Incorrect Authorization

org.apache.submarine, submarine-server-core is vulnerable to an Incorrect Authorization. The vulnerability is due to invalidation on authorization checks, allowing unauthorized users to potentially gain access to restricted functionalities...

Local File Inclusion (LFI)

parisneo/lollms is vulnerable to Local File Inclusion LFI. The vulnerability is due to insufficient path sanitization in the sanitizepathfromendpoint function, which does not properly handle Windows-style paths backward slash \, which allows attackers to exploit directory traversal on Windows...

Authentication Bypass

@strapi/plugin-users-permissions is vulnerable to Authentication Bypass. The vulnerability is caused due to improper handling of Open Redirects and session tokens being sent as URL query parameters, allowing an unauthenticated attacker to retrieve third-party tokens with one user click...

Server-side Template Injection (SSTI)

documentmergeservice is vulnerable to Server-side Template Injection SSTI. The vulnerability is due to insufficient input sanitization and validation in the handling of templates within the Document Merge Service, which allows attackers to inject malicious code into templates, which is then...

Remote Code Execution

langflow is vulnerable to Remote Code Execution. The vulnerability is due to untrusted users being able to reach the POST /api/v1/customcomponent endpoint and provide a Python script, allowing an attacker to execute arbitrary code...

File Disclosure

vrana/adminer is vulnerable to File Disclosure. This vulnerability is due to insufficient input validation, allowing unauthorized access to sensitive files within the application's directory...

Arbitrary File Upload

aimeos/aimeos-core is vulnerable to an Arbitrary File Upload. The vulnerability is due to improper validation within the image upload function, allowing attackers to execute arbitrary PHP code by uploading a specially crafted file...

Reflected Cross-site Scripting (XSS)

jupyter-server-proxy is vulnerable to Reflected Cross-site Scripting XSS. The vulnerability is due to improper sanitization of the host value in the /proxy endpoint, allowing an attacker to send a phishing link with custom JavaScript that runs when the user clicks the link, potentially granting...

Denial Of Service (DoS)

@grpc/grpc-js is vulnerable to Denial of Service DoS. The vulnerability is due to improper message size checks becauses messages that exceed the grpc.maxreceivemessagelength are buffered or decompressed in entirety before being discarded, which can result in DoS...

Cross Site Scripting (XSS)

html is vulnerable to Cross-Site Scripting XSS. This vulnerability is due to improper validation which allows an attacker to introduction JavaScript code through tagged templates within the ghtml, allowing an attacker to inject and execute malicious JavaScript code...

Command Injection

composer/composer is vulnerable to Command Injection. This vulnerability is due to specially crafted branch names in git/hg repositories, when executing the composer install command, which allows an attacker to execute arbitrary commands...

Remote Code Execution

lightning is vulnerable to a Remote Code Execution. This vulnerability is due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library, which attackers can exploit to manipulate the application state and execute arbitrary code remotely...

Path Traversal

lollms is vulnerable to Path Traversal. The vulnerability is due to insufficient sanitization of user-supplied input in the sanitizepathfromendpoint and sanitizepath functions within lollmscore\lollms\security.py, enabling arbitrary file reading, particularly on Windows systems...

Cross Site Scripting (XSS)

getformwork/formwork is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper user input validation within meta.php, which allows an attacker to perform XSS...

Insufficient Granularity Of Access Control

lunary is vulnerable to an Insufficient Granularity of Access Control vulnerability. The vulnerability is due to improper validation of dataset ownership, allowing users to create, update, get, and delete prompt variations for datasets not owned by their organization, leading to unauthorized...

Insufficient Session Expiration

zenml is vulnerable to Insufficient Session Expiration. The vulnerability is due to the application not terminating existing sessions after a user's password is updated, allowing attackers to maintain access even after security credentials have been changed...

Code Execution

composer/composer is vulnerable to Code Execution. The vulnerability is due to improper branch name sanitization within the status, reinstall, and remove commands when handling packages installed from source via git, which allows an attacker to execute arbitrary code...

