Lucene search
+L
GithubRecent

33426 matches found

Github Security Blog
Github Security Blog
added yesterday10 views

Skipper: Incomplete fix for CVE-2026-50197: an oversized body can bypass OPA deny-on-presence Rego policies

Summary A wrong policy can be an open door. You have to check input.attributes.request.http.truncatedbody in your policy. Description Incomplete fix for CVE-2026-50197: an oversized declared-Content-Length body still hands OPA an empty parsedbody, so deny-on-presence Rego policies fail OPEN while...

7.8CVSS5.4AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added yesterday8 views

Skipper's routesrv-no-auth component: All routesrv API Endpoints Lack Authentication

Description The routesrv component exposes the full cluster route topology Ingress/RouteGroup configurations, backend URLs, filter chains, OAuth/OIDC callback paths and cache-cluster topology Redis/Valkey shard addresses over plain HTTP with zero authentication. Any pod in the Kubernetes cluster...

5.4AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added yesterday11 views

CloudTAK: Authenticated full-read SSRF in the /api/esri* routes — user-controlled URL fetched with no IP-classification guard

Authenticated full-read SSRF in CloudTAK /api/esri routes — user-controlled URL fetched with no IP-classification guard Summary Every route in the ESRI helper family api/routes/esri.ts takes a fully attacker-controlled URL from the request POST /api/esri body url, and the portal / server / layer...

5.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added yesterday8 views

PocketSphinx: Buffer overflows in language and acoustic model loading code

Impact The trie language model code introduced in PocketSphinx 5prealpha failed to check various boundary conditions when reading the headers of ARPA, DMP, and binary format language model files. In the case of invalid, corrupted or malicious input files, this could lead to stack and heap buffer...

5.5AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added yesterday8 views

AngleSharp HTML5 Spec Compliance: mXSS via annotation-xml HTML Integration Point Bypass

Summary The HTML specification requires that a MathML element with encoding="text/html" or encoding="application/xhtml+xml" is treated as an HTML integration point. Content inside it must be parsed as HTML, not MathML. AngleSharp does not implement this correctly. As a result, the parser produces...

5.3AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added yesterday8 views

PRoot-Distro has Path Traversal in proot-distro copy — Arbitrary Read, Write, and Persistent Code Execution Outside Container Rootfs

Path Traversal in proot-distro copy — Arbitrary Read, Write, and Persistent Code Execution Outside Container Rootfs Repository https://github.com/termux/proot-distro Maintainer: @sylirre Affected Component Package: proot-distro Affected command: copy Attack surface: Host-side Termux CLI — this is...

6.2AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added yesterday10 views

ExifReader HEIC/AVIF ISO-BMFF parser throws uncaught RangeError on truncated boxes

Summary ExifReader 4.40.0 can throw an uncaught RangeError: Offset is outside the bounds of the DataView while parsing crafted HEIC/AVIF files. The file only needs a valid leading ftyp box with a HEIC/AVIF major brand followed by a malformed ISO-BMFF box, such as an empty 8-byte free box or a...

5.6AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added yesterday10 views

Flask-Reuploaded: Extension-denylist bypass via case-folding asymmetry in name-override path (incomplete-fix variant of CVE-2026-27641)

Header | Field | Value | |---|---| | Title | Extension-denylist bypass via case-folding asymmetry in name-override path incomplete-fix variant of CVE-2026-27641 | | Project | Flask-Reuploaded flaskuploads | | Affected | extension"shell.php" = "php" - extensionallowed"php" - DENY correct...

9.8CVSS5.8AI score0.01046EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added yesterday7 views

Prompty: Arbitrary code execution via JavaScript frontmatter in TypeScript loader

Summary The TypeScript Prompty loader used gray-matter without overriding executable frontmatter engines. gray-matter supports JavaScript frontmatter blocks such as ---js and evaluates them while parsing. An attacker-controlled .prompty file could therefore execute arbitrary JavaScript during...

8.7CVSS5.7AI score0.0093EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added yesterday6 views

Prompty: Arbitrary file read via file reference expansion

Summary Prompty loaders expanded $file:... references in .prompty frontmatter without enforcing that the resolved path stayed within an authorized directory. An attacker-controlled prompt file could use path traversal or an absolute path to cause the host application to read files accessible to t...

