Lucene search
K
GithubRecent

33227 matches found

Github Security Blog
Github Security Blog
added 2026/05/08 12:31 a.m.13 views

short-video-maker has a path traversal vulnerability

A security flaw has been discovered in gyoridavid short-video-maker up to 1.3.4. This affects an unknown part of the file src/server/routers/rest.ts of the component REST API. The manipulation of the argument req.params.tmpFile results in path traversal. The attack can be launched remotely. The...

6.9CVSS5.7AI score0.00575EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 12:31 a.m.12 views

OpenStack Cyborg's Accelerator Request (ARQ) API does not enforce project ownership at any layer

In OpenStack Cyborg before 16.0.1, the Accelerator Request ARQ API does not enforce project ownership at any layer. The projectid column in the database is never populated NULL for every ARQ, database queries have no project filtering, and policy checks are self-referential the authorizewsgi...

6.3CVSS5.8AI score0.00206EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 12:31 a.m.9 views

OpenStack Cyborg uses rule:allow (check_str='@') as the default policy for multiple API endpoints

OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...

7.4CVSS5.9AI score0.00206EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 10:33 p.m.10 views

rust-openssl vulnerable to heap buffer overflow when encrypting with AES key-wrap-with-padding

CipherCtxRef::cipherupdate, CipherCtxRef::cipherupdatevec, and symm::Crypter::update incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers EVPaes128,192,256wrappad. For a non-multiple-of-8 input, OpenSSL writes up to 7 bytes past the end of the caller's buffer or Vec,...

5.1CVSS5.9AI score0.00172EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 10:32 p.m.13 views

utcp-http vulnerable to SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocol

Summary The utcp-http plugin is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registermanual validates the discovery URL against an HTTPS / loopback allowlist, but calltool and calltoolstreaming reuse...

4.7CVSS5.9AI score0.00168EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 10:31 p.m.13 views

netbox-data-flows has stored XSS in ObjectAlias names rendered inside DataFlow tables

Summary An authenticated user who can create or edit ObjectAlias objects can store arbitrary HTML/JavaScript in an alias name. That payload is later rendered unescaped in DataFlow table views, causing a stored XSS when another user views the affected page. Details The issue is caused by unsafe HT...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 9:45 p.m.11 views

mcp-ssh-tool has file transfer path policy bypass and bearer token comparison hardening

Summary mcp-ssh-tool has released version 2.1.1 with security hardening for transfer path authorization and HTTP bearer authentication. The release addresses: - insufficient local path policy enforcement in transfer-related filesystem handling - incomplete canonicalization and segment-boundary...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 9:41 p.m.9 views

Microsoft APM CLI's plugin.json component paths escape plugin root and copy arbitrary host files during install

Summary Microsoft APM normalizes marketplace plugins by copying plugin components referenced in plugin.json into .apm/. The manifest fields agents, skills, commands, and hooks are attacker-controlled, but the implementation does not enforce that those paths remain inside the plugin directory. A...

7.1CVSS5.9AI score0.00351EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 9:34 p.m.17 views

ech0's acess tokens with expiry=never cannot be revoked: logout panics, delete does not blacklist JTI

Summary Access tokens created with the "never expire" option have no exp JWT claim. Three independent revocation mechanisms fail for this token type. Logout at internal/handler/auth/auth.go:154 and :163 dereferences claims.ExpiresAt.Time, panicking on the nil field so the token never hits the...

5.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 9:30 p.m.12 views

Ech0's OAuth redirect URI validation ignores path component, enables exchange-code theft

Summary parseAndValidateClientRedirect at internal/service/auth/auth.go:448 validates OAuth client-redirect URIs by comparing only scheme and host against the admin-configured allowlist. Path, query, and fragment are ignored. The initiator at /oauth/:provider/login embeds the caller-supplied...

5.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 9:30 p.m.13 views

OSGeo GDAL vulnerable to out-of-bounds read

A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the...

5.5CVSS5.3AI score0.00246EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 9:30 p.m.16 views

OSGeo GDAL vulnerable to heap-based buffer overflow

A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer overflow. The attack must be initiated from a local position. The...

7.8CVSS5.9AI score0.00223EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 9:30 p.m.10 views

Postorius is vulnerable to XSS

Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in May 2026...

7.2CVSS5.8AI score0.00237EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 9:28 p.m.11 views

Ech0 has Server-Side Request Forgery (SSRF) via Connect Handler fetchPeerConnectInfo

Summary The fetchPeerConnectInfo function in internal/service/connect/connect.go:214-239 uses httpUtil.SendRequest no SSRF protection instead of SendSafeRequest which has ValidatePublicHTTPURL with private IP blocking. This allows authenticated users to make the server request arbitrary URLs...

