33122 matches found
Gittensory: Missing contributor-scoped access control on profile endpoint and MCP tool leaks miner financial data
Summary GET /v1/contributors/:login/profile and the gittensorygetcontributorprofile MCP tool skip the contributor-scoped access check that every sibling endpoint enforces. Any authenticated session/API/MCP token holder can read any contributor's profile; for confirmed Gittensor miners that expose...
Admidio: CSRF on Plugin Install, Uninstall, and Update via Unprotected GET Requests
Summary The modules/plugins.php endpoint handles plugin installation, uninstallation, and update operations via GET requests without CSRF token validation. Because these are top-level navigations, browsers include SameSite=Lax session cookies. An attacker crafts a malicious page that, when an...
Craft CMS: RCE via missing cleanseConfig in FieldsController::actionRenderCardPreview
The actionRenderCardPreview method in FieldsController passes the fieldLayoutConfig POST parameter directly to Fields::createLayout without calling Component::cleanseConfig. This allows Yii2 event handler injection via on eventName keys in the config array, leading to arbitrary code execution. Th...
Craft CMS has authenticated path traversal in `assets/icon`, allowing local `.svg` file read
Summary An authenticated path traversal in assets/icon allows local SVG file read by passing traversal sequences in the extension parameter. The issue is caused by file existence checks happening before extension validation. Details The endpoint: - src/controllers/AssetsController.php:1115-1123 -...
Ruby CSS Parser: SSRF and Local File Disclosure in `CssParser::Parser#read_remote_file`
Summary CssParser::Parserreadremotefile and therefore loaduri!, and the @import-following branch of addblock! issues HTTP/HTTPS requests against any host, port and URI it is handed, with no scheme allowlist, no host / IP filtering, and no protection against link-local, loopback or RFC‑1918...
org.hl7.fhir.core: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint
Summary All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The utility intended to secure this evaluation did so incorrectly, and did not fully cover all places in which evaluation was being done. An attacker can send a resource...
pymonocypher: Potential heap buffer overflow on nb_blocks in argon2i_32 when provided buffer is too small
Impact The argon2i32 implementation does not check the nbblocks size. If the caller does not provide a sufficiently large buffer based on the API contract, then argon2i32 will write past the end of the buffer and possibly corrupt the heap. Patches Fixed in 4.0.2.8, which now verifies that nbblock...
Note Mark: Path traversal via unsanitized book/note slug in migrate export (sibling of GHSA-g49p)
Summary Note Mark validates book and note slug values with the OpenAPI/huma tag pattern:"a-z0-9-+". huma compiles this with regexp.MustCompiles.Pattern and tests it with patternRe.MatchStringstr, an UNANCHORED match. Because the pattern is not anchored ^...$, any string that merely CONTAINS one...
Note Mark: Unauthenticated disclosure of soft-deleted note metadata via deleted=true on public books
Summary GET /api/books/bookID/notes is an unauthenticated endpoint that accepts a "deleted" query parameter. When the request is ?deleted=true, the service runs the query with Unscoped bypassing GORM's soft-delete scope but keeps the read-authorization clause as "ownerid = ? OR ispublic = ?". As ...
Soup Sieve: Regular Expression Denial of Service (ReDoS) via Selector Parser
Summary The CSS selector parser in soupsieve the CSS selector engine for Beautiful Soup 4 contains a regular expression vulnerable to catastrophic backtracking. When processing an attribute selector with an unterminated quoted value, the VALUE regex pattern in cssparser.py enters exponential...
Soup Sieve has Memory Exhaustion via Large Comma-Separated Selector Lists
Summary The CSS selector parser in soupsieve the CSS selector engine for Beautiful Soup 4 allocates unbounded memory when compiling large comma-separated selector lists. An attacker who can supply a crafted CSS selector string to soupsieve.compile or Beautiful Soup's .select / .selectone can caus...
Phantom: Arbitrary file write and decode-bomb DoS via unconfined MCP tool paths
Impact In Phantom = 1.3.0, when PHANTOMOUTPUTDIR was unset the default, the MCP tools accepted arbitrary absolute output paths with no confinement. Anything able to send tool calls e.g. an AI agent driving the MCP interface could write or overwrite arbitrary files the process user can write —...
Micronaut: DefaultHttpClient follows redirects, forwarding Authorization, Cookie, and Proxy-Authorization headers
Impact DefaultHttpClient follows redirects and forwards Authorization, Cookie, and Proxy-Authorization headers to redirect targets across domain boundaries. The blocklist only filters Host/Connection/TE/CT/CL. Additionally, no maximum redirect count exists, enabling infinite loop DoS. Affected:...
