35936 matches found
Directory Traversal
Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...
Directory Traversal
Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Directory Traversal
Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Directory Traversal
Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Directory Traversal
Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Directory Traversal
Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Directory Traversal
Overview Magick.NET-Q16-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Directory Traversal
Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Directory Traversal
Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...
Directory Traversal
Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Directory Traversal
Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...
Directory Traversal
Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Directory Traversal
Overview Magick.NET-Q16-HDRI-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via incorrect validation of file paths in the security policy.relevant. An attacker can create or truncate files outside of intended directories by bypassing configured path restrictions. Details A Directory Traversa...
Improper Privilege Management
Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Improper Privilege Management in the updatePermissions process. An attacker can gain unauthorized administrative privileges by assigning high-value...
Improper Privilege Management
Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Improper Privilege Management in the updatePermissions process. An attacker can gain unauthorized administrative privileges by assigning high-value...
Incomplete List of Disallowed Inputs
Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs for the Python Code node when the Python Task Runner is enabled. A user with permission to create or modify workflows can evade the validator and reach the task...
Deserialization of Untrusted Data
Overview com.mchange:c3p0 is a mature, highly concurrent JDBC Connection pooling library, with support for caching and reuse of PreparedStatements. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the deserialization process. An attacker can execute arbitra...
Access of Resource Using Incompatible Type ('Type Confusion')
Overview Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' via the worklist server process. An attacker can cause the server to crash by sending a specially crafted query when the server is configured with a valid Called AE Title,...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the bit-preserving C-GET storage mode process. An attacker can write files outside the intended output directory by sending specially crafted relative ../ or absolute file paths from a malicious or compromised...
Missing Release of Memory after Effective Lifetime
Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime via repeated crafted connection requests to the process. An attacker can cause memory to be leaked by sending multiple specially crafted requests, which may eventually exhaust system...
Missing Release of Memory after Effective Lifetime
Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime via the storescp process. An attacker can cause memory to be leaked by repeatedly sending crafted connection requests, which may result in the service being terminated and unavailable f...
Arbitrary Code Injection
Overview txtai is an All-in-one open-source AI framework for semantic search, LLM orchestration and language model workflows Affected versions of this package are vulnerable to Arbitrary Code Injection via the function parameter in the /reindex API endpoint when it is resolved through the Resolve...
Race Condition
Overview Affected versions of this package are vulnerable to Race Condition through the payWithCredit process. An attacker can bypass credit balance restrictions by sending concurrent payment requests, resulting in multiple invoices being paid using the same credit balance. Remediation Upgrade...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to path and method values taken directly from incoming requests. An attacker can exhaust server memory and trigger an OOM by sending requests with arbitrary URL paths or custom HT...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to path and method values taken directly from incoming requests. An attacker can exhaust server memory and trigger an OOM by sending requests with arbitrary URL paths or custom HT...
Directory Traversal
Overview CefSharp.Common is a the CefSharp Chromium-based browser component 'Core' and common 'Element' components, needed by both WPF and WinForms. Affected versions of this package are vulnerable to Directory Traversal in FolderSchemeHandlerFactory through the URI-to-file-path resolution in...
Prototype Pollution
Overview @adonisjs/bodyparser is a BodyParser middleware for AdonisJS http server to read and parse request body Affected versions of this package are vulnerable to Prototype Pollution via the BodyParserMiddleware process. An attacker can modify the Object.prototype globally by sending specially...
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect in the saferedirect process. An attacker can redirect users to an external domain by crafting a malicious continue parameter or embedding a malicious URL in a session-transfer token, which can be interpreted by browsers as...
