36127 matches found
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication via the unauthenticated router-key and mcp-init-host paths. An attacker can gain unauthorized access or bypass authentication controls by sending crafted requests to these endpoints. Remediation Upgrade...
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization through the web archive download endpoint. An attacker can access resources beyond their authorized token scope by sending crafted requests to this endpoint. Remediation Upgrade...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication via the unauthenticated router-key and mcp-init-host paths. An attacker can gain unauthorized access or bypass authentication controls by sending crafted requests to these endpoints. Remediation Upgrade...
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization through the web archive download endpoint. An attacker can access resources beyond their authorized token scope by sending crafted requests to this endpoint. Remediation Upgrade gitea.dev/routers/web/repo to versi...
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization through the web archive download endpoint. An attacker can access resources beyond their authorized token scope by sending crafted requests to this endpoint. Remediation Upgrade gitea.dev/services/context to versi...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the handling of SMTP DATA and /api/v1/send request bodies. An attacker can cause the application to exhaust system memory and become unresponsive by sending requests with...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication via the unauthenticated router-key and mcp-init-host paths. An attacker can gain unauthorized access or bypass authentication controls by sending crafted requests to these endpoints. Remediation Upgrade...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication via the unauthenticated router-key and mcp-init-host paths. An attacker can gain unauthorized access or bypass authentication controls by sending crafted requests to these endpoints. Remediation Upgrade...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the PKCS7 signature verification process for Azure instance identity. An attacker can obtain agent tokens without authentication by bypassing signature validation. Remediation There is...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the PKCS7 signature verification process for Azure instance identity. An attacker can obtain agent tokens without authentication by bypassing signature validation. Remediation Upgrade...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the PKCS7 signature verification process for Azure instance identity. An attacker can obtain agent tokens without authentication by bypassing signature validation. Remediation Upgrade...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the PKCS7 signature verification process for Azure instance identity. An attacker can obtain agent tokens without authentication by bypassing signature validation. Remediation Upgrade...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the PKCS7 signature verification process for Azure instance identity. An attacker can obtain agent tokens without authentication by bypassing signature validation. Remediation There is...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the PKCS7 signature verification process for Azure instance identity. An attacker can obtain agent tokens without authentication by bypassing signature validation. Remediation There is...
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Overview MessagePack is a MessagePackMsgPack Serializer for C.NET, .NET Core, Unity, Xamarin. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' in the ReadDateTime function when processing a MessagePack timestamp...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Azure Instance Identity Endpoint process. An attacker can access internal resources or sensitive information by sending crafted requests to the affected endpoint without authentication. Remediati...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Azure Instance Identity Endpoint process. An attacker can access internal resources or sensitive information by sending crafted requests to the affected endpoint without authentication. Remediati...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Azure Instance Identity Endpoint process. An attacker can access internal resources or sensitive information by sending crafted requests to the affected endpoint without authentication. Remediati...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Azure Instance Identity Endpoint process. An attacker can access internal resources or sensitive information by sending crafted requests to the affected endpoint without authentication. Remediati...
HTTP Request Smuggling
Overview Affected versions of this package are vulnerable to HTTP Request Smuggling in the handling of MCP messages. An attacker can bypass security controls or inject unauthorized messages by crafting specially formatted MCP messages that are improperly parsed. Remediation Upgrade...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the share process. An attacker can access sensitive share information by sending unauthenticated requests. Remediation Upgrade github.com/gtsteffaniak/filebrowser/backend/common/settings ...
Insufficient Verification of Data Authenticity
Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the realIP function. An attacker can gain unauthorized access to restricted resources, evade rate limiting, or manipulate security logs by supplying a crafted X-Forwarded-For header...
Use of Less Trusted Source
Overview Affected versions of this package are vulnerable to Use of Less Trusted Source via the realIP function. An attacker can bypass IP-based access controls, rate limiting, and audit logging by sending crafted headers such as X-Forwarded-For, X-Real-IP, or True-Client-IP without validation...
Use of Less Trusted Source
Overview Affected versions of this package are vulnerable to Use of Less Trusted Source via the realIP function. An attacker can bypass IP-based access controls, rate limiting, and audit logging by sending crafted headers such as X-Forwarded-For, X-Real-IP, or True-Client-IP without validation...
Use of Less Trusted Source
Overview Affected versions of this package are vulnerable to Use of Less Trusted Source via the realIP function. An attacker can bypass IP-based access controls, rate limiting, and audit logging by sending crafted headers such as X-Forwarded-For, X-Real-IP, or True-Client-IP without validation...
Use of Less Trusted Source
Overview Affected versions of this package are vulnerable to Use of Less Trusted Source via the realIP function. An attacker can bypass IP-based access controls, rate limiting, and audit logging by sending crafted headers such as X-Forwarded-For, X-Real-IP, or True-Client-IP without validation...
