HTTP Request Smuggling

wildfly-undertow is vulnerable to HTTP request smuggling. The vulnerability exists against HTTP/1.x and HTTP/2 due to an incomplete fix for CVE-2017-2666, permitting invalid characters in an HTTP request. An attacker is able to poison a web-cache, perform an XSS attack, or obtain sensitive...

Remote Code Execution (RCE)

October CMS is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization of the input via the theme import function allowing an attacker with access to the backend to execute maliciously crafted PHP code...

Path Traversal

github.com/grafana/grafana is vulnerable to path traversal. The vulnerability exists in the pluginMarkdown function in plugins.go, allowing an authenticated attacker to access fully lowercase or fully uppercase '.md' files outside the expected directory...

Cross-site Scripting (XSS)

angular is vulnerable to cross-site scripting XSS. The vulnerability exists as the regex-based replacement, XHTMLTAGREGEXP, could convert sanitized code which has wrapped into , into unsanitized code...

Privilege Escalation

curl is vulnerable to Privilege Escalation. The vulnerability exists due to the unpreserved file permissions in the library which will accidentally widen the permissions for the target file leaving the updated file accessible to more users than intended...

Privilege Escalation

focal is vulnerable to privilege escalation. The vulnerability exist in fsconfig syscall parameter that allows an attacker to cause a privilege escalation leading to a container breakout and an application crash...

Path Traversal

webpack-dev-middleware is vulnerable to Path Traversal. The vulnerability is due to insufficient validation of URL addresses, allowing attackers to access any file on the developer's machine by manipulating the URL with specific encoded sequences such as %2e or %2f...

Information Disclosure

rh-mysql80-mysql is vulnerable to information disclosure. The vulnerability exists in the Server: Security: Encryption component, allowing an attacker to get read access to a subset of MySQL Server accessible data through the multiple protocols...

Privilege Escalation

kernel is vulnerable to privilege escalation. The vulnerability exists due to a use after free bug due to a race condition in unixscmtoskb of afunix.c...

Remote Code Execution (RCE)

md-to-pdf is vulnerable to remote code execution. The library does not properly disable the JS engine in default when the library utilizing gray-matter to parse front matter content, allowing an attacker to execute the remote code through the JS engine...

Sensitive Information Disclosure

org.elasticsearch: elasticsearch is vulnerable to Insertion Of Sensitive Information Into Log File. The vulnerability is caused by a failure to filter out sensitive information and credentials before logging to the audit log when requests to Elasticsearch use certain deprecated URIs for APIs. Thi...

Remote Code Execution (RCE)

composer/composer is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization of the user-controlled $file or $identifier arguments via the VcsDriver::getFileContent allowing an attacker to inject maliciously crafted script into the system...

Cross-site Scripting (XSS)

github.com/grafana/grafana is vulnerable to cross-site scriptingXSS attacks. A remote authenticated attacker is able to inject HTML content through the Grafana datasource or the plugin proxy and trick a user to visit a malicious HTML page using a specially crafted link...

IP Address Spoofing

httpd24-httpd is vulnerable to IP address spoofing. The vulnerability exists when proxying using modremoteip and modrewrite can cause spoof in logging and PHP scripts...

Denial Of Service (DoS)

Elasticsearch is vulnerable to Denial Of Service DoS. The vulnerability is due to unbounded recursion due to improper handling of deeply nested GeometryCollection objects in Well-Known Text WKT format, which allows attackers to craft specially formatted input that triggers a stack overflow and...

Use After Free

chromium is vulnerable to Use After Free. The vulnerability exists in the Navigation component, potentially allowing an attacker to exploit heap corruption via a maliciously crafted HTML page...

Remote Code Execution (RCE)

Moodle is vulnerable to Remote Code Execution. Due to an omitted execution parameter in the GhostScript command, an attacker is able to run code on the system by parsing PostScript code...

Denial Of Service (DoS)

Spring Expression is vulnerable to denial of service. The vulnerability exists due to the creation of large array in a SpEL and sending meaningless error messages to the user which allows an attacker to send crafted SpEL expressions that leads to an out ouf bound error causing an application cras...

Remote Code Execution (RCE)

portal-impl is vulnerable to remote code execution. The vulnerability exists as it allows untrusted deserialization of other classes through JSONWS, com/liferay/portal/jsonwebservice/JSONWebServiceActionImpl, which may not be permitted by liferay...

Prototype Pollution

ramda is vulnerable to prototype pollution. An attacker can inject properties into existing construct prototypes via the curry2 function in the mapObjIndexed.js and modify attributes such as proto, constructor, and prototype. This vulnerability has been disputed and is pending further information...

XML Injection

xmldom is vulnerable to XML injection. Repeated parsing and serializing of malicious documents can result in incorrect preservation of system identifiers, FPIs or namespaces...

Cross-site Scripting (XSS)

tomcat is vulnerable to cross-site scripting. The vulnerability exists because the user-provided name, value, and type form attributes are not filtered before being displayed on the web page, allowing an attacker to inject and execute malicious javascript...

Remote Code Execution (RCE)

Elasticsearch is vulnerable to arbitrary code execution. This is because dynamic scripting is enabled by default, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to search...

Information Disclosure

PowerShell is vulnerable to Information Disclosure. The vulnerability is due to the PowerShell Web cmdlets, which allows an attacker to exfiltrate sensitive information from a targeted site...

