Lucene search
K
GithubRecent

33227 matches found

Github Security Blog
Github Security Blog
added 2026/05/19 7:36 p.m.124 views

Caddy: Remote Admin Authorization Bypass on PKI Endpoints via Prefix-Based Path Matching

AI Disclosure I used an LLM to help review the source code, reason about attack surface, and help draft and refine this report. I manually validated the finding by reproducing it locally, confirming the vulnerable code path, and verifying the HTTP behavior with curl -v. Summary Caddy's remote adm...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 7:35 p.m.12 views

Caddy CVE-2026-30852 Fix Bypass

TL;DR CVE-2026-30852 fixed double expansion in varsregexp when the variable key is a placeholder e.g. http.vars.x. The fix does NOT protect literal key names e.g. tenantid. An attacker injects env.AWSSECRETACCESSKEY or file./etc/passwd via a request header → Caddy expands it on the second pass →...

7.5CVSS7.4AI score0.00401EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 7:30 p.m.26 views

Kong Ingress Controller for Kubernetes (KIC): Cross-namespace TLS Secret Exfiltration in Gateways with GatewayClass missing `konghq.com/gatewayclass-unmanaged: 'true'` annotation

Summary A vulnerability in the Kong Ingress Controller KIC allows for the unauthorized exfiltration of TLS certificates and private keys across Kubernetes namespace boundaries. In "managed" mode where the GatewayClass lacks an unmanaged annotation, the Gateway TLS translator skips critical status...

5.9AI score
Exploits0References5Affected Software3
Github Security Blog
Github Security Blog
added 2026/05/19 7:28 p.m.20 views

Kong Ingress Controller for Kubernetes (KIC): Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint

Summary A vulnerability in the Kong Ingress Controller KIC allows for the unauthorized exposure of sensitive plugin credentials through the diagnostics interface. Even when configured to redact sensitive information using --dump-sensitive-config=false, KIC fails to sanitize the Plugins field in...

5.8AI score
Exploits0References2Affected Software3
Github Security Blog
Github Security Blog
added 2026/05/19 7:25 p.m.14 views

Bandit: Unauthenticated DoS via chunked request trailers in Bandit HTTP/1 decoder

Summary A worker-pinning denial of service in Bandit's HTTP/1 chunked transfer decoder. Any unauthenticated client that sends a Transfer-Encoding: chunked request whose body ends with a trailer field RFC 9112 §7.1.2 explicitly permits this causes the connection's worker process to spin forever in...

8.7CVSS5.9AI score0.00637EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 7:23 p.m.18 views

Bandit: Unauthenticated one-shot DoS via `Transfer-Encoding: chunked`

Summary Bandit's HTTP/1 chunked-body reader silently drops the request size cap that the application configures e.g. Plug.Parsers' default 8 MB length: and buffers the entire body in memory before the application sees it. An unauthenticated attacker can crash any Bandit-fronted Phoenix/Plug app...

8.7CVSS5.8AI score0.00642EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 7:22 p.m.13 views

9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes

Summary 9router exposes two unauthenticated API endpoints that, when chained together, allow any network-adjacent attacker to execute arbitrary OS commands as the user running the 9router process — with zero prerequisites and no credentials required. The vulnerability exists because the Next.js...

6.1AI score0.00147EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 7:18 p.m.12 views

Kopia: RCE via SSH ProxyCommand Injection

Summary Kopia's HTTP server, when started with --without-password , accepts unauthenticated requests to /api/v1/repo/exists. The handler forwards an attacker-supplied storage configuration to blob.NewStorage. For SFTP backends with externalSSH: true, that path constructs a process command line by...

6.2AI score0.00109EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 6:32 p.m.3 views

Jaspersoft Reports: Java Deserialization Vulnerability Lleads to Remote Code Execution (RCE)

Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution RCE, potentially allowing code execution on the affected system...

8.7CVSS6.4AI score0.00476EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 6:32 p.m.12 views

APScheduler's JSONSerializer and CBORSerializer are vulnerable to Remote Code Execution (RCE) via Insecure Deserialization

The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...

