1518 matches found
Improper Input Validation
Fastjson allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is mishandled in AjaxApplication.java...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
In Bootstrap, XSS is possible in the collapse data-parent attribute...
DragonFly vulnerable to panics due to nil pointer dereference when using variables created alongside an error
We found two instances in the DragonFly codebase where the first return value of a function is dereferenced even when the function returns an error figures 9.1 and 9.2. This can result in a nil dereference, and cause code to panic. The codebase may contain additional instances of the bug. golang...
Insufficiently Protected Credentials
Jenkins BMC Release Package and Deployment Plugin 1.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
Improper Control of Generation of Code ('Code Injection')
CVE-2010-2235 RHN Satellite cobbler: Code injection flaw ACE as root by processing of a specially-crafted kickstart template file...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that...
Flask-AppBuilder Open Redirect vulnerability
If using Flask-AppBuilder OAuth, an attacker can share a carefully crafted URL with a trusted domain for an application built with Flask-AppBuilder, this URL can redirect a user to a malicious site. This is an open redirect vulnerability...
Open Redirect in Flask-User
This affects all versions of package Flask-User. When using the makesafeurl function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple backslashes such as /////evil.com/path or \\evil.com/path. This vulnerability is only exploitable if an...
Inadequate Encryption Strength
go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received public key on a message is on the same curve as the static private key of the receiver, thus making ...
Improper Authentication
Apollos Apps is an open source platform for launching church-related apps. In Apollos Apps, new user registrations are able to access anyone's account by only knowing their basic profile information name, birthday, gender, etc. This includes all app functionality within the app, as well as any...
Integer Overflow or Wraparound
A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability...
Inclusion of Sensitive Information in Log Files
In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims...
Cross-Site Request Forgery (CSRF)
A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Improper Authentication
Improper authentication is possible in Apache Traffic Control versions if LDAP is enabled for login in the Traffic Ops API component. Given a username for a user that can be authenticated via LDAP, it is possible to improperly authenticate as that user without that user's correct password...
@actions/artifact has an Arbitrary File Write via artifact extraction
Versions of actions/artifact before 2.1.7 are vulnerable to arbitrary file write when using downloadArtifactInternal, downloadArtifactPublic, or streamExtractExternal for extracting a specifically crafted artifact that contains path traversal filenames...
Exposure of Sensitive Information to an Unauthorized Actor
AccessControl provides a general security framework for use in Zope. Python's "format" functionality allows someone controlling the format string to "read" objects accessible recursively via attribute access and subscription from accessible objects. Those attribute accesses and subscriptions use...
Use After Free
An issue was discovered with assimp 5.1.4, a use after free occurred in function ColladaParser::ExtractDataObjectFromChannel in file /code/AssetLib/Collada/ColladaParser.cpp...
Missing Authorization
KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds...
Exposure of Resource to Wrong Sphere
Azure Storage Library Information Disclosure Vulnerability...
Lookup operations do not take into account wildcards in SpiceDB
SpiceDB is a database system for managing security-critical application permissions. Any user making use of a wildcard relationship under the right hand branch of an exclusion or within an intersection operation will see Lookup/LookupResources return a resource as "accessible" if it is not...
Improper Authentication in Flask-AppBuilder
Improper authentication on the REST API. Allows for a malicious actor with a carefully crafted request to successfully authenticate and gain access to existing protected REST API endpoints. Only affects non database authentication types, and new REST API endpoints...
Authentication Bypass by Spoofing
Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos, when configured to use authentication -Dnacos.core.auth.enabled=true it uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor that enables Nacos server...
Server-Side Request Forgery (SSRF)
The Kubernetes kube-controller-manager is vulnerable to a Server Side Request Forgery SSRF that allows certain authorized users to leak up to bytes of arbitrary information from unprotected endpoints within the master's host network such as link-local or loopback services...
