Lucene search
K
GithubRecent

33255 matches found

Github Security Blog
Github Security Blog
added 2026/05/11 7:39 p.m.10 views

MantisBT: Authorization Bypass in Bugnote Editing via Issue Update API

The mcissueupdate function in MantisBT allows users having updatebugthreshold access UPDATER, with default settings to edit, change view state, and modify time tracking on bugnotes belonging to other users — bypassing the default DEVELOPER level 55 threshold required by the dedicated...

5.3CVSS5.8AI score0.00258EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 7:39 p.m.11 views

MantisBT is Vulnerable to Reflected XSS in Rendering Dynamic Custom Textarea Field

Lack of validation of filtertarget parameter on returndynamicfilters.php normally used as an AJAX in View Issues Page allows an attacker to inject arbitrary HTML if the target is a TEXTAREA custom field. Impact Cross-site scripting XSS Patches - c885af13f0b8596714ffe11df757c09f35fbd8f4 Workaround...

5.3CVSS5.9AI score0.00281EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 7:37 p.m.13 views

Mermaid: Improper sanitization of configuration leads to CSS injection

Impact Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration options. Live demo: mermaid.live Example code: %%init: "fontFamily": "x;ab :not&background:green !important cd"%% flowchart LR A --...

5.3CVSS5.8AI score0.00398EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 7:36 p.m.17 views

Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS

Impact Mermaid v11.14.0 and earlier are vulnerable to a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. Example: gantt excludes monday,tuesday,wednesday,thursday,friday,saturday,sunday DoS :2025-01-01, 1d mermaid.parse is unaffected,...

5.3CVSS5.7AI score0.00384EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 7:36 p.m.9 views

Mermaid: Improper sanitization of `classDef` in state diagrams leads to HTML injection

Impact Under the default configuration, Mermaid state diagram's classDef allow DOM injection that escapes the SVG, although tags are removed, preventing XSS. Proof-of-concept stateDiagram-v2 classDef xss...

5.3CVSS5.8AI score0.00401EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 7:36 p.m.11 views

Mermaid: Improper sanitization of `classDefs` in diagrams leads to CSS injection

Details The state diagram and any other diagram type that routes user-controlled style strings through createCssStyles parser for Mermaid v11.14.0 and earlier captures classDef values with an unrestricted regex: jison // packages/mermaid/src/diagrams/state/parser/stateDiagram.jison:83 ^\n...

5.3CVSS5.8AI score0.00338EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 7:35 p.m.12 views

MantisBT is Vulnerable to Stored XSS in Saved-Filter Owner Column

Incorrect escaping of a saved filter's owner allows an attacker to inject arbitrary HTML on systems where $gshowuserrealname = ON. Impact Cross-site scripting XSS. Note that By default, only users with Manager access level or above can save their filters publicly Patches -...

7.5CVSS5.9AI score0.00419EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 7:35 p.m.10 views

MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page

Improper escaping of the redirection page retrieved from the request's Referer header allows an attacker to inject HTML. While this is generally not directly actionable as modern browsers will URL-encode special characters, on some specific server configurations this could poison the cache, leadi...

6.9CVSS5.7AI score0.00447EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 7:34 p.m.10 views

MantisBT has a Content Security Policy bypass via attachments

Given any pre-existing XSS / HTML injection vulnerability, an attacker can bypass the Content Security Policy's script-src directive by uploading a crafted attachment to any issue that, when accessed via the filedownload.php link, will be downloaded with a valid JavaScript MIME type resulting in...

7.6CVSS5.8AI score0.00498EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 7:34 p.m.11 views

MantisBT is Vulnerable to XSS leading to account takeover via updating a user's font family preference

Any authenticated user can inject arbitrary HTML via updating their account's font family. Impact Cross-site scripting. The injected payload will be reflected in every MantisBT page. Leveraging another vulnerability CSP bypass, see GHSA-9c3j-xm6v-j7j3, the attacker could achieve account takeover...

7.2CVSS5.9AI score0.00424EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 7:34 p.m.13 views

MantisBT is Vulnerable to Stored XSS in Custom Field Textarea Values

Improper escaping of a textarea custom field's contents in the Update Issue page bugupdatepage.php allows an attacker to inject HTML and, if CSP settings permit, execute arbitrary JavaScript when the page is loaded. Impact Session theft leading to admin account takeover, full project data access....

5.4CVSS6.8AI score0.0023EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 7:34 p.m.10 views

Yii 2: Local file inclusion via view parameter name collision

The core view rendering method View::renderPhpFile calls extract$params, EXTROVERWRITE before the require statement that includes the view file. A caller-controlled parameter named file in the $params array overwrites the internal local variable that specifies which file is included — enabling a...

