Lucene search
K
GithubRecent

33187 matches found

Github Security Blog
Github Security Blog
•added 2026/04/10 7:28 p.m.•6 views

PraisonAI Vulnerable to Server-Side Request Forgery via Unvalidated webhook_url in Jobs API

Summary The /api/v1/runs endpoint accepts an arbitrary webhookurl in the request body with no URL validation. When a submitted job completes success or failure, the server makes an HTTP POST request to this URL using httpx.AsyncClient. An unauthenticated attacker can use this to make the server...

10CVSS6.2AI score0.0028EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 7:28 p.m.•7 views

PraisonAI: Coarse-Grained Tool Approval Cache Bypasses Per-Invocation Consent for Shell Commands

Summary The approval system in PraisonAI Agents caches tool approval decisions by tool name only, not by invocation arguments. Once a user approves executecommand for any command e.g., ls -la, all subsequent executecommand calls in that execution context bypass the approval prompt entirely...

6.8CVSS6.1AI score0.00116EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 7:28 p.m.•8 views

PraisonAIAgents: SSRF via unvalidated URL in `web_crawl` httpx fallback

| Field | Value | |---|---| | Severity | High | | Type | SSRF -- unvalidated URL in webcrawl httpx fallback allows internal network access | | Affected | src/praisonai-agents/praisonaiagents/tools/webcrawltools.py:133-180 | Summary webcrawl's httpx fallback path passes user-supplied URLs directly...

7.1CVSS5.9AI score0.00281EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 7:28 p.m.•10 views

PraisonAI: Cross-Origin Agent Execution via Hardcoded Wildcard CORS and Missing Authentication on AGUI Endpoint

Summary The AGUI endpoint POST /agui has no authentication and hardcodes Access-Control-Allow-Origin: on all responses. Combined with Starlette/FastAPI's Content-Type-agnostic JSON parsing, any website a victim visits can silently trigger arbitrary agent execution against a locally-running AGUI...

6.4AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 7:28 p.m.•6 views

PraisonAI Vulnerable to Sensitive Environment Variable Exposure via Untrusted MCP Subprocess Execution

PraisonAI’s MCP Model Context Protocol integration allows spawning background servers via stdio using user-supplied command strings e.g., MCP"npx -y @smithery/cli ...". These commands are executed through Python’s subprocess module. By default, the implementation forwards the entire parent proces...

5.5CVSS6.1AI score0.00182EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 7:27 p.m.•10 views

PraisonAI vulnerable to arbitrary file write via path traversal in `praisonai recipe unpack`

| Field | Value | |---|---| | Severity | Critical | | Type | Path traversal -- arbitrary file write via tar.extract without member validation | | Affected | src/praisonai/praisonai/cli/features/recipe.py:1170-1172 | Summary cmdunpack in the recipe CLI extracts .praison tar archives using raw...

9.4CVSS6AI score0.00379EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 7:26 p.m.•3 views

PraisonAI Vulnerable to Implicit Execution of Arbitrary Code via Automatic `tools.py` Loading

PraisonAI automatically loads a file named tools.py from the current working directory to discover and register custom agent tools. This loading process uses importlib.util.specfromfilelocation and immediately executes module-level code via spec.loader.execmodule without explicit user consent,...

7.8CVSS6.4AI score0.00209EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 7:26 p.m.•7 views

PraisonAI Vulnerable to Decompression Bomb DoS via Recipe Bundle Extraction Without Size Limits

Summary The safeextractall function in PraisonAI's recipe registry validates archive members against path traversal attacks but performs no checks on individual member sizes, cumulative extracted size, or member count before calling tar.extractall. An attacker can publish a malicious recipe bundl...

6.5CVSS5.9AI score0.00243EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 7:26 p.m.•7 views

PraisonAI Vulnerable Untrusted Remote Template Code Execution

PraisonAI treats remotely fetched template files as trusted executable code without integrity verification, origin validation, or user confirmation, enabling supply chain attacks through malicious templates. --- Description When a user installs a template from a remote source e.g., GitHub,...

