1518 matches found
gotortc Cross-site Scripting vulnerability
gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The index page index.html shows the available streams by fetching the API in the client side. Then, it uses Object.entries to iterate over the result whose first item name gets...
CasaOS Command Injection vulnerability
CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Version 0.4.4 contains a patch for the issue...
RobotsAndPencils go-saml authentication bypass vulnerability
RobotsAndPencils go-saml, a SAML client library written in Go, contains an authentication bypass vulnerability in all known versions. This is due to how the xmlsec1 command line tool is called internally to verify the signature of SAML assertions. When xmlsec1 is used without defining the enabled...
@75lb/deep-merge Prototype Pollution vulnerability
Prototype Pollution in 75lb deep-merge 1.1.1 allows attackers to execute arbitrary code or cause a Denial of Service DoS and cause other impacts via merge methods of lodash to merge objects...
Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment
Description: Remote Code Execution Vulnerability has been identified in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. The uploaded file can be accessed publicly through the URL admidiobaseurl/admmyfiles/messagesattachments/filename. Th...
Admidio has Blind SQL Injection in ecard_send.php
Description: An SQL Injection has been identified in the /admprogram/modules/ecards/ecardsend.php source file of the Admidio Application. The SQL Injection results in a compromise of the application's database. The value of ecardrecipients POST parameter is being directly concatenated with the SQ...
Anki Latex Incomplete Blocklist Vulnerability
An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. ...
H2O vulnerable to Deserialization of Untrusted Data
The H2O machine learning platform uses "Iced" classes as the primary means of moving Java Objects around the cluster. The Iced format supports inclusion of serialized Java objects. When a model is deserialized, any class is allowed to be deserialized no class allowlist. An attacker can construct ...
1Panel has an SQL injection issue related to the orderBy clause
There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. The proof is as follows...
ai-controller-frontend payment status in basket isn't reset
Payment status in basket isn't reset...
aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account
aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.01 and prior to versions 2022.10.10, 2023.10.6, and 2024.04.6, an improper access control vulnerability allows an editor to modify and take over an admin account in the back end. Versions 2022.10.10,...
aimeos/ai-admin-graphql improper access control vulnerability allows editors to manage own services
aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.1 and prior to versions 2022.10.10, 2023.10.6, and 2024.4.2, improper access control allows a editors to manage own services via GraphQL API which isn't allowed in the JQAdm front end. Versions...
aimeos/ai-admin-jsonadm improper access control vulnerability allows editors to remove required records
Improper access control allows editors to remove admin group and locale configuration in Aimeos backend...
akbr patch-into was discovered to contain a prototype pollution via the function patchInto
akbr patch-into v1.0.1 was discovered to contain a prototype pollution via the function patchInto. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...
adolph_dudu ratio-swiper was discovered to contain a prototype pollution via the function extendDefaults
adolphdudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function extendDefaults. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...
frappejs was discovered to contain a prototype pollution via the function registerView
airvertco frappejs v0.0.11 was discovered to contain a prototype pollution via the function registerView. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...
ag-grid packages vulnerable to Prototype Pollution
ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...
Aimeos HTML client may potentially reveal sensitive information in error log
Debug information can reveal sensitive information from environment variables in error log...
@akbr/update Prototype Pollution
akbr update 1.0.0 is vulnerable to Prototype Pollution via update/index.js...
flatten-json Prototype Pollution
A Prototype Pollution issue in flatten-json 1.0.1 allows an attacker to execute arbitrary code via module.exports.unflattenJSON flatten-json/index.js:42...
Badger Database Prototype Pollution
A Prototype Pollution issue in abw badger-database 1.2.1 allows an attacker to execute arbitrary code via dist/badger-database.esm...
DeepJavaLibrary API absolute path traversal
DeepJavaLibraryDJL versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed in DJL 0.28.0 and patched in DJL Large Model Inference containers 0.27.0. Impacted versions: 0.1.0 throu...
obx Prototype Pollution
almela obx before v.0.0.4 has a Prototype Pollution issue which allows arbitrary code execution via the obx/build/index.js:656, reduce @almela/obx/build/index.js:470, Object.set obx/build/index.js:269 component...
object-deep-assign Prototype Pollution
alexbinary object-deep-assign 1.0.11 is vulnerable to Prototype Pollution via the extend method of Module.deepAssign /src/index.js...
AdGuardHome privilege escalation vulnerability
An issue in AdGuardHome v0.93 to latest allows unprivileged attackers to escalate privileges via overwriting the AdGuardHome binary...
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability...
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability...
aimeos-core arbitrary file uopload vulnerability
An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to execute arbitrary code via uploading a crafted PHP file...
Duplicate
This advisory duplicates another...
Remote code execution in web server context
User with administrative privileges and upload files that look like images but contain PHP code which can then be executed in the context of the web server...
Duplicate
This advisory duplicates another...
Digital products download without proper payment status check
Digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment didn't succeed...
Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC
An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption...
Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC
An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption...
ActionText ContentAttachment can Contain Unsanitized HTML
Instances of ActionText::Attachable::ContentAttachment included within a richtextarea tag could potentially contain unsanitized HTML. This has been assigned the CVE identifier CVE-2024-32464. Versions Affected: = 7.1.0 Not affected: 7.1.0 Fixed Versions: 7.1.3.4 Impact ------ This could lead to a...
apko Exposure of HTTP basic auth credentials in log output
Exposure of HTTP basic auth credentials from repository and keyring URLs in log output...
activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legends
Users settings their active admin form legends dynamically may be vulnerable to stored XSS, as long as its value can be injected directly by a malicious user. For example: A public web application allows users to create entities with arbitrary names. Active Admin is used to administrate these...
Duplicate
This advisory duplicates another...
Aimeos denial of service vulnerability in SaaS and marketplace setups
All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack...
amphp/artax Cookie leakage to wrong origins and non-restricted cookie acceptance
In artax version before 1.0.6 and 2 before 2.0.6, cookies of foo.bar.example.com were leaked to foo.bar. Additionally, any site could set cookies for any other site. Artax fixed this issue by following newer browser implementations now. Cookies can only be set on domains higher or equal to the...
easyadmin-extension-bundle action case insensitivity
In alterphp/easyadmin-extension-bundle, role based access rules do not handle action name case sensitivity which may lead to unauthorized access...
pygmentize Remote Code Execution
pygmentize is prone to remote code execution due to an unsafe sanitazation of user input when passed to the highlight function...
ADOdb SQL injection vulnerability
The ADOdb Library for PHP prior to version 5.20.11 is prone to SQL Injection vulnerability in multiple drivers...
amphp/http-client Header leakage on cross-domain redirects
amphp/http-client has a security weakness that might leak sensitive request headers from the initial request to the redirected host on cross-domain redirects, which were not removed correctly. Message::setHeaders does not replace the entire set of headers, but only operates on the headers matchin...
amphp/http Host Header Injection vulnerability
amphp/http versions before 1.0.1 allows an attacker to supply invalid input in the Host header which may lead to various type of Host header injection attacks...
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.
An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java BC Java before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of th...
Bouncy Castle crafted signature and public key can be used to trigger an infinite loop
An issue was discovered in Bouncy Castle Java Cryptography APIs starting in 1.73 and before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key...
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.
An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java BC Java before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of th...
Bouncy Castle crafted signature and public key can be used to trigger an infinite loop
An issue was discovered in Bouncy Castle Java Cryptography APIs starting in 1.73 and before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key...
Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")
An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing...