Lucene search
K
VeracodeRecent

38340 matches found

Veracode
Veracode
•added 2024/07/11 6:18 a.m.•20 views

Improper Access Control

typo3/cms is vulnerable to Improper Access Control. The vulnerability is due to improper validation for requested controller/action combinations, allowing attackers to execute arbitrary Extbase actions by crafting a special request...

8.1CVSS7.3AI score0.02575EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/07/11 6:16 a.m.•16 views

Authorization Bypass

PrivateBin is vulnerable to Authorization Bypass. The vulnerability is exists due to insufficient authorization controls in the implementation of the YOURLS server-side proxy mechanism, The vulnerability allows any user to shorten URLs pointing to the configured PrivateBin instance, bypassing the...

5.3CVSS6.6AI score0.00627EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/07/11 5:58 a.m.•11 views

Out-of-bounds Read

node-stringbuilder is vulnerable to Out-of-bounds Read. The vulnerability is due to incorrect memory length calculation when calling ToBuffer, ToString, or CharAt on a StringBuilder object with a non-empty string value input. An attacker can return previously allocated memory by providing negativ...

9.1CVSS8.1AI score0.00822EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2024/07/11 5:51 a.m.•17 views

Buffer Overflow

node-twain is vulnerable to a buffer overflow. The vulnerability is due to improper handling of exceptional conditions related to the length of source data while reading a new twain.TwainSDK object with certain properties of sufficient length = 34 characters. The vulnerability allows an attacker ...

8.3CVSS8.5AI score0.00545EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/07/11 5:50 a.m.•10 views

Denial Of Service

speaker is vulnerable to Denial of Service DoS. The vulnerability is due to unexpected input types provided to the channels property of the Speaker object, which can trigger an assert macro and potentially crash the process...

7.5CVSS7.5AI score0.0057EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/07/11 5:13 a.m.•10 views

Denial Of Service (DoS)

@discordjs/opus is vulnerable to Denial of Service DoS. The vulnerability is due to providing an input object with a property toString to several different functions, which can be exploited to cause a system crash...

7.5CVSS6.6AI score0.00597EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/07/11 5:11 a.m.•12 views

Denial Of Service (DoS)

Django is vulnerable to Denial Of Service DoS. The vulnerability is caused when parsing inputs with a very large number of brackets with the urlize and urlizetrunc functions. The vulnerability allows the system to consume resources excessively and potentially lead to a denial of service condition...

7.5CVSS6.5AI score0.01187EPSS
Exploits0References9Affected Software2
Veracode
Veracode
•added 2024/07/11 4:47 a.m.•17 views

Timing Attack

Django is vulnerable to a Timing Attack. The vulnerability is due to the django.contrib.auth.backends.ModelBackend.authenticate method, allowing remote attackers to enumerate users via login requests with an unusable password...

5.3CVSS6.7AI score0.00889EPSS
Exploits0References7Affected Software2
Veracode
Veracode
•added 2024/07/10 9:45 a.m.•16 views

Arbitrary File Access

OpenStack Cinder, Glance, and Nova are vulnerable to Arbitrary File Access. The vulnerability is due to a flaw in handling custom QCOW2 external data, where a crafted QCOW2 image can reference a specific data file path. The vulnerability allows an authenticated user to retrieve unauthorized copie...

6.5CVSS6.1AI score0.00835EPSS
Exploits0References14Affected Software3
Veracode
Veracode
•added 2024/07/10 9:10 a.m.•13 views

Improper Verification Of Cryptographic Signature

electron-updater is vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is caused due to improper handling and comparison of file paths, allowing an attacker to bypass signature verification by exploiting environment variable expansion and tricking the application in...

7.5CVSS6.7AI score0.00336EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2024/07/10 8:12 a.m.•20 views

Denial Of Service (DoS)

Undertow is vulnerable to Denial Of Service DoS. The vulnerability is due to Undertow's failure to send the expected termination sequence 0\r\n for chunked responses after flushing the response body. The vulnerability allows an attacker to exploit the incomplete handling of chunked responses in...

7.5CVSS6.6AI score0.02716EPSS
Exploits0References12Affected Software1
Veracode
Veracode
•added 2024/07/10 7:37 a.m.•4 views

Insufficient Entropy In Random Number Generation

zendframework/zendframework1 is vulnerable to insufficient entropy in random number generation. The vulnerability is due to the use of rand or mtrand, which cannot generate cryptographically secure values, leading to potential information disclosure should an attacker be able to brute force the...