5.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 9:23 p.m.31 views

Ech0 allows PUT /api/echo/like/:id unauthenticated: anonymous callers to modify any echo's fav_count

Summary PUT /api/echo/like/:id at internal/router/echo.go:12 is registered on PublicRouterGroup with no authentication and no rate limit. Anonymous callers increment the favcount counter on any echo including private echoes by UUID, repeat the request without deduplication, and trigger a database...

5.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 9:21 p.m.16 views

Ech0's Unauthenticated Like Endpoint Enables Arbitrary Engagement Metric Inflation

Summary No authentication is required to invoke PUT /api/echo/like/:id. The handler is registered on the public router group. The service increments favcount for the given echo without checking identity, without a per-user limit, and without CSRF tokens. A remote client can arbitrarily inflate li...

5.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 9:18 p.m.19 views

Ech0's RSS feed renders unescaped tag names and raw-HTML markdown, stored XSS against subscribers

Summary The public RSS/Atom feed at /rss renders two attacker-controlled surfaces without HTML escaping. Tag names flow through fmt.AppendfrenderedContent, "%s", tag.Name at internal/service/common/common.go:120, and the Markdown renderer at internal/util/md/md.go does not set the html.SkipHTML...

5.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 9:16 p.m.13 views

Ech0 comment model's Email field returned on public /api/comments endpoints

Summary The Comment model serializes its Email field through the public comment-listing API. internal/model/comment/comment.go:33 uses json:"email", while adjacent PII fields IPHash, UserAgent correctly use json:"-". The public endpoints GET /api/comments?echoid=X and GET...

5.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 9:8 p.m.14 views

Note Mark has a JWT Secret Weakness that allows Full Account Takeover via Token Forgery

Summary No minimum length or entropy is enforced on the JWTSECRET configuration value. The application accepts any base64-decodable secret regardless of size, including secrets as short as 1 byte. HS256 secrets below 32 bytes are brute-forceable offline, allowing attackers to recover the signing...

10CVSS5.9AI score0.00124EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 9:6 p.m.14 views

Note Mark: Arbitrary File Write via Path Traversal in Asset Names Leads to Remote Code Execution

Description The Note Mark application allows authenticated users to upload assets to notes via POST /api/notes/noteID/assets, where the asset filename is provided through the X-Name HTTP request header. This value is stored directly in the database without any sanitization or validation - no path...

8.6CVSS6.3AI score0.00495EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 9:5 p.m.15 views

Webauthn has a User Verification Downgrade via Default-Open ClientOverridePolicy

Summary In version 5.3.0 of the Symfony bundle, Webauthn\Bundle\Policy\ClientOverridePolicy defaulted to allowing all client overrides, including userVerification. A client could send "userVerification": "discouraged" in the assertion or attestation options request to override a server-configured...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 9:2 p.m.13 views

Zebra's Transparent SIGHASH_SINGLE Handling Diverges from zcashd for Corresponding Outputs

Zebra Transparent SIGHASHSINGLE Corresponding-Output Handling Diverges From zcashd Summary For V5+ transparent spends, Zebra and zcashd disagree on the same consensus rule: SIGHASHSINGLE must fail when the input index has no corresponding output. zcashd treats this as consensus-invalid under...

5.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 8:56 p.m.12 views

Zebra has Consensus Divergence in Transparent Sighash Hash-Type Handling due to Stale Buffer

CVE-2026-44497: Consensus Divergence in Transparent Sighash Hash-Type Handling due to Stale Buffer Summary The fix for https://github.com/ZcashFoundation/zebra/security/advisories/GHSA-8m29-fpq5-89jj introduced a separate issue due to insuficient error handling of the case where the sighash type ...

9.3CVSS5.9AI score0.00188EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/07 8:55 p.m.14 views

Zebra Vulnerable to Allocation Amplification in Inbound Network Deserializers

CVE-2026-44500: Allocation Amplification in Inbound Network Deserializers Summary Several inbound deserialization paths in Zebra allocated buffers sized against generic transport or block-size ceilings before the tighter protocol or consensus limits were enforced. An unauthenticated or...