Improper Input Validation
actionpack/lib/actionview/lookupcontext.rb in Action View in Ruby on Rails allows remote attackers to cause a denial of service memory consumption via a header containing an invalid MIME type that leads to excessive caching...
melange has Path Traversal via .PKGINFO in --persist-lint-results
melange lint --persist-lint-results opt-in flag, also usable via melange build --persist-lint-results constructs output file paths by joining --out-dir with the arch and pkgname values read from the .PKGINFO control file of the APK being linted. In affected versions these values were not validate...
melange's world-writable permissions expose SBOM files to potential image tampering
It was discovered that the SBOM files generated by melange in apks had file system permissions mode 666: $ apkrane ls https://packages.wolfi.dev/os/x8664/APKINDEX.tar.gz -P hello-wolfi --full --latest | xargs wget -q -O - | tar tzv 2/dev/null var/lib/db/sbom drwxr-xr-x root/root 0 2025-06-23 14:1...
HAPI FHIR XML External Entity (XXE) vulnerability
An XML External Entity XXE vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities...
CasaOS Username Enumeration
Summary The Casa OS Login page has disclosed the username enumeration vulnerability in the login page. Details It is observed that the attacker can enumerate the CasaOS username using the application response. If the username is incorrect application gives the error "User does not exist", If the...
HTTP/2 Stream Cancellation Attack
HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RSTSTREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The clie...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
ACS Commons version 4.9.2 and earlier suffers from a Reflected Cross-site Scripting XSS vulnerability in version-compare and page-compare due to invalid JCR characters that are not handled correctly. An attacker could potentially exploit this vulnerability to inject malicious JavaScript content...
Information Exposure
GSocketClient in GNOME GLib may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxyaddr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
In Bootstrap, XSS is possible in the affix configuration target property...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
SQL injection vulnerability in activerecord/lib/activerecord/connectionadapters/postgresql/cast.rb in Active Record in Ruby on Rails beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ backslash characters that are not properly handle...
Autolab Misconfigured Reset Password Permissions
For email-based accounts, users with insufficient privileges could reset and theoretically access privileged users' accounts by resetting their passwords...
Missing Authorization
An attacker is able to read any file on the server hosting the H2O dashboard without any authentication...
Incorrect Permission Assignment for Critical Resource
Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker to obtain sensitive information via the ConfigVerifyController function of the Tenant Management module...
Beaker Sensitive Information Disclosure vulnerability
Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...
Cross-site Scripting
nextjs-auth0 lacks HTML escaping for error messages...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
In Bootstrap, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041...
Django Cross-Site Request Forgery vulnerability
The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page...
Active Record contains SQL Injection
SQL injection vulnerability in the Active Record component in Ruby on Rails before 2.3.15, 3.0.x before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in...
SQL Injection Vulnerabilities Affecting PostgreSQL
SQLi vulnerability in activerecord...
gotortc vulnerable to Cross-Site Request Forgery
gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to Cross-Site Request Forgery. The /api/config endpoint allows one to modify the existing configuration with user-supplied values. While the API is only allowing localhost to interact without authentication, an...
Cross-Site Request Forgery in Anchor CMS
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery CSRF via /anchor/admin/users/delete/2...
hutool Buffer Overflow vulnerability
hutool v5.8.21 was discovered to contain a buffer overflow via the component JSONUtil.parse...
hutool Buffer Overflow vulnerability
hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray...
Improper Access Control
KubePi is an opensource kubernetes management panel. A normal user has permission to create/update users, they can become admin by editing the isadmin value in the request. As a result any user may take administrative control of KubePi. This issue has been addressed in version 1.6.5. Users are...
Djiblets Cross-site scripting Vulnerability via JSON Objects
A cross-site scripting XSS vulnerability in util/templatetags/djbletsjs.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user...
Server-Side Request Forgery (SSRF)
C1 CMS is an open-source, .NET based Content Management System CMS. Versions prior to 6.12 allow an authenticated user to exploit Server Side Request Forgery SSRF by causing the server to make arbitrary GET requests to other servers in the local network or on localhost. The attacker may also...
Hard coded credentials in FreeTAKServer
FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges...