Lucene search
+L
VeracodeMost viewed

38468 matches found

Veracode
Veracode
•added 2019/01/15 9:16 a.m.•60 views

Remote Code Execution (RCE)

RESTEasy is vulnerable to remote code execution. SnakeYAML unmarshalling is exploitable for code execution. As RESTeasy uses SnakeYAML and enables the yaml provider by default, under certain conditions, RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of...

8.1CVSS8.5AI score0.06056EPSS
Exploits0References20Affected Software105
Veracode
Veracode
•added 2018/03/16 4:33 a.m.•60 views

Remote Code Execution (RCE)

Jupyter notebook is vulnerable to remote code execution RCE attacks. A malicious user can pass a HTML/SVG file to the application to inject and execute arbitrary javascript code to the notebook server...

7.8CVSS8AI score0.011EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2017/04/06 8:5 a.m.•60 views

Remote Code Execution (RCE)

flex-messenger-core is vulnerable to remote code execution RCE. The AMF3 deserializers in the library allows the instantiation of arbitrary classes via parameter-less java beans constructors. This allows a malicious user to send a malicious AMF3 object to the system to execute arbitrary code...

9.8CVSS9.7AI score0.21274EPSS
Exploits4References9Affected Software1
Veracode
Veracode
•added 2017/02/10 1:5 a.m.•60 views

Denial Of Service (DoS)

OpenSSL is vulnerable to denial of service DoS attacks. A malicious user can pass a malicious Pre-Shared Key identity hint to the system that can lead to a double free that can lead to the system crashing...

4.3CVSS6.1AI score0.12814EPSS
Exploits1References28Affected Software2
Veracode
Veracode
•added 2017/02/07 12:5 a.m.•60 views

Information Disclosure

OpenSSL is vulnerable to information disclosure. This is possible because the SSL protocol 3.0 uses a nondeterministic CBC padding allowing attackers to perform man-in-the-middle MitM attacks. This is also known as the POODLE issue...

4.3CVSS4.3AI score0.99999EPSS
Exploits7References1057Affected Software1
Veracode
Veracode
•added 2023/10/20 6:57 a.m.•59 views

Out-of-bounds Read

apache2 is vulnerable to Out-of-bounds Read. An attacker could exploit this vulnerability by sending a specially crafted HTTP request to a vulnerable Apache HTTP Server. The request would contain a specially crafted modmacro directive that would cause the server to read data from outside of the...

7.5CVSS6.8AI score0.02978EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2023/02/17 3:0 a.m.•59 views

CRLF Injection

undici is vulnerable to CRLF Injection. The vulnerability exists because the headers.host string does not properly sanitize the HTTP header in the processHeader function in request.js, allowing an attacker to redirect to a malicious URL through a malicious HTTP header...

6.5CVSS6.3AI score0.01129EPSS
Exploits1References4Affected Software2
Veracode
Veracode
•added 2023/02/03 9:3 p.m.•59 views

Denial Of Service (DoS)

Django is vulnerable to Denial Of Service DoS. The vulnerability exists because transreal.py caches the Accept-Language headers, allowing an attacker to cause an application crash via excessive memory usage if the value of the Accept-Language headers are very large...

7.5CVSS7.4AI score0.47102EPSS
Exploits0References15Affected Software4
Veracode
Veracode
•added 2023/01/25 2:5 a.m.•59 views

Authentication Bypass

opensearch is vulnerable to Authentication Bypass. The vulnerability exists because the library does not properly handle white spaces in JWT roles which allow users to potentially claim roles that they are not assigned to by injecting and executing malicious code...

8.8CVSS8.3AI score0.00796EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2022/04/24 12:57 a.m.•59 views

Denial Of Service (DoS)

openjdk is vulnerable to denial of service. The vulnerability exists due to a lack of validation of authentication allowing an attacker to crash the system using APIs in the specified Component...

5.3CVSS4AI score0.03203EPSS
Exploits0References7Affected Software8
Veracode
Veracode
•added 2022/03/03 4:16 a.m.•59 views

Shell Command Injection

imageprocessing is vulnerable to shell command injection. The apply function in chainable.rb does not properly check unsanitized user input operational commands, allowing an attacker to inject and execute malicious shell commands...

