Lucene search
K
GithubRecent

33187 matches found

Github Security Blog
Github Security Blog
added 2026/04/09 3:31 a.m.11 views

Agions taskflow-ai vulnerable to os command injection in src/mcp/server/handlers.ts

A security flaw has been discovered in Agions taskflow-ai up to 2.1.8. This impacts an unknown function of the file src/mcp/server/handlers.ts of the component terminalexecute. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely. Upgrading ...

6.5CVSS6.2AI score0.0111EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/09 12:31 a.m.6 views

Duplicate Advisory: OpenClaw: `fetchWithSsrFGuard` replays unsafe request bodies across cross-origin redirects

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qx8j-g322-qj6m. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 patched in 2026.4.8 contains a request body replay vulnerability in fetchWithSsrFGuard that...

7.1CVSS5.7AI score0.00239EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/09 12:31 a.m.5 views

Duplicate Advisory: Unfurl's unbounded zlib decompression allows decompression bomb DoS

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-h5qv-qjv4-pc5m. This link is maintained to preserve external references. Original Description Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parsecompressed.py that allows remote...

8.7CVSS5.8AI score0.00508EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 9:52 p.m.8 views

PraisonAI Vulnerable to OS Command Injection

The executecommand function and workflow shell execution are exposed to user-controlled input via agent workflows, YAML definitions, and LLM-generated tool calls, allowing attackers to inject arbitrary shell commands through shell metacharacters. --- Description PraisonAI's workflow system and...

9.6CVSS6.3AI score0.00419EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 9:51 p.m.12 views

OpenFGA: Unauthenticated playground endpoint discloses preshared API key in HTML response

Description When OpenFGA is configured to use preshared-key authentication with the built-in playground enabled, the local server includes the preshared API key in the HTML response of the /playground endpoint. The /playground endpoint is enabled by default and does not require authentication. It...

7.5CVSS5.9AI score0.0028EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 9:51 p.m.10 views

LangChain has incomplete f-string validation in prompt templates

LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same attribute-access validation as PromptTemplate. In particular, DictPromptTemplate and ImagePromptTemplate...

5.3CVSS6AI score0.00262EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 9:50 p.m.16 views

Marimo: Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass

Summary Marimo 19.6k stars has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints e.g., /ws that correct...

9.8CVSS6.2AI score0.95645EPSS
Exploits11References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 9:50 p.m.10 views

Pretext: Algorithmic Complexity (DoS) in the text analysis phase

isRepeatedSingleCharRun in src/analysis.ts line 285 re-scans the entire accumulated segment on every merge iteration during text analysis, producing On² total work for input consisting of repeated identical punctuation characters. An attacker who controls text passed to prepare can block the main...

5.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 8:2 p.m.60 views

basic-ftp has FTP Command Injection via CRLF

Summary basic-ftp version 5.2.0 allows FTP command injection via CRLF sequences \r\n in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handles leading spaces and returns other...

8.6CVSS6.2AI score0.02185EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 8:2 p.m.7 views

AGiXT Vulnerable to Path Traversal in safe_join()

Summary The safejoin function in the essentialabilities extension fails to validate that resolved file paths remain within the designated agent workspace. An authenticated attacker can use directory traversal sequences to read, write, or delete arbitrary files on the server hosting the AGiXT...

8.8CVSS6.1AI score0.01318EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 7:57 p.m.13 views

Laravel Passport: TokenGuard Authenticates Unrelated User for Client Credentials Tokens

Impact Authentication Bypass for clientcredentials tokens. the league/oauth2-server library sets the JWT sub claim to the client identifier since there's no user. The token guard then passes this value to retrieveById without validating it's actually a user identifier, potentially resolving an...