5.3CVSS5.8AI score0.00362EPSS
Exploits1References4Affected Software3
Github Security Blog
Github Security Blog
added 2026/05/07 8:54 p.m.10 views

Zebra's Block Validator Undercounts Coinbase and P2SH Sigops

Zebra's block validator undercounts transparent signature operations against the 20000-sigop block limit MAXBLOCKSIGOPS, allowing it to accept blocks that zcashd rejects with bad-blk-sigops. A miner who produces such a block can split the network: Zebra nodes follow the offending chain while zcas...

9.2CVSS5.7AI score0.00283EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 8:52 p.m.10 views

nuxt-og-image SSRF — bypass of GHSA-pqhr-mp3f-hrpp / v6.2.5 fix (IPv6 + redirect)

Summary The isBlockedUrl denylist introduced in [email protected] to remediate GHSA-pqhr-mp3f-hrpp Dmitry Prokhorov / Positive Technologies, March 2026 is incomplete. The patch advisory states "Decimal/hexadecimal IP encoding bypasses are also handled" — that part is true Node's WHATWG URL pars...

3.7CVSS6AI score0.00171EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 7:49 p.m.14 views

FacturaScripts Vulnerable to Authenticated Remote Code Execution (RCE) via GIF Image Upload in Product Images

CVE-2026-42879 - FacturaScripts - Authenticated Unrestricted File Upload via MIME Type Bypass Summary An authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload functionality. An attacker with valid credentials can upload a PHP file disguised as a GIF...

6.3CVSS5.8AI score0.00229EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 7:43 p.m.12 views

FacturaScripts Vulnerable to Unauthenticated phpinfo() Disclosure via Installer Endpoint

Summary An unauthenticated information disclosure vulnerability in the Installer controller allows any remote attacker to trigger phpinfo on a fresh FacturaScripts deployment by requesting /?phpinfo=TRUE, exposing full PHP configuration, server environment variables including any database...

5.3CVSS6.5AI score0.0024EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 7:37 p.m.10 views

FacturaScripts vulnerable to stored XSS via product reference in sales/purchases

Summary A stored Cross-Site Scripting XSS vulnerability exists in the product search modal of sales and purchases documents. An authenticated user with access to the warehouse module can create a product with a malicious reference that executes arbitrary JavaScript in the browser of any other use...

5.4CVSS6.1AI score0.00165EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 7:34 p.m.11 views

FacturaScripts vulnerable to Reflected Cross-Site Scripting (XSS) via Cookie Manipulation

Summary A Reflected Cross-Site Scripting XSS vulnerability exists in the fsNick cookie parameter. The application reflects the cookie's value directly into the HTML without sanitization. Details The fsNick cookie is rendered into the DOM without encoding. While the server does reject the modified...

3.9CVSS5.9AI score0.00104EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 7:33 p.m.11 views

FacturaScripts Vulnerable to Unstripped Image Metadata (EXIF) Leakage via Library Module File Upload/Download

Summary Fectura Scripts is an open-source ERP application, a sensitive information disclosure vulnerability was identified in the Library module's image upload and download pipeline. The application fails to strip EXIF and other embedded metadata from user-uploaded image files before storing them...

6.5CVSS7.1AI score0.00227EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 7:32 p.m.11 views

FacturaScripts Vulnerable to Remote Code Execution (RCE) via Zip Slip in Plugin Upload Mechanism

Summary A Critical vulnerability exists in the Plugins::add function. The system fails to properly validate the file paths within uploaded ZIP archives. This allows an attacker to perform a Zip Slip attack, leading to Arbitrary File Write and Remote Code Execution RCE by overwriting sensitive .ph...

7.2CVSS5.8AI score0.00522EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 6:30 p.m.13 views

Webkul Krayin CRM is Vulnerable to Cross-Site Scripting in the /admin/activities/create endpoint

Cross-Site Scripting XSS vulnerability exists in Webkul Krayin CRM v2.1.5. The application fails to sanitize user-supplied input in the comment field during Activity creation on the /admin/activities/create endpoint...

5.4CVSS5.8AI score0.0021EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 6:30 p.m.15 views

query-parser-string is vulnerable to Prototype Pollution

NPM package query-parser-string 1.0.0 is vulnerable to Prototype Pollution. The package does not properly sanitize user supplied query parameters and merges them to the newly created object...

9.8CVSS5.8AI score0.00476EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 6:30 p.m.14 views

youtube-regex vulnerable to Regex Denial of Service

Regex Denial of Service in youtube-regex npm package through version 1.0.5...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 6:30 p.m.12 views

parse-ini is vulnerable to Prototype Pollution in index.js()

npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js...