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect in the saferedirect process. An attacker can redirect users to an external domain by crafting a malicious continue parameter or embedding a malicious URL in a session-transfer token, which can be interpreted by browsers as...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass via the getEnvVarlist function and the process that merges user-supplied PodSpec fields. An attacker can access sensitive secret values and escalate privileges by creating a specially crafted MessageQueueTrigger th...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass via the getEnvVarlist function and the process that merges user-supplied PodSpec fields. An attacker can access sensitive secret values and escalate privileges by creating a specially crafted MessageQueueTrigger th...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass via the getEnvVarlist function and the process that merges user-supplied PodSpec fields. An attacker can access sensitive secret values and escalate privileges by creating a specially crafted MessageQueueTrigger th...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the integratedTime verification process. An attacker can bypass certificate validity checks by providing a bundle with a manipulated integrated time, potentially allowing the reuse of ...
Incorrect Authorization
Overview @cedar-policy/authorization-for-expressjs is a Middlewares to authorize expressJS applications with Cedar Affected versions of this package are vulnerable to Incorrect Authorization through improper matching of incoming requests using req.originalUrl. An attacker can gain unauthorized...
Incorrect Permission Assignment for Critical Resource
Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to improper application of privilege reduction in the process and insufficient permission restrictions on the FastCGI unix socket. An attacker can gain unauthorized access or...
Incorrect Permission Assignment for Critical Resource
Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to improper application of privilege reduction in the process and insufficient permission restrictions on the FastCGI unix socket. An attacker can gain unauthorized access or...
Incorrect Permission Assignment for Critical Resource
Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to improper application of privilege reduction in the process and insufficient permission restrictions on the FastCGI unix socket. An attacker can gain unauthorized access or...
Improper Preservation of Permissions
Overview Affected versions of this package are vulnerable to Improper Preservation of Permissions due to improper clean-up in the legacy Project Role Template Binding reconciler. An attacker can retain unauthorized Pod Security Admission permissions by leveraging stale ClusterRoleBinding objects...
Improper Preservation of Permissions
Overview Affected versions of this package are vulnerable to Improper Preservation of Permissions due to improper clean-up in the legacy Project Role Template Binding reconciler. An attacker can retain unauthorized Pod Security Admission permissions by leveraging stale ClusterRoleBinding objects...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the FleetWorkspace mutating webhook admission path. An attacker can create unauthorized Kubernetes namespaces and inject arbitrary RBAC policies by submitting crafted admission payloads t...
Relative Path Traversal
Overview Affected versions of this package are vulnerable to Relative Path Traversal via the ImageScan process in the GitRepo path handler. An attacker can access files outside the intended directory and potentially cause a denial of service by submitting crafted paths. Remediation Upgrade...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the POST /api/n9e/datasource/list route, which lacks proper authorization checks. An attacker can obtain sensitive credentials, such as database passwords, HTTP bearer tokens, and mTLS client keys, by sending...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the POST /api/n9e/datasource/list route, which lacks proper authorization checks. An attacker can obtain sensitive credentials, such as database passwords, HTTP bearer tokens, and mTLS client keys, by sending...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the ApplyCreate function in controller/model/enrollmentmanager.go. An attacker can gain full administrative control by creating enrollments for any identity, including the default administrator, and redeeming t...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the ApplyCreate function in controller/model/enrollmentmanager.go. An attacker can gain full administrative control by creating enrollments for any identity, including the default administrator, and redeeming t...
Authentication Bypass Using an Alternate Path or Channel
Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the WebSocket upgrade request handling process. An attacker can gain unauthorized access to downstream services by sending specially crafted WebSocket upgrade requests that...
Missing Authorization
Overview deeptutor is an An agent-native intelligent learning companion with multi-agent collaboration and RAG Affected versions of this package are vulnerable to Missing Authorization via the allowedmcptools function in deeptutor/multiuser/toolaccess.py. An attacker can gain unauthorized access ...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the writeJson process. An attacker can access sensitive information by exploiting the lack of validation on the callback parameter in JSONP responses, allowing cross-origin data retrieval through a crafted...
User Impersonation
Overview Affected versions of this package are vulnerable to User Impersonation via the pipeline.Author process. An attacker can execute unauthorized pipeline steps and exfiltrate CI secrets by setting the commit author name in a GitLab webhook payload to match an entry in the approval list,...