Lucene search
K

905962 matches found

OSV
OSV
added yesterday3 views

GHSA-Q8R6-XJ3F-WRRM SimpleSAMLphp SP accepts a response from an unexpected IdP when unsigned `Response/InResponseTo` is combined with a signed assertion lacking `SubjectConfirmationData/InResponseTo`

Summary SimpleSAMLphp's SAML SP ACS path does not enforce the IdP selected for an SP-initiated login. If a saved SP state contains ExpectedIssuer = IdP A, but the ACS receives a valid response from IdP B, the code logs a warning and continues processing instead of rejecting the response. That...

7.1CVSS5.8AI score
Exploits0References2
OSV
OSV
added yesterday2 views

GHSA-MM6C-5J6X-HQ8M Algernon vulnerable to server-side script source disclosure on Windows via NTFS filename

Summary Algernon selects its file handler from filepath.Ext engine/handlers.go:134, which does not treat the NTFS-equivalent names x.lua::$DATA, x.lua., or x.lua as .lua. On Windows, an unauthenticated client appends one of these suffixes to any server-side script on a public path and receives it...

8.7CVSS5.9AI score0.00077EPSS
Exploits0References2
OSV
OSV
added yesterday2 views

GHSA-5PMV-RX8R-WMV5 jxl-grid on 32-bit platforms has an out-of-bounds writes due to integer overflow

Summary On 32-bit platforms, decoding a crafted image may lead to out-of-bounds writes due to integer overflow in length calculation. Details & PoC The test listed below fail under miri with command cargo +nightly miri test --release -p jxl-grid Or you can use Address Sanitizer, which ignores...

7.3CVSS6.3AI score
Exploits0References3
OSV
OSV
added yesterday2 views

GHSA-66M8-C62J-H6V5 jxl-oxide: `FrameBuffer::new` creates out-of-bounds slices on overflow

Summary jxl-oxide exposes a public safe API that can construct an undersized FrameBuffer due to unchecked usize multiplication, which immediately trigger panic while initializing the buffer in normal decoding path. Additionally, calling the safe grouped buffer accessors afterward can create inval...

6.2CVSS6AI score
Exploits0References2
OSV
OSV
added yesterday2 views

GHSA-2V8P-FQPX-2Q3W jxl-oxide: integer subtraction overflow panic in cluster_from_table via crafted JXL input (DoS)

Summary Logic bug in decodesimpletableslow may cause integer arithmetic overflow when decoding Modular image with certain kind of MA tree, which may panic with overflow-checks enabled. Impact Denial of service: any application passing untrusted JXL data to JxlImage::renderframe or equivalent can ...

6.2CVSS5.9AI score
Exploits0References2
OSV
OSV
added yesterday2 views

GHSA-J5MC-P8QG-39J7 Kimai Favorite Timesheet Add and Remove Endpoints Allows Cross-User Bookmark Manipulation

Summary Kimai 2.56.0 contains an authenticated improper authorization / IDOR vulnerability in the favorite timesheet add and remove endpoints. A low-privileged user who knows another user's timesheet.id can add that record to, or remove it from, the victim's favorite/recent bookmark list. This...

5.3CVSS5.8AI score
Exploits0References3
OSV
OSV
added yesterday2 views

GHSA-794G-X443-36F7 Keycloak: Unauthorized access via improper validation of encrypted SAML assertions

Keycloak's SAML broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response, injecting an encrypted assertion for an arbitrary principal, leading...

7.7CVSS5.9AI score0.00241EPSS
Exploits0References12
OSV
OSV
added yesterday3 views

GHSA-RXW2-PC8J-VXWM fast-mcp-telegram: Bearer token path traversal bypasses reserved Telegram session protection

Summary fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. The verifier rejects the exact reserved token telegram, but it does not reject path separators or normalize the path before checking whether the session file exists. A remote HTTP clie...

9.4CVSS6.1AI score
Exploits0References2
OSV
OSV
added yesterday2 views

MINI-HQH7-Q6HC-RP46

Bulletin has no description...

