Lucene search
K
GithubRecent

33227 matches found

Github Security Blog
Github Security Blog
added 2026/05/04 9:31 a.m.13 views

@puchunjie/doc-tools-mcp has a Path Traversal Issue

A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function createdocument/opendocument of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results in path traversal. The attack can be launched remotely. The...

6.5CVSS6.3AI score0.00288EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 9:31 a.m.7 views

phpBB has Password Reset Link Poisoning via Host Header injection

phpBB before 3.3.16 is vulnerable to Host Header Injection that can lead to password rest link poisoning. When forceservervars is disabled, the servers hostname may be extracted from the HTTP Host header which is used to generate the password reset link URL. An attacker who can manipulate the Hos...

8.1CVSS5.3AI score0.00249EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 6:32 a.m.12 views

Prefect Git Argument Injection in GitRepository Pull Steps

A vulnerability was found in PrefectHQ prefect up to 3.6.25.dev6. Affected by this issue is some unknown functionality of the file src/prefect/runner/storage.py of the component GitRepository Pull Handler. The manipulation of the argument commitsha/directories results in argument injection. It is...

6.5CVSS6.1AI score0.00247EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 6:32 a.m.14 views

Funadmin has an Improper Access Control Issue

A flaw has been found in funadmin up to 7.1.0-rc6. This affects the function UploadService::chunkUpload of the file app/common/service/UploadService.php of the component Frontend Chunked Upload Endpoint. This manipulation of the argument File causes unrestricted upload. The attack is possible to ...

7.5CVSS6.7AI score0.00294EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 6:32 a.m.11 views

GoBGP has an Improper Resource Shutdown or Release

A vulnerability has been found in osrg GoBGP up to 4.3.0. This impacts the function SRv6L3ServiceAttribute.DecodeFromBytes of the file pkg/packet/bgp/prefixsid.go of the component SRv6 L3 Service. Such manipulation of the argument data leads to denial of service. The attack may be performed from...

7.5CVSS5.5AI score0.00464EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 3:31 a.m.11 views

Prefect Auth Bypass via endswith() Health Check Exemption

A vulnerability was detected in PrefectHQ prefect up to 3.6.21. This impacts the function endswith of the file /api/health of the component Health Check API. Performing a manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit is now public...

6.9CVSS5.7AI score0.00453EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 3:31 a.m.11 views

Prefect SSRF Bypass via DNS Rebinding in validate_restricted_url

A vulnerability has been found in PrefectHQ prefect up to 3.6.28.dev1. Affected by this vulnerability is the function validaterestrictedurl of the component Webhook/Notification. The manipulation leads to time-of-check time-of-use. It is possible to initiate the attack remotely. The attack is...

5CVSS5.1AI score0.0025EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 3:31 a.m.11 views

Prefect Unauthenticated Event Injection via /api/events/in WebSocket

A flaw has been found in PrefectHQ prefect up to 3.6.13. Affected is an unknown function of the file /api/events/in of the component WebSocket Endpoint. Executing a manipulation can lead to missing authentication. The attack may be performed from remote. The exploit has been published and may be...

7.5CVSS6.5AI score0.00421EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/04 12:30 a.m.19 views

MindsDB has an Improper Access Control Issue

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...

7.5CVSS6.7AI score0.00284EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/03 12:30 p.m.8 views

Dolibarr has an Injection issue

A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. This affects the function checkValForAPI of the file htdocs/expedition/class/expedition.class.php of the component Shipments API Endpoint. The manipulation of the argument fields leads to sql injection. The attack is possible to be...

5CVSS5.4AI score0.00221EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/03 12:30 p.m.8 views

Dolibarr has Insufficient Verification of Data Authenticity

A security flaw has been discovered in Dolibarr ERP CRM up to 23.0.2. This vulnerability affects the function dolverifyHash in the library htdocs/core/lib/security.lib.php of the component Online Signature Module. The manipulation results in improper verification of cryptographic signature. The...

6.3CVSS5.1AI score0.00145EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/03 12:31 a.m.14 views

SGLang has an Improper Input Validation/Injection Issue

A vulnerability was detected in sgl-project SGLang up to 0.5.9. Impacted is the function gettokenizer of the file python/sglang/srt/utils/hftransformersutils.py of the component HuggingFace Transformer Handler. The manipulation results in deserialization. The attack can be executed remotely. A hi...

6.3CVSS5.6AI score0.00368EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/02 6:30 p.m.13 views

sublinear-time-solver has a Path Traversal Issue

A vulnerability was found in ruvnet sublinear-time-solver 1.5.0. Affected by this vulnerability is the function exportstate of the file src/consciousness-explorer/mcp/server.js of the component MCP Interface. The manipulation results in path traversal. The attack can be executed remotely. The...

