Lucene search
K
GithubRecent

33227 matches found

Github Security Blog
Github Security Blog
added 2026/05/06 8:53 p.m.14 views

Snappier has an infinite loop during SnappyStream decompression with malformed framed input

Summary Snappier.SnappyStream enters an uncatchable infinite loop when decompressing a malformed framed-format Snappy stream as small as 15 bytes. Details The hang manifests as a userspace busy loop with SnappyStreamDecompressor.Decompress repeatedly calling Crc32CAlgorithm.Append. The exact...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 8:49 p.m.12 views

phpMyFAQ has unauthenticated SQL injection via User-Agent header in BuiltinCaptcha

Summary BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha at phpmyfaq/src/phpMyFAQ/Captcha/BuiltinCaptcha.php:298 and :330 interpolate the User-Agent header and client IP address into DELETE and INSERT queries with sprintf and no escaping. Both methods run on every hit to the publi...

9.8CVSS6.1AI score0.01709EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/06 8:47 p.m.18 views

phpMyFAQ: Path Traversal in Client::deleteClientFolder enables arbitrary directory deletion by non-super-admin admins

Summary Client::deleteClientFolder in phpmyfaq/src/phpMyFAQ/Instance/Client.php:583 takes a URL from the caller, strips the https:// prefix, and passes the remainder to Filesystem::deleteDirectory relative to the multisite clientFolder. No path-traversal validation runs. An admin with the...

7CVSS6AI score0.00266EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/06 8:45 p.m.14 views

phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query

Summary The public /solutionidid.html route calls Faq::getIdFromSolutionId in phpmyfaq/src/phpMyFAQ/Faq.php:1312. That query joins faqdata with faqcategoryrelations solely by solutionid and returns the matching FAQ's id, lang, thema title, and categoryid with no permission filter. An...

8.7CVSS5.8AI score0.00259EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/06 8:44 p.m.9 views

phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields

Summary CurrentUser::setTokenData in phpmyfaq/src/phpMyFAQ/User/CurrentUser.php at lines 515-534 builds a SQL UPDATE statement with sprintf and interpolates OAuth token fields refreshtoken, accesstoken, codeverifier, and jsonencode$token'jwt' without calling $db-escape. Sibling methods...

7.7CVSS6.1AI score0.00212EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/06 8:42 p.m.9 views

phpMyFAQ enables unauthenticated 2FA brute-force attack via /admin/check acceptance of arbitrary user-id

Summary The /admin/check endpoint in AuthenticationController implements SkipsAuthenticationCheck, making it reachable without any prior authentication. An anonymous attacker Bob can POST arbitrary user-id and token values to brute-force any user's 6-digit TOTP code. No rate limiting exists. The...

9.3CVSS6.1AI score0.00339EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/06 8:40 p.m.7 views

Magic Wormhole: receive, with --output pointing at an existing directory can be path-traversed

Impact A receiver who specifies "--output " where that output directory currently exists as a directory. Patches 0.24.0 will contain the patch Workarounds Ensure local target directories specified by "--output" do not already exist Resources Private email and Signal communications from a user...

3.5CVSS5.8AI score0.00197EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 8:37 p.m.10 views

phpMyFAQ: Ordinary Authenticated User Can Access Admin-Only API Endpoints Due to Insufficient Authorization Check in phpMyFAQ

Summary A review of phpMyFAQ-main uncovered an authorization issue in the admin-api routes. Several backend endpoints only check whether the caller is logged in. They do not verify that the caller actually has backend or administrative privileges. As a result, a normal frontend user can access AP...

5.3CVSS5.6AI score0.00168EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/06 8:31 p.m.15 views

phpMyFAQ has stored XSS via | raw Filter in search.twig — html_entity_decode(strip_tags()) Bypass in Search Result Rendering

Summary The search result rendering template search.twig outputs FAQ content fields result.question and result.answerPreview using Twig's | raw filter, which completely disables the template engine's built-in auto-escaping. A user with FAQ editor/contributor privileges can store a payload encoded...

