Lucene search
K
GithubRecent

33227 matches found

Github Security Blog
Github Security Blog
added 2026/05/04 8:48 p.m.12 views

Distribution's tag deletion bypasses `storage.delete.enabled` configuration

Summary Tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has explicitly disabled deletion. Details When storage.delete.enabled is configured to false,...

6.5CVSS5.8AI score0.00294EPSS
Exploits1References3Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/04 8:23 p.m.14 views

OpenClaw's exec allowlist analysis rejects shell expansion in unquoted heredocs

Summary Exec allowlist analysis rejects shell expansion in unquoted heredocs Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.4.21 - Fixed version: 2026.4.22 Impact An allowlisted command containing an unquoted heredoc could hide shell expansion in the heredoc body...

5.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 8:22 p.m.10 views

OpenClaw: MCP loopback owner context is derived from server-issued bearer tokens

Summary MCP loopback owner context is derived from server-issued bearer tokens. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.4.21 - Fixed version: 2026.4.22 Impact The loopback MCP path accepted spoofable owner-context metadata from request headers, which could...

8.5CVSS5.8AI score0.00112EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 8:22 p.m.9 views

OpenClaw: Workspace dotenv files cannot override connector endpoint hosts

Summary Workspace dotenv files cannot override connector endpoint hosts. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.4.21 - Fixed version: 2026.4.22 Impact A workspace .env file could set connector endpoint variables for Matrix, Mattermost, IRC, or...

5CVSS5.8AI score0.00105EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 8:21 p.m.10 views

OpenClaw's ACP child sessions inherit subagent security envelope constraints

Summary ACP child sessions inherit subagent security envelope constraints. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.4.21 - Fixed version: 2026.4.22 Impact A restricted subagent spawning an ACP child session could fail to carry forward subagent-only...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 8:21 p.m.12 views

OpenClaw validates Zalo outbound photo URLs through the SSRF guard

Summary Zalo outbound photo URLs are validated through the SSRF guard. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.4.21 - Fixed version: 2026.4.22 Impact The Zalo plugin could forward an attacker-controlled outbound photo URL to the Zalo Bot API without first...

8.6CVSS5.8AI score0.00291EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 8:20 p.m.32 views

Pillow has an OOB Write with Invalid PSD Tile Extents (Integer Overflow)

Impact Processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. Patches Patched version: 12.2.0 Pillow 12.1.1 addressed CVE-2026-25990 by adding checks for tile extents in PSD image decoding/encoding to prevent an out-of-bounds...

8.6CVSS6.9AI score0.00367EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 8:19 p.m.8 views

Pillow has a PDF Parsing Trailer Infinite Loop (DoS)

Impact An attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. Patches Patched version: 12.2.0. PdfParser introduced in Pillow 4.2.0 follows Prev pointers in PDF trailers to read cross-reference sections. If ...

5.5CVSS5.8AI score0.00126EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 8:18 p.m.11 views

Pillow has an integer overflow when processing fonts

If a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This has been fixed...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 8:18 p.m.12 views

Pillow has a heap buffer overflow with nested list coordinates

Passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polygon and ImageDraw.ImageDraw.line could cause a heap buffer overflow, as nested lists were recursively unpacked beyond the allocated buffer. Coordinate lists are now validated to...

5.5CVSS5.9AI score0.00133EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 8:14 p.m.9 views

pyp2spec is Vulnerable to Code Injection

Impact pyp2spec was writing PyPI package metadata e.g. the summary field into the generated spec file without escaping RPM macro directives. When a packager then runs rpmbuild, those directives get evaluated, so a malicious package can execute arbitrary commands on the build machine. The macro...

7.8CVSS6.1AI score0.00197EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 8:12 p.m.9 views

Argo vulnerable to exposure of artifact repository credentials

Summary The workflow executor logs all artifact repository credentials S3 access keys, secret keys, GCS service account keys, Azure account keys, Git passwords, etc. in plaintext on artifact operation. Any user with read access to workflow pod logs can extract these credentials. Note: This is an...

8.5CVSS7.3AI score0.00357EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 8:11 p.m.11 views

Argo has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure

The fix for CVE-2026-31892 commit 534f4ff blocks podSpecPatch when templateReferencing: Strict is active, but doesn't restrict other WorkflowSpec fields that flow through the same merge path and get applied to pods. A user can set hostNetwork: true, override serviceAccountName, or change...

