Lucene search
K
VeracodeMost viewed

38332 matches found

Veracode
Veracode
•added 2022/03/17 8:4 a.m.•147 views

Remote Code Execution (RCE)

ckeditor4 is vulnerable to remote code execution. The vulnerability exists due to lack of sanitization malformed HTML allowing an attacker to inject maliciously crafted script...

5.4CVSS2.3AI score0.01162EPSS
Exploits0References9Affected Software2
Veracode
Veracode
•added 2021/11/17 10:36 p.m.•147 views

Packet Injection

kernel is vulnerable to packet injection. The vulnerability exists due to a flaw was found in the Linux kernels implementation of wifi fragmentation handling which allows an attacker with the ability to transmit within the wireless transmission range of an access point can abuse a flaw where...

3.5CVSS2.1AI score0.05765EPSS
Exploits2References14Affected Software2
Veracode
Veracode
•added 2020/09/21 6:22 a.m.•147 views

Denial Of Service (DoS)

python is vulnerable to denial of service DoS. The vulnerability exists as Lib/zipfile.py allows ZIP bomb attacks which allows an attacker to cause an application crash...

7.5CVSS6.3AI score0.0549EPSS
Exploits0References9Affected Software4
Veracode
Veracode
•added 2023/04/24 7:31 a.m.•146 views

Arbitrary Code Injection

shopware/platform and shopware/core are vulnerable to Arbitrary Code Injection. The vulnerability exists in multiple functions of SecurityExtension.php because the inputs are properly checked which allows an attacker to inject and execute arbitrary code into the system...

8.8CVSS8.9AI score0.02083EPSS
Exploits1References5Affected Software2
Veracode
Veracode
•added 2018/06/04 9:28 a.m.•146 views

Cross-Site Scripting (XSS)

bootstrap is vulnerable to cross-site scripting XSS attacks. The library does not properly sanitize the target option in scrollspy.js, allowing a malicious user to inject and execute arbitrary Javascript...

6.1CVSS6.2AI score0.04293EPSS
Exploits1References26Affected Software2
Veracode
Veracode
•added 2023/04/06 8:40 a.m.•145 views

Regular Expression Denial Of Service (ReDoS)

angular is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability exists due to inefficient regular expression complexity in the input type element which allows an attacker to crash the application by submitting maliciously crafted input...

5.3CVSS7.2AI score0.01695EPSS
Exploits1References4Affected Software2
Veracode
Veracode
•added 2022/11/19 12:48 a.m.•144 views

Denial Of Service (DoS)

rh-mysql80-mysql is vulnerable to denial of service. The vulnerability exists in the Server: Optimizer component, allowing attacker to cause an application crash through the multiple protocols...

4.9CVSS5.9AI score0.00962EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2021/07/21 10:13 p.m.•144 views

Denial Of Service (DoS)

systemd is vulnerable to denial of service. An attacker is able to crash the application using an excessive size value involving strdupa and alloca for a pathname...

5.5CVSS3.5AI score0.0865EPSS
Exploits2References21Affected Software6
Veracode
Veracode
•added 2024/05/31 5:28 a.m.•143 views

Regular Expression Denial Of Service (ReDoS)

micromatch is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due a regex expression with inefficient complexity within the micromatch.braces method. An attacker can submit a large payload without a closing bracket, which results in Regular Expression Denial of...

5.3CVSS6.7AI score0.01429EPSS
Exploits1References9Affected Software2
Veracode
Veracode
•added 2022/12/23 6:35 a.m.•143 views

Signature Validation Bypass

jsonwebtoken is vulnerable to signature validation bypass. The lack of algorithm definition in the jwt.verify function leads to signature validation bypass due to defaulting to the none algorithm for signature verification, which allows an attacker to bypass the verification mechanism...

7.6CVSS7.7AI score0.00532EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2021/11/17 10:37 p.m.•143 views

Packet Injection

kernel is vulnerable to packet injection. The vulnerability exists due to the WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network...

6.5CVSS3.1AI score0.02923EPSS
Exploits0References10Affected Software2
Veracode
Veracode
•added 2023/10/10 5:8 a.m.•142 views

Remote Code Execution

fsevents is vulnerable to Remote Code Execution. The vulnerability is caused by loading a fsevents binary from an arbitrary AWS S3 bucket during installation. This S3 bucket URL was vulnerable to take over by malicious actors, but a security researcher claimed the bucket URL to protect against...

9.8CVSS7.3AI score0.01535EPSS
Exploits1References10Affected Software1
Veracode
Veracode
•added 2023/04/19 11:10 a.m.•142 views

HTTP Request Smuggling

guzzlehttp/psr7 is vulnerable to HTTP Request Smuggling. The vulnerability exists in assertHeader function of MessageTrait.php due to improper header parsing which allows an attacker to sneak in a newline \n into both the header name and value, resulting in HTTP cache poisoning and phishing attac...

