33544 matches found
Cross-site Request Forgery (CSRF)
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the handling of JSON endpoints that process state-changing requests without verifying the origin or requiring an anti-CSRF token...
Cross-site Request Forgery (CSRF)
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the handling of certain admin JSON endpoints, specifically categoryAddNew.json.php, categoryDelete.json.php, and...
Cross-site Request Forgery (CSRF)
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the configurationUpdate.json.php process. An attacker can gain full control over site configuration, inject arbitrary HTML into...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the /SyncPlay/New endpoint. An attacker can exhaust system memory and disrupt service availability by submitting excessively large SyncPlay group names in POST requests to the...
Insufficient Session Expiration
Overview github.com/oauth2-proxy/oauth2-proxy/v7 is a reverse proxy that provides authentication with Google, Github or other providers. Affected versions of this package are vulnerable to Insufficient Session Expiration through the SignInPage handler in oauthproxy.go. An attacker can keep a...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the POST /LiveTv/TunerHosts endpoint when the tuner URL is not properly validated. An attacker can read arbitrary local files and perform unauthorized requests to internal or external systems by...
Server-side Request Forgery (SSRF)
Overview Jellyfin.Common is an a Free Software Media System that puts you in control of managing and streaming your media. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the POST /LiveTv/TunerHosts endpoint when the tuner URL is not properly validated. An...
Arbitrary Argument Injection
Overview Affected versions of this package are vulnerable to Arbitrary Argument Injection via the ParseStreamOptions method. An attacker can access arbitrary files on the server and exfiltrate their contents by injecting malicious arguments into the StreamOptions query parameter, which are then...
External Control of File Name or Path
Overview Affected versions of this package are vulnerable to External Control of File Name or Path in the POST /Videos/itemId/Subtitles endpoint due to insufficient validation of the Format field, which allows path traversal via the file extension and enables arbitrary file write. An attacker can...
Arbitrary Code Injection
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Arbitrary Code Injection via the msg and callback fields in relayed WebSocket messages, which are processed by client-side eval sinks. An attacker can execute...
Directory Traversal
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Directory Traversal via the locale/save.php process. An attacker can write arbitrary PHP files to any web-accessible directory and execute code by supplying crafte...
Active Debug Code
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Active Debug Code via the git.json.php script, which executes a shell command and returns sensitive information as JSON to any unauthenticated user. An attacker ca...
Authorization Bypass Through User-Controlled Key
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the list.json.php process. An attacker can access sensitive third-party stream keys and OAuth tokens belonging...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the smartLeftAngle function in smartypants.go file. An attacker can cause a panic or read unintended memory by providing input containing a character in the remaining text. PoC package main import "bytes" "fmt"...
SQL Injection
Overview @vendure/core is an A modern, headless ecommerce framework Affected versions of this package are vulnerable to SQL Injection via the ProductService.findOneBySlug function in Admin and Vendure Shop API. An attacker can execute arbitrary SQL commands on the database by supplying a crafted...
Insertion of Sensitive Information into Log File
Overview github.com/authzed/spicedb/pkg/cmd/server is a Google Zanzibar-inspired fine-grained permissions database Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the configuration log output during startup when the log level is set to info...
HTTP Response Splitting
Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the HTTPHOST value being directly embedded into the Message-ID header during email generation. An attacker can inject arbitrary SMTP headers into outgoing emails by supplying a crafted Host header during...
Reliance on Cookies without Validation and Integrity Checking
Overview Affected versions of this package are vulnerable to Reliance on Cookies without Validation and Integrity Checking via the serendipitysetCookie function. An attacker can cause authentication cookies, including session and auto-login tokens, to be scoped to an attacker-controlled domain by...
Arbitrary Argument Injection
Overview mcp-server-kubernetes is a MCP server for interacting with Kubernetes clusters via kubectl Affected versions of this package are vulnerable to Arbitrary Argument Injection through the startPortForward function in src/tools/portforward.ts. An attacker can inject additional kubectl flags b...
User Impersonation
Overview Affected versions of this package are vulnerable to User Impersonation via the isHealthCheckRequest function in pkg/middleware/healthcheck.go. An attacker can reach protected endpoints by sending a request with a configured health-check User-Agent, causing the middleware to treat the...
User Impersonation
Overview Affected versions of this package are vulnerable to User Impersonation via the isHealthCheckRequest function in pkg/middleware/healthcheck.go. An attacker can reach protected endpoints by sending a request with a configured health-check User-Agent, causing the middleware to treat the...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the Resize-VHD PowerShell command construction process. An attacker can execute arbitrary PowerShell commands with the privileges of the affected process by supplying a crafted VM image path containing malicious...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the Resize-VHD PowerShell command construction process. An attacker can execute arbitrary PowerShell commands with the privileges of the affected process by supplying a crafted VM image path containing malicious...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the Resize-VHD PowerShell command construction process. An attacker can execute arbitrary PowerShell commands with the privileges of the affected process by supplying a crafted VM image path containing malicious...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the SVG sanitization process. An attacker can execute arbitrary scripts in the context of a privileged user by uploading a crafted SVG file that bypasses attribute filtering. This is only exploitable if the...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the INI settings parser when environment variable interpolation is processed via the parseinistring function. An attacker with Editor permissions can retrieve sensitive environment variables by injecting...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization in the amendment acceptance flow. An attacker can gain unauthorized coauthorship and modify proposal outcomes by submitting amendment accept or reject actions without proper authorization checks. Workaround This...
