1518 matches found
Easy!Appointments Improper Restriction of Excessive Authentication Attempts
An issue in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to escalate privileges via the index.php file...
kube-audit-rest's example logging configuration could disclose secret values in the audit log
If the "full-elastic-stack" example vector configuration was used for a real cluster, the previous values of kubernetes secrets would have been disclosed in the audit messages...
CosmWasm VM Incorrect metering
CWA-2024-007 Severity Medium Moderate + Likely^1 Affected versions: - wasmvm = 2.1.0, = 2.0.0, = 2.1.0, = 2.0.0, query wasm libwasmvm-version. It must show 1.5...
cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes
utils.getsharedsecret always returns -1 - allows anyone to connect to cobbler XML-RPC as user '' password -1 and make any changes...
adolph_dudu ratio-swiper was discovered to contain a prototype pollution via the function extendDefaults
adolphdudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function extendDefaults. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...
Improper Neutralization
Improper Neutralization in CefSharp.Common...
MongoDB Driver may publish events containing authentication-related data
Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed. Without due care, an application may...
SwiftNIO Extras vulnerable to improper detection of complete HTTP body decompression
SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects HTTPRequestDecompressor and HTTPResponseDecompressor both failed to detect when the decompressed body was considered complete. If trailing junk data was appended ...
Relative Path Traversal
Relative Path Traversal in ca.uhn.hapi.fhir:org.hl7.fhir.convertors...
Gitea Open Redirect
Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5...
SSRF in repository migration
Impact The malicious user is able to discover services in the internal network through repository migration functionality. All installations accepting public traffic are affected. Patches Internal network CIDRs are prohibited to be used as repository migration targets. Users should upgrade to...
Duplicate advisory: swift-nio-http2 vulnerable to denial of service via invalid HTTP/2 HEADERS frame length
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pgfx-g6rc-8cjv. This link is maintained to preserve external references. Original Description A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a...
Missing Authentication for Critical Function
The vulnerability allows an attacker to substitute or modify packages retrieved from BC thus allowing to inject malicious code into ballerina executables...
Cross-Site Request Forgery
Cross-Site Request Forgery in Flask-Security-Too...
Improper Authentication
Auth0 auth0.net has Incorrect Access Control because IdentityTokenValidator can be accidentally used to validate untrusted ID tokens...
Improper Handling of Case Sensitivity
Improper Handling of Case Sensitivity in easyadmin-extension-bundle...
Code Injection
pygmentize contains a Remote Code Execution vulnerability...
Passwordless login
Users are able to log themselves in with a blank password, even for users who are NOT currently in the users table ie have never previously logged in...
CC-Tweaked has an SSRF Protection Bypass with NAT64
CC-Tweaked's HTTP API http.request, http.websocket blocks requests to private network ranges to prevent server-side request forgery SSRF. This protection can be bypassed on IPv6-capable servers using NAT64 well-known prefix addresses 64:ff9b::/96. An attacker who can execute Lua code can reach an...
jose vulnerable to untrusted JWK header key acceptance during signature verification
A vulnerability in jose versions up to and including 0.3.5 could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header jwk. The vulnerability exists because key selection could treat header-provided jwk as a verification candidate even...
nginx-ui Backup Restore Allows Tampering with Encrypted Backups
The nginx-ui backup restore mechanism allows attackers to tamper with encrypted backup archives and inject malicious configuration during restoration...
Ackites KillWxapkg Zip Bomb Resource Exhaustion
A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the component wxapkg File Decompression Handler. The manipulation leads to resource consumption. The attack may be initiated remotely. The complexity of an...
H2O Vulnerable to Denial of Service (DoS) via Large GZIP Parsing
In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploading and repeatedly parsing a large GZIP file can cause a denial of service. The server becomes unresponsive due to memory exhaustion and a large number of concurrent slow-running jobs. This issue arises from the improper handling...
NVIDIA Container Toolkit contains a Time-of-check Time-of-Use (TOCTOU) vulnerability
NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use TOCTOU vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of...
Adyen APIs Library for Python timing attack vulnerability
Adyen has utility methods for validating notification HMAC signatures. The isvalidhmac and isvalidhmacnotification methods are vulnerable to a timing attack, you should compare the hash of the HMACs instead...
H2O vulnerable to Deserialization of Untrusted Data
The H2O machine learning platform uses "Iced" classes as the primary means of moving Java Objects around the cluster. The Iced format supports inclusion of serialized Java objects. When a model is deserialized, any class is allowed to be deserialized no class allowlist. An attacker can construct ...
Etcd auth Inaccurate logging of authentication attempts for users with CN-based auth only
Vulnerability type Logging Detail etcd users who have no password can authenticate only through a client certificate. When such users try to authenticate into etcd using the Authenticate endpoint, errors are logged with insufficient information regarding why the authentication failed, and may be...
gnark-crypto's exponentiation in the pairing target group GT using GLV can give incorrect results
Impact When the exponent is bigger than r, the group order of the pairing target group GT, the exponentiation à la GLV ExpGLV can sometimes give incorrect results compared to normal exponentiation Exp. The issue impacts all users using ExpGLV for exponentiations in GT. This does not impact Exp an...
swift-nio-http2 vulnerable to denial of service via invalid HTTP/2 HEADERS frame length
A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. It is fixed in 1.19.2 and later releases. This vulnerability is caused by a logica...