7.1CVSS5.8AI score0.00289EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 7:53 p.m.6 views

n8n-mcp has authenticated SSRF via instance-URL header in multi-tenant HTTP mode

Impact An authenticated Server-Side Request Forgery in n8n-mcp allows a caller holding a valid AUTHTOKEN to cause the server to issue HTTP requests to arbitrary URLs supplied through multi-tenant HTTP headers. Response bodies are reflected back through JSON-RPC, so an attacker can read the conten...

8.5CVSS6AI score0.00316EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 7:53 p.m.13 views

mercure has Topic Selector Cache Key Collision

Impact A cache key collision vulnerability in TopicSelectorStore allows an attacker to poison the match result cache, potentially causing private updates to be delivered to unauthorized subscribers or blocking delivery to authorized ones. The cache key was constructed by concatenating the topic...

7.1CVSS5.8AI score0.00341EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 7:52 p.m.7 views

Tmds.DBus: malicious D-Bus peers can spoof signals, exhaust file descriptor resources, and cause denial of service

Tmds.DBus and Tmds.DBus.Protocol are vulnerable to malicious D-Bus peers. A peer on the same bus can spoof signals by impersonating the owner of a well-known name, exhaust system resources or cause file descriptor spillover by sending messages with an excessive number of Unix file descriptors, an...

7.1CVSS5.9AI score0.00124EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2026/04/08 7:23 p.m.58 views

Cryptography vulnerable to buffer overflow if non-contiguous buffers were passed to APIs

If a non-contiguous buffer was passed to APIs which accepted Python buffers e.g. Hash.update, this could lead to buffer overflows. For example: python h = HashSHA256 b.updatebuf::-1 would read past the end of the buffer on Python 3.11...

9.8CVSS6.1AI score0.00652EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 7:23 p.m.6 views

monetr: Protected Transactions Deletable via PUT

Summary A transaction integrity flaw allows an authenticated tenant user to soft-delete synced non-manual transactions through the transaction update endpoint, despite the application explicitly blocking deletion of those transactions via the normal DELETE path. This bypass undermines the intende...

5.7CVSS6AI score0.00292EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 7:22 p.m.46 views

mcp-from-openapi is Vulnerable to SSRF via $ref Dereferencing in Untrusted OpenAPI Specifications

Summary The mcp-from-openapi library uses @apidevtools/json-schema-ref-parser to dereference $ref pointers in OpenAPI specifications without configuring any URL restrictions or custom resolvers. A malicious OpenAPI specification containing $ref values pointing to internal network addresses, cloud...

7.5CVSS6AI score0.00319EPSS
Exploits1References4Affected Software3
Github Security Blog
Github Security Blog
added 2026/04/08 7:22 p.m.18 views

opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking

Summary The fix for GHSA-9h8m-3fm2-qjrq CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. Root Cause sdk/resource/hostid.go line 42: if result, err :=...

8.8CVSS6AI score0.0022EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 7:22 p.m.35 views

opentelemetry-go: OTLP HTTP exporters read unbounded HTTP response bodies

overview: this report shows that the otlp HTTP exporters traces/metrics/logs read the full HTTP response body into an in-memory bytes.Buffer without a size cap. this is exploitable for memory exhaustion when the configured collector endpoint is attacker-controlled or a network attacker can mitm t...

5.3CVSS6AI score0.0019EPSS
Exploits0References5Affected Software3
Github Security Blog
Github Security Blog
added 2026/04/08 7:21 p.m.20 views

PraisonAI has Memory State Leakage and Path Traversal in MultiAgent Context Handling

Summary The MultiAgentLedger and MultiAgentMonitor components in the provided code exhibit vulnerabilities that can lead to context leakage and arbitrary file operations. Specifically: 1. Memory State Leakage via Agent ID Collision: The MultiAgentLedger uses a dictionary to store ledgers by agent...

8.8CVSS6.6AI score0.00687EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 7:21 p.m.12 views

PraisonAI has Template Injection in Agent Tool Definitions

Summary Direct insertion of unescaped user input into template-rendering tools allows arbitrary code execution via specially crafted agent instructions. Details The createagentcentrictools function returns tools like acpcreatefile that process file content using template rendering. When user inpu...