7.5CVSS5.2AI score0.01057EPSS
Exploits0References4Affected Software3
Github Security Blog
Github Security Blog
added yesterday7 views

mcp-memory-keeper: Arbitrary local file read in context_import via unvalidated filePath

Impact contextimport passed the caller-supplied filePath directly to fs.readFileSync with no path confinement. A malicious MCP client — or an LLM agent that is prompt-injected into calling the tool — could point filePath at any file readable by the server process, outside any session or export...

5.5AI score
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added yesterday7 views

Formie: Missing authorization in administrative settings allows low-privileged CP users to modify plugin configuration

Formie contains a missing authorization vulnerability in administrative settings routes. An authenticated, non-admin Craft CMS control panel user with limited Formie access could directly access Formie settings pages and modify global plugin configuration. In affected versions, Formie...

5.3AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added yesterday6 views

Gitea has insufficient permission checks for Composer package source links

CVE Description Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information. Summary A critical vulnerability has been discovered in Gitea. It was already reported via...

8.2CVSS7.7AI score0.40738EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added yesterday7 views

TAK-PS-Stats Web UI: Authenticated full-read SSRF in CloudTAK basemap import (PUT /api/basemap) — no IP-classification guard

Summary PUT /api/basemap the basemap import endpoint fetches an attacker-supplied URL server-side with no SSRF protection whatsoever. Any authenticated user can submit a JSON body "type": "...", "url": "" ; the server calls fetchurl against that URL and then reflects the response body name,...

5.6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added yesterday6 views

oapi-codegen: OpenAPI Server Description Escapes Generated Go Comment and Injects Executable Code

Summary The vulnerability in oapi-codegen seems to be similar with CVE-2026-22785, which is a generated-code injection issue where untrusted OpenAPI summary text is embedded into generated TypeScript MCP server source without proper escaping. oapi-codegen has a similar vulnerability in its server...

9.8CVSS6.2AI score0.00709EPSS
Exploits2References4Affected Software1
Github Security Blog
Github Security Blog
added yesterday7 views

meta-ads-mcp: X-Pipeboard-Token Header Auth Bypass Reuses Operator Meta Token

X-Pipeboard-Token Header Auth Bypass Reuses Operator Meta Token Summary AuthInjectionMiddleware in meta-ads-mcp rejects HTTP MCP requests only when both authtoken and pipeboardtoken are absent. Because extracttokenfromheaders does not recognise the X-Pipeboard-Token header, an attacker who sends...

5.7AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added yesterday7 views

meta-ads-mcp: Server-Side Request Forgery (SSRF) in `upload_ad_image` via Unrestricted `image_url` Fetch

Server-Side Request Forgery SSRF in uploadadimage via Unrestricted imageurl Fetch Summary The uploadadimage MCP tool in meta-ads-mcp v1.0.113 passes an attacker-controlled imageurl parameter directly to an HTTP fetch helper httpx.AsyncClientfollowredirects=True.geturl without any scheme, host, or...

6AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added yesterday6 views

sh _uid does not drop supplementary groups (incomplete privilege drop)

Impact The uid option performed an incomplete privilege drop on Linux/Unix-like systems. When sh was run from a process with elevated privileges, such as root, and a command was launched with uid=, the child process changed its UID and primary GID but did not reset its supplementary groups. As a...

5.5AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added yesterday7 views

AWS-JDBC Wrapper: Privilege Escalation in Aurora PostgreSQL instance

Aurora PostgreSQL is a fully managed relational database engine that's compatible with PostgreSQL. The team has identified CVE-2026-11400, an issue in Aurora PostgreSQL using the AWS Advanced JDBC Wrapper Impact An issue in AWS Wrappers for Amazon Aurora PostgreSQL will allow for privilege...

8.6CVSS5.2AI score0.00305EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added yesterday7 views

plone.restapi: Stored XSS by spoofing mime type

Impact A stored XSS affecting RichText fields. RichTextValue.output returns the raw, unsanitized stored value whenever the stored mimeType equals the outputMimeType. Because the safe-HTML output type text/x-html-safe is the type that signifies "already sanitized", any value whose stored mimeType...