XML External Entity (XXE)

Wordpress is vulnerable to XML external entity attack. A user with the ability to upload files like an Author is able to exploit an XML external entity vulnerability in the Media Library to retrieve arbitrary system files...

Unexpected Status Code Or Return Value

go-redis is vulnerable to Unexpected Status Code or Return Value. The vulnerability is due to improper request handling due to timeouts in the CLIENT SETINFO command during connection establishment, leading to incorrect command responses and potential data inconsistency...

Prototype Pollution

handlebars is vulnerable to prototype pollution. The vulnerability exists as it merges options.helpers, options.partials, and options.decorators...

Remote Code Execution (RCE)

system.linq.dynamic.core is vulnerable to Remote Code Execution RCE. The vulnerability is due to Linq queries having access to public methods on classes retrieved via the Where, All, Any and .OrderBy methods which allows an attacker to execute malicious code on the system...

Privilege Escalation

podman is vulnerable to Privilege Escalation. The vulnerability exists due to a flaw was found in podman machine function used to create and manage Podman virtual machine containing a Podman process which spawns a gvproxy process on the host system. allowing the API to forward ports on the host t...

Privilege Escalation

Bubblewrap bwrap is vulnerable to privilege escalation. If installed in setuid mode and the kernel supports unprivileged user namespaces, then the bwrap --userns2 option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root...

Man-in-the-Middle (MitM)

lix is vulnerable to man-in-the-middle attack. Package downloads are allowed via an insecure HTTP channel after following the Location header redirects. This allows for an attacker in a privileged network position to intercept and modify a package installation and redirect the download to a...

Privilege Escalation

policykit is vulnerable to privilege escalation.The vulnerability allows any unprivileged user to gain root privileges on the vulnerable host...

Symlink Attack

tar is vulnerable to symlink attack. The vulnerability exists due to the lack of checking if the symbolic link has been modified through the logic used both \ and / characters as path separators...

Cross-site Request Forgery (CSRF)

CMS Made Simple is vulnerable to cross-site request forgery CSRF attacks. A malicious user can hijack the authentication of admins for requests to create accounts through an admin/adduser.php requests...

Server-Side Request Forgery (SSRF)

request is vulnerable to Server-Side Request Forgery SSRF. The vulnerability exists due to the Redirect.prototype.redirectTo function in redirect.js, which allows a remote attacker to bypass SSRF protection because library does not properly apply configurations when requests are redirected from...

Improper Logout Implementation

spring-security-web is vulnerable to Improper Logout Implementation. The vulnerability exists in the SwitchUserFilter.java because it does not properly clean the security context if using serialized versions, which allows an attacker to stay authenticated even after they perform a logout...

Directory Traversal

jszip is vulnerable to Directory Traversal. The vulnerability exists as untrusted user input is not properly validated and/or sanitized, allowing an attacker to exploit the vulnerability via a crafted ZIP archive...

Information Disclosure

sulu/sulu is vulnerable to Observable Response Discrepancy. The vulnerability exists due to the insecure access control used in the security.yaml configuration, which allows an attacker to detect whether a user's username or email exists and which ones do not exist through the Admin Login form...

Denial Of Service (DoS)

mariadb is vulnerable to denial of service. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server...

Denial Of Service (DoS)

openssl is vulnerable to denial of service DoS attacks. The library improperly calculates string lengths, allowing a malicious user to cause a denial of service by passing a large string to the system...

Remote Code Execution (RCE)

Apache Struts is vulnerable to remote code execution. The vulnerability exists due to an incomplete fix of CVE-2020-17530 which is double evaluation if OGNL is used, allowing an attacker to inject maliciously crafted script via the %... syntax within the Struts tag...

Sensitive Information Disclosure

yiisoft/yii2-redis is vulnerable to Sensitive Information Disclosure. The vulnerability is due to information disclosure due to authentication credentials username and password being logged in plain text during failed connection attempts...

Regular Expression Denial Of Service (ReDoS)

loader-utils is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure regex pattern used for the resourcePath variable in interpolateName.js, allowing an attacker to crash the application by providing a malicious input...

Reflected File Download (RFD) Attack

spring-web is vulnerable to Reflected File Download RFD attack. An incomplete fix of CVE-2015-5211 allows an attacker to bypass the protection against RFD attack via the jsessionid path parameter...

Denial Of Service (DoS)

Libraries that implement HTTP/2 are vulnerable to Denial Of Service DoS. The vulnerability could be exploited by attackers via sending a large number of HTTP/2 requests to a vulnerable server, then canceling them, causing the server to consume excessive resources and become unavailable to...

Timing Attack

github.com/hashicorp/vault is vulnerable to Timing Attacks. The vulnerability exists in mult and div functions of shamir.go because of not implementing a constant time which allows an attacker to observe a large number of unseal operations on the host...

Open Redirect

got is vulnerable to open redirect. The vulnerability exists onResponseBase function in index.ts because the redirects are enabled to UNIX sockets which allows an attacker to redirect to malicious URLs...

Authorization Bypass

squirrelmail is vulnerable to authorization bypass. THe vulnerability exists as SquirrelMail was allowed to be loaded into an HTML sub-frame, allowing a remote attacker to perform a clickjacking attack against logged in users and possibly gain access to sensitive user data...

Cross-site Scripting (XSS)

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

Denial Of Service (DoS)

com.fasterxml.jackson.core:jackson-databind is vulnerable to Denial Of Service DoS. A malicious user is able to cause a StackOverflow exception using a large depth of nested objects resulting in a denial of service conditions...