Lucene search
K
GithubRecent

33254 matches found

Github Security Blog
Github Security Blog
added 2026/05/08 10:22 p.m.9 views

Kimai has an arbitrary file read in its invoice PDF renderer (admin)

Summary Users with the role System-Admin ROLESYSTEADMIN and the permission uploadinvoicetemplate can upload PDF invoice templates, which can call pdfContext.setOption'associatedfiles', ... inside the sandboxed Twig render. This is forwarded to mPDF's SetAssociatedFiles, whose writer calls...

4.9CVSS5.8AI score0.00278EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 10:21 p.m.9 views

Open WebUI has Stored XSS in Pending User Overlay via Incorrect DOMPurify Application Order

Vulnerability Details CWE-79: Cross-site Scripting XSS The AccountPending.svelte component renders the admin-configured "Pending User Overlay Content" using marked.parse inside @html with an incorrect DOMPurify application order: Vulnerable Code...

4.8CVSS5.9AI score0.0017EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 8:49 p.m.17 views

eventsource-encoder vulnerable to SSE event injection via unsanitized `event` and `id` fields

Summary eventsource-encoder does not sanitize the event or id fields of an EventSourceMessage before serializing them. An attacker who controls either field can inject arbitrary Server-Sent Events line terminators \n, \r, or \r\n and thereby forge additional SSE fields or entire messages on the...

5.8CVSS5.9AI score0.00277EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 8:48 p.m.12 views

OpenTelemetry.Exporter.Instana bypasses TLS certificate validation when a proxy is configured

Summary The OpenTelemetry.Exporter.Instana NuGet package does not validate HTTPS/TLS certificates are valid when sending telemetry to a configured Instana back-end when a proxy is configured using the INSTANAENDPOINTPROXY environment variable. If a network attacker can Man-in-the-Middle MitM the...

6.5CVSS5.8AI score0.00207EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 8:44 p.m.12 views

Volcano's webhook server vulnerable to OOM due to unbounded HTTP request body size

Impact The Volcano webhook server does not enforce a size limit on incoming HTTP request bodies. Any in-cluster pod that can reach the webhook endpoint may send an arbitrarily large request body, potentially causing the webhook server to be killed by OOM. All Volcano deployments with the webhook...

7.4CVSS5.8AI score0.00173EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 8:43 p.m.21 views

Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability

Summary The kanban npm package used by the cline CLI starts a WebSocket server on 127.0.0.1:3484 with no Origin header validation. Any website a developer visits can silently connect to the kanban server via WebSocket and: 1. Leak sensitive data in real-time: workspace filesystem paths, task...

9.6CVSS6.2AI score0.0018EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 8:36 p.m.13 views

banks has Critical Remote Code Execution (RCE) via Jinja2 SSTI

Summary banks = 2.4.1 uses jinja2.Environment unsandboxed to render prompt templates. Applications that pass user-supplied strings as the template argument to Prompt are vulnerable to Server-Side Template Injection SSTI, which can lead to Remote Code Execution RCE on the host system. This is a...

7.5CVSS6AI score0.00539EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 8:34 p.m.36 views

@babel/plugin-transform-modules-systemjs generates arbitrary code when compiling malicious input

Impact Using Babel to compile code that was specifically crafted by an attacker can cause Babel to generate output code that executes arbitrary code. Known affected plugins are: - @babel/plugin-transform-modules-systemjs - @babel/preset-env when using the modules: "systemjs" option, as it delegat...

8.2CVSS5.9AI score0.00125EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 8:24 p.m.16 views

Phoenix: Long-poll NDJSON body splitting causes large memory allocation

Summary An unauthenticated denial-of-service vulnerability in Phoenix's long-poll transport allows a remote client to allocate a large amount of memory with a HTTP request. A handful of concurrent requests can be sufficient to let the node run out of memory. See also...

8.7CVSS5.8AI score0.00469EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 8:23 p.m.16 views

Wagtail has improper permission handling when copying pages

Impact A CMS user with limited access to pages could copy a page they don't have access to to an area of the site they do. Once copied, they'd be able to view its contents, and potentially publish it. Permissions were correctly checked for the copy destination, but not for the source page. Patche...