8.2CVSS5.9AI score0.00249EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/06 8:24 p.m.12 views

phpMyFAQ's Missing CONFIGURATION_EDIT Permission Check on 12 Admin API Configuration Tab Endpoints Allows Information Disclosure by Any Authenticated User

Summary 12 endpoints in ConfigurationTabController.php use userIsAuthenticated login-only check instead of userHasPermissionPermissionType::CONFIGURATIONEDIT. This allows any authenticated user — including ones with zero admin permissions — to enumerate system configuration metadata including the...

5.3CVSS5.8AI score0.00221EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/06 8:18 p.m.14 views

phpMyFAQ has a SVG Sanitizer Entity Decoding Depth Limit Bypass Leading to Stored XSS

Summary The SvgSanitizer::decodeAllEntities method limits recursive entity decoding to 5 iterations. By wrapping each character of javascript in an href attribute value with 5 levels of & encoding around numeric HTML entities e.g., amp;amp;amp;106; for j, an attacker can bypass both isSafe...

5.4CVSS6AI score0.00153EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/06 8:18 p.m.8 views

phpMyFAQ has Stored XSS in FAQ Question/Answer via Encode-Decode Bypass of removeAttributes() Sanitization

Summary The FAQ creation and update endpoints in phpMyFAQ apply FILTERSANITIZESPECIALCHARS which HTML-encodes input, then immediately call htmlentitydecode which reverses the encoding, followed by Filter::removeAttributes which only strips HTML attributes — not tags. This allows , , , and tags to...

5.4CVSS6.1AI score0.00153EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/06 8:16 p.m.11 views

Harvester's SUSE Virtualization Registration Client Vulnerable to MITM and DOS

Impact A vulnerability has been identified in the SUSE Virtualization Harvester Rancher integration mechanism where by default the registration client uses an insecure TLS option that fails to verify the remote server’s certificate. This security gap could allow the execution of a man-in-the-midd...

8.6CVSS6AI score0.00208EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 8:12 p.m.11 views

phpMyFAQ's Missing Authorization on Tag Deletion Allows Any Authenticated User to Delete Tags

Summary The TagController::delete endpoint at DELETE /admin/api/content/tags/tagId only verifies that the user is logged in userIsAuthenticated, but does not check any permission. Any authenticated user — including regular non-admin frontend users — can delete any tag by ID. This contrasts with...

5.8AI score
Exploits0References2Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/06 8:11 p.m.11 views

phpMyFAQ has an Authorization Bypass in All Admin Pages Due to Non-Terminating Permission Check

Summary AbstractAdministrationController::userHasPermission catches the ForbiddenException thrown when a user lacks a specific permission, sends a "forbidden" HTML page via $response-send, but does not terminate execution. The calling controller method continues to execute, fetches protected data...

7.1CVSS6AI score0.00303EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/06 8:10 p.m.13 views

phpMyFAQ has stored XSS via Utils::parseUrl() in comment rendering

Summary A stored XSS vulnerability in the comment rendering pipeline allows an authenticated user to inject JavaScript that executes for every visitor of an affected FAQ or News page. An attacker with a registered account can steal admin session cookies and take over the application. Details...

8.3CVSS5.8AI score0.00215EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/06 8:0 p.m.11 views

Micronaut has unbounded `formattersCache` in `TimeConverterRegistrar` that Allows Memory Exhaustion via `Accept-Language` Header

Summary TimeConverterRegistrar caches DateTimeFormatter instances in an unbounded ConcurrentHashMap whose key is derived from the @Format annotation pattern concatenated with the locale from the HTTP Accept-Language header. Because Locale.forLanguageTag accepts arbitrary BCP 47 private-use...

7.5CVSS5.9AI score0.0055EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 7:57 p.m.15 views

Micronaut has Unbounded `bundleCache` in `ResourceBundleMessageSource` that Allows Memory Exhaustion via `Accept-Language` Header

Summary ResourceBundleMessageSource maintains two caches: messageCache bounded at 100 entries via ConcurrentLinkedHashMap and bundleCache unbounded ConcurrentHashMap. The bundleCache is keyed by Locale, baseName where the locale originates from the HTTP Accept-Language header. In applications tha...

