Lucene search
K
GithubRecent

33268 matches found

Github Security Blog
Github Security Blog
added 2026/05/14 1:17 p.m.16 views

Fleet server may terminate unexpectedly when handling certain gRPC requests

Summary Fleet contained a denial-of-service DoS issue in the gRPC Launcher PublishLogs endpoint. In affected versions, certain unexpected input values were not handled gracefully, which could cause the Fleet server process to terminate while processing an authenticated request from an enrolled...

8.7CVSS5.9AI score0.00372EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 1:13 p.m.21 views

Fleet Windows MDM Azure AD JWT Authentication Bypass

Summary A vulnerability in Fleet's Windows MDM enrollment flow allows authentication tokens from any Azure AD tenant to be accepted. Because Fleet validates JWT signatures using Microsoft's multi-tenant JWKS endpoint but does not enforce the aud audience or iss issuer claims, any Microsoft-signed...

8.2CVSS5.8AI score0.00381EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 1:13 p.m.13 views

Fleet has a rate limiting bypass via untrusted client IP headers

Impact Fleet trusted client-supplied IP address headers when determining the source IP for incoming requests. This allowed authenticated and unauthenticated clients to spoof their apparent IP address and bypass per-IP rate limiting controls. Fleet determines a client’s public IP address using HTT...

6.9CVSS6.6AI score0.0043EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 1:13 p.m.17 views

Fleet has a Windows MDM management endpoint authentication bypass

Summary A vulnerability in Fleet’s Windows MDM management endpoint could allow requests to be processed without proper client certificate validation. In certain circumstances, this could allow an attacker to impersonate an enrolled Windows device and retrieve sensitive configuration data. Impact...

8.2CVSS5.8AI score0.00214EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 1:12 p.m.13 views

Strapi Upload Plugin MIME Validation Bypass via Content API

Summary of CVE-2026-22707 Vulnerability Details - CVE: CVE-2026-22707 - CVSS v3.1 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N 5.3 — Medium - Affected Versions: @strapi/upload =5.33.3 Description of CVE-2026-22707 In Strapi versions prior to 5.33.3, the Upload plugin's...

5.4CVSS5.8AI score0.00195EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 1:9 p.m.11 views

Amazon Redshift Vulnerable to Remote Code Execution via Unsafe Class Loading

Summary Amazon Redshift JDBC Driver is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces APIs. An issue exists in versions prior to 2.2.2 where the driver could load arbitrary classes when processing certain connection URL parameters...

9.2CVSS6.4AI score0.00573EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 1:8 p.m.13 views

Absinthe: Quadratic fragment-name uniqueness check

Summary An unauthenticated attacker can stall an Absinthe-backed GraphQL endpoint by submitting a query that contains many fragment definitions. The fragment-name uniqueness validation phase is ON² in the number of fragments, so a single modestly-sized request burns seconds of CPU per worker, and...

8.7CVSS5.8AI score0.00624EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 1:8 p.m.11 views

Absinthe: Unbounded atom creation from parsed directive name

Summary When Absinthe parses a GraphQL SDL document, every directive @ definition is converted into a freshly created atom without any allow-list or length cap. Because atoms are never garbage-collected and the BEAM has a hard 1,048,576 atom-table limit, any application that feeds...

8.2CVSS6AI score0.00613EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 12:30 p.m.20 views

Apache Commons Configuration: StackOverflowError for YAML input with cycles

Uncontrolled Recursion vulnerability in Apache Commons. When processing an untrusted configuration file, Commons Configuration will throw a StackOverflowError for YAML input with cycles. This issue affects Apache Commons: from 2.2 before 2.15.0. Users are recommended to upgrade to version 2.15.0,...

5.3CVSS5.8AI score0.00487EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 3:32 a.m.14 views

OpenStack Ironic: Pre-Validation Checksum Calculation allows Denial of Service (DoS) via Infinite Block Devices

In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL...

