Lucene search
K
VeracodeMost viewed

38332 matches found

Veracode
Veracode
•added 2022/12/29 9:5 a.m.•74 views

Remote Code Execution (RCE)

binwalk is vulnerable to remote code execution. A remote attacker is able to upload and execute malicious code on the system under attack via the affected file src/binwalk/modules/extractor.py of the component Archive Extraction Handler...

6.5CVSS4.8AI score0.01933EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2022/07/07 5:14 a.m.•74 views

Regular Expression Denial Of Service (ReDoS)

moment is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to the inefficient regex pattern used in the preprocessRFC2822 function of from-string.js, allowing an attacker to crash the application by providing malicious inputs of more than 10k characters...

7.5CVSS7.4AI score0.03949EPSS
Exploits1References18Affected Software9
Veracode
Veracode
•added 2022/01/07 7:40 a.m.•74 views

SQL Injection

johnpbloch/wordpress-core is vulnerable to sql injection. The vulnerability exists due to the lack of sanitization in the WPQuery in the cleanquery function of class-wp-tax-query.php, allowing an attacker to inject and execute malicious input through the plugins or themes...

8CVSS3.6AI score0.97795EPSS
Exploits14References15Affected Software3
Veracode
Veracode
•added 2018/04/12 4:38 a.m.•74 views

Cross-Site Scripting (XSS)

jQuery is susceptible to cross-site scripting XSS attacks. It is vulnerable because it immediately executes the event handlers or scripts passed to parseHTML.js, allowing the malicious user to inject arbitrary HTML or script through it...

6.1CVSS6AI score0.0162EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2017/05/03 8:37 a.m.•74 views

Preloading Of Untrusted Windows DLL

github.com/golang/go contains an untrusted search path vulnerability. When used on Windows, it allows local users to gain privileges by using a Trojan Horse DLL. This is related to the use of the LoadLibrary function...

7.8CVSS7.5AI score0.00396EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2023/06/30 3:59 a.m.•73 views

Regular Expression Denial Of Service (ReDoS)

uri is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to inefficient Regex pattern complexity used in rfc2396parser.rb and rfc3986parser.rb., which allows an attacker to crash the application by providing maliciously crafted URI patterns. NOTE: This issue...

5.3CVSS6.7AI score0.02637EPSS
Exploits0References12Affected Software2
Veracode
Veracode
•added 2022/08/15 10:21 a.m.•73 views

Server-Side Request Forgery (SSRF)

undici is vulnerable to Server-Side Request Forgery SSRF. The library assumes that the hostname won't change, when in actuality it can change because the specified path parameter is combined with the base URL, allowing remote attackers to cause SSRF attacks via sending a crafted request through t...

9.8CVSS6.8AI score0.01388EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2022/06/07 3:36 a.m.•73 views

CRLF Injection

jodd-http is vulnerable to CRLF injection attacks. The vulnerability exists because the path function of HttpRequest.java does not properly encode the URLEncoder, allowing an attacker to inject and execute a malicious TCP payload by using \r\n in the query string...

7.5CVSS7.6AI score0.00939EPSS
Exploits1References5Affected Software1
Veracode
Veracode
•added 2022/05/24 10:17 p.m.•73 views

Denial Of Service (DoS)

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

9.8CVSS9AI score0.01325EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2022/01/29 5:13 p.m.•73 views

Improper Input Validation

openjdk11, edge is vulnerable to improper input validation. The vulnerability exists due to improper input validation within the JAXP component allow attacker to exploit this vulnerability to gain access to sensitive information...

5.3CVSS3.1AI score0.02825EPSS
Exploits0References9Affected Software8
Veracode
Veracode
•added 2021/09/19 9:2 p.m.•73 views

Denial Of Service (DoS)

apache2 is vulnerable to denial of service. The vulnerability exists due to a NULL pointer dereference...

7.5CVSS2.8AI score0.64509EPSS
Exploits0References24Affected Software20
Veracode
Veracode
•added 2021/03/09 9:46 p.m.•73 views

Remote Code Execution

gsoap is vulnerable to remote code execution. The WS-Addressing plugin functionality allows an attacker to execute arbitrary code on the host OS using a malicious SOAP request...

9.8CVSS4.4AI score0.0586EPSS
Exploits1References7Affected Software1
Veracode
Veracode
•added 2019/07/08 10:38 a.m.•73 views

Arbitrary Code Execution

Apache Commons Collections ACC library is vulnerable to Arbitrary Code Execution. The vulnerability is possible because it directly uses ACC, or contains ACC, in the classpath, which allows an attacker to gain read access to unnecessary information in debug messages by sending modified requests...

