35936 matches found
Cross-site Scripting (XSS)
Overview next is a react framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the beforeInteractive process, when untrusted input is embedded without proper escaping. An attacker can execute arbitrary JavaScript in a user's browser by injecting malicious...
Allocation of Resources Without Limits or Throttling
Overview next is a react framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Image Optimization API when handling requests to the /next/image endpoint that match the images.localPatterns configuration. An attacker can exhaust...
Server-side Request Forgery (SSRF)
Overview next is a react framework. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via crafted WebSocket upgrade requests. An attacker can access internal or external resources by sending specially crafted requests with absolute-url that cause the server to...
Authentication Bypass Using an Alternate Path or Channel
Overview next is a react framework. Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the handling of segment-prefetch routes. An attacker can gain unauthorized access to protected content by crafting .rsc and segment-prefetch URLs tha...
Authentication Bypass Using an Alternate Path or Channel
Overview next is a react framework. Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via dynamic full-route RSC requests in the deployment adapter. An attacker can gain unauthorized access to protected content by injecting a URL with que...
Directory Traversal
Overview python-liquid is an A Python engine for the Liquid template language. Affected versions of this package are vulnerable to Directory Traversal via the FileSystemLoader and CachingFileSystemLoader components. An attacker can access and render arbitrary files outside the intended search pat...
Insertion of Sensitive Information Into Sent Data
Overview urllib3 is a HTTP library with thread-safe connection pooling, file post, and more. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in urlopen when using ProxyManager.connectionfromurl with assertsamehost=False, directly rather than v...
Missing Authorization
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization in the updatemessagebyid and deletemessagebyid endpoints due to missing ownership validation for messages. An attacker can alter or remove messages belonging to other users by sending...
Inefficient Algorithmic Complexity
Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity due to the computational complexity of attribute name collision checks in XML parsing. An attacker can cause excessive resource consumption by providing specially crafted XML input. Remediation Upgrade...
Missing Authorization
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization in the authentication process. An attacker can gain unauthorized access to user-level API endpoints by registering an account, obtaining a valid JWT while in a pending role, and using th...
Cross-site Scripting (XSS)
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS in the rendering process of the pending user overlay content due to improper sanitization order. An attacker can execute arbitrary JavaScript in the browser context of affected users ...
Missing Authorization
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization in the generatecompletion, embed, embeddings, and showmodelinfo functions. An attacker can access restricted model information and consume compute resources by sending crafted API reques...
Incorrect Authorization
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Incorrect Authorization in the setaccessgrants process. An attacker can override administrative access controls by submitting arbitrary access grants, including wildcard grants, which are persisted without...
Missing Authorization
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization in the basemodelid process. An attacker can gain unauthorized access to restricted models by creating a new model that chains to a restricted base model and invoking it, causing the serv...
Cross-site Scripting (XSS)
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS in the sanitizeResponseContent process. An attacker can execute arbitrary JavaScript in the browser of another user by crafting a malicious model description containing a markdown lin...
Unsafe Dependency Resolution
Overview electerm is an open-sourced terminal/ssh/telnet/serialport/sftp client Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the runWidget function. An attacker can achieve arbitrary code execution by supplying crafted input that exploits path traversal to...
Insufficient Session Expiration
Overview Affected versions of this package are vulnerable to Insufficient Session Expiration due to the failure to revoke existing refresh tokens in the auth.refreshtokens and auth.oauth2refreshtokens tables after a password change. An attacker can maintain unauthorized access to a user's account...
Directory Traversal
Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the SimpleFunctionRegistry composition. An attacker can exhaust memory or trigger unbounded recursive function composition by supplying crafted function definitions that...
Improper Neutralization of Special Elements in Data Query Logic
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the MilvusVectorStoredoDeleteList implementation. An attacker can inject filter expressions by supplying crafted document IDs that are not properly sanitized before bei...
Timing Attack
Overview mcp-ssh-tool is a Model Context Protocol MCP SSH client server for remote automation Affected versions of this package are vulnerable to Timing Attack in the transfer-related filesystem handling process. An attacker can access unauthorized files or directories by bypassing local path...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the SWnentries function in the file SWapi.c. An attacker can achieve arbitrary code execution or cause a denial of service by providing a specially crafted HDF-EOS file with DimensionName argument that...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the SWnentries function in the file SWapi.c. An attacker can achieve arbitrary code execution or cause a denial of service by providing a specially crafted HDF-EOS file with DimensionName argument that...
Active Debug Code
Overview Affected versions of this package are vulnerable to Active Debug Code via the Installer process. An attacker can access sensitive server configuration, environment variables, filesystem paths, and loaded PHP extensions by sending an unauthenticated GET request with the phpinfo parameter...
Allocation of Resources Without Limits or Throttling
Overview std/net/mail is a Go standard library package std/net/mail Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger...
