OS Command Injection

Akeneo PIM is vulnerable to shell injection in the mass edition, resulting in remote code execution...

SQL Injection

The qstr method in the PDO driver in the ADOdb Library for PHP might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting...

CosmosSDK: Transaction decoding may result in a stack overflow or resource exhaustion

ASA-2024-0012: Transaction decoding may result in a stack overflow When decoding a maliciously formed packet with a deeply-nested structure, it may be possible for a stack overflow to occur and result in a network halt. This was addressed by adding a recursion limit while decoding the packet...

HAPI FHIR XML External Entity (XXE) vulnerability

An XML External Entity XXE vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities...

NVIDIA Container Toolkit allows specially crafted container image to create empty files on the host file system

NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to...

Possible ReDoS vulnerability in block_format in Action Mailer

There is a possible ReDoS vulnerability in the blockformat helper in Action Mailer. This vulnerability has been assigned the CVE identifier CVE-2024-47889. Impact ------ Carefully crafted text can cause the blockformat helper to take an unexpected amount of time, possibly resulting in a DoS...

Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment

Description: Remote Code Execution Vulnerability has been identified in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. The uploaded file can be accessed publicly through the URL admidiobaseurl/admmyfiles/messagesattachments/filename. Th...

ai-controller-frontend payment status in basket isn't reset

Payment status in basket isn't reset...

Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC

An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption...

Digital products download without proper payment status check

Digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment didn't succeed...

amphp/http-client Denial of Service via HTTP/2 CONTINUATION Frames

Early versions of amphp/http-client with HTTP/2 support v4.0.0-rc10 to 4.0.0 will collect HTTP/2 CONTINUATION frames in an unbounded buffer and will not check the header size limit until it has received the ENDHEADERS flag, resulting in an OOM crash. Later versions of amphp/http-client v4.1.0-rc1...

pubnub Insufficient Entropy vulnerability

Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of the package github.com/pubnub/go/v7 before 7.2.0; versions of the package pubnub before 7.3.0;...

Missing Authorization

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the api/v1/file.go file, there is a function called SaveContentthat,It recieves JSON data sent by users in the...

Denial of Service via reachable assertion

A grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This was due to incorrect logic when handling GOAWAY frames. The attack is low-effort: it takes very little resources to construct and send the required sequence of frames. The impact on availability is hig...

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Prototype Pollution in GitHub repository antfu/utils prior to 0.7.3...

Improper Restriction of Operations within the Bounds of a Memory Buffer

An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a crash caused by an invalid memmove in bz3decodeblock...

Out-of-bounds Write

An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an out-of-bounds write in bz3decodeblock...

Use After Free

An issue was discovered with assimp 5.1.4, a use after free occurred in function ColladaParser::ExtractDataObjectFromChannel in file /code/AssetLib/Collada/ColladaParser.cpp...

GoUtils's randomly-generated alphanumeric strings contain significantly less entropy than expected

Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by...

Use of a Broken or Risky Cryptographic Algorithm

IO FinNet tss-lib before 2.0.0 allows a collision of hash values...

Improper Restriction of Security Token Assignment

aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request...

AList vulnerable to Improper Preservation of Permissions

Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder even a password protected one...

Allocation of Resources Without Limits or Throttling

A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy header field values it is possible to trick the application into allocating huge buffer sizes like 64 Gigabyte upon reading the file from disk or from a virtual buffer...

fs2-io skips mTLS client verification

Impact When establishing a server-mode TLSSocket using fs2-io on Node.js, the parameter requestCert = true is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. fs2-io running on Node.js. The JVM TLS implementation is completely...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Admidio 4.1.2 version is affected by stored cross-site scripting XSS...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in gogs.io/gogs...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site Scripting XSS - Stored in GitHub repository go-gitea/gitea prior to 1.16.9...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting XSS vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField...

Improper Input Validation

Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user...

NULL Pointer Dereference

The html package aka x/net/html before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of , , or . This is related to HTMLTreeBuilder.cpp in WebKit...

ReviewBoard and Djblets library are vulnerable to code execution

An eval vulnerability exists in Python Software Foundation Djblets version before 0.6.30 and 0.7.0 before 0.7.19 and Beanbag Review Board before 1.7.15 when parsing JSON requests allowing an attacker to execute arbitrary Python code...

Django Regex Algorithmic Complexity Causes Denial of Service

Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service CPU consumption via a crafted 1 EmailField email address or 2 URLField URL that triggers a large amount of backtracking in a regular...

Cross-Site Request Forgery (CSRF)

Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery CSRF via the component anchor/routes/posts.php. This vulnerability allows attackers to arbitrarily delete posts...

Path Traversal in Gitea

The avatar middleware in Gitea before 1.13.6 allows Directory Traversal via a crafted URL...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

A Cross Site Scripting XSS vulnerability exists in Nacos 2.0.3 in auth/users via the 1 pageSize and 2 pageNo parameters...

Incorrect Authorization

Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3...

URL Redirection to Untrusted Site (Open Redirect)

A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs...

Incorrect Authorization

Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio 1.11.0, 1.10.3 and below, and 1.9.7 and below contain a remotely exploitable vulnerability where an HTTP request...

Incorrect Permission Assignment for Critical Resource

The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Zope is an open-source web application server. Zope versions have a remote code execution security issue...

Exposure of Sensitive Information to an Unauthorized Actor

Helm is a tool for managing Charts packages of pre-configured Kubernetes resources. In versions of helm prior to 3.6.1, a vulnerability exists where the username and password credentials associated with a Helm repository could be passed on to another domain referenced by that Helm repository. Thi...

Uncontrolled Search Path Element

git-bug before 0.7.2 has an Uncontrolled Search Path Element. It will execute git.bat from the current directory in certain PATH situations most often seen on Windows...

Server-Side Request Forgery (SSRF)

An SSRF issue in Open Distro for Elasticsearch ODFE allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Alerting plugin's intended scope...

Incorrect Authorization

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...

Deserialization of Untrusted Data

phpMussel from versions 1.0.0 and less than 1.6.0 has an unserialization vulnerability in PHP's phar wrapper. Uploading a specially crafted file to an affected version allows arbitrary code execution discovered, tested, and confirmed by myself, so the risk factor should be regarded as very high...

Cross-site Scripting

Jenkins AWSEB Deployment Plugin does not escape various values printed as part of form validation output, resulting in a reflected cross-site scripting vulnerability...

Improper Restriction of Operations within the Bounds of a Memory Buffer

An issue was discovered in USC iLab cereal. Serialization of an initialized C/C++ long double variable into a BinaryArchive or PortableBinaryArchive leaks several bytes of stack or heap memory, from which sensitive information such as memory layout or private keys can be gleaned if the archive is...

Inclusion of Functionality from Untrusted Control Sphere

The 1 createbranch, 2 createtag, 3 importproject, and 4 forkproject functions in lib/gitlabprojects.rb allows remote authenticated users to include information from local files into the metadata of a Git repository via the web interface...

Server Side Request Forgery in Apache Axis

A Server Side Request Forgery SSRF vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2...

Generation of Error Message Containing Sensitive Information

Auth0 Auth0-WCF-Service-JWT leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this error message is presented to an attacker, they can forge an arbitrary JWT token that will be accepted by the vulnerable application...