7.5CVSS7.2AI score0.18763EPSS
Exploits1References16Affected Software2
Veracode
Veracode
•added 2019/01/15 9:17 a.m.•73 views

Denial Of Service (DoS)

QEMU is vulnerable to denial of service. Quick Emulator QEMU built with Network Block Device NBD Server support was vulnerable to a null-pointer dereference issue. The flaw could occur when releasing a client, which was not initialized due to failed negotiation. A remote user or process could...

7.5CVSS7.2AI score0.04093EPSS
Exploits0References10Affected Software1
Veracode
Veracode
•added 2019/01/15 9:2 a.m.•73 views

Denial Of Service (DoS)

Xerces2-j aka Apache Xerces-J parser is vulnerable to denial of service DoS. The attack can be triggered when malicious XML data is passed to Apache Xerces-J parser and processed by the JRE...

7.1CVSS6.2AI score0.24738EPSS
Exploits0References69Affected Software87
Veracode
Veracode
•added 2024/03/29 6:30 a.m.•72 views

Open Redirect

express is vulnerable to Open Redirect. The vulnerability is due to improper handling of user-provided URLs during redirection in Express.js, which performs encoding using the encodeurl library before passing it to the 'location' header. It allows bypass of an improperly implemented allow lists a...

6.1CVSS6.7AI score0.00786EPSS
Exploits0References6Affected Software2
Veracode
Veracode
•added 2022/11/22 4:34 p.m.•72 views

Denial Of Service (DoS)

Tensorflow is vulnerable to denial of service. The vulnerability exists due to a segment fault in ndarraytensorbridge because the inputs are not properly validated which allows an attacker to cause an application crash...

7.5CVSS7.1AI score0.0033EPSS
Exploits1References5Affected Software3
Veracode
Veracode
•added 2022/10/03 6:14 a.m.•72 views

Cross-site Scripting (XSS)

moodle is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to a lack of sanitization of user input to a recursive lambda function rendering to the Mustache template helper renderer allowing an attacker to inject maliciously crafted script into the system...

7.1CVSS7AI score0.00526EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2022/07/21 12:43 a.m.•72 views

Memory Leak

kernel-rt is vulnerable to denial of service. The vulnerability exists due to the small table perturb size used in the tcp source port generation algorithm in net/ipv4/tcp.c, allowing an attacker to gain sensitive information which will give the attacker the authority to carry out a denial of...

8.2CVSS6.6AI score0.02972EPSS
Exploits0References8Affected Software2
Veracode
Veracode
•added 2022/01/28 4:38 a.m.•72 views

Time Of Check To Time Of Use (TOCTOU)

tomcat-catalina is vulnerable to time of check to time of use. The vulnerability exists in file function of FileStore.java which allows an attacker to perform unauthenticated actions causing a race condition...

7CVSS3.3AI score0.00692EPSS
Exploits15References9Affected Software6
Veracode
Veracode
•added 2021/09/09 4:22 p.m.•72 views

Privilege Escalation

kernel is vulnerable to privilege escalation. The vulnerability exists due to a use-after-free condition...

7.8CVSS3.3AI score0.00353EPSS
Exploits2References6Affected Software4
Veracode
Veracode
•added 2020/04/24 12:18 p.m.•72 views

Cross-Site Scripting (XSS)

github.com/grafana/grafana is vulnerable to cross-site scripting XSS. The vulnerability is possible as an attacker can inject a malicious payload that will execute in a user's browser through header column renaming feature in table panel...

6.1CVSS1.6AI score0.01946EPSS
Exploits0References10Affected Software3
Veracode
Veracode
•added 2020/04/10 12:25 a.m.•72 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists as a possible kernel memory leak was found in the Linux kernel Simple Internet Transition SIT INET6 implementation...

7.8CVSS3AI score0.04934EPSS
Exploits1References41Affected Software1
Veracode
Veracode
•added 2023/05/22 1:41 p.m.•71 views

Remote Code Execution (RCE)

Kafka clients is vulnerable to Remote Code Execution. The vulnerability is due to a lack of restrictions on the sasl.jaas.config authentication property, which allows an authenticated attacker to submit arbitrary SASL configurations. An attacker can inject a deserialization gadget chain into the...

8.8CVSS8.1AI score0.95302EPSS
Exploits8References7Affected Software1
Veracode
Veracode
•added 2022/06/21 2:43 a.m.•71 views

SpEL Injection Attacks

spring-data-mongodb is vulnerable to Spring Expression Language SpEL injection. The vulnerability exists due to the non-sanitized input in the repository query method, allowing an attacker to inject and execute malicious SpEL to the repository query method when it is annotated with @Query or...