6.5CVSS5.8AI score0.00201EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 8:21 p.m.22 views

Wagtail has improper restriction handling on Documents and Images API

Impact The Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections. Patches Patched versions have been released as Wagtail 7.0.7 and 7.3.2. The new 7.4 LTS feature releas...

5.3CVSS5.8AI score0.00256EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 8:20 p.m.14 views

Wagtail has improper permission handling when deleting form submissions

Impact A CMS user with limited access to form pages could delete submissions to form pages they don't have access to by crafting a form submission to delete submissions on a page they do have access to for submissions they don't. The vulnerability is not exploitable by an ordinary site visitor...

6.5CVSS5.8AI score0.00174EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 8:19 p.m.18 views

Wagtail has improper permission handling when viewing page history

Impact A CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive information. Patches Patched versions have been released as Wagtail 7.0.7 and 7.3.2. The new 7.4 LTS feature release also incorporates this fix...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 8:17 p.m.15 views

Wagtail has improper permission handling when comparing revisions

Impact A CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in disclosure of sensitive information. Patches Patched versions have been released as Wagtail 7.0...

6.5CVSS5.8AI score0.00204EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 8:6 p.m.14 views

@cyclonedx/cdxgen: Docker registry auth substring match forwards credentials to a different registry

Docker registry auth substring match forwards credentials to a different registry Repository cdxgen/cdxgen Affected product/package - Ecosystem: npm - Package: @cyclonedx/cdxgen - Reviewed tree version: 12.3.3 - Reviewed commit: b1e179869fd7c6032c3d483c3f7bd4d7154ec22b - Affected file:...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 8:3 p.m.17 views

Open WebUI has Unauthorized File and Knowledge Base Content Access via RAG Vector Search

Unauthorized File and Knowledge Base Content Access via RAG Vector Search Affected Component RAG source resolution in chat completion pipeline: - backend/openwebui/retrieval/utils.py lines 963-965, 1063-1068, 1126-1131 in getsourcesfromitems Affected Versions Current main branch commit 6fdd19bf1...

6.5CVSS5.8AI score0.00366EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 8:1 p.m.13 views

Open WebUI: Deactivated Channel Members Retain Full Access to Group/DM Channels

Deactivated Channel Members Retain Full Access to Group/DM Channels Affected Component Channel membership authorization check: - backend/openwebui/models/channels.py lines 663-673, isuserchannelmember - Used at 15 locations in backend/openwebui/routers/channels.py Affected Versions Current main...

5.4CVSS5.8AI score0.00178EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 8:0 p.m.13 views

Read-Only Open WebUI Users Can Modify Collaborative Documents via Socket.IO

Read-Only Users Can Modify Collaborative Documents via Socket.IO Affected Component Socket.IO collaborative document editing handler: - backend/openwebui/socket/main.py lines 667-721, ydoc:document:update handler Affected Versions Current main branch and likely all versions with collaborative not...

5.4CVSS5.5AI score0.0022EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 7:52 p.m.15 views

Open WebUI's Ollama Model Access Control Bypass via /api/generate, /api/embed, /api/embeddings, and /api/show

Ollama Model Access Control Bypass via /api/generate, /api/embed, /api/embeddings, and /api/show Affected Component Ollama proxy endpoints missing model access control: - backend/openwebui/routers/ollama.py lines 955-995, generatecompletion - backend/openwebui/routers/ollama.py lines 835-881, emb...

5.4CVSS5.9AI score0.00238EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 7:52 p.m.9 views

Open WebUI's Model Import Overwrites Any Model Without Ownership Check

Model Import Overwrites Any Model Without Ownership Check Affected Component Model import endpoint: - backend/openwebui/routers/models.py lines 254-308, importmodels Affected Versions Current main branch commit 6fdd19bf1 and likely all versions with model import functionality. Description The POS...

6.5CVSS5.8AI score0.0029EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 7:51 p.m.14 views

Open WebUI Missing Access Check on Channel Members Endpoint for Standard Channels

Missing Access Check on Channel Members Endpoint for Standard Channels Affected Component Channel members listing endpoint: - backend/openwebui/routers/channels.py lines 445-507, getchannelmembersbyid Affected Versions Current main branch and likely all versions with the channels feature...

