Lucene search
K
VeracodeRecent

38340 matches found

Veracode
Veracode
•added 2024/06/27 7:12 p.m.•7 views

Session Fixation

zendframework/zendframework is vulnerable to Session Fixation. The vulnerability is due to session validators not working as expected if set prior to the start of a session...

7AI score
Exploits0
Veracode
Veracode
•added 2024/06/27 12:17 p.m.•12 views

Heap Buffer Overflow

Libde265 is vulnerable to a Heap Buffer Overflow. The vulnerability is due to improper handling of a crafted payload that can cause a crash via the interceptormemcpy function, allowing an attacker to exploit the system...

6.5CVSS6.6AI score0.00449EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2024/06/27 12:1 p.m.•15 views

Heap Buffer Overflow

Libde265 is vulnerable to a Heap Buffer Overflow. The vulnerability is due to a crafted payload in the display444as420 function at sdl.cc, which can allow attackers to crash the application...

6.5CVSS6.7AI score0.00437EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/06/27 11:40 a.m.•8 views

Cross Site Scripting(XSS)

@zenuml/core is vulnerable to Cross-site Scripting XSS. The vulnerability is due to unsanitized Markdown comments in the file Comment.vue, allowing attackers to inject malicious JavaScript payloads...

5.4CVSS6.2AI score0.00381EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/06/27 9:8 a.m.•7 views

Cross-site Scripting (XSS)

zendframework/zendframework is vulnerable to Cross-site Scripting XSS. The vulnerability is due to not using context-appropriate escaping mechanisms with Zend\Escaper when escaping HTML, HTML attributes, and/or URLs, which could potentially be exploited to perform XSS attacks...

5.7AI score
Exploits0
Veracode
Veracode
•added 2024/06/27 8:15 a.m.•18 views

Use After Free

@fastly/js-compute is vulnerable to Use After Free. The vulnerability is due to re-use of previously freed memory in the FetchEvent.client and certain CacheEntry.prototype and Device.lookup functions. This issue could allow for an unintended data leak and often results in a Compute service crash...

5.3CVSS6.7AI score0.00266EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/06/27 7:54 a.m.•8 views

Denial Of Service (DoS)

github.com/golang/image is vulnerable to Denial of Service DoS. The vulnerability is due to invalid color indices in a corrupt or crafted image. An attacker could exploit the lack of color index checks by providing an image with invalid color indices which triggers a crash...

7.5CVSS6.5AI score0.00731EPSS
Exploits0References5Affected Software2
Veracode
Veracode
•added 2024/06/27 7:43 a.m.•11 views

Denial Of Service (DoS)

vrana/adminer is vulnerable to Denial of Service DoS. The vulnerability is caused due to improper handling of HTTP redirects, which allows an attacker to trigger a Denial of Service DoS condition by connecting adminer to an attacker controlled service...

6.9CVSS6.7AI score0.00582EPSS
Exploits0References3Affected Software2
Veracode
Veracode
•added 2024/06/27 7:34 a.m.•13 views

Insertion Of Sensitive Information Into Log File

org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source is vulnerable to Insertion Of Sensitive Information Into Log File. The vulnerability is due to the token being printed in the build log as part of the Bitbucket URL. An attacker can view the token and gain unauthorized access...

4.3CVSS7.1AI score0.00489EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/06/27 6:50 a.m.•18 views

Code Injection

flowise is vulnerable to Code Injection. The vulnerability is due to improper input validation in the api/v1 endpoint, allowing a remote attacker to execute arbitrary code via a crafted script...

7.6CVSS7.7AI score0.59867EPSS
Exploits4References4Affected Software1
Veracode
Veracode
•added 2024/06/27 6:40 a.m.•27 views

Cross-site Scripting (XSS)

djangorestframework is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization via the breaklongheaders template filter. This allows an attacker to inject malicious scripts by exploiting the improper santization in the header processing...

6.1CVSS6.2AI score0.01133EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/06/27 6:33 a.m.•12 views

Unencrypted Stored Credentials

org.jenkins-ci.plugins:plain-credentials is vulnerable to Unencrypted Stored Credentials. The vulnerability is caused when decrypting file contents to check for valid encrypted secrets, resulting in the file content being stored unencrypted only Base64 encoded. An attacker with access to the...

4.3CVSS6.4AI score0.00419EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/06/27 6:12 a.m.•20 views

Server-Side Request Forgery (SSRF)

vrana/adminer is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to the improper handling of user-supplied input in database connection fields. This allows an unauthenticated remote attacker to enumerate or access systems they would not otherwise have access to...

