Lucene search
K
VeracodeMost viewed

38333 matches found

Veracode
Veracode
•added 2024/02/12 12:14 p.m.•119 views

Server Side Request Forgery (SSRF)

ip is vulnerable to Server Side Request Forgery. The vulnerability is due to the isPublic function's failure to interpret and classify hexadecimal IP address representations. If an application utilizes the isPublic or isPrivate functions to determine if an address is public, an attacker can prefo...

9.8CVSS6.7AI score0.01613EPSS
Exploits1References6Affected Software2
Veracode
Veracode
•added 2023/02/16 8:55 a.m.•119 views

Denial Of Service (DoS)

werkzeug is vulnerable to Denial of Service DoS attacks. An attacker is able to cause denial of service conditions by sending a crafted multipart data segment with many file parts to an endpoint which uses request.data, request.form, request.files, or request.getdata, causing high resource usage,...

7.5CVSS7.1AI score0.0142EPSS
Exploits0References5Affected Software3
Veracode
Veracode
•added 2020/08/18 2:3 a.m.•117 views

HTTP Request Smuggling

wildfly-undertow is vulnerable to HTTP request smuggling. The vulnerability exists against HTTP/1.x and HTTP/2 due to an incomplete fix for CVE-2017-2666, permitting invalid characters in an HTTP request. An attacker is able to poison a web-cache, perform an XSS attack, or obtain sensitive...

6.5CVSS1.4AI score0.02712EPSS
Exploits0References28Affected Software29
Veracode
Veracode
•added 2021/09/20 3:14 p.m.•116 views

Denial Of Service (DoS)

apache2 is vulnerable to denial of service. apescapequotes may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may...

9.8CVSS3.5AI score0.36339EPSS
Exploits0References22Affected Software21
Veracode
Veracode
•added 2021/02/05 8:44 p.m.•116 views

Privilege Escalation

sqlite3 is vulnerable to privilege escalation. The vulnerability exists through a problem during handling sub-queries with both a correlated WHERE clause and a HAVING 0 clause where the parent query is itself an aggregate...

5.5CVSS2.4AI score0.00496EPSS
Exploits0References9Affected Software2
Veracode
Veracode
•added 2022/01/17 7:54 a.m.•114 views

Remote Code Execution (RCE)

October CMS is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization of the input via the theme import function allowing an attacker with access to the backend to execute maliciously crafted PHP code...

8.8CVSS5.4AI score0.02087EPSS
Exploits1References2Affected Software3
Veracode
Veracode
•added 2021/12/13 6:29 a.m.•114 views

Path Traversal

github.com/grafana/grafana is vulnerable to path traversal. The vulnerability exists in the pluginMarkdown function in plugins.go, allowing an authenticated attacker to access fully lowercase or fully uppercase '.md' files outside the expected directory...

4.3CVSS4.8AI score0.57991EPSS
Exploits0References12Affected Software2
Veracode
Veracode
•added 2020/06/09 2:33 a.m.•114 views

Cross-site Scripting (XSS)

angular is vulnerable to cross-site scripting XSS. The vulnerability exists as the regex-based replacement, XHTMLTAGREGEXP, could convert sanitized code which has wrapped into , into unsanitized code...

5.4CVSS1AI score0.02142EPSS
Exploits0References24Affected Software2
Veracode
Veracode
•added 2022/03/08 11:57 p.m.•113 views

Privilege Escalation

kernel is vulnerable to privilege escalation. The vulnerability exists due to a use after free bug due to a race condition in unixscmtoskb of afunix.c...

6.4CVSS3AI score0.00811EPSS
Exploits0References6Affected Software3
Veracode
Veracode
•added 2025/04/17 7:46 a.m.•112 views

Denial Of Service (DoS)

Elasticsearch is vulnerable to Denial Of Service DoS. The vulnerability is due to unbounded recursion due to improper handling of deeply nested GeometryCollection objects in Well-Known Text WKT format, which allows attackers to craft specially formatted input that triggers a stack overflow and...

7.5CVSS7AI score0.00511EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2022/07/01 1:39 p.m.•112 views

Privilege Escalation

curl is vulnerable to Privilege Escalation. The vulnerability exists due to the unpreserved file permissions in the library which will accidentally widen the permissions for the target file leaving the updated file accessible to more users than intended...

9.8CVSS8.6AI score0.05481EPSS
Exploits1References14Affected Software14
Veracode
Veracode
•added 2022/01/26 5:21 a.m.•112 views

Privilege Escalation

focal is vulnerable to privilege escalation. The vulnerability exist in fsconfig syscall parameter that allows an attacker to cause a privilege escalation leading to a container breakout and an application crash...