6.6AI score
Exploits0
Veracode
Veracode
•added 2024/07/10 7:36 a.m.•8 views

SQL Injection

zendframework/zendframework1 is vulnerable to SQL Injection. The vulnerability is due to the improper handling of SQL expressions and comments in the ORDER BY and GROUP BY clauses. Attackers can exploit this vulnerability by injecting malicious SQL code that can alter the intended SQL query and...

8.2AI score
Exploits0
Veracode
Veracode
•added 2024/07/10 7:34 a.m.•14 views

Authorization Bypass

alextselegidis/easyappointments is vulnerable to is vulnerable to Authorization Bypass. The vulnerability is due to improper authorization checks in the GET, PUT, and DELETE methods for the /categories/categoryId endpoint. This allows a low-privileged user to fetch, modify, or delete the category...

8.5CVSS6.3AI score0.00373EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/07/10 7:33 a.m.•14 views

Authorization Bypass

alextselegidis/easyappointments is vulnerable for Authorization Bypass. The vulnerability is due to insufficient access controls on the GET, PUT, and DELETE methods for /appointments/appointmentId, allowing a low-privileged user to fetch, modify, or delete any user's appointment, including those ...

9.9CVSS7AI score0.00415EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/07/10 7:32 a.m.•20 views

Authorization Bypass

alextselegidis/easyappointments is vulnerable to Authorization Bypass. The vulnerability is due to improper authorization checks in the POST /appointments endpoint, allowing a low-privileged user to create appointments for any user in the system, including administrators. Attackers can exploit th...

7.7CVSS6.7AI score0.00338EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/07/10 7:26 a.m.•27 views

Privilege Escalation

Microsoft.IO.Redist is vulnerable to Privilege Escalation. The vulnerability is due improper link resolution in the Visual Studio installer on Windows OS that allows an unprivileged user to manipulate the installation, leading to elevated SYSTEM level privileges...

7.3CVSS6.5AI score0.01292EPSS
Exploits0References2Affected Software3
Veracode
Veracode
•added 2024/07/10 7:22 a.m.•81 views

Denial Of Service (DoS)

System.Text.Json is vulnerable to Denial of Service DoS. The vulnerability is due to the JsonSerializer.DeserializeAsyncEnumerable method, which can result in Denial of Service when deserializing crafted input...

7.5CVSS6.5AI score0.02915EPSS
Exploits0References3Affected Software2
Veracode
Veracode
•added 2024/07/10 7:5 a.m.•13 views

Improper Access Control

github.com/project-zot/zot is vulnerable to Improper Access Control. The vulnerability is due to improper access control enforcement when deduplication is enabled. An attacker can read blobs both config and layers by digest from repositories they do not have access to by exploiting the global cac...

4.3CVSS6.6AI score0.00298EPSS
Exploits0References3Affected Software2
Veracode
Veracode
•added 2024/07/10 6:54 a.m.•4 views

Server-Side Template Injection

airbyte is vulnerable to Server-Side Template Injection. The vulnerability is due to improper handling of user input in the connection builder, allowing attackers to execute arbitrary code on the server...

8.5CVSS7.7AI score0.00669EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/07/10 6:40 a.m.•1073 views

Remote Code Execution (RCE)

.NET is vulnerable to Remote Code Execution RCE. The vulnerability is due to data corruption in Kestrel HTTP/3 server, which can result in remote code execution. An attacker can exploit this to execute arbitrary code on the affected system...

8.1CVSS8.5AI score0.02587EPSS
Exploits0References4Affected Software13
Veracode
Veracode
•added 2024/07/10 6:28 a.m.•22 views

Configuration Bypass

Undertow is vulnerable to a Configuration Bypass. The vulnerability is due to enabling the learning-push handler without configuring the maxAge setting, which defaults to -1, which allows an attacker to reach the server with a normal HTTP request and potentially exploit the misconfigured handler...

5.3CVSS7AI score0.01866EPSS
Exploits0References10Affected Software1
Veracode
Veracode
•added 2024/07/10 6:12 a.m.•13 views

Denial Of Service (DoS)

org.springframework.cloud: spring-cloud-function-context is vulnerable to Denial of Service DoS. The vulnerability is caused when attempting to compose functions with non-existing functions. This allows an attacker to potentially disrupt service availability by exploiting this flaw...