7.5CVSS6.6AI score0.01216EPSS
Exploits0References11Affected Software3
Veracode
Veracode
•added 2022/07/20 8:21 a.m.•142 views

Remote Code Execution

xalan:xalan is vulnerable to remote code execution. An attacker is able to corrupt Java class files generated by the internal XSLTC compiler and execute harmful Java bytecodes on the host machine due to an integer truncation flaw which occurs during XSLT style sheet processing...

7.5CVSS8.5AI score0.17673EPSS
Exploits2References31Affected Software9
Veracode
Veracode
•added 2019/01/10 1:44 a.m.•142 views

Cross-site Scripting (XSS)

bootstrap is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization of the target property in affix.js, allowing XSS attacks...

6.1CVSS5.3AI score0.03984EPSS
Exploits1References17Affected Software5
Veracode
Veracode
•added 2022/11/19 12:48 a.m.•141 views

Denial Of Service (DoS)

rh-mysql80-mysql is vulnerable to denial of service. The vulnerability exists in the Server: Optimizer component, allowing attacker to cause an application crash through the multiple protocols...

4.9CVSS5.9AI score0.00962EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2022/11/19 12:48 a.m.•141 views

Denial Of Service (DoS)

rh-mysql80-mysql is vulnerable to denial of service. The vulnerability exists in the Server: Optimizer component, allowing attacker to cause an application crash through the multiple protocols...

4.9CVSS5.9AI score0.01024EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2022/01/29 5:13 p.m.•141 views

Remote Code Execution (RCE)

openjdk17 is vulnerable to remote code execution. It allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to...

5.3CVSS4.8AI score0.02896EPSS
Exploits0References10Affected Software6
Veracode
Veracode
•added 2021/10/07 10:16 a.m.•141 views

Denial Of Service (DoS)

firefox:devel is vulnerable to denial of service. A document could have caused a use-after-free of a language service object during a process shutdown, leading to an application crash...

7.5CVSS2.9AI score0.0142EPSS
Exploits0References5Affected Software7
Veracode
Veracode
•added 2024/09/04 10:37 a.m.•140 views

Cross Site Scripting (XSS)

bootstrap is vulnerable to Cross Site Scripting XSS. The vulnerability is cause due to a missing validation and sanitization in the href attribute of the tag in the carousel component in the data-slide and data-slide-to attributes. This can enable attackers to execute arbitrary JavaScript within...

6.7AI score
Exploits0References4Affected Software5
Veracode
Veracode
•added 2022/05/11 10:43 a.m.•140 views

Buffer Overflow

rsyslog is vulnerable to buffer overflow. The vulnerability exists because when there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum which leads to a memory corruption...

8.1CVSS4.1AI score0.03821EPSS
Exploits0References8Affected Software6
Veracode
Veracode
•added 2024/04/16 10:41 a.m.•138 views

HTTP Request Smuggling (HRS)

gunicorn is vulnerable to HTTP Request Smuggling HRS. The vulnerability is due to improper processing of Transfer-Encoding headers by treating them as chunked regardless of the specified encoding , which allows attackers to bypass security restrictions and access restricted endpoints by crafting...

7.5CVSS6.9AI score0.02996EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2023/12/19 9:12 a.m.•138 views

Prefix Truncation Attack (Terrapin Attack)

libssh is vulnerable to Terrapin attack. The vulnerability is due to mishandling of the handshake phase and sequence numbers in the SSH Binary Packet Protocol BPP with certain OpenSSH extensions. This allows an attacker to bypass integrity checks and omit packets during extension negotiation, and...

5.9CVSS7.1AI score0.93305EPSS
Exploits4References125Affected Software5
Veracode
Veracode
•added 2022/11/23 12:45 a.m.•138 views

Denial Of Service (DoS)

rh-mysql80-mysql is vulnerable to denial of service. The vulnerability exists in the C API component, allowing an attacker to cause an application crash though the multiple protocols...

4.4CVSS5.8AI score0.01048EPSS
Exploits0References7Affected Software3
Veracode
Veracode
•added 2022/04/22 10:35 p.m.•137 views

Signature Verification Bypass

Oracle Java SE and Oracle GraalVM Enterprise Edition product of Oracle Java SE their component: Libraries are vulnerable to signature verification bypass. The vulnerability is possible due to a flawed implementation of ECDSA verification code rewritten from native C++ code, allowing an attacker t...