9.8CVSS3.7AI score0.02595EPSS
Exploits1References3Affected Software2
Veracode
Veracode
•added 2022/01/20 5:51 a.m.•59 views

Denial Of Service (DoS)

linux is vulnerable to denial of service DoS attacks. A malicious user is able to cause heap overflow in legacy parameter, causing it to crash...

8.4CVSS2.6AI score0.25151EPSS
Exploits11References15Affected Software5
Veracode
Veracode
•added 2022/01/18 3:18 p.m.•59 views

Browser Window Spoof Using Fullscreen Mode

A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed...

5.9CVSS2.4AI score0.0059EPSS
Exploits0References6Affected Software3
Veracode
Veracode
•added 2021/12/02 10:1 a.m.•59 views

Authorization Bypass

elgg/elgg is vulnerablbe to authorization bypass. The vulnerability exists through the user-controlled key, userguid allowing unauthorized access to remote attackers...

5.9CVSS6.5AI score0.00779EPSS
Exploits1References5Affected Software1
Veracode
Veracode
•added 2021/11/17 10:36 p.m.•59 views

Denial Of Service (DoS)

glibc is vulnerable to denial of service. The vulnerability exists due to a use-after-free which allows an attacker to crash the system...

9.8CVSS3.6AI score0.02898EPSS
Exploits1References13Affected Software2
Veracode
Veracode
•added 2021/11/12 8:44 a.m.•59 views

Denial Of Service (DoS)

busybox is vulnerable to denial of service. The vulnerability exists due to the incorrect handling of a special element in ash when processing a crafted shell command, allowing an attacker to cause an application crash...

5.5CVSS3.2AI score0.00378EPSS
Exploits0References9Affected Software1
Veracode
Veracode
•added 2021/05/07 6:6 a.m.•59 views

Remote Code Execution (RCE)

com.vaadin, flow-server is vulnerable to remote code execution. An attacker is able to inject malicious code into the frontend resources during application rebuilds...

7.8CVSS3.6AI score0.00231EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2020/11/05 3:9 a.m.•59 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service. A use-after-free in ext4expandextraisize and ext4xattrsetentry allows an attacker to crash the kernel...

5.5CVSS3.5AI score0.02081EPSS
Exploits1References16Affected Software2
Veracode
Veracode
•added 2020/07/15 8:18 a.m.•59 views

Denial Of Service (DoS)

apache tomcat is vulnerable to denial of service. An infinite loop to occurs when invalid payload lengths are parsed. An attacker is able to cause a denial of service condition in the application via malicious WebSocket frames with invalid payload lengths...

7.5CVSS3.8AI score0.87553EPSS
Exploits1References22Affected Software74
Veracode
Veracode
•added 2020/04/10 12:45 a.m.•59 views

Privilege Escalation

java is vulnerable to privilege escalation. An unspecified vulnerability allows an attacker to affect confidentiality, integrity and availability of the system via unknown vectors...

7.5CVSS7.3AI score0.81593EPSS
Exploits5References38Affected Software2
Veracode
Veracode
•added 2020/04/10 12:19 a.m.•59 views

Arbitrary Code Execution

seamonkey is vulnerable to arbitrary code execution. The vulnerability exists as a webpage containing malicious content could cause SeaMonkey to crash, or potentially execute arbitrary code as the user running SeaMonkey...

9.3CVSS4.8AI score0.02484EPSS
Exploits1References66Affected Software3
Veracode
Veracode
•added 2019/05/20 12:27 a.m.•59 views

Denial Of Service (DoS)

jboss-remoting is vulnerable to denial of service. A vulnerability was found in the way RemoteMessageChannel reads from an empty buffer. An attacker could abuse the flaw to cause a denial of service via high CPU consumption caused by an infinite loop...

7.5CVSS7.1AI score0.15812EPSS
Exploits5References12Affected Software73
Veracode
Veracode
•added 2019/05/02 6:2 a.m.•59 views

Denial Of Service (DoS)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. T...

9.8CVSS9AI score0.36974EPSS
Exploits78References14Affected Software3
Veracode
Veracode
•added 2019/05/02 5:27 a.m.•59 views

Denial Of Service (DoS)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Multiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrar...

9.8CVSS9.2AI score0.46801EPSS
Exploits8References9Affected Software1
Veracode
Veracode
•added 2019/05/02 4:56 a.m.•59 views

Sensitive Information DIsclosure

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way IP packets with an Internet Header Length ihl of zero were processed in the skbflowdissect function in the Linux kernel. A remote attacker could use this flaw to trigger an infinit...

