Lucene search
K
GithubRecent

33190 matches found

Github Security Blog
Github Security Blog
added 2026/04/14 10:33 p.m.6 views

SpiceDB's SPICEDB_DATASTORE_CONN_URI is leaked on startup logs

Impact When SpiceDB starts with log level info, the startup "configuration" log will include the full datastore DSN, including the plaintext password, inside DatastoreConfig.URI. Patches v1.51.1 Workarounds Change the log level to warn or error...

6CVSS5.8AI score0.00166EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 10:32 p.m.11 views

Zarf has a Path Traversal via Malicious Package Metadata.Name — Arbitrary File Write

Impact This vulnerability impacts users of zarf package inspect sbom or zarf package inspect documentation on untrusted packages. Patches 4793, now fixed in version v0.74.2 Workarounds Avoid inspecting unsigned packages Description The package inspect sbom and package inspect documentation...

7.1CVSS5.9AI score0.0032EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 10:32 p.m.6 views

Serendipity has a Host Header Injection allows SMTP header injection via unvalidated HTTP_HOST in Message-ID email header

Summary Serendipity inserts $SERVER'HTTPHOST' directly into the Message-ID SMTP header without any validation beyond CRLF stripping. An attacker who can control the Host header during an email-triggering action can inject arbitrary SMTP headers into outgoing emails, enabling spam relay, BCC...

7.2CVSS5.9AI score0.00255EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 10:32 p.m.8 views

Serendipity has a Host Header Injection allows authentication cookie scoping to attacker-controlled domain in functions_config.inc.php

Summary The serendipitysetCookie function uses $SERVER'HTTPHOST' without validation as the domain parameter of setcookie. An attacker can force authentication cookies — including session tokens and auto-login tokens — to be scoped to an attacker-controlled domain, facilitating session hijacking...

6.9CVSS5.8AI score0.00224EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 10:32 p.m.9 views

MCP Server Kubernetes has an Argument Injection in port_forward tool via space-splitting

Summary The portforward tool in mcp-server-kubernetes constructs a kubectl command as a string and splits it on spaces before passing to spawn. Unlike all other tools in the codebase which correctly use execFileSync"kubectl", argsArray, portforward uses string concatenation with user-controlled...

8.3CVSS5.9AI score0.00258EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 10:31 p.m.12 views

Expression Injection in OpenRemote

Summary The OpenRemote IoT platform's rules engine contains two interrelated critical expression injection vulnerabilities that allow an attacker to execute arbitrary code on the server, ultimately achieving full server compromise. - Unsandboxed Nashorn JavaScript Engine: JavaScript rules are...

9.9CVSS6.5AI score0.00924EPSS
Exploits2References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 10:31 p.m.14 views

OAuth2 Proxy's Health Check User-Agent Matching Bypasses Authentication in auth_request Mode

Impact A configuration-dependent authentication bypass exists in OAuth2 Proxy. Deployments are affected when all of the following are true: - OAuth2 Proxy is used with an authrequest-style integration for example, nginx authrequest - --ping-user-agent is set or --gcp-healthchecks is enabled In...

9.1CVSS5.9AI score0.00475EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/04/14 10:31 p.m.8 views

OAuth2 Proxy's session cookies are not cleared when rendering sign-in page

Impact A regression introduced in v7.11.0 is preventing OAuth2 Proxy from clearing the session cookie when rendering the sign-in page. This only impacts deployments that rely on the sign-in page as part of their logout flow. In those setups, a user may be shown the sign-in page while the existing...

3.5CVSS5.8AI score0.00183EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 10:30 p.m.8 views

PowerShell Command Injection in Podman HyperV Machine

Summary A command injection vulnerability exists in Podman's HyperV machine backend. The VM image path is inserted into a PowerShell double-quoted string without sanitization, allowing $ subexpression injection. Affected Code File: pkg/machine/hyperv/stubber.go:647 go resize :=...