8.8CVSS4.1AI score0.01206EPSS
Exploits2References5Affected Software4
Veracode
Veracode
•added 2024/03/27 1:47 p.m.•111 views

Path Traversal

webpack-dev-middleware is vulnerable to Path Traversal. The vulnerability is due to insufficient validation of URL addresses, allowing attackers to access any file on the developer's machine by manipulating the URL with specific encoded sequences such as %2e or %2f...

7.4CVSS6.8AI score0.01199EPSS
Exploits1References9Affected Software1
Veracode
Veracode
•added 2022/11/19 12:48 a.m.•111 views

Information Disclosure

rh-mysql80-mysql is vulnerable to information disclosure. The vulnerability exists in the Server: Security: Encryption component, allowing an attacker to get read access to a subset of MySQL Server accessible data through the multiple protocols...

4.3CVSS4.9AI score0.00653EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2021/12/13 3:6 a.m.•111 views

Remote Code Execution (RCE)

md-to-pdf is vulnerable to remote code execution. The library does not properly disable the JS engine in default when the library utilizing gray-matter to parse front matter content, allowing an attacker to execute the remote code through the JS engine...

9.8CVSS6.3AI score0.05329EPSS
Exploits2References2Affected Software1
Veracode
Veracode
•added 2020/08/28 1:26 a.m.•111 views

IP Address Spoofing

httpd24-httpd is vulnerable to IP address spoofing. The vulnerability exists when proxying using modremoteip and modrewrite can cause spoof in logging and PHP scripts...

5.3CVSS1.9AI score0.05884EPSS
Exploits0References31Affected Software3
Veracode
Veracode
•added 2023/10/31 6:49 a.m.•111 views

Sensitive Information Disclosure

org.elasticsearch: elasticsearch is vulnerable to Insertion Of Sensitive Information Into Log File. The vulnerability is caused by a failure to filter out sensitive information and credentials before logging to the audit log when requests to Elasticsearch use certain deprecated URIs for APIs. Thi...

4.4CVSS6.7AI score0.00228EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2017/03/14 3:18 a.m.•110 views

Remote Code Execution (RCE)

Elasticsearch is vulnerable to arbitrary code execution. This is because dynamic scripting is enabled by default, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to search...

8.1CVSS7AI score0.88559EPSS
Exploits17References18Affected Software1
Veracode
Veracode
•added 2022/07/25 10:1 p.m.•109 views

Remote Code Execution (RCE)

Moodle is vulnerable to Remote Code Execution. Due to an omitted execution parameter in the GhostScript command, an attacker is able to run code on the system by parsing PostScript code...

9.8CVSS9.2AI score0.06441EPSS
Exploits1References8Affected Software1
Veracode
Veracode
•added 2022/04/14 7:25 a.m.•109 views

Remote Code Execution (RCE)

composer/composer is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization of the user-controlled $file or $identifier arguments via the VcsDriver::getFileContent allowing an attacker to inject maliciously crafted script into the system...

8.8CVSS5.1AI score0.01841EPSS
Exploits0References9Affected Software2
Veracode
Veracode
•added 2022/04/07 12:6 p.m.•109 views

Denial Of Service (DoS)

Spring Expression is vulnerable to denial of service. The vulnerability exists due to the creation of large array in a SpEL and sending meaningless error messages to the user which allows an attacker to send crafted SpEL expressions that leads to an out ouf bound error causing an application cras...

6.5CVSS3.1AI score0.35834EPSS
Exploits0References6Affected Software3
Veracode
Veracode
•added 2022/02/09 7:55 a.m.•109 views

Cross-site Scripting (XSS)

github.com/grafana/grafana is vulnerable to cross-site scriptingXSS attacks. A remote authenticated attacker is able to inject HTML content through the Grafana datasource or the plugin proxy and trick a user to visit a malicious HTML page using a specially crafted link...

6.5CVSS1.2AI score0.02359EPSS
Exploits1References14Affected Software2
Veracode
Veracode
•added 2023/11/28 2:25 p.m.•108 views

Use After Free

chromium is vulnerable to Use After Free. The vulnerability exists in the Navigation component, potentially allowing an attacker to exploit heap corruption via a maliciously crafted HTML page...

8.8CVSS7AI score0.30339EPSS
Exploits0References11Affected Software3
Veracode
Veracode
•added 2022/06/24 4:7 a.m.•108 views

Cross-site Scripting (XSS)

tomcat is vulnerable to cross-site scripting. The vulnerability exists because the user-provided name, value, and type form attributes are not filtered before being displayed on the web page, allowing an attacker to inject and execute malicious javascript...

