36346 matches found
Allocation of Resources Without Limits or Throttling
Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the POST /two-factor process. An attacker can gain unauthorized access to user accounts by submitting unlimited TOTP...
Missing Authorization
Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Missing Authorization in the API endpoints responsible for category creation, FAQ creation, FAQ updating, and question creation due to missing permissio...
Missing Authorization
Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Missing Authorization in the API endpoints responsible for category creation, FAQ creation, FAQ updating, and question creation due to missing permissio...
Incorrect Authorization
Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Incorrect Authorization in the bulk editing process. An attacker can disable administrative access and prevent legitimate users from logging in by modifying the activated an...
UNIX Symbolic Link (Symlink) Following
Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following via the provider installation process. An attacker can cause arbitrary files to be written outside the intended working directory by placing a crafted symlink in the .terraform/providers directory an...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the processPIDEvents goroutine. An attacker can cause the agent to become unresponsive by triggering the goroutine to block indefinitely in the openat2 syscall, preventing further...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the processPIDEvents goroutine. An attacker can cause the agent to become unresponsive by triggering the goroutine to block indefinitely in the openat2 syscall, preventing further...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the processPIDEvents goroutine. An attacker can cause the agent to become unresponsive by triggering the goroutine to block indefinitely in the openat2 syscall, preventing further...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the processPIDEvents goroutine. An attacker can cause the agent to become unresponsive by triggering the goroutine to block indefinitely in the openat2 syscall, preventing further...
Incorrect Authorization
Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Incorrect Authorization in the PATCH process to /api/v1/users/theirownid when a user has both users.edit and api permissions. An attacker can escalate their own privileges b...
Missing Authorization
Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Missing Authorization in the selectlist API endpoint due to missing authorization checks. An attacker can enumerate all active user accounts, harvest usernames, collect...
Infinite loop
Overview Affected versions of this package are vulnerable to Infinite loop in the seek function of the tarfile module when processing tar archives in streaming mode. An attacker can cause the process to enter an infinite loop and exhaust system resources by providing a specially crafted archive...
Use of Weak Hash
Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Use of Weak Hash due to the use of SHA-1 for hashing attachment passwords in the AbstractAttachment.php process. An attacker can gain unauthorized acces...
Use of Weak Hash
Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Use of Weak Hash due to the use of SHA-1 for hashing attachment passwords in the AbstractAttachment.php process. An attacker can gain unauthorized acces...
Incorrect Authorization
Overview com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. Affected versions of this package are vulnerable to Incorrect Authorization in the...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the BeanDeserializer.deserializeUsingPropertyBased method, whose property-buffering branch omits the prop.visibleInViewactiveView check that the creator-property branch performs. An attacker can populate...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the POJOPropertiesCollector.renameProperties and BeanDeserializerFactory.addBeanProps methods, which rename rather than drop a property whose getter carri...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the BeanDeserializerBase.createContextual method, which applies the per-property exclusions through handleByNameInclusion and then rebuilds the property m...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object...
Server-side Request Forgery (SSRF)
Overview com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the JDKFromStringDeserializer class,...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the JDKFromStringDeserializer class, which constructs InetSocketAddress and resolves the hostname through DNS at deserialization time. An attacker can force the server to issue outbound DNS lookups fo...
Incomplete List of Disallowed Inputs
Overview Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the BasicPolymorphicTypeValidator.Builder.allowIfSubTypeIsArray method, which allowlists an array based only on clazz.isArray and does not validate the array's component type. An attacker who...
Incomplete List of Disallowed Inputs
Overview com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the...
Deserialization of Untrusted Data
Overview com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the DatabindContext.resolveAndValidateGeneric method, which validates only the raw container class of a type identifier against the configured PolymorphicTypeValidator and not its nested generic type...
Allocation of Resources Without Limits or Throttling
Overview com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the...
Cross-site Scripting (XSS)
Overview @earendil-works/pi-coding-agent is a Coding agent CLI with read, bash, edit, write tools and session management Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper sanitization of Markdown link and image URLs during HTML session export. An attacker c...
Cross-site Scripting (XSS)
Overview @mariozechner/pi-coding-agent is a Coding agent CLI with read, bash, edit, write tools and session management Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper sanitization of Markdown link and image URLs during HTML session export. An attacker can...
