38468 matches found
Improper Certificate Validation
CKAN is vulnerable to Improper Certificate Validation. The vulnerability is due to insufficient validation of SMTP server certificates, allowing attackers to spoof the configured mail server using invalid or self-signed certificates and enabling man-in-the-middle attacks against email traffic and...
Server-Side Request Forgery
Weblate is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to missing validation of repository URLs during project backup import, where Component.objects.bulkcreate bypasses Django fullclean validation and allows attacker-controlled repository URLs to be written into...
SQL Injection
CKAN is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of input in datastoresearchsql, which allows an attacker to inject arbitrary SQL queries and gain access to private resources and PostgreSQL system information...
Server-Side Request Forgery (SSRF)
PlaywrightCapture is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient restrictions on navigations and resource requests initiated by rendered pages, which allows an attacker to abuse browser-side redirection mechanisms to access local files file:// or reque...
Improper Privilege Management
snipe/snipe-it is vulnerable to improper privilege management. The vulnerability is due to insufficient validation of permission fields in the user update API, which allows an authenticated attacker with users.edit permission to send a crafted PATCH request that sets permissionsadmin=1, thereby...
Remote Code Execution (RCE)
dedoc/scramble is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe evaluation of user-controlled input during documentation generation, which allows an attacker to execute arbitrary PHP code in the application context...
Code Generation Literal Injection
Kiota is vulnerable to code generation literal injection. The vulnerability is due to insufficient context-aware escaping of malicious values from OpenAPI descriptions during source code generation, which allows an attacker to inject arbitrary code into generated client applications by supplying ...
Authorization Bypass
com.arcadedb, arcadedb-server is vulnerable to Authorization Bypass. The vulnerability is due to improper initialization of access controls and missing security configuration during database creation, which allows an attacker to bypass database and record-level authorization restrictions...
HTTP Header Injection
io.netty, netty-handler-proxy is vulnerable to HTTP Header Injection. The vulnerability is due to improper validation of user-supplied outbound headers in the HttpProxyHandler CONNECT request construction, which allows an attacker to inject arbitrary HTTP headers into requests sent to the proxy...
Command Injection
github.com/gotenberg/gotenberg is vulnerable to Command Injection. The vulnerability is due to lack of validation of JSON metadata keys passed to ExifTool, which allows an attacker to inject arbitrary ExifTool arguments and execute operating system commands...
Information Exposure
microsoft/kiota-java is vulnerable to Information Exposure. The vulnerability is due to the RedirectHandler middleware failing to remove sensitive HTTP headers such as Cookie, Proxy-Authorization, and custom headers when following redirects to a different host or scheme, which allows an attacker ...
Man-in-the-middle
Apache Airflow is vulnerable to Man-in-the-middle. The vulnerability is due to the lack of certificate validation when using the SMTP provider SmtpHook, where a man-in-the-middle between the Airflow worker and the SMTP server could present a self-signed certificate and capture the SMTP credential...
Command Injection
Click is vulnerable to Command Injection. The vulnerability is due to improper handling of user-controlled input in the click.edit function, allowing attackers to inject and execute arbitrary operating system commands from an unprivileged account...
Improper Authorization
github.com/mattermost/mattermost-server is vulnerable to improper authorization. The vulnerability is due to insufficient validation of team membership permissions in the Add Channel Member API, which allows an attacker to exploit the API endpoint to access user metadata and channel membership...
Improper Access Control
Apollo Federation is vulnerable to improper access control. The vulnerability is due to improper enforcement of user-defined access control directives on interface types and fields, which allows an attacker to bypass access restrictions by querying implementing object types and fields through...
Insecure Direct Object Reference (IDOR)
File Browser is vulnerable to an Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient authorization checks in the share deletion functionality, which allows an authenticated attacker with share permissions to delete other users’ shared links by exploiting improper acces...
Improper Authentication
github.com/mattermost/mattermost-server is vulnerable to improper authentication. The vulnerability is due to the failure to enforce multi-factor authentication on WebSocket connections, which allows an unauthenticated attacker to access sensitive information through WebSocket events...
