Lucene search
K
GithubRecent

33227 matches found

Github Security Blog
Github Security Blog
added 2026/05/27 8:13 p.m.14 views

Symfony has an HtmlSanitizer allowLinkHosts() / allowMediaHosts() Bypass via URL-Parser Differentials and <area> Misclassification

Description symfony/html-sanitizer lets applications sanitise untrusted HTML. The configuration methods allowLinkHosts... and allowLinkSchemes... are intended to restrict targets to an allowlist of hosts/schemes; allowMediaHosts / allowMediaSchemes do the same for etc. Three distinct bypasses all...

5.8AI score0.00048EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/27 8:4 p.m.11 views

Symfony's HtmlSanitizer URL Attributes Pass Through BiDi Override Characters → Visual href Spoofing

Description Symfony\Component\HtmlSanitizer\TextSanitizer\UrlSanitizer::parse used by UrlSanitizer::sanitize and therefore by every HtmlSanitizer config that allows links or media accepts URLs that contain Unicode explicit-direction BiDi formatting characters: U+202A–U+202E LRE / RLE / PDF / LRO ...

5.9AI score0.00069EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/27 7:58 p.m.14 views

CrowdSec AppSec silently drops request body for chunked / HTTP-2 requests

Summary The CrowdSec AppSec component fails to read the HTTP request body for any request whose Content-Length is not positive — most notably HTTP/1.1 requests using Transfer-Encoding: chunked and HTTP/2 requests sent without a content-length header. Coraza is then evaluated against an empty body...

5.9AI score0.00038EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 7:57 p.m.13 views

CrowdSec LAPI: Denial of Service via Unbounded Gzip Decompression

The LAPI router uses gin-contrib/gzip with DefaultDecompressHandle globally pkg/apiserver/controllers/controller.go. This middleware decompresses incoming request bodies without enforcing a maximum decompressed size. The endpoints /v1/watchers or /v1/watchers/login require no authentication. An...

5.8AI score0.00115EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 7:51 p.m.18 views

Deno's TLS retry copies stale upgrade hook, risking plaintext traffic

Summary A flaw in Deno's Node.js tls compatibility layer could cause a TLS client to transmit application data in plaintext after a connection retry. When autoSelectFamily was enabled and the first address-family attempt failed, the socket reinitialization path reused a stale TLS upgrade hook tha...

9.1CVSS5.8AI score0.00142EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 7:38 p.m.13 views

Langroid has Prompt to SQL Injection, Leading to RCE

Security Vulnerability Report: Prompt to SQL Injection leading to RCE in latest Langroid Affected Scope langroid @localhost:5432/postgres" Create SQL Chat Agent config = SQLChatAgentConfig databaseuri=DATABASEURI, llm=OpenAIGPTConfig apibase=os.getenv"bas...

9.8CVSS6.6AI score0.00409EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 6:24 p.m.132 views

LiquidJS is Vulnerable to Remote Code Execution

Summary It is possible to execute arbitrary code with crafted templates Details 1|valueOf - this when evaluating the filter liquid %assign r=1|valueOf% r|inspect json...

6.2AI score0.00089EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 6:8 p.m.14 views

LiquidJS Vulnerable to ReDoS via Quadratic Backtracking in `strip_html` Filter Regex

Summary The built-in striphtml filter in liquidjs uses a regex containing four lazy-quantified alternatives. When the input contains many |||/g, '' The regex contains four lazy patterns: 1. 2. 3. 4. For an input like 'script'.repeatN, the engine encounters N starting positions. At each one it mus...

7.5CVSS5.8AI score0.00385EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 5:42 p.m.17 views

Kirby CMS vulnerable to cross-site scripting (XSS) from links in KirbyTags and image blocks in the site frontend

TL;DR This vulnerability affects all Kirby sites that allow the use of the link: … KirbyTag, the link: parameter of the image: … KirbyTag, the built-in image block with a link or the HTML importer for blocks, when content is authored by users who may not be fully trusted. The attack requires an...

