AI score0.00337EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 6:35 p.m.10 views

Apache DolphinScheduler: DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure

DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

9.8CVSS5.2AI score0.0039EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 6:35 p.m.7 views

Duplicate Advisory: image EXIF Rotation & PNG tRNS Transparency Not Normalized, Causing Mismatch Between Model Input and Expectations

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8jr5-v98p-w75m. This link is maintained to preserve external references. Original Description A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from...

4.8CVSS5.2AI score0.00239EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 6:14 p.m.12 views

Capsule: Incomplete fix of CVE-2026-30963: singular/plural typo leaves namespaces/finalize unprotected

Summary Capsule v0.13.2 webhook rules contain namespace/finalize singular instead of namespaces/finalize plural. K8s requires plural. The finalize defense from CVE-2026-30963 fix is absent. Details PUT to /api/v1/namespaces//finalize has resource=namespaces plural. The singular rule never matches...

3.9CVSS5.3AI score0.00202EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 6:13 p.m.13 views

webpack-dev-server vulnerable to HMR WebSocket interception via permissive user proxies

Impact When a user-configured proxy on webpack-dev-server has a broad context e.g. / and ws: true, it also intercepts the dev server's own HMR WebSocket and forwards it to the proxy target. This leaks the browser's cookies and Origin header to the backend, bypasses the dev server's Host/Origin...

5.3CVSS5.3AI score0.00163EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 6:12 p.m.50 views

Multer vulnerable to Denial of Service via deeply nested field names

Impact Multer is vulnerable to a Denial of Service DoS via deeply nested field names in multipart form data. The append-field dependency parses bracket notation in field names e.g., abc with no limit on nesting depth, allowing an attacker to force allocation of deeply nested object structures tha...

7.5CVSS5.3AI score0.00278EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 6:11 p.m.13 views

Multer vulnerable to Denial of Service via incomplete cleanup of aborted uploads

Impact A vulnerability in Multer allows an attacker to trigger a Denial of Service DoS by aborting or sending malformed multipart uploads, causing orphaned partial files to accumulate on disk when using diskStorage. Patches Users should upgrade to 2.2.0, 3.0.0-alpha.2 or higher Workarounds None...

7.5CVSS5.3AI score0.00278EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 6:10 p.m.9 views

Gitea: Open Redirect via redirect_to

Details Despite the validation within urlIsRelative in modules/httplib/url.go, an open redirect is still possible due to usage of directory traversal sequences plus a back-slash in the "redirectto" parameter. PoC When a user uses this URL to login:...

6.1CVSS5.3AI score0.00248EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 6:10 p.m.17 views

Gitea: Stored XSS via glTF `extensionsRequired` in Gitea 3D File Viewer

Summary Me again. Gitea's built-in 3D file viewer powered by Online3DViewer is vulnerable to stored cross-site scripting XSS through crafted .gltf files. When a glTF file declares an unsupported required extension, Online3DViewer generates an error message containing the extension name and Gitea...

8.7CVSS5.7AI score0.00336EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 6:9 p.m.10 views

Gitea: Public-only tokens bypass private-resource restrictions on `/api/v1/user` self routes

Summary Many authenticated self routes under /api/v1/user/... do not enforce the public-only token restriction. As a result, a token or OAuth grant marked public-only, but otherwise carrying the route-required read/write scope category, can access or modify private account resources through self...

5.3CVSS7.5AI score0.00238EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 6:8 p.m.22 views

Gitea: API Fork Missing CanCreateOrgRepo Check Allows Org Secret Exfiltration

Summary The API endpoint POST /api/v1/repos/owner/repo/forks only checks IsOrgMember when a user forks a repository into an organization, but does not check CanCreateOrgRepo. The web UI fork handler correctly checks both. This allows a read-only organization member — in a team with...

8.1CVSS6AI score0.00304EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 6:7 p.m.12 views

Daytona: Cross-tenant data leak in notification WebSocket gateway via unverified organizationId join

Summary A cross-tenant authorization flaw in Daytona's notification WebSocket gateway allowed any authenticated user to subscribe to another organization's realtime notification channel and passively receive that organization's events. Impact The notification gateway's JWT handshake joined a...

6.5CVSS5.3AI score0.00275EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 6:6 p.m.11 views

Claude Code: Out-of-Band Data Exfiltration via Pre-Approved HuggingFace Domain in WebFetch

Because the hostname huggingface.co was pre-approved as a bare hostname for the WebFetch tool, any path on that domain—including attacker-controlled model repositories—was auto-approved without a permission prompt or being subject to --allowedTools restrictions. An attacker able to inject untrust...

9.1CVSS5.5AI score0.00403EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities33190