Insufficient Entropy

zendframework/zend-captcha is vulnerable to Insufficient Entropy. The vulnerability is due to the use of PHP's arrayrand function, which does not generate sufficient entropy, leading to predictable CAPTCHA words. The attacker can potentially brute force the CAPTCHA words by exploiting the weak...

Improper Authentication

zendframework/zendopenid is vulnerable to Improper Authentication. The vulnerability is due to insufficient parameter validation resulting in accepting tokens with arbitrary signed elements. Ab attacker can impersonate any OpenID Identity by using a malicious OpenID Provider, resulting in...

Cross-site Scripting (XSS)

TYPO3 is vulnerable to cross-site scripting XSS. The vulnerability is due to templates using built-in Fluid ViewHelpers which fail to properly encode user input...

Unauthorized Access

SilverStripe is vulnerable to Unauthorized Access. The vulnerability is due to failure to restrict access via the URL parameters isDev and isTest with debugging tools intended only for development "dev mode", which allows unauthenticated users to expose sensitive debugging information typically...

User ID Enumeration

silverstripe/framework is vulnerable to user ID Enumeration. The vulnerability is due to differing error messages: non-existent users do not receive a locked out message, which allows an attacker to infer or confirm user details that exist in the member table...

Improper Access Control

silverstripe/framework is vulnerable to Improper Access Control. The vulnerability is due to a weakness in the .htaccess rules preventing requests to uploaded PHP scripts, which allows PHP scripts in the assets directory to be executed via a specially crafted URL...

Broken Access Control

TYPO3 is vulnerable to Broken Access Control. The vulnerability is due to backend users with limited access to specific languages being able to modify and create pages in the default language, which should be disallowed. A valid backend user account is required to exploit this vulnerability...

Infinite Loop

LibYAML is vulnerable to an Infinite loop. The vulnerability is due to improper handling of buffer states during YAML parsing. An attackers can exploit this by crafting a specific input to the YAML parser which potentially leads to a Denial-of-Service DoS condition...

Double Free

LibYAML is vulnerable to a Double-free. The vulnerability is due to improper memory management in the handling of anchor allocations, leading to double-free errors. Attackers can exploit this vulnerability to potentially execute arbitrary code or cause a denial of service by manipulating memory...

Heap Buffer Overflow

LibYAML is vulnerable to Heap buffer overflow. The vulnerability is due to the lack of proper initialization of the emitter when yamlemitteremit is called without yamlemitterinitialize. An attacker can exploit this vulnerability by providing specially crafted inputs to trigger the overflow,...

Cross-site Scripting (XSS)

TYPO3 is vulnerable to cross-site scripting XSS. The vulnerability is due to improper handling of t3:// URLs and typolink functionality, affecting both backend forms and frontend extensions that use typolink rendering...

Deserialization Of Untrusted Data

mlflow is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to unsafe deserialization in the function loadmodelfromlocalfile within sklearn/init.py. An attacker can inject a malicious pickle object into a model file on upload, which will be deserialized resulting in...

Improper Check For Unusual Or Exceptional Conditions

lnbits is vulnerable to Improper Check For Unusual Or Exceptional Conditions. The vulnerability is due to the blocking API call which leads to a timeout if a payment is not settled within 30 seconds...

Deserialization Of Untrusted Data

mlflow is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to improper handling of untrusted data in the loadmodelfromlocalfile function within the sklearn/init.py. The vulnerability allows an attacker to inject a malicious pickle object into a model file on upload, which...

Privilege Escalation

github.com/dnscrypt/dnscrypt-proxy is vulnerable to Privilege escalation. The vulnerability is caused by insecure file permissions on the dnscrypt-proxy executable, which allows non-privileged users to overwrite it with malicious code, leading to potential privilege escalation to root when the...

Sensitive Information Disclosure

apache-airflow is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the absence of a "Cache-Control" header in the response headers for dynamic content, which could lead to the unintended caching of sensitive information in the local cache of web browsers...

Missing Authorization

snipe/snipe-it is vulnerable to Missing Authorization. The vulnerability is due to the lack of authorization checks in the API endpoint, allowing users with "User" and "Self" permissions to modify group memberships without verifying if they are superusers...