3.7CVSS5.8AI score0.00209EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 7:57 p.m.21 views

Mezo: ERC-20 bridgeOut burn can be erased by a stale StateDB overwrite leading to full L1 bridge drain

Note: the fixed version of the validator client has been deployed for some time. Impact Potential full drain of L1 bridge without changing bridged balance on Mezo. Brief/Intro A malicious user can steal all ERC-20 tokens locked in the L1 bridge by repeatedly calling the bridgeOut precompile from ...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 7:54 p.m.12 views

Scramble vulnerable to remote code execution via evaluation of user-controlled input in validation rules

Impact A remote code execution RCE vulnerability affects versions 0.13.2 through 0.13.21. When documentation endpoints are publicly accessible and validation rules reference user-controlled input, request supplied data may be evaluated during documentation generation, leading to execution of...

9.4CVSS6.5AI score0.0586EPSS
Exploits3References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 7:50 p.m.10 views

wger: trainer_login open redirect - ?next= parameter not validated against host

Summary The trainerlogin view in wger redirects to request.GET'next' directly via HttpResponseRedirect without calling urlhasallowedhostandscheme. After the trainer successfully enters impersonation mode, their browser is redirected to any attacker-controlled URL supplied in the ?next= parameter,...

6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 7:50 p.m.14 views

wger: cross-tenant password reset and plaintext disclosure via gym=None bypass

Summary The resetuserpassword and gympermissionsuseredit views in wger perform a gym-scope authorization check using Python object comparison != that evaluates None != None as False, silently bypassing the guard when both the attacker and victim have no gym assignment gym=None. A user with...

9.9CVSS6AI score0.00371EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 7:48 p.m.9 views

wger: CSV/TSV formula injection in gym member export (first_name/last_name)

Summary The gym member TSV export endpoint in wger writes firstname and lastname profile fields verbatim to TSV cells with no formula-prefix sanitization. Any gym member including newly self-registered users can pre-load a spreadsheet formula into their own profile. When a gym admin later exports...

6.1AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 7:38 p.m.8 views

GitPython reference APIs has a path traversal vulnerability that allows arbitrary file write and delete outside the repository

🧾 Summary A vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory via insufficient validation of reference paths in reference creation, rename, and...

8.8CVSS5.8AI score0.00419EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 7:37 p.m.8 views

basic-ftp allows a malicious FTP server to cause client-side denial of service via unbounded multiline control response buffering

Summary basic-ftp is vulnerable to client-side denial of service when parsing FTP control-channel multiline responses. A malicious or compromised FTP server can send an unterminated multiline response during the initial FTP banner phase, before authentication. The client keeps appending...

7.5CVSS6AI score0.00465EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 7:16 p.m.10 views

Lemur: LDAP Filter Injection enables post-authentication privilege escalation

Description Overview Lemur's LDAP authentication module lemur/auth/ldap.py constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter metacharacters through the username field to manipulate group membership querie...

8.1CVSS6AI score0.00179EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 6:48 p.m.14 views

Lemur: LDAP Authentication Globally Disables TLS Certificate Verification When LDAP_USE_TLS Is Enabled

Description Overview When LDAP TLS is enabled LDAPUSETLS = True, Lemur's LDAP authentication module unconditionally disables TLS certificate verification at the global ldap module level. This allows a man-in-the-middle attacker positioned between Lemur and the LDAP server to intercept all...

6.8CVSS5.9AI score0.00094EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 6:42 p.m.8 views

Kimai's Twig function config() leaks server-wide secrets (LDAP bind password, SAML SP private key) via invoice/export templates

Summary Kimai's Twig sandbox StrictPolicy, used for admin-uploaded invoice and export templates allow-lists the config Twig function with no key filtering. configname delegates to App\Configuration\SystemConfiguration::find$name, which returns arbitrary entries from the flattened kimai.config...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 6:30 p.m.9 views

Velocidex Velociraptor has an Incorrect Authorization issue

Velociraptor versions prior to 0.76.4 contain a cross organization authorization bypass in the HTTP API. A user with only the reader role in the root organization the lowest authenticated role, holding only READRESULTS permission can issue a single authenticated HTTP GET that can read any files...

