33402 matches found
Magento allows incorrect authorization
Magento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not...
Magento vulnerable to privilege escalation due to incorrect authorization
Magento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to elevated privileges that...
Magento vulnerable to stored Cross-Site Scripting (XSS)
Magento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be...
Magento provides incorrect authorization through a security feature bypass
Magento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security measures and maintain unauthorized access. Exploitation of this...
Magento vulnerable to stored Cross-Site Scripting (XSS)
Magento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be...
Flowise: Authenticated Command Execution and Sandbox Bypass via Puppeteer and Playwright Packages
Flowise v3.0.1 3.0.8 and all versions after with 'ALLOWBUILTINDEP' enabled contain an authenticated remote code execution vulnerability and node VM sandbox escape due to insecure use of integrated modules Puppeteer and Playwright within the nodevm execution environment. An authenticated attacker...
Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability
Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 10.0 , ASP.NET Core 9.0 , ASP.NET Core 8.0, and ASP.NET Core 2.3. This advisory also...
CometBFT's invalid BitArray handling can lead to network halt
Name: ASA-2025-003: Invalid BitArray handling can lead to network halt Criticality: High Considerable Impact; Possible Likelihood per ACMv1.2 Affected versions: = v0.38.18, = v0.37.15, and main development branches Affected users: Validators, Full nodes, Users Description A bug was discovered in...
Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails
Summary An HTML injection vulnerability in plaintext emails generated by Mailgen has been discovered. Your project is affected if you use the Mailgen.generatePlaintextemail method and pass in user-generated content. The issue was discovered and reported by Edoardo Ottavianelli @edoardottt. Detail...
Home Assistant has Stored XSS vulnerability in Energy dashboard from Energy Entity Name
Summary An authenticated party can add a malicious name to the Energy entity, allowing for Cross-Site Scripting attacks against anyone who can see the Energy dashboard, when they hover over any information point The blue bar in the picture below An alternative, and more impactful scenario, is tha...
Argo Workflow may expose artifact repository credentials
Summary An attacker who has permissions to read logs from pods in a namespace with Argo Workflow can read workflow-controller logs and get credentials to the artifact repository. Details An attacker, by reading the logs of the workflow controller pod, can access the artifact repository, and steal...
Playwright downloads and installs browsers without verifying the authenticity of the SSL certificate
Summary Use of curl with the -k or --insecure flag in installer scripts allows attackers to deliver arbitrary executables via Man-in-the-Middle MitM attacks. This can lead to full system compromise, as the downloaded files are installed as privileged applications. Details The following scripts in...
JDBC Driver for SQL Server has improper input validation issue
Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network...
Duplicate Advisory: Microsoft Security Advisory CVE-2025-55248: .NET Information Disclosure Vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gwq6-fmvp-qp68. This link is maintained to preserve external references. Original Description Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose...
Duplicate Advisory: Microsoft Security Advisory CVE-2025-55247 | .NET Denial of Service Vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-w3q9-fxm7-j8fq. This link is maintained to preserve external references. Original Description Improper link resolution before file access 'link following' in .NET allows an authorized attacker to elevate...
Argo Workflow has a Zipslip Vulnerability
Vulnerability Description Vulnerability Overview 1. During the artifact extraction process, the unpack function extracts the compressed file to a temporary directory /etc.tmpdir and then attempts to move its contents to /etc using the rename system call, 2. However, since /etc is an already...
Apache Geode web-api is vulnerable to Cross-site Scripting
Malicious script injection 'Cross-site Scripting' vulnerability in Apache Geode web-api REST. This vulnerability allows an attacker that tricks a logged-in user into clicking a specially-crafted link to execute code on the returned page, which could lead to theft of the user's session information...
Liferay has Incorrect Permission Assignment for Critical Resource
Liferay Portal 7.3.0 through 7.4.3.119, and Liferay DXP 2023.Q3.1 through 2023.Q3.8, 2023.Q4.0 through 2023.Q4.5, 7.4 GA through update 92 and 7.3 GA though update 36 shows content to users who do not have permission to view it via the Menu Display Widget. This security flaw could result in...
LibreNMS is vulnerable to Reflected-XSS in `report_this` function
Summary Reflected-XSS in reportthis function in librenms/includes/functions.php Details Recently, it was discovered that the reportthis function had improper filtering htmlentities function was incorrectly used in a href environment, which caused the projectissues parameter to trigger an XSS...
Liferay Mentions Web is Vulnerable to Cross-site Scripting
Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions allow remote authenticated users t...
Liferay Commerce Order Content Web is Vulnerable to Authorization Bypass Through User-Controlled Key
Insecure Direct Object Reference IDOR vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment addresses of different virtual instance via the...
Liferay is Vulnerable to Authorization Bypass Through User-Controlled Key
Insecure Direct Object Reference IDOR vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows remote authenticated users in o...
Liferay Account Admin Web vulnerable to Authorization Bypass Through User-Controlled Key
Insecure Direct Object Reference IDOR vulnerability with account addresses in Liferay Portal 7.4.3.4 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated users to from one account to view addresses fr...
tracexec has `env` command argument injection via environment variables starting with dash in traced exec events
Impact For tracexec's command line reconstruction feature, when a traced process executes another process with a environment variable where the key starts with a dash, tracexec incorrectly shows its commandline where such environment variables could cause argument injection for the env command...
Omni vulnerable to information leak via API
Impact Omni might leak sensitive information via an API. Patches v1.1.5, v1.0.2 and v1.2.0 contain the patch. Workarounds None. References None...
Omni is Vulnerable to DoS via Empty Create/Update Resource Requests
Summary A nil pointer dereference vulnerability in the Omni Resource Service allows unauthenticated users to cause a server panic and denial of service by sending empty create/update resource requests through the API endpoints. Details The vulnerability exists in the isSensitiveSpec function whic...
