Lucene search
K
GithubRecent

33225 matches found

Github Security Blog
Github Security Blog
added 2026/04/24 12:30 p.m.7 views

Apache DolphinScheduler RPC module has a Deserialization of Untrusted Data vulnerability

Deserialization of Untrusted Data vulnerability in Apache DolphinScheduler RPC module. This issue affects Apache DolphinScheduler: Version = 3.2.0 and 3.3.1. Attackers who can access the Master or Worker nodes can compromise the system by creating a StandardRpcRequest, injecting a malicious class...

6.3CVSS5.8AI score0.00537EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/04/24 12:30 p.m.11 views

Apache ActiveMQ Vulnerable to Improper Input Validation and Code Injection

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery transport...

8.8CVSS7.9AI score0.96666EPSS
Exploits13References3Affected Software3
Github Security Blog
Github Security Blog
added 2026/04/24 12:30 p.m.12 views

Apache ActiveMQ Vulnerable to Code Injection

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can use the admin web console page to construct a malicious broker name that bypasses name validation to...

8.8CVSS6.4AI score0.0098EPSS
Exploits0References4Affected Software3
Github Security Blog
Github Security Blog
added 2026/04/24 12:30 p.m.9 views

Apache ActiveMQ Vulnerable to Cross-site Scripting

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. An authenticated attacker can show malicious content when browsing queues in the web console by overriding the content type to be HTML instead of XML and by injecting...

6.5CVSS5.8AI score0.0056EPSS
Exploits0References4Affected Software3
Github Security Blog
Github Security Blog
added 2026/04/24 9:30 a.m.22 views

Grafana Tempo has an Uncontrolled Resource Consumption issue

Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting maxresultlimit in the search config, e.g. to 262144 2^18...

7.5CVSS5.8AI score0.00645EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 12:31 a.m.6 views

Duplicate Advisory: OpenClaw: Gateway operator.write Can Reach Admin-Class Telegram Config and Cron Persistence via send

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-767m-xrhc-fxm7. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write...

8.8CVSS5.7AI score0.00232EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 12:31 a.m.9 views

Duplicate Advisory: OpenClaw: Zalo replay dedupe keys could suppress messages across chats or senders

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rxmx-g7hr-8mx4. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.2 contains an insufficient scope vulnerability in Zalo webhook replay dedupe keys that allows...

6.3CVSS5.7AI score0.00278EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 12:31 a.m.7 views

Duplicate Advisory: OpenClaw: Telnyx Webhook Replay Detection Bypass via Base64 Signature Re-encoding

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-37v6-fxx8-xjmx. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains a replay detection bypass vulnerability in webhook signature handling that treats...

6.3CVSS5.7AI score0.0033EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 12:31 a.m.8 views

Duplicate Advisory: OpenClaw: OpenShell `mirror` mode can convert untrusted sandbox files into explicitly enabled workspace hooks and execute them on the host during gateway startup

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-42mx-vp8m-j7qh. This link is maintained to preserve external references. Original Description OpenShell before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted...

7.3CVSS6.5AI score0.00123EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 12:31 a.m.7 views

Duplicate Advisory: OpenClaw: Slack thread context could include messages from non-allowlisted senders

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qm77-8qjp-4vcm. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.2 fails to filter Slack thread context by sender allowlist, allowing non-allowlisted messages ...

5.4CVSS5.7AI score0.0014EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 12:31 a.m.57 views

Duplicate Advisory: OpenClaw: Gateway `device.token.rotate` does not terminate active WebSocket sessions after credential rotation

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rfqg-qgf8-xr9x. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 fails to terminate active WebSocket sessions when rotating device tokens. Attackers with...

5.4CVSS5.7AI score0.00186EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 12:31 a.m.9 views

Duplicate Advisory: OpenClaw: Pairing pending-request caps were enforced per channel instead of per account

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wwfp-w96m-c6x8. This link is maintained to preserve external references. Original Description OpenClaw 2026.2.26 before 2026.3.31 enforces pending pairing-request caps per channel file instead of per account,...

7.5CVSS5.7AI score0.00417EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 12:31 a.m.7 views

Duplicate Advisory: OpenClaw: HTTP operator endpoints lack browser-origin validation in trusted-proxy mode

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mhr7-2xmv-4c4q. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 lacks browser-origin validation in HTTP operator endpoints when operating in trusted-proxy...

7.1CVSS5.7AI score0.00112EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 12:31 a.m.6 views

Duplicate Advisory: OpenClaw: Discord Component Interaction Misclassifies Group DM as Direct Message

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6336-qqw9-v6x6. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group...

