36057 matches found
Missing Authorization
Overview kiwitcms is a Test Case Management System Affected versions of this package are vulnerable to Missing Authorization in the /init-db/ process. An attacker can access administrative setup functionality by sending requests to this endpoint after initial use. This is only exploitable if the...
Insufficient Verification of Data Authenticity
Overview simplesamlphp/simplesamlphp is a PHP implementation of a SAML 2.0 service provider and identity provider, also compatible with Shibboleth 1.3 and 2.0. Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the processing of SAML responses wh...
Improper Handling of Windows DATA Alternate Data Stream
Overview Affected versions of this package are vulnerable to Improper Handling of Windows DATA Alternate Data Stream in the FilePage process on Windows systems when handling filenames with NTFS-equivalent suffixes such as ::$DATA, a trailing dot, or a trailing space. An attacker can obtain the ra...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization through the add and remove endpoints for timesheet favorites. An attacker can manipulate another user's favorite bookmark state by referencing the victim's timesheet identifier, allowing unauthorized addition or...
Improper Authentication
Overview fast-mcp-telegram is a Multi-tenant Telegram gateway for AI agents — HTTP+stdio transport, 8 agent-optimized tools, MTProto User API Affected versions of this package are vulnerable to Improper Authentication via the SessionFileTokenVerifier.verifytoken process. An attacker can gain...
Improper Neutralization of Data within XPath Expressions ('XPath Injection')
Overview Affected versions of this package are vulnerable to Improper Neutralization of Data within XPath Expressions 'XPath Injection' through the XPath Transform process. An attacker can cause the application to become unresponsive or crash by sending specially crafted messages that exploit thi...
Improper Neutralization of Data within XPath Expressions ('XPath Injection')
Overview Affected versions of this package are vulnerable to Improper Neutralization of Data within XPath Expressions 'XPath Injection' through the XPath Transform process. An attacker can cause the application to become unresponsive or crash by sending specially crafted messages that exploit thi...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the HTTPArtifact::receive process. An attacker can gain unauthorized access to arbitrary user accounts by crafting a forged unsigned assertion from a malicious or lower-trust identity provider within t...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the HTTPArtifact::receive process. An attacker can gain unauthorized access to arbitrary user accounts by crafting a forged unsigned assertion from a malicious or lower-trust identity provider within t...
Arbitrary Argument Injection
Overview linuxfabrik-lib is a Python libraries used in various Linuxfabrik projects, including the 'Linuxfabrik Monitoring Plugins' project. Affected versions of this package are vulnerable to Arbitrary Argument Injection in the configuration of the sudoers file, which allows arbitrary arguments ...
Regular Expression Denial of Service (ReDoS)
Overview @asymmetric-effort/nogginlessdom is an A zero-dependency testing framework with comprehensive test runner, assertions, DOM simulation, and mocking, built on node:test and node:assert Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the...
Directory Traversal
Overview @asymmetric-effort/nogginlessdom is an A zero-dependency testing framework with comprehensive test runner, assertions, DOM simulation, and mocking, built on node:test and node:assert Affected versions of this package are vulnerable to Directory Traversal via the matchFileSnapshot functio...
Missing Authorization
Overview 9router is a 9Router CLI - Start and manage 9Router server Affected versions of this package are vulnerable to Missing Authorization via the POST /api/tunnel/tailscale-install route handler, which accepts a JSON body containing a sudoPassword field and pipes it, along with the contents o...
Use of GET Request Method With Sensitive Query Strings
Overview @nuxt/ui is an A UI Library for Modern Web Apps, powered by Vue & Tailwind CSS. Affected versions of this package are vulnerable to Use of GET Request Method With Sensitive Query Strings via the UForm and UAuthForm components when the server-side rendered form omits the method attribute...
Regular Expression Denial of Service (ReDoS)
Overview org.webjars.npm:jsonata is a JSON query and transformation language Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the $toMillis function. An attacker can cause resource exhaustion by providing specially crafted inputs that trigger...
Regular Expression Denial of Service (ReDoS)
Overview jsonata is a JSON query and transformation language Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the $toMillis function. An attacker can cause resource exhaustion by providing specially crafted inputs that trigger excessive backtracki...
Missing Authorization
Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Missing Authorization in the actionMoveFolder process. An attacker can remove destination folders and their contents without having delete permissions on the destination by initiating a force...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the newAttributes parameter in the bulk duplicate process. An attacker can overwrite existing elements...
Missing Authorization
Overview @grackle-ai/auth is an Authentication and authorization primitives for Grackle Affected versions of this package are vulnerable to Missing Authorization due to inconsistent enforcement of authorization checks in the tool layer. An attacker can gain unauthorized access to perform cross-ta...
Missing Authorization
Overview @grackle-ai/mcp is a MCP Model Context Protocol server for Grackle — translates MCP tool calls to ConnectRPC Affected versions of this package are vulnerable to Missing Authorization due to inconsistent enforcement of authorization checks in the tool layer. An attacker can gain...
Missing Authorization
Overview @grackle-ai/plugin-core is a Core plugin for Grackle — gRPC handlers, reconciliation phases, and event subscribers Affected versions of this package are vulnerable to Missing Authorization due to inconsistent enforcement of authorization checks in the tool layer. An attacker can gain...
Improper Authorization
Overview froxlor/froxlor is a server administration software. Affected versions of this package are vulnerable to Improper Authorization through the Mysqls.add process. An attacker can create databases and users on unauthorized MySQL servers by supplying a disallowed server index in the API...
Authorization Bypass Through User-Controlled Key
Overview froxlor/froxlor is a server administration software. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the customeremail.php process. An attacker can access other users' allowed sender aliases by supplying arbitrary senderid values in...