9.9CVSS7.3AI score0.00424EPSS
Exploits2References8Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/04 8:11 p.m.10 views

Argo Vulnerable to Unauthenticated Memory Exhaustion (DoS) in Webhook Interceptor

Severity: Medium Component: Webhook Interceptor server/auth/webhook Vulnerability Type: Denial of Service DoS Description The Webhook Interceptor loads the entire request body into memory before authenticating the request or verifying its signature. This occurs on the /api/v1/events/ endpoint,...

8.2CVSS6AI score0.00607EPSS
Exploits1References6Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/04 8:1 p.m.8 views

Argo Affected by SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go)

Summary A nil pointer dereference in server/auth/gatekeeper.go rbacAuthorization causes a panic denial of service for SSO users whose claims match a namespace-level RBAC rule but not an SSO-namespace rule, when SSODELEGATERBACTONAMESPACE=true. Details When getServiceAccountclaims, ssoNamespace...

6.5CVSS5.9AI score0.00377EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 8:0 p.m.12 views

Argo has Missing Authorization in its Sync ConfigMap Provider

Summary The Sync Service's ConfigMap-backed provider server/sync/synccm.go performs zero authorization checks on all CRUD operations create, read, update, delete. Any authenticated user — including those using fake Bearer tokens — can create, read, update, and delete Kubernetes ConfigMaps...

8.5CVSS6.8AI score0.00515EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 7:59 p.m.15 views

Kirby CMS's system API endpoint leaks installed version and license data to authenticated users

TL;DR This vulnerability affects all Kirby sites that might have potential attackers in the group of authenticated Panel users. ---- Introduction Missing authorization allows authenticated users to perform actions they are not intended to have access to. The effects of missing authorization can...

5.3CVSS5.8AI score0.00193EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 7:58 p.m.11 views

Kirby CMS doesn't gate user avatar creation, replacement and deletion with user update permissions

TL;DR This vulnerability affects all Kirby sites where users of a particular role have no permission to update user information user.update or users.update permission is disabled. This can be due to configuration in the blueprints of the acting users, via options in the blueprints of the target...

5.3CVSS5.7AI score0.00237EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 7:50 p.m.8 views

Kirby CMS's read access to site, user and role information is not gated by permissions

TL;DR This vulnerability affects all Kirby sites that might have potential attackers in the group of authenticated Panel users. This vulnerability is of high severity for affected sites. Sites using Kirby are not affected if they intend all users of the site to be able to list and access the site...

7.1CVSS5.7AI score0.00231EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 7:46 p.m.9 views

Incus is affected by unbounded binary import disk exhaustion

Summary Uploads of large amount of data by authenticated users can run the Incus server out of disk space, potentially taking down the host system. The impact here is limited for anyone using storage.imagesvolume and storage.backupsvolume as those users will have large uploads be stored on those...

4.3CVSS5.8AI score0.00333EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 7:45 p.m.12 views

Incus has Nil Dereferences on Restore via Malformed YAML

Summary Details It was found that backup.GetInfo trusts the inline backup/index.yaml config when present and only falls back to parsing the legacy backup/container/backup.yaml file if result.Config == nil. As a result, an archive can carry a valid inline config that passes the initial import...

6.5CVSS5.7AI score0.00408EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 7:44 p.m.6 views

Incus has Unbounded YAML Metadata Decode via Parsing

Summary User provided image and backup tarballs would be unpacked and YAML files parsed without any size restrictions. This was making it easy for an authenticated user to provide a crafted image or backup tarball that when parsed by Incus would lead to a very large YAML document being loaded int...

5.3CVSS5.7AI score0.00269EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 7:38 p.m.10 views

Incus has Nil-Pointer Dereference via S3 Bucket Import

Summary Missing error handling could lead an authenticated Incus user to cause a daemon crash through the import of a truncated storage bucket backup file. Details It was found that TransferManager.UploadAllFiles iterates over tar entries but only checks for io.EOF from tr.Next. When tr.Next...

6.5CVSS5.7AI score0.00394EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 7:32 p.m.10 views

Kata Container has CopyFile Policy Subversion via Symlinks

Summary An oversight in the CopyFile policy and perhaps the CopyFile handler allows untrusted hosts to write to arbitrary locations inside the guest workload image. This can be used to overwrite binaries inside the guest and exfiltrate data from containers; even those running inside CVMs. Details...

8.8CVSS5.9AI score0.00269EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 7:31 p.m.12 views

OpenMRS has Stored Velocity SSTI to RCE via ConceptReferenceRange

Impact The ConceptReferenceRangeUtility.evaluateCriteria method in OpenMRS Core evaluates database-stored criteria strings as Apache Velocity templates without any sandbox configuration. The VelocityEngine is initialized with only logging properties and noSecureUberspector, leaving the default...