9.6CVSS6.3AI score0.00304EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 7:25 p.m.•8 views

PraisonAI: Hardcoded `approval_mode="auto"` in Chainlit UI Overrides Administrator Configuration, Enabling Unapproved Shell Command Execution

Summary The Chainlit UI modules chat.py and code.py hardcode config.approvalmode = "auto" after loading administrator configuration from the PRAISONAPPROVALMODE environment variable, silently overriding any "manual" or "scoped" approval setting. This defeats the human-in-the-loop approval gate fo...

6.3AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 7:25 p.m.•5 views

PraisonAI Vulnerable to Code Injection and Protection Mechanism Failure

PraisonAI's AST-based Python sandbox can be bypassed using type.getattribute trampoline, allowing arbitrary code execution when running untrusted agent code. Description The executecodedirect function in praisonaiagents/tools/pythontools.py uses AST filtering to block dangerous Python attributes...

8.6CVSS6.5AI score0.0024EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 7:24 p.m.•5 views

PraisonAIAgents: Path Traversal via Unvalidated Glob Pattern in list_files Bypasses Workspace Boundary

Summary The listfiles tool in FileTools validates the directory parameter against workspace boundaries via validatepath, but passes the pattern parameter directly to Path.glob without any validation. Since Python's Path.glob supports .. path segments, an attacker can use relative path traversal i...

5.3CVSS5.9AI score0.00311EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 7:24 p.m.•7 views

PraisonAIAgents: Environment Variable Secret Exfiltration via os.path.expandvars() Bypassing shell=False in Shell Tool

Summary The executecommand function in shelltools.py calls os.path.expandvars on every command argument at line 64, manually re-implementing shell-level environment variable expansion despite using shell=False line 88 for security. This allows exfiltration of secrets stored in environment variabl...

7.4CVSS6.2AI score0.00273EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 7:24 p.m.•7 views

PraisonAI: Unauthenticated Information Disclosure of Agent Instructions via /api/agents in AgentOS

Summary The AgentOS deployment platform exposes a GET /api/agents endpoint that returns agent names, roles, and the first 100 characters of agent system instructions to any unauthenticated caller. The AgentOS FastAPI application has no authentication middleware, no API key validation, and default...

5.3CVSS5.9AI score0.00758EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 7:24 p.m.•5 views

PraisonAI: Unauthenticated Allow-List Manipulation Bypasses Agent Tool Approval Safety Controls

Summary The gateway's /api/approval/allow-list endpoint permits unauthenticated modification of the tool approval allowlist when no authtoken is configured the default. By adding dangerous tool names e.g., shellexec, filewrite to the allowlist, an attacker can cause the ExecApprovalManager to...

7.9CVSS6AI score0.00227EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 7:23 p.m.•5 views

PraisonAIAgents has SSRF and Local File Read via Unvalidated URLs in web_crawl Tool

Summary The webcrawl function in praisonaiagents/tools/webcrawltools.py accepts arbitrary URLs from AI agents with zero validation. No scheme allowlisting, hostname/IP blocklisting, or private network checks are applied before fetching. This allows an attacker or prompt injection in crawled conte...

7.7CVSS5.9AI score0.00269EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 7:23 p.m.•4 views

PraisonAIAgents: Arbitrary File Read via read_skill_file Missing Workspace Boundary and Approval Gate

Summary readskillfile in skilltools.py allows reading arbitrary files from the filesystem by accepting an unrestricted skillpath parameter. Unlike filetools.readfile which enforces workspace boundary confinement, and unlike runskillscript which requires critical-level approval, readskillfile has...

7.5CVSS5.9AI score0.00234EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 7:23 p.m.•10 views

PraisonAI has Unrestricted Upload Size in WSGI Recipe Registry Server that Enables Memory Exhaustion DoS

Summary The WSGI-based recipe registry server server.py reads the entire HTTP request body into memory based on the client-supplied Content-Length header with no upper bound. Combined with authentication being disabled by default no token configured, any local process can send arbitrarily large...

