38108 matches found
Denial Of Service (DoS)
Spring Cloud Function is vulnerable to Denial of Service DoS. The vulnerability is due to infinite recursion in the routing layer, where specially crafted routing configurations or requests can trigger unbounded recursive processing, leading to excessive memory consumption and potentially causing...
Denial Of Service (DoS)
Spring Cloud Function is vulnerable to Denial of Service DoS. The vulnerability is due to insufficient restrictions on function registration within the Function Registry, allowing an attacker to register an unbounded number of functions and trigger excessive memory consumption, potentially...
Stored Cross-Site Scripting (XSS)
TinyMCE is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of crafted data-mce- attributes in the media plugin, which allows an attacker to inject malicious scripts into stored content that are executed when the content is rendered...
Cross-site Scripting
TinyMCE is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper SVG namespace scope handling in the sanitizer, where crafted nested SVG elements can bypass attribute sanitization and execute arbitrary JavaScript, resulting in cross-site scripting attacks...
Stored Cross-Site Scripting
TinyMCE is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization of data-mce- attributes such as data-mce-href, data-mce-src, and data-mce-style, allowing attackers to inject malicious values that override validated attributes during content...
Stored Cross-Site Scripting (XSS)
TinyMCE is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of forged mce:protected comments, which allows an attacker to bypass content sanitization and inject malicious scripts that execute when the protected content is restored...
Arbitrary Code Injection
Contour is vulnerable to Arbitrary Code Injection. The vulnerability is due to insufficient sanitization of user-controlled values in cookieRewritePolicies.pathRewrite.value, where values are interpolated into Envoy HTTP Lua filter code using Go text/template, allowing attackers with HTTPProxy...
Improper Access Control
@delmaredigital/payload-puck is vulnerable to Improper Access Control. The vulnerability is due to the use of Payload's local API with overrideAccess: true in /api/puck/ CRUD endpoints, which allows an attacker to bypass collection-level access controls and perform unauthorized actions...
Cross-site Scripting (XSS)
phpMyFAQ is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper escaping of malformed URLs in Utils::parseUrl, which allows an attacker to inject malicious JavaScript through comments and steal admin session cookies when affected pages are viewed...
Cross-site Scripting (XSS)
ci4-cms-erp/ci4ms is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization and escaping of user-supplied page content before rendering, which allows an attacker to inject malicious scripts that execute in the browsers of visitors and administrators viewing the...
Path Traversal
.NET Core is vulnerable to Path Traversal. The vulnerability is due to improper handling of specially crafted files, which allows an attacker to write arbitrary files and directories to unintended locations on a vulnerable system...
Path Traversal
Open WebUI is vulnerable to Path Traversal. The vulnerability is due to improper validation and sanitization of uploaded file names derived from HTTP upload requests, which allows an attacker to upload files with crafted dot-segments and traverse outside the intended uploads directory, potentiall...
Denial Of Service (DoS)
Wire is vulnerable to Denial of Service DoS. The vulnerability is due to improper validation of negative lengths in protobuf group-skipping logic, which allows an attacker to trigger an unchecked runtime exception and crash applications processing crafted protobuf payloads...
Improper Input Validation
com.ibeetl:beetl-spring-classic is vulnerable to Improper Input Validation. The vulnerability is due to improper neutralization of special elements in expression language statements within the SpELFunction component, which allows an attacker to inject and execute malicious expressions remotely...
Authorization Bypass
9router is vulnerable to Authorization Bypass. The vulnerability is due to improper authorization handling in the Administrative API endpoint /api, which allows an attacker to bypass access controls and perform unauthorized actions remotely...
Prototype Pollution
parseFormData is vulnerable to Prototype Pollution. The vulnerability is due to improper filtering of reserved property keys in bracket and dot-notation FormData field parsing, which allows an attacker to modify Object.prototype and pollute the prototype chain of application objects...
Remote Code Execution (RCE)
9router is vulnerable to Remote Code Execution RCE. The vulnerability is due to missing authentication checks on /api/cli-tools/ and /api/mcp/ endpoints, which allows an attacker to chain unauthenticated API calls and execute arbitrary OS commands remotely...