5.9AI score0.00062EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 5:33 p.m.14 views

LiquidJS has a memory and render limit bypass via unbounded width padding in `date` filter (strftime)

Summary The date filter's strftime implementation parses width specifiers like %9999999d and forwards the captured width unchecked into pad/padStart in src/util/underscore.ts. The pad loop performs unbounded string concatenation without consulting the Context's memoryLimit or renderLimit, so a...

7.5CVSS5.8AI score0.00385EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 5:23 p.m.24 views

Kirby CMS's content locks disclose IDs and emails of inaccessible users from `users.access/list` permissions

TL;DR This vulnerability affects all Kirby sites that restrict the visibility of users for certain roles via the users.access or users.list permissions. A site is affected if users of a particular role are not allowed to see other users in the Panel, for example because the role's blueprint sets...

5.6AI score0.00033EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 5:17 p.m.11 views

Pimcore: Missing Authorization in WebDAV MOVE via unchecked asset move handling

Summary Pimcore's WebDAV asset endpoint exposes a MOVE operation through /asset/webdavpath without adding an authentication plugin in the WebDAV controller. The Tree::move implementation then performs asset mutation and deletion before checking a current Pimcore user or any asset permissions. An...

6AI score0.00141EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 4:57 p.m.23 views

Pimcore has Unsafe PHP Deserialization in Multiple Locations Without allowed_classes Restriction

GitHub Security Advisory Draft — GM-374 Summary Multiple locations in Pimcore v11 call PHP's unserialize on data from database columns and filesystem files without the allowedclasses restriction, enabling object injection if an attacker can control the serialized data source. Severity CVSS 3.1: 8...

6.5AI score0.00202EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 4:55 p.m.21 views

Symfony has a UrlGenerator Route-Requirement Bypass via Unanchored Regex Alternation → Off-Site //host URL Injection

Description Symfony routes can declare a requirements regex per path parameter, e.g. a route /locale/blog with requirements: locale: 'en|fr|de' . The Twig path / url helpers backed by UrlGenerator validate supplied parameter values against that regex before building the URL. UrlGenerator construc...

5.8AI score0.0004EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/27 4:50 p.m.71 views

Symfony Vulnerable to Identity Spoofing via Unanchored DN Regex in X509Authenticator

Description X509Authenticator implements client-certificate mTLS authentication: the web server validates the client's certificate against a trusted CA, then passes the certificate's Subject DN Distinguished Name: a string like CN=Alice,O=Example,[email protected] to Symfony via...

5.8AI score0.00069EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/27 3:33 p.m.4 views

pretix vulnerable to Authorization Bypass Through User-Controlled Key

When creating an export through the pretix API, API clients are returned an UUID value for their export job a long, random string like 35742818-c375-4d15-839f-d49aecce94d6. Using this UUID, the API client can then request the actual file for download. The same kind of UUID is used in other places...

7CVSS5.8AI score0.00219EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 3:33 p.m.7 views

Jenkins buildgraph-view Plugin does not escape the build URL

Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the build URL. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure jobs or views. As of publication of this advisory, there is no fix...

5.5CVSS5.6AI score0.00176EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 3:33 p.m.7 views

Jenkins Multijob Plugin has a cross-site request forgery (CSRF) vulnerability

Jenkins Multijob Plugin 662.vd2e0001f6bbd and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to resume failed Multijob builds. Multijob Plugin 669.v9d96ad9c71b0 requires POST requests f...

4.3CVSS5.7AI score0.00152EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 3:33 p.m.5 views

Jenkins Bitbucket OAuth Plugin does not restrict the redirect URL after login

Jenkins Bitbucket OAuth Plugin 0.17 and earlier does not restrict the redirect URL after login. This allows attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site after successful authentication. Bitbucket OAuth Plugin 0.18 only...