XML Entity Expansion (XXE)

ebookmeta is vulnerable to an XML External Entity XXE vulnerability. The vulnerability is due to improper handling of crafted XML input via the lxml dependency in the ebookmeta.getmetadata function, allowing attackers to access sensitive information or cause a Denial of Service DoS...

Regular Expression Denial Of Service (ReDoS)

ua-parser/uap-php is vulnerable toRegular Expression Denial Of Service ReDoS. The vulnerability is due to use of inefficient or poorly constructed regular expressions that can take an exceptionally long time to evaluate against certain input strings, which results in Regular Expression Denial Of...

Improper Access Control

scikit-learn is vulnerable to Improper Access Control. The vulnerability is due to the unexpected storage of all tokens in the stopwords attribute, which can leak sensitive information such as passwords or keys when using the TfidfVectorizer class...

XML Entity Expansion (XXE)

ebookmeta is vulnerable to an XML External Entity XXE vulnerability. The vulnerability is due to improper handling of crafted XML input in the ebookmeta.getmetadata function, allowing attackers to access sensitive information or cause a Denial of Service DoS...

Authentication Bypass

authlib is vulnerable to Authentication Bypass The vulnerability is due to allowing HMAC verification with any asymmetric public key in jwt.decode calls without specifying an algorithm, which attackers can exploit to bypass authentication checks...

Path Traversal

lollms is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths between Windows and Linux environments, allowing attackers to traverse beyond the intended directory and read any file on the Windows system...

Code Injection

litellm is vulnerable to Code Injection. The vulnerability is caused due to a lack of input validation in the eval function within the secret management system, which allows an attacker to execute arbitrary code...

Arbitrary File Write

onnx is vulnerable to Arbitrary File Write. The vulnerability is due to insufficient path validation within an archive during tar file extraction. An attacker can overwrite any file on the system, potentially leading to remote code execution, and deletion of system, personal, or application files...

Request Smuggling

tornado is vulnerable to Request Smuggling. This vulnerability is due to mishandling multiple Transfer-Encoding: chunked headers, which allows for request smuggling attacks when deployed behind a proxy server that emits such requests...

Sensitive Information Exposure

h2o is vulnerable to Sensitive Information Exposure. The vulnerability is due the Typeahead API call which allows an attacker to lookup arbitrary system paths in the entire file system where h2o-3 is hosted...

Race Condition

zenml is vulnerable to a Race Condition vulnerability. The vulnerability is due to insufficient handling of concurrent user creation requests, which allows an attacker to create multiple users with the same username when requests are sent in parallel...

Denial Of Service (DoS)

langchain is vulnerable to a Denial-of-Service DoS. The vulnerability is due to infinite recursion in the parsesitemap method, which results in an infinite loop that exceeds the maximum recursion depth in Python...

Inadequate Encryption Strength

Ninja Core is vulnerable to Inadequate Encryption Strength. The vulnerability is due to the encrypt method in the CookieEncryption class which uses AES with default padding, leading to the possible leakage of sensitive cookie information...

Improper Authorization

zenml is vulnerable to Improper Authorization. The vulnerability is due to improper authorization controls in the API PUT /api/v1/users/id endpoint, allowing any authenticated user to modify other users' information, including deactivating accounts...

Cross Site Scripting (XSS)

sulu/form-bundle is vulnerable to Cross Site Scripting XSS. The vulnerability is due to the TokenController improperly sanitizating the formName parameter which is returned in the input field...

Arbitrary File Deletion

litellm is vulnerable to Arbitrary File Deletion. The vulnerability is due to improper input validation on the /audio/transcriptions endpoint, allowing attackers to send crafted requests that delete specified files without proper authorization or validation...