9.8CVSS9.2AI score0.16903EPSS
Exploits3References5Affected Software1
Veracode
Veracode
•added 2022/05/07 2:3 a.m.•71 views

Authentication Bypass

firefox is vulnerable to authentication bypass. An attacker with the document in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions...

8.8CVSS3.2AI score0.00848EPSS
Exploits0References6Affected Software6
Veracode
Veracode
•added 2021/11/18 6:30 a.m.•71 views

Incorrect Content-type Handling

github.com/opencontainers/distribution-spec is handling content-type incorrectly. Type of the manifest during the push and pull operations was wrongly determined as it uses only Content-Type header, causing a client to interpret the resulting content differently...

5CVSS1AI score0.02085EPSS
Exploits0References23Affected Software12
Veracode
Veracode
•added 2021/05/20 3:28 p.m.•71 views

Denial Of Service (DoS)

unboubnd is vulnerable to denial of service. According to the original report there are checks happening before the affected function that make this not exploitable. For these reasons its Impact is Moderate. Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdatacopy. A...

9.8CVSS2.7AI score0.02037EPSS
Exploits0References7Affected Software3
Veracode
Veracode
•added 2018/07/23 5:27 a.m.•71 views

Insecure Defaults

tomcat-websocket is vulnerable to missing hostname verification. The application does not verify the hostname with a client when establishing a TLS connection through the websocket, allowing a malicious user to impersonate a different host machine...

7.5CVSS8.4AI score0.213EPSS
Exploits0References45Affected Software85
Veracode
Veracode
•added 2022/05/25 7:35 a.m.•70 views

Authentication Bypass

pyjwt is vulnerable to authentication bypass. The vulnerability exists because the library permits an attacker submitting a JWT token to choose which algorithms are used when signing in, enabling non-blocklisted, but weak public key formats to be supported in the authentication process allowing a...

7.5CVSS7.5AI score0.012EPSS
Exploits0References8Affected Software2
Veracode
Veracode
•added 2022/04/24 12:27 a.m.•70 views

Privilege Escalation

openjdk is vulnerable to privilege escalation. The vulnerability exists due to a lack of validation of authorization allowing an attacker to update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data...

5.3CVSS5.2AI score0.02401EPSS
Exploits0References8Affected Software8
Veracode
Veracode
•added 2021/12/18 6:53 p.m.•70 views

Denial Of Service (DoS)

log4j is vulnerable to denial of service. An attacker with control over Thread Context Map MDC input data is able to cause a denial of service by causing a StackOverflowError that will terminate the process. This is due to uncontrolled recursion from self-referential lookups when the logging...

5.9CVSS3.8AI score0.99999EPSS
Exploits20References17Affected Software23
Veracode
Veracode
•added 2020/08/31 5:1 a.m.•70 views

Authorization Bypass

microsoft.aspnetcore.http and microsoft.owin are vulnerable to authorization bypass. Cookie values are not properly decoded when it contain certain characters. A remote attacker is able to bypass the "Cookie Prefixes" security mechanism by sending malicious cookies to the application...

7.5CVSS7.5AI score0.06624EPSS
Exploits0References14Affected Software3
Veracode
Veracode
•added 2020/04/10 1:7 a.m.•70 views

Remote Code Execution (RCE)

cups is vulnerable to remote code execution RCE. The attack exists because of LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gifreadlzw function in filter/image-gif.c in CUPS...

5.1CVSS3.3AI score0.12709EPSS
Exploits0References34Affected Software1
Veracode
Veracode
•added 2019/08/20 12:10 a.m.•70 views

Cross-site Scripting (XSS)

PHP is vulnerable to reflected XSS vulnerability. An attack can inject a malicious script on PHAR 403 and 404 error pages through request data of a request for a .phar file. It is possible due to an incomplete fix of CVE-2018-5712...

6.1CVSS1.6AI score0.79949EPSS
Exploits0References13Affected Software3
Veracode
Veracode
•added 2019/07/04 4:8 a.m.•70 views

Information Disclosure

Dnn.Platform is vulnerable to information disclosure. The attack is due to the use of weak encryption algorithm to encrypt input parameters...

7.5CVSS7.1AI score0.74048EPSS
Exploits4References4Affected Software2
Veracode
Veracode
•added 2018/11/27 6:8 a.m.•70 views

XML External Entity (XXE)

libxml2.so is vulnerable to XML external entity attacks XXE. The XML parser allows parsing of external entities by default, enabling remote attackers to conduct XXE attacks through a crafted document...

5.5CVSS6.2AI score0.02938EPSS
Exploits1References8Affected Software2
Veracode
Veracode
•added 2017/01/27 2:30 a.m.•70 views

Denial Of Service (DoS)

OpenSSL is vulnerable to denial of service DoS attacks. The library mishandles invalid ASN.1 encoding and causes large amounts of memory being consumed. A malicious user can take advantage of this to cause a denial of service via resource consumption...

