38133 matches found
Denial Of Service (DoS)
typo3/cms is vulnerable to Denial Of Service. The vulnerability is due to the unbound cHash argument, which attackers can exploit it by using valid cHash arguments for multiple pages, leading to additional useless page cache entries. This allows an attackers to generate a considerable amount of...
Prototype Pollution
getsetprop is vulnerable to prototype pollution. The vulnerability is due to improper restrictions on proto or constructor.prototype properties, which allows an attacker to manipulate application logic, potentially leading to denial of service, remote code execution...
Path Traversal
lollms is vulnerable to Path Traversal. The vulnerability is due to inadequate input sanitization of the data.category and data.folder parameters, allowing attackers to navigate beyond the intended directory structure. The attacker can create a config.yaml file in a controllable path, which can b...
Improper Access Control
studiomitte/friendlycaptcha is vulnerable to Improper Access Control. The vulnerability is due to the extension failing to check the captcha field requirement in submitted form data, which lets an attacker bypass the captcha check...
Brute Force Attack
ezsystems/ezplatform-user is vulnerable to Brute Force Attack. The vulnerability is due to the password reset functionality not having sufficient protections against brute force attacks, allowing attackers to repeatedly attempt different passwords to gain unauthorized access to user accounts...
Insecure Direct Object Reference (IDOR)
jweiland/events2 is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to missing access checks in the management plugin, which allows an attacker to activate or delete events without authentication...
Prototype Pollution
@byondreal/accessor is vulnerable to Prototype Pollution. The vulnerability is due to improper key restrictions to prevent object prototype manipulation, which allows an attacker to overwrite the object prototype which can result in remote code execution​ among other attacks...
Session Hijacking
silverstripe/framework is vulnerable to Session Hijacking. The vulnerability is due to a malfunction in the security protection designed to detect changes in the User-Agent header, which allows an attacker to modify the header without invalidating the user session...
Arbitrary File Creation
opencart/opencart is vulnerable to Arbitrary File Creation. The vulnerability is due to insufficient validation in the database restoration functionality, allowing an attacker with admin privileges to inject PHP code and create a backup file with an arbitrary filename and extension within...
Cross Site Scripting (XSS)
silverstripe/framework is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper validation allowing users to specify a non-URL malicious script as the redirection path, which executes within the browser when the URL is followed...
Cross-site Scripting (XSS)
moodle/moodle is vulnerable to Cross-site Scripting XSS. The vulnerability is caused due to improper validation of user input in the "Field Name" parameter associated with a new activity, which allows an attacker to perform XSS attacks...
XML External Entity (XXE)
io.github.classgraph:classgraph is vulnerable to XML External Entity XXE. The vulnerability is due to improper handling of external entities during XML processing, which can result in XML External Entity XXE injection attacks that can expose sensitive data or execute malicious code...
Server Side Request Forgery
@strapi/strapi is vulnerable to Server Side Request Forgery. The vulnerability is due to improper url parameter validation within the /strapi.io/next/image endpoint, which allows an attacker to send request to internal resources on the network...
Cross Site Scripting (XSS)
silverstripe/framework is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper input validation of HTML content, which allows authenticated users with page edit permission to perform XSS...
Insecure Deserialization
typo3/cms is vulnerable to Insecure Deserialization. The vulnerability is due to the execution of source code from Phar files when they are invoked. Due to missing sanitization of user input, attackers can upload obfuscated Phar files "bundle.txt" and manipulate URLs in TYPO3 backend forms to...
Account Takeover
silverstripe/framework is vulnerable to Account Takeover. The vulnerability is due to plain text storage of user login attempts, which may include sensitive data like passwords mistyped into the username field. The vulnerability allows an attacker could gain unauthorized access to user credential...
Authentication Bypass
typo3/cms is vulnerable to Authentication Bypass. The vulnerability is due to late TCA initialization, which fails to restrict frontend users according to the validation rules, allowing attackers to authenticate restricted e.g., disabled frontend users...
Improper Input Validation
github.com/lightningnetwork/lnd is vulnerable to Improper Input Validation. The vulnerability is due to excessive memory allocation during the parsing process, which creates a Denial-Of-Service DoS vector...
Path Traversal
github.com/go-skynet/LocalAI is vulnerable to path traversal. The vulnerability is due to insufficient input validation of the model parameter during the model deletion process, which allows an attacker to delete arbitrary files on the host file system...
SQL Injection
Gin-vue-admin is vulnerable to SQL injection. The vulnerability is due to insufficient validation user input which allows an attacker to execute arbitrary SQL queries...
Information Disclosure
typo3/cms is vulnerable to Information Disclosure. The vulnerability is due to improper permission checks, allowing editors to gain knowledge of protected storages and their folders. Attackers can exploit this by using a valid backend user account to include protected files in a collection render...
User Enumeration
silverstripe/framework is vulnerable to User Enumeration. The vulnerability is due to a timing attack on the login or password reset pages, allowing an attacker to determine the existence of user credentials based on response times...
SQL Injection
silverstripe/framework is vulnerable to SQL injection. The vulnerability is due to the 'start' querystring parameter not being safely escaped, which exposes a possible SQL injection risk...
Incorrect Authorization
github.com/drakkan/sftpgo is vulnerable to Incorrect Authorization. The vulnerability is due to a lack of session invalidation when a user or admin changes their password, which allows an attacker to regain access to restricted accounts by resetting the accounts password. Note that this...
Remote Code Execution (RCE)
js2py is vulnerable to Remote Code Execution RCE. The vulnerability is due to the js2py.disablepyimport function failing to prevent JS sandbox escape, which allows an attacker to send crafted API calls which results in arbitrary code execution...