7.4CVSS5.8AI score0.00442EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 7:33 p.m.11 views

MantisBT: Bugnote Revision Page Leaks Private Issue Metadata After Issue Access Is Revoked

MantisBT allows a bugnote author to access the note's Revisions page after losing access to the parent private issue. Impact Disclosure of the private Issue's Id and Summary. The bugnote full revision body remains secure. Patches - 71df1f67e05b2050cd4bd87839e6cc13747cf03f Workarounds None Credits...

5.3CVSS5.8AI score0.00372EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 7:33 p.m.12 views

MantisBT has an Authorization Bypass that Allows Uploading Attachments to Private Issues via REST API

Impact MantisBT allows an authenticated user to upload attachments to private Issues they are not authorized to access. Patches - b262b4d2835b81394d75356dead66e52a6275206 Workarounds None. Credits Thanks to Vishal Shukla for discovering and responsibly reporting the issue...

4.3CVSS5.8AI score0.00248EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 7:32 p.m.8 views

MantisBT has an authorization bypass that allows reading attachments after losing access to a private issue

MantisBT permits a user to list and download their own attachments from an Issue created by another user, even after that Issue becomes private and direct access to it is denied. Impact The loss of confidentiality caused by this vulnerability is minimal, considering that only the attachments that...

5.3CVSS5.8AI score0.00362EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 7:32 p.m.11 views

MantisBT has an authorization bypass in private issue monitoring

Using a crafted POST request to bugmonitoradd.php, a user with project-level access can add themselves as a monitor for a private issue they do not have access to. Despite displaying an Access Denied error, the application accepts the request and creates a monitor relationship for the private...

5.3CVSS5.8AI score0.00363EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 7:32 p.m.9 views

MantisBT is Vulnerable to Stored HTML Injection/XSS in Clone Issue Form

When cloning an issue originating from a Project other than the current one, the clone form bugreportpage.php prepends the source Project name before the category selector without proper escaping, allowing an attacker able to to inject HTML if they can set the Project's name which typically...

8.6CVSS5.8AI score0.00444EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 7:32 p.m.8 views

MantisBT Vulnerable to Privilege Escalation from Manager to Administrator

Insufficient access control checks in ProjectUsersAddCommand used in manageprojuseradd.php and REST API endpoint PUT /project/id/users allows users having manageprojectthreshold access level manager by default to grant project-level administrator access to any user including themselves in any...

5.1CVSS5.9AI score0.00427EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.16 views

Duplicate Advisory: OpenClaw's Webhooks SecretRef route secret remains valid after rotation/reload

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-q8ff-7ffm-m3r9. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.23 caches resolved webhook route secrets backed by SecretRef values, allowing stale secrets to...

6CVSS5.7AI score0.00288EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.10 views

Duplicate Advisory: OpenClaw: Hook mapping templates could bypass hook session-key opt-in

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2xcp-x87w-q377. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.20 contains a hook session-key bypass vulnerability that allows attackers to circumvent the...

6.3CVSS5.7AI score0.00279EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.9 views

Duplicate Advisory: OpenClaw: Workspace dotenv files cannot override connector endpoint hosts

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-55cf-xx38-4p9p. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.22 allows workspace dotenv files to override connector endpoint hosts for Matrix, Mattermost,...

5CVSS5.7AI score0.00105EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.12 views

Duplicate Advisory: OpenClaw vulnerable to arbitrary code execution via attacker-controlled setup-api.js loaded from cwd during env-key resolution

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r39h-4c2p-3jxp. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.23 contains an arbitrary code execution vulnerability in the bundled plugin setup resolver tha...

8.4CVSS6.4AI score0.00144EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.12 views

Duplicate Advisory: OpenClaw's ACP child sessions inherit subagent security envelope constraints

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-q3jj-46pq-826r. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.22 contains a security envelope constraint bypass vulnerability allowing restricted subagents ...

4.3CVSS5.7AI score0.00221EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.14 views

Duplicate Advisory: OpenClaw: Isolated cron awareness events were recorded as trusted system events

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-57r2-h2wj-g887. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.20 fails to properly preserve untrusted labels for isolated cron awareness events, allowing...

6.3CVSS5.7AI score0.00151EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.16 views

Duplicate Advisory: OpenClaw: Workspace dotenv MiniMax host override could redirect credentialed requests

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-h2vw-ph2c-jvwf. This link is maintained to preserve external references. Original Description OpenClaw versions 2026.4.5 before 2026.4.20 contain an environment variable injection vulnerability allowing workspac...

