31960 matches found
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization through the POST /upi/v1/upNodesLinks handler, which processes attacker-controlled JSON input without authentication or authorization checks. An attacker can terminate the entire process by submitting a crafted...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization through the POST /upi/v1/upNodesLinks handler, which processes attacker-controlled JSON input without authentication or authorization checks. An attacker can terminate the entire process by submitting a crafted...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the nnef-callback route group, which lacks inbound authentication and authorization checks. An attacker can access sensitive business logic and potentially manipulate subscription state by submitting forged...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the nnef-callback route group, which lacks inbound authentication and authorization checks. An attacker can access sensitive business logic and potentially manipulate subscription state by submitting forged...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the nnef-callback route group, which lacks inbound authentication and authorization checks. An attacker can access sensitive business logic and potentially manipulate subscription state by submitting forged...
Improper Handling of Exceptional Conditions
Overview Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions through improper handling of notification delivery failures in the FlushNotifications process. An attacker can cause the service to terminate unexpectedly by supplying a crafted notifyUri that...
Missing Synchronization
Overview Affected versions of this package are vulnerable to Missing Synchronization through unsynchronized access to the Subscriptions map in the PUT /nbsf-management/v1/subscriptions/subId handler. An attacker can cause the process to terminate unexpectedly by sending concurrent authenticated P...
Improper Check for Unusual or Exceptional Conditions
Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the provisioningOfTrafficRoutingInfo function when a POST request to the app-session creation endpoint includes suppFeat set to "1" and a medComponents entry with afAppId present b...
Improper Check for Unusual or Exceptional Conditions
Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the HandleCreateSmPolicyRequest process when a downstream OpenAPI consumer call returns a 404 error and the response struct is nil. An attacker can cause the application to panic a...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the 3gpp-pfd-management API. An attacker can create, read, and delete transaction state by sending requests with forged or arbitrary bearer tokens, even if the service is not declared in the configuration...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the 3gpp-pfd-management API. An attacker can create, read, and delete transaction state by sending requests with forged or arbitrary bearer tokens, even if the service is not declared in the configuration...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the 3gpp-pfd-management API. An attacker can create, read, and delete transaction state by sending requests with forged or arbitrary bearer tokens, even if the service is not declared in the configuration...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the 3gpp-pfd-management API. An attacker can create, read, and delete transaction state by sending requests with forged or arbitrary bearer tokens, even if the service is not declared in the configuration...
Arbitrary File Upload
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Arbitrary File Upload via the storedoc process. An attacker can write arbitrary files to locations outside the intended upload directory by supplying crafted filenames containing path traversal sequences in t...
Missing Authorization
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization in the authentication process. An attacker can gain unauthorized access to user-level API endpoints by registering an account, obtaining a valid JWT while in a pending role, and using th...
Cross-site Scripting (XSS)
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS in the process that previews Excel file attachments using the sheettohtml function. An attacker can execute arbitrary scripts in the context of the victim's browser by uploading a...
Incorrect Authorization
Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Incorrect Authorization in the PATCH process to /api/v1/users/id when the permissions array is not properly restricted. An attacker can gain unauthorized administrative...
Improper Handling of Inconsistent Special Elements
Overview Affected versions of this package are vulnerable to Improper Handling of Inconsistent Special Elements due to inconsistent handling of negation operators in glob pattern processing. An attacker can cause unintended rule matching or bypass intended restrictions by crafting layouts that ar...
Cross-site Scripting (XSS)
Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the notes field of the component checkout process. An attacker can execute arbitrary JavaScript code in the context of another user by submitting...
Cross-site Scripting (XSS)
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS in the rendering process of the pending user overlay content due to improper sanitization order. An attacker can execute arbitrary JavaScript in the browser context of affected users ...
Embedded Malicious Code
Overview com.checkmarx.jenkins:checkmarx-ast-scanner is a plugin that allows the user to scan their source code using Checkmarx AST platform and provide the results as a feedback. Affected versions of this package are vulnerable to Embedded Malicious Code. A version of the Checkmarx Jenkins AST...
HTTP Response Splitting
Overview eventsource-encoder is an Encodes events as well-formed EventSource/Server Sent Event SSE messages Affected versions of this package are vulnerable to HTTP Response Splitting via unsanitized event and id fields in the encoding process. An attacker can inject arbitrary Server-Sent Events...
