33227 matches found
Gotenberg has a Server-Side Request Forgery (SSRF) Issue
Summary The SSRF hardening shipped in v8.31.0 only covers outbound URLs that Gotenberg's Go code handles — Chromium asset fetches, webhook delivery, and download-from. The LibreOffice conversion endpoint /forms/libreoffice/convert passes uploaded documents directly to LibreOffice without inspecti...
Gotenberg's ExifTool group-prefix syntax bypasses dangerous-tag blocklist
Summary The ExifTool metadata write blocklist in Gotenberg v8 can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. This is a bypass of the fix for GHSA-qmwh-9m9c-h36m. Details The blocklist in...
Gotenberg has Unauthenticated RCE via ExifTool Metadata Key Injection
Unauthenticated RCE in Gotenberg via Metadata Key Newline Injection Summary Gotenberg's /forms/pdfengines/metadata/write HTTP endpoint accepts a JSON metadata object and passes its keys directly to ExifTool via the go-exiftool library. No validation is performed on key characters. A \n embedded i...
Compromise of PyTorch Lightning PyPi Package Versions
Security Advisory: Compromise of PyTorch Lightning PyPI Package Versions Published: 2026-04-30 Last Updated: 2026-05-12 Github Advisory: CVE-2026-44484 We have identified a security incident affecting certain versions of one of our PyPI packages. What happened We have determined that one or more...
Netty: HttpContentDecompressor maxAllocation bypass when Content-Encoding set to br/zstd/snappy leads to decompression bomb DoS
Summary HttpContentDecompressor accepts a maxAllocation parameter to limit decompression buffer size and prevent decompression bomb attacks. This limit is correctly enforced for gzip and deflate encodings via ZlibDecoder, but is silently ignored when the content encoding is br Brotli, zstd, or...
Netty Redis Codec Encoder has a CRLF Injection Issue
Security Vulnerability Report: CRLF Injection in Netty Redis Codec Encoder 1. Vulnerability Summary | Field | Value | |-------|-------| | Product | Netty | | Version | 4.2.12.Final and all prior versions with codec-redis | | Component | io.netty.handler.codec.redis.RedisEncoder | | Vulnerability...
Netty vulnerable to HTTP Request Smuggling due to malformed Transfer-Encoding
Summary Netty incorrectly parses malformed Transfer-Encoding, enabling request smuggling attacks. Details Netty incorrectly marks a request as chunked when malformed "Transfer-Encoding: chunked, identity" is present. According to RFC...
Netty has HttpClientCodec response desynchronization
Summary If HttpClientCodec is configured, there are use cases when a response body from one request, can be parsed as another's. Details HttpClientCodec pairs each inbound response with an outbound request by queue.poll once per response, including for 1xx. If the client pipelines GET then HEAD a...
Netty Lz4FrameDecoder is vulnerable to resource exhaustion
Summary Lz4FrameDecoder allocates a ByteBuf of size decompressedLength up to 32 MB per block before LZ4 runs. A peer only needs a 21-byte header plus compressedLength payload bytes - 22 bytes if compressedLength == 1 - to force that allocation. Details...
Netty HTTP/3 QPACK literal unbounded allocation
Summary When Netty decodes HTTP/3 headers, it sometimes runs new bytelength using a length from the wire before checking that many bytes are really there. A small malicious header can claim a huge length on the order of a gigabyte. Details When decoding header blocks, the non-Huffman branch of...
Netty HTTP/1.0 TE+CL Coexistence Bypasses Smuggling Sanitization
NETTY HTTP/1.0 TE+CL Coexistence Bypasses Smuggling Sanitization | Field | Value | |-----------|-------| | Library | io.netty:netty-codec-http | | Component | codec-http — HttpObjectDecoder | | Severity | HIGH | | Affects | HEAD, commit 4f3533ae confirmed | --- Summary HttpObjectDecoder strips a...
Netty vulnerable to HTTP Request Smuggling due to incorrect chunk size parsing
Summary Netty's chunk size parser silently overflows int, enabling request smuggling attacks. Details io.netty.handler.codec.http.HttpObjectDecodergetChunkSize silently overflows int. The size is accumulated as follows: result = 16; result += digit; The result is checked only for negative values...