7.5CVSS3.1AI score0.46677EPSS
Exploits6References28Affected Software4
Veracode
Veracode
•added 2020/11/09 11:41 a.m.•137 views

Server-Side Request Forgery (SSRF)

axios is vulnerable to server-side request forgery SSRF. The vulnerability exists due to a lack of validation of the URL that is passed via the request from client, allowing the attacker to bypass a proxy and submit requests on behalf of the server by providing a URL that responds with a redirect...

5.9CVSS2.3AI score0.0232EPSS
Exploits1References11Affected Software2
Veracode
Veracode
•added 2023/03/12 5:48 p.m.•135 views

Remote Code Execution (RCE)

firefox and thunderbird are vulnerable to Remote Code Execution RCE. An out of date graphics library likely contained vulnerabilities that could potentially be exploited to upload and execute malicious code on the system...

9.8CVSS9.7AI score0.00901EPSS
Exploits1References4Affected Software2
Veracode
Veracode
•added 2022/03/31 1:51 a.m.•135 views

Remote Code Execution

spring-cloud-function-context is vulnerable to remote code execution. The routing functionality allows a user to provide a malicious SpEL as a routing-expression which would allow arbitrary OS commands to be executed remotely...

9.8CVSS4.7AI score0.99939EPSS
Exploits36References7Affected Software2
Veracode
Veracode
•added 2021/10/06 7:50 a.m.•135 views

Path Traversal

apache2 has path traversal. The vulnerability exists due to a flaw found in a change made to path normalization...

7.5CVSS3.3AI score0.99992EPSS
Exploits148References41Affected Software1
Veracode
Veracode
•added 2019/04/22 3:41 a.m.•135 views

Prototype Pollution

jquery is vulnerable to prototype pollution attacks. The vulnerability exists as it is possible to overwrite Object.prototype with arbitrary object properties...

6.1CVSS7.3AI score0.87218EPSS
Exploits4References97Affected Software44
Veracode
Veracode
•added 2022/11/21 3:50 a.m.•134 views

Information Disclosure

puppet is vulnerable to information disclosure. The vulnerability exists due to HTTP credential leaking when following HTTP redirects to a different host...

9.8CVSS8.5AI score0.01328EPSS
Exploits0References9Affected Software1
Veracode
Veracode
•added 2019/03/21 8:10 a.m.•133 views

Arbitrary Code Execution

Apache Commons Collections ACC library is vulnerable to arbitrary code execution. The vulnerability is possible because it directly uses ACC, or contains ACC, in the classpath, allowing a malicious user to inject and execute arbitrary code upon deserialization...

7.5CVSS5.3AI score0.18763EPSS
Exploits1References11Affected Software1
Veracode
Veracode
•added 2023/10/30 11:49 a.m.•132 views

Denial Of Service (DoS)

elasticsearch is vulnerable to Denial of service attack. The vulnerability is due to the search API which allows specially crafted query strings to cause a stack overflow...

7.5CVSS6.9AI score0.60679EPSS
Exploits4References4Affected Software1
Veracode
Veracode
•added 2021/12/08 6:9 a.m.•131 views

Path Traversal

github.com/grafana/grafana is vulnerable to path traversal. The vulnerability exists in the getPluginAssets function in plugins.go, allowing an attacker to access local files through the URL paths such as /public/plugins/...

7.5CVSS4.5AI score0.88849EPSS
Exploits44References9Affected Software2
Veracode
Veracode
•added 2021/10/06 11:24 a.m.•131 views

Privilege Escalation

openssh is vulnerable to privilege escalation. The vulnerability exists due to insecure initialization...

7CVSS3.8AI score0.02367EPSS
Exploits2References22Affected Software1
Veracode
Veracode
•added 2021/03/17 8:12 a.m.•131 views

Privilege Escalation

github.com/portainer/portainer is vulnerable to privilege escalation. The vulnerability exists due to an insecure permissions in the isValidStackFile function allowing non-admin user to spawn new containers critical capabilities such as SYSMODULE, which can be used to take over the Docker host...

8.8CVSS4.1AI score0.01601EPSS
Exploits0References1Affected Software1
Veracode
Veracode
•added 2021/12/15 12:30 a.m.•130 views

Denial Of Service (DoS)

log4j-core is vulnerable to denial of service DoS. The vulnerability exists because previous mitigation for CVE-2021-44228 is incomplete in certain non-default configurations. An attacker can send a malicious Thread Context Map MDC input data in JNDI Lookup pattern using a non-default Pattern...

10CVSS2.8AI score0.99999EPSS
Exploits350References28Affected Software20
Veracode
Veracode
•added 2021/09/02 9:18 a.m.•130 views

Regular Expression Denial Of Service (ReDoS)

axios is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists in trim in utils.js due to inefficient regular expression complexity which allows an attacker to crash the application by submitting a malicious string as a header...

