Lucene search
K
GithubRecent

33227 matches found

Github Security Blog
Github Security Blog
added 2026/05/26 1:30 p.m.4 views

Concrete CMS is vulnerable to CSRF via Backend\File::approveVersion

Concrete CMS 9.5.0 and below is vulnerable to CSRF via Backend\File::approveVersion. Victim with editfilecontents permission is CSRF'd into publishing an attacker-chosen previously-uploaded version downgrade to an older version of a file, or activation of a co-editor's unpublished version. Thanks...

4.3CVSS5.8AI score0.00103EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/26 1:30 p.m.5 views

Concrete CMS is vulnerable to Stored XSS via page name in the Atomik theme

Concrete CMS version 9.0 to 9.5.0 is vulnerable to Stored XSS via page name in the Atomik theme. A rogue editor can inject arbitrary JavaScript that executes in the context of any authenticated user visiting the affected account pages. This can lead to session hijacking, credential theft, malicio...

4.8CVSS5.9AI score0.00149EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/26 1:30 p.m.6 views

Concrete CMS is vulnerable to IDOR + wrong-authorization-level in the Express association Reorder dialog

Concrete CMS 9.5.0 and below is vulnerable to IDOR + wrong-authorization-level in the Express association Reorder dialog. This can cause Cross-entity state tampering with view-only permission on one entry. To be affected, a website has to be using express and relying on express entity...

4.3CVSS5.8AI score0.00175EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/26 1:30 p.m.9 views

Go Net HTML parser is vulnerable to denial of service

In Go Net golang.org/x/net before verion 0.55.0, parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service...

6.5CVSS5.9AI score0.00248EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/26 1:30 p.m.5 views

Apache CXF has an LDAP injection vulnerability

An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue...

9.8CVSS5.8AI score0.00722EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/26 1:30 p.m.15 views

Mattermost doesn't properly validate msgpack-encoded WebSocket frames before memory allocation

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to properly validate msgpack-encoded WebSocket frames before memory allocation which allows an unauthenticated remote attacker to crash the server process and cause a full service outage for all users v...

7.5CVSS5.8AI score0.00327EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/26 1:30 p.m.5 views

Mattermost doesn't validate file ownership and access control

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate file ownership and access control, which allows an authenticated user to access and download files belonging to other users or teams via crafted Boards API requests using valid file IDs...

7.1CVSS5.8AI score0.00149EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/26 1:30 p.m.4 views

Apache CXF: Untrusted JMS configuration can lead to RCE

The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions 4.2.1...

9.8CVSS7.5AI score0.00793EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/26 1:30 p.m.5 views

Mattermost doesn't sanitize team member data when returned via API to users without elevated permissions

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to sanitize team member data when returned via API to users without elevated permissions which allows a user without permissions to get data about team members roles via invoking various team API...

4.3CVSS5.8AI score0.00184EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/26 1:30 p.m.5 views

Mattermost doesn't enforce request body size limits on plugin HTTP endpoints

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a denial of service via crafted oversized HTTP requests.. Mattermost Advisory ID: MMSA-2026-00646...

7.5CVSS5.8AI score0.00254EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/26 1:30 p.m.4 views

Apache CXF's WS-Transfer module has an insecure XML parser configuration

Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue...

5.3CVSS5.7AI score0.00338EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/26 1:30 p.m.6 views

Mattermost doesn't validate user-supplied input in API request handlers

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate user-supplied input in API request handlers which allows an authenticated attacker to crash the plugin process via a crafted HTTP request to the PR details endpoint. Mattermost Advisory ID:...

4.3CVSS5.8AI score0.0025EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/26 1:30 p.m.6 views

Mattermost doesn't archive the channel before removing persistent notifications

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to archive the channel before removing persistent notifications which allows authenticated user to crash the server via timing the creation of persistent notification message between the server deleting...

6.5CVSS5.8AI score0.00172EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/26 1:30 p.m.4 views

Mattermost doesn't validate the TIFF IFD offset in the image header before allocating memory

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.2, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate the TIFF IFD offset in the image header before allocating memory, which allows authenticated users with file upload or posting permissions to cause a denial of service serve...

6.5CVSS5.8AI score0.00245EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/23 12:18 a.m.23 views

Nezha Monitoring: Nezha WebSocket server stream discloses cross-tenant server telemetry to authenticated members

Summary Any authenticated non-admin member can connect to the server-status WebSocket and receive telemetry for all servers, including servers owned by other users. The normal server list API filters objects by HasPermission, but the WebSocket stream treats the presence of any authenticated user ...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/23 12:17 a.m.15 views

Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron

Summary nezha's dashboard supports two user roles: RoleAdmin Role==0 and RoleMember Role==1. The cron routes POST /api/v1/cron and PATCH /api/v1/cron/:id are wired through commonHandler any authenticated user rather than adminHandler, and the per-server permission check on cron creation has a...