7.5CVSS5.8AI score0.00334EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 7:22 p.m.•9 views

PraisonAI: Unauthenticated WebSocket Endpoint Proxies to Paid OpenAI Realtime API Without Rate Limits

Summary The /media-stream WebSocket endpoint in PraisonAI's call module accepts connections from any client without authentication or Twilio signature validation. Each connection opens an authenticated session to OpenAI's Realtime API using the server's API key. There are no limits on concurrent...

7.5CVSS5.8AI score0.00372EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 7:22 p.m.•8 views

PraisonAI Vulnerable to Argument Injection into Cloud Run Environment Variables via Unsanitized Comma in gcloud --set-env-vars

Summary deploy.py constructs a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly interpolating openaimodel, openaikey, and openaibase without validating that these values do not contain commas. gcloud uses a comma as the key-value pair separator for...

8.4CVSS6AI score0.00231EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 7:22 p.m.•5 views

PraisonAI Vulnerable to Stored XSS via Unsanitized Agent Output in HTML Rendering (nh3 Not a Required Dependency)

Summary The Flask API endpoint in src/praisonai/api.py renders agent output as HTML without effective sanitization. The sanitizehtml function relies on the nh3 library, which is not listed as a required or optional dependency in pyproject.toml. When nh3 is absent the default installation, the...

6.1CVSS5.8AI score0.00216EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 7:21 p.m.•6 views

PraisonAIAgents has an OS Command Injection via shell=True in Memory Hooks Executor (memory/hooks.py)

Summary The memory hooks executor in praisonaiagents passes a user-controlled command string directly to subprocess.run with shell=True at src/praisonai-agents/praisonaiagents/memory/hooks.py lines 303 to 305. No sanitization, no shlex.quote, no character filter, and no allowlist check exists...

9.3CVSS6.4AI score0.00229EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 7:21 p.m.•5 views

SiYuan Affected by Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Diagram Rendering

SiYuan configures Mermaid.js with securityLevel: "loose" and htmlLabels: true. In this mode, tags with src attributes survive Mermaid's internal DOMPurify and land in SVG blocks. The SVG is injected via innerHTML with no secondary sanitization. When a victim opens a note containing a malicious...

8.7CVSS5.9AI score0.00306EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 7:21 p.m.•6 views

LXD: VM lowlevel restriction bypass via raw.apparmor and raw.qemu.conf

Summary The isVMLowLevelOptionForbidden function in lxd/project/limits/permissions.go is missing raw.apparmor and raw.qemu.conf from its hardcoded forbidden list. A user with canedit permission on a VM instance in a restricted project can combine these two omissions to bridge the LXD unix socket...

9.1CVSS6AI score0.00363EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 7:20 p.m.•5 views

LXD: Importing a crafted backup leads to project restriction bypass

Summary LXD instance backup import validates project restrictions against backup/index.yaml embedded in the tar archive, but creates the actual instance from backup/container/backup.yaml extracted to the storage volume. Because these are separate, independently attacker-controlled files within th...

9.1CVSS5.8AI score0.00424EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 7:20 p.m.•7 views

LXD: Update of type field in restricted TLS certificate allows privilege escalation to cluster admin

Summary A restricted TLS certificate user can escalate to cluster admin by changing their certificate type from client to server via PUT/PATCH to /1.0/certificates/fingerprint. The non-admin guard and reset block in doCertificateUpdate fail to validate or reset the Type field, allowing a...

9.1CVSS5.9AI score0.00274EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 7:20 p.m.•9 views

justhtml includes multiple security fixes

Summary justhtml 1.15.0 includes multiple security fixes affecting URL sanitization helpers, HTML serialization, Markdown passthrough, and several custom sanitization-policy edge cases. These issues have different impact levels and do not all affect the default configuration in the same way...

5.9AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 6:31 p.m.•8 views

Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout

Apache Log4j's JsonTemplateLayout, in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values NaN, Infinity, or -Infinity, which are prohibited by RFC 8259. This may cause downstream log processing systems to reject or fail to ind...