Denial Of Service (DoS)
@libp2p/gossipsub is vulnerable to Denial of Service DoS. The vulnerability is due to missing limits on subscription entries, unbounded topic handling, and failure to clean up empty topic sets, which allows an attacker to exhaust Node.js heap memory and crash the process through crafted...
Remote Code Execution (RCE)
@penpot/mcp is vulnerable to Remote Code Execution RCE. The vulnerability is due to an unauthenticated /execute endpoint exposed on all network interfaces, which allows an attacker to remotely execute arbitrary JavaScript code on the server...
Arbitrary Code Injection
Froxlor is vulnerable to Arbitrary Code Injection. The vulnerability is due to improper escaping of single quotes in PhpHelper::parseArrayToString, which allows an attacker to inject arbitrary PHP code through the privilegeduser parameter that gets executed on subsequent requests...
SQL Injection
XWiki Full Calendar Macro is vulnerable to SQL Injection. The vulnerability is due to a SQL injection vulnerability by accessing database info or starting a DoS attack, where users with the right to view the Calendar.JSONService page including guest users can exploit this issue and access databas...
Authorization Bypass
Kyverno is vulnerable to Authorization Bypass. The vulnerability is due to a critical authorization boundary bypass in namespaced Kyverno Policy apiCall, where the resolved urlPath is executed using the Kyverno admission controller ServiceAccount, with no enforcement that the request is limited t...
LFS Object Overwrite
Gogs is vulnerable to LFS object overwrite. The vulnerability is due to overwritable LFS objects across different repositories, where attackers can manipulate the uploaded file like injecting backdoor, and Gogs does not verify uploaded LFS file content against its claimed SHA-256...
Improper Authentication
Shopware is vulnerable to Improper Authentication. The vulnerability is due to insufficient validation and binding of shop installations to their original domains during app re-registration, which allows an attacker to hijack app communication and obtain API credentials intended for legitimate...
Remote Code Execution (RCE)
statamic/cms is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe execution of user-controlled Antlers template content in Antlers-enabled inputs, which allows an attacker with authenticated control panel access to execute arbitrary code in the application context...
Cross-site Scripting (XSS)
ci4-cms-erp/ci4ms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization and output encoding of user-controlled post data in the Menu Management functionality, which allows an attacker to inject malicious scripts that execute in administrative dashboards and...
Cross-site Scripting (XSS)
PrestaShop is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user-supplied email input in the Contact Us form, which allows an attacker to inject malicious scripts that execute when a back-office employee views the customer service thread...
Improper Access Control
getgrav/grav-plugin-api is vulnerable to Improper Access Control. The vulnerability is due to an insecure direct object reference and flawed permission update logic in UsersController::update, which allows an attacker to escalate privileges to Super Administrator and gain full system access...
Server-Side Template Injection (SSTI)
OpenMRS is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to improper handling of user-controlled input in Velocity templates within ConceptReferenceRange, which allows an attacker to inject template expressions and execute arbitrary code...
Resource Exhaustion
XWiki Platform is vulnerable to Resource Exhaustion. The vulnerability is due to missing query limits in REST API endpoints that enumerate database list properties, which allows an attacker to exhaust server resources by triggering large unbounded queries on large wiki instances...
Stored Cross-Site Scripting
XWiki Blog Application is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper escaping of blog post titles before insertion into the HTML tag, allowing attackers with blog editing permissions to inject malicious JavaScript that executes in the browser of users...
Improper Certificate Validation
rancher is vulnerable to Improper Certificate Validation. The vulnerability is due to the Rancher CLI automatically retrieving and trusting CA certificates from Rancher’s cacerts setting when the -skip-verify flag is used without the --cacert flag, potentially allowing attackers to influence...
XML External Entity (XXE) Injection
ome, pom-bio-formats is vulnerable to XML External Entity XXE Injection. The vulnerability is due to insecure configuration of DocumentBuilderFactory while parsing Leica XML metadata files, which allows an attacker to perform SSRF, access local resources, or trigger denial of service through...
Cross-site Scripting (XSS)
Gogs is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of data: URI schemes in comments and issue descriptions, which allows an attacker to inject and execute arbitrary JavaScript through malicious links...