Remote Code Execution
Sonatype Nexus Repository is vulnerable to Remote Code Execution. The vulnerability is due to a flaw in the task management component, where an authenticated attacker with task creation permissions can bypass the nexus.scripts.allowCreation security control and execute arbitrary code...
Denial Of Service (DoS)
brace-expansion is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of brace patterns with a zero step value, which allows an attacker to trigger infinite loops and excessive memory consumption...
Uncontrolled Recursion
@nestjs/microservices is vulnerable to Uncontrolled Recursion. The vulnerability is due to recursive processing of multiple JSON messages in a single TCP frame without proper recursion limits, which allows an attacker to trigger a stack overflow and crash the application...
Path Traversal
ServiceStack is vulnerable to Path Traversal. The vulnerability is due to improper validation of user-supplied paths in the FindType method, which allows an attacker to manipulate file operations and execute arbitrary code...
Denial Of Service
Apache Neethi is vulnerable to Denial of Service DoS. The vulnerability is due to algorithmic complexity in the policy normalization process, where specially crafted WS-Policy documents trigger exponential Cartesian cross-product expansion, leading to excessive memory allocation and JVM heap...
Insecure Deserialization
pdfminer.six vulnerable to insecure deserialization. The vulnerability is due to the unsafe use of Python pickle for deserializing CMap cache files without proper validation, which allows an attacker to place a malicious pickle file in an accessible location and execute arbitrary code or escalate...
Server-Side Request Forgery (SSRF)
Apache Neethi is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to lack of validation of URIs in the PolicyReference API, allowing applications to fetch policies from arbitrary protocols or internal addresses, enabling attackers to trigger outbound requests to internal o...
Denial Of Service
Apache Neethi is vulnerable to Denial of Service.The vulnerability is due to improper handling of circular references during policy normalization, where recursive policy references are not detected, leading to infinite loops or excessive recursion that can cause stack overflow or application hang...
Unsafe Deserialization
Apache MINA is vulnerable to Unsafe Deserialization. The vulnerability is due to delayed enforcement of the classname allowlist in AbstractIoBuffer.getObject, where deserialization via ObjectInputStream.readObject occurs before validation, allowing execution of static initializers in malicious...
Host Header Injection
github.com/zitadel/zitadel is vulnerable to Host Header Injection. The vulnerability is due to improper validation of the Forwarded or X-Forwarded-Host header while constructing password reset confirmation links, which allows an attacker to manipulate the reset URL and potentially hijack password...
Command Injection
willitmerge is vulnerable to Command Injection. The vulnerability is due to improper neutralization of user-controlled input in command execution, which allows an attacker to inject and execute arbitrary system commands through crafted input parameters...
Unsafe Deserialization
Apache MINA is vulnerable to Unsafe Deserialization. The vulnerability is due to incomplete enforcement of a classname allowlist in AbstractIoBuffer.resolveClass, where certain branches e.g., for primitive or static classes bypass validation and call Class.forName without checks, allowing attacke...
Privilege Escalation
@oneuptime/common is vulnerable to privilege escalation. The vulnerability is due to improper validation of the isMasterAdmin parameter in the login response, which allows an attacker to manipulate its value and gain unauthorized access to the admin dashboard...
Denial Of Service(DoS)
github.com/free5gc/openapi is vulnerable to a denial of service. The vulnerability is due to improper handling in the NudmSubscriberDataManagement API, which allows an attacker to exploit it and cause a denial of service...
Privilege Escalation
github.com/grafana/grafana is vulnerable to privilege escalation. The vulnerability is due to inadequate validation of the SCIM externalId field, which allows a malicious or compromised SCIM client to assign numeric values that override internal user IDs, enabling attackers to impersonate users o...
Improper Access Control
@anthropic-ai/claude-code is vulnerable to improper access control. The vulnerability is due to an error in sed command parsing that bypasses read-only validation, which allows an attacker to write to arbitrary files on the host system...
Path Traversal
OpenClaw is vulnerable to Path Traversal. The vulnerability is due to mis-scoped mirror mode paths, where attackers can manipulate OpenShell config paths to cause mirror sync operations to delete unintended remote directory contents and replace them with uploaded workspace data...
