33181 matches found
GoBGP confederation validation panics on empty AS_PATH attribute
Found through variant analysis based on CVE-2026-41643 Summary GoBGP accepts a zero-length ASPATH during UPDATE decoding and later panics while validating that attribute for a confederation eBGP peer. The vulnerable path is in the BGP UPDATE validator: a malformed UPDATE that should be rejected a...
GoBGP: BGP OPEN capability parser may read capability values outside declared CapLen boundaries
Summary GoBGP contains a BGP OPEN capability parsing issue where several concrete capability decoders may parse data from the full remaining capability buffer instead of the slice bounded by the declared capability length, CapLen. A malformed BGP OPEN message can cause bytes from a following...
psd-tools vulnerable to arbitrary file write via smart-object filename
psd-tools: arbitrary file write/read via smart-object path traversal Summary In psd-tools all releases exposing the SmartObject API through v1.17.0, SmartObject.save writes an embedded smart object to a path taken verbatim from the PSD file. Because that name is attacker-controlled and unsanitise...
sigstore-go has a multi-log threshold bypass via single compromised log
Impact What kind of vulnerability is it? Who is impacted? A verifier configured with WithTransparencyLogN1 or WithSignedCertificateTimestampsN1 expected defense-in-depth against the compromise of a single log instance. However, threshold counting counted verified witnesses per-entry or...
Rattler vulnerable to package cache path traversal via conda package build string
rattlercache and py-rattler were vulnerable to package-cache path traversal when handling package metadata from conda channels. During cache materialization, the rattercache code used the package record build string as part of a cache key that was joined into a filesystem path. A malicious or...
OpenRun: Redirect URL validation bypass using //host paths leads to Open Redirect
Summary The restrictions on redirect URLs in openrun can be bypassed by attackers, leading to open redirect attacks. Details In the current project, the referrer header value is used for subsequent redirects, so there is currently a validation for this redirect value. The current validation logic...
mint: Unbounded streams map growth via PUSH_PROMISE without follow-up HEADERS
Summary Mint's HTTP/2 client accepts PUSHPROMISE frames from any server it connects to and inserts every promised stream into a per-connection map without consulting maxconcurrentstreams. A malicious or compromised HTTP/2 server can flood the client with PUSHPROMISE frames and withhold the matchi...
mint: Unbounded CONTINUATION/HEADERS frame accumulation (CONTINUATION flood)
Summary Mint's HTTP/2 client accumulates CONTINUATION header-block fragments into a per-connection buffer with no cap on size or frame count. A malicious or compromised HTTP/2 server can drive the client's memory to arbitrary size by streaming an endless chain of CONTINUATION frames after a HEADE...
mint: Content-Length header accepts non-RFC "+" sign prefix
Summary Mint's HTTP/1 client accepts Content-Length header values with a leading + sign e.g. +0, +123, which RFC 7230 forbids Content-Length = 1DIGIT. On a connection shared with a strict fronting proxy or load balancer, this parser disagreement is a response-smuggling primitive: the proxy frames...
mint has potential CRLF injection in its HTTP request line via unvalidated `method`/`target`
Summary Mint's HTTP/1 request encoder splices the caller-supplied method and target directly into the request line without character validation. An application that forwards attacker-controlled input as the HTTP method or the target to Mint.HTTP.request/5 is exposed to request-line CRLF injection...
pypdf: Possible infinite loop when processing threads/articles in writer
Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with threads/articles into a writer. Patches This has been fixed in pypdf==6.13.1. Workarounds If users cannot upgrade yet, consider applying the changes from PR 3839...
Sylius: IDOR on Shop Payment Request API endpoints
Impact The GET /api/v2/shop/payment-requests/hash and PUT /api/v2/shop/payment-requests/hash endpoints look up the payment request solely by the hash from the URL. No ownership check is performed against the authenticated customer or the underlying order. An attacker who obtains a payment request...
Sylius: Channel-based payment method restriction bypass on shop account orders API endpoint
Impact An authorization bypass vulnerability exists in the shop account API. The PATCH /api/v2/shop/account/orders/tokenValue/payments/paymentId endpoint, used by an authenticated shop customer to change the payment method of an order that has been placed but not yet paid state STATENEW, does not...