6.1CVSS6.4AI score0.06156EPSS
Exploits0References13Affected Software2
Veracode
Veracode
•added 2022/05/11 4:3 a.m.•108 views

Prototype Pollution

ramda is vulnerable to prototype pollution. An attacker can inject properties into existing construct prototypes via the curry2 function in the mapObjIndexed.js and modify attributes such as proto, constructor, and prototype. This vulnerability has been disputed and is pending further information...

9.1CVSS4AI score0.01297EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2021/03/10 7:22 a.m.•108 views

XML Injection

xmldom is vulnerable to XML injection. Repeated parsing and serializing of malicious documents can result in incorrect preservation of system identifiers, FPIs or namespaces...

4.3CVSS5.5AI score0.01328EPSS
Exploits0References7Affected Software2
Veracode
Veracode
•added 2020/06/01 2:5 a.m.•107 views

Remote Code Execution (RCE)

portal-impl is vulnerable to remote code execution. The vulnerability exists as it allows untrusted deserialization of other classes through JSONWS, com/liferay/portal/jsonwebservice/JSONWebServiceActionImpl, which may not be permitted by liferay...

9.8CVSS4.1AI score0.99783EPSS
Exploits10References6Affected Software2
Veracode
Veracode
•added 2025/03/28 4:40 a.m.•105 views

Unexpected Status Code Or Return Value

go-redis is vulnerable to Unexpected Status Code or Return Value. The vulnerability is due to improper request handling due to timeouts in the CLIENT SETINFO command during connection establishment, leading to incorrect command responses and potential data inconsistency...

3.7CVSS7.3AI score0.00694EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2023/11/23 6:48 a.m.•105 views

Information Disclosure

PowerShell is vulnerable to Information Disclosure. The vulnerability is due to the PowerShell Web cmdlets, which allows an attacker to exfiltrate sensitive information from a targeted site...

6.5CVSS6.6AI score0.01436EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2023/10/12 2:37 p.m.•105 views

Denial Of Service (DoS)

Libraries that implement HTTP/2 are vulnerable to Denial Of Service DoS. The vulnerability could be exploited by attackers via sending a large number of HTTP/2 requests to a vulnerable server, then canceling them, causing the server to consume excessive resources and become unavailable to...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References166Affected Software37
Veracode
Veracode
•added 2021/04/18 7:58 a.m.•105 views

XML External Entity (XXE)

Wordpress is vulnerable to XML external entity attack. A user with the ability to upload files like an Author is able to exploit an XML external entity vulnerability in the Media Library to retrieve arbitrary system files...

7.1CVSS4.1AI score0.85719EPSS
Exploits20References11Affected Software3
Veracode
Veracode
•added 2019/09/25 2:59 a.m.•104 views

Prototype Pollution

handlebars is vulnerable to prototype pollution. The vulnerability exists as it merges options.helpers, options.partials, and options.decorators...

9.8CVSS2.5AI score0.07066EPSS
Exploits0References3Affected Software2
Veracode
Veracode
•added 2021/04/29 1:13 p.m.•103 views

Privilege Escalation

Bubblewrap bwrap is vulnerable to privilege escalation. If installed in setuid mode and the kernel supports unprivileged user namespaces, then the bwrap --userns2 option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root...

7.8CVSS2.9AI score0.00907EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2023/06/27 9:14 a.m.•102 views

Remote Code Execution (RCE)

system.linq.dynamic.core is vulnerable to Remote Code Execution RCE. The vulnerability is due to Linq queries having access to public methods on classes retrieved via the Where, All, Any and .OrderBy methods which allows an attacker to execute malicious code on the system...

9.8CVSS7.8AI score0.34904EPSS
Exploits4References3Affected Software1
Veracode
Veracode
•added 2021/12/12 11:4 a.m.•102 views

Privilege Escalation

podman is vulnerable to Privilege Escalation. The vulnerability exists due to a flaw was found in podman machine function used to create and manage Podman virtual machine containing a Podman process which spawns a gvproxy process on the host system. allowing the API to forward ports on the host t...

6.5CVSS6.7AI score0.01057EPSS
Exploits1References7Affected Software1
Veracode
Veracode
•added 2020/03/23 7:19 a.m.•102 views

Man-in-the-Middle (MitM)

lix is vulnerable to man-in-the-middle attack. Package downloads are allowed via an insecure HTTP channel after following the Location header redirects. This allows for an attacker in a privileged network position to intercept and modify a package installation and redirect the download to a...

8.1CVSS2.6AI score0.01365EPSS
Exploits0References1Affected Software1
Veracode
Veracode
•added 2022/04/13 3:23 p.m.•101 views

Privilege Escalation

git is vulnerable to privilege escalation. The vulnerability exists due to a lack of validation of authorization which allows an attacker to gain access and perform unauthenticated actions in the system...