Improperly Controlled Modification Of Dynamically-Determined Object Attributes
Apache Camel is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes. The vulnerability is due to lack of header filtering when mapping CoAP query parameters to message headers, which allows an attacker to inject malicious headers and execute arbitrary...
Insecure File Permissions
Claude SDK for TypeScript is vulnerable to insecure file permissions. The vulnerability is due to the BetaLocalFilesystemMemoryTool creating memory files and directories with world-readable and world-writable permissions, where a local attacker on a shared host could read persisted agent state, a...
Denial Of Service
Marked is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of specific input sequences during parsing, where a crafted sequence \x09\x0b\n triggers infinite recursion, leading to unbounded memory allocation and application crash due to out-of-memory conditions...
Conversation Isolation Bypass
Spring AI is vulnerable to conversation isolation bypass. The vulnerability is due to insufficient validation of user-supplied input as a conversationId, where an attacker can inject filter logic through conversationId and exfiltrate sensitive memory from other users’ chat histories, including...
Prototype Pollution
Axios is vulnerable to Prototype Pollution. The vulnerability is due to direct property access of configuration fields in the HTTP adapter e.g., config.auth, config.baseURL, config.socketPath, config.beforeRedirect, config.insecureHTTPParser without hasOwnProperty checks, allowing polluted...
Insecure Deserialization
org.apache.camel, camel-mina is vulnerable to insecure deserialization. The vulnerability is due to the MinaConverter.toObjectInputIoBuffer method wrapping untrusted data in a java.io.ObjectInputStream without applying filtering or class restrictions, which allows an attacker to send crafted...
Deserialization Of Untrusted Data
Apache MINA is vulnerable to deserialization of untrusted data. The vulnerability is due to missing class validation in the AbstractIoBuffer.resolveClass method, which bypasses the classname allowlist and allows an attacker to execute arbitrary code via crafted serialized input...
Header Injection
Apache Camel is vulnerable to Header Injection. The vulnerability is due to missing inbound header filtering in the MailHeaderFilterStrategy, which allows an attacker to inject malicious Camel-specific headers via email and manipulate downstream component behavior...
Improper Validation Of Certificate
Apache Thrift is vulnerable to Improper Validation of Certificate. The vulnerability is due to improper validation of certificates against the host name, which allows an attacker to perform man-in-the-middle attacks by presenting a mismatched or malicious certificate...
Remote Code Execution (RCE)
simple-git is vulnerable to Remote Code Execution RCE. The vulnerability is due to incomplete validation of command options allowing the --config form to bypass restrictions, which allows an attacker to inject malicious options and execute arbitrary code...
Information Exposure
org.springframework.ai, spring-ai-autoconfigure-model-transformers is vulnerable to information exposure. The vulnerability is due to improper isolation in a shared environment, which allows an attacker to access and retrieve the ONNX model used by the application...
Code Injection
Apache ActiveMQ is vulnerable to Code Injection. The vulnerability is due to improper input validation and improper control of generation of code, where an attacker can construct a malicious broker name that bypasses name validation to include an xbean binding, and then use the DestinationView...
SQL Injection
org.springframework.ai, spring-ai-azure-cosmos-db-store is vulnerable to SQL Injection. The vulnerability is due to improper handling of crafted document IDs in the CosmosDBVectorStore, which allows an attacker to execute arbitrary SQL queries...
Remote Code Execution (RCE)
Apache Camel is vulnerable to Remote Code Execution. The vulnerability is due to inconsistent case-sensitive header filtering in non-HTTP HeaderFilterStrategy implementations, which allows an attacker to inject malicious headers that are later interpreted by downstream components to execute...
Deserialization Of Untrusted Data
Apache Camel is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to unsafe deserialization of data using ObjectInputStream without proper filtering, which allows an attacker to inject malicious serialized objects and execute arbitrary code...
Arbitrary Command Injection
Claude Code is vulnerable to Arbitrary Command Injection. The vulnerability is due to lack of validation of the git worktree commondir file when determining folder trust, which allows an attacker to bypass trust checks and execute malicious hooks...