5.4CVSS5.7AI score0.00125EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 12:31 a.m.15 views

Duplicate Advisory: OpenClaw: CLI Remote Onboarding Persists Unauthenticated Discovery Endpoint and Exfiltrates Gateway Credentials

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-3cw3-5vxw-g2h3. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.28 contains an authentication bypass vulnerability in the remote onboarding component that...

8.1CVSS5.7AI score0.00126EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 12:31 a.m.10 views

Duplicate Advisory: OpenClaw: Fake DeviceToken Bypasses Shared Auth Rate Limiting

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6p8r-6m93-557f. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains an authentication rate limiting bypass vulnerability that allows attackers to...

6.3CVSS5.7AI score0.00387EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 12:31 a.m.9 views

Duplicate Advisory: OpenClaw host-env blocklist missing `GIT_TEMPLATE_DIR` and `AWS_CONFIG_FILE` allows code execution via env override

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6p8r-6m93-557f. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GITTEMPLATEDIR and...

5.8CVSS5.9AI score0.00105EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 12:31 a.m.11 views

Duplicate Advisory: OpenClaw: Device-Paired Node Skips Node Scope Gate → Host RCE.md

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xj9w-5r6q-x6v4. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the no...

8.8CVSS6.6AI score0.00544EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 12:31 a.m.12 views

Duplicate Advisory: OpenClaw: Discord Slash Commands Bypass Group DM Channel Allowlist

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rvvf-6vh3-9j43. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord slash command and autocomplete...

5.4CVSS5.7AI score0.00177EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 12:31 a.m.9 views

Duplicate Advisory: OpenClaw: Gateway `operator.write` can reach admin-only persisted `verboseLevel` via `chat.send` `/verbose`

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5h2w-qmfp-ggp6. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the chat.send endpoint that allows...

8.8CVSS5.7AI score0.00209EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 12:31 a.m.9 views

Duplicate Advisory: OpenClaw: LINE webhook handler lacks shared pre-auth concurrency budget before signature verification

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6336-qqw9-v6x6. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 lacks a shared pre-auth concurrency budget on the public LINE webhook path, allowing...

6.9CVSS5.7AI score0.00459EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 12:31 a.m.8 views

Duplicate Advisory: OpenClaw: Voice-call Plivo replay mutates in-process callback origin before replay rejection

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-89r3-6x4j-v7wf. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains a callback origin mutation vulnerability in Plivo voice-call replay that allows...

6.3CVSS5.7AI score0.00229EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 12:31 a.m.10 views

Duplicate Advisory: OpenClaw Has a Gateway Control Interface Information Disclosure Vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hr8g-2q7x-3f4w. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains an information disclosure vulnerability in the Control Interface bootstrap JSON th...

6.9CVSS5.7AI score0.00297EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 12:31 a.m.6 views

Duplicate Advisory: OpenClaw: Gateway hello snapshots exposed host config and state paths to non-admin clients

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2f7j-rp58-mr42. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in Gateway connect success snapshots to non-admin...

5.3CVSS5.7AI score0.00283EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 12:31 a.m.9 views

Duplicate Advisory: OpenClaw: Workspace `.env` can override the bundled hooks root and load attacker hook code

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-3qpv-xf3v-mm45. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAWBUNDLEDHOOKSDIR environment variable,...

8.5CVSS6AI score0.00133EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/23 9:54 p.m.14 views

melange has Path Traversal via .PKGINFO in --persist-lint-results

Impact melange lint --persist-lint-results opt-in flag, also usable via melange build --persist-lint-results constructs output file paths by joining --out-dir with the arch and pkgname values read from the .PKGINFO control file of the APK being linted. In affected versions these values were not...

4.4CVSS5.9AI score0.00172EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/23 9:53 p.m.16 views

melange has Path Traversal When Resolving External Pipelines via Unvalidated pipeline[].uses

Impact An attacker who can influence a melange configuration file — for example through pull-request-driven CI or build-as-a-service scenarios — could set pipeline.uses to a value containing ../ sequences or an absolute path. The Compiled.compilePipeline function in pkg/build/compile.go passed us...

6.1CVSS5.9AI score0.0014EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/23 9:52 p.m.26 views

Cloudflare has SSRF via redirect following through its image-binding-transform endpoint (incomplete fix for GHSA-qpr4)

Summary The fetch call for remote images in packages/integrations/cloudflare/src/utils/image-binding-transform.ts line 28 uses the default redirect: 'follow' behavior. This allows the Cloudflare Worker to follow HTTP redirects to arbitrary URLs, bypassing the isRemoteAllowed domain allowlist chec...