4.3CVSS5.8AI score0.00221EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 7:51 p.m.13 views

Open WebUI vulnerable to Global Knowledge Base Enumeration via knowledge-bases Meta-Collection

Global Knowledge Base Enumeration via knowledge-bases Meta-Collection Affected Component Retrieval collection access validation: - backend/openwebui/routers/retrieval.py lines 2330-2355, validatecollectionaccess - backend/openwebui/routers/retrieval.py query endpoints, e.g. POST /query/doc Affect...

4.3CVSS5.9AI score0.00221EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 7:51 p.m.12 views

Open WebUI has Knowledge Base Destruction and RAG Poisoning via Unauthorized Collection Overwrite

Knowledge Base Destruction and RAG Poisoning via Unauthorized Collection Overwrite Affected Component Retrieval web/YouTube processing endpoints: - backend/openwebui/routers/retrieval.py lines 1810-1837, processweb - backend/openwebui/routers/retrieval.py the parallel processyoutube endpoint -...

8.1CVSS5.8AI score0.00295EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 7:50 p.m.9 views

Open WebUI's Channel Access Grants Bypass filter_allowed_access_grants

Channel Access Grants Bypass filterallowedaccessgrants Affected Component Channel creation and update endpoints: - backend/openwebui/routers/channels.py lines 291-340, createnewchannel - backend/openwebui/routers/channels.py lines 617-638, updatechannelbyid - backend/openwebui/models/channels.py...

5.4CVSS5.9AI score0.0019EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 7:45 p.m.11 views

Open WebUI's responses passthrough endpoint lacks access control authorization

Summary The /responses endpoint in the OpenAI router accepts any authenticated user and forwards requests directly to upstream LLM providers without enforcing per-model access control. While the primary chat completion endpoint generatechatcompletion checks model ownership, group membership, and...

7.1CVSS6AI score0.00306EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 7:45 p.m.15 views

Open WebUI's Base Model Routing Bypasses Access Control via Model Chaining

Base Model Routing Bypasses Access Control via Model Chaining Affected Component Model chaining via basemodelid: - backend/openwebui/routers/models.py lines 170-214, createnewmodel - backend/openwebui/routers/models.py lines 254-308, importmodels - backend/openwebui/main.py lines 1696-1711, base...

7.6CVSS6AI score0.00248EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 7:44 p.m.11 views

Open WebUI: Redis Cache Keys tool_servers and terminal_servers Missing Instance Prefix Enable Cross-Instance Cache Poisoning

Redis Cache Keys toolservers and terminalservers Missing Instance Prefix Enable Cross-Instance Cache Poisoning Affected Component Tool server and terminal server Redis cache: - backend/openwebui/utils/tools.py line 841, toolservers SET - backend/openwebui/utils/tools.py line 850, toolservers GET ...

8.7CVSS6AI score0.00305EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 7:43 p.m.16 views

Open WebUI: Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access

Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access Affected Component Socket.IO session state and role-check callsites: - backend/openwebui/socket/main.py lines 330-351, connect handler — role snapshotted into SESSIONPOOL - backend/openwebui/socket/main.py lin...

8.1CVSS5.8AI score0.00284EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 7:38 p.m.10 views

Open WebUI's Mass Assignment via Pydantic extra='allow' Allows Creating Folders in Other Users' Accounts

Mass Assignment via Pydantic extra='allow' Allows Creating Folders in Other Users' Accounts Affected Component Folder creation endpoint and form model: - backend/openwebui/models/folders.py lines 72-77, FolderForm with extra='allow' - backend/openwebui/models/folders.py lines 95-106,...

5CVSS6AI score0.00287EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 7:38 p.m.13 views

Open WebUI has an LDAP Empty Password Authentication Bypass

LDAP Empty Password Authentication Bypass Affected Component LDAP authentication endpoint: - backend/openwebui/routers/auths.py lines 468-477, user bind with empty password - backend/openwebui/models/auths.py lines 58-60, LdapForm model Affected Versions Current main branch commit 6fdd19bf1 and...