Micronaut doesn't set a maximum redirect count for its HTTP Client, enabling infinite loop DoS
The Netty-based Micronaut HTTP Client does not impose a limit on HTTP redirections, potentially allowing an infinite redirect loop that could lead to a denial-of-service attack. Patches The following versions are patched: - For Micronaut 5, versions equal or greater than 5.0.1 = - For Micronaut 4...
pyLoad: Unbounded Memory Growth Leading to DoS and Potential DDoS in EventManager
Description: The EventManager module in pyload manages a list of Client instances for subscribing to events. The addition of each unique uuid from the getevents API causes the creation of a Client instance that gets appended to the clients list. Although there is a clean method available in the...
pyLoad: SSRF guard bypass via IPv6 6to4/NAT64 transition wrappers of internal IPs
Summary isglobaladdress in src/pyload/core/utils/web/check.py is the central guard against SSRF-style outbound connections in pyload-ng. It tests whether a given IP is "globally routable" via Python's ipaddress.ipaddressvalue.isglobal, and callers treat not isglobal as "deny": python def...
Serena: Unauthenticated Flask dashboard on fixed port enables DNS rebinding → memory poisoning → RCE
Summary Serena's built-in web dashboard exposes an unauthenticated Flask API on a fixed, predictable port TCP 24282, hardcoded as 0x5EDA in constants.py. The server has no authentication, no CSRF protection, and no Host header validation. A DNS rebinding attack allows a malicious webpage to reach...
NL Portal: IDOR allows any authenticated user to complete and tamper with another user's taak
Impact In versions from 1.5.0 up to and including 3.0.0, any authenticated portal user could complete and tamper with another user's open task by submitting it on their behalf. The task submission endpoint accepted a task ID and a payload, but it never checked whether the task actually belonged t...
NL Portal: Missing per-user authorization on document and decision GraphQL queries in nl-portal-backend-libraries
Impact In versions up to and including 3.0.0, two parts of the GraphQL API returned data without checking whether the data belonged to the logged-in user: - Document content. A logged-in user could download the raw content of any document by its ID, regardless of who owned it. The resolver has...
Waku has an Open Redirect via `unstable_redirect` Helper
Summary The unstableredirect helper exported from waku/router/server packages/waku/src/router/define-router.tsx:156–161 accepts an arbitrary string and reflects it unchanged into the HTTP Location response header with no URL validation, scheme restriction, or path-only enforcement. Any applicatio...
Waku: Cross-Origin CSRF on RSC Server Action Dispatch
Summary Waku's RSC request dispatcher invokes server actions without validating the request's Origin or Sec-Fetch-Site header. A cross-origin web attacker can therefore cause a victim browser to issue an authenticated POST to a registered server action endpoint using a CORS-safelisted content typ...
Joro: Unauthenticated Cross-Origin Plugin Upload Leads to RCE
Unauthenticated Cross-Origin Plugin Upload Leads to RCE Joro ≤ v1.1.0 Severity: Critical CVSS v3.1: 9.6 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Affected versions: Joro ≤ v1.1.0, proxy mode default, Linux/macOS Reporter: cstover Date: 2026-05-27 --- Summary Joro's default proxy mode in versions = 1.1....
OneRingBuf has a Use After Free Vulnerability
Affected versions of oneringbuf exposed the obsolete IntoRef::intoref method through the public IntoRef trait. For heap-backed ring buffers, this method returned a DroppableRef handle. DroppableRef stored an owning raw pointer created from Box::intoraw. Its Clone implementation copied this raw...
DSpace: Path Traversal is possible through LDN message generation
Overview A path traversal vulnerability is possible via the COAR Notify / LDN service in DSpace. This vulnerability impacts DSpace versions 8.0 = 8.3, 9.0 = 9.2. The attacker MUST already have DSpace administrator credentials in order to perform the attack. When reading a file input stream of an...
DSpace: ORE resource URI does not validate scheme for non-web resources
Overview When ingesting an aggregated ORE resource by URI using the OAI-ORE Harvester, the ORE Ingestion Crosswalk does not validate the URI scheme. This may allow for local file inclusion via malicious paths like file:///etc/passwd. This vulnerability impacts DSpace versions = 7.6.6, 8.0 = 8.3,...
DSpace has a possible Path Traversal Vulnerability in its Curation Task Reporter output path
Overview The Curation Task feature allows an output path to be used by the reporter -r parameter, typically used to stream results and status of curation task operations. It is not restricted to any particular base path, meaning that any path writable by the DSpace often 'tomcat' user is allowed...