6.9CVSS6.2AI score0.00462EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/02 3:31 a.m.9 views

yii2-mcp-server has a Command Injection Issue

A flaw has been found in ArtMin96 yii2-mcp-server 1.0.2. This impacts the function yiicommandhelp/yiiexecutecommand of the file src/index.ts of the component MCP Interface. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been publish...

6.5CVSS6.3AI score0.0111EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/02 12:31 a.m.11 views

mem0ai mem0 has an Improper Input Validation Issue

A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vectorstores/faiss.py. Performing a manipulation results in deserialization. It is possible to initiate the attack remotely. The exploit has been made public and could be used...

6.5CVSS6.1AI score0.00315EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/01 6:31 p.m.12 views

MixPHP Framework has an SQL injection vulnerability via crafted `data` array

SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted data array to the data function in BuildHelper.php...

6.5CVSS5.8AI score0.00201EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/01 6:31 p.m.19 views

MixPHP Framework has an SQL injection vulnerability

SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted on array to the joinOn function in BuildHelper.php...

6.5CVSS5.8AI score0.00201EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/01 12:30 p.m.7 views

Apache MINA vulnerable to Deserialization of Untrusted Data (CVE-2026-41409 Incomplete Fix)

The fix for CVE-2026-41409 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a stat...

9.8CVSS7.1AI score0.00657EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/01 12:30 p.m.11 views

Apache MINA vulnerable to Deserialization of Untrusted Data (CVE-2026-41635 Incomplete Fix)

The fix for CVE-2026-41635 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: Apache MINA's AbstractIoBuffer.resolveClass contains two branches, one of them for static classes or primitive types does not check the class at all, bypassing the classname...

9.8CVSS6AI score0.00902EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/01 12:30 p.m.10 views

AstrBot Makes Use of Hard-coded Password

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. This issue affects some unknown processing of the file astrbot/dashboard/routes/auth.py of the component Dashboard. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The...

7.5CVSS6.6AI score0.00288EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/01 12:30 p.m.14 views

Apache Neethi doesn't impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API

Apache Neethi does not impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API. When an application explicitly calls the API to retrieve a policy from a remote URI, an outbound request is made for arbitrary protocols and internal IP...

7.2CVSS5.9AI score0.00497EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/01 9:30 a.m.9 views

OpenStack Keystone has an Incorrect Authorization Issue

An issue was discovered in OpenStack Keystone 13 through 29. POST /v3/credentials did not validate that the caller-supplied projectid for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted application credentia...

8CVSS5.8AI score0.00446EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/01 9:30 a.m.11 views

Apache Neethi does not properly detect circular references in policy definitions.

Apache Neethi does not properly detect circular references in policy definitions. When a WS-Policy document contains circular policy references where Policy A references Policy B which references Policy A, the policy normalization process can enter an infinite loop or cause excessive recursion,...

7.5CVSS5.8AI score0.00763EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/01 9:30 a.m.10 views

OpenStack Ironic Python Agent Includes Functionality from Untrusted Control Sphere

An issue was discovered in OpenStack ironic-python-agent 1.0.0 through 11.5.0. Ironic Python Agent IPA sometimes executes grub-install from within a chroot of the deployed partition image, leading to code execution in the case of a malicious image...

8.5CVSS6.2AI score0.00837EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/01 9:30 a.m.10 views

Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization

Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Specially crafted WS-Policy documents can trigger an exponential Cartesian cross-product expansion during the normalization process, causing unbounded memory allocation that exhausts...

7.5CVSS5.7AI score0.00711EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/01 9:30 a.m.10 views

@diplodoc/search-extension allows stored XSS via Markdown file title

@diplodoc/search-extension 1.0.0 through 3.0.2 allows stored XSS via .md file title...

5.4CVSS5.8AI score0.00241EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/30 9:3 p.m.9 views

Kirby CMS's `pages.access/list` and `files.access/list` permissions are not consistently checked in the Panel and REST API

TL;DR This vulnerability affects all Kirby sites where users of a particular role have no permission to access or list pages or files pages.access, pages.list, files.access or files.list permission is disabled. This can be due to configuration in the user blueprints, via options in the model...

7.1CVSS5.3AI score0.00303EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/30 8:59 p.m.15 views

ps_checkout allows unauthorized method invocation through unvalidated parameter

Impact Unvalidated parameter can lead to some unauthorized method invocation with very little possibilities. Patches The problem has been patched in versions - v5.3.0 for PrestaShop 1.7 build number: 7.5.3.0 - v5.3.0 for PrestaShop 8 build number: 8.5.3.0 - v5.3.0 for PrestaShop 9 build number:...