9.9CVSS6AI score0.00339EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/23 12:16 a.m.22 views

Arcane: Missing admin authorization on global variables endpoint

Summary The PUT /api/environments/id/templates/variables endpoint, which writes the system-wide .env.global file used for variable substitution in every project's compose file, is missing an admin authorization check. Any authenticated non-admin user can call this endpoint with their bearer token...

8.8CVSS6AI score0.00245EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/23 12:12 a.m.16 views

instagrapi: Unsafe signup challenge path handling in instagrapi

instagrapi versions before 2.6.9 accepted server-supplied signup challenge paths and used them to build request URLs before validating that the paths were relative Instagram API paths. A malicious or tampered challenge payload could cause challenge handling requests to be sent outside the intende...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/23 12:11 a.m.16 views

aiograpi: Unsafe signup challenge path handling

aiograpi versions before 0.9.10 accepted server-supplied signup challenge paths and used them to build request URLs before validating that the paths were relative Instagram API paths. A malicious or tampered challenge payload could cause challenge handling requests to be sent outside the intended...

6.5CVSS5.8AI score0.00195EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/23 12:11 a.m.30 views

Parse Server: Pre-authentication denial of service via client version header regex backtracking

Impact An unauthenticated attacker who knows a publicly-known Parse Application ID can submit a single HTTP request whose client SDK version field contains adversarial input that triggers polynomial backtracking in a request-header parser. The parsing runs before session authentication and before...

8.7CVSS5.9AI score0.00584EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/23 12:8 a.m.20 views

Nezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check)

Summary createAlertRule and createService and their update siblings accept FailTriggerTasks uint64 and RecoverTriggerTasks uint64 — IDs of cron tasks to fire when the alert/service trips. The validation function only validates the alert's Rules.Ignore server map; it never checks that the cron tas...

7.1CVSS5.9AI score0.00261EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/23 12:8 a.m.20 views

Nezha Monitoring: RoleMember-reachable SSRF with full response-body reflection via POST /api/v1/notification

Summary nezha's dashboard supports two user roles: RoleAdmin Role==0 and RoleMember Role==1. The notification routes POST /api/v1/notification and PATCH /api/v1/notification/:id are wired through commonHandler rather than adminHandler — so a RoleMember user can call them. These handlers...

7.7CVSS5.8AI score0.0027EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/22 5:48 p.m.18 views

Flask-Security-Too OAuth reauthentication freshness bypass via cross- user OAuth identity acceptance

Summary Flask-Security-Too 5.8.0's OAuth reauthentication flow can mark a session as fresh after verifying an OAuth account that belongs to a different user. If an attacker can operate an already-authenticated but stale victim session, they can complete OAuth verification using their own OAuth...

5.8AI score0.00035EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/22 5:27 p.m.15 views

aiosend: Deserialization of request body before signature verification (Pre-auth DoS) in webhook handler

Vulnerability Description In aiosend/webhook/base.py, the WebhookHandler.feedupdate method performs full deserialization of the incoming JSON via Pydantic before verifying the HMAC signature. Anyone can send a request with an arbitrary body — the server will parse it, spend CPU and memory, and on...

6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/22 5:27 p.m.55 views

qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set

Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is synchronous and not handled by any of qs's null-related options skipNulls, strictNullHandling. Details In the comma + encodeValuesOnly...

6.3CVSS5.9AI score0.00351EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/22 5:26 p.m.21 views

FileBrowser Quantum: Path traversal in public share PATCH allows file ops outside shared directory

Summary publicPatchHandler in backend/http/public.go joins user-controlled fromPath and toPath body fields with the trusted d.share.Path BEFORE the downstream sanitizer runs. Because filepath.Join collapses .. segments during the join, the sanitizer in resourcePatchHandler never sees the traversa...

9.3CVSS5.9AI score0.00523EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/22 3:39 p.m.13 views

YesWiki: Unauthenticated SQL Injection

Summary An unauthenticated SQL injection in the Bazar form-import path FormManager::create allows any unauthenticated visitor of a default YesWiki install to inject arbitrary SQL into an INSERT statement and read the full database, including yeswikiusers.password hashes. Present in 4.6.1 / 4.6.2 ...

6AI score0.0004EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/22 1:14 p.m.18 views

ImageMagick: Heap Buffer Over-Read in distributed pixel cache server

An attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-read in the server process...

5.7CVSS5.9AI score0.00093EPSS
Exploits0References2Affected Software17
Github Security Blog
Github Security Blog
added 2026/05/22 1:14 p.m.20 views

ImageMagick: Information Disclosure in distributed pixel cache server because it is not using a challenge–response authentication model

The distributed pixel cache was originally designed to operate without a challenge–response authentication model. However, given today’s heightened security expectations, we have changed our implementation...