Denial Of Service (DoS)

ch.qos.logback:logback-classic is vulnerable to Denial Of Service DoS. The vulnerability is due to the readObject method in the LoggingEventVO class which fails to check the length of an argument array during deserialization. An attacker could send crafted data, resulting in Denial of Service DoS...

Denial Of Service (DoS)

TYPO3 is vulnerable to Denial Of Service DoS. The vulnerability is due to improper validation of anonymous user sessions in the built-in record registration functionality using recs URL parameters, allowing attackers to create an arbitrary amount of individual session-data records in the database...

Insecure Deserialization

typo3/cms is vulnerable to Insecure Deserialization. The vulnerability is due to improper handling of user-submitted payloads that are signed with an HMAC-SHA1 using the sensitive TYPO3 encryptionKey as the secret. If the encryptionKey is known to attackers, they can craft a malicious payload tha...

Deserialization Of Untrusted Data

MLflow is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to unsafe handling user-supplied data in the sklearn/init.py within the loadmodelfromlocalfile function, which allows an attacker to inject a malicious pickle object into a model file on upload which will then be...

Denial Of Service (DoS)

github.com/klauspost/compress/zstd is vulnerable to a Denial of service DoS. The vulnerability is due to its zstd decompression implementation not respecting the limits imposed by gRPC, which allows attacker to trigger rapid and uncontrolled increases in memory usage on the server or client...

Path Traversal

org.jenkins-ci.plugins:report-info is vulnerable to Path Traversal. The vulnerability is due to lack of path validation in the workspace directory, allowing attackers with Item/Configure permission to access restricted files on the controller file system...

Deserialization Of Untrusted Data

mlflow is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to a lack of proper input validation during the pickle deserialization process within the BaseCard.load function in the recipes/cards/init.py file. This vulnerability allows an attacker to execute arbitrary code o...

Path Traversal / Code Injection

willdurand/js-translation-bundle is vulnerable to path traversal and JavaScript code injection. These vulnerabilities are due to insufficient input validation, allowing attackers to manipulate file paths and inject malicious scripts into the application...

Privilege Escalation

github.com/adguardteam/adguardhome is vulnerable to Privilege Escalation. The vulnerability is due to unprivileged attackers being able to overwrite the AdGuardHome binary, which allows an attacker to escalate privileges on the host OS...

Deserialization Of Untrusted Data

mlflow is vulnerable to Deserialization of Untrusted Data. The vulnerability is caused due to improper handling of serialized data in the loadpyfunc function within mlflow/pyfunc/model.py. This flaw allows an attacker to inject a malicious pickle object into a PyFunc model file, which results in...

Improper Authentication

github.com/rancher/rancher is vulnerable to Improper Authentication. The vulnerability is due to the default admin user being recreated with a well-known password after Rancher restarts...

Cross-site Scripting (XSS)

typo3/cms is vulnerable to cross-site scripting XSS. The vulnerability is due to improper handling of file extensions containing malicious sequences in the output table listing, which requires access to the server's file system either directly or through synchronization to exploit...

Information Disclosure

github.com/cilium/cilium is vulnerable to Information Disclosure. The vulnerability is due to the output of cilium-bugtool containing sensitive data when the tool is run with the --envoy-dump flag in deployments where the Envoy proxy is enabled. Attackers who gain access to this output could...

XML External Entity (XXE) Injection

magento/community-edition is vulnerabile to XML External Entity XXE Injection. The vulnerability is due to improper handling of XML documents which allows for external entities to be referenced, leading to potential arbitrary code execution. An attacker can exploit this by sending a crafted XML...

Denial Of Service (DoS)

org.elasticsearch: elasticsearch is vulnerable to Denial of Service DoS. The vulnerability is due to a StackOverflow exception caused by dynamic field mapping of the passthrough type in an index template. An attacker can exploit this vulnerability by ingesting documents under specific conditions ...

Code Injection

mlflow is vulnerable to Code Injection. The vulnerability is caused due to improper input validation in the runentrypoint function within the projects/backend/local.py file. This vulnerability allows an attacker to execute arbitrary code on the victim's system by submitting a maliciously crafted...