Netty has a DNS Codec Input Validation Bypass (Encoder + Decoder)
Security Vulnerability Report: DNS Codec Input Validation Bypass in Netty Encoder + Decoder 1. Vulnerability Summary | Field | Value | |-------|-------| | Product | Netty | | Version | 4.2.12.Final and all prior versions with codec-dns | | Component | io.netty.handler.codec.dns.DnsCodecUtil | |...
Netty has HTTP Header Injection via HttpProxyHandler Disabled Validation (Incomplete Fix CVE-2025-67735)
Security Vulnerability Report: HTTP Header Injection via HttpProxyHandler Disabled Validation in Netty 1. Vulnerability Summary | Field | Value | |-------|-------| | Product | Netty | | Version | 4.2.12.Final and all prior versions | | Component | io.netty.handler.proxy.HttpProxyHandler | |...
OpenSearch has ineffective TLS certificate hostname verification
Description A regression was introduced in OpenSearch 2.18.0 that caused the plugins.security.ssl.transport.enforcehostnameverification setting to be ineffective. When this setting was enabled, OpenSearch did not verify that the hostname in a connecting node's TLS certificate matched the hostname...
wasmtime has a panic when allocating a table exceeding the size of the host's address space
Impact Wasmtime's allocation logic for a WebAssembly table contained checked arithmetic which panicked on overflow. This overflow is possible to trigger, and thus panic, when a table with an extremely large size is allocated. This is possible with the WebAssembly memory64 proposal where tables ca...
OpenSearch Security plugin: DLS not applied on documents linked by has_child or has_parent relation
Description A flaw was identified in the OpenSearch Security plugin's document-level security DLS implementation. DLS restrictions were not correctly applied to search queries that use hasparent or haschild join relations. This could allow an authenticated user to access document contents that...
OpenSearch vulnerable to improper authorization for Rollover Requests
Description A flaw was identified in the OpenSearch Security plugin's handling of index rollover requests. When a rollover request included an explicit target index name, the security plugin did not properly evaluate access control permissions against the target index. This could allow a user wit...
OpenSearch has a bypass of REST Layer Authorization Using Malformed Paths
Description A flaw was identified in the OpenSearch REST layer that could allow authorization checks to be bypassed when processing certain malformed HTTP requests. This could permit unauthorized access to restricted API endpoints in environments that rely on REST-layer authorization...
Spring Cloud AWS missing SNS message signature verification allows spoofing of HTTP/HTTPS endpoint notifications
Impact Applications using Spring Cloud AWS SNS HTTP/HTTPS endpoint support @NotificationMessageMapping, @NotificationSubscriptionMapping, @NotificationUnsubscribeConfirmationMapping did not verify the signature of incoming SNS messages. An unauthenticated attacker who knows the endpoint URL could...
Vercel: Non-interactive mode includes CLI arguments in suggested command output
Summary When the Vercel CLI runs in non-interactive mode --non-interactive or auto-detected AI agent, commands that cannot complete autonomously emit JSON payloads with suggested follow-up commands. If the user authenticated via --token or -t on the command line, the token value is included...
Weblate vulnerable to XSS via crafted Markdown
Impact The Markdown renderer used in user comments and other user-provided content didn't properly sanitize some attributes. Patches https://github.com/WeblateOrg/weblate/pull/19259 Workarounds Even though the attacker might be able to inject code into the HTML, the Weblate's strict CSP should...
Weblate Vulnerable to Private Translation Enumeration via Screenshot API
Impact The screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user. Patches https://github.com/WeblateOrg/weblate/pull/19258 Acknowledgement Weblate thanks Luay for reporting this vulnerability according to the organization's...
diesel-async may expose uninitialized padding bytes for MySQL temporal columns
Summary diesel-async exposes uninitialized stack padding to safe code on every read of a MySQL DATE, TIME, DATETIME, or TIMESTAMP column. Reading that buffer is undefined behavior, and the leaked bytes can contain stale heap/stack contents, so this is both a soundness bug and a potential...
gix-fs: Symlink prefix-reuse allows worktree escape during checkout
Summary A malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink into any existing directory the user has write access to. Details During checkout, all symlink index entries are deferred and created after regular files using a...
