33225 matches found
LDAP Injection in ldapauth
Versions 2.2.4 and earlier of ldapauth-fork are affected by an LDAP injection vulnerability. This allows an attacker to inject and run arbitrary LDAP commands via the username parameter. Recommendation ldapauth is not actively maintained, having not seen a publish since 2014. As a result, there i...
False-positive validity for NFT1 genesis transactions in SLPJS
Impact In the npm package named "slpjs", versions prior to 0.27.4 are vulnerable to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any of the...
Command Injection in Kylin
Similar to CVE-2020-1956, Kylin has one more restful API which concatenates the API inputs into OS commands and then executes them on the server; while the reported API misses necessary input validation, which causes the hackers to have the possibility to execute OS command remotely. Users of all...
XXE attack in Mapfish Print
Impact A user can do to an XML External Entity XXE attack with the provided SDL style. Patches Use version = 3.24 Workarounds No References https://cwe.mitre.org/data/definitions/611.html https://github.com/mapfish/mapfish-print/pull/1397/commits/e1d0527d13db06b2b62ca7d6afb9e97dacd67a0e For more...
Command Injection in umount
All versions of umount are vulnerable to Command Injection. The package fails to sanitize input rules and passes it directly to an exec call on the umount function . This may allow attackers to execute arbitrary code in the system if the device value passed to the function is user-controlled...
Potential Observable Timing Discrepancy in Wagtail
Impact A potential timing attack exists on pages or documents that have been protected with a shared password through Wagtail's "Privacy" controls. This password check is performed through a character-by-character string comparison, and so an attacker who is able to measure the time taken by this...
Sanitizer bypass in svg-sanitizer
It is possible to bypass enshrined/svg-sanitize before 0.13.1 using the "xlink:href" attribute due to mishandling of the xlink namespace by the sanitizer...
Symfony Cross-site Scripting (XSS) vulnerability
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle...
Cross-site scripting in Jupyter Notebook
Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document...
Allocation of Resources Without Limits or Throttling in Apache Tika
A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Users should upgrade to 1.22 or later...
Deserialization of untrusted data in FasterXML jackson-databind
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2, 2.8.11.4, 2.7.9.6, and 2.6.7.3. This occurs when Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the logback jar in the...
System.Management.Automation subject to bypass via script debugging
Microsoft Security Advisory CVE-2019-1167: Windows Defender Application Control Security Feature Bypass Vulnerability Microsoft Security Advisory CVE-2019-1167: Windows Defender Application Control Security Feature Bypass Vulnerability Executive Summary A security feature bypass vulnerability...
Insufficient Entropy in DotNetNuke
DNN aka DotNetNuke 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812...
Denial of Service in axios
Versions of axios prior to 0.18.1 are vulnerable to Denial of Service. If a request exceeds the maxContentLength property, the package prints an error but does not stop the request. This may cause high CPU usage and lead to Denial of Service. Recommendation Upgrade to 0.18.1 or later...
Improper Input Validation in Apache Qpid Broker-J
A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 6.0.0-7.0.6 inclusive and 7.1.0 which allows an unauthenticated attacker to crash the broker instance by sending specially crafted commands using AMQP protocol versions below 1.0 AMQP 0-8, 0-9, 0-91 and 0-10. Users of...
In Apache Tomcat there is an improper handing of overflow in the UTF-8 decoder
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86...
Apache Tomcat unauthorized access vulnerability
The URL pattern of "" the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It...
The installation wizard in DotNetNuke (DNN) allows privilege escalation
The installation wizard in DotNetNuke DNN before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx...
Moderate severity vulnerability that affects org.springframework:spring-core
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP JSON with Padding through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser...
DotNetZip Zip-Slip Vulnerability
DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...
nodemailer.js is malware
The nodemailer.js package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security...
activerecord vulnerable to SQL Injection
Multiple SQL injection vulnerabilities in the quotetablename method in the ActiveRecord adapters in activerecord/lib/activerecord/connectionadapters/ in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a...
crack does not properly restrict casts of string values
The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption by leveraging Action Pack support for 1 YAML type...
PyJWT: Unauthenticated DoS via unbounded Base64URL decoding of unused payload segment in b64=false detached JWS
!NOTE Practical impact depends on whether request body-size limits are enforced upstream proxy/web-server/framework. Deployments with typical body-size caps ≤2 MB bound the amplifier significantly; deployments accepting larger token inputs are more exposed. When verifying detached JWS tokens usin...
OpenClaw: Agent gateway config mutations could change protected operator settings
Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact The agent-facing gateway config.patch / config.apply guard did not cover several operator-trusted settings, including sandbox policy, plugin enablement, gateway auth/TLS, hook...
Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions
Impact Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their...
omniauth-saml has dependency on ruby-saml version with Signature Wrapping Attack issue
Summary There are 2 new Critical Signature Wrapping Vulnerabilities CVE-2025-25292, CVE-2025-25291 and a potential DDOS Moderated Vulneratiblity CVE-2025-25293 affecting ruby-saml, a dependency of omniauth-saml. The fix will be applied to ruby-saml and released 12 March 2025, under version 1.18.0...