5CVSS5.7AI score0.00119EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.13 views

Duplicate Advisory: OpenClaw: Owner-enforced commands could accept wildcard channel senders as command owners

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c28g-vh7m-fm7v. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.21 contains an authorization bypass vulnerability in command-auth.ts that allows non-owner...

4.2CVSS5.8AI score0.00237EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.12 views

Duplicate Advisory: OpenClaw: MCP stdio server env could load dangerous startup variables from workspace config

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mj59-h3q9-ghfh. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.20 contains an improper environment variable validation vulnerability in MCP stdio server...

7.3CVSS6.1AI score0.00136EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.11 views

automagik-genie has a command injection vulnerability

Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the viewtask aka view in the readTranscriptFromCommit function in dist/mcp/server.js when a user reads from an external FORGEBASEURL...

8.1CVSS6.1AI score0.01008EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.12 views

MLflow Has a Server-Side Request Forgery (SSRF) Vulnerability

A Server-Side Request Forgery SSRF vulnerability exists in MLflow versions prior to 3.9.0. The createwebhook function in mlflow/server/handlers.py accepts a user-controlled url parameter without validation, and the sendwebhookrequest function in mlflow/webhooks/delivery.py sends HTTP POST request...

7.1CVSS7.2AI score0.00288EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.4 views

Casdoor: Arbitrary file write possible through Local File System storage provider

An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker with administrative privileges can perform a Path Traversal attack to create or overwrite arbitrary files anywhere on the host filesystem,...

5.9CVSS6.1AI score0.00513EPSS
Exploits5References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.12 views

pgAdmin 4 contains local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities

Local file inclusion LFI and server-side request forgery SSRF vulnerabilities in pgAdmin 4 LLM API configuration endpoints. User-supplied apikeyfile and apiurl preferences were passed to the LLM provider clients without validation. An authenticated user could read arbitrary server-side files by...

7.1CVSS6AI score0.00217EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.14 views

pgAdmin 4: OS command injection vulnerability in Import/Export query export

OS command injection CWE-78 vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An authenticated user could inject " TO PROGRAM 'cmd'" to break out of the \copy ... context and achieve...

8.8CVSS6.1AI score0.01444EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.14 views

Docling's METS GBS backend is vulnerable to XML Entity Expansion (XXE) attacks

Docling's METS GBS backend is vulnerable to XML Entity Expansion XXE attacks thru 2.61.0. The backend extracts and validates XML files from .tar.gz archives using etree.fromstring without disabling entity resolution. An attacker can craft a malicious XML file with nested entity definitions XML Bo...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.10 views

pgAdmin 4 has deserialization of untrusted data in its FileBackedSessionManager

Deserialization of untrusted data CWE-502 in pgAdmin 4 FileBackedSessionManager. The session manager performed unsafe deserialization of session-file contents using Python's standard object-serialization module before performing any HMAC integrity check. Any file dropped into the sessions directo...

7.8CVSS6.5AI score0.00131EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.11 views

SQL injection vulnerability in pgAdmin 4 Maintenance Tool

SQL injection vulnerability in pgAdmin 4 Maintenance Tool. Four user-supplied JSON fields bufferusagelimit, vacuumparallel, vacuumindexcleanup, reindextablespace were concatenated directly into the rendered VACUUM/ANALYZE/REINDEX command and passed to psql --command. An authenticated user with th...

8.8CVSS6.2AI score0.00456EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.12 views

pgAdmin 4 File Manager has symbolic-link path traversal

Symbolic-link path traversal CWE-61, CWE-22 in pgAdmin 4 File Manager. checkaccesspermission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent kernel write follows symlinks. An authenticated user could plant a symbolic link inside their own storag...

8.1CVSS5.8AI score0.00359EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.15 views

pgAdmin 4: Stored cross-site scripting (XSS) vulnerability in Browser Tree and Explain Visualizer modules

Stored cross-site scripting XSS vulnerability in pgAdmin 4 Browser Tree and Explain Visualizer modules. User-controlled PostgreSQL object names database, schema, table, column, etc. were assigned to DOM elements via innerHTML, allowing crafted object names containing HTML markup to execute...