2.2CVSS5.9AI score0.00199EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/23 9:46 p.m.17 views

OpenLearnX has Critical Remote Code Execution Through Python Sandbox Escape via Code Execution Environment

Overview A critical Remote Code Execution RCE vulnerability was identified in the OpenLearnX code execution environment, allowing sandbox escape and arbitrary command execution. The issue has been fixed...

10CVSS6.4AI score0.0091EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/23 9:44 p.m.10 views

OpenTelemetry.Sampler.AWS & OpenTelemetry.Resources.AWS have unbounded HTTP response body reads

Summary OpenTelemetry.Sampler.AWS reads unbounded HTTP response bodies from a configured AWS X-Ray remote sampling endpoint into memory. OpenTelemetry.Resources.AWS reads unbounded HTTP response bodies from a configured AWS EC2/ECS/EKS remote instance metadata service endpoint into memory. Both o...

5.9CVSS5.8AI score0.00301EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2026/04/23 9:43 p.m.97 views

OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers

Summary The implementation details of the baggage, B3 and Jaeger processing code in the OpenTelemetry.Api and OpenTelemetry.Extensions.Propagators NuGet packages can allocate excessive memory when parsing which could create a potential denial of service DoS in the consuming application. Details...

5.3CVSS5.8AI score0.00458EPSS
Exploits0References10Affected Software2
Github Security Blog
Github Security Blog
added 2026/04/23 9:40 p.m.17 views

OpenTelemetry dotnet: Unbounded `grpc-status-details-bin` parsing in OTLP/gRPC retry handling

Summary When exporting telemetry over gRPC using the OpenTelemetry Protocol OTLP, the exporter may parse a server-provided grpc-status-details-bin trailer during retry handling. Prior to the fix, a malformed trailer could encode an extremely large length-delimited protobuf field which was used...

5.3CVSS5.8AI score0.00192EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/23 9:39 p.m.9 views

Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows Controller

Summary An unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed workflows.argoproj.io/pod-gc-strategy annotation. Because the panic occurs inside an informer goroutine outside the controller's recover scope, it...

7.7CVSS5.8AI score0.00377EPSS
Exploits1References3Affected Software2
Github Security Blog
Github Security Blog
added 2026/04/23 9:26 p.m.11 views

OpenTelemetry dotnet: OTLP exporter reads unbounded HTTP response bodies

Summary When exporting telemetry to a back-end/collector over gRPC or HTTP using OpenTelemetry Protocol format OTLP, if the request results in a unsuccessful request i.e. HTTP 4xx or 5xx, the response is read into memory with no upper-bound on the number of bytes consumed. This could cause memory...

5.9CVSS5.8AI score0.00304EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/23 9:24 p.m.10 views

Kirby's page creation API bypasses the changeStatus permission check via unfiltered isDraft parameter

TL;DR This vulnerability affects all Kirby sites where users have the permission to create pages pages.create permission is enabled but not the permission to change the status of pages pages.changeStatus permission is disabled. This can be due to configuration in the user blueprints, via options ...

6.5CVSS5.7AI score0.00275EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/23 9:24 p.m.10 views

Apktool: Path Traversal to Arbitrary File Write

A path traversal vulnerability in brut/androlib/res/decoder/ResFileDecoder.java allows a maliciously crafted APK to write arbitrary files to the filesystem during standard decoding apktool d. This is a security regression introduced in commit e10a045 PR 4041, December 12, 2025, which removed the...

7.1CVSS5.9AI score0.00182EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/23 9:24 p.m.12 views

Kirby has Server-Side Template Injection (SSTI) via double template resolution in option rendering

TL;DR This vulnerability affects all Kirby sites that use option fields checkboxes, color, multiselect, select, radio, tags or toggles with options from a query or API whose values may not be fully trusted. It also affects direct uses of the OptionsApi or OptionsQuery classes of Kirby's Options...

8.1CVSS6.4AI score0.00334EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/23 9:23 p.m.9 views

Actual has Privilege Escalation via 'change-password' Endpoint on OpenID-Migrated Servers

Summary Any authenticated user including BASIC role can escalate to ADMIN on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: POST /account/change-password has no authorization check, allowing any session to overwrite the password hash; the inactive...

8.8CVSS5.8AI score0.00472EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/23 9:21 p.m.15 views

go-ntlmssp NTLM challenges can panic on malformed payloads

go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport. Version 0.1.1 patches the issue...