6.5CVSS5.8AI score0.00466EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/13 9:32 p.m.14 views

cowlib: Decompression Bomb in cow_spdy:inflate/2 Allows Memory Exhaustion via Crafted SPDY Frame

Improper Handling of Highly Compressed Data Data Amplification vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory exhaustion. cowspdy:inflate/2 in cowlib passes peer-supplied compressed bytes directly to zlib:inflate/2 with no output size bound. The SPDY...

8.2CVSS5.8AI score0.00511EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/13 9:32 p.m.7 views

Grafana: SQL Expressions Read File From Disk

A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable...

6.5CVSS5.7AI score0.00262EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/13 9:32 p.m.7 views

Grafana: Users can generate Service Account tokens after permissions removal

When a user's access to mint tokens for a service account is revoked, it is sometimes still possible to do so for a few seconds after the event. The user will eventually lose access to do this...

8.1CVSS5.2AI score0.00245EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/13 9:32 p.m.11 views

Cowboy: Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy

Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing. cowboyreq:readpart/3 in src/cowboyreq.erl accumulates incoming request bytes into a Buffer binary with no upper-bound chec...

8.2CVSS5.8AI score0.00382EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/13 8:2 p.m.10 views

Strapi: Password Reset Does Not Revoke Existing Refresh Sessions

Summary of CVE-2026-22706 Vulnerability Details - CVE: CVE-2026-22706 - CVSS v3.1 Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N 2.1 — Low - Affected Versions: @strapi/admin and @strapi/plugin-users-permissions =5.33.3 Description of CVE-2026-22706 In Strapi versions prio...

6.5CVSS5.8AI score0.00272EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/13 8:2 p.m.21 views

Strapi Vulnerable to SQL Injection in Content Type Builder

Summary of CVE-2026-22599 Vulnerability Details - CVE: CVE-2026-22599 - CVSS v3.1 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N 9.3 — Critical - Affected Versions: @strapi/content-type-builder =5.33.2 v5 or =4.26.1 v4 Description of CVE-2026-22599 A database-query...

9.3CVSS6.6AI score0.01178EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/13 8:2 p.m.11 views

Strapi has a rate limit bypass on users-permissions plugin via attacker-controlled email keying

Summary of CVE-2025-64526 Vulnerability Details - CVE: CVE-2025-64526 - CVSS v3.1 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N 6.9 — Medium - Affected Versions: @strapi/plugin-users-permissions =5.45.0 Description of CVE-2025-64526 In Strapi versions prior to 5.45.0, th...

6.9CVSS6AI score0.00492EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/13 3:33 p.m.8 views

SiYuan Bazaar marketplace renders unescaped package `name` and `version` metadata, allowing stored XSS and Electron code execution

Summary SiYuan's Bazaar community marketplace renders the name and version fields of a package's plugin.json and the equivalent theme.json / template.json / widget.json / icon.json into the Settings → Marketplace UI without HTML escaping. The kernel-side helper sanitizePackageDisplayStrings in...

9CVSS6AI score0.00361EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/13 3:33 p.m.9 views

SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs

Summary SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs POST /api/graph/getGraph, POST /api/graph/getLocalGraph, POST /api/sync/setSyncInterval, POST /api/storage/updateRecentDocViewTime, POST /api/storage/updateRecentDocCloseTime, POST...

7.2CVSS5.8AI score0.00207EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/13 3:33 p.m.11 views

Anchor: `InterfaceAccount` allows account substitution between unexpected types

Impact Any uses of InterfaceAccount allows another unexpected account type to be passed, after https://github.com/solana-foundation/anchor/pull/3837 disabled discriminator checking for this type. The bug was originally reported and fixed in https://github.com/solana-foundation/anchor/pull/4139, s...

5.8AI score
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/13 3:33 p.m.17 views

wger has an Uncontrolled Resource Consumption issue

Summary Any authenticated user can create a routine spanning an arbitrarily long date range e.g. 100 years and then trigger the datesequence computation via any of the routine detail endpoints. The server iterates once per day in an unbounded while loop with no maximum duration validation, causin...