4.1CVSS5.8AI score0.00109EPSS
Exploits0References3Affected Software17
Github Security Blog
Github Security Blog
added 2026/05/22 1:11 p.m.19 views

ImageMagick: Race Condition in distributed pixel cache server can result in file descriptor hijacking

An attacker who can connect to a magick -distribute-cache service can hijack a file descriptor in the server process when a race condition is met...

4.1CVSS5.8AI score0.00077EPSS
Exploits0References3Affected Software17
Github Security Blog
Github Security Blog
added 2026/05/22 1:10 p.m.19 views

ImageMagick: Heap Buffer Over-Write in distributed pixel cache server

An attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-write in the server process...

4.1CVSS5.9AI score0.00092EPSS
Exploits0References2Affected Software17
Github Security Blog
Github Security Blog
added 2026/05/22 12:31 a.m.4 views

Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file approveVersion()

Concrete CMS 9 through 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file approveVersion...

6.5CVSS5.8AI score0.00115EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/22 12:31 a.m.5 views

Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/design

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/page/bulk/design...

8.8CVSS5.8AI score0.0013EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/22 12:31 a.m.6 views

Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescanMultiple()

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file rescanMultiple...

8.8CVSS5.8AI score0.0013EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/22 12:31 a.m.7 views

Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/delete

Concrete CMS 9 through 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/logs/delete...

8.8CVSS5.8AI score0.00142EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/22 12:31 a.m.4 views

Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/cache

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/page/bulk/cache...

8.8CVSS5.8AI score0.0013EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/22 12:31 a.m.5 views

Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/express/association/reorder

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/express/association/reorder...

8.8CVSS5.8AI score0.0013EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/22 12:31 a.m.5 views

Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/delete

Concrete CMS 9 through 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/page/bulk/delete...

8.8CVSS5.8AI score0.0013EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/22 12:31 a.m.6 views

Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescan()

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file rescan...

8.8CVSS5.8AI score0.0013EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/22 12:31 a.m.4 views

Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file star()

Concrete CMS 9 through 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file star...

8.8CVSS5.8AI score0.0013EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/22 12:31 a.m.4 views

Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file removeFavoriteFolder($id)

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file removeFavoriteFolder$id...

8.8CVSS5.8AI score0.0013EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/22 12:31 a.m.5 views

Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file addFavoriteFolder($id)

Concrete CMS 9 through 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file addFavoriteFolder$id...

8.8CVSS5.8AI score0.0013EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/22 12:31 a.m.5 views

Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/bulk/delete

Concrete CMS 9 through 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/logs/bulk/delete...

8.8CVSS5.8AI score0.00142EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/22 12:31 a.m.5 views

Concrete CMS is vulnerable to IDOR in surveys

Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would have to be configured in such a way that both public and private surveys are present on the site. An unauthenticated attacker can vote in the restricted survey by submitting the restricted optionID throu...

6.3CVSS5.8AI score0.00194EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/22 12:31 a.m.5 views

Concrete CMS is Vulnerable to Reflected XSS in Legacy Pagination

Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injection. Concrete\Core\Legacy\Pagination builds pagination links by raw-interpolating its $URL field into href="" . Any authenticated admin or report viewer with access to...

6CVSS5.8AI score0.00139EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/22 12:31 a.m.4 views

Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/event/duplicate

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/event/duplicate...

8.8CVSS5.8AI score0.0013EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/22 12:31 a.m.4 views

Concrete CMS is vulnerable to IDOR

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/getrating' endpoint confirms existence and returns rating score for any message by ID...

6.3CVSS5.8AI score0.00195EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/22 12:31 a.m.4 views

Concrete CMS is vulnerable to IDOR

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/messagepage' endpoint returns the full content of any conversation message. An unauthenticated attacker can enumerate all conversation messages, including messages from restricted pages, member-only areas, and th...

6.3CVSS5.9AI score0.00201EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/22 12:31 a.m.6 views

Concrete CMS: OAuth 2.0 Authorization-Code Handler Bypasses Account Status

For Concrete CMS 9.5.0 and below, OAuth 2.0 Authorization-Code Handler Bypasses Account Status. A user with uIsActive=0 suspended, banned, terminated employee can still authenticate via OAuth and receive valid API tokens...

6.4CVSS5.8AI score0.00172EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/22 12:31 a.m.5 views

Concrete CMS is vulnerable to Stored XSS via external-link page cvName

Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via external-link page cvName because updateCollectionAliasExternal bypasses being sanitized...

5.4CVSS5.8AI score0.0015EPSS
Exploits0References3Affected Software1
Total number of security vulnerabilities33227