9.8CVSS5.8AI score0.00416EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 5:32 p.m.27 views

Compromised version of intercom-client published to npm

Impact On April 30, 2026, version 7.0.4 of intercom-client was published to npm using credentials obtained from a compromised developer account. This version was not produced by Intercom's build pipeline. The malicious version contained an obfuscated JavaScript payload that executed during packag...

5.8AI score
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 4:48 p.m.29 views

Compromised tag of intercom-php published via GitHub

Impact On April 30, 2026, a malicious commit was pushed to the intercom/intercom-php repository and tagged as version 5.0.2, using a compromised service account github-management-service. This occurred as part of the same supply chain attack that affected intercom-client on npm. The malicious...

5.8AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 4:40 p.m.12 views

Cinny vulnerable to access token disclosure via invalidated emoji pack avatar URL in service worker

Impact A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes for example in a DM can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim opens the emoji or sticker picker for...

7.1CVSS5.9AI score0.00302EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 4:39 p.m.13 views

BentoML has Information Disclosure in `bentoml build` via symlink traversal in the build context

Summary BentoML's bentoml build packaging workflow follows attacker-controlled symlinks inside the build context and copies the referenced file contents into the generated Bento artifact. If a victim builds an untrusted repository or other attacker-supplied build context, the attacker can place a...

5.5CVSS5.7AI score0.00284EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 3:38 p.m.15 views

node-ts-ocr is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js

NPM package node-ts-ocr 1.0.15 is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js...

8.8CVSS5.8AI score0.01185EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 3:38 p.m.20 views

Sidekiq-cron is vulnerable to a cross-site scripting (xss) vulnerability via crafted URL

Sidekiq-cron thru 2.3.1, an open-source scheduling add-on for Sidekiq, is vulnerable to a cross-site scripting xss vulnerability via crafted URL being rended from cron.erb...

6.1CVSS5.6AI score0.00194EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 3:38 p.m.11 views

next-npm-version is vulnerable to Command injection

NPM package next-npm-version1.0.1 is vulnerable to Command injection...

9.8CVSS5.8AI score0.01523EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 6:31 a.m.14 views

Spring Cloud Config vulnerable to Path Traversal

Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. Spring Cloud Config 3.1.x: affected from...

9.1CVSS5.9AI score0.00727EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 6:31 a.m.15 views

Spring Cloud Config Server Logged Sensitive Information

When trace logging is enabled in Spring Cloud Config Server, sensitive information is placed in plain text in the logs. - Spring Cloud Config 3.0.x: affected from 3.0.0 through 3.0.7 inclusive; no open-source upgrade available. - Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13...

4.4CVSS5.2AI score0.00168EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 6:31 a.m.16 views

Spring Cloud Config Server Susceptible To TOCTOU Attack

The base directory spring.cloud.config.server.git.basedir used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use TOCTOU attacks. - Spring Cloud Config 3.0.x: affected from 3.0.0 through 3.0.7 inclusive; no open-source upgrade available. -...

8.1CVSS5.2AI score0.0022EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 6:31 a.m.12 views

Spring Cloud Config has an Authorization Bypass Through User-Controlled Key

When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater...

7.5CVSS5.8AI score0.00435EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 5:31 a.m.26 views

Diffusers has a `trust_remote_code` bypass via `custom_pipeline` and local custom components

Impact A trustremotecode bypass in DiffusionPipeline.frompretrained allows arbitrary remote code execution despite the user passing trustremotecode=False or omitting it, which is the default. The vulnerability has three variants, all sharing the same root cause — the trustremotecode gate was...

8.8CVSS6.6AI score0.00865EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 5:14 a.m.15 views

Netty MQTT: Resource exhaustion in MqttDecoder

Impact The MQTT 5 header Properties section is parsed and buffered before any message size limit is applied. Specifically, in MqttDecoder, the decodeVariableHeader method is called before the bytesRemainingBeforeVariableHeader maxBytesInMessage check. The decodeVariableHeader can call other metho...

7.5CVSS5.9AI score0.00455EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 5:13 a.m.20 views

vm2 NodeVM `nesting: true` bypasses `require: false` allowing sandbox escape and arbitrary OS command execution

Summary When a NodeVM is created with nesting: true, sandbox code can unconditionally require'vm2' regardless of the outer VM's require configuration — including require: false. With access to vm2, the sandbox constructs a new inner NodeVM with its own unrestricted require settings and executes...

9.9CVSS6.5AI score0.009EPSS
Exploits1References5Affected Software1
Total number of security vulnerabilities33227