8.8CVSS6.6AI score0.00558EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 7:21 p.m.7 views

PraisonAI Has Unauthenticated SSE Event Stream that Exposes All Agent Activity in A2U Server

The A2U Agent-to-User event stream server in PraisonAI exposes all agent activity without authentication. This is a separate component from the gateway server fixed in CVE-2026-34952. The createa2uroutes function registers the following endpoints with NO authentication checks: - GET /a2u/info —...

7.5CVSS6AI score0.00425EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 7:17 p.m.25 views

PraisonAI has sandbox escape via exception frame traversal in `execute_code` (subprocess mode)

Summary executecode in praisonaiagents.tools.pythontools defaults to sandboxmode="sandbox", which runs user code in a subprocess wrapped with a restricted builtins dict and an AST-based blocklist. The AST blocklist embedded inside the subprocess wrapper blockedattrs, line 143 of pythontools.py...

9.9CVSS6.6AI score0.00541EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 7:17 p.m.5 views

PraisonAI Vulnerable to Remote Code Execution via YAML Deserialization in Agent Definition Loading

Summary The AgentService.loadAgentFromFile method uses the js-yaml library to parse YAML files without disabling dangerous tags such as !!js/function and !!js/undefined. This allows an attacker to craft a malicious YAML file that, when parsed, executes arbitrary JavaScript code. An attacker can...

9.8CVSS6.7AI score0.0058EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 7:16 p.m.8 views

CI4MS Vulnerable to .env CRLF Injection via Unvalidated `host` Parameter in Install Controller

Summary The Install::index controller reads the host POST parameter without any validation and passes it directly into updateEnvSettings, which writes it into the .env file via pregreplace. Because newline characters in the value are not stripped, an attacker can inject arbitrary configuration...

9.8CVSS6.1AI score0.00516EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 7:15 p.m.6 views

CI4MS Vulnerable to Post-Installation Re-entry via Cache-Dependent Install Guard Bypass

Summary The install route guard in ci4ms relies solely on a volatile cache check cache'settings' combined with .env file existence to block post-installation access to the setup wizard. When the database is temporarily unreachable during a cache miss TTL expiry or admin-triggered cache clear, the...

8.1CVSS6AI score0.00421EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 7:15 p.m.6 views

CI4MS has stored XSS in Pages Content Due to Missing html_purify Sanitization

Summary The Pages module does not apply the htmlpurify validation rule to content fields during create and update operations, while the Blog module does. Page content is stored unsanitized in the database and rendered as raw HTML on the public frontend via echo $pageInfo-content. An authenticated...

5.5CVSS6AI score0.00247EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 7:15 p.m.6 views

CI4MS has stored XSS via Unescaped Blacklist Note in Admin User List

Summary The blacklist ban note parameter in UserController::ajaxblackListpost is stored in the database without sanitization and rendered into an HTML data-note attribute without escaping. An admin with blacklist privileges can inject arbitrary JavaScript that executes in the browser of any other...

4.8CVSS6.1AI score0.0023EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 7:15 p.m.11 views

CI4MS has stored XSS via srcdoc attribute bypass in Google Maps iframe setting

Summary The Google Maps iframe setting cMap field in compInfosPost sanitizes input using striptags with an allowlist and regex-based removal of on\w+ event handlers. However, the srcdoc attribute is not an event handler and passes all filters. An attacker with admin settings access can inject an...

5.5CVSS6AI score0.00235EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 7:15 p.m.5 views

CI4MS has a Hidden Items Authorization Bypass in Fileeditor Allows Reading Secrets and Writing Protected Files

Summary The Fileeditor controller defines a hiddenItems array containing security-sensitive paths .env, composer.json, vendor/, .git/ but only enforces this protection in the listFiles method. The readFile, saveFile, deleteFileOrFolder, renameFile, createFile, and createFolder endpoints perform n...

