33227 matches found
stigmem-node: Auth-disabled deployments may grant broad anonymous access outside loopback
Impact Stigmem nodes configured with authentication disabled could grant the anonymous identity broad read/write/federation capabilities if exposed outside a loopback-only local development environment. Impacted users are operators who intentionally disabled authentication while binding the node ...
Nezha's authenticated DDNS webhook configuration allows blind SSRF from the dashboard host
Summary An authenticated Nezha dashboard user can create or update a DDNS profile with provider webhook and configure an arbitrary webhookurl, HTTP method, request body, and headers. When DDNS is triggered for a server that uses that profile, the dashboard process sends the configured request wit...
Admidio: Any logged-in user can delete inventory fields via `mode=field_delete` — incomplete fix of #2024
Summary Commit d37ca6b27b9674238e58491cf7ba292e66898f15 "Delete item not check admin rights 2024", 2026-04-12 added a missing isAdministratorInventory gate to case 'itemdelete': in modules/inventory.php. The same fix was not applied to the sibling case 'fielddelete': handler, which destroys an...
Admidio writes session IDs and auto-login cookie values to application logs
Summary When debug logging is enabled, Session::setCookie logs full cookie values and Session::start logs the current session ID. In a real Admidio deployment this includes both the active session cookie and the persistent auto-login cookie. Anyone with access to the log sink can recover live...
Admidio PKCS#12 private key export action lacks CSRF protection
Summary The sensitive mode=export action in modules/sso/keys.php exports a PKCS12 bundle containing the configured private key and certificate, but the CSRF validation line is commented out. A forged cross-site POST from an administrator session can therefore trigger private key export without a...
Admidio has IDOR in `documents-files.php` `mode=move_save` that lets any folder-uploader exfiltrate files from private folders
Summary modules/documents-files.php gates state-changing modes by checking that the actor has hasUploadRight on the URL parameter folderuuid. The movesave handler then operates on a separate URL parameter fileuuid and calls File::moveToFolder$destFolderUUID. File::moveToFolder checks the upload...
Admidio: IDOR in documents-files.php allows cross-folder file rename and description changes by unauthorized uploaders
Summary modules/documents-files.php mode filerenamesave shares the same root-cause shape as the cross-folder move bug 05-documents-cross-folder-move-idor.md: the top-level rights check at lines 79-89 validates hasUploadRight on the URL parameter folderuuid, but the rename operation acts on fileuu...
Admidio: CSRF in SSO client `enable` action toggles SAML/OIDC clients without token validation
Summary modules/sso/clients.php validates an admcsrftoken on every state-changing branch except enable. The enable case loads the SAML or OIDC client by UUID, calls $client-enable$enabled, and persists the new state with no token check. Because the action is reachable via plain GET parameters, a...
Admidio's CSRF in registration `send_login` mode resets arbitrary user passwords
Summary modules/registration.php mode sendlogin regenerates a random password for useruuidassigned, stores its bcrypt hash in admusers.usrpassword, and emails the cleartext to that user. Every other state-changing mode in the same file assignmember, assignuser, deleteuser, createuser calls...
Admidio module-administrator can delete or reorder categories owned by other modules via dead authorization check in `modules/categories.php`
Summary modules/categories.php checks that the supplied type parameter ANN, EVT, ROL, USF, … corresponds to a module the actor administers. The follow-up "is this specific category editable by me" check at lines 56-61 is dead code because it compares $getType a category-type code against mode nam...
Admidio: Authorization bypass in file_delete enables cross-folder file removal by authenticated users without delete privileges
Summary An authenticated Admidio member with upload rights on any one folder can permanently delete files from folders where they have only view access. The authorization check at the top of modules/documents-files.php evaluates upload rights against the attacker-supplied folderuuid URL parameter...
BoxLite has a Timeout Bypass Vulnerability
Summary BoxLite is a sandbox service that allows users to create lightweight virtual machines Boxes and run OCI containers within them. BoxLite allows users to configure a timeout for services running inside the virtual machine. When the timeout is triggered, BoxLite sends a signal to kill the...