4.3CVSS5.6AI score0.00216EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 3:33 p.m.5 views

Jenkins GitHub Integration Plugin has a cross-site request forgery (CSRF) vulnerability

Jenkins GitHub Integration Plugin 0.7.3 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to trigger a build for a pull request. GitHub Integration Plugin 0.7.4 requires POST requests...

4.3CVSS5.7AI score0.00109EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 3:33 p.m.5 views

Jenkins AppSpider Plugin does not perform a permission check in a method implementing form validation

Jenkins AppSpider Plugin 1.0.17 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. AppSpider Plugin 1.0.18 requires Overall/Administer permission to use the affected...

4.3CVSS5.8AI score0.00187EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 3:33 p.m.5 views

Jenkins Job Import Plugin does not perform a permission check in an HTTP endpoint

Jenkins Job Import Plugin 143.v044a2e819b27 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials usin...

4.3CVSS5.8AI score0.00178EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 3:33 p.m.4 views

Jenkins Active Directory Plugin deserializes data from LDAP referrals without validation

Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals from the configured Active Directory server by default. These can forward to an RMI URL that causes Jenkins to deserialize attacker-controlled data, resulting in Remote Code Execution RCE on the Jenkins controller if...

6.6CVSS6.1AI score0.0027EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 3:33 p.m.4 views

Jenkins LDAP Plugin follows LDAP referrals

Jenkins LDAP Plugin 807.v7d7de30930cf and earlier follows LDAP referrals from the configured LDAP server. These can forward to an RMI URL that causes Jenkins to deserialize attacker-controlled data, resulting in Remote Code Execution RCE on the Jenkins controller if deserialization "gadgets" are...

6.6CVSS6.1AI score0.00285EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 3:33 p.m.6 views

Jenkins Active Directory Plugin follows LDAP referrals by default

Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals from the configured Active Directory server by default. These can forward to an RMI URL that causes Jenkins to deserialize attacker-controlled data, resulting in Remote Code Execution RCE on the Jenkins controller if...

6.6CVSS6.1AI score0.00232EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 3:33 p.m.5 views

Jenkins LDAP Plugin deserializes data from LDAP referrals without validation

Jenkins LDAP Plugin 807.v7d7de30930cf and earlier follows LDAP referrals from the configured LDAP server. These can forward to an RMI URL that causes Jenkins to deserialize attacker-controlled data, resulting in Remote Code Execution RCE on the Jenkins controller if deserialization "gadgets" are...

6.6CVSS6.1AI score0.0027EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 3:33 p.m.5 views

Jenkins Pipeline: Groovy Libraries Plugin does not prohibit symbolic links in shared libraries

Jenkins Pipeline: Groovy Libraries Plugin 797.v90eaa9be45a0 and earlier does not prohibit symbolic links in shared libraries. This allows attackers able to control the content of a library used by a Pipeline job to read arbitrary files on the Jenkins controller filesystem. Pipeline: Groovy...

7.5CVSS5.9AI score0.00301EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 3:33 p.m.7 views

Jenkins Credentials Binding Plugin does not properly sanitize file names for file and zip file credentials

Jenkins Credentials Binding Plugin 720.v3f6decef43ea and earlier does not properly sanitize file names for file and zip file credentials. This allows attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem. If Jenkins is configured to allow a...

7.5CVSS6.2AI score0.00364EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 3:33 p.m.5 views

Taipy contains a path traversal vulnerability

Taipy 4.1.1, fixed in commit 129fd40, contains a path traversal vulnerability in the ElementLibrary.getresource method in taipy/gui/extension/library.py that allows unauthenticated attackers to escape the intended module directory by exploiting an incomplete path containment check using...

8.7CVSS5.8AI score0.00409EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 3:33 p.m.4 views

Gradio contains a cookie injection vulnerability

Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers to perform cross-Space session fixation by exploiting a shared module-level HTTP client used across all users in the reverse proxy endpoint. Attackers controlling any HF Space can return a...