9.1CVSS6.4AI score0.00317EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 7:26 p.m.8 views

Traefik's errors middleware forwards Authorization and Cookie headers to separate error page service

Summary There is a medium severity information disclosure vulnerability in Traefik's errors custom error pages middleware. When the backend returns a response matching the configured status range, the middleware forwards the original request's complete header set, including Authorization, Cookie,...

6.9CVSS5.9AI score0.00445EPSS
Exploits1References6Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/04 7:21 p.m.14 views

Gotenberg has an ExifTool Dangerous Tag Blocklist Bypass via Group-Prefixed Tag Names that Allows Arbitrary File Rename and Move

Summary Gotenberg blocks certain ExifTool tag names like FileName and Directory to stop attackers from renaming or moving files on the server. But ExifTool allows a longer form of the same tag — System:FileName — which does the exact same thing. Gotenberg only checks if the tag is exactly FileNam...

8.2CVSS5.8AI score0.00347EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 7:16 p.m.8 views

Incus Vulnerable to Panic via Snapshot Bounds Check

Summary Missing validation logic in the storage volume import logic allows an authenticated user with access to Incus' storage volume feature to cause the Incus daemon to crash. Repeated use of this issue can be used to keep Incus offline causing a denial of service. Details The backup restore...

7.1CVSS5.8AI score0.00408EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 7:8 p.m.14 views

Incus has an OVN TLS Verification that Accepts Peer-Supplied Roots

Summary Broken TLS validation logic in the OVN database connection logic could allow connections to an attacker's OVN database. OVN uses mTLS for authentication, so the attacker cannot actually perform a full man in the middle attack as they won't be able to authenticated with the real OVN...

4.8CVSS5.8AI score0.00173EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 6:30 p.m.10 views

Apache Polaris has an Improper Input Validation issue

In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the configured bucket instead. Apache Polaris builds Google Cloud Storage downscoped credentials b...

9.9CVSS5.7AI score0.00431EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 6:30 p.m.15 views

Apache Polaris has an Improper Input Validation Issue

Apache Polaris can issue broad temporary "vended" storage credentials during staged table creation before the effective table location has been validated or durably reserved. Those temporary credentials are meant to limit the scope of accessible table data and metadata, but this scope limitation...

9.9CVSS5.7AI score0.00355EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 6:30 p.m.14 views

Apache OpenNLP ExtensionLoader Vulnerable to Arbitrary Class Instantiation via Model Manifest

Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The ExtensionLoader.instantiateExtensionClass, String method loads a class by its fully-qualified name via Class.forName and invokes its no-arg...

9.8CVSS6.1AI score0.00692EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 6:30 p.m.10 views

Apache Polaris has an Improper Input Validation Issue

Apache Polaris accepts literal characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those same characters appear to be reused unescaped in S3 IAM resource patterns and s3:prefix conditions. In S3 IAM policy matching, is treated as ...

9.9CVSS5.8AI score0.00424EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 6:30 p.m.15 views

Apache OpenNLP AbstractModelReader has an OOM Denial of Service via Unbounded Array Allocation

OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader Versions Affected: Before 2.5.9 Before 3.0.0-M3 Description: The AbstractModelReader methods getOutcomes, getOutcomePatterns, and getPredicates each read a 32-bit signed integer count field from a binary...

7.5CVSS5.9AI score0.00627EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 6:30 p.m.12 views

Apache Polaris has an Improper Input Validation issue

In Apache Iceberg, the table's metadata files are control files: they tell readers which data files belong to the table and which table version to read. write.metadata.path is an optional table property that tells Polaris where to write those metadata files. For a table already registered in a...

9.9CVSS5.9AI score0.00364EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 6:30 p.m.14 views

Apache OpenNLP DictionaryEntryPersistor Vulnerable to XML External Entity (XXE) via Unsanitized Dictionary Parsing

XML External Entity XXE via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURESECUREPROCESSING ...

9.1CVSS5.8AI score0.00515EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 6:30 p.m.24 views

GoBGP has an out-of-bounds read in the ParseIP6Extended function

An out-of-bounds read in the ParseIP6Extended function /bgp/bgp.go of gobgp v4.3.0 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

7.5CVSS5.8AI score0.00335EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 6:30 p.m.20 views

Apache Atlas has a Code Injection Vulnerability

Description: Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Atlas. Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data. Affected...