5.5AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added yesterday9 views

plone.app.textfield: Stored XSS by spoofing mime type

Impact A stored XSS affecting RichText fields. RichTextValue.output returns the raw, unsanitized stored value whenever the stored mimeType equals the outputMimeType. Because the safe-HTML output type text/x-html-safe is the type that signifies "already sanitized", any value whose stored mimeType...

5.4AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added yesterday6 views

Skipper: Unbounded Request Body Read in Admission Webhook Causes Memory Exhaustion DoS

Summary The Kubernetes admission webhook handler reads the entire request body using io.ReadAllr.Body without any size limit. Any client that can reach the webhook port within the cluster can send a multi-GB payload, causing the skipper process to exhaust memory and be OOM-killed. This disrupts a...

5.5AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added yesterday7 views

vLLM: Speech-to-text upload size limit is enforced after full UploadFile read

Summary Current-head vLLM documents VLLMMAXAUDIOCLIPFILESIZEMB as the maximum audio file size accepted by the speech-to-text APIs. The default is 25 MB. vllm/envs.py also describes files larger than this value as rejected. The /v1/audio/transcriptions and /v1/audio/translations routes call await...

6.5CVSS5.5AI score0.00289EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added yesterday8 views

vLLM: ReDoS via structured_outputs.regex compiled without timeout in xgrammar and outlines backends

Summary The structuredoutputs.regex API parameter passes a user-supplied regex string directly to grammar compiler backends with no compilation timeout. In the xgrammar backend, the string reaches compileregex with no guard. In the outlines backend, validateregexisbuildable blocks structural issu...

8.7CVSS5.1AI score0.00324EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added yesterday7 views

vLLM has Remote DoS via Invalid Recovered Token Reinjection

Summary A frontend-legal multi-request speculative workload can make vLLM produce an out-of-vocabulary recovered token equal to vocabsize, convert that value to -1 when choosing the next live token for a request, and then feed that -1 back into the next drafter input ids. On Qwen3 GPTQ this reach...

7.5CVSS5.5AI score0.00343EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added yesterday7 views

vLLM: Processing differential in multi-channel audio downmixing enables hidden-input/moderation bypass for audio models

Issue Description Librosa defaults to using numpy.mean for mono downmixing tomono, while the international standard ITU-R BS.775-4 specifies a weighted downmixing algorithm. This discrepancy results in: - Inconsistency between audio heard by humans e.g., through headphones/regular speakers and...

7.1CVSS5.3AI score0.00267EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2 days ago10 views

ArcadeDB has cross-database IDOR: /ts/*, /batch/*, Prometheus and Grafana handlers bypass authorization

About 14 HTTP handlers resolve the database path param and call getDatabase... WITHOUT user.canAccessToDatabase... and without setting the engine principal, because they extend AbstractServerHttpHandler directly instead of DatabaseAbstractHandler which holds the only per-database gate at...

6.1AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2 days ago11 views

ArcadeDB: Scripting authorization gate (GHSA-48qw-824m-86pr) bypassed via SQL DEFINE FUNCTION ... LANGUAGE js

The GHSA-48qw-824m-86pr hardening added a checkPermissionsOnDatabaseUPDATESECURITY gate on the polyglot engine PolyglotQueryEngine.java:112-114,126,176,199, but only there. The SQL route to JavaScript never touches it: DefineFunctionStatement.executeSimple DefineFunctionStatement.java:37-100,...

6.2AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2 days ago7 views

ArcadeDB: Trigger scripts run with java.lang.* allowed, enabling OS command execution (RCE)

ScriptTriggerExecutor sets allowedPackages to java.lang., java.util., java.time., java.math. ScriptTriggerExecutor.java:56; trigger creation is gated only at UPDATESCHEMA LocalSchema.createTrigger:636. Permitting java.lang. host-class lookup lets a trigger script do...

6.1AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2 days ago12 views

MCP Python SDK: WebSocket server transport does not support Host/Origin validation

Summary In affected versions, the deprecated WebSocket server transport mcp.server.websocket.websocketserver accepted the WebSocket handshake without applying any Host or Origin header validation. The TransportSecuritySettings mechanism that the SSE and Streamable HTTP transports use for this...