9.8CVSS6AI score0.0081EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 6:32 p.m.10 views

BillaBear is Vulnerable to SQL Injection in the EventRepository

BillaBear all versions prior to Jan 2026 contains a SQL Injection vulnerability in the EventRepository. User-controlled input from metric filter names and aggregation properties is directly interpolated into SQL queries using sprintf without proper sanitization or identifier quoting. Although...

8.8CVSS6.1AI score0.00365EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 4:34 p.m.13 views

Apify Model Context Protocol (MCP) server: Domain Allowlist Bypass in fetch-apify-docs via String Prefix Matching

Summary The fetch-apify-docs tool validates URLs against a domain allowlist using String.startsWith instead of proper URL hostname comparison. This allows bypass via attacker-controlled subdomains e.g., https://docs.apify.com.evil.com/, enabling the tool to fetch and return arbitrary web content ...

5.9AI score0.00045EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 4:31 p.m.14 views

Budibase: Unrestricted Upload of File with Dangerous Type

Summary The file upload endpoint POST /api/attachments/process does not enforce active-content restrictions for authenticated users. The checks for dangerous file extensions html, svg, js, php, etc. are conditionally wrapped inside if isPublicUser or if isPublicUser || !env.SELFHOSTED, meaning an...

7.6CVSS5.8AI score0.00175EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 4:30 p.m.17 views

Budibase: Missing Cache Invalidation on Public API Role Unassignment Allows Revoked Users to Retain Privileges for Up to 1 Hour

Summary The public API role unassignment endpoint POST /api/public/v1/roles/unassign updates user documents in CouchDB but does not invalidate the corresponding Redis user cache entries. Because the authentication middleware resolves user identity and permissions from this cache TTL: 3600 seconds...

4.2CVSS5.8AI score0.00163EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 4:25 p.m.13 views

AVideo: Unauthenticated Arbitrary Image Read via Path Traversal in `view/img/image404Raw.php`

Summary The endpoint requires no authentication. An unauthenticated remote attacker can read arbitrary image files anywhere on disk that the PHP user can open — including private user-profile photos that the application's normal serving wrappers gate behind ACLs, admin-uploaded thumbnails,...

6.9CVSS6AI score0.00455EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 4:21 p.m.18 views

protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion

Summary protobufjs could recurse without a depth limit while expanding nested JSON descriptors through Root.fromJSON and Namespace.addJSON. A crafted JSON descriptor with deeply nested namespace definitions could cause the JavaScript call stack to be exhausted during descriptor loading. Impact An...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 4:18 p.m.49 views

libcrux-ml-dsa: Signature Verification on AVX2 Platforms Mishandles Edge Case

The AVX2 implementation of ML-DSA verification incorrectly implemented the usehint function, mishandling an edge case that should lead to signature rejection. Impact An attacker could make the ML-DSA verifier accept a crafted invalid signature under a maliciously generated verification key, if th...

5.8AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 4:18 p.m.14 views

libcrux: Potential Panic on Overlong Ciphertext Buffer

An application that passes in a ciphertext buffer of length greater than ptxt.len + TAGLEN to libcruxchacha20poly1305::encrypt or libcruxchacha20poly1305::xchacha20poly1305::encrypt would experience a panic. Impact An application where the length of the ciphertext buffer is under attacker control...

5.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 4:18 p.m.35 views

Envoy AI Proxy - MCP Message Smuggling Vulnerability

Envoy AI Gateway was found to be affected by a protocol parser differential vulnerability due to improper implementation of the JSON-RPC 2.0 specification. Such differential causes a MCP message alteration, potentially causing a bypass of security controls in a multi-layered architecture. Accordi...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 4:17 p.m.18 views

Github Actions issued GITHUB_TOKEN disclosure in GitHub Actions logs

Summary Composer leaks the full contents of tokens configured as GitHub OAuth tokens if they do not match Composer's expected format for such tokens to stderr. GitHub has introduced a new format for GitHub Actions GITHUBTOKEN values. These tokens are validated in the same way by Composer on GitHu...