Access of Resource Using Incompatible Type ('Type Confusion')
Overview keystone is a package that provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' via the...
Unintended Proxy or Intermediary ('Confused Deputy')
Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' via the apiCall servicecall helper. An attacker can obtain sensitive service account tokens by crafting a policy that triggers an outbound request without an explicit Authorization...
Unintended Proxy or Intermediary ('Confused Deputy')
Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' via the apiCall servicecall helper. An attacker can obtain sensitive service account tokens by crafting a policy that triggers an outbound request without an explicit Authorization...
Unintended Proxy or Intermediary ('Confused Deputy')
Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' via the apiCall servicecall helper. An attacker can obtain sensitive service account tokens by crafting a policy that triggers an outbound request without an explicit Authorization...
Unintended Proxy or Intermediary ('Confused Deputy')
Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' via the apiCall servicecall helper. An attacker can obtain sensitive service account tokens by crafting a policy that triggers an outbound request without an explicit Authorization...
Unintended Proxy or Intermediary ('Confused Deputy')
Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' via the apiCall servicecall helper. An attacker can obtain sensitive service account tokens by crafting a policy that triggers an outbound request without an explicit Authorization...
Unintended Proxy or Intermediary ('Confused Deputy')
Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' via the apiCall servicecall helper. An attacker can obtain sensitive service account tokens by crafting a policy that triggers an outbound request without an explicit Authorization...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the APICall feature. An attacker can access sensitive internal resources and exfiltrate confidential data by supplying arbitrary URLs to the APICall feature, which are executed with elevated privilege...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the APICall feature. An attacker can access sensitive internal resources and exfiltrate confidential data by supplying arbitrary URLs to the APICall feature, which are executed with elevated privilege...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the APICall feature. An attacker can access sensitive internal resources and exfiltrate confidential data by supplying arbitrary URLs to the APICall feature, which are executed with elevated privilege...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the ClusterPolicy when apiCall.service.url is used with variable substitution e.g. request.object.. An attacker can retrieve sensitive information from internal services or cloud metadata endpoints b...
Modification of Assumed-Immutable Data (MAID)
Overview justhtml is an A pure Python HTML5 parser that just works. Affected versions of this package are vulnerable to Modification of Assumed-Immutable Data MAID through the sanitize, sanitizedom, and JustHTML..., sanitize=True paths in src/justhtml/sanitize.py. An attacker can bypass intended...
Command Injection
Overview composer/composer is a Dependency Manager for PHP. Composer helps you declare, manage and install dependencies of PHP projects. It ensures you have the right stack everywhere. Affected versions of this package are vulnerable to Command Injection via the generateP4Command function. An...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the mail preview feature of the Event Log, where HTML content is rendered in an iframe without proper sandboxing. An attacker can execute arbitrary JavaScript in the context of a privileged user's browser by...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the processing of the Markup Classes fields within the backend editor settings. An attacker can execute arbitrary JavaScript code in the context of users who open a RichEditor by injecting malicious values th...
Protection Mechanism Failure
Overview Affected versions of this package are vulnerable to Protection Mechanism Failure in the collect process. An attacker can gain unauthorized access to restricted template functionality by leveraging insufficient sandbox restrictions when authenticated with backend access and template editi...
Command Injection
Overview composer/composer is a Dependency Manager for PHP. Composer helps you declare, manage and install dependencies of PHP projects. It ensures you have the right stack everywhere. Affected versions of this package are vulnerable to Command Injection via the Perforce::syncCodeBase and...
Open Redirect
Overview @adonisjs/http-server is an AdonisJS HTTP server with support packed with Routing and Cookies Affected versions of this package are vulnerable to Open Redirect via the response.redirect.back function. An attacker can redirect users to malicious external sites by manipulating the Referer...
Improper Check for Unusual or Exceptional Conditions
Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the HandlePolicyDataSubsToNotifySubsIdPut process. An attacker can cause unintended modification of existing Policy Data notification subscriptions by sending malformed, empty, or...
Improper Check for Unusual or Exceptional Conditions
Overview github.com/free5gc/udr/internal/sbi is a None Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions. in the HandlePolicyDataSubsToNotifySubsIdPut process. An attacker can cause unintended modification of existing Policy Data notification...
Improper Authorization
Overview github.com/free5gc/udr/internal/sbi is a None Affected versions of this package are vulnerable to Improper Authorization. through improper validation of the influenceId path parameter in the DELETE endpoint. An attacker can remove arbitrary Traffic Influence Subscriptions by sending a...
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization through improper validation of the influenceId path parameter in the DELETE endpoint. An attacker can remove arbitrary Traffic Influence Subscriptions by sending a crafted request with an invalid influenceId value...
Information Exposure
Overview github.com/free5gc/udr/internal/sbi is a None Affected versions of this package are vulnerable to Information Exposure. in the HandleApplicationDataInfluenceDataSubsToNotifyGet process. An attacker can access sensitive subscriber identifiers by sending unauthenticated HTTP GET requests t...