Infinite loop
Overview golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. Affected versions of this package are vulnerable to Infinite loop. Go Vulnerability Report: When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receiv...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the process handling incoming requests. An attacker can perform unauthorized actions on behalf of an authenticated user by tricking them into submitting a crafted request. Remediation Upgrade...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the readVariableLengthInteger function. An attacker can trigger undefined behavior and potentially execute arbitrary code by providing specially crafted EXR input that causes excessive left shifts...
Symlink Attack
Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Symlink Attack via the isPathAllowed path check in lib/resolver-compat.js. An attacker can execute code outside the configured...
Arbitrary Code Injection
Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through lib/builtin.js. An attacker can execute host code when the allowlist includes -X or uses and then...
Arbitrary Code Injection
Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through the BaseHandler write traps in lib/bridge.js. An attacker can mutate host Object.prototype, Array.prototype,...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via improper validation of the supi path parameter in multiple GET handlers. An attacker can obtain internal infrastructure details, including hostnames, ports, and API paths, by injecting control characters into th...
Improperly Implemented Security Check for Standard
Overview Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard due to missing concurrent procedure validation in the SecurityMode and handleHandoverRequiredMain functions. An attacker can cause mismatches between security contexts, potentially...
Open Redirect
Overview Microsoft.Kiota.Http.HttpClientLibrary is a dotnet HTTP library implementation with HttpClient. Affected versions of this package are vulnerable to Open Redirect in the RedirectHandler function. An attacker can obtain sensitive information such as session cookies, proxy credentials, and...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the downloadFrom and webhook processes. An attacker can access internal network resources and potentially exfiltrate sensitive information or interact with internal-only services by supplying special...
Server-side Request Forgery (SSRF)
Overview github.com/gotenberg/gotenberg/v7/pkg/modules/chromium is a Docker-powered stateless API for PDF files. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the FilterOutboundURL process. An attacker can access internal network resources and retrie...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the handling of index rollover requests when an explicit target index name is provided. An attacker can create a new index with an unauthorized name by exploiting insufficient access control checks on the targ...
Allocation of Resources Without Limits or Throttling
Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the bodyLimit function. An attacker can bypass request size restrictions by sending chunked or unknown-length requests, allowing...
Cross-site Scripting (XSS)
Overview @jupyterlab/apputils is a JupyterLab - Application Utilities Affected versions of this package are vulnerable to Cross-site Scripting XSS via the handling of data-commandlinker-command and data-commandlinker-args attributes in HTML content. An attacker can execute arbitrary commands,...
Cross-site Scripting (XSS)
Overview @jupyterlab/rendermime-interfaces is a JupyterLab - Interfaces for Mime Renderers Affected versions of this package are vulnerable to Cross-site Scripting XSS via the handling of data-commandlinker-command and data-commandlinker-args attributes in HTML content. An attacker can execute...
Cross-site Scripting (XSS)
Overview @jupyterlab/rendermime is a JupyterLab - RenderMime Affected versions of this package are vulnerable to Cross-site Scripting XSS via the handling of data-commandlinker-command and data-commandlinker-args attributes in HTML content. An attacker can execute arbitrary commands, including co...
SQL Injection
Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to SQL Injection in the setTokenData function when OAuth token fields are interpolated into a SQL statement without proper escaping. An attacker can execut...
Cross-site Scripting (XSS)
Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Cross-site Scripting XSS via the decodeAllEntities function. An attacker can execute arbitrary JavaScript in the context of the application origin by...
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect via the trainerlogin function. An attacker can redirect a user's browser to an external, attacker-controlled URL by supplying a crafted next parameter, potentially exposing sensitive information such as the original URL...
Allocation of Resources Without Limits or Throttling
Overview basic-ftp is a FTP client for Node.js, supports FTPS over TLS, IPv6, Async/Await, and Typescript. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the connect function. An attacker can cause excessive memory and CPU consumption,...
Binding to an Unrestricted IP Address
Overview Affected versions of this package are vulnerable to Binding to an Unrestricted IP Address which defaults to 0.0.0.0 when the -port argument is used or the -listen argument is used without specifying a host. An attacker can execute arbitrary code remotely by connecting to the exposed...
LDAP Injection
Overview lemur is a Certificate management and orchestration service Affected versions of this package are vulnerable to LDAP Injection via unsanitized input in the username field during the authentication process. An attacker can escalate privileges and gain unauthorized access to sensitive...
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the condition process. An attacker can execute arbitrary commands on the server by injecting malicious...
Use of a Broken or Risky Cryptographic Algorithm
Overview paramiko is a library for making SSH2 connections client or server. Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in the RSA key handling by allowing the use of the SHA-1 algorithm. An attacker can compromise the integrity of...
Directory Traversal
Overview org.springframework.cloud:spring-cloud-config-server is a library that provides an HTTP resource-based API for external configuration. Affected versions of this package are vulnerable to Directory Traversal via the EnvironmentController, ResourceController, and EncryptionController reque...