DIRAC's TokenManager does not check permissions on cached tokens

Any user could get a token that has been requested by another user/agent...

Open redirect vulnerability in Flask-Security-Too

An open redirect vulnerability in the python package Flask-Security-Too =2.1.0 the autocorrectlocationheader configuration was changed to False - which means that location headers in redirects are relative by default. Thus, this issue may impact applications that were previously not impacted, if...

hutool Buffer Overflow vulnerability

hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray...

Exposure of Sensitive Information to an Unauthorized Actor

KubePi is an opensource kubernetes management panel. The endpoint /kubepi/api/v1/users/search?pageNum=1&&pageSize=10 leak password hash of any user including admin. A sufficiently motivated attacker may be able to crack leaded password hashes. This issue has been addressed in version 1.6.5. Users...

Improper Access Control

Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9...

Inefficient Regular Expression Complexity

A Regular Expression Denial of Service ReDoS issue was discovered in the sanitizehtml function of redcloth gem v4.0.0. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

Stud42 vulnerable to denial of service

Stud42's API is vulnerable to a denial of service because the API pod can be overloaded by the GraphQL parser...

Session Fixation

KubePi is a modern Kubernetes panel. A session fixation attack allows an attacker to hijack a legitimate user session, versions 1.6.3 and below are susceptible. A patch will be released in version 1.6.4...

Improper Restriction of XML External Entity Reference

A vulnerability classified as problematic was found in e-Contract dssp up to 1.3.1. Affected by this vulnerability is the function checkSignResponse of the file dssp-client/src/main/java/be/econtract/dssp/client/SignResponseVerifier.java. The manipulation leads to xml external entity reference...

Server-Side Request Forgery (SSRF)

A vulnerability was found in Ariadne Component Library up to 2.x. It has been classified as critical. Affected is an unknown function of the file src/url/Url.php. The manipulation leads to server-side request forgery. Upgrading to version 3.0 is able to address this issue. It is recommended to...

Server-Side Request Forgery in gogs webhook

Server-Side Request Forgery SSRF in GitHub repository gogs/gogs prior to 0.12.8...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Gitea 1.7.0 and earlier is affected by: Cross Site Scripting XSS. The impact is: Attacker is able to have victim execute arbitrary JS in browser. The component is: go-get URL generation - PR to fix: https://github.com/go-gitea/gitea/pull/5905. The attack vector is: victim must open a specifically...

Cross-Site Request Forgery (CSRF)

admidio 3.2.8 has CSRF in admprogram/modules/members/membersfunction.php with an impact of deleting arbitrary user accounts...

Improper Privilege Management

API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Full system takeover...

Unrestricted Upload of File with Dangerous Type

Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6...

Deserialization of Untrusted Data

Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. These invocations are handled by the GenericFilter which will find the service and method specified in the first arguments of the invocation and use the Java Reflection API...

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that...

Cross-Site Request Forgery (CSRF)

A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe can't PUT from an HTML form or such but POST allows creating...

Observable Discrepancy

Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowed attackers to determine the usernames of valid non-SSO accounts because /api/v1/session returned 401 for an existing username and 404 otherwise...

Remote Code Execution in AjaxNetProfessional

Serialization is a process of converting an object into a sequence of bytes which can be persisted to a disk or database or can be sent through streams. The reverse process of creating object from sequence of bytes is called deserialization. Serialization is commonly used for communication sharin...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter...

Improper Restriction of Excessive Authentication Attempts

As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts without consequence...

NULL Pointer Dereference

In teler before version 0.0.1, if you run teler inside a Docker container and encounter errors.Exit function, it will cause denial-of-service SIGSEGV because it doesn't get process ID and process group ID of teler properly to kills. The issue is patched in teler 0.0.1 and 0.0.1-dev5.1...