8.1CVSS5.7AI score0.00617EPSS
Exploits1
OSV
OSV
added yesterday2 views

MINI-Q7WG-27CH-W786

Bulletin has no description...

8.1CVSS5.7AI score0.00617EPSS
Exploits1
OSV
OSV
added yesterday2 views

MINI-F94X-5383-C856

Bulletin has no description...

5.7AI score
Exploits0
OSV
OSV
added yesterday2 views

MINI-99WP-J478-R9G4

Bulletin has no description...

8.1CVSS5.7AI score0.00617EPSS
Exploits1
OSV
OSV
added yesterday2 views

MINI-7X74-GWH8-HMG7

Bulletin has no description...

8.1CVSS5.7AI score0.00677EPSS
Exploits0
OSV
OSV
added yesterday2 views

MINI-H95R-RVFP-38C6

Bulletin has no description...

8.1CVSS5.7AI score0.00617EPSS
Exploits1
OSV
OSV
added yesterday2 views

MINI-HXHC-VXW4-538V

Bulletin has no description...

8.1CVSS5.7AI score0.00677EPSS
Exploits0
OSV
OSV
added yesterday2 views

MINI-P3MP-J65G-J3H9

Bulletin has no description...

8.1CVSS5.7AI score0.00677EPSS
Exploits0
OSV
OSV
added yesterday2 views

MINI-X587-R445-PFJP

Bulletin has no description...

8.1CVSS5.7AI score0.00677EPSS
Exploits0
OSV
OSV
added yesterday2 views

MINI-J8GV-2588-3FP6

Bulletin has no description...

8.1CVSS5.7AI score0.00677EPSS
Exploits0
OSV
OSV
added yesterday2 views

MINI-CRR3-CCW6-5GX2

Bulletin has no description...

8.8CVSS6AI score0.00739EPSS
Exploits3
OSV
OSV
added yesterday2 views

MINI-FQXC-RVM9-Q4G6

Bulletin has no description...

8.8CVSS5.7AI score0.00653EPSS
Exploits2
OSV
OSV
added yesterday2 views

MINI-HXR8-88WW-XJJ2

Bulletin has no description...

5.7AI score
Exploits0
OSV
OSV
added yesterday2 views

GHSA-4J9M-H44M-2HV8 Steeltoe: OAEP setting silently selects PKCS#1 v1.5 padding

Summary Configuring encrypt:rsa:algorithm=OAEP does not enable OAEP encryption. Due to an incorrect BouncyCastle transformation string, the OAEP setting selects PKCS1 v1.5, which is the same algorithm as the DEFAULT setting. Impact Operators who configure encrypt:rsa:algorithm=OAEP to obtain...

1.9CVSS5.8AI score0.00046EPSS
Exploits0References4
OSV
OSV
added yesterday2 views

GHSA-RXRH-4J9H-XGG9 Steeltoe: TLS private keys written to /tmp with default permissions, never deleted

Summary When MySQL or PostgreSQL service bindings from VCAPSERVICES include TLS client credentials, the Connectors library writes those credentials to temporary files in Path.GetTempPath using File.CreateText. On Linux, File.CreateText creates files with mode 0644 world-readable under the process...

4.7CVSS5.8AI score0.00065EPSS
Exploits0References4
OSV
OSV
added yesterday2 views

GHSA-7FQC-P256-7PWJ Steeltoe's static JWKS cache shared across schemes and never invalidated

Summary The JWT signing key cache in TokenKeyResolver uses kid as the sole cache key without namespacing by authority. In applications with multiple JwtBearer schemes pointing to different identity providers, a key fetched for one scheme can satisfy token validation for another. Additionally,...