8.8CVSS6.1AI score0.00607EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/04/14 10:29 p.m.115 views

October Rain has Stored XSS via SVG Filter Bypass

A stored cross-site scripting XSS vulnerability was identified in the SVG sanitization logic. The regex pattern used to strip on event handler attributes could be bypassed using a crafted payload that exploits how the pattern matches attribute boundaries. Impact - Stored XSS via malicious SVG fil...

4.8CVSS5.5AI score0.00217EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 10:29 p.m.6 views

October Rain has Environment Variable Exfiltration via INI Parser Interpolation

A server-side information disclosure vulnerability was identified in the INI settings parser. PHP's parseinistring function supports $ syntax for environment variable interpolation. Attackers with Editor access could inject $APPKEY, $DBPASSWORD, or similar patterns into CMS page settings fields,...

4.9CVSS5.7AI score0.00326EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 10:28 p.m.7 views

goshs's public collaborator feed leaks .goshs ACL credentials and enables unauthorized access

Summary goshs leaks file-based ACL credentials through its public collaborator feed when the server is deployed without global basic auth. Requests to .goshs-protected folders are logged before authorization is enforced, and the collaborator websocket broadcasts raw request headers, including...

8.8CVSS5.8AI score0.00311EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 10:28 p.m.27 views

goshs has CSRF in state-changing GET routes enables authenticated file deletion and directory creation

Summary goshs contains a cross-site request forgery issue in its state-changing HTTP GET routes. An external attacker can cause an already authenticated browser to trigger destructive actions such as ?delete and ?mkdir because goshs relies on HTTP basic auth alone and performs no CSRF, Origin, or...

8.1CVSS5.8AI score0.00143EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 10:28 p.m.12 views

goshs has an empty-username SFTP password authentication bypass

Summary goshs contains an SFTP authentication bypass when the documented empty-username basic-auth syntax is used. If the server is started with -b ':pass' together with -sftp, goshs accepts that configuration but does not install any SFTP password handler. As a result, an unauthenticated network...

9.8CVSS5.8AI score0.00478EPSS
Exploits1References3Affected Software2
Github Security Blog
Github Security Blog
added 2026/04/14 10:28 p.m.9 views

SFTP root escape via prefix-based path validation in goshs

Summary goshs contains an SFTP root escape caused by prefix-based path validation. An authenticated SFTP user can read from and write to filesystem paths outside the configured SFTP root, which breaks the intended jail boundary and can expose or modify unrelated server files. Details The SFTP...

8.8CVSS6AI score0.00439EPSS
Exploits1References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/04/14 10:27 p.m.7 views

Decidim's comments API allows access to all commentable resources

Impact The root level commentable field in the API allows access to all commentable resources within the platform, without any permission checks. All Decidim instances are impacted that have not secured the /api endpoint. The /api endpoint is publicly available with the default configuration...

7.5CVSS5.9AI score0.00287EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2026/04/14 10:22 p.m.12 views

Decidim amendments can be accepted or rejected by anyone

Impact The vulnerability allows any registered and authenticated user to accept or reject any amendments. The impact is on any users who have created proposals where the amendments feature is enabled. This also elevates the user accepting the amendment as the author of the original proposal as...

7.5CVSS5.8AI score0.00223EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 9:31 p.m.9 views

OpenStack Keystone: LDAP identity backend does not convert enabled attribute to boolean

In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the userenabledinvert configuration option is False the default. The ldaprestomodel method in the UserApi class only performed string-to-boolean conversion when...

7.7CVSS5.8AI score0.00317EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 8:9 p.m.9 views

kyverno apicall servicecall implicit bearer token injection leaks kyverno serviceaccount token

kyverno’s apiCall servicecall helper implicitly injects Authorization: Bearer ... using the kyverno controller serviceaccount token when a policy does not explicitly set an Authorization header. because context.apiCall.service.url is policy-controlled, this can send the kyverno serviceaccount tok...