5.2AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/30 8:57 p.m.9 views

Contras Affected by CopyFile Policy Subversion via Symlinks

Impact The Kata agent policies generated by the Contrast CLI had an issue in the CopyFile verification, which allowed arbitrary writes to the guest root filesytem. A malicious process on the host with the capability to connect to the Kata agent VSOCK could connect to the agent and issue a series ...

5.6AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/30 8:55 p.m.15 views

Arcane Vulnerable to Unauthenticated Disclosure of Custom Compose Template Content (incl. `.env` secrets)

Summary Four GET endpoints under /api/templates in Arcane's Huma backend are registered without any Security requirement, allowing any unauthenticated network client to list and read the full Compose YAML and .env content of every custom template stored in the instance. Because Arcane's UI expose...

8.7CVSS5.5AI score0.00309EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/30 8:47 p.m.9 views

auth: Patreon provider assigns the same local user ID to every authenticated Patreon account, enabling cross‑user impersonation

Summary The Patreon OAuth provider maps every authenticated Patreon account to the same local user.ID, instead of deriving a unique ID from the Patreon account returned by Patreon. In practice, this means all Patreon-authenticated users of an application using this library are collapsed into a...

9.1CVSS5.8AI score0.00417EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2026/04/30 8:44 p.m.7 views

Sentry's improper authentication on SAML SSO process allows user identity linking

Impact A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via Sentry's private bug bounty program. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the sa...

9.8CVSS5.7AI score0.00623EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/30 6:34 p.m.132 views

OpenTelemetry's disk retry default temp path enables local blob injection via OTLP Exporter

Summary The OTLP disk retry feature in OpenTelemetry.Exporter.OpenTelemetryProtocol silently fell back to Path.GetTempPath when OTELDOTNETEXPERIMENTALOTLPRETRY=disk was set but OTELDOTNETEXPERIMENTALOTLPDISKRETRYDIRECTORYPATH was not configured. The exporter stored and loaded .blob files under...

7.8CVSS5.4AI score0.00108EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/30 6:30 p.m.11 views

Shopizer is vulnerable to Cross-site Scripting

Multiple authenticated cross-site scripting XSS vulnerabilities in the XssHttpServletRequestWrapper class of shopizer through version 3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the getInputStream or getReader functions...

5.4CVSS5.9AI score0.00138EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/30 6:30 p.m.17 views

Shopizer has a path traversal issue

A path traversal vulnerability in the /content/images/add endpoint of shopizer through version 3.2.5 allows attackers write arbitrary files to any writeable path via a crafted POST request...

10CVSS5.9AI score0.00412EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/30 6:30 p.m.12 views

Krayin CRM allows a remote attacker to execute arbitrary code via compose email function

An issue in Krayin CRM v.2.1.5, which was fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function...

8.1CVSS6.2AI score0.00567EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/30 6:21 p.m.10 views

ydb-go-sdk's transactions are not committed using the `options.WithCommit()` option on last call `table.Transaction.Execute` in transaction

Impact Transactions were NOT committed despite the explicit options.WithCommit flag using table service client. Because of this, clients did not commit changes to the transaction, relying on the fact that the transaction commit was successful. This led in rare cases to a loss of data consistency...

5.3AI score
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/30 6:20 p.m.8 views

Clerk has an authorization bypass when combining organization, billing, or reverification checks

Summary has, auth.protect, and related authorization predicates in @clerk/shared, @clerk/nextjs, @clerk/backend, and other framework SDKs can return true for certain combined authorization checks when the result should be false, allowing a gated action to proceed for a user who does not satisfy t...

8.1CVSS5.5AI score0.00246EPSS
Exploits0References3Affected Software17
Github Security Blog
Github Security Blog
added 2026/04/30 6:12 p.m.9 views

n8n-mcp's IPv4-mapped IPv6 addresses bypass SSRF protection in validateUrlSync(), enabling full SSRF for SDK embedders

Impact In the SDK embedder path N8NDocumentationMCPServer constructor, getN8nApiClient, and validateInstanceContext, the synchronous URL validator in SSRFProtection.validateUrlSync had no IPv6 checks. IPv4-mapped IPv6 addresses such as http://::ffff:169.254.169.254 bypassed the cloud-metadata,...