8.2CVSS6.7AI score0.0036EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/07/10 6:4 a.m.•30 views

Denial Of Service (DoS)

.NET is vulnerable to Denial of Service DoS. The vulnerability is due to excessive CPU consumption caused by parsing a malicious X.509 certificate or collection of certificates. An attacker can exploit this by providing a specially crafted certificate that triggers high CPU usage, resulting in...

7.5CVSS7.3AI score0.02719EPSS
Exploits0References2Affected Software16
Veracode
Veracode
•added 2024/07/10 5:52 a.m.•13 views

Database Password Leakage

shopware/platform is vulnerable to Database Password Leakage. The vulnerability is due to a DriverException occurring and verbose error handling being enabled, which allows an attacker to access the database password without authentication...

7.5CVSS7.1AI score0.01487EPSS
Exploits0References4Affected Software2
Veracode
Veracode
•added 2024/07/09 7:26 p.m.•11 views

Arbitrary Code Execution

typo3/cms is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper handling of TSconfig fields in backend forms, allowing injection of malicious sequences and directory traversal...

7.5AI score
Exploits0
Veracode
Veracode
•added 2024/07/09 6:56 p.m.•10 views

Cross-site Scripting (XSS)

Typo3/Neos is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper handling of user input, allowing attackers to tamper with page rendering, redirect victims, capture credentials, and potentially upload backdoors...

6.7AI score
Exploits0
Veracode
Veracode
•added 2024/07/09 5:50 p.m.•10 views

Sensitive Information Disclosure

TYPO3/flow is vulnerable to information disclosure. The vulnerability is due to timing attacks revealing account existence because password hashing was only performed if an account was found...

6.8AI score
Exploits0
Veracode
Veracode
•added 2024/07/09 5:43 p.m.•6 views

Session Data Exposure

TYPO3 is vulnerable to session data exposure. The vulnerability is due to session data of authenticated frontend users being transformed into an anonymous user session during logout, allowing the next user to access previous session data...

6.8AI score
Exploits0
Veracode
Veracode
•added 2024/07/09 5:14 p.m.•10 views

Sensitive Information Disclosure

Typo3/Neos is vulnerable to Sensitive Information Disclosure. The vulnerability is due to internal workspaces being accessible without authentication, which was mistakenly assumed to be a feature...

7AI score
Exploits0
Veracode
Veracode
•added 2024/07/09 5:3 p.m.•9 views

Arbitrary File Upload

typo3/flow is vulnerable to arbitrary file uploads. The vulnerability is due to allowing the upload of server-side scripts, which can be executed if not blocked by other means...

7.2AI score
Exploits0
Veracode
Veracode
•added 2024/07/09 8:13 a.m.•24 views

Denial Of Service (DoS)

Directus is vulnerable to Denial Of Service DoS. The vulnerability is due to field duplication in GraphQL, where an attacker can overwhelm the server by requesting the same field multiple times in a single query, leading to excessive resource consumption and denial of service for legitimate users...

6.5CVSS6.6AI score0.00795EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2024/07/09 7:59 a.m.•12 views

Sensitive Information Disclosure

directus is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper error handling when using SSO providers in combination with local authentication. An attacker can determine if an email address belongs to an SSO user by observing the error message provided by...

7.5CVSS6.5AI score0.00506EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2024/07/09 7:36 a.m.•14 views

Cross Site Scripting (XSS)

khoj-assistant is vulnerable to Cross Site Scripting XSS. The vulnerability is due to inadequate sanitization of the AI model's response and user inputs. An attacker can exploit this vulnerability via Prompt Injection from untrusted documents indexed by the user or read from the internet when the...

7.5CVSS6.8AI score0.00573EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2024/07/09 6:35 a.m.•16 views

Improper Access Control

directus is vulnerable to Improper Access Control. The vulnerability is due to improper handling of in and nin operators, which allows an attacker to query expressions with empty arrays, which are evaluated as valid, resulting in unauthorized access...

6.3CVSS6.6AI score0.00423EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2024/07/09 6:16 a.m.•17 views

Cross-Site Scripting (XSS)

org.apache.nifi, nifi-web-ui is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the lack of proper validation/sanitization for the description field in the Parameter Context configuration, allowing arbitrary JavaScript code to be executed by the client browser within the sessi...

5.4CVSS6.2AI score0.24031EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2024/07/09 6:16 a.m.•19 views

SQL Injection

nhibernate is vulnerable to SQL injection. The vulnerability is due to the lack of proper validation/sanitization of some types implemented from ILiteralType.ObjectToSQLString, allowing attackers to exploit mappings with discriminator values, HQL queries referencing static fields, and the use of...

