Out-of-bounds Read

In Apache Thrift, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data...

Improper Authentication

Auth0 auth0.net has Incorrect Access Control because IdentityTokenValidator can be accidentally used to validate untrusted ID tokens...

XML Entity Expansion

go-yaml is vulnerable to a Billion Laughs Attack...

Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)

The File Session Manager in Beego allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions...

Incorrect Default Permissions

The File Session Manager in Beego allows local users to read session files because of weak permissions for individual files...

Improper Authentication

Improper authentication is possible in Apache Traffic Control versions if LDAP is enabled for login in the Traffic Ops API component. Given a username for a user that can be authenticated via LDAP, it is possible to improperly authenticate as that user without that user's correct password...

Incorrect Default Permissions

In kubelet, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 root on container restart, or if the image was previously pulled to the node. If the pod specified mustRunAsNonRoot: true, the kubelet will refuse to start the container as root. If the pod did not...

Credentials Management

The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components such as kube-apiserver which make use of basic or bearer token authentication, and run at high verbosity...

Incorrect Regular Expression

Istio mishandles regular expressions for long URIs, leading to a denial of service during use of the JWT, VirtualService, HTTPAPISpecBinding, or QuotaSpecBinding API...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Premium Software CLEdit The impact is: An attacker might be able to inject arbitrary html and script code into the web site. The component is: jQuery plug-in. The attack vector is: the victim must open a crafted href attribute of a link A element...

Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory usage

The Pallets Project Flask before 1.0 is affected by unexpected memory usage. The impact is denial of service. The attack vector is crafted encoded JSON data. The fixed version is 1. NOTE this may overlap CVE-2018-1000656...

Improper Input Validation

Istio mishandles certain access tokens, leading to Epoch 0 terminated with an error in Envoy. This is related to a jwtauthenticator.cc segmentation fault...

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in @apollo/gateway...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR library before 3.8.0. The attack involves unsanitized HTTP parameters being output in a form page, allowing attackers to leak cookies and other sensitive information from ca/uhn/fhir/to/BaseController.java via a specially crafte...

Improper Access Control

Istio has Incorrect Access Control...

Cross-site Scripting

XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR library. The attack involves unsanitized HTTP parameters being output in a form page, allowing attackers to leak cookies and other sensitive information from ca/uhn/fhir/to/BaseController.java via a specially crafted URL. This...

Improper Certificate Validation

An issue was discovered in Hybrid Group Gobot. The mqtt subsystem skips verification of root CA certificates by default...

Server Side Request Forgery in Apache Axis

A Server Side Request Forgery SSRF vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2...

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

c3p0 version 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration...

Incorrect Permission Assignment for Critical Resource

In Kubernetes, schema info is cached by kubectl in the location specified by --cache-dir defaulting to $HOME/.kube/http-cache, written with world-writeable permissions rw-rw-rw-. If --cache-dir is specified and pointed at a different location accessible to other users/groups, the written files ma...

Generation of Error Message Containing Sensitive Information

Auth0 Auth0-WCF-Service-JWT leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this error message is presented to an attacker, they can forge an arbitrary JWT token that will be accepted by the vulnerable application...

Use of Externally-Controlled Format String

In Pallets Jinja before 2.8.1, str.format allows a sandbox escape...

CoAPthon DoS due to Exceptions

The Serialize.deserialize method in CoAPthon 3.1, 4.0.0, 4.0.1, and 4.0.2 mishandles certain exceptions, leading to a denial of service in applications that use this library e.g., the standard CoAP server, CoAP client, CoAP reverse proxy, example collect CoAP server and client when they receive...

Sandbox Escape

In Pallets Jinja, str.formatmap allows a sandbox escape...

Deserialization of Untrusted Data

The Serialize.deserialize method in CoAPthon3 mishandles certain exceptions, leading to a denial of service...

Improper Link Resolution Before File Access

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user?s machine. If the tar binary in the container is malicious, it could r...

Allocation of Resources Without Limits or Throttling

There is a possible denial of service vulnerability in Action View Rails where specially crafted accept headers can cause action view to consume % cpu and make the server unresponsive...

Path Traversal in Action View

File Content Disclosure in Action View Impact ------ There is a possible file content disclosure vulnerability in Action View. Specially crafted accept headers in combination with calls to render file: can cause arbitrary files on the target server to be rendered, disclosing the file contents. Th...

Deserialization of Untrusted Data

DISPUTED SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because denylisting of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString is mishandled, related to Resin Gadget. NOTE: The vendor doesn’t...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

In Bootstrap, XSS is possible in the tooltip or popover data-template attribute...

Code Injection

The fromstring function is prone to Server Side Template Injection SSTI where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI...

Improper Access Control

API Platform contains an Incorrect Access Control vulnerability in GraphQL delete mutations that can result in a user authorized to delete a resource can delete any resource. This attack appears to be exploitable via the user must be authorized...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

In Bootstrap, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

In Bootstrap, XSS is possible in the tooltip data-viewport attribute...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

In Bootstrap, XSS is possible in the affix configuration target property...

XML External Entity Reference in c3p0:c3p0

c3p0 allows XXE during initialization...

Inadequate Encryption Strength

The strrotpass function in PHP-Proxy uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file inclusion...

Cross-site Scripting

PHP-Proxy has Cross-Site Scripting XSS via the URL field in index.php...

Exposure of Sensitive Information to an Unauthorized Actor

A bypass vulnerability in Active Storage for Google Cloud Storage and Disk services allow an attacker to modify the content-disposition and content-type parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as cookie...

Deserialization of Untrusted Data

A Broken Access Control vulnerability in Active Job...

Improper Authentication

In PHP Proxy, any user can read files from the server without authentication...

Information Exposure

PHP-Proxy allows remote attackers to read local files if the default pre-installed version intended for users who lack shell access to their web server is used. This occurs because the appkey value from the default config.php is in place, and this value can be easily used to calculate the...

Improper Input Validation

Fastjson allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is mishandled in AjaxApplication.java...

Moderate severity vulnerability that affects com.adobe.xmp:xmpcore

XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive...

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive...

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting XSS attack in the default servlet/services...

Integer Overflow or Wraparound

In the client in Bytom checkTopicRegister in p/discover/net.go does not prevent negative idx values, leading to a crash...

Improper Handling of Case Sensitivity

Improper Handling of Case Sensitivity in easyadmin-extension-bundle...