Hono: bodyLimit() can be bypassed for chunked / unknown-length requests
Summary bodyLimit does not reliably enforce maxSize for requests without a usable Content-Length e.g. Transfer-Encoding: chunked. Oversized requests can reach handlers and return 200 instead of 413. Details For chunked / unknown-length requests, bodyLimit wraps the body in a stream that counts...
hono/jsx has Unvalidated JSX Tag Names that May Allow HTML Injection
Summary Improper handling of JSX element tag names in hono/jsx allowed unvalidated tag names to be directly inserted into the generated HTML output. When untrusted input is used as a tag name via the programmatic jsx or createElement APIs during server-side rendering, specially crafted values may...
Lemmy resend-verification endpoint exposes registered email addresses to unauthenticated users
Summary The unauthenticated resend-verification endpoint returns different responses for registered and unregistered email addresses. A malicious third party can submit candidate addresses to /api/v4/account/auth/resendverificationemail and distinguish accounts from misses. Details...
Playwright Capture permits access to local files and internal network resources during page capture
Playwright Capture did not sufficiently restrict navigations and resource requests initiated by rendered pages. An attacker-controlled page could abuse browser-side redirection mechanisms, such as window.location.href, to make the capture process open file:// URLs or request resources hosted on...
Angular SSR has Open Redirect and Request Steering via Encoded X-Forwarded-Prefix
Description A vulnerability exists in the X-Forwarded-Prefix header processing logic within Angular SSR. The internal validation mechanism fails to properly account for URL-encoded characters, specifically dots %2e%2e. This allows an attacker to bypass security filters by injecting encoded path...
ldap3_proto has LDAP Filter stack exhaustion
Impact LDAP queries are not validated for depth, which can cause the parser both PEG and ASN to exhaust the stack. This may cause a denial of service in applications that process queries. Workarounds N/A Resources Related to GHSA-r5fr-9gmv-jggh...
kanidmd_lib: Image upload validators run before authorization; PNG validator panics on malformed input
Summary The POST /v1/domain/image and POST /v1/oauth2/rsname/image handlers call validateimage on the uploaded body before the ACL check that restricts image upload to admins. Any bug in an image validator is therefore reachable by an unauthenticated remote client rather than being admin-gated. O...
scim_proto and kanidm_proto have an authenticated process abort via SCIM filter stack exhaustion
Summary A single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query string of a few thousand nested parentheses ≈ 4–12 KB drives the recursive-descent PEG parser past the worker thread's stack guard page. Rust responds to stack overflow with std::process::abort — the entire...
Kanidm has non-constant-time comparison of OAuth2 client_secret
Summary The kanidmd OAuth2 token-exchange /oauth2/token and token-introspection /oauth2/token/introspect endpoints compare the supplied clientsecret against the stored secret using Rust's PartialEq on String, which short-circuits on the first mismatching byte. This produces an observable timing...
Kanidm: Stored HTML injection in "passkey-enrolment" partial via displayname → htmx-driven authenticated request forgery
Summary The kanidmd web UI renders the WebAuthn passkey-registration challenge as raw JSON inside an inline element using the Askama |safe filter. The challenge embeds the account's displayname, which serdejson serialises without escaping . A displayname containing therefore terminates the script...
webauthn-rs-core/webauthn-authenticator-rs: Origin validation mismatch possible when subdomains are allowed
Summary webauthn-rs-core Relying Partyrp and webauthn-authenticator-rs client checked that an Origin in CollectedClientDataorigin is valid for an RP IDrpid with str::endswithends-with, without checking for a dot . before the RP ID when allowing subdomainsregisterable-suffix. This check is flawed,...
ShellHub has crash-DoS via field injection in filter and sort-by parameters
Summary The device list endpoint accepts user-controlled identifiers in two places that are passed directly as BSON/SQL keys in the database layer without validation: 1. The name field of each filter property in the base64-encoded filter query parameter. 2. The sortby query parameter. Any...
@axonflow/openclaw fix introduces plugin cache and credential-file permission hardening
Summary Two related permission defects in this AxonFlow plugin allowed registration credentials and cache state to be readable by other local users on hosts where the calling user's home directory was at the conventional 0755 mode. Affected versions Versions 1.3.2 and below. Impact 1. Cache and...