5.7AI score0.00079EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 4:17 p.m.73 views

n8n: Credential exfiltration via Allowed HTTP Request Domains Bypass

Impact The POST /rest/dynamic-node-parameters/options endpoint allowed any authenticated user to cause the n8n server to issue HTTP requests including credentials bypassing the intended restrictions on which hosts could be contacted for that credential Allowed HTTP Request Domains. The user neede...

9.9CVSS5.8AI score0.00262EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 3:55 p.m.12 views

n8n: Legacy ExecuteWorkflow Node Bypassed File Path Restrictions

Impact The ExecuteWorkflow node's localFile source option read workflow files from disk without applying checks enforced by other file-reading nodes. An authenticated user with permission to create or modify workflows could supply an arbitrary file path via the REST API, bypassing the...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 3:55 p.m.16 views

Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs

Summary Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a sensitive header, such as Authorization: Bearer , the value could become visible in browser history, copied links, and server/proxy/CDN access logs...

4.3CVSS6.1AI score0.00218EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 3:54 p.m.14 views

Argo CD: Stored XSS in application link annotations enables developer-to-admin privilege escalation

Summary A user with application write access developer role can set link.argocd.argoproj.io/ annotations on any ArgoCD Application. These annotation values are rendered in the Summary tab's URLs section as elements without URL validation. Using the pipe-separator trick Display Text |...

6AI score0.00037EPSS
Exploits0References2Affected Software3
Github Security Blog
Github Security Blog
added 2026/05/19 3:54 p.m.19 views

Argo CD: Kubernetes Secret Extraction via ArgoCD ServerSideDiff via sensitive annotations

Summary The original fix for GHSA-3v3m-wc6v-x4x3 is incomplete. argocd app diff --server-side-diff can still expose Kubernetes Secret values embedded in the kubectl.kubernetes.io/last-applied-configuration annotation. The prior fix masks top-level Secret data in ServerSideDiff responses, but it...

5.8AI score0.00034EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 3:54 p.m.11 views

Mailpit: Unauthenticated remote memory-exhaustion DoS via unlimited SMTP DATA and /api/v1/send body sizes

Summary The Mailpit SMTP server has a Server.MaxSize int field that controls the maximum allowed DATA payload size, but the field is never assigned anywhere outside test code, leaving it at Go's zero value 0 ⇒ "no limit". The same applies to the HTTP /api/v1/send endpoint, whose request body is...

5.8AI score0.00099EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 3:53 p.m.11 views

Mailpit: Concurrent map read & write in proxy CSS rewriter - remote unauth crash (fatal error: concurrent map read and map write)

Summary The screenshot/print proxy /proxy?data=… maintains a package-level assets mapstringMessageAssets cache, but reads the map without holding assetsMutex while a long-running cleanup goroutine and re-entrant CSS-rewriting code path concurrently write to it under the lock. When the...

5.9AI score0.00091EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 3:53 p.m.17 views

Mailpit: Path traversal & arbitrary file write in mailpit dump --http via attacker-controlled message IDs

Summary The mailpit dump --http sub-command downloads every message from a remote Mailpit instance and writes each one as .eml inside the user-supplied output directory. The message ID field is taken verbatim from the JSON response of the remote server and concatenated into the output path with...

6.3AI score0.00032EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 3:52 p.m.13 views

Mailpit has an incomplete fix for GHSA-6jxm: HTML check still permits SSRF to private/loopback/IMDS via missing IP-filter dialer

Summary The fix for GHSA-6jxm-fv7w-rw5j CVE-2026-23845, "Server-Side Request Forgery SSRF via HTML Check API", shipped in mailpit v1.28.3, hardened internal/htmlcheck/css.go::downloadCSSToBytes with a 5MB size cap, a text/css content-type check, login-info stripping in isValidURL, and an opt-in...