6.9CVSS7AI score0.00412EPSS
Exploits0References4Affected Software2
Veracode
Veracode
•added 2024/06/26 10:14 a.m.•6 views

Cross-site Scripting (XSS)

TYPO3 is vulnerable to Cross-site Scripting XSS. The vulnerability is due to failing to properly encode user input in the login status display in the website frontend, requiring a valid user account either backend or frontend to exploit...

6.6AI score
Exploits0
Veracode
Veracode
•added 2024/06/26 9:22 a.m.•6 views

Information Disclosure

typo3/cms is vulnerable to Information Disclosure. The vulnerability is due to logging login failures, including plain-text user credentials, at the "warning" log level, which potentially leads to unauthorized access to sensitive user information...

6.9AI score
Exploits0
Veracode
Veracode
•added 2024/06/26 8:13 a.m.•8 views

Denial Of Service (DoS)

silverstripe/framework is vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient authentication controls in the dev/build system controller, which could allow unauthorized users to trigger the dev/build process and potentially causing resource exhaustion and disrupting...

7.2AI score
Exploits0
Veracode
Veracode
•added 2024/06/26 7:49 a.m.•8 views

Code Injection

willdurand/js-translation-bundle is vulnerable to Code Injection. The vulnerability is due to a lack of validation of 'locale' parameter in 'Controller.php' file, which allows an attacker to inject javascript code...

7.1AI score
Exploits0
Veracode
Veracode
•added 2024/06/26 7:45 a.m.•14 views

Sensitive Information Disclosure

typo3/cms is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the Install Tool exposing the current TYPO3 version number to non-authenticated users...

7AI score
Exploits0
Veracode
Veracode
•added 2024/06/26 7:40 a.m.•8 views

Information Disclosure

silverstripe/framework is vulnerable to Information Disclosure. The vulnerability is due to sensitive database connection details potentially being exposed in stack traces when running in dev mode with the mysqli database driver...

6.9AI score
Exploits0
Veracode
Veracode
•added 2024/06/26 7:38 a.m.•9 views

Insufficient Session Expiration

zfr/zfr-oauth2-server-module is vulnerable to Insufficient Session Expiration. The vulnerability is due to a lack of token validation for expiration and validity, allowing users to potentially use invalidated authentication credentials...

7.2AI score
Exploits0
Veracode
Veracode
•added 2024/06/26 7:30 a.m.•8 views

Privilege Escalation

pgAdmin4 is vulnerable to Privilege Escalation. The vulnerability is caused by improper permissions set on the installation directory, allowing attackers to gain unauthorized access on Debian or RHEL 8 platforms...

7.4CVSS7.1AI score0.00246EPSS
Exploits0References1Affected Software1
Veracode
Veracode
•added 2024/06/26 7:23 a.m.•8 views

Cross-site Scripting (XSS)

TYPO3 is vulnerable to Cross-site Scripting XSS. The vulnerability is due to failing to properly encode user input in notifications shown in modal windows in the TYPO3 backend...

6.6AI score
Exploits0
Veracode
Veracode
•added 2024/06/26 7:17 a.m.•14 views

URL Rewrite

zendframework/zend-feed is vulnerable to URL Rewrite. The vulnerability is due to marshaling a request URI that includes logic to introspect HTTP request headers specific to a server-side URL rewrite mechanism. The attacker can emulate these headers to request arbitrary content...

7.1AI score
Exploits0
Veracode
Veracode
•added 2024/06/26 7:14 a.m.•12 views

NULL Pointer Dereference

github.com/pingcap/tidb is vulnerable to a Null pointer dereference. The vulnerability is due to improper handling of nil pointers within the expression.inferCollation function, which allows attackers to crash the application...

5.4CVSS6.7AI score0.00377EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/06/26 7:13 a.m.•15 views

Information Disclosure

aimeos/ai-client-html is vulnerable to Sensitive Information Exposure. The vulnerability is due to debug information revealing sensitive information from environment variables in error logs, allowing attackers to potentially access confidential data...

8.8CVSS6.2AI score0.0051EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/06/26 7:11 a.m.•12 views

SQL Injection

silverstripe/postgresql is vulnerable to SQL injection. The vulnerability is due to the inadequate handling of table names in the silverstripe/postgresql database adapter, which allows malicious SQL injection attacks if table names are not properly escaped or sanitized...