Command Injection
Overview electerm is an open-sourced terminal/ssh/telnet/serialport/sftp client Affected versions of this package are vulnerable to Command Injection via the rmrf, mv, and cp functions. An attacker can execute arbitrary commands by supplying specially crafted file names containing shell...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the unauthenticated GET /api/v1/oauth and GET /api/v1/oauth/:id endpoints, which serialize and return sensitive fields such as clientsecret in the response. An attacker can obtain...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the unauthenticated GET /api/v1/oauth and GET /api/v1/oauth/:id endpoints, which serialize and return sensitive fields such as clientsecret in the response. An attacker can obtain...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the unauthenticated GET /api/v1/oauth and GET /api/v1/oauth/:id endpoints, which serialize and return sensitive fields such as clientsecret in the response. An attacker can obtain...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the unauthenticated GET /api/v1/oauth and GET /api/v1/oauth/:id endpoints, which serialize and return sensitive fields such as clientsecret in the response. An attacker can obtain...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the unauthenticated GET /api/v1/oauth and GET /api/v1/oauth/:id endpoints, which serialize and return sensitive fields such as clientsecret in the response. An attacker can obtain...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the unauthenticated GET /api/v1/oauth and GET /api/v1/oauth/:id endpoints, which serialize and return sensitive fields such as clientsecret in the response. An attacker can obtain...
Directory Traversal
Overview electerm is an open-sourced terminal/ssh/telnet/serialport/sftp client Affected versions of this package are vulnerable to Directory Traversal via the prepareReceiveFile and getUniqueFilePath processes. An attacker can write files to arbitrary locations on the user's filesystem by...
Inefficient Algorithmic Complexity
Overview @conform-to/dom is an A set of opinionated helpers built on top of the Constraint Validation API Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the parseSubmission process. An attacker can cause excessive CPU consumption by submitting forms with...
Arbitrary Argument Injection
Overview @grackle-ai/runtime-sdk is a Grackle runtime SDK — interfaces, base classes, shared utilities, and runtime installer Affected versions of this package are vulnerable to Arbitrary Argument Injection via unsanitized input to the branch parameter in the SpawnSession process. An attacker can...
Arbitrary Argument Injection
Overview @grackle-ai/powerline is a gRPC PowerLine server for Grackle AI agent integration Affected versions of this package are vulnerable to Arbitrary Argument Injection via unsanitized input to the branch parameter in the SpawnSession process. An attacker can execute arbitrary commands as the...
Inadequate Encryption Strength
Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength in the verify process. An attacker can gain unauthorized access and forge arbitrary claims by submitting tokens signed with an empty or null key, which are incorrectly accepted as valid signatures. This is...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the inline parameter in the file download process. An attacker can execute arbitrary scripts in the context of the application's web origin by uploading a crafted HTML file and convincing a victim to open a...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the public web-client endpoint for partial ZIP downloads of a browsable share. An attacker can access files outside the intended shared directory by supplying crafted file entries whose canonical paths begin with...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the public web-client endpoint for partial ZIP downloads of a browsable share. An attacker can access files outside the intended shared directory by supplying crafted file entries whose canonical paths begin with...
Cross-site Scripting (XSS)
Overview @asymmetric-effort/specifyjs is an A declarative TypeScript UI framework built for performance and simplicity Affected versions of this package are vulnerable to Cross-site Scripting XSS in the renderToString process. An attacker can inject malicious CSS expressions by bypassing the...
Server-side Request Forgery (SSRF)
Overview @asymmetric-effort/specifyjs is an A declarative TypeScript UI framework built for performance and simplicity Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the secureFetch process. An attacker can access internal or unintended network resources b...
Server-side Request Forgery (SSRF)
Overview @asymmetric-effort/specifyjs is an A declarative TypeScript UI framework built for performance and simplicity Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the secure-fetch process. An attacker can cause memory exhaustion by supplying a very...
Server-side Request Forgery (SSRF)
Overview @asymmetric-effort/specifyjs is an A declarative TypeScript UI framework built for performance and simplicity Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to incomplete validation in the secure-fetch process. An attacker can access internal...
Information Exposure
Overview @asymmetric-effort/specifyjs is an A declarative TypeScript UI framework built for performance and simplicity Affected versions of this package are vulnerable to Information Exposure in the console.warn process. An attacker can gain insight into internal framework state, such as queue...
Improper Neutralization of Special Elements in Data Query Logic
Overview @asymmetric-effort/specifyjs is an A declarative TypeScript UI framework built for performance and simplicity Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the gql function. An attacker can inject unauthorized...
Server-side Request Forgery (SSRF)
Overview @asymmetric-effort/specifyjs is an A declarative TypeScript UI framework built for performance and simplicity Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the assertSecureUrl function. An attacker can bypass HTTPS validation by supplying a...
Missing Authorization
Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Missing Authorization through the actionDeleteFolder process. An attacker can remove assets belonging to other users by exploiting insufficient permission checks during folder deletion...
Authorization Bypass Through User-Controlled Key
Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the actionReplaceFile process. An attacker can delete assets in unauthorized volumes by supplying both assetId and sourceAssetId without...
Access Control Bypass
Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Access Control Bypass via the entries/move-to-section process. An attacker can relocate entries into unauthorized sections by exploiting insufficient permission checks, allowing them to bypas...
Improper Authorization
Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Improper Authorization in the entries/save-entry process. An attacker can reassign content authorship to another user without proper authorization by submitting crafted requests containing...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the displaymap parser function when unescaped user input is passed to the overlays parameter. An attacker can execute arbitrary JavaScript in the context of users viewing the affected page by injecting...