4.8CVSS5.7AI score0.00163EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.13 views

pgAdmin 4: Improper restriction of excessive authentication attempts

Improper restriction of excessive authentication attempts CWE-307 in pgAdmin 4. pgAdmin enforces MAXLOGINATTEMPTS only inside its custom /authenticate/login view. Flask-Security's default /login view, which is registered automatically by security.initapp and is reachable on every server, never...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.10 views

flash-attention contains an insecure deserialization vulnerability in its checkpoint loading mechanism

The flash-attention training framework thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 2025-13-04 contains an insecure deserialization vulnerability CWE-502 in its checkpoint loading mechanism. The loadcheckpoint function in checkpoint.py and the checkpoint loading code in eval.py use...

7.3CVSS6.1AI score0.00218EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.16 views

pgAdmin 4 server mode has an authorization vulnerability affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...

9.9CVSS6.1AI score0.00455EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.13 views

Docling's JATS XML backend is vulnerable to XML Entity Expansion (XXE) attacks

Docling's JATS XML backend is vulnerable to XML Entity Expansion XXE attacks thru 2.61.0. The backend uses etree.parse to parse XML files without disabling entity resolution. An attacker can craft a malicious XML file containing a nested entity expansion payload XML Bomb. When processed by Doclin...

7.5CVSS5.8AI score0.00351EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.13 views

GPT-Pilot contains a command injection vulnerability in the Executor.run() method

GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 2025-09-03 contains a command injection vulnerability CWE-78 in the Executor.run method. During project execution, when the system prompts the user to confirm or modify a command to be run, it accepts free-text input without proper...

6.5CVSS6.5AI score0.00704EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 5:58 p.m.11 views

MantisBT Has Authorization Bypass in Global Profile Creation

MantisBT allows a low-privileged authenticated user having addprofilethreshold to create a global profile despite not having manageglobalprofilethreshold, by tampering with the userid parameter in a valid profile creation request. Impact Authentication bypass Patches -...

5.3CVSS5.8AI score0.0034EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 5:58 p.m.12 views

Unity Catalog has a JWT Issuer Validation Bypass tht Allows Complete User Impersonation

Context: A critical authentication bypass vulnerability exists in the Unity Catalog token exchange endpoint /api/1.0/unity-control/auth/tokens. The endpoint extracts the issuer iss claim from incoming JWTs and uses it to dynamically fetch the JWKS endpoint for signature validation without...

9.1CVSS5.8AI score0.00183EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 5:53 p.m.14 views

WebdriverIO BrowserStack Service has a Command Injection issue

Summary A command injection vulnerability exists in @wdio/browserstack-service that allows remote code execution RCE when processing git branch names in test orchestration. An attacker can exploit this by providing a malicious git repository with a branch name containing shell command injection...

9.8CVSS6.4AI score0.02799EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 5:53 p.m.25 views

torrentpier has PHP Serialize Injections

Summary Hi, there. We've found PHP Serialize Injections in your project “torrentpier". According to the OWASP, it can pose a significant risk: enable an attacker to modify serialized objects in order to inject malicious data into the application code, resulting in code execution or an arbitrary...

6.3AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 4:21 p.m.13 views

Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up

Impact It was found that the fix addressing CVE-2026-44575 did not apply to middleware.ts with Turbopack. Refer to CVE-2026-44575 for further details. References - CVE CVE-2026-44575...

7.5CVSS5.8AI score0.01523EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 4:20 p.m.9 views

Angular Expressions - Remote Code Execution using filters

Impact An attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. Example of vulnerable code: const expressions = require"angular-expressions"; const result = expressions.compile"a | proto", ; This should throw the error : Filter 'proto' is not...

10CVSS6.5AI score0.00476EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 4:20 p.m.13 views

Budibase vulnerable to SSRF via trivial `.tar.gz` substring bypass in Plugin URL upload (`/api/plugin`)

Summary | Field | Value | |-------|-------| | Title | SSRF via trivial .tar.gz substring bypass in Plugin URL upload | | Product | Budibase Self-Hosted | | Version | ≤ 3.34.11 latest stable as of 2026-03-30 | | Component | packages/server/src/api/controllers/plugin/url.ts | | Vulnerability Type...

7.7CVSS5.9AI score0.00263EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 4:17 p.m.9 views

Bird-lg-go has a Fatal Out-of-Memory (OOM) Denial of Service via Unbounded JSON Decoding

Summary The apiHandler and similarly webHandlerTelegramBot processes user-provided JSON payloads by directly using json.NewDecoderr.Body.Decode&request without restricting the maximum read size. An unauthenticated remote attacker can stream an extremely large, endless JSON payload e.g., several...

7.5CVSS5.9AI score0.00441EPSS
Exploits0References5Affected Software1
Total number of security vulnerabilities33255