7.5CVSS5.8AI score0.00555EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 6:31 p.m.•7 views

Apache Log4j 1 to Log4j 2 bridge: silent log event loss in Log4j1XmlLayout due to unescaped XML 1.0 forbidden characters

The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML output. Conforming XML parsers are required to reject documents containing such characters with a fatal error, which may cause downstream log...

7.5CVSS5.8AI score0.00535EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 6:31 p.m.•6 views

Apache Log4net: Silent log event loss in XmlLayout and XmlLayoutSchemaLog4J due to unescaped XML 1.0 forbidden characters

Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/configuration/layouts.htmllayout-list and XmlLayoutSchemaLog4J https://logging.apache.org/log4net/manual/configuration/layouts.htmllayout-list , in versions before 3.3.0, fail to sanitize characters forbidden by the XML 1.0...

6.3CVSS5.8AI score0.0075EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 6:31 p.m.•10 views

Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters

Apache Log4j Core's XmlLayout, in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification, producing invalid XML output whenever a log message or MDC value contains such characters. The impact depends on the StAX implementation in use: JRE built-in...

7.5CVSS5.7AI score0.0086EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 6:31 p.m.•19 views

Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration

The fix for CVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName system property, but not when configured through the verifyHostName attribute of the element. Although the verifyHostName configuration attribute was introduced in Log4...

6.3CVSS6.6AI score0.00743EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 6:31 p.m.•7 views

Apache Log4j Core: log injection in `Rfc5424Layout` due to silent configuration incompatibility

Apache Log4j Core's Rfc5424Layout, in versions 2.21.0 through 2.25.3, is vulnerable to log injection via CRLF sequences due to undocumented renames of security-relevant configuration attributes. Two distinct issues affect users of stream-based syslog services who configure Rfc5424Layout directly:...

7.5CVSS5.8AI score0.00831EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 5:32 p.m.•26 views

Beszel has an IDOR in hub API endpoints that read system ID from URL parameter

Summary Some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they know the system's ID. System IDs are random 15...

3.5CVSS5.8AI score0.00219EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 5:32 p.m.•4 views

@sveltejs/kit: Unvalidated redirect in handle hook causes Denial-of-Service

redirect, when called from inside the handle server hook with a location parameter containing characters that are invalid in a HTTP header, will cause an unhandled TypeError. This could result in DoS on some platforms, especially if the location passed to redirect contains unsanitized user input...

7.5CVSS5.8AI score0.00366EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 5:24 p.m.•15 views

@sveltejs/adapter-node has a BODY_SIZE_LIMIT bypass

Under certain circumstances, requests could bypass the BODYSIZELIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size limits at other layers of the application stack, so limits enforced in the WAF, gateway, or at the platform level are unaffected...

8.2CVSS5.8AI score0.00543EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 5:22 p.m.•4 views

Aiven Operator has cross-namespace secret exfiltration via ClickhouseUser connInfoSecretSource

Impact A developer with create permission on ClickhouseUser CRDs in their own namespace can exfiltrate secrets from any other namespace — production database credentials, API keys, service tokens — with a single kubectl apply. The operator reads the victim's secret using its ClusterRole and write...

6.8CVSS5.8AI score0.00394EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 3:36 p.m.•5 views

Vikunja: Scoped API tokens with projects.background permission can delete project backgrounds

Summary Vikunja's scoped API token enforcement for custom project background routes is method-confused. A token with only projects.background can successfully delete a project background, while a token with only projects.backgrounddelete is rejected. This is a scoped-token authorization bypass...

5.4CVSS5.9AI score0.00222EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 3:36 p.m.•8 views

@vitejs/plugin-rsc has a Denial of Service with React Server Components

Impact @vitejs/plugin-rsc vendors react-server-dom-webpack, which contained a vulnerability in versions prior to 19.2.4. See details in React repository's advisory https://github.com/facebook/react/security/advisories/GHSA-479c-33wc-g2pg Patches Upgrade immediately to @vitejs/[email protected] or...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 3:35 p.m.•16 views

Next.js has a Denial of Service with Server Components

A vulnerability affects certain React Server Components packages for versions 19.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as CVE-2026-23869. You can read more about this advisory our this...