8.1CVSS5.9AI score0.00289EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 8:6 p.m.6 views

Kyverno APICall SSRF Vulnerability Leading to Multi-Tenant Isolation Breach

Summary Kyverno's APICall feature contains a Server-Side Request Forgery SSRF vulnerability that allows users with Policy creation permissions to access arbitrary internal resources through Kyverno's high-privilege ServiceAccount. In multi-tenant Kubernetes environments, this constitutes a classi...

6.1AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 8:5 p.m.11 views

Kyverno has unrestricted outbound requests in Kyverno apiCall enabling SSRF

Summary A Server-Side Request Forgery SSRF vulnerability in Kyverno allows authenticated users to induce the admission controller to send arbitrary HTTP requests to attacker-controlled endpoints. When a ClusterPolicy uses apiCall.service.url with variable substitution e.g. request.object.,...

6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 8:5 p.m.8 views

Multiple security fixes in justhtml

Summary justhtml 1.16.0 fixes multiple security issues in sanitization, serialization, and programmatic DOM handling. Most of these issues affected one of these advanced paths rather than ordinary parsed HTML with the default safe settings: - programmatic DOM input to sanitize or sanitizedom -...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 8:3 p.m.8 views

Composer has a command injection via malicious perforce repository

Impact The Perforce::generateP4Command method constructed shell commands by interpolating user-supplied Perforce connection parameters port, user, client without proper escaping. An attacker controlling a repository configuration in a malicious composer.json declaring a Perforce VCS repository...

7.8CVSS6.4AI score0.01065EPSS
Exploits4References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 8:2 p.m.7 views

October CMS has Stored XSS in Event Log Mail Preview

A stored cross-site scripting XSS vulnerability was identified in the Event Log mail preview feature. When viewing logged mail messages, HTML content was rendered in an iframe without proper sandboxing, allowing JavaScript execution in the viewer's browser context. Impact - Stored XSS via mail...

5.4CVSS5.8AI score0.00198EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 8:2 p.m.10 views

October CMS has Stored XSS in Backend Editor Markup Classes

A stored cross-site scripting XSS vulnerability was identified in the Backend Editor Settings. The Markup Classes fields used for paragraph styles, inline styles, table styles, etc. did not sanitize input to valid CSS class name characters. Malicious values were rendered unsanitized in Froala...

5.4CVSS5.8AI score0.00252EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 8:2 p.m.7 views

October Rain has a Twig Sandbox Bypass via Collection Methods

A sandbox bypass vulnerability was identified in the optional Twig safe mode feature CMSSAFEMODE. Certain methods on the collect helper were not properly restricted, allowing authenticated users with template editing permissions to bypass sandbox protections. Impact - Bypass of Twig sandbox...

6.8CVSS5.8AI score0.00395EPSS
Exploits2References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 8:1 p.m.10 views

Composer has a command injection via malicious perforce reference

Impact The Perforce::syncCodeBase method appended the $sourceReference parameter to a shell command without proper escaping, allowing an attacker to inject arbitrary commands through a crafted source reference containing shell metacharacters. Further as in GHSA-wg36-wvj6-r67p / CVE-2026-40176 the...

8.8CVSS6.3AI score0.01688EPSS
Exploits4References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 8:1 p.m.7 views

@adonisjs/http-server has an Open Redirect vulnerability

Impact The response.redirect.back method in @adonisjs/http-server is vulnerable to open redirects. The method reads the Referer header from the incoming HTTP request and redirects to that URL without validating the host. An attacker who can influence the Referer header for example, by linking a...

6.1CVSS5.7AI score0.00248EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2026/04/14 8:0 p.m.7 views

free5gc UDR fail-open request handling in PolicyDataSubsToNotifySubsIdPut may allow unintended subscription updates after input errors

Summary A fail-open request handling flaw in the UDR service causes the /nudr-dr/v2/policy-data/subs-to-notify/subsId PUT handler to continue processing requests even after request body retrieval or deserialization errors. This may allow unintended modification of existing Policy Data notificatio...