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview @earendil-works/pi-coding-agent is a Coding agent CLI with read, bash, edit, write tools and session management Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition through a race condition in the auth.json file write process. An attacker ca...
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview @mariozechner/pi-coding-agent is a Coding agent CLI with read, bash, edit, write tools and session management Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition through a race condition in the auth.json file write process. An attacker can...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the UnwrappedPropertyHandler.processUnwrappedCreatorProperties method, which replays buffered JSON into creator parameters without consulting prop.visibleInViewactiveView. An attacker can set view-restricted...
Incorrect Authorization
Overview com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. Affected versions of this package are vulnerable to Incorrect Authorization in the...
Authorization Bypass
Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Authorization Bypass in three Enterprise Edition Dynamic Credentials endpoints, which accept any authenticated session without performing per-resource ownership or scope checks. A user with any...
Cross-site Scripting (XSS)
Overview @n8n/n8n-nodes-langchain is a Affected versions of this package are vulnerable to Cross-site Scripting XSS via the webhookId parameter in the Chat Trigger node. An attacker can execute arbitrary JavaScript in the context of another user's session by injecting malicious code, which is the...
Improper Export of Android Application Components
Overview Affected versions of this package are vulnerable to Improper Export of Android Application Components via the LocationSensorManager BroadcastReceiver process. An attacker can manipulate zone-based automations by sending a forged location result, causing unauthorized actions such as...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the get method of the Konnected integration's HTTP endpoint, which does not enforce authentication. An attacker can access sensitive information about the alarm-panel switch state and zone...
Cross-site Scripting (XSS)
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Scripting XSS via the useragent field in the participant logging process. An attacker can execute arbitrary JavaScript in the browser of a privileged us...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal through the MoviePlaybackHandler and related handlers, which allow arbitrary file reads due to improper path validation. An attacker can gain full administrative access and execute arbitrary commands by exploiting a...
Arbitrary File Upload
Overview Affected versions of this package are vulnerable to Arbitrary File Upload through a multi-stage chain involving the download, getmediacontent, getcurrentuser, restore, and post processes. An attacker can gain unauthorized access, escalate privileges, read arbitrary files, and execute...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the post function in the ActionHandler process. An attacker can execute camera actions such as triggering snapshots, starting or stopping video recording, or running configured action scripts without...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the getmediapath function. An attacker can access arbitrary files on the filesystem by supplying an absolute path as the filename parameter, which causes the application to bypass directory restrictions and serve...
Directory Traversal
Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Directory Traversal via the Clone or Push operations in the Git node when a local filesystem path is supplied as the source or target repository, bypassing the intended file sandbox. An attacker can...
Unprotected Transport of Credentials
Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Unprotected Transport of Credentials in the SecurityScorecard node, whose report download operation attaches the SecurityScorecard API token to a request sent to a user-specified URL. A user with...
Incorrect Authorization
Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Incorrect Authorization in the shared workflows. An attacker can gain unauthorized access to credentials belonging to other users by exploiting insufficient ownership checks via specific public API...
Improper Validation of Specified Quantity in Input
Overview Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input due to improper handling in the idnatounicodeinternal process. An attacker can cause information disclosure or application crashes by triggering out-of-bounds reads of uninitialized...
Interpretation Conflict
Overview OctoPrint is a snappy web interface for your 3D printer Affected versions of this package are vulnerable to Interpretation Conflict via the upload endpoints when reserved internal form fields are injected as query parameters or through parser differentials between Tornado and Flask. An...
Directory Traversal
Overview Glances is an A cross-platform curses-based monitoring tool Affected versions of this package are vulnerable to Directory Traversal through the securepopen process. An attacker can write arbitrary files, execute arbitrary commands, or exfiltrate data by modifying configuration values to...
HTTP Request Smuggling
Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the copyheaders process. An attacker can inject or override identity and group headers by sending specially crafted HTTP headers with underscores that bypass the header deletion step during normalization,...
HTTP Request Smuggling
Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the copyheaders process. An attacker can inject or override identity and group headers by sending specially crafted HTTP headers with underscores that bypass the header deletion step during normalization,...