38139 matches found
Cross-site Scripting (XSS)
magento/community-edition is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the ability of an authenticated user to inject an embedded expression into a translation...
Cross-site Scripting (XSS)
Magento is vulnerable to Cross-site Scripting XSS. The vulnerability is due to error handling accessing user input without sanitization, allowing an authenticated user to manipulate downloadable links...
Cross-Site Scripting (XSS)
TinyMCE is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the content extraction feature, specifically when using the noneditableregexp option, which allows an attacker to execute malicious code through specially crafted HTML attributes during content extraction...
Privilege Escalation
salt is vulnerable to Privilege Escalation. The vulnerability is caused due to the dropping of group privileges by the salt master, which makes it easier for remote attackers to gain privileges...
Denial Of Service (DoS)
socket.io is vulnerable to Denial Of Service DoS. The vulnerability is due to a specially crafted Socket.IO packet triggering an uncaught exception, which kills the Node.js process, allowing an attacker to crash the server by sending a malicious packet...
OS Command Injection
php81 is vulnerable to OS Command Injection. The vulnerability is due to misinterpretation of characters in the command line by the PHP CGI module when using certain code pages on Windows. This may allow a malicious user to pass options to the PHP binary, potentially revealing source code, runnin...
NULL Pointer Dereference
libgpac.so is vulnerable to NULL Pointer Dereference. The vulnerability is due to improper memory management within the swfsvgaddisosample function in src/filters/loadtext.c of the component MP4Box...
SQL Injection
zendframework/zendframework is vulnerable to SQL injection. The vulnerability is due to a flaw in the quoteValue and quoteValueList methods of the Zend\Db component, which did not account for all possible escapable characters, leading to improper quoting of values for SQL strings...
Improper Encoding Or Escaping Of Output
php81 is vulnerable to Improper Encoding or Escaping of Output. The vulnerability is due to insufficient escaping when using the procopen command with array syntax, allowing malicious users to execute arbitrary commands in the Windows shell by supplying controlled arguments...
Cross-site Scripting (XSS)
zendframework/zend-view is vulnerable to cross-site scripting XSS. The vulnerability is due to many view helpers using escapeHtml instead of the more appropriate escapeHtmlAttr for escaping HTML attributes, which can lead to potential XSS attack vectors when user data and/or JavaScript is used to...
Parameter Injection
zendframework/zendframework is vulnerable to Parameter Injection. The vulnerability is due to the way Zend\Mvc\Router\Http\Query captures any query parameters into the RouteMatch, allowing these parameters to override already captured routing parameters and bypass constraints defined in parent...
Cross-site Request Forgery (CSRF)
zendframework/zend-feed is vulnerable to Cross-site Request Forgery CSRF. The vulnerability is due to the request URI marshalling logic that introspects specific HTTP request headers, allowing a malicious client or proxy to emulate these headers and request arbitrary content...
Cross-site Scripting (XSS)
moodle/moodle is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient escaping of calendar event titles, leading to a stored XSS risk in the event deletion prompt...
Use Of Insufficiently Random Values
zendframework/zendframework is vulnerable to insufficient entropy. The vulnerability is due to using PHP's mtrand function as a fallback for generating random bytes, which is predictable and susceptible to brute force attacks on the seed...
Information Disclosure
moodle/moodle is vulnerable to Information Disclosure. The vulnerability is caused due to the cURL wrapper in Moodle failing to clear HTTP authorization headers when following redirects, potentially exposing sensitive authentication information to unintended hosts...
URL Redirection To Untrusted Site ('Open Redirect')
zendframework/zendframework is vulnerable to improper handling of IP addresses. The vulnerability is due to the class not verifying if the IP address in $SERVER'REMOTEADDR' is in the trusted proxy server list before using the X-Forwarded-For header...
Improper Authentication
github.com/pocketbase/pocketbase is vulnerable to Improper Authentication. The vulnerability is due to unverified account linking because an attacker can create an unverified account with the targeted user's email, and when the user signs up with OAuth2, their account is linked without changing t...