8.1CVSS5.8AI score0.00464EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 5:45 p.m.16 views

Incus has a Nil-Pointer Dereference via Custom Volume Import

Summary Missing validation logic in the storage volume import logic allows an authenticated user with access to Incus' storage volume feature to cause the Incus daemon to crash. Repeated use of this issue can be used to keep Incus offline causing a denial of service. Details The custom volume...

7.1CVSS5.8AI score0.00299EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 5:40 p.m.9 views

Incus has a Nil-Pointer Dereference Panic via Bucket Metadata

Summary Missing validation logic in the storage bucket import logic allows an authenticated user with access to Incus' storage bucket feature to cause the Incus daemon to crash. Repeated use of this issue can be used to keep Incus offline causing a denial of service. Details The storage bucket...

7.1CVSS5.7AI score0.00398EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 5:39 p.m.33 views

OpenMRS Module Upload Vulnerable to Path Traversal (Zip Slip)

Affected Versions version ≤ 2.7.8 latest version at time of disclosure https://github.com/openmrs/openmrs-core Impact The endpoint POST /openmrs/ws/rest/v1/module is vulnerable to a path traversal Zip Slip attack. An authenticated attacker can upload a crafted .omod archive containing ZIP entries...

9.4CVSS6AI score0.00853EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 5:20 p.m.14 views

Quarkus has Authentication/Authorization bypasses

Quarkus version 3.32.4 is vulnerable to an authorization bypass issue GHSL-2026-099, in which semicolons matrix parameters in HTTP requests can be used to bypass security constraints, potentially allowing unauthorized access to protected resources. Unauthenticated or lower-privileged users can...

8.8CVSS5.9AI score0.00444EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 5:18 p.m.20 views

OpenMRS ModuleResourcesServlet has Path Traversal that Leads to Arbitrary File Read

Affected Versions version ≤ 2.7.8 latest version at time of disclosure https://github.com/openmrs/openmrs-core Impact The /openmrs/moduleResources/moduleid endpoint in OpenMRS Core is vulnerable to a path traversal attack. The ModuleResourcesServlet does not properly validate user-supplied path...

8.2CVSS6AI score0.00558EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 4:53 p.m.8 views

Incus has Blind SSRF via Image Import Preflight HEAD

Summary A partial implementation of our restricted.images.servers project restriction allows users in such restricted projects to still cause Incus to send HEAD requests to arbitrary endpoints. The actual image download will be rejected by the project restriction, but the ability to trigger...

5.3CVSS5.9AI score0.00271EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 4:52 p.m.6 views

OpenClaw: Slack thread context could include messages from non-allowlisted senders

Summary Before OpenClaw 2026.4.2, Slack thread starter and thread-history context fetched through the API was not filtered by the effective sender allowlist. Messages from non-allowlisted senders could still enter the agent context when an allowlisted user replied in the same thread. Impact A Sla...

5.4CVSS5.8AI score0.0014EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 4:29 p.m.14 views

VM2 Sandbox Breakout Through __lookupGetter__

Summary VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. Details The lookupGetter method allows to read the getter of an object. It is special in VM2 since it will switch...

9.8CVSS6.2AI score0.00917EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 3:31 p.m.14 views

jOpenDocument has an improper restriction of XML external entity reference vulnerability

Improper restriction of XML external entity reference vulnerability in ILM Informatique jOpenDocument allows Data Serialization External Entities Blowup. This issue affects jOpenDocument: 1.5...

5.3CVSS5.8AI score0.00232EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 3:31 p.m.44 views

Ollama contains a heap out-of-bounds read vulnerability in the GGUF model loader

Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and size exceed the file's actual length; during quantization in fs/ggml/gguf.go and...

9.1CVSS5.8AI score0.01001EPSS
Exploits3References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 9:31 a.m.12 views

GoBGP has Improper Restriction of Operations within the Bounds of a Memory Buffer

A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue is the function BMPPeerUpNotification.ParseBody/BMPStatisticsReport.ParseBody of the file pkg/packet/bmp/bmp.go of the component BMP Parser. The manipulation leads to out-of-bounds read. The attack can be initiated...

7.5CVSS5.6AI score0.00631EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 9:31 a.m.15 views

GoBGP has an Integer Underflow Issue

A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by this vulnerability is the function parseRibEntry of the file pkg/packet/mrt/mrt.go. Executing a manipulation can lead to integer underflow. It is possible to launch the attack remotely. Upgrading to version 4.4.0 addresses this...

7.5CVSS6.8AI score0.00454EPSS
Exploits0References8Affected Software1
Total number of security vulnerabilities33227