7.5CVSS5.8AI score0.01551EPSS
Exploits4References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 3:35 p.m.•12 views

React Server Components have a Denial of Service Vulnerability

Impact A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack versions 19.0.0, 19.1.0 and 19.2.0. The vulnerability is triggered by sending specially crafted HTTP requests...

7.5CVSS5.8AI score0.01551EPSS
Exploits4References4Affected Software3
Github Security Blog
Github Security Blog
•added 2026/04/10 3:35 p.m.•4 views

Vikunja has File Size Limit Bypass via Vikunja Import

Summary The Vikunja file import endpoint uses the attacker-controlled Size field from the JSON metadata inside the import zip instead of the actual decompressed file content length for the file size enforcement check. By setting Size to 0 in the JSON while including large compressed file entries ...

7.1CVSS5.7AI score0.00338EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 3:35 p.m.•10 views

Vikunja has iCalendar Property Injection via CRLF in CalDAV Task Output

Summary The CalDAV output generator builds iCalendar VTODO entries via raw string concatenation without applying RFC 5545 TEXT value escaping. User-controlled task titles containing CRLF characters break the iCalendar property boundary, allowing injection of arbitrary iCalendar properties such as...

4.1CVSS5.9AI score0.00196EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 3:34 p.m.•6 views

Vikunja has HTML Injection via Task Titles in Overdue Email Notifications

Summary Task titles are embedded directly into Markdown link syntax in overdue email notifications without escaping Markdown special characters. When rendered by goldmark and sanitized by bluemonday which allows and tags, injected Markdown constructs produce phishing links and tracking pixels in...

5.4CVSS5.8AI score0.00195EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 3:34 p.m.•6 views

Vikunja has Algorithmic Complexity DoS in Repeating Task Handler

Summary The addRepeatIntervalToTime function uses an On loop that advances a date by the task's RepeatAfter duration until it exceeds the current time. By creating a repeating task with a 1-second interval and a due date far in the past, an attacker triggers billions of loop iterations, consuming...

6.5CVSS5.8AI score0.00347EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 3:34 p.m.•6 views

Vikunja Missing Authorization on CalDAV Task Read

Summary The CalDAV GetResource and GetResourcesByList methods fetch tasks by UID from the database without verifying that the authenticated user has access to the task's project. Any authenticated CalDAV user who knows or guesses a task UID can read the full task data from any project on the...

4.3CVSS5.9AI score0.00216EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 3:34 p.m.•6 views

Vikunja Vulnerable to TOTP Brute-Force Due to Non-Functional Account Lockout

Summary The TOTP failed-attempt lockout mechanism is non-functional due to a database transaction handling bug. The account lock is written to the same database session that the login handler always rolls back on TOTP failure, so the lockout is triggered but never persisted. This allows unlimited...

7.5CVSS5.9AI score0.00296EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 3:33 p.m.•8 views

Vikunja has Broken Access Control on Label Read via SQL Operator Precedence Bug

Summary The hasAccessToLabel function contains a SQL operator precedence bug that allows any authenticated user to read any label that has at least one task association, regardless of project access. Label titles, descriptions, colors, and creator information are exposed. Details The access contr...

4.3CVSS5.9AI score0.00272EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 3:33 p.m.•5 views

Vikunja vulnerable to Privilege Escalation via Project Reparenting

Summary A user with Write-level access to a project can escalate their permissions to Admin by moving the project under a project they own. After reparenting, the recursive permission CTE resolves ownership of the new parent as Admin on the moved project. The attacker can then delete the project,...

8.3CVSS5.8AI score0.0029EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/10 3:33 p.m.•11 views

Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segment

Helm is a package manager for Charts for Kubernetes. In Helm versions /, instead of the expected //, potentially overwriting the contents of the targeted directory. Note: a chart name containing POSIX dot-dot, or dot-dot and slashes as if to refer to parent directories do not resolve beyond the...

4.8CVSS5.7AI score0.00199EPSS
Exploits0References5Affected Software2
Total number of security vulnerabilities33187