6.8CVSS5.7AI score0.00236EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 6:28 p.m.8 views

Kimai has Missing Voter Check that Allows Cross-Team Timesheet Manipulation

Summary Any ROLETEAMLEAD user can enumerate, read, modify, and permanently delete timesheets belonging to any other user in the system — regardless of team membership. This enables data destruction deleted billable hours, data tampering forged timesheet durations, and full authorization bypass on...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 6:27 p.m.14 views

Nokogiri XSLT transform has a memory leak

Summary Nokogiri's Nokogiri::XSLT::Stylesheettransform leaks a small heap allocation when passed a Ruby string parameter containing a null byte. For applications that pass attacker-controlled input through XSLT.transform parameters, this may be a vector for a denial of service attack against...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 6:24 p.m.18 views

Nokogiri CSS selector tokenizer has regular expression backtracking

Summary Nokogiri's CSS selector tokenizer contains regular expressions whose construction may result in exponential regex backtracking on adversarial selectors. Three ReDoS vectors are addressed in this release: 1. String-literal tokenization on certain unterminated quoted-string input. 2...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 6:13 p.m.13 views

dssrf: every IPv6 category bypasses is_url_safe

A vulnerability on dssrf allow, an attacker to use, one of them following ipv6 rust Input Category http://::1/ IPv6 loopback http://fc00::1/ IPv6 ULA http://fe80::1/ IPv6 link-local http://::ffff:127.0.0.1/ IPv4-mapped loopback http://::ffff:169.254.169.254/ IPv4-mapped IMDS...

8.7CVSS5.2AI score0.00349EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 5:57 p.m.12 views

phpseclib: guardrails needed on isPrime and randomPrime

Impact Anyone trying to generate a prime and testing the primality of a number. Patches https://github.com/phpseclib/phpseclib/commit/ad5dbdf2129f5e0fb644637770b7f33de8ca8575 Workarounds Using the GMP extension would probably help, assuming that one has its own guardrails. Resources...

7.5CVSS7.1AI score0.00601EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 5:54 p.m.12 views

Craft CMS's Missing Volume Permission Check in AssetsController::actionShowInFolder Allows Information Disclosure

Summary AssetsController::actionShowInFolder fetches an asset by ID and returns its filename and complete folder hierarchy including volume handle, volume UID, folder names, folder UIDs, and folder URI paths without checking whether the requesting user has viewAssets or viewPeerAssets permission ...

7.1CVSS6AI score0.00324EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 5:54 p.m.10 views

PyLoad vulnerable to unauthenticated traceback disclosure via global exception handler in WebUI

Summary pyload-ng WebUI returns full Python traceback details to clients on unhandled exceptions. Because /web/ is reachable without authentication and renders attacker-controlled template names, an unauthenticated user can reliably trigger a server exception for example by requesting a...

5.3CVSS5.8AI score0.00336EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 5:54 p.m.15 views

Craft CMS has Potential Authenticated Remote Code Execution via Malicious Attached Behavior

We identified a vulnerability in the latest version of Craft CMS which contains an input-handling flaw in a Yii object creation path that let any authenticated user inject malicious configuration and execute arbitrary commands on the server. Yii’s dynamic object configuration, as implemented in...

8.6CVSS6.1AI score0.00346EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 5:49 p.m.24 views

Craft CMS's Missing Authorization in GraphQL Address Resolver Allows Cross-Scope PII Disclosure

Summary The GraphQL Address element resolver src/gql/resolvers/elements/Address.php performs no schema scope filtering on top-level queries. A GraphQL API token scoped to a single low-privilege user group can read every address in the system, including addresses belonging to users in groups the...

7.1CVSS5.8AI score0.00338EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 5:34 p.m.25 views

next-intl has prototype pollution with `experimental.messages.precompile` via attacker-controlled translation catalog keys

Summary setNestedProperty in packages/next-intl/src/extractor/utils.tsx walks a dotted key path and assigns the final value without blocking the reserved keys proto, constructor, or prototype. When the next-intl Next.js plugin is configured with experimental.messages and messages.precompile: true...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 5:32 p.m.28 views

mcp-data-vis vulnerable to denial of service via unsanitized `select` key lookup on `Object.prototype` with `precompile: true`

Summary icu-minify's runtime formatter resolves select branches by looking up the runtime value as a plain property on a prototype-bearing object. When the value coerces to a key that exists on Object.prototype e.g. toString, proto, constructor, hasOwnProperty, valueOf, the lookup returns a truth...

