31960 matches found
XML External Entity (XXE) Injection
Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the cmis-online/query process. An attacker can access sensitive information by submitting specially...
Cross-site Scripting (XSS)
Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the cmis-online/type process. An attacker can execute arbitrary scripts in the context of a user's browser by...
Cross-site Scripting (XSS)
Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the updateModelGroups.jsp process. An attacker can execute arbitrary scripts in the context of a user's browser by...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the pdfContext.setOption process. An attacker can access arbitrary files readable by the PHP worker by uploading a crafted PDF invoice template that triggers the embedding of file contents into the generated PDF...
Directory Traversal
Overview short-video-maker is a Creates short videos for TikTok, Instagram Reels, and YouTube Shorts using the Model Context Protocol MCP and a REST API. Affected versions of this package are vulnerable to Directory Traversal via the req.params.tmpFile parameter in the REST API. An attacker can...
Prompt Injection
Overview org.springframework.ai:spring-ai-model is a Core model interfaces and classes for Spring AI Affected versions of this package are vulnerable to Prompt Injection via conversation memory handling in the affected advisor. An attacker can inject crafted input in conversation memory that is...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the SimpleFunctionRegistry composition. An attacker can exhaust memory or trigger unbounded recursive function composition by supplying crafted function definitions that...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the SimpleFunctionRegistry composition and function wrapper cache in SimpleFunctionRegistry.java. An attacker can exhaust memory by supplying many distinct composed function...
Prompt Injection
Overview org.springframework.ai:spring-ai-advisors-vector-store is a Chat client advisors for Spring AI Affected versions of this package are vulnerable to Prompt Injection via conversation memory handling in the affected advisor. An attacker can inject crafted input in conversation memory that i...
Prompt Injection
Overview org.springframework.ai:spring-ai-model-chat-memory-repository-jdbc is a Spring AI JDBC Chat Memory implementation Affected versions of this package are vulnerable to Prompt Injection via conversation memory handling in the affected advisor. An attacker can inject crafted input in...
Missing Authorization
Overview org.springframework.ai:spring-ai-openai is an OpenAI models support Affected versions of this package are vulnerable to Missing Authorization via the default configuration of the Spring AI chat memory component. An attacker can access data from other users when DEFAULTCONVERSATIONID is n...
Prompt Injection
Overview org.springframework.ai:spring-ai-client-chat is a Spring AI Chat Client AI programming Affected versions of this package are vulnerable to Prompt Injection via conversation memory handling in the affected advisor. An attacker can inject crafted input in conversation memory that is later...
Improper Neutralization of Special Elements in Data Query Logic
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the MilvusVectorStoredoDeleteList implementation. An attacker can inject filter expressions by supplying crafted document IDs that are not properly sanitized before bei...
Improper Neutralization of Special Elements in Data Query Logic
Overview org.springframework.ai:spring-ai-milvus-store is a Spring AI Vector Store - Milvus Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the MilvusVectorStoredoDeleteList implementation. An attacker can inject filter...
Server-side Request Forgery (SSRF)
Overview utcp-http is an UTCP communication protocol plugin for HTTP, SSE, and streamable HTTP, plus an OpenAPI converter. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the calltool and calltoolstreaming functions when attacker-controlled URLs from OpenA...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the GDfieldinfo function. An attacker can cause a denial of service by triggering an out-of-bounds read by supplying a crafted HDF4-EOS grid file with an empty or single-character DimList value. Remediatio...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the GDfieldinfo function. An attacker can cause a denial of service by triggering an out-of-bounds read by supplying a crafted HDF4-EOS grid file with an empty or single-character DimList value. Remediatio...
Cross-site Scripting (XSS)
Overview netbox-data-flows is a NetBox plugin to document data flows between systems and applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ObjectAlias.name field rendered in DataFlow tables. An attacker can execute arbitrary JavaScript in the brows...
Timing Attack
Overview mcp-ssh-tool is a Model Context Protocol MCP SSH client server for remote automation Affected versions of this package are vulnerable to Timing Attack in the transfer-related filesystem handling process. An attacker can access unauthorized files or directories by bypassing local path...
External Control of File Name or Path
Overview apm-cli is a MCP configuration tool Affected versions of this package are vulnerable to External Control of File Name or Path through improper validation of manifest-controlled paths in the plugin.json file during the installation process. An attacker can cause arbitrary files or...
Improper Handling of Exceptional Conditions
Overview Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions in the token revocation process. An attacker can maintain unauthorized access by using a stolen access token that was issued with no expiration, as the token cannot be invalidated through...
Improper Handling of Exceptional Conditions
Overview Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions in the token revocation process. An attacker can maintain unauthorized access by using a stolen access token that was issued with no expiration, as the token cannot be invalidated through...
Improper Handling of Exceptional Conditions
Overview Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions in the token revocation process. An attacker can maintain unauthorized access by using a stolen access token that was issued with no expiration, as the token cannot be invalidated through...
Improper Handling of Exceptional Conditions
Overview Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions in the token revocation process. An attacker can maintain unauthorized access by using a stolen access token that was issued with no expiration, as the token cannot be invalidated through...
Improper Handling of Exceptional Conditions
Overview Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions in the token revocation process. An attacker can maintain unauthorized access by using a stolen access token that was issued with no expiration, as the token cannot be invalidated through...