Improper Cleanup Of Namespace Data
OpenBao is vulnerable to improper cleanup of namespace data.The vulnerability is due to incomplete cleanup when retries occur after an initial namespace deletion failure, which allows an attacker to potentially retain access to outstanding leases or leave residual storage entries that should have...
Path Traversal
Hugo is vulnerable to Path Traversal. The vulnerability is due to unrestricted execution of Node-based asset pipeline tools such as PostCSS, Babel, and TailwindCSS during site builds, allowing code from untrusted sites to read or write files outside the project's working directory when processed ...
Improper Authentication
github.com/QuantumNous/new-api is vulnerable to Improper Authentication. The vulnerability is due to insufficient validation of Stripe webhook events, which allows an attacker to forge webhook requests and fraudulently credit quota to an account without making a payment...
Filter Expression Injection
Spring AI is vulnerable to Filter Expression Injection. The vulnerability is due to insufficient sanitization of document IDs in MilvusVectorStoredoDeleteList, where attacker-controlled IDs are incorporated into Milvus filter expressions, allowing injection of malicious query conditions that can...
Directory Traversal
OpenMRS Core is vulnerable to Directory Traversal. The vulnerability is due to improper validation and normalization of ZIP archive entry paths during module extraction, which allows an attacker to write arbitrary files outside the intended directory and achieve remote code execution...
Race Condition
Spring Cloud Config Server is vulnerable to Race Condition. The vulnerability is due to a Time-of-Check Time-of-Use TOCTOU issue in handling the Git repository base directory spring.cloud.config.server.git.basedir, where attackers may manipulate filesystem state between validation and use,...
SQL Injection
github.com/ory/hydra is vulnerable to SQL Injection. The vulnerability is due to flaws in the pagination token implementation in the listOAuth2Clients, listOAuth2ConsentSessions, and listTrustedOAuth2JwtGrantIssuers Admin APIs, which allows an attacker who knows the pagination or system secret to...
Secret Key Exposure
Pyroscope is vulnerable to Secret Key Exposure. The vulnerability is due to improper exposure of Tencent COS storage backend configuration values through the Pyroscope API, allowing attackers with API access to retrieve the secretkey used for cloud storage authentication...
Path Traversal
org.openmrs.web, openmrs-web is vulnerable to Path Traversal. The vulnerability is due to improper path boundary validation in the /openmrs/moduleResources/moduleid endpoint, where user-controlled input is concatenated into filesystem paths without normalization or restriction checks, which allow...
Information Disclosure
Free5GC is vulnerable to Information Disclosure. The vulnerability is due to improper request handling in the UDR endpoint GET /nudr-dr/v2/application-data/influenceData/subs-to-notify, where error responses for missing or malformed parameters do not terminate execution. As a result, processing...
Server-Side Request Forgery
github.com/quantumnous/new-api, is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to incomplete SSRF protection that fails to block the unspecified address 0.0.0.0, allowing authenticated users to bypass private-IP filtering and force the server to make requests to...
Server-Side Request Forgery
esm.sh is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation in the /https fetch route, where localhost and internal network protections rely on hostname string checks that can be bypassed using DNS alias domains, allowing attackers to induce...
Implicit Bearer Token Injection
github.com/kyverno/kyverno is vulnerable to Implicit Bearer Token Injection. The vulnerability is due to the apiCall service helper automatically injecting the Kyverno controller's Authorization: Bearer service account token into outbound requests when no authorization header is explicitly...
Exposure Of Sensitive Information
io.github.davidalmeidac, sealed-env-core is vulnerable to Exposure of Sensitive Information. The vulnerability is due to embedding the operator’s plaintext TOTP secret in the base64-encoded JWS payload of minted unseal tokens, which allows an attacker to decode observed tokens from logs,...
Improper Authorization
Fleet is vulnerable to Improper Authorization. The vulnerability is due to incomplete application of ServiceAccount impersonation in certain Helm deployer code paths, which allows an attacker with git push access to read secrets from arbitrary namespaces on downstream clusters...
Improper Access Control
github.com/free5gc/udr is vulnerable to Improper Access Control. The vulnerability is due to improper request handling in the Traffic Influence Subscription deletion endpoint, which allows an attacker to bypass validation and delete arbitrary subscriptions despite receiving a misleading 404...