8.1CVSS6AI score0.00181EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2 days ago9 views

ArcadeDB: Privilege escalation via reader role in /api/v1/command JS scripting language — arbitrary host file read

Impact A user holding only reader read-only privileges on a single database could execute arbitrary JVM code by sending a "language": "js" command to the POST /api/v1/command/database HTTP endpoint, and use it to read arbitrary files on the host filesystem e.g. /etc/passwd, configuration files,...

6.4AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2 days ago8 views

Pheditor: Hardcoded default password 'admin' with no forced change enables full application compromise

Summary Pheditor ships with a hardcoded default password admin SHA-512 hash stored at pheditor.php:11. There is no mechanism to force a password change on first login. Any deployment using the default credentials grants an attacker full access to the file editor, file upload, and terminal feature...

6.4AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2 days ago8 views

Pheditor: Incomplete command sanitization in terminal feature allows RCE via pipe operator, backtick substitution, and newline injection

Summary The terminal feature in Pheditor uses an incomplete character blocklist to sanitize user-supplied commands before passing them to shellexec. After the fix for GHSA-9643-6xjp-vx57 which added $ to the blocklist, the characters | single pipe, backtick, and the newline byte 0x0A remain...

6.3AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2 days ago7 views

kuma-dp connects to control plane without verifying TLS certificate when no CA is configured

When kuma-dp is started against an HTTPS control plane and the operator did not pass a CA certificate, the data plane connects with TLS peer verification disabled. The dataplane authentication token is sent over this unverified connection Impact An on-path attacker can intercept the dataplane...

6.1AI score
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2 days ago8 views

ArcadeDB: Read-only users can mutate database schema (incomplete fix of CVE-2026-44221)

Impact The fix for CVE-2026-44221 GHSA-fxc7-fm93-6q77 added an UPDATESCHEMA authorization check to a single schema-mutating method LocalDocumentType.createProperty. The remaining public schema mutators were left unchecked, so an authenticated identity including a read-only API token that lacks th...

9CVSS6.1AI score0.00344EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2 days ago9 views

ArcadeDB: IMPORT DATABASE allows SSRF and arbitrary local file read by authenticated users

Impact The SQL IMPORT DATABASE statement did not require administrative privileges and passed its source URL to the importer without validation. Any authenticated user with SQL command access not only root/administrators could therefore: - Server-Side Request Forgery CWE-918: cause the server to...

6.2AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2 days ago8 views

nimiq-primitives: Out-of-bounds panic in KeyNibbles::Add from oversized child suffix in a deserialized proof

Impact A malicious peer acting as a state-sync source can crash a syncing node with a crafted TrieChunk whose proof contains a TrieNodeChild whose suffix, when concatenated with the parent key via KeyNibbles::Add, exceeds the fixed 63-byte backing array. Add primitives/src/keynibbles.rs:332 / :34...

6.1AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2 days ago8 views

nimiq-primitives: Panic in TrieProof::verify via child_index unwrap on equal-length keys

Impact A malicious peer acting as a state-sync source can crash a syncing node by sending a crafted TrieChunk whose proof contains two TrieProofNodes with identical keys. TrieProof::verify calls TrieProofNode::childindex primitives/src/trie/trieproofnode.rs:94, which unconditionally unwraps...

6.2AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2 days ago8 views

Pheditor has an authenticated terminal command whitelist bypass

Summary Pheditor 2.0.4 has an authenticated terminal command whitelist bypass. The terminal feature checks whether the submitted command starts with one of the configured TERMINALCOMMANDS values, then passes the full command string to shellexec. Shell command substitution such as $ is not blocked...

6.4AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2 days ago10 views

MCP Python SDK: HTTP transports serve session requests without verifying the authenticated principal

Summary In affected versions, the SSE and Streamable HTTP server transports routed incoming requests to an existing session based only on the session identifier, without verifying that the request was authenticated as the same principal that created the session. Anyone who learned or guessed a...