Umbraco Allows User Enumeration Feasible Based On Management API Timing and Response Codes
Impact Based on an analysis of response codes and timing of Umbraco 14+ management API responses, it's possible to determine whether an account exists. Patches Patched in 14.3.2 and 15.1.2. Workarounds None available...
Next.js authorization bypass vulnerability
Impact If a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed. Patches This issue was patched in Next.js 14.2.15 and later. If your Next.js application is hosted on Vercel, this vulnerability has been automatical...
Querydsl vulnerable to HQL injection through orderBy
Summary The order by method enables injecting HQL queries. This may cause blind HQL injection, which could lead to leakage of sensitive information, and potentially also Denial Of Service. This vulnerability is present since the original querydsl repositoryhttps://github.com/querydsl/querydsl whe...
pyLoad vulnerable to remote code execution by download to /.pyload/scripts using /flashgot API
Summary The folder /.pyload/scripts has scripts which are run when certain actions are completed, for e.g. a download is finished. By downloading a executable file to a folder in /scripts and performing the respective action, remote code execution can be achieved. A file can be downloaded to such...
find-my-way has a ReDoS vulnerability in multiparametric routes
Impact A bad regular expression is generated any time you have two parameters within a single segment, when adding a - at the end, like /:a-:b-. Patches Update to find-my-way v8.2.2 or v9.0.1. or subsequent versions. Workarounds No known workarounds. References - CVE-2024-45296 - Detailed blog po...
express vulnerable to XSS via response.redirect()
Impact In express 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect may execute untrusted code Patches this issue is patched in express 4.20.0 Workarounds users are encouraged to upgrade to the patched version of express, but otherwise can workaround this issu...
Ghost's improper authentication allows access to member information and actions
Impact Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. Vulnerable versions This security vulnerability is present in Ghost v4.46.0-v5.89.5. GhostPro customers are automatically updated to fixed...
Nuxt Devtools has a Path Traversal: '../filedir'
Summary Nuxt Devtools is missing authentication on the getTextAssetContent RPC function which is vulnerable to path traversal. Combined with a lack of Origin checks on the WebSocket handler, an attacker is able to interact with a locally running devtools instance and exfiltrate data abusing this...
Sentry vulnerable to stored Cross-Site Scripting (XSS)
Impact An unsanitized payload sent by an Integration platform integration allows the storage of arbitrary HTML tags on the Sentry side. This payload could subsequently be rendered on the Issues page, creating a Stored Cross-Site Scripting XSS vulnerability. This vulnerability might lead to the...
ZITADEL Vulnerable to Session Information Leakage
Impact ZITADEL provides users the ability to list all user sessions of the current user agent browser by API and in the Console UI. Due to a missing check, user sessions without that information e.g. when created though the session service were incorrectly listed exposing potentially other user's...
PyMySQL SQL Injection vulnerability
PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escapedict...
gree/jose - "None" Algorithm treated as valid in tokens
Several widely-used JSON Web Token JWT libraries, including node-jsonwebtoken, pyjwt, namshi/jose, php-jwt, and jsjwt, are affected by critical vulnerabilities that could allow attackers to bypass the verification step when using asymmetric keys RS256, RS384, RS512, ES256, ES384, ES512...
Directus allows redacted data extraction on the API through "alias"
Summary A user with permission to view any collection using redacted hashed fields can get access the raw stored version using the alias functionality on the API. Normally, these redacted fields will return however if we change the request to ?aliasworkaround=redacted we can instead retrieve the...
Arbitrary Code Execution in Gitea
The git hook feature in Gitea 1.1.0 through 1.12.5 allows for authenticated remote code execution...
Session Token in URL in directus
Impact When reaching the /files page, a JWT is passed via GET request. Inclusion of session tokens in URLs poses a security risk as URLs are often logged in various places e.g., web server logs, browser history. Attackers gaining access to these logs may hijack active user sessions, leading to...
jose4j denial of service via specifically crafted JWE
The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value...
Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability
Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET 6.0, ASP.NET 7.0 and, ASP.NET 8.0 . This advisory also provides guidance on what developers can ...
Norman API Cross-site Scripting Vulnerability
Impact A vulnerability has been identified in which unauthenticated cross-site scripting XSS in Norman's public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to trigger JavaScript code and execute commands remotely. The attack vector was identified as a...
SQL injection in llama-index
LlamaIndex aka llamaindex through 0.9.35 allows SQL injection via the Text-to-SQL feature in NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine, and PGVectorSQLQueryEngine. For example, an attacker might be able to delete this year's student records via "Dro...
Apache Solr allows read access to host environmet variables
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the default list is designe...
PyCryptodome and pycryptodomex side-channel leakage for OAEP decryption
PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack...
Mattermost Cross-site Scripting vulnerability
Mattermost version 8.1.6 and earlier fails to sanitize channel mention data in posts, which allows an attacker to inject markup in the web client...
Attribute Injection leading to XSS(Cross-Site-Scripting)
Summary Google Analytics element Attribute Injection leading to XSS Details Since the custom status interface can set an independent Google Analytics ID and the template has not been sanitized, there is an attribute injection vulnerability here, which can lead to XSS attacks. PoC 1. Run the lates...