Sylius: Cart FormComponent allows modification or deletion of an already-completed order
Impact A user opens the cart page in the browser. In the background, the order gets completed, e.g. an admin changes the status, or the user finalizes payment in another tab. The browser still displays the old cart: the LiveComponent is unaware the underlying order state has changed. If the user...
YesWiki has Unsafe eval() in its Formula Calculato, Leading to Remote Code Execution & Denial of Service
Summary An unsafe execution vulnerability exists in the Bazar form field calculator CalcField.php of YesWiki. The application attempts to sanitize user-defined mathematical formulas using a complex recursive regular expression before passing them to the PHP eval function. This implementation is...
YesWiki Vulnerable to Authenticated PHP Object Injection in BazarImportAction via unserialize
Details Sink tools/bazar/services/CSVManager.php line 372-399: public function importEntryarray $importedEntries, string $formId: ?array if !$this-importdone // ... foreach $importedEntries as $entry $entry = unserializebase64decode$entry; // false argument; arbitrary classes are instantiated. Th...
YesWiki has Authenticated SQL Injection via ReactionManager
Summary YesWiki through the latest development branch contains a SQL injection vulnerability in ReactionManager::deleteUserReaction that allows any authenticated user to inject arbitrary SQL via the idreaction and id URL path parameters. The parameters are concatenated directly into a SQL LIKE...
YesWiki Vulnerable to Reflected XSS via Unescaped `id` Parameter in Bazar Widget HTML Attributes
Summary YesWiki's Bazar widget handler reflects the id GET parameter into HTML attributes using striptags only. Because striptags does not escape double quotes, an attacker can break out of the attribute value, inject an event handler such as onmouseover, and execute arbitrary JavaScript in the...
YesWiki Vulnerable to Reflected XSS via Unescaped Archived-Revision `time` Parameter in `handlers/page/show.php`
Summary YesWiki's archived-revision view reflects the time GET parameter into a hidden HTML input in handlers/page/show.php without escaping. Because MySQL coerces malformed DATETIME strings, an attacker can append HTML or JavaScript to a valid archived revision timestamp, still load that archive...
YesWiki has stored XSS in Bazar form-field templates via unescaped field.label / field.hint (|raw('html'))
Bazar form-field templates still apply |raw'html' to field.label / field.hint in attribute and label-body contexts — stored XSS in form renders sibling class of commit e6b66aa CWE: CWE-79 Improper Neutralization of Input During Web Page Generation, "Cross-site Scripting" via CWE-116 Improper...
YesWiki: Second-Order SQL Injection in Page Delete API via Unescaped Page Tag (`ApiController::deletePage`)
Summary ApiController::deletePage interpolates a page tag retrieved from the database into a DELETE FROM …links WHERE totag = '$tag' query without escaping. The page tag is attacker-controlled — the POST /api/pages/tag API accepts arbitrary URL-encoded values, including single quotes, and stores...
YesWiki: SQL Injection possible through public Bazar entry-listing APIs via numeric `query`/`queries` filters
Summary YesWiki’s public Bazar entry-listing APIs are vulnerable to unauthenticated SQL injection in numeric query / queries filters. For Bazar fields whose value structure is numeric, YesWiki escapes the attacker-controlled filter value but inserts it into SQL without quotes or numeric validatio...
YesWiki has Unauthenticated Server-Side Request Forgery via ActivityPub `Signature.keyId`
Summary The POST /api/forms/formId/actor/inbox route - exposed publicly with acl:"public" - accepts an HTTP Signature header whose keyId parameter is a URL. HttpSignatureService::verifySignature parses the header and immediately makes a server-side HTTP GET to that URL, before any cryptographic...
YesWiki Vulnerable to Unauthenticated ActivityPub Signature-Verification Bypass via `!openssl_verify(...)` accepting `int(-1)`
Summary HttpSignatureService::verifySignature checks the result of PHP's opensslverify with a loose boolean negation - if !opensslverify... throw ... . PHP's opensslverify has four possible return values: | return | meaning | !return | | ------ | ------------------------------------------------ |...
YesWiki vulnerable to unauthenticated arbitrary page deletion via `{{erasespamedcomments}}` action
Summary The erasespamedcomments wiki action actions/EraseSpamedCommentsAction.php accepts a suppr array from POST and deletes every wiki page whose tag appears in that array, with no authorization check anywhere in the action body or in the page-deletion path it invokes. Combined with YesWiki's...