9.1CVSS6AI score0.01461EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 7:38 p.m.12 views

Grav: Stored XSS via page title (data[header][title]) in admin panel

Summary A Stored Cross-Site Scripting XSS vulnerability was identified in the /admin/pages/page endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts into the dataheadertitle parameter. --- Details Vulnerable Endpoint: GET /admin/pages/page Parameter:...

6.2CVSS5.7AI score0.00256EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 7:17 p.m.13 views

MikroORM has SQL injection via runtime-controlled identifiers and JSON-path keys

Summary MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters Platform.getSearchJsonPropertyKey, quoteJsonKey did not properly escape characters that delimit the SQL identifier or string-literal context they emit into. When...

7.6CVSS6.1AI score0.01252EPSS
Exploits2References7Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/08 7:13 p.m.16 views

fast-uri vulnerable to host confusion via percent-encoded authority delimiters

Impact fast-uri v3.1.1 and earlier decodes percent-encoded authority delimiters %40 as @, %3A as : inside the host component and serializes them back as raw characters. This changes the URI structure, turning a hostname into userinfo plus a different host. For example,...

7.5CVSS5.8AI score0.00475EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 7:12 p.m.10 views

Zebra has Permanent Block Discovery Halt via Gossip Queue Saturation and Syncer Poisoning

Summary A composite denial-of-service vulnerability in Zebra's block discovery pipeline allows an unauthenticated remote attacker to permanently halt all new block discovery on a targeted node. The attack exploits three independent weaknesses in the gossip, syncer, and download subsystems — all...

8.7CVSS5.8AI score0.00351EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 7:9 p.m.9 views

Bunsink has an SSRF bypass in `validate_webhook_url`

Summary Bugsink’s webhook URL validation in versions 2.1.2 and earlier could be partially bypassed because of a mismatch in URL parsing. In some malformed URLs, Python’s standard URL parser urllib and the HTTP client stack requests / urllib3 do not agree on which host is actually being targeted...

4.3CVSS6AI score0.00286EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 7:8 p.m.10 views

SiYuan: Electron Renderer RCE via decodeURIComponent-driven tooltip XSS in aria-label sink (incomplete fix for CVE-2026-34585)

Summary The tooltip mouseover handler in app/src/block/popover.ts reads aria-label via getAttribute and passes it through decodeURIComponent before assigning to messageElement.innerHTML in app/src/dialog/tooltip.ts:41. The encoder used at the producer side, escapeAriaLabel in...

9.4CVSS6.1AI score0.00509EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 7:0 p.m.10 views

open-webui Vulnerable to Stored XSS via Model Description

!IMPORTANT Relationship to CVE-2024-7990 CVE-2024-7990 issued by huntr.dev, March 2025 describes a stored XSS in the same field — the model description — but exploits a different bypass mechanism: a second-order injection through the sanitizeResponseContent function's video-tag placeholder...

8.4CVSS6AI score0.00897EPSS
Exploits2References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 6:46 p.m.13 views

Electerm users can run dangrous code through link or command line

Impact Arbitrary local code execution via deep links, CLI --opts, or crafted shortcuts. Affected users: electerm installs that accept protocol URLs or CLI options affected versions listed in the original report. Exploit requires clicking a crafted electerm://... link or opening a crafted...

9.6CVSS6.2AI score0.00363EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 6:43 p.m.13 views

Electerm Security Vulnerability: RCE via malicious SSH server filename in openFileWithEditor

Impact A code execution RCE vulnerability exists in electerm's SFTP open with system editor or "Edit with custom editor" feature. When a user opts to edit a file using open with system editor or open with a custom editor, the filename is passed directly into a command line without sanitization. A...

7.8CVSS6.3AI score0.00167EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 6:37 p.m.10 views

Electerm's full process.env exposed to renderer via window.pre.env

Impact The getConstants IPC handler in src/app/lib/ipc-sync.js serialises the entire process.env object and sends it to the renderer. The data is stored as window.pre.env and is accessible from any JavaScript running in the renderer e.g., via the DevTools console or a compromised webview context...

