Weak Password Hashing Algorithm

WordPress is vulnerable to collision attacks. It uses a weak MD-5 based password hashing algorithm, making it easier for attackers to obtain a valid password hash...

Regular Expression Denial Of Service (ReDoS) Via Parsing Cookies

tough-cookie is vulnerable to regular expression denial of service ReDoS attack. The vulnerability exists because the COOKIEPAIR regular expression used to parse the cookies causes unlimited repetitions when matching input characters. By using a large cookie string, attackers can make the process...

Denial Of Service (DoS)

struts2-rest-plugin is vulnerable to denial of service DoS attacks. These attacks are possible because it is using a version of xwork-core that is vulnerable to CVE-2017-7957...

Regular Expression Denial Of Service (ReDoS)

struts2-core and xwork-core are vulnerable to regular expression denial of service ReDoS attacks. When the URLValidator is used it is possible to overload the server process through an attacker controlled URL. These attacks are as a result of an incomplete fix for CVE-2017-7672...

Denial Of Service (DoS) Through Memory Leak

ImageMagick is vulnerable to denial of service DoS attacks. These attacks are possible through the WritePICONImage function and can be triggered using a mishandled OpenPixelCache call...

Cross-Site Scripting (XSS)

phpMailer is vulnerable to cross-site scripting XSS attacks. The attacks exist because it does not properly sanitize the user supplied input to the "From Email Address" and "To Email Address" fields of codegenerator.php...

Cross-site Scripting (XSS)

plupload is vulnerable to cross-site scripting XSS attacks. The moxie.swf file contains a function that takes in user input and returns a result via a callback endpoint. This can allow a malicious user to inject and execute arbitrary script through a Same Origin Method Execution SOME attack...

Httpoxy Vulnerability Through CGI Servlet

web-core is vulnerable to a remotely exploitable vulnerability aka "httpoxy". The vulnerability exists when CGI Servlet is activated in the configuration by modifying the web.xml. It then allows the execution of a CGI script which may assign client request Proxy header values to internal HTTPPROX...

Denial Of Service (DoS)

expat is vulnerable to denial of service DoS attacks, with the possibility of other attacks. The vulnerability exists because there are multiple integer overflows in the XMLGetBuffer function that leads to a heap-based buffer overflow which may lead to further unspecified impact. CVE-2016-4472 is...

Cross-site Scripting (XSS)

Glassfish admingui is vulnerable to cross-site scripting XSS attacks. The library does not escape user input in the configNameSection, making it vulnerable to XSS attacks...

Denial Of Service (DoS) Through Memory Consumption And Application Crash

OpenSSL is vulnerable to denial of service DoS attacks through memory consumption and application crash. This is caused because the dtls1clearqueues function in d1lib.c frees data not taking into account that application data could arrive between the ChangeCipherSpec message and the Finished...

Denial Of Service (DoS)

libgit2 is vulnerable to denial of service DoS attacks. The vulnerability exists because the gitcommitmessage function in commit.c parses raw objects which allows the attackers to launch denial of service attacks using a cat-file command with an object file...

Out-of-Bounds Read

ImageMagick is vulnerable to out-of-bounds reads. A malicious user can pass a malicious DDS file to the system, triggering an out-of-bounds read...

Carry Propagation

bouncycastle is vulnerable to carry propagation bugs. This bug caused mathematical miscalculations during static Elliptic Curve Diffie Hellman which in rare cases for it to miscalculate elliptic curve scalar multiplication. This allows a malicious user in certain cases to obtain the key...

Arbitrary Code Execution

protobuf is vulnerable to arbitrary code execution. The protobuf compiler store size information in an int variable, which may truncate size values on 64-bit architectures, leading to a heap-based buffer overflow which results in arbitrary code execution. At the time of creation, the vendor has n...

SQL Injection

flowise-components is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the tableName parameter in PostgresVectorStore, which allows an attacker to execute arbitrary SQL commands...