Session Fixation

Evmos is vulnerable to Session Fixation. The vulnerability is due to the improper handling of contract balances during interchain transactions involving a local state change and an ICS20 transfer. An attacker can exploit this flaw to artificially increase the supply of Evmos tokens by manipulatin...

CRLF Injection

tornado is vulnerable to CRLF Injection. The vulnerability is due to improper CR/LF checks allowing for the inclusion of attacker-controlled header values in requests, which allows arbitrary headers or requests to be sent to a specified server...

Local File Inclusion (LFI)

gradio is vulnerable to Local File Inclusion LFI. The vulnerability is due to improper input validation in the postprocess function within jsoncomponent.py, where a user-controlled string is parsed as JSON which can be exploited to read arbitrary files on the remote system...

Incorrect Calculation

github.com/evmos/evmos is vulnerable to Incorrect Calculation. The vulnerability is due to a failure to update the spendable balance correctly when delegating vested tokens, allowing attackers with clawback vesting accounts to manipulate the system to treat unvested tokens as though they were...

Improper Authentication

born05/craft-twofactorauthentication is vulnerable to Improper Authentication. The vulnerability is due to improper checks to prevent TOTP tokens from used multiple times within the validity period...

Improper Authorization

github.com/evmos/evmos is vulnerable to Improper Authorization. The vulnerability is due to the absence of proper checks to prevent the delegation of unvested tokens, which enables attackers to prematurely access and utilize these tokens in ways not intended by the vesting agreements...

Password Hash Disclosure

born05/craft-twofactorauthentication is vulnerable to Password Hash Disclosure. The vulnerability is due to the improper handling of password hashes, which are exposed in server responses after a valid TOTP submission. Attackers can exploit this by controlling a user's session to obtain the...

Sensitive Information Disclosure

jupyterserver is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper path validation, which allows unauthenticated attackers to leak the NTLMv2 password hash of the Windows user running the server...

Information Exposure

zsa is vulnerable to Information Exposure Through Error Message. The vulnerability is due to the application transferring the parse error stack from the server to the client in production build mode, potentially revealing sensitive server information...

Cross Site Scripting (XSS)

zenml is vulnerable to Cross Site Scripting XSS. The vulnerability is due to missing santization of the logourl field, allowing an attacker to send harmful messages to other users and potentially compromise their accounts...

Undefined Behavior

mlflow is vulnerable to Undefined Behavior. The vulnerability is due to inadequate validation of model names, which allows an attacker to create multiple models with the same name, leading to potential Denial of Service DoS and data model poisoning...

SQL Injection

litellm is vulnerable to SQL Injection. The vulnerability is due to improper handling of the 'userid' parameter in the raw SQL query used for deleting users. This allows an attacker to inject malicious SQL commands, leading to potential unauthorized access to sensitive information such as API key...

Server-Side Request Forgery (SSRF)

langchain is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper restriction of requests in the Web Research Retriever component, allowing it to reach local addresses and enabling attackers to execute port scans, access local services, and potentially read instanc...

SQL Injection

litellm is vulnerable to SQL Injection. The vulnerability is due to improper neutralization of special elements in an SQL command within the /global/spend/logs endpoint, where the apikey parameter is concatenated directly into the query without validation. Successful exploitation could lead to...

Improper Restriction Of Rendered UI Layers Or Frames (Clickjacking)

zenml is vulnerable to Improper Restriction of Rendered UI Layers or Frames Clickjacking. The vulnerability is due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers, allowing an attacker to embed the application UI within an iframe on a...

Authentication Bypass By Spoofing

github.com/kubernetes/kubernetes/ is vulnerable to Authentication Bypass By Spoofing. The vulnerability is due to improper issuers check which allows an attacker to bypass the issue "iss" check during JSON Web Token JWT authentication...

Authentication Bypass By Spoofing

github.com/openshift/telemeter/ is vulnerable to Authentication Bypass By Spoofing. The vulnerability is due to improper checks which allows an attacker to bypass the issue "iss" check during JSON Web Token JWT authentication...