Out-of-bounds Read
An issue was discovered in libbzip3.a in bzip3 1.2.2. There is a bz3decompress out-of-bounds read in certain situations where buffers passed to bzip3 do not contain enough space to be filled with decompressed data. NOTE: the vendor's perspective is that the observed behavior can only occur for a...
Relative Path Traversal
Relative Path Traversal in ca.uhn.hapi.fhir:org.hl7.fhir.utilities...
cnlh nps vulnerable to file overwrite by local user
lib/install/install.go in cnlh nps prior to 0.23.2 uses 0777 permissions for /usr/local/bin/nps and/or /usr/bin/nps, leading to a file overwrite by a local user...
Django vulnerable to Denial of Service via i18n middleware component
The internationalization i18n framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USEI18N option and the i18n component are enabled, allows remote attackers to cause a denial of service memory consumption via many HTTP requests with large...
Django Arbitrary Code Execution
bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a 1 .po or 2 .mo file...
Improper Verification of Cryptographic Signature in aws-encryption-sdk-javascript
This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages. This ESDK supports a streaming mode where callers may stream the plaintext of signed messages before the ECDSA signature is validated...
RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be
A security-sensitive bug was discovered by Open Source Developer Erik Sundell of Sundell Open Source Consulting AB. The functions RandomAlphaNumericint and CryptoRandomAlphaNumericint are not as random as they should be...
Local directory executable lookup in sops (Windows-only)
Impact Windows users using the sops direct editor option sops file.yaml can have a local executable named either vi, vim, or nano executed if running sops from cmd.exe This attack is only viable if an attacker is able to place a malicious binary within the directory you are running sops from. As...
Malicious Package
of 8.9.4 contain malicious code as a preinstall script. The package reads the system's SSH keys but does not upload it to a remote server. Remove the package from your environment. There is no evidence of further compromise at the moment...
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in @apollo/gateway...
Incorrect header injection check
amphp/http isn't properly protected against HTTP header injection...
Arbitrary File Download
This package is vulnerable to Arbitrary File Download. A client can use backslashes to escape the directory the files where exposed from. Note: Only if the host server is a windows-based operating system...
Remote Code Execution
There's a Remote Code Execution vulnerability in the highlight function of Pygmentize...
Object Injection
A flaw in Active Job that can allow string arguments to be deserialized as if they were Global IDs. This may allow a remote attacker to inject arbitrary objects...
Crawl4AI: Unauthenticated SSRF on the Docker server streaming crawl path (/crawl/stream)
The Docker API server applied its SSRF destination check validateurldestination on the non-streaming /crawl path but not on the streaming path. handlestreamcrawlrequest passed seed URLs straight to the crawler with no destination validation. A remote, unauthenticated client could call POST...
SwiftNIO: CRLF Injection in outbound HTTP request URI via NIOHTTPRequestHeadersValidator
Programs using swift-nio is vulnerable to HTTP request smuggling and HTTP response splitting attacks, caused by insufficient validation of outbound HTTP/1.1 request and response start line components. This vulnerability affects all swift-nio versions from 2.0.0 to 2.99.0. It is fixed in 2.100.0 a...
Sparkle: Binary delta apply intermediate-symlink traversal in malicious .delta
Binary delta apply intermediate-symlink traversal in malicious .delta Autoupdate/SUBinaryDeltaApply.m enforces relativePath.pathComponents containsObject:@".." and rejects writes whose immediate parent directory IS itself a symbolic link, but does not detect symlinks deeper in the relative path...
Infinite loop condition in Amazon.IonDotnet
Amazon.IonDotnet ion-dotnet is a .NET library with an implementation of the Ion data serialization format. An issue exists in Amazon.IonDotnet and the RawBinaryReader class where, under certain conditions, an actor could trigger an infinite loop condition...
H2O Vulnerable to Execution of Arbitrary Files
In h2oai/h2o-3 version 3.46.0, an endpoint exposing a custom EncryptionTool allows an attacker to encrypt any files on the target server with a key of their choosing. The chosen key can also be overwritten, resulting in ransomware-like behavior. This vulnerability makes it possible for an attacke...
Flask-AppBuilder Observable Response Discrepancy
User enumeration in database authentication in Flask-AppBuilder = 3.0.0. Allows for a non authenticated user to enumerate existing usernames by timing the response time from the server when brute forcing requests to login...
CVE-2025-0343: Swift ASN.1 can crash when parsing maliciously formed BER/DER
Swift ASN.1 can be caused to crash when parsing certain BER/DER constructions. This crash is caused by a confusion in the ASN.1 library itself which assumes that certain objects can only be provided in either constructed or primitive forms, and will trigger a preconditionFailure if that constrain...