7.1CVSS6AI score0.00251EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2 days ago11 views

MCP Python SDK: Experimental task handlers allow any client to access and cancel other clients' tasks

Summary In affected versions, the default request handlers installed by the experimental tasks feature server.experimental.enabletasks did not check which session created a task before acting on it. On a server with more than one connected client, any client could observe, read results from, and...

7.6CVSS6.1AI score0.00227EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2 days ago8 views

Nuclio: Unauthenticated path traversal in spec.handler allows arbitrary file write in Dashboard container

Summary Nuclio Dashboard exposes POST /api/functions without authentication by default NOP auth mode. The spec.handler field e.g., mymodule:myfunction is parsed by functionconfig.ParseHandler which splits on : only — no path validation is applied to the module portion. During function build,...

6.3AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2 days ago8 views

Nuclio: Unsanitized runtimeAttributes.repositories injected into Groovy build.gradle leads to build-time RCE

Summary Nuclio's Java runtime generates a build.gradle file during function builds using Go's text/template package. The template renders runtimeAttributes.repositories values with the . action, which performs no escaping. An attacker can embed a closing brace to break out of the repositories blo...

6.5AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2 days ago8 views

Envoy Gateway: xDS Control Plane Information Disclosure when operating in GatewayNamespaceMode

Impact When Envoy Gateway runs in GatewayNamespaceMode provider.kubernetes.deploy.type=GatewayNamespace, the xDS gRPC server is configured with a StreamInterceptor for JWT authentication but no UnaryInterceptor. The go-control-plane xDS server exposes both streaming and unary Fetch RPC methods fo...

6.1AI score0.00027EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2 days ago7 views

Diesel has possible use after free when deserializing a SQLite database via `SqliteConnection::deserialize_readonly_database`

Diesel allows loading a SQLite database from a byte buffer, represented as &u8, at runtime via the SqliteConnection::deserializereadonlydatabase function. In previous versions of Diesel, this buffer was passed directly to libsqlite3. Since libsqlite3 requires the buffer to remain alive for as lon...

6.2AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2 days ago8 views

Envoy Gateway: Authentication Bypass via Improper Input Validation in EnvoyExtensionPolicy Lua Allows Secret Disclosure

Impact The toabsolutenormalizedpath function security.lua:28-43 does not collapse redundant path separators // → /. On Linux, //etc/passwd is equivalent to /etc/passwd POSIX path semantics, but iscriticalpath fails to match the double-slash variant because //etc/passwd does not start with /etc/...

6.1AI score0.0004EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2 days ago9 views

Envoy Gateway: Wasm cache ServeHTTP reads mappingPath2Cache without lock

Vulnerability report without repro case. Repro case may be added later after harness is complete. Preconditions 4: - Pod-network reachability to :18002 no auth - Tenant can create EnvoyExtensionPolicy baseline - Attacker pod floods GET while churning EnvoyExtensionPolicy with distinct Wasm URLs -...

6.1AI score0.0004EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2 days ago9 views

Envoy Gateway: OCI layer extraction allocates make([]byte, h.Size) from untrusted tar header

Vulnerability report without repro case. Repro case may be added later after harness is complete. Preconditions 4: - Tenant can create EnvoyExtensionPolicy baseline - Controller has egress to attacker-controlled OCI registry - No registry allowlist none exists in code - Layer presents Docker/OCI...

6.1AI score0.00044EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2 days ago8 views

Envoy Gateway: Nil-dereference when SecurityPolicy targets TCPRoute without spec.authorization

Vulnerability report without repro case. Repro case may be added later after harness is complete. Preconditions 4: - Tenant has SecurityPolicy + TCPRoute RBAC baseline - Tenant namespace permitted to attach TCPRoute to a Gateway listener - spec.authorization omitted the trigger - No admission...

6.1AI score0.00121EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2 days ago10 views

Envoy Gateway: Wasm HTTP fetch decompresses gzip without output-size limit

Vulnerability report without repro case. Repro case may be added later after harness is complete. Preconditions 4: - Tenant can create EnvoyExtensionPolicy baseline - Attacker hosts a gzip-bomb at a reachable URL - sha256 unset optional field; check is post-decompression anyway - No operator...

6.2AI score0.00044EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities33426