Lucene search
K
VeracodeRecent

38340 matches found

Veracode
Veracode
•added 2024/07/03 6:52 a.m.•12 views

Improper Enforcement Of Behavioral Workflow

aimeos/ai-controller-frontend is vulnerable to Improper Enforcement of Behavioral Workflow. The vulnerability is due to not resetting the payment status of a user's basket after the user completes a purchase...

5.3CVSS7AI score0.0043EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2024/07/03 6:35 a.m.•19 views

Code Injection

flowise is vulnerable to Code Injection. The vulnerability is due to a lack of sanitization of the fileName body parameter in the /api/v1/openai-assistants-file endpoint in index.ts. An attacker can exploit this to read arbitrary files on the server...

7.5CVSS6.8AI score0.01761EPSS
Exploits3References3Affected Software1
Veracode
Veracode
•added 2024/07/03 6:17 a.m.•9 views

Unauthorized Access

aimeos/ai-admin-jsonadm is vulnerable to Unauthorized Access. The vulnerability is due to improper access control mechanisms within aimeos/ai-admin-jsonadm, allowing editors to improperly remove admin group and locale configurations in the Aimeos backend...

5.5CVSS7AI score0.00481EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2024/07/03 6:3 a.m.•12 views

Origin Validation Error

flowise is vulnerable to a CORS misconfiguration. The vulnerability is due to the Access-Control-Allow-Origin header being set to allow all origins, permitting arbitrary origins to connect to the website. In the default unauthenticated configuration, attackers can exploit this to make requests to...

7.5CVSS7AI score0.08495EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2024/07/03 6:3 a.m.•15 views

Regular Expression Denial Of Service (ReDoS)

async is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to the autoinject function, which allows an attacker to slowdown parsing with crafted whitespaces, resulting in Regular Expression Denial of Service ReDoS...

7.5CVSS6.7AI score0.00812EPSS
Exploits0References10Affected Software1
Veracode
Veracode
•added 2024/07/03 6:2 a.m.•14 views

Cross-Site Scripting

flowise is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper sanitization in the /api/v1/public-chatflows/id endpoint when a chatflow ID is not found, causing its value to be reflected in the 404 page with type text/html. Attackers can exploit this by crafting...

6.1CVSS6AI score0.00405EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2024/07/03 6:0 a.m.•15 views

Cross-Site Scripting (XSS)

flowise is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization in the /api/v1/credentials/id endpoint, which reflects user input back in the 404 page as HTML. This allows attackers to craft a URL that injects JavaScript into user sessions, enabling...

6.1CVSS6AI score0.00405EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2024/07/03 5:37 a.m.•16 views

Path Traversal

yt-dlp is vulnerable to Path Traversal. The vulnerability is due to unrestricted file extensions of downloaded files resulting in arbitrary filenames and path traversal on Windows, which could allows an attacker to execute arbitrary code...

7.8CVSS7.3AI score0.00322EPSS
Exploits0References10Affected Software2
Veracode
Veracode
•added 2024/07/02 12:5 p.m.•17 views

Prototype Pollution

requirejs is vulnerable to Prototype Pollution. The vulnerability is due to the config function which allows attackers to inject arbitrary prototype properties, which potentially allows an attacker to execute arbitrary code or cause a Denial of Service DoS...

7.6AI score
Exploits2References1Affected Software1
Veracode
Veracode
•added 2024/07/02 10:29 a.m.•11 views

SQL Injection

typo3/cms is vulnerable to SQL Injection. The vulnerability is due to improperly user input neutralization, allowing user with a valid frontend account to potentially execute SQL queries...

7.8AI score
Exploits0
Veracode
Veracode
•added 2024/07/02 10:17 a.m.•7 views

Improper Privilege Management

typo3/cms is vulnerable to Improper Privilege Management. The vulnerability is due to a link potentially allowing certain editing permissions if the admin panel is configured to be shown,which requires a valid preview link to exploit...

7AI score
Exploits0
Veracode
Veracode
•added 2024/07/02 9:15 a.m.•6 views

Insecure Deserialization

typo3/cms is vulnerable to Insecure Deserialization. The vulnerability is due to improper validation of incoming import data in the Import/Export component, which requires a valid backend user account to exploit...