7.6CVSS5.9AI score0.0035EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 3:33 p.m.7 views

Jenkins Email Extension Plugin: Attackers able to control email content may specify `file:` URLs for images to read arbitrary files from Jenkins controller filesystem

Jenkins Email Extension Plugin 1933.v45cec755423f and earlier includes a feature that allows inlining images as base64 in email content by setting the data-inline attribute. No restrictions are placed on the image URLs that can be inlined. This allows attackers able to control the email content t...

8.8CVSS5.9AI score0.00299EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 3:33 p.m.5 views

Keycloak Vulnerable to Improper Validation of Specified Quantity in Input

A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subjecttoken JSON Web Token JWT to the TokenEndpoint. When the token exceeds a 4000-character limit, it is silently dropped, causing the system to fall back to client...

8.8CVSS5.7AI score0.0032EPSS
Exploits0References11Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/27 3:33 p.m.4 views

picoclaw is vulnerable to OS command injection via the ExecTool component

picoclaw =v0.1.2 and earlier is vulnerable to OS command injection via the ExecTool component pkg/tools/shell.go. The guardCommand function attempts to restrict shell command execution using a denylist of 8 regular expressions, but the denylist is incomplete...

7.3CVSS5.9AI score0.01314EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 12:31 p.m.3 views

Keycloak Services has Improper Validation of Consistency within Input

A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers URIs, a remote attacker can manipulate the authentication process by crafting a special web address. If a user clicks...

4.2CVSS5.8AI score0.00213EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 3:30 a.m.7 views

OpenStack Swift: s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

7.1CVSS5.9AI score0.00322EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 3:30 a.m.8 views

GDAL: scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow

In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry...

7.8CVSS6.7AI score0.00102EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 12:38 a.m.16 views

@hapi/wreck leaks sensitive `Proxy-Authorization` header across cross-hostname redirects

Impact When @hapi/wreck follows a 3xx redirect to a different hostname, only the Authorization and Cookie headers are stripped. The standard credential header Proxy-Authorization is forwarded intact to the redirect target, potentially exposing forward-proxy credentials to a host outside the...

4.3CVSS6.8AI score0.00734EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 12:37 a.m.21 views

@hapi/content header parser has a parameter smuggling issue that allows upload-filter bypass via duplicate parameters

Impact The two parsers resolved duplicates inconsistently and silently: - Content.disposition retained the last occurrence of each parameter. - Content.type retained the first occurrence of charset and boundary. Either behavior creates a parameter-smuggling primitive when another component in the...

5.7AI score0.00052EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 12:35 a.m.17 views

Pimcore Admin Classic Bundle Vulnerable to SQL Injection in Translation Grid Date Filter via Unsanitized Property Parameter

GitHub Security Advisory Draft — GM-369 Summary SQL injection in Pimcore's translation grid date filter — the user-supplied property field from the filter JSON is interpolated directly into a UNIXTIMESTAMPDATEFROMUNIXTIME... SQL expression without parameterization or allowlist validation. Severit...

6.9CVSS6.3AI score0.00457EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 12:35 a.m.17 views

Pimcore Vulnerable to SQL Injection in Custom Reports Column Configuration

Summary The columnConfigAction endpoint in the CustomReportsBundle is vulnerable to SQL injection. An attacker with the reportsconfig permission can supply a malicious SQL configuration that is concatenated into a query and executed. Although the application attempts to filter certain DDL/DML...

6.2AI score0.00027EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 12:34 a.m.77 views

tmp has Path Traversal via unsanitized prefix/postfix that enables directory escape

Summary The tmp npm package contains a path traversal vulnerability that allows escaping the intended temporary directory when untrusted data flows into the prefix, postfix, or dir options. By embedding traversal sequences e.g., ../ or path separators in these parameters, attackers can cause file...