Denial Of Service (DoS)
ws is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of the Upgrade header when the number of received headers exceeds the server.maxHeadersCount or request.maxHeadersCount threshold, causing incomingMessage.headers.upgrade to not be set. Attackers can use this...
Arbitrary Code Execution
dolibarr/dolibarr is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper validation of file types in the Upload Template function, allowing attackers to execute arbitrary code via uploading a crafted .SQL file...
Information Disclosure
SonarQube is vulnerable to exposure of encrypted values in cleartext. The vulnerability is due to encrypted values generated using the Settings Encryption feature being exposed in URL parameters in logs, allowing attackers with access to SonarQube logs or proxy logs to view sensitive information...
Use Of A Key Past Its Expiration Date
moodle/moodle is vulnerable to Use of a Key Past its Expiration Date. The vulnerability is caused due to improper key generation, as the same key is used interchangeably for a user's QR login key and their auto-login key. This allows an attacker to exploit the same key used interchangeably for a...
Cross Site Request Forgery (CSRF)
moodle/moodle is vulnerable to Cross Site Request Forgery. The vulnerability is due to misuse of confirmsesskey. An attacker can exploit this flaw to perform unauthorized actions on behalf of a legitimate user...
Path Traversal
ai.djl,api is vulnerable to Path Traversal. The vulnerability is due to absolute path archived artifacts, allowing attackers to insert archived files directly into the system and overwrite system files...
Credential Leakage
org.keycloak, keycloak-core is vulnerable to Credential Leakage. The vulnerability is due to a lack of proper validation and enforcement when administrators change the LDAP Connection URL without requiring re-entry of the currently configured LDAP bind credentials. The vulnerability allows an...
Prototype Pollution
@cdr0/sg is vulnerable to prototype pollution. The vulnerability is due to improper handling of user-supplied inputs within ref.js , specifically allowing manipulation of the proto and constructor.prototype properties. This allows attackers to alter the behavior of all objects inheriting from the...
Prototype Pollution
@alexbinary/object-deep-assign is vulnerable to Prototype Pollution. The vulnerability is due to the lack of prototype checks in the extend function within index.js. Attackers can exploit this method to copy malicious properties to the built-in Object.prototype through special properties like pro...
Denial Of Service (DoS)
github.com/stacklok/minder is vulnerable to Denial Of Service DoS. The vulnerability is due to a lack of input validation within the Clone method when handling Git URLs provided by Minder users. The vulnerability allows Minder users to clone large repositories without enforcing size limits, leadi...
Missing Authentication
io. strimzi, strimzi is vulnerable to Missing Authentication. The vulnerability is due to improper access control implementation in the Kafka Connect REST API within the STRIMZI Project. The vulnerability allows attackers to exploit the API to potentially deny service for Kafka Mirroring, mirror...
Unauthorized Access
moodle/moodle is vulnerable to Unauthorized Access. The vulnerability is due to insufficient capability checks within getjoinurl.php , which allowed users to gain access to BigBlueButton join URLs which they do not have permission to access...
Improper Privilege Management
org.keycloak: keycloak-services is vulnerable to Improper Privilege Management. The vulnerability is due to users with low privileges being able to utilize administrative functionalities within the Keycloak admin interface...
Improper Authentication
Rancher is vulnerable to Improper Authentication. The vulnerability is due to not cleaning up a deleted/disabled user, or revoked from the configured authentication provider, leaving the user's tokens still usable...
Improper Authentication
Firefly III is vulnerable to an Improper Authentication. The vulnerability is due to a flaw in the Firefly III OAuth flow, which may allow malicious users to bypass the MFA check, enabling them to gain access using passwords stolen from other sources through password spraying...
Improper Privilege Management
Rancher is vulnerable to Improper Privilege Management. The vulnerability is due to privilege escalation checks not being properly enforced for RoleTemplate objects when external=true, allowing rules from a ClusterRole to be ignored under certain contexts, which has been fixed by introducing a ne...