5.5CVSS6AI score0.00103EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 6:35 p.m.26 views

Electerm has an unvalidated shell.openExternal that allows arbitrary protocol execution via terminal link click

Impact Electerm's terminal hyperlink handler passes any URL clicked in the terminal directly to shell.openExternal without any protocol validation. When a user connects to a malicious SSH server, the attacker can print a crafted URI in the terminal output. If the victim clicks the link,...

9.6CVSS6.3AI score0.00394EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 6:34 p.m.9 views

Electerm runWidget has a path traversal that leads to arbitrary code execution

Impact The runWidget function in src/app/widgets/load-widget.js constructs a file path by directly concatenating user‑supplied widget identifiers without any sanitisation: javascript const file = widget-$widgetId.js const widget = requirepath.joindirname, file Because runWidget is exposed to the...

8.4CVSS6.3AI score0.00167EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 6:31 p.m.16 views

absinthe_plug Has a Cross-site Scripting vulnerability

Improper Neutralization of Input During Web Page Generation XSS vulnerability in absinthe-graphql absintheplug allows reflected cross-site scripting via the GraphiQL interface. 'Elixir.Absinthe.Plug.GraphiQL':jsescape/1 in lib/absinthe/plug/graphiql.ex escapes single quotes and newlines in the...

6.1CVSS5.8AI score0.00282EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 6:31 p.m.10 views

dash-uploader has a directory traversal vulnerability

Impact An unauthenticated path traversal vulnerability exists in dash-uploader versions 0.1.0 through 0.7.0a2. The library's HTTP request handler at dashuploader/httprequesthandler.py reads three form parameters uploadid, resumableFilename, resumableIdentifier from request.form.get and passes the...

9.8CVSS6AI score0.05982EPSS
Exploits4References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 6:27 p.m.26 views

Zebra v4.4.0 still accepts V5 SIGHASH_SINGLE without a corresponding output

Consensus Divergence in V5 Transparent SIGHASHSINGLE With No Corresponding Output Summary Zebra failed to enforce a ZIP-244 consensus rule for V5 transparent transactions: when an input is signed with SIGHASHSINGLE and there is no transparent output at the same index as that input, validation mus...

5.8AI score
Exploits0References2Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/08 6:24 p.m.19 views

phpseclib guardrails needed on OID length

Impact Any application using that loads untrusted ASN1 files eg. X509 certificates, RSA PKCS8 private or public keys, etc. Patches https://github.com/phpseclib/phpseclib/commit/e32531001b4d62c66c3d824ccef54ffad835eb59 Workarounds No. Resources...

7.5CVSS7.1AI score0.00569EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 6:19 p.m.28 views

justhtml introduces denial-of-service hardening

Summary justhtml 1.18.0 fixes multiple low-severity denial-of-service hardening issues in CSS selector handling and linkification. These issues are availability concerns. They do not allow script execution, data disclosure, or sanitizer bypass by themselves. Affected versions - justhtml 1.18.0...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 5:43 p.m.17 views

bitcoinj has a ScriptExecution P2PKH/P2WPKH Verification Bypass

Summary ScriptExecution.correctlySpends contains two fast-path verification bugs for standard P2PKH and native P2WPKH spends in core/src/main/java/org/bitcoinj/script/ScriptExecution.java. In both branches, bitcoinj verifies an attacker-controlled signature/public-key pair but fails to verify tha...

7.5CVSS5.9AI score0.0027EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 5:39 p.m.31 views

nhost has Session Persistence After Password Change

Description When a user changes their password, either through the authenticated password change endpoint or a password reset ticket, the ChangePassword workflow correctly hashes and persists the new password via UpdateUserChangePassword. However, it does not revoke existing sessions. The...

5.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 5:37 p.m.16 views

gitsign --verify panics on empty-certificate PKCS7 and exits 0, bypassing exit-code callers

Summary CertVerifier.Verify in pkg/git/verifier.go unconditionally dereferences certs0 after sd.GetCertificates without checking the slice length. A CMS/PKCS7 signed message with an empty certificate set is a structurally valid DER payload; GetCertificates returns an empty slice with no error,...

5.4CVSS5.8AI score0.00111EPSS
Exploits0References3Affected Software1
Total number of security vulnerabilities33254