7.5CVSS7.3AI score0.00396EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 3:51 p.m.20 views

Caddy: Remote Admin Authorization Bypass in `/config` API via Array Index Normalization

This report is not about a normal textual prefix-expansion case. The issue here is that the authorization layer and the /config traversal layer do not agree on what object the path refers to. In this case, a path authorized for one config object is accepted, but then resolves to a different confi...

5.4CVSS5.7AI score0.00144EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 3:51 p.m.14 views

Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99)

Summary This is an incomplete fix for GHSA-4gf7-ff8x-hq99. Source code may be stolen during dev when using the webpack / rspack builder if the dev server is bound to a non-loopback address e.g. nuxt dev --host and the developer opens a malicious site on the same network. Details The fix for...

5.9CVSS5.8AI score0.00208EPSS
Exploits1References5Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/19 3:49 p.m.73 views

Nuxt: Reflected XSS in `navigateTo()` external redirect

Summary navigateTo with external: true generates a server-side HTML redirect body containing a tag. The destination URL is only sanitized by replacing " with %22, leaving , &, and ' unencoded. An attacker who can influence the URL passed to navigateTourl, external: true can break out of the...

5.4CVSS5.4AI score0.00164EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 3:47 p.m.20 views

ORAS Java: Path traversal in pullArtifact via attacker-controlled org.opencontainers.image.title annotation

Summary The pullArtifact methods in Registry and OCILayout use the org.opencontainers.image.title annotation from a pulled manifest as a filename, resolving it against the caller supplied output directory without normalization or a containment check. A manifest publisher can set this annotation t...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 3:47 p.m.9 views

auth-fetch-mcp: SSRF and disk exfiltration via unvalidated auth_fetch and download_media URLs

SSRF + disk-exfil in downloadmedia and authfetch tools — ymw0407/auth-fetch-mcp Severity The downloadmedia and authfetch MCP tools accept arbitrary URLs and reach them as the MCP server process, with downloadmedia additionally persisting the fetched response body to a user-controlled output...

6AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 3:40 p.m.16 views

Malicious code in guardrails-ai 0.10.1 (supply chain compromise)

Impact On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of guardrails-ai 0.10.1 to PyPI. Affected: any user who installed guardrails-ai==0.10.1 from PyPI on May 11, 2026. Security researchers identified the malicious package within approximately 2 hours ...

9.6CVSS5.8AI score0.00276EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 3:40 p.m.19 views

fabric-chaincode-java: TLS Private Key Password Disclosed in INFO Startup Logs in Chaincode-as-a-Service Mode

When chaincode is deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server INFO level logging includes the TLS private key password in plaintext. An attacker with access to the chaincode server logs could recover the TLS private key password. If the attacker can also obtain...

5.5CVSS5.8AI score0.00106EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 3:39 p.m.12 views

MCP Registry: OCI validator skips ownership check on upstream rate limits

OCI ownership validation fails open on upstream rate limits, allowing attacker to claim arbitrary public OCI images under their own namespace Severity: Low re-scored post-triage; see Maintainer triage note below Affected: modelcontextprotocol/registry main branch at commit fe0cb3b current HEAD as...

3.5CVSS6AI score0.00206EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 3:38 p.m.11 views

zrok copy writes attacker-controlled WebDAV paths outside the destination root

Summary Alice runs zrok2 copy from a WebDAV or zrok drive controlled by Bob into a local filesystem target. Bob returns a DAV href such as /../outside.txt. The sync pipeline stores that path in the source inventory and passes it to FilesystemTarget.WriteStream, which joins it with the target root...

5.8AI score0.00061EPSS
Exploits0References2Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/19 3:38 p.m.15 views

go-git: Crafted repositories may modify main and submodule .git directories

Impact A path validation issue in go-git could allow crafted repository data to affect files outside the intended checkout target, including the repository's .git directory. These validations were introduced in upstream Git years ago, so the vulnerability arose from go-git drifting from those...

5.4CVSS5.8AI score0.00297EPSS
Exploits0References3Affected Software3
Github Security Blog
Github Security Blog
added 2026/05/19 3:31 p.m.11 views

GlassFish's Administration Console is Vulnerable to RCE

An authenticated Remote Code Execution RCE vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application service user...

