Authentication flaw

AppLock version 7.9.29 allows an attacker with physical access to the device to bypass biometric authentication. This is possible because the application did not correctly implement fingerprint validations...

CVE-2014-0144

QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privilege...

Integer overflow

QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privilege...

CVE-2020-35509

CVE-2020-35509 affects Keycloak (notably versions 11.0.3 and 12.0.0). A flaw in the direct-grant authenticator allows acceptance of expired certificates due to missing timestamp validation, impacting confidentiality and integrity. The issue is cited across multiple sources (e.g., GHSA) with remed...

Cross-Site Scripting (XSS)

Apache JSPWiki is vulnerable to cross-site scripting. The vulnerability exists in jspInit function in XHRHtml2Markup.jsp due to improper validations, allowing an attacker to inject and execute malicious scripts via a crafted request and gain access to sensitive information...

Prototype Pollution

js-ini is vulnerable to prototype pollution. The vulnerability exists in parse function in index.ts and parse.ts due to lack of validations which allows an attacker to send malicious INI files on the application to cause a pollution on prototype...

Information Disclosure

dompdf/dompdf is vulnerable to information disclosure. The vulnerability exists because the resource URI validations are not properly handled which allows an attacker to bypass chroot checks and gain access to image files in the system...

MAL-2022-5504 Malicious code in ps-validations (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0a50c241a7e98356e800a9f596795011aff2e24a2a0e6dd09ff2f6d939e6d428 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Path Traversal

gogs.io/gogs is vulnerable to path traversal. The vulnerability exists in Clean function in pathutil.go due to lack of validations which allows a malicious attacker to delete and upload arbitrary files...

Arbitrary File Upload

github.com/mindoc-org/mindoc is vulnerable to arbitrary file upload. The vulnerability exists in Unzip function in ziptil.go due to file upload permissions and validations are not properly handled which allows an attacker to upload malicious files...

Graphql-Threat-Matrix - GraphQL Threat Framework Used By Security Professionals To Research Security Gaps In GraphQL Implementations

Why graphql-threat-matrix? graphql-threat-matrix was built for bug bounty hunters, security researchers and hackers to assist with uncovering vulnerabilities across multiple GraphQL implementations. The differences in how GraphQL implementations interpret and conform to the GraphQL specification...

Missing Validations In Chainlink's latestRoundData Function

Lines of code Vulnerability details Impact Here, latestRoundData is missing an additional validation to ensure that the round is complete. Proof of Concept core/contracts/inception/priceFeed/ChainlinkInceptionPriceFeed.sol:74: , int256 eurAnswer, , uint256 eurUpdatedAt, = eurOracle.latestRoundDat...

Privilege Escalation

com.liferay.portal is vulnerable to privilege escalation. Remote authenticated attackers are able to gain access to view sensitive user information by accessing a list of sites and groups via the site membership assignment UI, due to improper validations of user permissions...

Validation Bypass

firebase/php-jwt is vulnerable to validation bypass. The vulnerability exists in decode and verify functions in JWT.php because the token validations are not properly handled when multiple keys are loaded in a key ring which allows an attacker to bypass server-side validations...

Animate It! < 2.4.0 - Contributor+ Stored Cross-Site Scripting

The plugin has flawed validations and does not escape its shortcode argument, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks via a malicious shortcode PoC v 2.3.8 edsanimate animation="attacker" delay='1"...

Cross-site Scripting (XSS)

forkcms/forkcms is vulnerable to cross-site scriptingXSS attacks. A remote attacker is able to inject and execute malicious javascript via the description of a new module due to the lack of validations...

Prototype Pollution

simple-plist is vulnerable to prototype pollution. The vulnerability exists because the validations are not handled properly which allows an attacker to inject properties into existing construct prototypes and modify attributes via .parse function...

Remote Code Execution

github.com/gogs/gogs is vulnerable to remote code execution. Lack of proper validations in UploadRepoFiles function allow remote attackers to upload and execute malicious code on the system...

GSD-2022-1000684 tipc: improve size validations for received domain records

tipc: improve size validations for received domain records This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.9 by commit...

GSD-2022-1000597 tipc: improve size validations for received domain records

tipc: improve size validations for received domain records This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.23 by commit...