Use of Less Trusted Source
Overview Affected versions of this package are vulnerable to Use of Less Trusted Source via the realIP function. An attacker can bypass IP-based access controls, rate limiting, and audit logging by sending crafted headers such as X-Forwarded-For, X-Real-IP, or True-Client-IP without validation...
Origin Validation Error
Overview Affected versions of this package are vulnerable to Origin Validation Error via the RealIP process. An attacker can cause misidentification of the request source IP by manipulating the X-Forwarded-For header, potentially bypassing access controls or falsifying request logs. Remediation...
Origin Validation Error
Overview Affected versions of this package are vulnerable to Origin Validation Error via the RealIP process. An attacker can cause misidentification of the request source IP by manipulating the X-Forwarded-For header, potentially bypassing access controls or falsifying request logs. Remediation...
Origin Validation Error
Overview Affected versions of this package are vulnerable to Origin Validation Error via the RealIP process. An attacker can cause misidentification of the request source IP by manipulating the X-Forwarded-For header, potentially bypassing access controls or falsifying request logs. Remediation...
Origin Validation Error
Overview Affected versions of this package are vulnerable to Origin Validation Error via the RealIP process. An attacker can cause misidentification of the request source IP by manipulating the X-Forwarded-For header, potentially bypassing access controls or falsifying request logs. Remediation...
Origin Validation Error
Overview Affected versions of this package are vulnerable to Origin Validation Error via the RealIP process. An attacker can cause misidentification of the request source IP by manipulating the X-Forwarded-For header, potentially bypassing access controls or falsifying request logs. Remediation...
Brute Force
Overview Affected versions of this package are vulnerable to Brute Force in the login process. An attacker can gain unauthorized access to user accounts by performing unlimited automated authentication attempts without restriction. Remediation Upgrade...
Brute Force
Overview Affected versions of this package are vulnerable to Brute Force in the login process. An attacker can gain unauthorized access to user accounts by performing unlimited automated authentication attempts without restriction. Remediation Upgrade...
Improper Validation of Integrity Check Value
Overview pnpm is a Fast, disk space efficient package manager Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value in the tarball extraction process when the integrity field is missing from the lockfile resolution. An attacker can introduce unauthorized...
Improper Validation of Integrity Check Value
Overview @pnpm/lockfile.utils is an Utils for dealing with pnpm-lock.yaml Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value in the tarball extraction process when the integrity field is missing from the lockfile resolution. An attacker can introduce...
Insertion of Sensitive Information Into Sent Data
Overview neotoma is a MCP server for structured personal data memory with unified source ingestion Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the /listrelationships and /retrievegraphneighborhood endpoints due to missing user ID...
Improper Encoding or Escaping of Output
Overview justhtml is an A pure Python HTML5 parser that just works. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the tomarkdown process. An attacker can inject malicious HTML or script into rendered Markdown by including a blank line within the te...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the RADIUS authentication process. An attacker can gain unauthorized access by sending a spoofed Access-Accept response to the client, which fails to verify the response authenticator,...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the RADIUS authentication process. An attacker can gain unauthorized access by sending a spoofed Access-Accept response to the client, which fails to verify the response authenticator,...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the org.opencontainers.image.title annotation in the artifact manifest when downloading OCI artifacts. An attacker can cause files to be written to arbitrary locations on the host filesystem by supplying a crafte...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the parser process. An attacker can cause excessive memory consumption by submitting a specially crafted Helm chart archive that decompresses to a very large size. Remediation...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the parser process. An attacker can cause excessive memory consumption by submitting a specially crafted Helm chart archive that decompresses to a very large size. Remediation...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the parser process. An attacker can cause excessive memory consumption by submitting a specially crafted Helm chart archive that decompresses to a very large size. Remediation...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the parser process. An attacker can cause excessive memory consumption by submitting a specially crafted Helm chart archive that decompresses to a very large size. Remediation...
External Control of File Name or Path
Overview Affected versions of this package are vulnerable to External Control of File Name or Path in the database import process. An attacker can overwrite arbitrary files on the host by manipulating Xray configuration values stored in the database, potentially leading to code execution and...
External Control of File Name or Path
Overview Affected versions of this package are vulnerable to External Control of File Name or Path in the database import process. An attacker can overwrite arbitrary files on the host by manipulating Xray configuration values stored in the database, potentially leading to code execution and...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the token-read process. An attacker can generate unauthorized OAuth2 bearer tokens with arbitrary user, client, realm, and scope values by injecting attacker-controlled JSON into the...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the token-read process. An attacker can generate unauthorized OAuth2 bearer tokens with arbitrary user, client, realm, and scope values by injecting attacker-controlled JSON into the...
Insufficiently Protected Credentials
Overview pnpm is a Fast, disk space efficient package manager Affected versions of this package are vulnerable to Insufficiently Protected Credentials in repository-controlled configuration, where $ENVVAR placeholders in a project .npmrc or pnpm-workspace.yaml are expanded into registry request...