Improper Certificate Validation
Overview OpenTelemetry.Exporter.Instana is an Instana Exporter for OpenTelemetry .NET Affected versions of this package are vulnerable to Improper Certificate Validation in the ConfigureBackendClient process when a proxy is configured using the INSTANAENDPOINTPROXY environment variable. An attack...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when handling excessively large HTTP request bodies. A malicious pod on the same cluster can exhaust system memory and trigger an OOM condition. Remediation Upgrade...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when handling excessively large HTTP request bodies. A malicious pod on the same cluster can exhaust system memory and trigger an OOM condition. Remediation Upgrade...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when handling excessively large HTTP request bodies. A malicious pod on the same cluster can exhaust system memory and trigger an OOM condition. Remediation Upgrade...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when handling excessively large HTTP request bodies. A malicious pod on the same cluster can exhaust system memory and trigger an OOM condition. Remediation Upgrade...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when handling excessively large HTTP request bodies. A malicious pod on the same cluster can exhaust system memory and trigger an OOM condition. Remediation Upgrade...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when handling excessively large HTTP request bodies. A malicious pod on the same cluster can exhaust system memory and trigger an OOM condition. Remediation Upgrade...
Improper Neutralization of Special Elements Used in a Template Engine
Overview banks is an A prompt programming language Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the Prompt process. An attacker can execute arbitrary code on the host system by supplying specially crafted template...
Type Confusion
Overview Affected versions of this package are vulnerable to Type Confusion in code compilation. An attacker can execute arbitrary code by providing malicious input. Notes: This is only exploitable if the system compiles untrusted or attacker-controlled code. Workaround This vulnerability can be...
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Overview Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the processing of JDBC connection URL parameters. An attacker can execute arbitrary code by supplying a crafted connection URL that causes the loading...
Improper Handling of Insufficient Permissions or Privileges
Overview wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges on page copy. An attacker can gain unauthorized access to restricted page content by copying pages from are...
Improper Handling of Insufficient Permissions or Privileges
Overview wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges via the API for documents and images. A user with access to the API can access filenames and names of items...
Improper Handling of Insufficient Permissions or Privileges
Overview wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges in the deletion of form submissions. A user can remove other users' form submissions without proper...
Improper Handling of Insufficient Permissions or Privileges
Overview wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges when viewing page history. A user without edit permissions on a given page can access the history report fo...
Improper Handling of Insufficient Permissions or Privileges
Overview wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges via revision comparisons. An attacker can gain unauthorized access to sensitive information by supplying th...
Missing Authorization
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization in the getsourcesfromitems process. An attacker can access unauthorized file and knowledge base content by supplying known file or knowledge base identifiers to the chat completion API,...
Incorrect Authorization
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Incorrect Authorization in the isuserchannelmember function. An attacker can retain unauthorized read and write access to group or direct message channels by making direct API calls after being deactivated fr...
Incorrect Authorization
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Incorrect Authorization in the ydoc:document:update handler. An attacker can inject, modify, or delete content in collaborative documents by emitting crafted Socket.IO events after joining a document room wit...
Missing Authorization
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization in the generatecompletion, embed, embeddings, and showmodelinfo functions. An attacker can access restricted model information and consume compute resources by sending crafted API reques...
Missing Authorization
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization through the importmodels process. An attacker can overwrite existing models owned by other users, modify their configuration, and escalate access by submitting crafted payloads to the...
Missing Authorization
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization in the getchannelmembersbyid process. An attacker can retrieve the list of users, including their IDs, names, emails, roles, and profile images, associated with a private channel by maki...
Missing Authorization
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization via the validatecollectionaccess function. An attacker can obtain sensitive metadata, such as IDs, names, and descriptions of all knowledge bases across users, by sending crafted API...
Missing Authorization
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization in the processweb and processyoutube endpoints when the overwrite parameter is set to true and the collectionname is attacker-controlled. An attacker can overwrite or delete another user...
Incorrect Authorization
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Incorrect Authorization in the setaccessgrants process. An attacker can override administrative access controls by submitting arbitrary access grants, including wildcard grants, which are persisted without...
Missing Authorization
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization through the /responses endpoint, which fails to enforce per-model access control. An attacker can interact with any configured model, including those restricted by administrators, by...
Missing Authorization
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization in the basemodelid process. An attacker can gain unauthorized access to restricted models by creating a new model that chains to a restricted base model and invoking it, causing the serv...
Exposure of Resource to Wrong Sphere
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere in the handling of Redis cache keys for toolservers and terminalservers when multiple instances share a Redis backend. An attacker can overwrite or inject malicious tool...
Incorrect Authorization
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Incorrect Authorization in the SESSIONPOOL process. An attacker can maintain unauthorized access to other users' notes and modify their content by keeping an active Socket.IO session after their administrativ...