Symfony: Twilio SMS Notifier allows unauthenticated webhook injection due to missing X-Twilio-Signature verification
Description The Twilio SMS notifier bridge ships a webhook request parser used to authenticate and decode the status callbacks Twilio POSTs to an application's webhook endpoint. Its doParseRequest $request, \SensitiveParameter string $secret method receives the configured webhook secret but never...
Spatie Laravel Media Library contains a file upload restriction bypass
Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in FileAdder::defaultSanitizer. The sanitizer checks only the final filename suffix, allowing double-extension filenames such as shell.php.jpg to bypass the blocklist, with pathinfo preserving inner .php...
Spatie Laravel Media Library contains a server-side request forgery vulnerability
Spatie Laravel Media Library before version 11.23.0 contains a server-side request forgery vulnerability that allows remote attackers to cause the server to issue arbitrary outbound HTTP requests by passing user-controlled URLs to the addMediaFromUrl method in InteractsWithMedia.php...
ouroboros-ai Vulnerable to Remote Code Execution via Untrusted Project-Directory .env
Impact A Remote Code Execution RCE vulnerability was discovered in Ouroboros. If a user clones a malicious repository and runs Ouroboros commands within that directory, it can lead to arbitrary code execution and potential system takeover. The vulnerability CWE-426: Untrusted Search Path & CWE-15...
Authelia Missing Username Canonicalization in Basic Auth (LDAP)
Impact CVSSv4 Baseline Score: Moderate 6.3 CVSSv4 Weighted Score: Low 2.9 The full CVSSv4 Vector for this vulnerability is:...
authentik's XML Signature Wrapping in SAML Source ACS allows authentication as arbitrary federated user
Summary authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when validating upstream SAML responses. An attacker with any account at the upstream IdP can reuse a valid signed assertion to authenticate as another federated user. Patches authentik 2026.5.1, 2026.2.4 and...
CC-Tweaked has an SSRF Protection Bypass with NAT64
Summary CC-Tweaked's HTTP API http.request, http.websocket blocks requests to private network ranges to prevent server-side request forgery SSRF. This protection can be bypassed on IPv6-capable servers using NAT64 well-known prefix addresses 64:ff9b::/96. An attacker who can execute Lua code can...
zeroconf has unbounded DNS record cache that allows LAN-local memory exhaustion via multicast flood
Impact DNSCache.asyncadd inserted every response record into cache, expirations, expireheap, and servicecache with no cap on entry count. The only pre-existing protection was a PTR TTL floor DNSPTRMINTTL = 1125 s, RFC 6762 §10, which actually prolonged attacker-injected records, and a periodic...
zeroconf: Unbounded exception-dedup state retains packet buffers via traceback frame locals, enabling LAN-local memory exhaustion
Impact DNSIncoming.logexceptiondebug and the four QuietLogger exception-dedup methods stored an unbounded seenlogs dict keyed by strsys.excinfo1. The seven IncomingDecodeError messages raised from readname / decodelabelsatoffset RFC 6762 §18 name-decoding error paths all embed self.source — the...
zeroconf has unbounded recursion in DNS compression-pointer decoder that allows LAN-local denial of service
Impact DNSIncoming.decodelabelsatoffset recurses once per DNS-name compression pointer RFC 1035 §4.1.4. Pointer cycles and label counts were capped, but the chain length of unique forward pointers was not. A single 3 kB mDNS packet carrying 1500 chained pointers drives the recursion past CPython'...
Nerdbank.MessagePack has Inefficient CPU Computation
Impact Applications that call OptionalConverters.WithExpandoObjectConverter and deserialize untrusted data are open to a vulnerability by which an attacker can exploit a On² algorithm to burn an inordinate amount of CPU effort by adding a great many properties to an ExpandoObject, whose Add metho...
Koel Vulnerable to SSRF via Podcast Episode Enclosure URLs
Summary Koel validates the podcast feed URL via the SafeUrl rule DNS resolution + public IP check, but the individual episode values extracted from the RSS XML are stored directly into the database without any SSRF validation. When a user plays an episode, the server downloads the full HTTP...
Nerdbank.MessagePack has a memory amplification DoS in collection deserialization
Nerdbank.MessagePack deserializers for many collection-shaped types trusted the element count declared in MessagePack array and map headers when allocating destination storage. A crafted payload could therefore force large arrays, pooled buffers, dictionaries, or collection instances to be...
Sparkle's AppInstaller post-stage-1 XPC listener accepts unvalidated connections, allowing spoofed appcast item data injection
Summary AppInstaller post-stage-1 XPC listener accepts unvalidated connections, allowing spoofed appcast item data injection. Details Autoupdate/AppInstaller.m's shouldAcceptNewConnection: only enforces SUCodeSigningVerifier validateConnection: before stage 1 completes. After...
Sparkle: Binary delta apply intermediate-symlink traversal in malicious .delta
Summary Binary delta apply intermediate-symlink traversal in malicious .delta Autoupdate/SUBinaryDeltaApply.m enforces relativePath.pathComponents containsObject:@".." and rejects writes whose immediate parent directory IS itself a symbolic link, but does not detect symlinks deeper in the relativ...
go-git: Malformed Git object data may cause panics or resource exhaustion
Impact Several denial-of-service issues were identified in go-git when parsing maliciously crafted Git repository data. An attacker may craft a malicious .pack, .idx or loose objects that causes an application using an affected version of go-git to panic or consume excessive resources. This can...
russh server userauth state is not reset when authentication principal changes
Summary The russh server authentication path keeps internal userauth state across SSHMSGUSERAUTHREQUEST messages without separating that state when the request principal changes. RFC 4252 allows the user name and service name fields to change between authentication requests. The issue is not that...
russh: Post-decompression SSH packet size was not bounded, allowing remote oversized compressed packets
Summary When SSH compression is enabled, russh accepted compressed packets whose on-wire size passed the normal transport packet-length checks but whose decompressed size was much larger. This allowed a remote peer to send oversized post-decompression packets that should have been rejected. In...
amazon-redshift-python-driver vulnerable to Remote Code Execution via eval() Injection
Summary amazon-redshift-python-driver is the official Python connector for Amazon Redshift. In versions 2.1.13 and earlier, the driver insufficiently validates data received from the server during query result processing. A rogue server or man-in-the-middle could leverage this to execute arbitrar...
uv is vulnerable to arbitrary file write through entry point names
Impact In versions of uv prior to 0.11.15, when installing a distribution containing an entry point specification under consolescripts or guiscripts, uv would place the generated entry point according to the given name even if doing so resulted in a path outside of the environment's scripts...
AgenticMail API/storage and outbound relay hardening fixes
The current upstream main branch at commit 7e0206d was reviewed, and the fix-first patch set was rebased on 2026-05-18. The patches cover: validated and bound inactive-agent hour filtering; storage SQL identifier validation; metadata-backed ownership checks for raw storage SQL; blocking direct...
Parse Server's GraphQL "Did you mean ...?" validation suggestions disclose schema to unauthenticated callers
Impact Parse Server's GraphQL endpoint discloses schema metadata to unauthenticated callers through Did you mean ...? suggestions embedded in GraphQL validation-error messages. An unauthenticated caller who knows only the public application id can iteratively send malformed queries to reconstruct...
tar has a PAX header desynchronization issue
Summary When a tar stream contains multiple "header" entries prior to a file entry, tar-rs applies the PAX header x to the next entry in the stream, regardless of type. For example, a stream of x - L - file PAX, GNU longname, file would result in x's extensions being applied to L rather than to...
astral-tokio-tar has a PAX Header Desynchronization issue
Impact Versions of astral-tokio-tar prior to 0.6.2 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle...
ezsystems/ezpublish-legacy has a SQL injection in dfscleanup
NB: All tags and branches in this repository are past their end of life, so the vulnerability will not be fixed. The advisory is posted on the request of the researcher, for the information of anyone who might still use this software. Impact There is a security vulnerability in eZ Publish Legacy,...
unbounded-spsc: Sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race
Summary Sender::send in src/lib.rs contains an unsafe block in the DISCONNECTED arm that transmutes a raw pointer mut Producer into the bytes of a value-level Consumer. The author's intent, visible in the surrounding comment at lines 386-390, was a value transmute. The shipped code is one level o...