7.8CVSS8.1AI score0.2921EPSS
Exploits1References56Affected Software3
Veracode
Veracode
•added 2023/12/19 6:46 a.m.•69 views

Rogue Session Attack (Terrapin)

ssh is vulnerable to Terrapin attack. The vulnerability is due to mishandling of the handshake phase and sequence numbers in the SSH Binary Packet Protocol BPP with certain OpenSSH extensions. This allows an attacker to bypass integrity checks and omit packets during extension negotiation, and...

5.9CVSS6.5AI score0.93305EPSS
Exploits4References120Affected Software28
Veracode
Veracode
•added 2023/04/26 11:54 a.m.•69 views

Timing Attack

laravel/framework is vulnerable to Timing Attacks. The vulnerability exists in the hasValidCredentials function of SessionGuard.php due to the fact that a successful login request takes more time then a unsuccessful request due to HTTP/2 multiplexing, which allows an attacker to enumerate users v...

5.3CVSS5.5AI score0.00881EPSS
Exploits1References5Affected Software1
Veracode
Veracode
•added 2022/12/23 5:51 a.m.•69 views

Regular Expression Denial Of Service (ReDoS)

isjs is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure regex pattern used for url matching in is.js allowing an attacker to crash the application by providing malicious urls...

7.5CVSS7.2AI score0.00866EPSS
Exploits1References3Affected Software2
Veracode
Veracode
•added 2022/05/09 7:41 a.m.•69 views

Denial Of Service (DoS)

Newtonsoft.Json is vulnerable to denial of service. The use of insecure defaults cause an StackOverFlow exception SOE whenever nested expressions are being processed when an attacker sends 5 requests that cause SOE in time frame of 5 minutes...

7.5CVSS3.7AI score0.32908EPSS
Exploits2References7Affected Software1
Veracode
Veracode
•added 2021/10/27 5:26 p.m.•69 views

Cross-site Scripting (XSS)

jquery-ui is vulnerable to cross-site scripting attacks. The vulnerability exists because the 'Text' option of the 'datepicker.js' widget is not properly handled allowing a malicious attacker to send and execute arbitrary Javascript...

6.5CVSS2.3AI score0.07948EPSS
Exploits1References24Affected Software3
Veracode
Veracode
•added 2021/10/13 5:27 p.m.•69 views

HTTP Request Smuggling

nodejs:sid is vulnerable to HTTP Request Smuggling. The vulnerability is possible when parsing the body...

6.5CVSS1AI score0.02299EPSS
Exploits1References4Affected Software5
Veracode
Veracode
•added 2020/12/06 2:21 a.m.•69 views

Source Port UDP Randomization Bypass

A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentialit...

7.4CVSS1.8AI score0.06692EPSS
Exploits1References7Affected Software6
Veracode
Veracode
•added 2019/05/02 5:3 a.m.•69 views

Information Disclosure

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance PI futexes. A local, unprivileged user could use this flaw to escalate their privileges on...

7.8CVSS6.6AI score0.37233EPSS
Exploits24References16Affected Software1
Veracode
Veracode
•added 2018/05/23 5:14 a.m.•69 views

Remote Code Execution (RCE)

libxml2.so is vulnerable to remote code execution RCE attacks. The application does not forbid namespace nodes in XPointer ranges, allowing a malicious user to inject and execute arbitrary code...

9.8CVSS9.7AI score0.08628EPSS
Exploits0References2Affected Software2
Veracode
Veracode
•added 2025/12/13 7:8 a.m.•68 views

Denial Of Service (DoS)

getgrav/grav is vulnerable to a Denial of Service DoS. The vulnerability is due to insufficient sanitization of the scheduledat parameter, which allows an attacker to inject malicious cron expressions e.g., a single quote and disrupt the admin panel functionality, leading to a denial of service...

4.9CVSS5.9AI score0.00339EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2025/12/13 6:8 a.m.•68 views

Stored Cross-Site Scripting (XSS)

getgrav/grav is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization in the dataheadertemplate parameter at the /admin/pages/page endpoint, which allows an attacker to inject and store malicious scripts that execute when the content is rendere...

6.2CVSS6AI score0.00182EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2023/04/17 12:6 p.m.•68 views

Privilege Escalation

github.com/etcd-io/etcd is vulnerable to Privilege Escalation. The vulnerability exists due to improper authentication in v3server.go which allows an attacker to gain escalated privilege when the log level is set to debug...

9.8CVSS9.2AI score0.01605EPSS
Exploits0References7Affected Software2
Total number of security vulnerabilities5000