YesWiki: SQL injection via the `recentchanges` action `period` argument leads to arbitrary DB read
Summary The recentchanges action actions/recentchanges.php accepts a period argument from two disjoint parameter spaces: the URL query string $GET'period' and the action invocation recentchanges period="...". A whitelist at line 17 validates only the URL form against 'day','week','month'. The...
YesWiki: Authenticated (Admin) Server-Side Template Injection to Remote Code Execution via Bazar Semantic Templates
Summary YesWiki Bazar contains a stored Server-Side Template Injection SSTI vulnerability in the semantic template feature that can be escalated to confirmed Remote Code Execution RCE. An authenticated administrator can place arbitrary Twig expressions into the Semantic template Twig field...
Avo: Direct attachment upload endpoint lacks upload authorization and bypasses field-level upload policy
Summary Avo's direct attachment upload endpoint lacks server-side upload authorization and bypasses the documented field-level upload policy methods such as uploadFIELDID?. An authenticated Avo user who can reach the Avo attachment upload endpoint can replace or add attachment content, including...
laravel-backup-restore has an OS Command Injection during database restore
Summary A crafted backup archive can trigger OS command injection during database restore. The restore workflow extracts a ZIP archive, enumerates files under db-dumps, converts the dump path to an absolute path, and passes that path into database import commands that are built as shell command...
nebula-mesh: Host revocation is not durable - blocked/offboarded hosts can regain a valid certificate
Summary Two related authorization gaps let a host that should no longer be trusted obtain a fresh, valid Nebula certificate, because nebula-mgmt does not re-evaluate revocation/authorization state at certificate issuance time — only at poll time. 1. Blocklist not enforced at sign / re-enroll time...
How GitHub gave every repository a durable owner
GitHub has over 14,000 repositories across our primary internal GitHub organization. As of early 2025, there were over 11,000 non-archived repositories, the vast majority of which with no clear owner. For repositories attached to production services, we have historically had robust durable...
Gittensory: Missing contributor-scoped access control on profile endpoint and MCP tool leaks miner financial data
Summary GET /v1/contributors/:login/profile and the gittensorygetcontributorprofile MCP tool skip the contributor-scoped access check that every sibling endpoint enforces. Any authenticated session/API/MCP token holder can read any contributor's profile; for confirmed Gittensor miners that expose...
Admidio: CSRF on Plugin Install, Uninstall, and Update via Unprotected GET Requests
Summary The modules/plugins.php endpoint handles plugin installation, uninstallation, and update operations via GET requests without CSRF token validation. Because these are top-level navigations, browsers include SameSite=Lax session cookies. An attacker crafts a malicious page that, when an...
Craft CMS: RCE via missing cleanseConfig in FieldsController::actionRenderCardPreview
The actionRenderCardPreview method in FieldsController passes the fieldLayoutConfig POST parameter directly to Fields::createLayout without calling Component::cleanseConfig. This allows Yii2 event handler injection via on eventName keys in the config array, leading to arbitrary code execution. Th...
Craft CMS has authenticated path traversal in `assets/icon`, allowing local `.svg` file read
Summary An authenticated path traversal in assets/icon allows local SVG file read by passing traversal sequences in the extension parameter. The issue is caused by file existence checks happening before extension validation. Details The endpoint: - src/controllers/AssetsController.php:1115-1123 -...
Ruby CSS Parser: SSRF and Local File Disclosure in `CssParser::Parser#read_remote_file`
Summary CssParser::Parserreadremotefile and therefore loaduri!, and the @import-following branch of addblock! issues HTTP/HTTPS requests against any host, port and URI it is handed, with no scheme allowlist, no host / IP filtering, and no protection against link-local, loopback or RFC‑1918...
org.hl7.fhir.core: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint
Summary All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The utility intended to secure this evaluation did so incorrectly, and did not fully cover all places in which evaluation was being done. An attacker can send a resource...
pymonocypher: Potential heap buffer overflow on nb_blocks in argon2i_32 when provided buffer is too small
Impact The argon2i32 implementation does not check the nbblocks size. If the caller does not provide a sufficiently large buffer based on the API contract, then argon2i32 will write past the end of the buffer and possibly corrupt the heap. Patches Fixed in 4.0.2.8, which now verifies that nbblock...