5.9CVSS5.8AI score0.0029EPSS
Exploits0References5
OSV
OSV
added yesterday2 views

GHSA-227R-JM2G-7CP4 Steeltoe's sensitive actuators (heapdump/env) only require Restricted permission

Summary All Steeltoe actuator endpoints default to EndpointPermissions.Restricted, which is mapped to Cloud Foundry's readbasicdata permission granted to Space Auditors and similar low-trust roles. Sensitive actuators including heap dump, environment, and thread dump do not raise this to...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References5
OSV
OSV
added yesterday2 views

GHSA-Q62H-354G-5R85 Steeltoe's env sanitizer misses connection strings — leaks embedded DB passwords

Summary The Sanitizer component in the Environment actuator redacts configuration values by matching the configuration key name against a suffix list. The default list password, secret, key, token, .credentials., vcapservices does not cover the standard .NET pattern ConnectionStrings: or Steeltoe...

7.5CVSS5.8AI score0.00185EPSS
Exploits0References5
OSV
OSV
added yesterday2 views

GHSA-J8PH-6FXJ-G533 Steeltoe.Discovery.Eureka: Unrecognized DataCenterInfo.Name poisons entire registry fetch

Summary DataCenterInfo.FromJson throws ArgumentException for any name value other than "MyOwn" or "Amazon", despite the Java Eureka specification defining a third valid value: "Netflix". The exception propagates through the entire registry deserialization chain and is swallowed by the periodic...

7.5CVSS5.8AI score0.00339EPSS
Exploits0References5
OSV
OSV
added yesterday2 views

GHSA-58F6-6RJ2-3V8R Steeltoe vulnerable to management-port isolation bypass via spoofed Host header

Summary When Steeltoe management endpoints are configured to listen on an alternate port Management:Endpoints:Port is configured, the middleware responsible for restricting access to the endpoints uses the Host HTTP header rather than the actual network socket port. Impact An unauthenticated remo...

8.2CVSS6AI score0.00238EPSS
Exploits0References5
OSV
OSV
added yesterday2 views

GHSA-5CJR-MXJ5-WMRX SimpleSAMLphp has Possible DoS via XPath Transform

Summary This library turned out to be vulnerable to Denial-of-Service attacks using XPath transforms. A mitigation has been put in place to restrict the number of transforms and to restrict transforms to only the transform-algorithms mentioned in the SAML 2.0 Core Specifications and specifically...

7.5CVSS5.7AI score
Exploits0References2
OSV
OSV
added yesterday2 views

GHSA-63WG-WJJJ-7CP8 Zebra Address Book Aborted by IPv4-Mapped Mempool Misbehavior Update

Am I affected You are affected if: 1. You run zebrad up to and including v4.4.1. 2. Your node listens on the default :: address on a Linux host the standard deployment configuration — net.ipv6.bindv6only=0 is the default on all common Linux distributions. 3. Your node is synced near the chain tip...

7.5CVSS5.8AI score
Exploits0References2
OSV
OSV
added yesterday2 views

GHSA-6929-8P9F-26JX SimpleSAMLphp HTTP-Artifact TLS validator confusion allows cross-IdP authentication bypass

Summary SimpleSAMLphp's HTTP-Artifact receive path can treat an unsigned embedded SAML Response as cryptographically valid for the wrong IdP. In the HTTPArtifact::receive flow, the SOAP ArtifactResponse receives a TLS-based validator from SOAPClient::addSSLValidator. The embedded SAML Response th...

8.7CVSS5.9AI score
Exploits0References2
OSV
OSV
added yesterday2 views

MINI-RCXF-W62M-PRWF

Bulletin has no description...

7.5CVSS5.7AI score0.00153EPSS
Exploits0
OSV
OSV
added yesterday2 views

ECHO-C4CE-3570-7D06

Bulletin has no description...

5.7AI score0.00089EPSS
Exploits0References1
OSV
OSV
added yesterday2 views

ECHO-F301-3BAE-8FC2

Bulletin has no description...

5.7AI score0.00035EPSS
Exploits0References1
OSV
OSV
added yesterday2 views

ECHO-1A7D-6048-6715

Bulletin has no description...

5.7AI score0.00018EPSS
Exploits0References1
OSV
OSV
added yesterday2 views

ECHO-4429-8097-B109

Bulletin has no description...