DSpace has possible Remote Code Execution (RCE) through Velocity Templates used by LDN
Overview Remote Code Execution RCE is possible via Velocity Templates used by DSpace for COAR Notify/LDN messages. This vulnerability impacts DSpace versions 8.0 = 8.3, 9.0 = 9.2. The attacker MUST already have DSpace administrator credentials in order to perform the attack. This attack is relate...
Trapster Community: Unauthenticated malformed DNS compression pointers crash per-packet honeypot handler
Summary trapster.libs.dns.decodelabels decodes DNS names from attacker-supplied UDP packets and recurses once per RFC 1035 compression pointer with no cycle detection and no depth bound. A single unauthenticated UDP datagram sent to the DNS honeypot drives the function past CPython's recursion...
Sharp Missing Authorization Check in Quick Creation Command Endpoints
Impact The create and store endpoints of the Quick Creation Command feature did not enforce any authorization check. An authenticated Sharp user without create permission on a given entity could bypass the authorization layer and either retrieve the creation form or submit new records for that...
Nuclio: Unsanitized cron trigger event headers/body injected into CronJob shell command leads to persistent RCE
Summary Nuclio controller builds a curl invocation string for each cron trigger and stores it as the args of a Kubernetes CronJob container /bin/sh, -c, . Two fields in the trigger specification flow into this string without adequate sanitization: - event.headers keys — interpolated verbatim insi...
async-tar PAX extension-header desync enables tar entry/content smuggling
Summary async-tar v0.6.0 mis-applies a buffered PAX size extension to an intermediary extension header a GNU longname L, a GNU longlink K, or a PAX x/g header instead of to the next file entry. POSIX requires a PAX extended-header record set to describe the next file entry, never an intervening...
Skipper: opaAuthorizeRequestWithBody filter bypasses OPA policy on Transfer-Encoding — chunked / HTTP/2 requests
Summary zalando/skipper's OpenPolicyAgent integration silently bypasses request-body inspection on HTTP/1.1 Transfer-Encoding: chunked and HTTP/2 requests that omit the content-length pseudo-header. When the opaAuthorizeRequestWithBody filter is configured, the...
`lxml_html_clean.Cleaner` does not strip `javascript:` URLs from namespaced URL attributes
lxmlhtmlclean.Cleaner does not strip javascript: URLs from namespaced URL attributes xlink:href Reporter: Guillem Lefait · Date: 2026-05-10 Affected: lxml ≤ 6.1.0 and lxmlhtmlclean ≤ 0.4.4 latest stable Confirmed against: lxml 6.1.0 + lxmlhtmlclean 0.4.4 on Python 3.13.5, 3.14.4, and 3.15.0a8...
Weblate SSRF: outbound URL guard misses some private ranges
Impact Weblate's VCSRESTRICTPRIVATE did not properly account for some transitional IPv6 ranges, multicast addresses, or some semi-private IPv4 ranges, which allowed some addresses to bypass private range restrictions. Patches https://github.com/WeblateOrg/weblate/pull/19768 Resources The issue wa...
oasdiff does not enforce --allow-external-refs=false on the git-revision load path (SSRF / local file read)
Summary From v1.13.2 through v1.18.0, oasdiff did not enforce --allow-external-refs=false library: openapi3.Loader.IsExternalRefsAllowed = false when loading a spec from a git revision the rev:path form, e.g. main:openapi.yaml. External $refs were resolved on that load path even when external ref...
KEDA has PostgreSQL connection string parameter injection via incomplete whitespace escaping
Summary pkg/scalers/postgresqlscaler.go builds libpq-style connection strings by concatenating key=value pairs separated by spaces. Each tenant-controllable field host, port, userName, dbName, sslmode is passed through escapePostgreConnectionParameter: go func escapePostgreConnectionParameterstr...
Flask-Security-Too: WebAuthn reauthentication freshness bypass via cross-user assertion
Summary Flask-Security-Too 5.8.0 and 5.8.1 mark a session as reauthentication-fresh after processing a WebAuthn assertion whose proven credential belongs to a different user than the currently authenticated session user. The check that GHSA-97r5-pg8x-p63p added on the OAuth reauthentication path...
Goploy: Arbitrary File Read via Path Traversal in /deploy/fileDiff allows Remote Server Compromise
Click here to jump to the Simplified Chinese version 点击跳转到简体中文版本 Goploy System Arbitrary File Read Vulnerability Basic Information - Vulnerability Name: Goploy Endpoints Arbitrary File Read via Path Traversal - Vulnerability Type: Path Traversal CWE-22 / Arbitrary File Read - Affected Product:...
Goploy: Cross-namespace IDOR and RCE via body-supplied row id in project and project_file handlers
Summary Project.AddFile, Project.EditFile, Project.RemoveFile, and Project.Edit in cmd/server/api/project/handler.go accept a project or project-file row id from the JSON body and act on it without checking that the project belongs to the caller's namespace. The corresponding...
ha-mcp: Add-on settings and policy routes are reachable without authentication at the bare root path
Summary In add-on mode, the ha-mcp settings UI routes are mounted both under the MCP secret path and at the bare root of the published port :9583, so Home Assistant ingress can serve the "Open Web UI" button. The root-mounted routes perform no authentication — no secret, no Origin check, no CSRF...
rama has Stored XSS in ServeDir HTML directory listing via unescaped file names and URI path
Resolved: https://github.com/plabayo/rama/commit/89ddff578fd78bbebec99482d7030f28c07757a3 Summary plabayo/rama contains a stored/reflected cross-site scripting issue in the ServeDir HTML directory listing feature. When ServeDir is configured with DirectoryServeMode::HtmlFileList, file names and U...
aiosmtplib vulnerable to SMTP command injection via CR/LF in sender/recipient address
Summary aiosmtplib's SMTP.mail, SMTP.rcpt, SMTP.vrfy and SMTP.expn send the caller-supplied email address to the server without rejecting embedded CR/LF \r\n bytes. An address that contains a CR/LF is written verbatim onto the SMTP control connection, so the bytes after the CRLF are framed by the...
Kite has an authenticated cluster RBAC bypass in /api/v1/overview
Summary Authenticated Kite users with any role can request /api/v1/overview for a cluster that their roles do not permit by selecting that cluster with x-cluster-name. The overview route is registered before middleware.RBACMiddleware and GetOverview only checks lenuser.Roles 0, so it returns...
Webauthn: SimpleFakeCredentialGenerator with an empty secret produces predictable fake credentials, weakening username enumeration protection
Impact Webauthn\SimpleFakeCredentialGenerator is the library-provided default implementation of the FakeCredentialGenerator interface. It returns a stable list of decoy PublicKeyCredentialDescriptor objects for a given username so that an assertion request for an unknown user looks the same as a...
ratex-parser has unbounded parser recursion that leads to stack overflow (process abort)
Summary RaTeX’s recursive-descent parser recurses one or more native stack frame per nesting level at , \left, \sqrt, ^, etc, with no maximum depth limit. A short, 10 KB input of nested groups overflows the 8 MB main-thread stack and aborts the process. With panic = "abort" Cargo.toml:48, and...
ratex-parser panics on `\verb` with a multibyte delimiter (UTF-8 byte-boundary slice)
Summary The public parser entrypoint ratexparser::parse&str panics on the 9-byte input \verbéxé i.e. \verb followed by the non-ASCII delimiter é. When handling a \verb command, the parser slices the verbatim argument with byte indices arg1..arg.len - 1; if the delimiter character is multibyte...
@better-auth/scim: Account/provider takeover via missing owner binding on non-org SCIM providers
Am I affected? Users are affected if all of these hold: - They install and register the @better-auth/scim plugin plugins: scim. - They create SCIM providers without an organizationId, that is, non-organization "personal" providers. Organization-scoped providers are not affected because they enfor...
Better Auth: Stale sessions persist after user deletion across admin, anonymous, and SCIM flows
Am I affected? Users are affected if all of the following are true: - They configure secondaryStorage on betterAuth... Redis, KV, or any external session cache. - session.storeSessionInDatabase is left unset or set to false the default. - Their application's deployment uses one or more of: - The...
@better-auth/oauth-provider's OAuth authorization-code grant allows concurrent redemption when two token requests race the find-then-delete primitive
Am I affected? Users are affected if all of the following are true: - Their project depends on @better-auth/oauth-provider at a version = 1.6.0, = 1.4.8-beta.7, 1.6.0, or enables the legacy oidc-provider or mcp plugins from better-auth/plugins. - Their application exposes /api/auth/oauth2/token o...
@better-auth/sso provider registration has server-side request forgery via unvalidated OIDC endpoints
Am I affected? Users are affected if all of the following are true: - Their application uses @better-auth/sso at a version = 0.1.0, 1.6.11 on the stable line, or any 1.7.0-beta.x on the pre-release line. - The sso plugin is added to their application's betterAuth plugins: ... array. - Any user wi...