1518 matches found
Improper Neutralization of Equivalent Special Elements
Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5...
URL Redirection to Untrusted Site ('Open Redirect')
This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only...
Use of Hard-coded Credentials
Hardcoded JWT Secret in AgileConfig 1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access...
Unsafe deserialization in com.alibaba:fastjson
The package com.alibaba:fastjson before 1.2.83 is vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not...
OS Command Injection in gogs
Impact The malicious user is able to upload a crafted config file into repository's .git directory with to gain SSH access to the server. All Windows installations with repository upload enabled default are affected. Patches Repository file uploads are prohibited to its .git directory. Users shou...
Improper Link Resolution Before File Access ('Link Following')
An issue was discovered in file profile.go in function GetCPUProfile in beego through 2.0.2, allows attackers to launch symlink attacks locally...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Zope is an open-source web application server. Zope versions have a remote code execution security issue...
URL Redirection to Untrusted Site ('Open Redirect')
Open redirect vulnerability in Gogs before 0.12 allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via an initial /\ substring in the user/login redirectto parameter, related to the function isValidRedirect in routes/user/auth.go...
Missing Authorization
Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object...
Information disclosure issue in Active Resource
There is a possible information disclosure issue in Active Resource v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak information...
URL Redirection to Untrusted Site (Open Redirect)
macaron before has an open redirect in the static handler...
SQL Injection
In Administrate rubygem, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the direction parameter and bypass ActiveRecord SQL protections. Whils...
SQL injection vulnerability in Active Record
Due to the way Active Record handles nested query parameters, an attacker can use a specially crafted request to inject some forms of SQL into your application's SQL queries...
Authenticated (user role) SQL injection in `OrderAndPaginate` (GHSL-2023-270)
The OrderAndPaginate function is used to order and paginate data. It is defined as follows: go func OrderAndPaginatec gin.Context funcdb gorm.DB gorm.DB return funcdb gorm.DB gorm.DB sort := c.DefaultQuery"order", "desc" order := fmt.Sprintf"%s %s", DefaultQueryc, "sortby", "id", sort db =...
hutool Buffer Overflow vulnerability
hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath...
Improper Control of Generation of Code ('Code Injection')
Modelina is a library for generating data models based on inputs such as AsyncAPI, OpenAPI, or JSON Schema documents. Versions prior to 1.0.0 is vulnerable to Code injection. This issue affects anyone who is using the default presets and/or does not handle the functionality themself. This issue h...
Alist vulnerable to Path Traversal
Alist v3.4.0 is vulnerable to Directory Traversal,...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting XSS vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message...
Use after free in Animation
The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available. There is currently little other public information on the issue...
Incorrect Permission Assignment for Critical Resource
When ORT now via atstccfg generates ipallow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. Additionally, these permissions are...
Improper Verification of Cryptographic Signature
bubble fireworks is an open source java package relating to Spring Framework. In bubble fireworks BUILD-SNAPSHOT there is a vulnerability in which the package did not properly verify the signature of JSON Web Tokens. This allows to forgery of valid JWTs...
Missing Authentication for Critical Function
Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos, the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the...
NULL Pointer Dereference
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability...
Cross-site Scripting
Anch allows admins to cause XSS via crafted post content...
XSS Vulnerability in ActiveSupport::JSON.encode
When a Hash containing user-controlled data is encoded as JSON either through Hashtojson or ActiveSupport::JSON.encode, Rails does not perform adequate escaping that matches the guarantee implied by the escapehtmlentitiesinjson option which is enabled by default. If this resulting JSON string is...
Potential XSS Vulnerability in Ruby on Rails
The HTML escaping code in Ruby on Rails does not escape all potentially dangerous characters. In particular the code does not escape the single quote character. The helpers used in Rails itself never use single quotes, so most applications are unlikely to be vulnerable, however all users running ...
aimeos/ai-admin-jsonadm improper access control vulnerability allows editors to remove required records
Improper access control allows editors to remove admin group and locale configuration in Aimeos backend...
ActionText ContentAttachment can Contain Unsanitized HTML
Instances of ActionText::Attachable::ContentAttachment included within a richtextarea tag could potentially contain unsanitized HTML. This has been assigned the CVE identifier CVE-2024-32464. Versions Affected: = 7.1.0 Not affected: 7.1.0 Fixed Versions: 7.1.3.4 Impact ------ This could lead to a...
CasaOS Username Enumeration - Bypass of CVE-2024-24766
The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in CasaOS v0.4.7...
hutool Buffer Overflow vulnerability
hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray...
Insertion of Sensitive Information into Log File
In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects v1.19.3, v1.18.10, v1.17.13...
Helm vulnerable to denial of service through schema file
Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the chartutil package that can cause a segmentation violation. Applications that use functions from the chartutil package in the Helm SDK can have a Denial of Service attack when they use this package and it...
x/crypto/ssh vulnerable to panic via SSH server
The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server...
Gitea allowed assignment of private issues
In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Due to improper access controls, an attacker could assign any issue to any project in Gitea there was no permission check for fetching the issue. As a result, the attacker would get access to private issue title...
Insufficient Session Expiration
Insufficient Session Expiration in GitHub repository cockpit-hq/cockpit prior to 2.2.0...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in github.com/argoproj/argo-cd...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Alist v2.1.0 and below was discovered to contain a cross-site scripting XSS vulnerability via /i/:data/ipa.plist...
Exposure of Sensitive Information to an Unauthorized Actor in FreeTAKServer-UI
FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys...
Incorrect Access Control in Nacos
Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list interface. Service details can then be accessed when not logged in...
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's install hooks, causing a local execution attack. To perform thi...
Uncontrolled Resource Consumption
JPA Server in HAPI FHIR allows a user to deny service e.g., disable access to the database after the attack stops via history requests. This occurs because of a SELECT COUNT statement that requires a full index scan, with an accompanying large amount of server resources if there are many...
Moderate severity vulnerability that affects com.adobe.xmp:xmpcore
XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...
Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk)
Due to the way that Rack::Request and Rails::Request interact, it is possible for a 3rd party or custom rack middleware to parse the parameters insecurely and store them in the same key that Rails uses for its own parameters. In the event that happens the application will receive unsafe parameter...
obx Prototype Pollution
almela obx before v.0.0.4 has a Prototype Pollution issue which allows arbitrary code execution via the obx/build/index.js:656, reduce @almela/obx/build/index.js:470, Object.set obx/build/index.js:269 component...
object-deep-assign Prototype Pollution
alexbinary object-deep-assign 1.0.11 is vulnerable to Prototype Pollution via the extend method of Module.deepAssign /src/index.js...
Uncontrolled Resource Consumption
opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp uses the httpconv.ServerRequest function to annotate metric measurements for the http.server.requestcontentlength,...
MITM based Zip Slip in `ca.uhn.hapi.fhir:org.hl7.fhir.core`
MITM can enable Zip-Slip...
golang.org/x/net/http2/h2c vulnerable to request smuggling attack
A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be...
Uncontrolled Resource Consumption
Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector...
Helm vulnerable to denial of service through through repository index file
Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the repo package that can cause a segmentation violation. Applications that use functions from the repo package in the Helm SDK can have a Denial of Service attack when they use this package and it panics...