6.9AI score
Exploits0
Veracode
Veracode
•added 2024/07/02 9:1 a.m.•18 views

Prototype Pollution

@agreejs/shared is vulnerable to Prototype Pollution. The vulnerability is due to missing checks in the mergeInternalComponents function, allowing attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

9.8CVSS7.7AI score0.00677EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/07/02 8:34 a.m.•10 views

Prototype Pollution

che3vinci c3/utils-1 is vulnerable to Prototype Pollution. The vulnerability is due to missing checks in assign function, allowing attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

8.1CVSS7.7AI score0.00562EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/07/02 8:19 a.m.•17 views

Prototype Pollution

@cahil/utils is vulnerable to Prototype Pollution. The vulnerability is due to missing checks in the set function, allowing attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

9.8CVSS7.7AI score0.00693EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/07/02 8:10 a.m.•12 views

Prototype Pollution

@cafebazaar/hod is vulnerable to Prototype Pollution. The vulnerability is due to missing checks in the request function, allowing attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

9.8CVSS7.7AI score0.00691EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/07/02 8:0 a.m.•17 views

Prototype Pollution

fast-loops is vulnerable to Prototype Pollution. The vulnerability is due to missing checks in the objectMergeDeep function, allowing attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

10CVSS7.7AI score0.00918EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/07/02 7:38 a.m.•9 views

Prototype Pollution

2o3t-utility is vulnerable to Prototype Pollution. The vulnerability is due to failing to properly handle inputs in the extend function, allowing attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

9.8CVSS7.7AI score0.00785EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/07/02 7:13 a.m.•9 views

Prototype Pollution

@amoy/common is vulnerable to prototype pollution. The vulnerability is due to setValue function, potentially allowing attackers to execute arbitrary code or cause a Denial of Service DoS by injecting arbitrary properties...

7.3CVSS7.8AI score0.00495EPSS
Exploits0References1Affected Software1
Veracode
Veracode
•added 2024/07/02 7:13 a.m.•10 views

Prototype Pollution

@jsonic/jsonic-next is vulnerable to Prototype Pollution. The vulnerability is due to the functions empty, util.clone, util.prop, util.deep, and make not properly handling inputs containing the special property proto. Attackers can exploit this to modify the built-in Object.prototype, potentially...

6.3CVSS7.3AI score0.005EPSS
Exploits1References1Affected Software1
Veracode
Veracode
•added 2024/07/02 7:12 a.m.•24 views

Prototype Pollution

ag-grid-community and ag-grid-enterprise are vulnerable to prototype pollution. The vulnerability is due to the .mergeDeep function, allowing attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

9.8CVSS7.8AI score0.01158EPSS
Exploits1References5Affected Software2
Veracode
Veracode
•added 2024/07/02 7:10 a.m.•17 views

Prototype Pollution

ag-grid-enterprise is vulnerable to Prototype Pollution. The vulnerability is due to the functions .mergeDeep, ModuleSupport.jsonApply, ModuleSupport.setPath, and Util.jsonApply accepting arguments that include the built-in property proto. Attackers can exploit this by passing specially crafted...

6.3CVSS6.8AI score0.00827EPSS
Exploits1References5Affected Software2
Veracode
Veracode
•added 2024/07/02 7:10 a.m.•18 views

Prototype Pollution

adolphdudu/ratio-swiper is vulnerable to Prototype Pollution. The vulnerability is due to by passing crafted arguments with the proto property using functions like extendDefaults and parse. The vulnerability allows attackers to alter the behavior of all objects inheriting from the affected...

6.5CVSS6.8AI score0.00521EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2024/07/02 7:6 a.m.•20 views

Sensitive Information Disclosure

IBM MQ is vulnerable to Sensitive Information Disclosure. The vulnerability is due to a detailed technical error message being returned in the browser. The attacker can use this information in further attacks against the system...

6.5CVSS6.1AI score0.00534EPSS
Exploits0References2Affected Software3
Veracode
Veracode
•added 2024/07/02 6:55 a.m.•15 views

Prototype Pollution

@cat5th/key-serializer is vulnerable to Prototype Pollution. The vulnerability is due to passing crafted arguments with the proto property using functions like query, set, default.query, and default.set. The vulnerability allows attackers to alter the behavior of all objects inheriting from the...

6.3CVSS6.8AI score0.00419EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/07/02 6:53 a.m.•9 views

SQL Injection

parse-server is vulnerable to SQL Injection. The vulnerability is due to improper handling of user-supplied input when configured with the PostgreSQL database, allowing malicious SQL queries to be executed...