8.5CVSS5.5AI score0.00206EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/30 6:10 p.m.12 views

Hickory DNS's Record Cache Accepts AUTHORITY-Section NS from Sibling Zone via Parent-Pool Zone-Context Elevation

Summary The Hickory DNS project's experimental hickory-recursor crate's record cache DnsLru stores records from DNS responses keyed by each record's own name, type, not by the query that triggered the response. cacheresponse in crates/recursor/src/lib.rs chains ANSWER, AUTHORITY, and ADDITIONAL...

5.3AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/30 5:34 p.m.8 views

CKAN has Unauthenticated Authorization Bypass in `datastore_search_sql`

Impact A vulnerability in datastoresearchsql allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system information Patches The issue has been patched in CKAN 2.10.10 and CKAN 2.11.5 Workarounds Disable the DataStore SQL search...

9.1CVSS5.7AI score0.00367EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/30 5:28 p.m.10 views

Weblate Vulnerable to Authenticated SSRF via Project Backup Import bypassing validate_repo_url

Impact An authenticated user with project.add permission default on hosted Weblate SaaS and for any user holding an active billing/trial plan can import a crafted project backup ZIP whose components/.json contains an attacker-chosen repo URL pointing at a private address e.g. http://127.0.0.1:999...

8.1CVSS5.2AI score0.00371EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/30 5:28 p.m.13 views

Weblate Doesn't Invalidate API Token on Password Change

Impact When a user changes their password, browser sessions are correctly invalidated via cyclesessionkeys, but DRF API tokens wlu prefix stored in authtokentoken are not revoked. Patches https://github.com/WeblateOrg/weblate/pull/19057 Resources Weblate thanks Sang Yu Jeon for reporting this via...

5.4CVSS5.2AI score0.00228EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/30 5:27 p.m.29 views

Gotenberg has ExifTool stdin argument injection via metadata value newlines (bypass of key sanitization fix)

Vulnerability Details CWE: CWE-20 - Improper Input Validation The metadata value sanitization introduced in v8.30.1 commit 405f106 only validates metadata KEYS via safeKeyPattern regex. Metadata VALUES are passed unsanitized to go-exiftool SetString, which writes them as fmt.Fprintlne.stdin,...

10CVSS5.6AI score0.00611EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/30 5:25 p.m.17 views

Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS

Impact A stored Cross-Site Scripting XSS vulnerability in Jupyter Notebook allows attackers to steal authentication tokens from users who open malicious notebook files and interact with elements that the attacker can make look indistinguishable from legitimate controls single click interaction. T...

8.4CVSS5.7AI score0.00476EPSS
Exploits0References4Affected Software4
Github Security Blog
Github Security Blog
added 2026/04/30 5:24 p.m.13 views

Gotenberg Vulnerable to Unauthenticated SSRF via Unfiltered Webhook URL

CVE Report — Unauthenticated SSRF via Unfiltered Webhook URL in Gotenberg Severity | Field | Value | |-----------|----------------------------------------| | CVSS v3.1 | 8.6 High | | Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N | | CWE | CWE-918 — Server-Side Request Forgery | | Auth | None |...

7.2CVSS5.7AI score0.00236EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/30 5:19 p.m.16 views

Gotenberg has case-insensitive URL scheme that bypasses webhook and downloadFrom deny-list SSRF protection

Vulnerability Details CWE: CWE-918 - Server-Side Request Forgery SSRF The default private-IP deny-lists for --webhook-deny-list and --api-download-from-deny-list use a case-sensitive regex ^https?://. Any uppercase URL scheme variant HTTP://, HTTPS://, Http:// bypasses the pattern. Go's...

7.8CVSS5.3AI score0.00463EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/30 3:30 p.m.11 views

Keycloak has a Forced Browsing issue

When Keycloak is started with --features-disabled=account,account-api, the Account REST API is only partially disabled. Five endpoints under the versioned path /account/v1alpha1 remain fully functional — including both read and write operations — because they lack the checkAccountApiEnabled gate...

5.4CVSS5.8AI score0.00232EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/30 12:33 p.m.11 views

apache-airflow-providers-smtp: No certificate validation on SMTP STARTTLS connections in SMTP provider

Apache Airflow's SMTP provider SmtpHook called Python's smtplib.SMTP.starttls without an SSL context, so no certificate validation was performed on the TLS upgrade. A man-in-the-middle between the Airflow worker and the SMTP server could present a self-signed certificate, complete the STARTTLS...

5.9CVSS5.8AI score0.00268EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/30 6:30 a.m.10 views

django-mdeditor is Missing Authentication for Critical Function

All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary code execution since this endpoint lacks authentication protection and proper sanitisation of file...

9.8CVSS6.3AI score0.00308EPSS
Exploits0References7Affected Software1
Total number of security vulnerabilities33227