Insufficient Control Flow Management
Evmos is vulnerable to Insufficient Control Flow Management. The vulnerability is due to different ante handler checks for Cosmos and Ethereum transactions, allowing a clawback account to bypass Cosmos checks by sending an Ethereum transaction targeting a precompile used to interact with a Cosmos...
Improper Authorization
Evmos is vulnerable to Improper Authorization. The vulnerability is due to allowing a user to create a validator using vested tokens to deposit the self-bond...
Sensitive Information Disclosure
github.com/rancher/rke is vulnerable to Sensitive Information Disclosure. The vulnerability exists due to insecure cluster state storage in a publicly accessible configmap called full-cluster-state inside the kube-system namespace, which allows an attacker without administrative privileges to...
Sensitive Information Disclosure
@lobehub/chat is vulnerable to Sensitive Information Disclosure. The vulnerability is due to insecure handling of the base URL in the frontend, allowing an attacker to modify it to their own attack URL. The attacker can then set up a server-side request to obtain the real backend API key...
Prototype Pollution
@abw/badger-database is vulnerable to Prototype Pollution. The vulnerability is due to a flaw in the file dist/badger-database.esm, which allows an attacker to execute arbitrary code by manipulating object prototypes...
Insecure Deserialization
nukeviet/nukeviet vulnerable to a Insecure Deserialization. The vulnerability is due to improper handling of serialized data, allowing attackers to execute arbitrary code via download.php...
Sensitive Information Disclosure
github.com/rancher/rancher is vulnerable to Sensitive Information Disclosure. The vulnerability is due to constantly reconciling clusters when secrets encryption configuration is enabled, causing Kube API secret values to be written in plaintext on the AppliedSpec. An attacker can gain access to...
Prototype Pollution
@apphp/object-resolver is vulnerable to Prototype Pollution. The vulnerability is due to manipulation of the prototype via the function Module.setNestedProperty, potentially allowing attackers to modify object properties to execute arbitrary code...
Regular Expression Denial Of Service
kubeflow/kubeflow is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to the usage of a regular expression to validate email addresses which has inefficient complexity, allowing an attacker to submit a crafted email which results in excessive CPU consumption,...
Prototype Pollution
@allanlancioni/flatten-json is vulnerable to Prototype Pollution. The vulnerability is due to the unflattenJSON method, allowing attackers to exploit properties such as proto or constructor.prototype to inject malicious payloads...
Code Injection
nukeviet/nukeviet is vulnerable to Code Injection. The vulnerability is due to improper validation in the /admin/extensions/upload.php component. An attacker can exploit this vulnerability to execute arbitrary code on the server...
Prototype Pollution
@akbr/update is vulnerable to Prototype Pollution. The vulnerability is due to manipulation of the objects prototype via update/index.js, potentially allowing attackers to alter application behavior or execute arbitrary code...
Sensitive Information Disclosure
urllib3 is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper handling of the Proxy-Authorization header, which is not removed on cross-origin redirects, which could allow an attacker to expose sensntive authentication material to unintended hosts. Note that this...
Buffer Overflow
libcdio is vulnerable to Buffer Overflow. The vulnerability is due to improper handling of ISO 9660 image files, which allows an attacker to execute arbitrary code when reading a crafted ISO 9660 image file...
Authentication Bypass
ghost is vulnerable Authentication Bypass. The vulnerability is caused due to the misuse of multiple X-Forwarded-For headers with different values, which allows remote attackers to bypass the rate-limit protection mechanism. Note that the project recommends a reverse proxy to prevent this...
Insecure Credential Storage
TYPO3 is vulnerable to Insecure Credential Storage. The vulnerability is due to the backend form reloading when creating new backend user accounts, potentially persisting records with insecure or empty credentials...
Privilege Escalation
silverstripe/framework is vulnerable to Privilege Escalation. The vulnerability is due to the CMS Fields for members being constructed using DirectGroups instead of Groups relation. The vulnerability allows attacker with EDITPERMISSIONS and access to the "Security" section to escalate their...