9.8CVSS7.2AI score0.20171EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2024/07/02 6:48 a.m.•20 views

Prototype Pollution

requirejs is vulnerable to Prototype Pollution. The vulnerability is due to missing prototype checks in the config, s.contexts..configure, and parse functions, which allows an attackers to modify the built-in Object.prototype by passing arguments containing the special proto key, which results in...

10CVSS6.7AI score0.00749EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/07/02 6:45 a.m.•11 views

Prototype Pollution

@abip/sp-common is vulnerable to Prototype Pollution. The vulnerability is due to the function mergeDeep, which allows attackers to inject arbitrary properties. The attacker can execute arbitrary code or cause a Denial of Service DoS as a result...

6.3CVSS7.6AI score0.00473EPSS
Exploits0References1Affected Software1
Veracode
Veracode
•added 2024/07/02 6:36 a.m.•11 views

Prototype Pollution

@airvertco/frappejs is vulnerable to Prototype Pollution. The vulnerability is due to passing the function registerView with an argument containing a special property proto to pollute the object, which allows attackers to alter the behavior of all objects inheriting from the affected prototype...

8.8CVSS6.7AI score0.00822EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/07/02 6:17 a.m.•8 views

Prototype Pollution

@amoy/common is vulnerable to Prototype Pollution. The vulnerability is due to functions like extend and setValue, which can be exploited by passing crafted arguments with a proto property. This allows attackers to alter the behavior of all objects inheriting from the affected prototype...

7.3CVSS6.7AI score0.00523EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2024/07/02 6:16 a.m.•22 views

Denial Of Service (DoS)

github.com/gorilla/schema is vulnerable to Denial of Service DoS. The vulnerability is caused due to unrestricted memory allocation triggered by manipulating the slice index idx beyond the configured maxSize. This allows an attacker to exhaust system resources and potentially crash the applicatio...

7.5CVSS6.6AI score0.01105EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/07/02 5:57 a.m.•11 views

Prototype Pollution

@jsonic/jsonic-next is vulnerable to Prototype Pollution. The vulnerability is due to several functions including empty, util.clone, util.prop, util.deep, and make, which can be exploited by passing crafted arguments with the proto property. This allows attackers to alter the behavior of all...

9.8CVSS6.7AI score0.00876EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2024/07/02 5:50 a.m.•11 views

Path Traversal

Weblate is vulnerable to Path Traversal. The vulnerability is caused due to a lack of proper normalization and validation of filenames when restoring project backups. This could allow an attacker to use a crafted ZIP file containing arbitrary paths to gain unauthorized access to files on the serv...

5.4CVSS7AI score0.00315EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/07/02 5:24 a.m.•13 views

Code Injection

Gradio is vulnerable to Code Injection. The vulnerability is caused due to improper input validation in the gradio/componentmeta.py. This flaw allows an attacker to execute arbitrary code via a crafted input...

9.8CVSS7.5AI score0.00863EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2024/07/01 12:6 p.m.•17 views

Improper Access Control

github.com/goauthentik/authentik is vulnerable to Improper Access Control. The vulnerability is due to access restrictions not being properly checked in the OAuth2 Device code flow, allowing users without correct authorization to obtain OAuth tokens and potentially access applications...

8.6CVSS6.8AI score0.0058EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2024/07/01 11:46 a.m.•17 views

Denial Of Service (DoS)

MIT Kerberos 5 is vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient validation of length fields in message tokens, allowing an attacker to cause invalid memory reads by sending tokens with invalid length values...

9.1CVSS6.6AI score0.01863EPSS
Exploits0References4Affected Software2
Veracode
Veracode
•added 2024/07/01 11:0 a.m.•23 views

Plaintext Modification

libkrb5.so is vulnerable to a Plaintext Modification attack. The vulnerability is due to improper modifications in the plaintext Extra Count field of a confidential GSS krb5 wrap token, allowing an attacker to make an unwrapped token appear truncated to the application...

7.5CVSS6.5AI score0.00748EPSS
Exploits0References4Affected Software2
Veracode
Veracode
•added 2024/07/01 10:55 a.m.•7 views

Cross-site Scripting (XSS)

TYPO3 is vulnerable to Cross-site Scripting. The vulnerability is due to failing to properly encode user input in some backend components...