7.1CVSS6.9AI score0.09408EPSS
Exploits6References19Affected Software1
Veracode
Veracode
•added 2019/05/02 4:44 a.m.•59 views

Stack-based Buffer Overflow

The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the Name Server Caching Daemon nscd used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was found that...

5CVSS7.6AI score0.04113EPSS
Exploits2References25Affected Software1
Veracode
Veracode
•added 2018/06/18 5:37 a.m.•59 views

Cross-Site Tracing (XST)

spring-web is vulnerable to cross-site tracing XST attacks. The vulnerability exists as HiddenHttpMethodFilter allows web applications to change existing HTTP request method to any HTTP method, causing applications with existing cross-site scripting XSS vulnerability to be vulnerable to XST...

5.9CVSS6.9AI score0.02781EPSS
Exploits0References12Affected Software1
Veracode
Veracode
•added 2017/09/20 4:22 a.m.•59 views

Remote Code Execution (RCE)

tomcat-catalina is vulnerable to remote code execution RCE attacks. On a Windows system with HTTP PUTs enabled a malicious user can upload a JSP file to the server which would then be executed...

8.1CVSS8.4AI score0.99607EPSS
Exploits18References22Affected Software1
Veracode
Veracode
•added 2017/04/11 1:56 a.m.•59 views

Information Disclosure

BouncyCastle is vulnerable to information disclosure attacks. Attackers can use a malicious application to obtain sensitive user information...

4.3CVSS6.2AI score0.00934EPSS
Exploits0References4Affected Software240
Veracode
Veracode
•added 2026/05/16 5:19 a.m.•58 views

Server-Side Request Forgery (SSRF)

n8n-mcp is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of webhook trigger tools, the n8n API client N8NAPIURL, and per-request URLs supplied through the x-n8n-url header in multi-tenant HTTP mode, which allows an authenticated attacker to send...

9.1CVSS5.8AI score0.00235EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/03/26 4:59 p.m.•58 views

Denial Of Service (DoS)

node-tar is vulnerable to Denial of service DoS. The vulnerability is caused by to lack of validation on the number of folders created during the folder creation process. This allows an attacker to consume excessive CPU and memory resources, potentially causing the system to become unresponsive o...

6.5CVSS7AI score0.00929EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2024/03/25 1:36 p.m.•58 views

Denial Of Service (DoS)

node-tar is vulnerable to Denial of service DoS. The vulnerability is caused due to lack of validation on the number of folders created during the folder creation process.This allows an attackers to consume excessive CPU and memory resources, potentially causing the system to become unresponsive ...

6.5CVSS6.7AI score0.00929EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2023/10/27 8:50 a.m.•58 views

Improper Verification Of Cryptographic Signature

browserify-sign is vulnerable to Improper Verification Of Cryptographic Signature. An upper bound check issue in DSA verification allows an attacker to construct signatures that can be successfully verified by any public key, which leads to a signature forgery attack. The attacker could exploit...

7.5CVSS6.9AI score0.00508EPSS
Exploits0References7Affected Software2
Veracode
Veracode
•added 2023/10/10 1:54 a.m.•58 views

Remote Code Execution (RCE)

mediawiki is vulnerable to Remote Code Execution RCE. The vulnerability allows an attacker to inject arbitrary code into a web page, potentially allowing them to steal user data or take control of the user's computer...

5.4CVSS7.9AI score0.00567EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2023/04/27 11:25 a.m.•58 views

Prototype Pollution

xlsx is vulnerable to Prototype Pollution. The vulnerability exists due to the lack of checks for user inputed specially crafted files, which allows an attacker to inject malicious properties, resulting in prototype pollution...

7.8CVSS7.2AI score0.00988EPSS
Exploits1References5Affected Software1
Veracode
Veracode
•added 2022/11/01 5:29 p.m.•58 views

Buffer Overflow

OpenSSL is vulnerable to buffer overflow. The vulnerability is due to incomplete X.509 certificate name constraint checking after successful chain signature verification. An attacker can add a malicious email address to the certificate to overflow four attacker-controlled bytes on the stack. This...

7.5CVSS8.2AI score0.9077EPSS
Exploits6References51Affected Software7
Veracode
Veracode
•added 2022/03/11 2:35 a.m.•58 views

Remote Code Execution (RCE)

Icinga Web 2 is vulnerable to remote code execution. The vulnerability exists due to the lack of validation of access to the configuration which can create SSH resource files in unintended directories...