8.3AI score
Exploits0
Veracode
Veracode
•added 2024/06/26 7:7 a.m.•10 views

URL Rewrite

zendframework/zend-diactoros is vulnerable to URL Rewrite. The vulnerability is due to marshaling a request URI that includes logic to introspect HTTP request headers specific to a server-side URL rewrite mechanism. The attacker can emulate these headers to request arbitrary content...

7.1AI score
Exploits0
Veracode
Veracode
•added 2024/06/26 6:57 a.m.•16 views

Cross-site Scripting (XSS)

org.dspace:dspace-server-webapp is vulnerable to Cross-site Scripting XSS. The vulnerability is caused by improper validation of download behavior for HTML, XML, or JavaScript Bitstreams, allowing embedded JavaScript to execute in the user's browser, which could potentially lead to XSS attacks...

2.6CVSS5.9AI score0.00393EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2024/06/26 6:32 a.m.•11 views

Cross-site Scripting (XSS)

typo3/cms is vulnerable to Cross-site Scripting XSS. The vulnerability is due to failing to properly encode user input in online media asset rendering for .youtube and .vimeo files, requiring a valid backend user account or write access on the server system to exploit...

6.7AI score
Exploits0
Veracode
Veracode
•added 2024/06/26 6:30 a.m.•11 views

Cross Site Request Forgery (CSRF)

silverstripe/graphql is vulnerable to Cross Site Request Forgery CSRF. The vulnerability is due to the lack of CSRF protection, allowing authenticated users to unwittingly trigger GET requests that can modify or delete data on the server...

6.9AI score
Exploits0
Veracode
Veracode
•added 2024/06/26 6:23 a.m.•45 views

Command Injection

github.com/hashicorp/go-getter is vulnerable to Command Injection. The vulnerability is caused by improper handling of arguments in Git operations within getgit.go. This allows attackers to manipulate the Git configuration and execute arbitrary code...

8.4CVSS7.2AI score0.00973EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/06/26 6:13 a.m.•20 views

Malicious CDN Embedding

pdoc is vulnerable to malicious CDN embedding. The vulnerability is caused when documentation is generated with math mode pdoc --math due to the usage of a compromised polyfill.io CDN domain. An attacker could potentially exploit this by injecting malicious code into documentation generated with...

7.2CVSS6.8AI score0.03832EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2024/06/26 5:33 a.m.•15 views

Cache Poisoning

ezsystems/ezplatform is vulnerable to cache poisoning. The vulnerability is due to the inability to prevent front-controller script inclusion in URLs when using eZ Platform Cloud or within the .platform.app.yaml configuration file. It allows an attacker to manipulate the cache and potentially ser...

7AI score
Exploits0
Veracode
Veracode
•added 2024/06/26 4:30 a.m.•16 views

Denial Of Service (DoS)

typo3/cms is vulnerable to Denial of Service DoS. The vulnerability is due to handling large .youtube and .vimeo files in the backend, leading to high consumption of system resources and exceeding PHP process limits, resulting in a dysfunctional backend component...

7AI score
Exploits0
Veracode
Veracode
•added 2024/06/26 4:3 a.m.•5 views

Session Hijacking

typo3/cms is vulnerable to Session Hijacking. The vulnerability is due to cookies not being hardened to be submitted only via HTTP, which in combination with other vulnerabilities like cross-site scripting can lead to hijacking an active and valid session...

6.5AI score
Exploits0
Veracode
Veracode
•added 2024/06/25 12:11 p.m.•9 views

Cross-Site Scripting (XSS)

zendframework/zend-navigation is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the use of the escapeHtml view helper instead of escapeHtmlAttr, leading to improper HTML attribute escaping...

6.3AI score
Exploits0
Veracode
Veracode
•added 2024/06/25 12:0 p.m.•11 views

Sensitive Information Disclosure

zendframework/zend-developer-tools is vulnerable to Sensitive Information Disclosure. The vulnerability is due to a change made during the update to support PHP 7.3 that potentially prevents toolbar entries, which are enabled by default, from being disabled. The attacker can exploit this by...

6.9AI score
Exploits0
Veracode
Veracode
•added 2024/06/25 9:49 a.m.•12 views

Information Disclosure

SilverStripe is vulnerable to Information Disclosure. The vulnerability is caused by a specific URL path configured by default through the silverstripe/framework module, which can be used to disclose that a domain is hosting a SilverStripe application...

7.5CVSS6.5AI score0.018EPSS
Exploits0References5Affected Software2
Veracode
Veracode
•added 2024/06/25 9:16 a.m.•8 views

Arbitrary Code Execution

typo3/cms is vulnerable to arbitrary file upload. The vulnerability is due to a missing file extensions in $GLOBALS'TYPO3CONFVARS''BE''fileDenyPattern', allowing backend users to upload executable files such as .phar, .shtml, .pl, or .cgi in certain web server setups...