Arbitrary File Read/Write

github.com/projectdiscovery/interactsh is vulnerable to Arbitrary File Read/Write. The vulnerability is due to improper smb server restrictions which allows an attacker to read/write any files in the directory and subdirectories of where the victim runs interactsh-server via anonymous login...

Deserialization Of Untrusted Data

mlflow is vulnerable to Deserialization of Untrusted Data. The vulnerability is caused by a lack of proper validation of untrusted data in the loadmodel function within the pmdarima/init.py file, allowing an attacker to execute arbitrary code by injecting a malicious pickle object into a PyFunc...

Improper Authorization

@strapi/plugin-content-manager is vulnerable to Improper Authorization. The vulnerability is due to improper access control, allowing users with the Author Role to see items in a collection associated with another collection that they did not create...

Improper Input Validation

org.keycloak:keycloak-services is vulnerable to Improper Input Validation. The vulnerability is due to the use of email as a username without checking for existing accounts, which can lead to the inability to reset or login with email for the user...

Improper Authorization

github.com/hashicorp/vault is vulnerable to Improper Authorization. The vulnerability is due to the JWT auth method improperly validating the audience and role-bound claims, allowing invalid logins to succeed when they should have been rejected...

Denial Of Service (DoS)

microsoft.azure.storage.datamovement is vulnerable to a Denial of Service DoS. The vulnerability is due to improper handling of requests, which can lead to excessive resource consumption...

Privilege Escalation

Azure Identity and Microsoft Authentication are vulnerable to Privilege Escalation. The vulnerability is due to improper handling of tokens and keys within DefaultAzureCredential and ManagedIdentityCredential classes, allowing an attacker to elevate to SYSTEM privileges read arbitrary files on th...

Denial Of Service (DoS)

github.com/vektah/gqlparser is vulnerable to Denial Of Service. The vulnerability is due to improper input handling in the ParseQuery function. An attacker can exploit this by sending a crafted script to cause the parser to crash...

Denial-of-Service (DoS)

@strapi/plugin-upload is vulnerable to Denial-of-Service DoS. The vulnerability is due to the server crashing without restarting when handling errors, causing it to become unavailable for all clients until manually restarted...

Access Control Bypass

oauthenticator is vulnerable to Access Control Bypass. The vulnerability is due to the allowall setting taking precedence over identityprovider, allowing attackers to log in without restriction based on the intended institutional identity provider configuration...

Information Disclosure

org.elasticsearch.plugin: x-pack-security is vulnerable to Information Disclosure. The vulnerability arises from the failure to enforce search restrictions during cross-cluster searches when an API key grants both search and replication rights to an index, which allows an attacker to access...

SQL Injection

org.apache.submarine: submarine-server-core is vulnerable to SQL Injection. The vulnerability is due to improper neutralization of special elements used in an SQL command, allowing attackers to manipulate queries and potentially gain unauthorized access to the server's database...

Cross-Site Scripting (XSS)

inveniocommunities is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to inadequate sanitization of the Affiliations field during the account registration process, allowing attackers to inject and execute malicious scripts...

Denial Of Service Via Account Lockout

org.keycloak, keycloak-services is vulnerable to Denial of Service via account lockout. The vulnerability is due to improper handling of usernames formatted as email addresses, which allows attackers to lock out legitimate users by repeatedly using incorrect passwords...

Improper Authentication

org.apache.submarine:submarine-commons-utils is vulnerable to Improper Authentication. The vulnerability is caused by a hard-coded JSON Web Token JWT key SUBMARINESECRET12345678901234567890 within SubmarineConfVars.java, which allows attackers to generate unauthorized JWT tokens, bypass...

Cross Site Scripting(XSS)

summernote is vulnerable to Cross Site Scripting XSS. The vulnerability is due to insufficient input validation and sanitization of user-provided content, allowing malicious scripts to be executed within the context of the application when viewed in code mode...

Incorrect Authorization

org.apache.submarine, submarine-server-core is vulnerable to an Incorrect Authorization. The vulnerability is due to invalidation on authorization checks, allowing unauthorized users to potentially gain access to restricted functionalities...