5.7AI score0.00025EPSS
Exploits0References1
OSV
OSV
added yesterday2 views

ECHO-C8E7-731E-B0F8

Bulletin has no description...

5.7AI score0.00024EPSS
Exploits0References1
OSV
OSV
added yesterday2 views

ECHO-1888-E250-4427

Bulletin has no description...

5.7AI score0.00019EPSS
Exploits0References1
OSV
OSV
added yesterday2 views

ECHO-319A-CD5A-1244

Bulletin has no description...

5.7AI score0.00041EPSS
Exploits0References1
OSV
OSV
added yesterday2 views

GHSA-8W6W-23MQ-H8RG Linuxfabrik Monitoring Plugins: Sudoers may be able to obtain privilege escalation via /usr/bin/apt-get arguments

Summary In the Debian.sudoers file, apt-get is allowed for the nagios user. The full command including the arguments are not enforced and can therefore be choosen arbitrarily. This allows to easily get a root shell as the nagios user: PoC By choosing a particular argument, you can get as a nagios...

8.4CVSS5.8AI score
Exploits0References2
OSV
OSV
added yesterday2 views

MINI-RP6G-JHMC-R625

Bulletin has no description...

7.5CVSS5.7AI score0.01317EPSS
Exploits0
OSV
OSV
added yesterday2 views

MINI-WGV7-GGPC-342V

Bulletin has no description...

7.5CVSS5.7AI score0.00435EPSS
Exploits1
OSV
OSV
added yesterday2 views

MINI-G6GG-HR7C-J228

Bulletin has no description...

7.5CVSS5.7AI score0.01317EPSS
Exploits0
OSV
OSV
added yesterday2 views

MINI-P2P4-4WFH-GMV7

Bulletin has no description...

7.2CVSS5.7AI score0.00104EPSS
Exploits0
OSV
OSV
added yesterday2 views

MINI-5GRX-9VW8-FMQR

Bulletin has no description...

8.8CVSS6AI score0.08123EPSS
Exploits1
OSV
OSV
added yesterday2 views

MINI-HX7W-WJ5G-85J9

Bulletin has no description...

7.2CVSS5.7AI score0.00104EPSS
Exploits0
OSV
OSV
added yesterday2 views

GHSA-X4HG-HFWF-P9MW @asymmetric-effort/nogginlessdom vulnerable to ReDoS via user-controlled regex in HTMLInputElement pattern validation

Summary The HTMLInputElement.checkValidity method constructed a RegExp directly from the user-controlled pattern property without any sanitization or timeout protection. This allowed an attacker to inject a regex with catastrophic backtracking, freezing the event loop. Fix Fixed in commit...

6.9CVSS5.8AI score
Exploits0References3
OSV
OSV
added yesterday2 views

MINI-RC7C-F928-895P

Bulletin has no description...

8.8CVSS7.4AI score0.08123EPSS
Exploits1
OSV
OSV
added yesterday2 views

GHSA-322X-V876-G883 @asymmetric-effort/nogginlessdom's Path Traversal in matchFileSnapshot allows arbitrary file write

Summary The matchFileSnapshot function in src/assertions/snapshots.ts accepted a filePath parameter with zero validation. When snapshot update mode was active UPDATESNAPSHOTS=1 or setUpdateMode'all', an attacker who controls test input could write arbitrary content to any filesystem path the...

8.7CVSS6AI score
Exploits0References3
OSV
OSV
added yesterday4 views

GHSA-G6G7-PVMX-M74P 9router: Missing Authorization and OS Command Injection

Unauthenticated RCE via /api/tunnel/tailscale-install Affected: 9router npm package — current master v0.4.39. Summary POST /api/tunnel/tailscale-install accepts a JSON body with a sudoPassword field and pipes it, followed by the body of https://tailscale.com/install.sh, into a child process spawn...

9.2CVSS5.9AI score
Exploits0References2
Total number of security vulnerabilities905962