Denial Of Service (DoS)
io.undertow: undertow-core is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of URL-encoded request paths for concurrent requests on the ajp-listener, which can cause the wrong path to be processed, potentially leading to Denial Of Service DoS...
CSV Injection
silverstripe/framework is vulnerable to CSV injection. The vulnerability is due to the potential inclusion of executable macros and scripts in the exported CSV files, which allows an attacker to execute arbitrary code or commands on the user's system...
Improper Input Validation
Apache Superset is vulnerable to Improper Input Validation. The vulnerability is due to a lack of validation of user-supplied input. If an authenticated attacker creates a MariaDB connection with the localinfile option enabled, they can execute a specific MySQL/MariaDB SQL command which results i...
Improper Preservation Of Permissions
github.com/authzed/spicedb is vulnerable to Improper Preservation Of Permissions. The vulnerability is due to a failure in the exclusion dispatcher to request all the folders in which the user is a member, leading to an incorrect NOPERMISSION response when the user should have permission...
Cross Site Scripting (XSS)
magento/community-edition is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper sanitization of user input in the product and category management sections, allowing attackers to inject malicious scripts that can affect other admin users accessing those sections...
Cross-Site Scripting (XSS)
magento/community-edition is vulnerable to a stored Cross-site scripting XSS vulnerability. The vulnerability is due to insufficient input sanitization, allowing an authenticated user to inject malicious JavaScript into the name of the main website, which can then execute in the context of other...
SQL Injection
magento/community-edition is vulnerable to SQL Injection. The vulnerability is due to improper user input sanitization in email templates, allowing an authenticated user with access to these templates to send malicious SQL queries and gain access to sensitive database information...
Prototype Pollution
@almela/obx is vulnerable to Prototype Pollution. The vulnerability is caused by improper handling of JavaScript object prototypes within index.js, which allows an attacker to manipulate object prototypes, potentially leading to arbitrary code execution or unexpected application behavior...
Insecure Authentication And Session Management
magento/community-edition is vulnerable to Insecure Authentication and session management. The vulnerability is due to inadequate session validation, allows authenticated users to manipulate session parameters related to authentication and session management on the storefront, leading to security...
Prototype Pollution
@tsed/core is vulnerable to Prototype Pollution. The vulnerability is due to the deepExtend function which lacks proper validation, allowing an attacker to overwrite and pollute the object prototype of a program when user input is provided...
Authorization Bypass
ezsystems/ez-support-tools is vulnerable to Authorization Bypass. The vulnerability is due to insufficient access controls, allowing any authenticated backend user, regardless of their assigned permissions, to view sensitive system information such as phpinfo output...
SQL Injection
Magento is vulnerable to SQL injection. The vulnerability is due to a user with store manipulation privileges being able to execute arbitrary SQL queries by accessing the database connection through a group instance in email templates...
Cross-Site Scripting (XSS)
TinyMCE is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to unsafe parsing of noscript elements, which allows an attacker to execute malicious code when the content is loaded into the editor...
Insecure Authentication
magento/community-edition is vulnerable to Insecure authentication. The vulnerability is due to improper session handling that allows an unauthenticated user to append arbitrary session IDs which will not be invalidated by subsequent authentication, allowing attackers to hijack or manipulate user...
SQL Injection
magento/community-edition is vulnerable to SQL injection. The vulnerability is due to improper sanitization of input in email template variables, allowing a user with marketing privileges to execute arbitrary SQL queries in the database. Attackers can exploit this to manipulate the database,...
Arbitrary File Access
magento/community-edition is vulnerable to arbitrary file access. The vulnerability is due to an issue in the file upload controller for downloadable products, allowing an authenticated user to read or delete arbitrary files. Attackers can exploit this vulnerability to gain unauthorized access to...
Improper Access Control
mediawiki/core is vulnerable to Improper Access Control. The vulnerability is due to the absence of a .htaccess file which is required to protect some directories from web access, potentially allowing attackers to access sensitive files and directories that shouldn't be web accessible...
2FA Sniffing
pterodactyl/panel is vulnerable to a 2FA sniffing. The vulnerability is due to a logical error that delays password verification until after 2FA credentials are entered, allowing malicious users to determine account existence with incorrect passwords...
Insecure Temporary File
salt is vulnerable to Insecure Temporary File. The vulnerability is caused by insecure permissions of /tmp within state.py, which could allow an attacker on the system to read arbitrary files created by salt...
Cross-site Scripting (XSS)
magento/community-edition is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the ability of an authenticated user to inject an embedded expression into a translation...
Cross-site Scripting (XSS)
Magento is vulnerable to Cross-site Scripting XSS. The vulnerability is due to error handling accessing user input without sanitization, allowing an authenticated user to manipulate downloadable links...
Cross-Site Scripting (XSS)
TinyMCE is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the content extraction feature, specifically when using the noneditableregexp option, which allows an attacker to execute malicious code through specially crafted HTML attributes during content extraction...
Privilege Escalation
salt is vulnerable to Privilege Escalation. The vulnerability is caused due to the dropping of group privileges by the salt master, which makes it easier for remote attackers to gain privileges...
Denial Of Service (DoS)
socket.io is vulnerable to Denial Of Service DoS. The vulnerability is due to a specially crafted Socket.IO packet triggering an uncaught exception, which kills the Node.js process, allowing an attacker to crash the server by sending a malicious packet...
OS Command Injection
php81 is vulnerable to OS Command Injection. The vulnerability is due to misinterpretation of characters in the command line by the PHP CGI module when using certain code pages on Windows. This may allow a malicious user to pass options to the PHP binary, potentially revealing source code, runnin...