MongoDB Rust Driver has certificate validation disabled when `tlsInsecure=False` appears in connection string
When tlsInsecure=False appears in a connection string, certificate validation is disabled. This vulnerability affects MongoDB Rust Driver versions prior to v3.2.5...
Liferay Publications vulnerable to Authorization Bypass Through User-Controlled Key
Insecure direct object reference IDOR vulnerability in Publications in Liferay Portal 7.3.1 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92, and 7.3 GA through update 36 allows remote authenticated attackers to view the edi...
llama-index has Insecure Temporary File
The llamaindex library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default, which is world-writable in multi-user environments. This configuration allows local users to overwrite, delete, or corrupt NLTK data files, leading to potential denial of service, dat...
Liferay Publications is vulnerable to Incorrect Authorization
Insecure direct object reference IDOR vulnerability in Publications in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated attackers to view publication comments via the...
CommandKit has incorrect command name exposure in context object for message command aliases
Impact A logic flaw exists in the message command handler of CommandKit that affects how the commandName property is exposed to both middleware functions and command execution contexts when handling command aliases. When a message command is invoked using an alias, the ctx.commandName value...
Ash Framework: Filter authorization misapplies impossible bypass/runtime policies
Summary When using filter authorization, two edge cases could cause the policy compiler/authorizer to generate a permissive filter: 1. Bypass policies whose condition can never pass at runtime were compiled as ORANDcondition, compiledpolicies, NOTcondition. If the condition could never be true at...
QGIS QWC2 Cross-Site Scripting vulnerability
Cross-Site Scripting vulnerability in attribute table in QGIS QWC2 2025.08.14 allows an authorized attacker to plant arbitrary JavaScript code in the page...
cel-rust May Panic During Parsing of Invalid CEL Expressions
Summary Parsing certain malformed CEL expressions can cause the parser to panic, terminating the process. When the crate is used to evaluate untrusted expressions e.g., user-supplied input over an API, an attacker can send crafted input to trigger a denial of service DoS. Remediation Upgrade to...
Happy DOM: VM Context Escape can lead to Remote Code Execution
Escape of VM Context gives access to process level functionality Summary Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE Remote Code Execution attacks. A Node.js VM Context is not an isolated environment, and if the user runs untrusted...
Parallax is vulnerable to DoS via malicious p2p message
Impact A vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. In order to carry out the attack, the attacker establishes a peer connections to the victim, and sends a malicious GetBlockHeadersRequest message...
Astro's `X-Forwarded-Host` is reflected without validation
Summary When running Astro in on-demand rendering mode using a adapter such as the node adapter it is possible to maliciously send an X-Forwarded-Host header that is reflected when using the recommended Astro.url property as there is no validation that the value is safe. Details Astro reflects th...
Flowise is vulnerable to arbitrary file exposure through its ReadFileTool
Summary The ReadFileTool in Flowise does not restrict file path access, allowing authenticated attackers to exploit this vulnerability to read arbitrary files from the file system, potentially leading to remote command execution. Details Flowise supports providing ReadFileTool for large models to...
Authlib : JWE zip=DEF decompression bomb enables DoS
Summary Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable tokens to exhaust memory and CPU and cause denial of service. Details - Affected component...
Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret
A vulnerability in Allstar’s Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret: https://github.com/ossf/allstar/blob/294ae985cc2facd0918e8d820e4196021aa0b914/pkg/reviewbot/reviewbot.goL59 The value used for the secret token was compiled into t...
python-ldap is Vulnerable to Improper Encoding or Escaping of Output and Improper Null Termination
Summary ldap.dn.escapednchars escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form \00. Any application that uses this helper to construct DNs from untrusted input can be made to consistently fail before a request is sent to the LDAP...
python-ldap has sanitization bypass in ldap.filter.escape_filter_chars
Summary The sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue parameter, and the non-default escapemode=1 is configured. Details The method ldap.filter.escapefilterchars supports 3...
Liferay Portal is vulnerable to CSRF through publication comments
Cross-site request forgery CSRF vulnerability in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to add and edit publication comments...
Bagisto is vulnerable to XSS through Admin Panel's product creation path
An authenticated stored XSS vulnerability exists in the Bagisto 2.3.6 admin panel's product creation path, allowing an attacker to upload a crafted SVG file containing malicious JavaScript code. This vulnerability can be exploited by an authenticated admin user to execute arbitrary JavaScript in...
PowerJob OpenAPIController is missing authorization
A security vulnerability has been detected in PowerJob up to 5.1.2. This vulnerability affects unknown code of the file /openApi/runJob of the component OpenAPIController. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit has been disclosed publicl...
Sinatra is vulnerable to ReDoS through ETag header value generation
Summary There is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response and you are using Ruby = 3.2...
Authlib is vulnerable to Denial of Service via Oversized JOSE Segments
Summary Authlib’s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url‑encoded header or signature spans hundreds of megabytes. During verification, Authlib decodes and parses the full input before it is rejected, driving...
PowerJob has Missing Authorization in its /user/list file
A weakness has been identified in PowerJob up to 5.1.2. This affects the function list of the file /user/list. This manipulation causes missing authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited...
Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing
Summary Rack::RequestPOST reads the entire request body into memory for Content-Type: application/x-www-form-urlencoded, calling rack.input.readnil without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of...
Rack has a Possible Information Disclosure Vulnerability
Summary A possible information disclosure vulnerability existed in Rack::Sendfile when running behind a proxy that supports x-sendfile headers such as Nginx. Specially crafted headers could cause Rack::Sendfile to miscommunicate with the proxy and trigger unintended internal requests, potentially...