6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 5:26 p.m.12 views

astral-tokio-tar: `unpack_in` can chmod arbitrary directories by following symlinks

Impact In versions 0.6.0 and earlier of astral-tokio-tar, the unpackin API could inadvertently modify the permissions of external i.e. non-archive directories outside of the archive. An attacker could use this to contrite a tar archive that maliciously changes directory permissions outside of its...

5.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 5:26 p.m.20 views

astral-tokio-tar is Vulnerable to PAX Header Desynchronization

Impact Versions of astral-tokio-tar prior to 0.6.1 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle...

5.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 5:23 p.m.10 views

QuantumNous/new-api has an SSRF Filter Bypass via 0.0.0.0

SSRF Filter Bypass via 0.0.0.0 Summary The SSRF protection introduced in v0.9.0.5 CVE-2025-59146 and hardened in v0.9.6 CVE-2025-62155 does not block the unspecified address 0.0.0.0. A regular non-admin user holding any valid API token can send a multimodal request to /v1/chat/completions,...

7.1CVSS7.2AI score0.00258EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 5:5 p.m.8 views

DevSpace UI Server WebSocket CheckOrigin does not validate source

Description DevSpace's UI server WebSocket accepts connections from all origins by default, and therefore several endpoints are exposed via this WebSocket. When a developer runs the DevSpace UI and at the same time uses a browser to access the internet, a malicious website they visit can use thei...

7.8CVSS5.9AI score0.00152EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 5:5 p.m.8 views

Auth.js SDK has Improper Permission Checking

Description Under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. Am I Affected? Users are affected if they meet each of the following preconditions: - Applications built...

7.1CVSS5.8AI score0.00211EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 5:3 p.m.8 views

Nginx-UI is Vulnerable to Unauthenticated Remote Code Execution via Backup Restore

Product: nginx-ui Repository: 0xJacky/nginx-ui branch: dev Vulnerability Class: Authentication Bypass → Arbitrary File Write → OS Command Injection Affected Component: POST /api/restore --- 1. Vulnerability Summary nginx-ui exposes a backup restore endpoint POST /api/restore that is completely...

9.8CVSS6.1AI score0.00764EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 5:1 p.m.13 views

Nginx-UI Settings API Exposes Protected Secrets

Summary The GetSettings API handler api/settings/settings.go:24-65 serializes all settings structs to JSON and returns them to authenticated users. Many sensitive fields are tagged with protected:"true" - however, this tag is only enforced during writes via ProtectedFill in SaveSettings and is...

6.5CVSS5.8AI score0.00295EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 4:59 p.m.9 views

Nginx-UI: Unauthenticated first-boot instance claim via POST /api/install allows remote bootstrap takeover

Summary An unauthenticated bootstrap takeover exists in nginx-ui during the initial installation window exposed by POST /api/install. When the instance is still uninitialized, POST /api/install is reachable without authentication and accepts attacker-controlled bootstrap data. The handler sets th...

9.8CVSS6.1AI score0.00339EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 4:59 p.m.11 views

Nginx-UI: Unauthenticated First-Run Installer Allows Remote Initial Admin Claim

Summary An unauthenticated network attacker can claim the initial administrator account on a fresh nginx-ui instance during the first-run setup window. The public /api/install endpoint is reachable without authentication, and the request-encryption flow only protects payload confidentiality in...

9.8CVSS5.9AI score0.00346EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 4:58 p.m.8 views

Tauri has an Origin Confusion Issue that Allows Remote Pages to Invoke Local-Only IPC Commands

Summary A flaw in Tauri's islocalurl function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme protocols to http://.localhost/ because those platforms' WebView implementations cannot serve custom URI...

8.8CVSS5.8AI score0.00312EPSS
Exploits1References3Affected Software1
Total number of security vulnerabilities33227