Note Mark: Path traversal via unsanitized book/note slug in migrate export (sibling of GHSA-g49p)
Summary Note Mark validates book and note slug values with the OpenAPI/huma tag pattern:"a-z0-9-+". huma compiles this with regexp.MustCompiles.Pattern and tests it with patternRe.MatchStringstr, an UNANCHORED match. Because the pattern is not anchored ^...$, any string that merely CONTAINS one...
Note Mark: Unauthenticated disclosure of soft-deleted note metadata via deleted=true on public books
Summary GET /api/books/bookID/notes is an unauthenticated endpoint that accepts a "deleted" query parameter. When the request is ?deleted=true, the service runs the query with Unscoped bypassing GORM's soft-delete scope but keeps the read-authorization clause as "ownerid = ? OR ispublic = ?". As ...
Soup Sieve: Regular Expression Denial of Service (ReDoS) via Selector Parser
Summary The CSS selector parser in soupsieve the CSS selector engine for Beautiful Soup 4 contains a regular expression vulnerable to catastrophic backtracking. When processing an attribute selector with an unterminated quoted value, the VALUE regex pattern in cssparser.py enters exponential...
Soup Sieve has Memory Exhaustion via Large Comma-Separated Selector Lists
Summary The CSS selector parser in soupsieve the CSS selector engine for Beautiful Soup 4 allocates unbounded memory when compiling large comma-separated selector lists. An attacker who can supply a crafted CSS selector string to soupsieve.compile or Beautiful Soup's .select / .selectone can caus...
Phantom: Arbitrary file write and decode-bomb DoS via unconfined MCP tool paths
Impact In Phantom = 1.3.0, when PHANTOMOUTPUTDIR was unset the default, the MCP tools accepted arbitrary absolute output paths with no confinement. Anything able to send tool calls e.g. an AI agent driving the MCP interface could write or overwrite arbitrary files the process user can write —...
Micronaut: DefaultHttpClient follows redirects, forwarding Authorization, Cookie, and Proxy-Authorization headers
Impact DefaultHttpClient follows redirects and forwards Authorization, Cookie, and Proxy-Authorization headers to redirect targets across domain boundaries. The blocklist only filters Host/Connection/TE/CT/CL. Additionally, no maximum redirect count exists, enabling infinite loop DoS. Affected:...
Micronaut doesn't set a maximum redirect count for its HTTP Client, enabling infinite loop DoS
The Netty-based Micronaut HTTP Client does not impose a limit on HTTP redirections, potentially allowing an infinite redirect loop that could lead to a denial-of-service attack. Patches The following versions are patched: - For Micronaut 5, versions equal or greater than 5.0.1 = - For Micronaut 4...
pyLoad: Unbounded Memory Growth Leading to DoS and Potential DDoS in EventManager
Description: The EventManager module in pyload manages a list of Client instances for subscribing to events. The addition of each unique uuid from the getevents API causes the creation of a Client instance that gets appended to the clients list. Although there is a clean method available in the...
pyLoad: SSRF guard bypass via IPv6 6to4/NAT64 transition wrappers of internal IPs
Summary isglobaladdress in src/pyload/core/utils/web/check.py is the central guard against SSRF-style outbound connections in pyload-ng. It tests whether a given IP is "globally routable" via Python's ipaddress.ipaddressvalue.isglobal, and callers treat not isglobal as "deny": python def...
Serena: Unauthenticated Flask dashboard on fixed port enables DNS rebinding → memory poisoning → RCE
Summary Serena's built-in web dashboard exposes an unauthenticated Flask API on a fixed, predictable port TCP 24282, hardcoded as 0x5EDA in constants.py. The server has no authentication, no CSRF protection, and no Host header validation. A DNS rebinding attack allows a malicious webpage to reach...
NL Portal: IDOR allows any authenticated user to complete and tamper with another user's taak
Impact In versions from 1.5.0 up to and including 3.0.0, any authenticated portal user could complete and tamper with another user's open task by submitting it on their behalf. The task submission endpoint accepted a task ID and a payload, but it never checked whether the task actually belonged t...
NL Portal: Missing per-user authorization on document and decision GraphQL queries in nl-portal-backend-libraries
Impact In versions up to and including 3.0.0, two parts of the GraphQL API returned data without checking whether the data belonged to the logged-in user: - Document content. A logged-in user could download the raw content of any document by its ID, regardless of who owned it. The resolver has...