8.7CVSS5.7AI score0.00354EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 12:28 a.m.18 views

LiquidJS's `{% render %}` tag silently bypasses per-render `ownPropertyOnly:true` via `Context.spawn()`

Summary Context.spawn in liquidjs creates a child Context for the % render % tag but does not propagate the parent context's resolved ownPropertyOnly value. The new context re-derives ownPropertyOnly from opts.ownPropertyOnly the instance-level option, silently discarding any...

5.3CVSS6AI score0.00271EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 12:11 a.m.21 views

LiquidJS has a renderLimit DoS guard bypass via empty `{% for %}` body

Summary The renderLimit option — documented in docs/source/tutorials/dos.md as the mechanism that "mitigates this by limiting the time consumed by each render call" — can be fully bypassed by a % for % or % tablerow % tag whose body is empty. The per-iteration time check is reached only when the...

6.5CVSS5.8AI score0.00317EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 12:9 a.m.33 views

LiquidJS's strip_html filter bypass via newline characters in HTML tags enables XSS

Summary The striphtml filter in liquidjs is intended to remove HTML tags from a string before rendering, and is widely used as an XSS sanitizer. The implementation uses a regex whose catch-all branch does not match line terminators, so any HTML tag containing a \n or \r character passes through...

6.1CVSS6AI score0.00203EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 12:5 a.m.18 views

Yamcs Vulnerable to Server-Side Code Injection (RCE) via Janino Expression Engine in `JavaExprAlgorithmExecutionFactory`

Summary A Server-Side Code Injection vulnerability exists in the Yamcs algorithm evaluation engine org.yamcs.algorithms.JavaExprAlgorithmExecutionFactory. The application dynamically compiles and evaluates user-controlled algorithm text without enforcing a secure sandbox. An authenticated user wi...

6.1AI score0.00473EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 12:4 a.m.20 views

Yamcs has No Rate Limiting on Authentication Endpoint

Summary The authentication endpoint POST /auth/token in yamcs-core lacks any form of rate limiting, account lockout, or failed attempt throttling. As a result, an unauthenticated remote attacker can perform unlimited password guessing attempts against any user account. This missing rate limiting...

5.8AI score0.00052EPSS
Exploits2References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 12:3 a.m.17 views

Yamcs vulnerable to unauthorized user enumeration via IAM API endpoints

Summary The IAM API endpoints listUsers, getUser, listGroups, and getGroup in yamcs-core do not enforce the required SystemPrivilege.ControlAccess check. As a result, any authenticated user even those with low or no privileges can enumerate all user accounts in the system, including their...

5.8AI score0.00028EPSS
Exploits2References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/27 12:3 a.m.31 views

CarrierWave has a denylisted_content_type bypass via Unescaped Regex Metacharacters

Summary CarrierWave's contenttypedenylist check fails to escape regex metacharacters in string entries, causing the denylist to silently not match the content types it is intended to block. Note: CarrierWave is aware contenttypedenylist is deprecated for the security reason, but it still used by...

6.1CVSS5.9AI score0.00223EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/26 11:57 p.m.24 views

Kata Containers have VM Escape via virtiofsd Argument Injection through Default-Enabled Pod Annotations

Summary Kata Containers ships with a default configuration that allows pod creators to inject arbitrary command-line arguments into the virtiofsd process through the io.katacontainers.config.hypervisor.virtiofsextraargs pod annotation. By injecting -o source=/ along with --no-announce-submounts a...

6AI score0.00057EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/26 11:56 p.m.16 views

Kirby CMS has pre-authentication path traversal and PHP file inclusion during user lookup

TL;DR This vulnerability affects all Kirby sites on Kirby 5.3.0-5.4.0 and is independent from setup conditions and authentication. This vulnerability is of high severity for all Kirby sites. ---- Introduction Path traversal is a type of attack that allows to access arbitrary filesystem paths. By...

6AI score0.00173EPSS
Exploits0References3Affected Software1
Total number of security vulnerabilities33227