7.8CVSS5.1AI score0.00782EPSS
Exploits0References30Affected Software4
Veracode
Veracode
•added 2022/01/26 5:22 a.m.•100 views

Privilege Escalation

policykit is vulnerable to privilege escalation.The vulnerability allows any unprivileged user to gain root privileges on the vulnerable host...

7.8CVSS3.1AI score0.94921EPSS
Exploits151References26Affected Software7
Veracode
Veracode
•added 2021/09/01 4:59 a.m.•100 views

Symlink Attack

tar is vulnerable to symlink attack. The vulnerability exists due to the lack of checking if the symbolic link has been modified through the logic used both \ and / characters as path separators...

8.6CVSS3.6AI score0.03286EPSS
Exploits0References7Affected Software6
Veracode
Veracode
•added 2017/07/26 12:48 a.m.•100 views

Cross-site Request Forgery (CSRF)

CMS Made Simple is vulnerable to cross-site request forgery CSRF attacks. A malicious user can hijack the authentication of admins for requests to create accounts through an admin/adduser.php requests...

8CVSS7.9AI score0.01EPSS
Exploits0References1Affected Software1
Veracode
Veracode
•added 2023/08/07 2:53 a.m.•99 views

Information Disclosure

sulu/sulu is vulnerable to Observable Response Discrepancy. The vulnerability exists due to the insecure access control used in the security.yaml configuration, which allows an attacker to detect whether a user's username or email exists and which ones do not exist through the Admin Login form...

4.3CVSS6.7AI score0.00496EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2023/03/18 8:38 a.m.•99 views

Server-Side Request Forgery (SSRF)

request is vulnerable to Server-Side Request Forgery SSRF. The vulnerability exists due to the Redirect.prototype.redirectTo function in redirect.js, which allows a remote attacker to bypass SSRF protection because library does not properly apply configurations when requests are redirected from...

6.1CVSS6.2AI score0.00719EPSS
Exploits1References6Affected Software1
Veracode
Veracode
•added 2017/01/24 3:10 a.m.•99 views

Denial Of Service (DoS)

openssl is vulnerable to denial of service DoS attacks. The library improperly calculates string lengths, allowing a malicious user to cause a denial of service by passing a large string to the system...

10CVSS8.8AI score0.32414EPSS
Exploits1References59Affected Software3
Veracode
Veracode
•added 2023/04/21 2:20 a.m.•98 views

Improper Logout Implementation

spring-security-web is vulnerable to Improper Logout Implementation. The vulnerability exists in the SwitchUserFilter.java because it does not properly clean the security context if using serialized versions, which allows an attacker to stay authenticated even after they perform a logout...

6.3CVSS8.7AI score0.00648EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2023/02/06 4:51 a.m.•98 views

Directory Traversal

jszip is vulnerable to Directory Traversal. The vulnerability exists as untrusted user input is not properly validated and/or sanitized, allowing an attacker to exploit the vulnerability via a crafted ZIP archive...

7.3CVSS7AI score0.01411EPSS
Exploits0References7Affected Software2
Veracode
Veracode
•added 2022/04/13 4:46 a.m.•98 views

Remote Code Execution (RCE)

Apache Struts is vulnerable to remote code execution. The vulnerability exists due to an incomplete fix of CVE-2020-17530 which is double evaluation if OGNL is used, allowing an attacker to inject maliciously crafted script via the %... syntax within the Struts tag...

9.8CVSS4.1AI score0.95922EPSS
Exploits16References6Affected Software1
Veracode
Veracode
•added 2021/06/16 4:24 p.m.•98 views

Denial Of Service (DoS)

mariadb is vulnerable to denial of service. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server...

4.9CVSS2.3AI score0.04643EPSS
Exploits0References20Affected Software6
Veracode
Veracode
•added 2020/09/18 8:14 a.m.•97 views

Reflected File Download (RFD) Attack

spring-web is vulnerable to Reflected File Download RFD attack. An incomplete fix of CVE-2015-5211 allows an attacker to bypass the protection against RFD attack via the jsessionid path parameter...

9.6CVSS4.6AI score0.10736EPSS
Exploits2References42Affected Software1
Veracode
Veracode
•added 2025/06/06 5:54 a.m.•96 views

Sensitive Information Disclosure

yiisoft/yii2-redis is vulnerable to Sensitive Information Disclosure. The vulnerability is due to information disclosure due to authentication credentials username and password being logged in plain text during failed connection attempts...

6.5CVSS6.2AI score0.00283EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2022/10/12 2:12 a.m.•96 views

Regular Expression Denial Of Service (ReDoS)

loader-utils is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure regex pattern used for the resourcePath variable in interpolateName.js, allowing an attacker to crash the application by providing a malicious input...

7.5CVSS7.3AI score0.0204EPSS
Exploits0References6Affected Software6
Total number of security vulnerabilities5000