7.5CVSS7.2AI score0.08515EPSS
Exploits2References25Affected Software3
Veracode
Veracode
•added 2023/03/11 12:19 a.m.•129 views

HTTP Request Smuggling

apache2 is vulnerable to HTTP Request Smuggling. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch and a non-specific pattern matches some portion of the user-supplied request-target data and is then re-inserted into the proxied...

9.8CVSS9AI score0.8377EPSS
Exploits5References9Affected Software4
Veracode
Veracode
•added 2022/07/19 5:25 a.m.•129 views

Cross-site Scripting (XSS)

jquery-ui is vulnerable to cross-site scripting attacks. The vulnerability exists in the widget function in checkboxradio.js due to a lack of input sanitization which allows a malicious attacker to inject and execute malicious javascript...

6.1CVSS6.2AI score0.01933EPSS
Exploits1References14Affected Software1
Veracode
Veracode
•added 2022/11/19 12:48 a.m.•128 views

Denial Of Service (DoS)

rh-mysql80-mysql is vulnerable to denial of service. The vulnerability exists in the Server: Data Dictionary component, allowing attacker to cause an application crash through the multiple protocols...

4.9CVSS5.9AI score0.01024EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2022/01/16 8:9 a.m.•128 views

Object Injection

wordpress is vulnerable to object injection. An attacker with the admin privilege can bypass explicit or additional hardening under certain conditions through object injection...

7.2CVSS3.1AI score0.03695EPSS
Exploits1References10Affected Software1
Veracode
Veracode
•added 2022/10/03 10:2 a.m.•127 views

Regular Expression Denial Of Service (ReDoS)

react-native-reanimated is vulnerable to regular expression denial of service attacks. Improper usage of the regular expression in the parser of Colors.js allows remote attackers to cause denial of service conditions via a maliciously crafted input...

7.5CVSS7AI score0.01222EPSS
Exploits1References5Affected Software1
Veracode
Veracode
•added 2019/01/10 1:52 a.m.•127 views

Cross-Site Scripting (XSS)

Bootstrap is vulnerable to cross-site scripting XSS. An attacker is able to inject arbitrary Javascript into a victim's browser via the tooltip data-viewport attribute, to steal session tokens or perform unwanted actions on behalf of the user...

6.1CVSS5.7AI score0.03835EPSS
Exploits0References14Affected Software5
Veracode
Veracode
•added 2022/02/03 8:33 a.m.•126 views

Remote Code Execution (RCE)

postgresql is vulnerable to remote code execution. The vulnerability exists due to a lack of santization of the implementation of the expected interface of the class before instantiating it which allows an attacker to execute remote code...

9.8CVSS5.2AI score0.0301EPSS
Exploits1References7Affected Software3
Veracode
Veracode
•added 2025/05/08 3:3 a.m.•125 views

Information Disclosure

github.com/hashicorp/vault is vulnerable to information disclosure. The vulnerability is due to insufficient input validation or improper handling of malformed payloads, which allows an attacker to expose sensitive information by triggering logging of secret data during secret creation or update...

6.5CVSS6.1AI score0.00335EPSS
Exploits0References5Affected Software2
Veracode
Veracode
•added 2023/02/07 5:46 a.m.•124 views

Cross-Site Scripting (XSS)

github.com/grafana/grafana is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to improper sanitization of user inputs in the originalUrl parameter which allows an attacker to inject and execute arbitrary JavaScript...

6.7CVSS6.8AI score0.00828EPSS
Exploits0References7Affected Software2
Veracode
Veracode
•added 2022/02/09 7:11 a.m.•123 views

Information Disclosure

github.com/grafana/grafana is vulnerable to information disclosure. An authenticated attacker is able to view confidential data by querying for a specific team ID because the the library exposes multiple API endpoints without proper user authorization, allowing a malicious user to gain access to...

4.3CVSS3.2AI score0.01185EPSS
Exploits0References11Affected Software2
Veracode
Veracode
•added 2017/12/30 1:4 a.m.•121 views

Arbitrary Code Execution

dozer is vulnerable to arbitrary code execution attacks. It incorrectly uses a reflection-based approach to type conversion which allows attackers to execute code through serialized objects...

9.8CVSS9.6AI score0.05599EPSS
Exploits0References9Affected Software1
Veracode
Veracode
•added 2023/01/23 12:46 p.m.•120 views

HTTP Request Smuggling

apache2 is vulnerable to HTTP Request Smuggling. The vulnerability exists as the inconsistent interpretation of HTTP requests in modproxyajp allows an attacker to smuggle requests to the AJP server it forwards requests to...

9CVSS8.6AI score0.01879EPSS
Exploits0References7Affected Software6
Total number of security vulnerabilities5000