5.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/13 3:33 p.m.13 views

Goobi viewer - Core: Unauthenticated Solr Streaming Expression Proxy

Summary The Goobi viewer REST endpoint POST /api/v1/index/stream accepted an arbitrary Solr streaming expression from unauthenticated network clients and forwarded it to the backend Solr server without restriction. An attacker could read the complete Solr index and, in default Solr deployments,...

9.8CVSS6AI score0.0041EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/13 3:33 p.m.10 views

uniget is Vulnerable to Command Injection in tool.Check Leading to Arbitrary Code Execution

I discovered a command injection vulnerability in uniget that allows arbitrary command execution through the metadata loading and version check mechanism. Summary A command injection vulnerability exists in uniget due to unsafe execution of the check field from metadata files using /bin/bash -c...

7.8CVSS6.3AI score0.00715EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/13 3:33 p.m.20 views

SiYuan has broken access control in `/api/search/{searchAsset,searchTag,searchWidget,searchTemplate}` publish-mode

Summary The advisory GHSA-c77m-r996-jr3q patched getBookmark so that, when invoked by a publish-mode RoleReader, results are filtered through FilterBlocksByPublishAccess to remove entries from password-protected / publish-ignored notebooks. Four sibling search handlers in the same file did not...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/13 3:32 p.m.12 views

SiYuan: Broken access control in `/api/tag/getTag` — Reader role can mutate `Conf.Tag.Sort` and persist to disk

Summary POST /api/tag/getTag is registered with model.CheckAuth only, omitting both model.CheckAdminRole and model.CheckReadonly, despite the handler performing a configuration write that is normally guarded by both. Any authenticated user — including publish-service RoleReader accounts and...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/13 3:32 p.m.17 views

Obot has an authorization bypass in /mcp-connect/{id} that allows any authenticated user to use any registered MCP server

Summary If you have the MCP Server ID, you can connect to the MCP server even if you don't have permissions to the server. The MCP gateway endpoint /mcp-connect/mcpid does not enforce Access Control Rules ACRs. Any authenticated Obot user who possesses an MCP Server ID can connect to that server...

5.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/13 3:31 p.m.15 views

Anchor: Program<'info, System> is not properly validated

Summary An logic error causes anchor programs to accept any program id when requiring the system program id, causing false assumptions resulting in potential arbitrary cpi in programs that invoke system program instructions. Details In the TryFrom implementation for Program, the id of T is compar...

8.2CVSS6AI score0.00246EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/13 3:31 p.m.13 views

claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh

Summary tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of the payload closes the literal early and lets following bytes execute as Python in the user...

8.6CVSS6.3AI score0.00188EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/13 3:31 p.m.11 views

Nautobot: GitRepository.current_head field should not be writable through REST API

Impact A user with access to add/change a GitRepository record could use the REST API to directly set the currenthead field on the record, which was not intended to be user-editable. Doing so could cause Nautobot's local clones of the relevant repository to checkout a commit other than the latest...

7.1CVSS5.7AI score0.00277EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/13 3:30 p.m.13 views

Nautobot: Webhook definitions could be used for server-side request forgery (SSRF)

Impact Nautobot's Webhook data model and associated feature set could be configured by users with sufficient access to perform requests to various hosts and IP addresses that should not be permitted, allowing for various behaviors similar to server-side request forgery SSRF. Patches Fixes are...

8.5CVSS5.8AI score0.00235EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/13 3:30 p.m.18 views

Nautobot: Object bulk rename UI actions vulnerable to denial of service by crafted regular expression (REDoS)

Impact Nautobot UI object-bulk-rename endpoints for example, /dcim/interfaces/rename/ were vulnerable to application-wide denial of service via maliciously crafted regular expressions in the find field in combination with the useregex flag. Patches A general-purpose timeout has been added to thes...