CAPM3 vulnerable to Cross-Namespace resource access
Summary CAPM3 is Metal3's Cluster API CAPI provider for baremetal provisioning in Kubernetes. Multiple cross-namespace access control vulnerabilities in Cluster API Provider Metal3 allow users with permissions to create or modify CAPM3 resources in one namespace to reference, read, or claim...
xiaomusic contains an unauthenticated path traversal vulnerability
xiaomusic v0.5.7 contains an unauthenticated path traversal vulnerability in the GET /music/filepath:path endpoint that allows unauthenticated attackers to read arbitrary files outside the intended music directory by exploiting an incomplete path prefix check. Attackers can request files from...
agno contains a SQL injection vulnerability
agno 2.6.5 contains a SQL injection vulnerability in the ClickHouse vector database backend that allows attackers to inject arbitrary SQL expressions by supplying malicious metadata keys and values to the deletebymetadata method. Attackers can exploit the unsafe f-string interpolation in...
Duplicate Advisory: OpenClaw: QQBot native approval buttons did not enforce configured approver identity
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mgq6-vr84-7m2j. This link is maintained to preserve external references. Original Description OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails ...
IPAM controller service account granted unnecessary full access to Secrets
Impact IPAM is the IP address Manager for Cluster API Provider Metal3. The IPAM controller's ClusterRole granted full CRUD permissions create, delete, get, list, patch, update, watch on core/v1 Secrets. The controller never accesses Secrets during normal operation. If the controller pod were...
Ironic Standalone Operator's controller modifies user-owned resources without consent
Impact The Ironic Standalone Operator IRSO is the operator to maintain an Ironic deployment for Metal3. IRSO controller automatically adds its environment label to user-provided Secrets and ConfigMaps without the resource owner's consent. A high-privilege controller modifying user-owned resources...
Ironic Standalone Operator's prometheus metrics exporter bound to all interfaces
Impact The Ironic Standalone Operator IRSO is the operator to maintain an Ironic deployment for Metal3. The Prometheus metrics exporter binds to 0.0.0.0 all network interfaces by default with no authentication. The default config is disabled. If enabled, this exposes operational metrics to any ho...
NodeVM observability builtins leak host process and HTTP request data
Summary NodeVM exposes some process-wide observability builtins when they are allowed through require.builtin. The following builtins are not blocked by the dangerous builtin denylist: text diagnosticschannel asynchooks perfhooks These modules are process-wide, not sandbox-local. Sandboxed code c...
NodeVM network builtin exclusions bypass via internal _http_client and _http_server
Summary NodeVM supports excluding public network builtins from the wildcard builtin option. With this configuration direct access to http, https, http2, net, dgram, tls, dns, and dns/promises is blocked. However, Node.js also exposes underscored internal HTTP builtins such as httpclient and...
NodeVM builtin denylist bypass via process and inspector/promises allows host code execution
Summary NodeVM blocks several dangerous Node.js builtins such as module, workerthreads, cluster, vm, repl, and inspector. However, the denylist misses process and inspector/promises. Both can be used from sandboxed code to reach host-side execution primitives. This allows sandboxed code to bypass...
ExifReader is vulnerable to denial of service via crafted ICC `mluc` tag
Impact When parsing an image with an embedded ICC profile that contains a crafted multiLocalizedUnicodeType mluc tag, ExifReader can be made to allocate memory proportional to attacker-controlled fields in the tag rather than to the actual size of the input. Processing such an image causes...
ExifReader is vulnerable to denial of service via unbounded decompression of image metadata
Impact Versions of ExifReader from 4.20.0 through 4.38.1 do not bound the size of decompressed metadata blocks. When a caller invokes the asynchronous API e.g. ExifReader.loadfile or ExifReader.loadbuffer, async: true on an attacker-supplied image, a small compressed chunk in the file can expand ...