Improper Input Validation

github.com/ollama/ollama is vulnerable to Improper Input Validation. The vulnerability is due to improper validation of the digest format sha256 with 64 hex digits when getting the model path, which results in the mishandling of the TestGetBlobsPath test cases with fewer than 64 hex digits, more...

Remote Code Execution (RCE)

microsoft.netcore.app.runtime is vulnerable to Remote Code Execution. The vulnerability is due to a stack buffer overrun in the .NET Double Parse routine. This allows attackers to execute arbitrary code on the affected system by providing malformed input data that is improperly handled by the...

Sensitive Information Disclosure

GnuTLS is vulnerable to Sensitive Information Disclosure. The vulnerability is due to exploiting deterministic behavior in systems like GnuTLS, particularly when using the GNUTLSPRIVKEYFLAGREPRODUCIBLE flag, which can lead to a noticeable step in nonce size from 513 to 512 bits, exposing a...

Certificate Validation

curl is vulnerable to Certificate Validation. The vulnerability is due to a flaw in libcurl when built with wolfSSL and the error path inadvertently bypassing certificate verification when encountering unknown or bad ciphers or curves, allows for certificate verification to be skipped for QUIC...

Infinite Loop

protobuf is vulnerable to an infinite loop. The vulnerability is due to improper handling of malformed JSON structures, specifically when unmarshaling into messages containing a google.protobuf.Any value or when the UnmarshalOptions.DiscardUnknown option is set. This can potentially leads to deni...

Denial Of Service (DoS)

org.elasticsearch:elasticsearch is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of deeply nested pipelines during document processing which can cause the Elasticsearch node to crash, resulting in Denial Of Service...

Off-by-one Error

libvirt.so is vulnerable to Off-by-one Error. The vulnerability is due to a miscalculation in the udevListInterfacesByStatus function when the number of interfaces exceeds the size of the names array. This issue can be exploited by sending specially crafted data to the libvirt daemon, enabling an...

XML Entity Expansion

libexpat is vulnerable to XML Entity Expansion. The vulnerability is caused due to insufficient input validation and handling of external entities in the XML parser. This allows an attacker to perform an XML Entity Expansion attack...

Use After Free

libxml2 is vulnerable to Use After Free. The vulnerability is caused due to a lack of validation within the xmlTextReader module. When parsing a crafted XML document using the XML Reader interface with DTD validation and XInclude expansion enabled, a xmlValidatePopElement use-after-free exception...

Use After Free

chromium is vulnerable to Use After Free. The vulnerability is due to improper handling of memory within the Network component, This potentially allowing a remote attacker to exploit heap corruption through a malicious file and can leads to Denial of service...

Denial Of Service (DOS)

mariadb is vulnerable to Denial Of Service DOS. The vulnerability is due to how the InnoDB component handles certain conditions, allowing a high privileged attacker with network access via multiple protocols to cause a hang or frequently repeatable crash of the MySQL Server...

Out-of-bounds Write

qemu is vulnerable to Out-of-bounds Write. The vulnerability is due to there is no proper bounds checking in the virtionetflushtx function of QEMU's virtio-net device when certain guest features are enabled. This oversight allows for a stack-based buffer overflow, enabling a malicious user to...

SQL Injection

jeecg-boot is vulnerable to SQL Injection. The vulnerability is due to improper input validation within the /sys/replicate/check component. This could allow an attacker to inject malicious input leading to SQL Injection...

SMTP Smuggling

Postfix is vulnerable to SMTP smuggling. The vulnerability is caused due to support for . while handling line endings. A remote attacker can exploit this using published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection...

Buffer Overflow

chromium:sid is vulnerable to buffer overflow. The vulnerability due to to access a memory location after the memory has been freed or deallocated. It allow a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Code Injection

dotnet is vulnerable to Code Injection. The vulnerability is due to lack of adequate validation for untrusted URIs provided to System.Net.WebRequest.Create. This allows an attacker can provide a specially crafted URI to the WebRequest.Create method, that could potentially execute arbitrary comman...

Policy Bypass

nodejs is vulnerable to Policy Bypass. The vulnerability allows a malicious attacker to intercepting the resource integrity check performed by the Node.js policy feature and to get a forged checksum resulting in potential malicious code execution...