7.2CVSS6.2AI score0.00471EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 7:14 p.m.8 views

quarkus-openapi-generator extension has Zip Slip Path Traversal in ApicurioCodegenWrapper class

Summary A path traversal vulnerability was discovered in the quarkus-openapi-generator extension Details The unzip method in ApicurioCodegenWrapper.java extracts ZIP entries without validating that the resolved file path stays within the intended output directory. At line 101, the destination is...

8.7CVSS6.1AI score0.00387EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 6:34 p.m.10 views

stata-mcp has insufficient validation of user-supplied Stata do-file content that can lead to command execution

A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-supplied Stata do-file content can lead to command execution...

9.8CVSS5.9AI score0.00557EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 6:3 p.m.6 views

Fleet Affected by Local Privilege Escalation via Tcl Command Injection in Orbit

Summary The Orbit agent's FileVault disk encryption key rotation flow on collects a local user's password via a GUI dialog and interpolates it directly into a Tcl/expect script executed via exec.Command"expect", "-c", script. Because the password is inserted into Tcl brace-quoted send %s, a...

7.8CVSS6.1AI score0.00111EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 3:51 p.m.9 views

Axios HTTP/2 Session Cleanup State Corruption Vulnerability

Summary Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malicious server to crash the client process through concurrent session closures. This denial-of-service vulnerability affects axios versions prior to 1.13.2 when HTTP/2 is enabled. Details The vulnerability...

5.9CVSS5.9AI score0.00731EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 3:31 p.m.8 views

Duplicate Advisory: Eclipse Jetty: Early return from the JASPIAuthenticator code can potentially no clear ThreadLocal variables

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r7p8-xq5m-436c. This link is maintained to preserve external references. Original Description In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variabl...

7.4CVSS5.8AI score0.00529EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 3:31 p.m.4 views

pretix: API leaks check-in data between events of the same organizer

A new API endpoint introduced in pretix 2025 that is supposed to return all check-in events of a specific event in fact returns all check-in events belonging to the respective organizer. This allows an API consumer to access information for all other events under the same organizer, even those th...

5.5CVSS5.9AI score0.00255EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 3:9 p.m.11 views

OpenEXR: DWA Lossy Decoder Heap Out-of-Bounds Write

Summary The DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. For a large enough width, the calculation overflows and later decoder stores operate on a wrapped pointer outside the allocated rowBlock backing store. This bug is reachable from the...

8.8CVSS6AI score0.00419EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 3:9 p.m.7 views

OpenEXR has a signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write

Summary internalexrundopiz advances the working wavelet pointer with signed 32-bit arithmetic: c wavbuf += nx ny wcount; Because nx, ny, and wcount are int, a crafted EXR file can make this product overflow and wrap. The next channel then decodes from an incorrect address. The wavelet decode path...

8.8CVSS5.9AI score0.00482EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 3:5 p.m.22 views

Nodemailer Vulnerable to SMTP Command Injection via CRLF in Transport name Option (EHLO/HELO)

Summary Nodemailer versions up to and including 8.0.4 are vulnerable to SMTP command injection via CRLF sequences in the transport name configuration option. The name value is used directly in the EHLO/HELO SMTP command without any sanitization for carriage return and line feed characters \r\n. A...

6AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 3:5 p.m.8 views

kubernetes-graphql-gateway: GraphQL Endpoint Vulnerable to Authenticated Denial-of-Service via Unrestricted Query Execution

CVSS 6.5 Medium — The GraphQL API served by kubernetes-graphql-gateway is vulnerable to Denial-of-Service DoS attacks due to a complete absence of query resource controls depth limiting, complexity analysis, response size capping, and rate limiting. An authenticated attacker can craft queries tha...

6AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 3:4 p.m.10 views

LiquidJS: `renderFile()` / `parseFile()` bypass configured `root` and allow arbitrary file read

liquidjs 10.25.0 documents root as constraining filenames passed to renderFile and parseFile, but top-level file loads do not enforce that boundary. The published npm package [email protected] on Linux 6.17.0 with Node v22.22.1. A Liquid instance configured with an empty temporary directory as roo...

7.5CVSS6AI score0.00447EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 3:4 p.m.6 views

LiquidJS: ownPropertyOnly bypass via sort_natural filter — prototype property information disclosure through sorting side-channel

Summary The sortnatural filter bypasses the ownPropertyOnly security option, allowing template authors to extract values of prototype-inherited properties through a sorting side-channel attack. Applications relying on ownPropertyOnly: true as a security boundary e.g., multi-tenant template system...

7.5CVSS5.9AI score0.00403EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 3:4 p.m.5 views

LobeHub: Unauthenticated authentication bypass on `webapi` routes via forgeable `X-lobe-chat-auth` header

Summary The webapi authentication layer trusts a client-controlled X-lobe-chat-auth header that is only XOR-obfuscated, not signed or otherwise authenticated. Because the XOR key is hardcoded in the repository, an attacker can forge arbitrary auth payloads and bypass authentication on protected...

7.1CVSS6.2AI score0.00126EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 3:4 p.m.8 views

kcp's cache server is accessible without authentication or authorization checks

Summary The cache server is directly exposed by the root shard and has no authentication or authorization in place. This allows anyone who can access the root shard to read and write to the cache server. Details The cache server is routed in the pre-mux chain in the shard code. The...

9.1CVSS5.9AI score0.00436EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 3:4 p.m.5 views

NiceGUI: Upload filename sanitization bypass via backslashes allows path traversal on Windows

Summary The upload filename sanitization introduced in GHSA-9ffm-fxg3-xrhh uses PurePosixPathfilename.name to strip path components. Since PurePosixPath only recognizes forward slashes / as path separators, an attacker can bypass this sanitization on Windows by using backslashes \ in the upload...

7.5CVSS6.3AI score0.00371EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 3:3 p.m.6 views

SiYuan: Remote Code Execution in the Electron desktop client via stored XSS in synced table captions

Summary A malicious note synced to another user can trigger remote code execution in the SiYuan Electron desktop client. The root cause is that table caption content is stored without safe escaping and later unescaped into rendered HTML, creating a stored XSS sink. Because the desktop renderer ru...

9CVSS6.5AI score0.00538EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 3:3 p.m.6 views

LiquidJS: Root restriction bypass for partial and layout loading through symlinked templates

Summary LiquidJS enforces partial and layout root restrictions using the resolved pathname string, but it does not resolve the canonical filesystem path before opening the file. A symlink placed inside an allowed partials or layouts directory can therefore point to a file outside that directory a...

8.2CVSS6AI score0.00396EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 3:0 p.m.7 views

LiquidJS Has Memory Limit Bypass via Quadratic Amplification in `replace` Filter

Summary The replace filter in LiquidJS incorrectly accounts for memory usage when the memoryLimit option is enabled. It charges str.length + pattern.length + replacement.length bytes to the memory limiter, but the actual output from str.splitpattern.joinreplacement can be quadratically larger whe...

5.3CVSS6AI score0.00495EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 3:0 p.m.8 views

rfc3161-client Has Improper Certificate Validation

Summary An Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw in how the library extracts the leaf certificate from an unordered PKCS7 bag of certificates, an attacker ca...

7.5CVSS5.8AI score0.00188EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 3:0 p.m.5 views

XWiki vulnerable to remote code execution with script right through unprotected Velocity scripting API

Impact An improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python scripts, allowing full access to the XWiki instance and thereby compromising the confidentiality, integrity and availability of...

9.8CVSS5.9AI score0.0054EPSS
Exploits1References6Affected Software2
Total number of security vulnerabilities33187