ShellHub has cross-tenant IDOR in `GET /api/sessions/:uid` that discloses SSH session data
Summary GET /api/sessions/:uid returns the full session object for any authenticated caller, without scoping by the caller's tenant. An authenticated user can read session records SSH username, device UID, remote IP, terminal type, authenticated flag, timestamps belonging to any other namespace...
ShellHub has cross-tenant IDOR in `GET /api/devices/:uid` that discloses device data of any namespace
Summary GET /api/devices/:uid returns the full device object whenever the caller is authenticated, without verifying that the device belongs to the caller's namespace tenant. Any authenticated user JWT or API Key who knows or can guess a device UID can read device metadata from any other namespac...
axonflow-sdk-java: Webhook signing-key (HMAC-SHA256) not exposed by SDK type, preventing signature verification
Summary The AxonFlow SDK's WebhookSubscription or equivalent type did not expose the HMAC-SHA256 signing key returned by the platform's CreateWebhook endpoint. Without access to the secret through the typed SDK API, callers had no path to verify the X-AxonFlow-Signature header on incoming webhook...
axonflow-sdk-typescript: Webhook signing-key (HMAC-SHA256) not exposed by SDK type, preventing signature verification
Summary The AxonFlow SDK's WebhookSubscription or equivalent type did not expose the HMAC-SHA256 signing key returned by the platform's CreateWebhook endpoint. Without access to the secret through the typed SDK API, callers had no path to verify the X-AxonFlow-Signature header on incoming webhook...
axonflow-sdk-go: Webhook signing-key (HMAC-SHA256) not exposed by SDK type, preventing signature verification
Summary The AxonFlow SDK's WebhookSubscription or equivalent type did not expose the HMAC-SHA256 signing key returned by the platform's CreateWebhook endpoint. Without access to the secret through the typed SDK API, callers had no path to verify the X-AxonFlow-Signature header on incoming webhook...
axonflow-sdk-python: Webhook signing-key (HMAC-SHA256) not exposed by SDK type, preventing signature verification
Summary The AxonFlow SDK's WebhookSubscription or equivalent type did not expose the HMAC-SHA256 signing key returned by the platform's CreateWebhook endpoint. Without access to the secret through the typed SDK API, callers had no path to verify the X-AxonFlow-Signature header on incoming webhook...
Axonflow fixed bugs by implementing multi-tenant isolation and access-control hardening
Summary Eight independently-filed bug fixes in the v7.1.3 → v7.5.0 release window collectively close a set of multi-tenant isolation, access-control, and policy-enforcement defects in the AxonFlow platform. They are filed as a single consolidated advisory because the recommended remediation is a...
Netty epoll transport denial of service via RST on half-closed TCP connection
Summary Netty's epoll transport fails to detect and close TCP connections that receive a RST after being half-closed, leading to stale channels that are never cleaned up and, in some code paths, a 100% CPU busy-loop in the event loop thread. Affected versions All versions of 4.2.x...
Keras vulnerable to DoS via Malicious .keras Model (HDF5 Shape Bomb Causes Petabyte Allocation in KerasFileEditor)
Summary Keras’s model loader KerasFileEditor unsafely loads user-supplied .keras model files containing HDF5-based weight files without performing any validation on HDF5 dataset metadata. An attacker can craft a .keras archive containing a valid model.weights.h5 file whose dataset declares an...
Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes process-terminating StackOverflowException
Summary Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the reader to allocate an attacker-controlled number of bytes on the stack. This can trigger a...
Backstage: Catalog unprocessed read endpoints allow authenticated cross-owner data access without permission checks
Impact The unprocessed entities read endpoints in @backstage/plugin-catalog-backend-module-unprocessed do not enforce permission authorization checks. Any authenticated user can access unprocessed entity records regardless of ownership. This is an information disclosure vulnerability affecting...
Grav Form Plugin has an Anonymous Page Content Overwrite via Form File Upload filename Override
Summary Tested on Form 9.0.3 released on April, 28th The Form plugin's file upload handler at user/plugins/form/classes/Form.php:583 accepts a POST-supplied filename parameter $filename = $post'filename' ?? $upload'file''name' that overrides the original uploaded filename. The override passes...