7.5CVSS5.2AI score0.01027EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/23 9:21 p.m.9 views

Kirby has XML injection in its XML creator toolkit

TL;DR This vulnerability only affects Kirby sites that use the Xml data handler e.g. Data::encode$string, 'xml' or the Xml::create, Xml::tag or Xml::value methods in site or plugin code. The Kirby core does not use any of the affected methods. If consumers use an affected method and cannot rule o...

7.5CVSS5.4AI score0.00346EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/23 9:15 p.m.7 views

Pipecat: Remote Code Execution by Pickle Deserialization Through LivekitFrameSerializer

Remote Code Execution via Unsafe Deserialization in Pipecat's LivekitFrameSerializer Summary A critical vulnerability exists in Pipecat's LivekitFrameSerializer – an optional, non-default, undocumented frame serializer class now deprecated intended for LiveKit integration. The class's deserialize...

9.8CVSS7.1AI score0.00701EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/23 6:33 p.m.8 views

Duplicate Advisory: OpenClaw: Assistant media route missed scope enforcement for trusted-proxy authorization

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-v8qf-fr4g-28p2. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.20 contains a scope enforcement bypass vulnerability in the assistant-media route that allows...

6.5CVSS5.7AI score0.00222EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/23 6:33 p.m.17 views

ntfy.sh allows a remote attacker to execute arbitrary code via the parseActions function

An issue in Ntfy ntfy.sh before v.2.22.0 allows a remote attacker to execute arbitrary code via the parseActions function...

9.8CVSS6.2AI score0.00272EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/23 2:55 p.m.63 views

Microsoft Security Advisory CVE-2026-40372 – ASP.NET Core Elevation of Privilege

Executive Summary: A bug in Microsoft.AspNetCore.DataProtection 10.0.0-10.0.6 NuGet packages can give an attacker the opportunity to execute an Elevation of Privilege attack by forging authentication cookies, and also allows some protected payloads to be decrypted. If an attacker used forged...

9.1CVSS6.2AI score0.11205EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/23 2:36 p.m.10 views

Astro: Cache Poisoning due to incorrect error handling when if-match header is malformed

Summary Requesting a static JS/CSS resource from the astro path with an incorrect or malformed if-match header returns a 500 error with a one-year cache lifetime instead of 412 in some cases. As a result, all subsequent requests to that file — regardless of the if-match header — will be served a...

5.3CVSS5.7AI score0.00238EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/23 2:31 p.m.11 views

n8n-MCP Logs Sensitive Request Data on Unauthorized /mcp Requests

Impact When n8n-mcp runs in HTTP transport mode, incoming requests to the POST /mcp endpoint had their request metadata written to server logs regardless of the authentication outcome. In deployments where logs are collected, forwarded to external systems, or viewable outside the request trust...

5.3CVSS5.7AI score0.00255EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/23 2:28 p.m.9 views

goshs has Cross-Origin Arbitrary File Write via Missing CSRF on PUT and Wildcard CORS

Summary The PUT upload handler httpserver/updown.go lacks the CSRF token validation that was added to the POST upload handler during the GHSA-jrq5-hg6x-j6g3 fix. Combined with the unconditional Access-Control-Allow-Origin: on the OPTIONS preflight handler httpserver/server.go, any website can wri...

6.5CVSS5.9AI score0.00165EPSS
Exploits1References5Affected Software2
Github Security Blog
Github Security Blog
added 2026/04/23 2:17 p.m.10 views

OpenC3 COSMOS: Permissions Bypass Provides User Access to Unassigned Administrative Actions via Script Runner Tool

Vulnerability Type: Execution with Unnecessary Privileges Attack type: Authenticated remote Impact: Data disclosure/manipulation, privilege escalation Affected components: The following docker images: • Openc3inc/openc3-COSMOS-script-runner-api The Script Runner widget allows users to execute...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/23 2:12 p.m.12 views

OpenC3 COSMOS has SQL Injection in QuestDB Time-Series Database

Vulnerability Type: CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' Attack type: Authenticated remote Impact: Telemetry data disclosure and deletion Affected components: openc3-tsdb QuestDB A SQL injection vulnerability exists in the Time-Series Database...

9.6CVSS6.2AI score0.00323EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/23 12:31 p.m.9 views

H2O-3 is Vulnerable to Code Injection

A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific...

9.8CVSS7.5AI score0.00938EPSS
Exploits1References4Affected Software1
Total number of security vulnerabilities33225