7.1AI score
Exploits0
Veracode
Veracode
•added 2024/06/25 9:0 a.m.•6 views

Sensitive Information Disclosure

typo3/cms is vulnerable to Sensitive Information Disclosure. The vulnerability is due to mechanisms used for configuration of RequireJS package loading, which can potentially allow an attacker to retrieve additional information about the installed system and third-party extensions...

6.8AI score
Exploits0
Veracode
Veracode
•added 2024/06/25 7:55 a.m.•12 views

Cross-site Scripting (XSS)

org.apache.jspwiki:jspwiki-builder is vulnerable to Cross-site Scripting XSS. The vulnerability is caused by a lack of proper sanitization for the certain characters of user input within Wiki.js. This allows an attacker to potentially inject and execute malicious scripts in the context of the...

6.1CVSS6.5AI score0.5943EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2024/06/25 7:29 a.m.•12 views

Improper Input Validation

github.com/rancher/rancher is vulnerable to Improper Input Validation. The vulnerability is due to the tampering of the errorMsg parameter, allowing for the display of arbitrary content, filtering tags but not special characters or symbols. This can lead to malicious users to lure legitimate user...

4.7CVSS6.7AI score0.02263EPSS
Exploits1References8Affected Software1
Veracode
Veracode
•added 2024/06/25 6:49 a.m.•9 views

Cross-site Scripting (XSS)

typo3/cms is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of field validation error outputs, which allows malicious scripts to be executed in the user's browser...

6.6AI score
Exploits0
Veracode
Veracode
•added 2024/06/25 6:40 a.m.•12 views

Cross Site Scripting(XSS)

ydataprofiling is vulnerable to a Cross-site scripting XSS vulnerability. This vulnerability is due to insufficient sanitization of user-supplied inputs in reports, allowing malicious payloads to execute when these reports are viewed in the browser...

7.8CVSS6AI score0.00321EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/06/25 6:38 a.m.•18 views

XML External Entity (XXE)

org.cyclonedx:cyclonedx-core-java is vulnerable to XML External Entity XXE.The vulnerability is caused due to improper configuration of the DocumentBuilderFactory used to evaluate XPath expressions to determine the schema version of the BOM before deserializing CycloneDX Bill of Materials in XML...

7.5CVSS7.4AI score0.00589EPSS
Exploits0
Veracode
Veracode
•added 2024/06/25 5:32 a.m.•19 views

Remote Code Execution (RCE)

parisneo/lollms is vulnerable to Remote Code Execution RCE. The vulnerability is due to the misuse of the shell=True parameter in the subprocess.Popen function within the createcondaenv function of the parisneo/lollms repository. The vulnerability allows an attacker to execute arbitrary commands...

6.8CVSS8.2AI score0.00446EPSS
Exploits2References3Affected Software1
Veracode
Veracode
•added 2024/06/25 5:18 a.m.•19 views

Information Disclosure

github.com/hashicorp/go-retryablehttp is vulnerable to Information Disclosure . The vulnerability is due to improper sanitization of URLs when writing them to the log file, allowing an attacker to potentially access sensitive HTTP basic auth credentials...

6CVSS6.4AI score0.00358EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/06/25 5:9 a.m.•26 views

Insecure Random Number Generator

apache streampipes is vulnerable to Insecure Random Number Generator. The vulnerability is due to the use of a cryptographically weak PRNG in the user self-registration and password recovery mechanism, which allows an attacker to guess the recovery token in a reasonable time and take over the...

9.1CVSS6.7AI score0.05995EPSS
Exploits1References4Affected Software2
Veracode
Veracode
•added 2024/06/25 5:7 a.m.•17 views

Improper Access Control

github.com/rancher/rancher is vulnerable to Improper Access Control. The vulnerability is due to improper cleanup of roleBindings associated with a user or group when they are removed from a project, allowing former members to continue creating, updating, reading, and deleting namespaces in that...

8.1CVSS6.6AI score0.01048EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2024/06/25 5:5 a.m.•11 views

Path Traversal

CodeChecker is vulnerable to a Path traversal. The vulnerability is due to improper sanitization of ZIP files at the CodeCheckerService@massStoreRun endpoint. An attackers can exploit this by inserting arbitrary files into internal database, which can then be displayed through the Web interface...

6.5CVSS6.7AI score0.0073EPSS
Exploits1References3Affected Software1
Total number of security vulnerabilities38340