Improper Use of Validation Framework
Overview Affected versions of this package are vulnerable to Improper Use of Validation Framework in the parseAndValidateClientRedirect process. An attacker can obtain OAuth exchange codes intended for other users by crafting a redirecturi that matches an allowed scheme and host but specifies a...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchPeerConnectInfo function. An attacker can access sensitive internal resources by supplying crafted URLs to the server, which are then requested on behalf of the authenticated user. Remediati...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization through the PUT /api/echo/like/:id endpoint, which lacks authentication and rate limiting. An attacker can manipulate the favcount of any echo, including private ones, by sending repeated requests without...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization through the PUT /api/echo/like/:id endpoint, which lacks authentication and rate limiting. An attacker can manipulate the favcount of any echo, including private ones, by sending repeated requests without...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization in the PUT /api/echo/like/:id endpoint. An attacker can manipulate engagement metrics by sending repeated unauthenticated requests to the like endpoint, resulting in arbitrary inflation of the favcount value...
Improper Encoding or Escaping of Output
Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the RSS feed rendering process. An attacker can execute arbitrary JavaScript in the context of RSS readers by injecting malicious tag names or raw HTML markdown content. This is only exploitab...
Improper Encoding or Escaping of Output
Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the RSS feed rendering process. An attacker can execute arbitrary JavaScript in the context of RSS readers by injecting malicious tag names or raw HTML markdown content. This is only exploitab...
Improper Encoding or Escaping of Output
Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the RSS feed rendering process. An attacker can execute arbitrary JavaScript in the context of RSS readers by injecting malicious tag names or raw HTML markdown content. This is only exploitab...
Exposure of Private Personal Information to an Unauthorized Actor
Overview Affected versions of this package are vulnerable to Exposure of Private Personal Information to an Unauthorized Actor via the Email field in the Comment model exposed through unauthenticated public API endpoints. An attacker can obtain the email addresses of all guest commenters by makin...
Exposure of Private Personal Information to an Unauthorized Actor
Overview Affected versions of this package are vulnerable to Exposure of Private Personal Information to an Unauthorized Actor via the Email field in the Comment model exposed through unauthenticated public API endpoints. An attacker can obtain the email addresses of all guest commenters by makin...
Incorrect Authorization
Overview web-auth/webauthn-framework is a FIDO-U2F / FIDO2 / Webauthn Framework. Affected versions of this package are vulnerable to Incorrect Authorization via the ClientOverridePolicy process. An attacker can bypass user verification requirements by supplying a crafted userVerification paramete...
Server-side Request Forgery (SSRF)
Overview nuxt-og-image is an Enlightened OG Image generation for Nuxt. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to inadequate validation of user-supplied URLs in the isBlockedUrl process. An attacker can access internal network resources or sensitiv...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the SWfinfo function of the HDF-EOS Grid File Handler componet. An attacker can cause a denial of service by supplying a specially crafted HDF-EOS swath file with an empty or single-character DimList value...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the SWfinfo function of the HDF-EOS Grid File Handler componet. An attacker can cause a denial of service by supplying a specially crafted HDF-EOS swath file with an empty or single-character DimList value...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the SWnentries function in the file SWapi.c. An attacker can achieve arbitrary code execution or cause a denial of service by providing a specially crafted HDF-EOS file with DimensionName argument that...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the SWnentries function in the file SWapi.c. An attacker can achieve arbitrary code execution or cause a denial of service by providing a specially crafted HDF-EOS file with DimensionName argument that...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the GDnentries function. An attacker can execute arbitrary code or cause a denial of service by providing a specially crafted DataFieldName argument. Remediation Upgrade gdal to version 3.12.4 or higher...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the GDnentries function. An attacker can execute arbitrary code or cause a denial of service by providing a specially crafted DataFieldName argument. Remediation Upgrade gdal to version 3.13.0 or higher...
Cross-site Scripting (XSS)
Overview postorius is an A web user interface for GNU Mailman Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rendering process of the message subject in the Held messages pop-up. An attacker can execute arbitrary scripts in the context of the user's browser b...
Arbitrary File Upload
Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the addImageAction process. An attacker can execute arbitrary code on the server by uploading a file with executable extensions disguised as an image, bypassing MIME type validation. This is only exploitable if...
Active Debug Code
Overview Affected versions of this package are vulnerable to Active Debug Code via the Installer process. An attacker can access sensitive server configuration, environment variables, filesystem paths, and loaded PHP extensions by sending an unauthenticated GET request with the phpinfo parameter...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the referencia field in the product creation process. An attacker can execute arbitrary JavaScript in the browser of another authenticated user by injecting a crafted value into the referencia field, which i...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the fsNick cookie parameter, which is reflected into the HTML without proper sanitization. An attacker can execute arbitrary JavaScript code in the context of the user's browser by tricking a user with a val...
Improper Removal of Sensitive Information Before Storage or Transfer
Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer in the image upload and download process. An attacker can access sensitive metadata, such as GPS coordinates, device information, timestamps, and personally identifiab...
Arbitrary File Upload
Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the Plugins::add process. An attacker can execute arbitrary code, overwrite sensitive files, and gain full control of the server by uploading a specially crafted ZIP archive containing file paths with directory...