6.5CVSS5.8AI score0.00312EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/13 3:30 p.m.8 views

Nautobot: REST API permits creation of GenericForeignKey references to objects that the user should not be able to reference

Impact In the case of inter-object references via GenericForeignKey a pattern allowing an object to reference another object that may belong to one of several different "content types" or database tables, when creating or updating an object containing a GenericForeignKey, Nautobot's REST API fail...

5.4CVSS5.7AI score0.00177EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/13 3:29 p.m.15 views

Traefik: Gateway API TraefikService backend accepts rest@internal, allowing unauthorized exposure of the REST provider despite providers.rest.insecure=false

Summary There is a medium severity vulnerability in Traefik's Kubernetes Gateway API provider that allows a tenant with HTTPRoute creation permissions to expose the REST provider handler, bypassing the providers.rest.insecure=false setting. The Gateway provider accepts any TraefikService backend...

9.9CVSS5.9AI score0.00468EPSS
Exploits1References6Affected Software3
Github Security Blog
Github Security Blog
added 2026/05/13 3:29 p.m.13 views

go-billy: Lack of depth and cycle detection in symlink resolution may lead to infinite loops and resource exhaustion

Impact Multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficient validation and missing safety mechanisms such as cycle detection, recursion limits, or...

6.5CVSS5.8AI score0.00295EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/13 3:29 p.m.10 views

Grav: Twig sandbox allows editor-role users to exfiltrate all plugin secrets via Config::toArray()

Summary The Twig sandbox allow-list permits any user with the admin.pages role to call config.toArray from within a page body, dumping the entire merged site configuration — including all plugin secrets SMTP passwords, AWS keys, OAuth client secrets, API tokens — into the rendered HTML. No...

7.7CVSS5.8AI score0.00276EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/13 3:29 p.m.15 views

LangSmith SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning

Description The LangSmith SDK's prompt pull methods pullprompt / pullpromptcommit in Python, pullPrompt / pullPromptCommit in JS/TS fetch and deserialize prompt manifests from the LangSmith Hub. These manifests may contain serialized LangChain objects and model configuration that affect runtime...

7.1CVSS5.7AI score0.00199EPSS
Exploits0References3Affected Software3
Github Security Blog
Github Security Blog
added 2026/05/13 3:29 p.m.10 views

Systeminformation vulnerable to Linux command injection in networkInterfaces() via unsanitized NetworkManager connection profile name

Summary On Linux, systeminformation is vulnerable to command injection in networkInterfaces when an active NetworkManager connection profile name contains shell metacharacters. This is not caused by a caller passing attacker-controlled arguments into networkInterfaces. The vulnerable value is...

7.8CVSS6.3AI score0.0062EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/13 1:39 a.m.15 views

OpenLearnX: Critical Authentication Bypass via JWT Signature Verification Disabled Leading to Account Takeover

Overview A critical authentication vulnerability was identified in OpenLearnX that could allow unauthorized access to user accounts under specific conditions. The issue has been fixed. Advisory: https://github.com/th30d4y/OpenLearnX/security/advisories/GHSA-223g-f5mq-gw33...

6.9CVSS5.8AI score0.00207EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/13 1:36 a.m.13 views

Astro: Server island encrypted parameters vulnerable to cross-component replay

Impact Astro versions prior to 6.1.10 used AES-GCM encryption to protect the confidentiality and integrity of server island props and slots parameters, but did not bind the ciphertext to its intended component or parameter type. An attacker could replay one component's encrypted props p value as...

6.3CVSS5.8AI score0.00144EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/13 1:36 a.m.11 views

Klever-Go MultiDataInterceptor has remote OOM via crafted compressed P2P payload

Summary A remote, unauthenticated denial-of-service vulnerability in Batch.Decompress data/batch/batch.go allows any peer that participates in a topic served by MultiDataInterceptor to allocate multi-gigabyte heaps on the receiving node from a sub-50 KiB gossip payload. A single packet is...