9.1CVSS6.1AI score0.00819EPSS
Exploits1References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/19 3:31 p.m.10 views

GlassFish's gadget handler is vulnerable to RCE

A critical Remote Code Execution RCE vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The application processes .xml files and evaluates user-supplied values within a context where Expression Language EL “expressions” are processed...

9.6CVSS6AI score0.00628EPSS
Exploits2References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/19 3:31 p.m.12 views

ModelScope is vulnerable to arbitrary code injection via a crafted module

An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file deymini.yaml under the key 'nnet''module'...

8.1CVSS6.2AI score0.00529EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 3:31 p.m.14 views

gohttp is vulnerable to directory traversal via a crafted request

An issue in gohttp commit 34ea51 allows attackers to execute a directory traversal via supplying a crafted request...

7.3CVSS7.4AI score0.00523EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 3:31 p.m.10 views

Camel-CXF and Camel-Knative Message Header are Vulnerable to Injection via Missing Inbound Filtering

Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering The CXF and Knative HeaderFilterStrategy implementations CxfRsHeaderFilterStrategy in camel-cxf-rest, CxfHeaderFilterStrategy in camel-cxf-transport, and KnativeHttpHeaderFilterStrategy in camel-knative-http only...

9.8CVSS6.5AI score0.01425EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 3:21 p.m.24 views

go-git: Improper single-quote escaping in go-git SSH transport

Impact go-git's SSH transport constructs the remote exec command by wrapping the repository path in single quotes without escaping single quotes embedded inside the path. This diverges from canonical Git, which shell-quotes the path through sqquotebuf so that an embedded ' becomes the '''...

9.6CVSS5.9AI score0.00365EPSS
Exploits0References3Affected Software3
Github Security Blog
Github Security Blog
added 2026/05/19 3:16 p.m.10 views

rok Python ProxyShare can be used as an SSRF proxy through absolute URL paths

Summary Alice exposes a Python SDK ProxyShare with a fixed target URL. Bob sends a request to the share with an absolute URL in the path. The Flask handler passes that path to urllib.parse.urljoin, which replaces Alice's configured target host with Bob's host and returns the server-side response ...

5.8AI score0.00061EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 2:47 p.m.15 views

HAXcms: Mass Token Exfiltration and Cross-Tenant Hijack

Summary An attack chain utilizing Stored XSS alongside dynamic token exposure in the /system/api/connectionSettings endpoint allows an authenticated attacker to perform a complete cross-tenant account takeover. The API dynamically leaks the active session's authentication tokens including the jwt...

8.7CVSS5.9AI score0.00275EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 2:46 p.m.15 views

Stored XSS via <iframe> in HAX CMS allows access to sensitive client-side data and account takeover

Summary A stored cross-site scripting XSS vulnerability exists in HAX CMS due to improper sanitization of elements. The application allows javascript: URIs in the src attribute, which are executed when a malicious page is viewed. This enables attackers to execute arbitrary JavaScript in the conte...

9.3CVSS5.9AI score0.0023EPSS
Exploits0References3Affected Software3
Github Security Blog
Github Security Blog
added 2026/05/19 2:44 p.m.14 views

HAXcms: Private Key Disclosure via Broken HMAC Implementation

Summary The hmacBase64 function in the HAXcms Node.js backend contains two critical cryptographic implementation errors that together allow any unauthenticated attacker to extract the system’s private signing key and forge arbitrary admin-level JSON Web Tokens JWTs allowing them to get full admin...

9.3CVSS6.1AI score0.00295EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 2:44 p.m.20 views

HAX open-apis: Credential Theft via Server-Side Request Forgery (SSRF) in open-apis

Summary Multiple functions conduct substring-only matching to validate hostnames to which basic authorization should be sent. An attacker can append the matched substrings to an attacker-controlled endpoint and capture authentication. Details api/services/website/cacheAddress.js,...

8.7CVSS5.8AI score0.00457EPSS
Exploits0References3Affected Software1
Total number of security vulnerabilities33227