8.8CVSS3.3AI score0.1467EPSS
Exploits5References5Affected Software1
Veracode
Veracode
•added 2021/11/15 4:42 a.m.•58 views

Prototype Pollution

json-schema is vulnerable to prototype pollution. An attacker can inject properties into existing construct prototypes via the checkObj function in validate.js and modify attributes such as proto. and constructor...

9.8CVSS4.5AI score0.03563EPSS
Exploits1References5Affected Software5
Veracode
Veracode
•added 2021/09/16 6:11 a.m.•58 views

Regular Expression Denial Of Service (ReDoS)

prism is vulnerable to regular expression denial of service. An attacker is able to send a malicious input string,leading to an intensive usage of CPU and an application crash...

6.5CVSS4.2AI score0.01045EPSS
Exploits1References3Affected Software3
Veracode
Veracode
•added 2021/09/09 4:22 p.m.•58 views

Denial Of Service (DoS)

Kernel is vulnerable to denial of service. The vulnerability exists due to an Out-of-bounds Write Due To A Heap Buffer Overflow In hidinputchangeresolutionmultipliers Of Hid-input.c...

7.8CVSS2.7AI score0.00282EPSS
Exploits0References5Affected Software2
Veracode
Veracode
•added 2021/05/24 12:37 a.m.•58 views

Arbitrary Code Execution

glibc is vulnerable to arbitrary code execution. A heap-based buffer over-read in proceednextnode in posix/regexec.c allows an attacker to execute arbitrary code on the host OS via an attempted case-insensitive regular-expression match...

9.8CVSS5.2AI score0.04731EPSS
Exploits1References16Affected Software1
Veracode
Veracode
•added 2021/05/20 3:28 p.m.•58 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists through a pivotroot race condition in fs/namespace.c by corrupting a mountpoint reference counter...

4.7CVSS2.8AI score0.00423EPSS
Exploits0References20Affected Software2
Veracode
Veracode
•added 2021/02/16 1:50 a.m.•58 views

Command Injection

lodash is vulnerable to Command Injection. The vulnerability exists through the unsanitized values of template...

7.2CVSS7.1AI score0.2241EPSS
Exploits3References10Affected Software9
Veracode
Veracode
•added 2021/01/21 2:21 p.m.•58 views

Regular Expression Denial Of Service (ReDoS)

glob-parent is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists as the enclosure regex used to check for strings ending in enclosure containing path separator has an unescaped exclamation mark...

7.5CVSS2.9AI score0.04579EPSS
Exploits1References5Affected Software6
Veracode
Veracode
•added 2020/05/18 6:5 a.m.•58 views

EL Expression Injection

hibernate-validator is vulnerable to EL Expression Injection. The vulnerability exists as the value of modType in the validation message is improperly evaluated with $...

5.3CVSS2.8AI score0.02294EPSS
Exploits0References11Affected Software272
Veracode
Veracode
•added 2020/01/22 12:30 a.m.•58 views

Denial Of Service (DoS)

OpenJDK is vulnerable to denial of service DoS. It is due to an incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl...

3.7CVSS2.6AI score0.04202EPSS
Exploits0References20Affected Software3
Veracode
Veracode
•added 2019/11/06 12:20 a.m.•58 views

Information Disclosure

kernel is vulnerable to information disclosure. It can leak sensitive information from kernel stack memory via HIDPCONNADD command...

3.3CVSS1.7AI score0.00495EPSS
Exploits0References33Affected Software2
Veracode
Veracode
•added 2019/08/05 12:16 a.m.•58 views

Privilege Escalation

kernel is vulnerable to privilege escalation. The vulnerability exists through insufficient input validation in kernel mode driver in Intel i915 graphics...

7.8CVSS4.2AI score0.00475EPSS
Exploits0References17Affected Software2
Veracode
Veracode
•added 2019/05/02 6:2 a.m.•58 views

Arbitrary Code Execution

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. T...

9.8CVSS9AI score0.36974EPSS
Exploits78References15Affected Software3
Veracode
Veracode
•added 2019/05/02 6:2 a.m.•58 views

Denial Of Service (DoS)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. T...

9.8CVSS9AI score0.36974EPSS
Exploits78References19Affected Software3
Total number of security vulnerabilities5000