7AI score
Exploits0
Veracode
Veracode
•added 2024/07/01 10:13 a.m.•17 views

Cross Site Scripting(XSS)

zenml is vulnerable to Cross-Site Scripting XSS . The vulnerability is due to improper input neutralization during web page generation within the survey redirect parameter, which allows an attacker to execute arbitrary JavaScript code in the context of the user's browser session...

6.1CVSS6AI score0.00388EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2024/07/01 9:21 a.m.•6 views

Authentication Bypass

TYPO3 is vulnerable to Authentication Bypass. The vulnerability is due to the default authentication service failing to invalidate empty strings as passwords...

7.3AI score
Exploits0
Veracode
Veracode
•added 2024/07/01 8:42 a.m.•8 views

Improper Input Validation

github.com/gin-contrib/cors is vulnerable to Improper Input Validation. The vulnerability is caused due to improper handling of wildcards in origin strings in the parseWildcardRules function within the cors.go file. This allows an attacker to bypass origin restrictions by using similar but...

9.1CVSS6.5AI score0.00428EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2024/07/01 7:46 a.m.•14 views

Denial Of Service (DoS)

IBM MQ is vulnerable to Denial Of Service DoS. The vulnerability is due to an error applying configuration changes, which an attacker could exploit to cause a Denial Of Service DoS...

7.5CVSS6.3AI score0.00702EPSS
Exploits0References3Affected Software3
Veracode
Veracode
•added 2024/07/01 7:35 a.m.•15 views

Sensitive Information Disclosure

IBM MQ is vulnerable to Sensitive Information Disclosure. The vulnerability is due to a detailed technical error message being returned in the browser. An attacker can use this information in further attacks against the system...

6.5CVSS6.1AI score0.00604EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/07/01 7:20 a.m.•19 views

Denial Of Service (DoS)

IBM MQ is vulnerable to Denial Of Service DoS. The vulnerability is due to an error processing messages when an API Exit using MQBUFMH is used. The attacker can exploit this to cause a denial of service in certain configurations...

7.5CVSS6.4AI score0.00492EPSS
Exploits0References2Affected Software3
Veracode
Veracode
•added 2024/07/01 6:38 a.m.•25 views

Privilege Escalation

IBM MQ is vulnerable to Privilege Escalation. The vulnerability is due to incorrect privilege assignments, which allows an attacker to escalate their privileges under certain configurations...

8.8CVSS7.2AI score0.00424EPSS
Exploits0References2Affected Software3
Veracode
Veracode
•added 2024/06/28 12:31 p.m.•19 views

Remote Code Execution

nltk is vulnerable to Remote Code Execution. The vulnerability is due to models containing pickled Python code, which could allow an attacker to execute arbitrary code. An attacker would need to preform a man-in-the-middle attack to modify the packaged pickles such as the averagedperceptrontagger...

9.8CVSS8AI score0.01346EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/06/28 6:15 a.m.•16 views

Improper Certificate Validation

phpseclib/phpseclib is vulnerable to Improper Certificate Validation. The vulnerability is due to some characters in Subject Alternative Name fields in TLS certificates that are allowed to have a special meaning in regular expressions, leading to name confusion in X.509 certificate host...

7.5CVSS6.5AI score0.00376EPSS
Exploits1References5Affected Software2
Veracode
Veracode
•added 2024/06/28 5:52 a.m.•12 views

Remote Code Execution (RCE)

torch is vulnerable to Remote Code Execution RCE. The vulnerability is caused by a lack of restriction on function calls when a worker node sends a PythonUDF to the master node, which then executes the function without proper validation within the torch.distributed.rpc framework. This allows...

8.1AI score
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/06/28 5:40 a.m.•7 views

Cross-site Scripting (XSS)

org.opencms: opencms-core is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper validation of .svg files, allowing users with the roles of gallery editor or VFS resource manager to upload images containing JavaScript code, which will be executed when another user accesse...

6.4CVSS6.4AI score0.00263EPSS
Exploits0References1Affected Software1
Veracode
Veracode
•added 2024/06/27 7:39 p.m.•8 views

Cross-site Scripting (XSS)

zendframework/zendframework is vulnerable to Cross-site Scripting XSS. The vulnerability is due to view helpers using escapeHtml instead of escapeHtmlAttr to escape HTML attributes, which can lead to potential XSS attack vectors when user data or JavaScript is used...

5.6AI score
Exploits0
Total number of security vulnerabilities38340