9.8CVSS7.6AI score0.00578EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2024/07/09 6:15 a.m.•11 views

Denial Of Service (DOS)

OPCFoundation.NetStandard.Opc.Ua.Core is vulnerable to Denial Of Service. The vulnerability is due to improper buffer management when the system receives an excessive number of messages from a remote source, which could allow remote attackers to exhaust memory resources and potentially lead to a...

7.5CVSS7.1AI score0.00557EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/07/09 6:14 a.m.•11 views

Cross-Site Scripting (XSS)

railsadmin is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improperly-escaped HTML title attributes in the RailsAdmin list view, which can allow attackers to inject malicious scripts. Note: While 3.1.3 is the safe version, its recommended to upgrade to 3.1.4 as the 3.1.3...

6.8CVSS6AI score0.00579EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2024/07/09 6:7 a.m.•30 views

Server Side Request Forgery (SSRF)

Apache HTTP Server 2.4.59 is vulnerable to SSRF. The vulnerability is due to a missing validation in response headers leading to information disclosure, SSRF or local script execution via backend applications which have malicious or exploitable header...

9.8CVSS6.2AI score0.41611EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/07/09 6:7 a.m.•28 views

NULL Pointer Dereference

modproxy in Apache HTTP Server is vulnerable to NULL Pointer Dereference. The vulnerability is caused due to not checking pointer reference for NULL before accessing it. This allows an attacker to crash the server via a malicious request...

7.5CVSS6.4AI score0.03153EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/07/09 6:6 a.m.•33 views

Authentication Bypass

modproxy in Apache HTTP Server is vulnerable to Authentication Bypass. The vulnerability is caused due to encoding problem. This allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests...

8.1CVSS6.7AI score0.25878EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2024/07/09 6:6 a.m.•32 views

Server-Side Request Forgery (SSRF)

Apache HTTP Server on Windows is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to a missing validation on HTTP requests allowing attackers to potentially leak NTLM hashes to a malicious server...

7.5CVSS7AI score0.6795EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2024/07/09 6:6 a.m.•32 views

Improper Encoding

Apache HTTP Server is vulnerable to Improper Encoding. The vulnerability is caused due to Substitution encoding issue in modrewrite. This allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to...

9.8CVSS6.6AI score0.02456EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/07/09 5:53 a.m.•8 views

Supply Chain Attack

yt-dlp is vulnerable to Supply Chain Attack. The vulnerability is due to the use of a compromised CDN cdn.bootcdn.net which is used to fetch a component of the crypto-js JavaScript library, allowing an attacker to potentially inject and execute malicious JavaScript code...

7.1AI score
Exploits0
Veracode
Veracode
•added 2024/07/09 5:52 a.m.•23 views

Server Side Request Forgery (SSRF)

Directus is vulnerable to Server-Side Request Forgery SSRF. This vulnerability is caused by insecure redirects during file imports from external sources due to proper validation of the resulting URL, which can allows an attacker to send crafted requests to internal IP addresses, resulting in SSRF...

5CVSS6.6AI score0.00435EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2024/07/09 5:51 a.m.•11 views

Memory Disclosure

Undici is vulnerable to Memory Leakage. The vulnerability is due to the response.arrayBuffer method, which potentially allows an attacker to exposes sensitive portions of memory from Node.js process depending on the network and process conditions...

2CVSS6.9AI score0.00471EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2024/07/09 4:57 a.m.•15 views

Denial Of Service (DoS)

aimhubio/aim is vulnerable to Denial Of Service DoS. The vulnerability is due to the remote tracking server being configured to point at itself while using the class method Repo.frompath, which allows an attacker to cause the server to endlessly connect to itself and become unable to respond to...

7.5CVSS7.1AI score0.00573EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2024/07/08 10:20 a.m.•15 views

Cross-Site Request Forgery (CSRF)

mudler/localai is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is caused due to insufficient CSRF protection mechanisms on the model deletion functionality, which allows an attackers o trick victims into deleting installed models...

4.3CVSS7.1AI score0.00242EPSS
Exploits1References2Affected Software2
Veracode
Veracode
•added 2024/07/08 10:16 a.m.•17 views

SQL Injection

vanna-ai/vanna is vulnerable to SQL injection. The vulnerability is due to an exposed SQL query pgreadfile, which allows remote users to read arbitrary local files on the victim server, including sensitive files such as /etc/passwd. Note that this vulnerability is only exploitable due to an...

7.5CVSS7.4AI score0.00604EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities38340