6.9CVSS6AI score0.00321EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 8:0 p.m.9 views

free5gc UDR improper path validation allows unauthenticated creation and modification of Traffic Influence Subscriptions

Summary An improper path validation vulnerability in the UDR service allows any unauthenticated attacker with access to the 5G Service Based Interface SBI to create or overwrite Traffic Influence Subscriptions by supplying an arbitrary value in place of the expected subs-to-notify path segment...

8.7CVSS5.9AI score0.00427EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 8:0 p.m.8 views

free5gc UDR improper path validation allows unauthenticated access to Traffic Influence Subscriptions

Summary An improper path validation vulnerability in the UDR service allows any unauthenticated attacker with access to the 5G Service Based Interface SBI to read Traffic Influence Subscriptions by supplying an arbitrary value in place of the expected subs-to-notify path segment. Details The...

8.7CVSS6AI score0.00493EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 8:0 p.m.11 views

free5gc UDR improper path validation allows unauthenticated deletion of Traffic Influence Subscriptions

Summary An improper path validation vulnerability in the UDR service allows any unauthenticated attacker with access to the 5G Service Based Interface SBI to delete Traffic Influence Subscriptions by supplying an arbitrary value in place of the expected subs-to-notify path segment. Details The...

8.7CVSS5.9AI score0.0038EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 8:0 p.m.6 views

free5gc UDR nudr-dr influenceData/subs-to-notify leaks SUPI in error response body without authentication

Summary An information disclosure vulnerability in the UDR service allows any unauthenticated attacker with access to the 5G Service Based Interface SBI to retrieve stored subscriber identifiers SUPI/IMSI with a single HTTP GET request requiring no parameters or credentials. Details The endpoint...

7.5CVSS5.8AI score0.00506EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 7:10 p.m.6 views

ImageMagick has an off-by-one error in MSL decoder could result in crash

An off by one error in de MSL decoder could result in a crash when a malicous msl file is read...

6.2CVSS5.8AI score0.00177EPSS
Exploits0References6Affected Software17
Github Security Blog
Github Security Blog
added 2026/04/14 6:51 p.m.10 views

ImageMagick has a heap-use-after-free via XMP profile could result in a crash when printing the values.

An heap use after free when reading an invalid XMP profile could result in a crash due to an heap use after free when printing the values...

5.5CVSS5.8AI score0.00184EPSS
Exploits0References6Affected Software16
Github Security Blog
Github Security Blog
added 2026/04/14 6:51 p.m.7 views

ImageMagick has a heap out-of-bounds write in JP2 encoder

Heap out-of-bounds write in the JP2 encoder with when a user specifies an invalid sampling index...

5.5CVSS5.8AI score0.00189EPSS
Exploits0References6Affected Software16
Github Security Blog
Github Security Blog
added 2026/04/14 6:50 p.m.8 views

ImageMagick has a heap buffer overflow when encoding JXL image with a 16-bit float

The JXL encoder has an heap write overflow when a user specifies that the image should be encoded as 16 bit floats...

5.5CVSS5.8AI score0.00187EPSS
Exploits0References6Affected Software17
Github Security Blog
Github Security Blog
added 2026/04/14 6:50 p.m.13 views

ImageMagick has a heap buffer overflow (WRITE) in the YAML and JSON encoders.

A crafted image could result in an out of bounds heap write when writing a yaml or json output and that could result in a crash...

6.2CVSS5.8AI score0.0018EPSS
Exploits0References6Affected Software17
Github Security Blog
Github Security Blog
added 2026/04/14 6:49 p.m.7 views

ImageMagick has an out-of-bounds read in sample operation

The -sample operation has an out of bounds read when an specific offset is set through the sample:offset define that could lead to an out of bounds read...