8.6CVSS5.9AI score0.0038EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/13 1:36 a.m.12 views

Authlib OIDC Implicit/Hybrid Authorization Vulnerable to Open Redirect

Summary An unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorization endpoint lets a remote attacker cause the authorization server to issue an HTTP 302 to an attacker-chosen URL by submitting an authorization request that omits the openid scope. Details...

6.1CVSS5.7AI score0.00203EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/13 1:35 a.m.14 views

Mapfish Print: Remote Code Injection (RCE) in Dynamic table

Impact The attacker can execute arbitrary code without being authenticated Mitigation Upgrade to a patched version please check affected/patched version matrix Credits Bug Bounty of Canton du Jura...

9.3CVSS6.2AI score0.00325EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/12 10:25 p.m.9 views

UltraJSON has a Memory Leak in ujson.dump() on Write Failure

Summary When ujson.dump writes to a file-like object and the write operation raises an exception, the serialized JSON string object is not decremented, leaking memory. Each failed write operation leaks the full size of the serialized payload. Code that uses ujson.dumps rather than ujson.dump or...

8.7CVSS5.8AI score0.00421EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 10:24 p.m.23 views

SillyTavern has a SSRF vulnerability in the CORS proxy middleware

Resolution SillyTavern 1.18.0 added a generic server-side request filter Private Request Whitelisting. Since we expect users to use the application in a trusted environment, the filter is disabled by default, however it is strongly advised to be enabled and properly configured when an instance is...

6.9CVSS5.8AI score0.00375EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 10:23 p.m.9 views

SillyTavern has a reflected XSS vulnerability in the CORS proxy middleware

Resolution Fixed in SillyTavern 1.18.0: a user-provided URL is no longer reflected in the HTTP response body. Overview - Vulnerability Type: XSS - Affected Location: src/middleware/corsProxy.js:40 - Trigger Scenario: reflected XSS in CORS proxy error response Root Cause When fetchurl throws, the...

6.9CVSS6.1AI score0.00323EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 10:23 p.m.13 views

SillyTavern has a Path Traversal issue

Summary POST /api/extensions/delete endpoint accepts extensionName: "." which bypasses sanitize-filename validation, causing the entire user extensions directory to be recursively deleted. No authentication is required in the default configuration. Affected File src/endpoints/extensions.js last...

9.6CVSS5.7AI score0.00567EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 10:23 p.m.32 views

SillyTavern has Authentication Bypass via SSO Header Injection

Resolution SillyTavern 1.18.0 now includes a configuration option to limit which IP addresses can authorize using SSO headers, limiting to just loopback addresses by default. A setting can be customized according to user's needs. Documentation: https://docs.sillytavern.app/administration/sso/...

9.8CVSS5.8AI score0.00218EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 10:23 p.m.15 views

SillyTavern: Existing sessions are not invalidated after password change, allowing session reuse and account takeover

Summary Changing a user’s password does not invalidate existing sessions, allowing an attacker with a stolen cookie to retain access even after the victim resets their password. Details SillyTavern relies on cookie-session for authentication, storing all session data user handle, permissions in a...

7.5CVSS5.8AI score0.00394EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 10:22 p.m.12 views

esm.sh: Path Traversal via package.json browser field allows reading arbitrary server files

Summary A Local File Inclusion LFI vulnerability exists in the esbuild plugin's handling of the browser field in package.json. An attacker can publish an npm package that causes the server to read and return arbitrary files from the host filesystem during the build process. Details The vulnerable...

7.5CVSS6AI score0.00321EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 10:22 p.m.11 views

esm.sh: Legacy Route Path Traversal Can Lead to RCE

Impact - Arbitrary File Write – An attacker can cause the server to write data to any file path it has write permission for. - Privilege Escalation / RCE – By overwriting critical binaries or scripts, the attacker can execute arbitrary code with the server’s privileges. Exploit The legacy router...

8.7CVSS6.4AI score0.00362EPSS
Exploits0References4Affected Software1
Total number of security vulnerabilities33268