Helm OCI credentials leaked into Argo CD logs

Impact When Argo CD was connected to a Helm OCI repository with authentication enabled, the credentials used for accessing the remote repository were logged. Anyone with access to the pod logs - either via access with appropriate permissions to the Kubernetes control plane or a third party log...

Improper Input Validation

Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash...

CSRF can expose users authentication token

Issue The /login and /change endpoints can return the authenticated user's authentication token in response to a GET request. Since GET requests aren't protected with a CSRF token, this could lead to a malicious 3rd party site acquiring the authentication token. Patches Version 3.4.5 and soon to ...

Cross-site Scripting

In ActionView there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the j or escapejavascript methods may be susceptible to XSS...

Cross-Site Request Forgery (CSRF)

A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

Incorrect Regular Expression

Istio mishandles regular expressions for long URIs, leading to a denial of service during use of the JWT, VirtualService, HTTPAPISpecBinding, or QuotaSpecBinding API...

Cross-site Scripting

PHP-Proxy has Cross-Site Scripting XSS via the URL field in index.php...

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

active-support ruby gem could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system...

Improper query string handling in Django

The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series...

Path Traversal

360class.jansenhm is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing .. in the url...

gnark-crypto doesn't range check input values during ECDSA and EdDSA signature deserialization

During deserialization of ECDSA and EdDSA signatures gnark-crypto did not check that the values are in the range 1, n-1 with n being the corresponding modulus either base field modulus in case of R in EdDSA, and scalar field modulus in case of s,r in ECDSA and s in EdDSA. As this also allowed zer...

HAPI FHIR XML External Entity (XXE) vulnerability

An XML External Entity XXE vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities...

HAPI FHIR XML External Entity (XXE) vulnerability

An XML External Entity XXE vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities...

CasaOS Command Injection vulnerability

CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Version 0.4.4 contains a patch for the issue...

gotortc vulnerable to Cross-Site Request Forgery

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to Cross-Site Request Forgery. The /api/config endpoint allows one to modify the existing configuration with user-supplied values. While the API is only allowing localhost to interact without authentication, an...

aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account

aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.01 and prior to versions 2022.10.10, 2023.10.6, and 2024.04.6, an improper access control vulnerability allows an editor to modify and take over an admin account in the back end. Versions 2022.10.10,...

Aimeos HTML client may potentially reveal sensitive information in error log

Debug information can reveal sensitive information from environment variables in error log...

Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.

An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java BC Java before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of th...

Trix Editor Arbitrary Code Execution Vulnerability

The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker to embed malicious scripts...

DIRAC: Unauthorized users can read proxy contents during generation

During the proxy generation process e.g., when using dirac-proxy-init it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then perform any action that is possible with the original proxy. This vulnerability only exists for a short...

Cross-Site Request Forgery in Anchor CMS

Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery CSRF via /anchor/admin/categories/delete/2...

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

chasquid before 1.13 allows SMTP smuggling because LF-terminated lines are accepted...

Potential CSV export data leak

Impact In ActiveAdmin versions prior to 2.12.0, a concurrency issue was found that could allow a malicious actor to be able to access potentially private data that belongs to another user. The bug affects the functionality to export data as CSV files, and was caused by a variable holding the...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ajax.NET Professional AjaxPro is an AJAX framework for Microsoft ASP.NET which will create proxy JavaScript classes that are used on client-side to invoke methods on the web server. Affected versions of this package is vulnerable cross site scripting attacks. Releases before version 21.12.22.1 ar...

Missing Release of Memory after Effective Lifetime

An issue in cimg.eu Cimg Library v2.9.3 allows an attacker to obtain sensitive information via a crafted JPEG file...

Incorrect Authorization

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, authenticated attackers can download arbitrary files through the API interface. This code has unauthorized access. Attackers can freely download the file content on the target system. This may caus...

CasaOS Gateway vulnerable to incorrect identification of source IP addresses

Unauthenticated attackers can execute arbitrary commands as root on CasaOS instances...