7.1CVSS5.8AI score0.00194EPSS
Exploits0References6Affected Software17
Github Security Blog
Github Security Blog
added 2026/04/14 6:48 p.m.7 views

ImageMagick has a Stack Overflow via Recursive FX Expression Parsing

A stack overflow vulnerability in ImageMagick's FX expression parser allows an attacker to crash the process by providing a deeply nested expression...

5.5CVSS5.8AI score0.00144EPSS
Exploits0References6Affected Software17
Github Security Blog
Github Security Blog
added 2026/04/14 6:30 p.m.19 views

Webkul Krayin CRM has Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController.php

A Broken Object-Level Authorization BOLA in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any lead owned by other users via supplying a crafted GET request...

8.1CVSS5.8AI score0.00351EPSS
Exploits2References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 6:30 p.m.7 views

Webkul Krayin CRM has Server-Side Request Forgery (SSRF)

A Server-Side Request Forgery SSRF in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attackers to scan internal resources via supplying a crafted POST request...

8.5CVSS5.8AI score0.00249EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 6:30 p.m.8 views

Webkul Krayin CRM has Broken Object-Level Authorization (BOLA) in the /Contact/Persons/PersonController.php

A Broken Object-Level Authorization BOLA in the /Contact/Persons/PersonController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any contact owned by other users via supplying a crafted GET request...

8.1CVSS5.8AI score0.00351EPSS
Exploits2References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 6:30 p.m.6 views

Webkul Krayin CRM has Broken Object-Level Authorization (BOLA) in the /Settings/UserController.php

A Broken Object-Level Authorization BOLA in the /Settings/UserController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily reset user passwords and perform a full account takeover via supplying a crafted HTTP request...

8.8CVSS5.8AI score0.00624EPSS
Exploits2References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 6:17 p.m.18 views

Hack the AI agent: Build agentic AI security skills with the GitHub Secure Code Game

I was scrolling through my feed one evening when I came across OpenClaw, an open source personal AI assistant that people were calling everything from "Jarvis" to "a portal to a new reality." The idea is beautiful: an AI that lives on your machine or in the cloud, talks to you over WhatsApp or...

8.8CVSS7.3AI score0.08016EPSS
Exploits5
Github Security Blog
Github Security Blog
added 2026/04/14 3:30 p.m.9 views

Keycloak: Arbitrary code execution via Stored Cross-Site Scripting (XSS) in organization selection login page

A flaw was found in Keycloak, specifically in the organization selection login page. A remote attacker with manage-realm or manage-organizations administrative privileges can exploit a Stored Cross-Site Scripting XSS vulnerability. This flaw occurs because the organization.alias is placed into an...

6.9CVSS6AI score0.00226EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 3:30 p.m.14 views

OpenAI Codex CLI enables code execution through malicious MCP (Model Context Protocol) configuration files

A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP Model Context Protocol configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads...

9.8CVSS6.4AI score0.06583EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 3:0 p.m.6 views

How exposed is your code? Find out in minutes—for free

Most security leaders share the same suspicion: there are vulnerabilities in our codebase that we don't know about. The uncomfortable truth is that most code never gets a thorough security review. Vulnerabilities accumulate quietly in active repositories, across languages and teams, often...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/04/14 12:31 p.m.12 views

MCPHub has an authentication bypass

MCPHub in versions below 0.11.0 is vulnerable to authentication bypass. Some endpoints are not protected by authentication middleware, allowing an unauthenticated attacker to perform actions in the name of other users and using their privileges...

5.3CVSS5.8AI score0.00353EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 9:30 a.m.8 views

Apache PDFBox Examples: Path Traversal in PDFBox ExtractEmbeddedFiles Example Code

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache PDFBox Examples. This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.36, from 3.0.0 through 3.0.7. Users are recommended to update to version 2.0.37 or...

4.3CVSS5.8AI score0.00711EPSS
Exploits0References5Affected Software1
Total number of security vulnerabilities33190