Denial Of Service (DoS)

apache2 is vulnerable to Denial of Service DoS. This vulnerability allows an attacker to cause denial of service conditions on a vulnerable system by exploiting a race condition that occurs when a HTTP/2 connection is reset RST frame by a client...

Authorization HTTP Header Leakage

Urllib3 is vulnerable to Information Disclosure. The vulnerability exists in cross-origin redirects, due to authorization HTTP header leakage. This can result in the authorization header being leaked to unintended hosts after a redirect, which results in information disclosure. This vulnerability...

Out-of-bounds Read

grub2 is vulnerable to Out-of-bounds Read. The vulnerability allows an attacker to read arbitrary memory locations, including sensitive data such as cached passwords and EFI variable values, by presenting a specially crafted NTFS filesystem image...

Server Side Request Forgery (SSRF)

torchserve is vulnerable to Server Side Request Forgery SSRF. The vulnerability is caused by a missing input validation check in the default configuration for the property value of allowedurls, which is used to restrict URLs used to load the PyTorch model in the application. This can lead to an...

Information Disclosure

openjdk8 is vulnerable to Information Disclosure. An attacker can access the vulnerable library through the multiple network and gain read access to the subset of Oracle Java SE, Oracle GraalVM Enterprise Edition and Oracle GraalVM...

Denial Of Service (DoS)

wireshark is vulnerable to Denial Of Service DoS. The vulnerability exists due to the infinite loop in the BT SDP dissector, which allows an attacker to cause an application crash via packet injection or crafted capture file...

Denial Of Service (DoS)

w3m is vulnerable to Denial of Service DoS attacks. This vulnerability occurs when w3m parses a specially crafted HTML file that contains an out-of-bounds read. If the file is valid, w3m could crash...

NULL Pointer Dereference

libapache2-mod-auth-openidc is vulnerable NULL Pointer Dereference. This occurs when OIDCStripCookies is set and a creafted cookie is supplied resulting in a segmentation fault, causing to denial of service conditions...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability allows a project maintainer to access the DataDog integration API key from webhook logs resulting in disclosure of sensitive information...

Improper Filename Validation

Thunderbird is vulnerable to Improper Filename Validation. the vulnerability is due to a lack of preventing text direction override unicode characters in filename attachments. This can allow an attacker to attach an executable file, without the extension displayed as such...

Remote Code Execution (RCE)

org.apache.jena:jena is vulnerable to Remote Code Execution RCE. Lack of proper checking for user permissions in script functions allows an attacker to upload and execute malicious code on the system via a SPARQL query...

Denial Of Service (DoS)

gpac is vulnerable to Denial of Service DoS attacks. If keys or parameters are received from an unreliable source, applications employing DHcheck, DHcheckex, or EVPPKEYparamcheck may face lengthy delays, resulting in denial of service conditions...

Improper Authentication

openssl is vulnerable to Improper Authentication. The vulnerability allows applications that use the 'AES-SIV' algorithm and want to authenticate empty data entries to be misled by removing adding or reordering empty entries causing the issue...

Path Traversal

apacheairflow is vulnerable to Path Traversal. The vulnerability exists because the DagRun.runid parameter is not properly sanitized which allows an attacker to gain access to unauthorized files outside the intended directory...

Denial Of Service (DoS)

johnzon-mapper is vulnerable to Denial Of Service DoS. The vulnerability exists because it does not validate JSON user input for large numbers, which allows an attacker to inject a large number which will then be parsed by BigDecimal, resulting in Denial of Service...

Type Confusion

qt5-qtwebengine is vulnerable to Type Confusion. A malicious attacker could remotely exploit heap corruption via a crafted HTML page...

Heap-Based Buffer Overflow

libjpeg-turbo is vulnerable to Heap-Based Buffer Overflow. A malicious attacker could craft a 12-bit lossless JPEG image that contains out-of-range 12-bit samples, the application attempting to decompress the image could lead to buffer overflows...