38140 matches found
Improper Authentication
zenml is vulnerable to Improper Authentication. The vulnerability is due to improper authentication mechanisms, allowing an attacker with access to an active user session to change the account password without knowing the current password, bypassing the standard password change verification proce...
Unsafe Deserialization
skops is vulnerable to Unsafe Deserialization. This vulnerability is due to insufficient validation during model deserialization, which can result in arbitrary code execution when a user loads a maliciously crafted model...
Cluster Name Enumeration
github.com/argoproj/argo-cd is vulnerable to Cluster Name Enumeration. This vulnerability is due to inadequate handling of error messages such as cluster names, allowing attackers to enumerate clusters and project names within project-scoped clusters...
Remote Code Execution (RCE)
aimeos/aimeos-core is vulnerable to Remote Code Execution RCE. The vulnerability is caused by improper file upload validation, allowing users with administrative privileges to upload files disguised as images but containing PHP code, which can then be executed in the context of the web server...
Authentication Bypass / Remote Code Execution (RCE)
dtale is vulnerable to Authentication Bypass / Remote Code Execution RCE. The vulnerability is due to improper input validation and the presence of a hardcoded SECRETKEY in the Flask configuration, allowing attackers to forge a session cookie. Additionally, there is improper validation of custom...
Deserialization Of Untrusted Data
mlflow is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to inadequate input validation in the loadcustomobjects function within mlflow/tensorflow/init.py, which allows attackers to execute arbitrary code by injecting a malicious pickle object into the Tensorflow model...
Arbitrary File Write
mlflow is vulnerable to Arbitrary File Write. The vulnerability is due to improper santization within the mlflow.data.httpdatasetsource.py module, when fetching data over HTTP. The Content-Disposition header is used directly to construct the path where the file is saved to, which allows an attack...
Improper Authorization
github.com/argoproj/argo-cd/ is vulnerable to Improper Authorization. The vulnerability is caused by the exposure of the passwordPattern setting through the /api/v1/settings endpoint without authentication...
Improper Input Validation
github.com/golang/go/ is vulnerable to Improper Input Validation. The vulnerability is due to a misalignment in the behavior of zip implementations, which can be exploited to create zip files with varying contents based on the implementation reading the file...
Improper Enforcement Of Behavioral Workflow
aimeos/ai-client-html is vulnerable to Improper enforcement of behavioral workflow. The vulnerability is due to an issue where digital downloads sold in online shops can be accessed without valid payment, for instance, if the payment process fails. This could allow attackers to obtain digital goo...
Deserialization Of Untrusted Data
typo3/phar-stream-wrapper is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to improper handling of user-supplied Phar achive data before deserialization, which allows attackers to manipulate the serialized data to execute arbitrary code...
Denial Of Service (DoS)
go.opentelemetry.io/collector/config/configgrpc is vulnerable to Denial Of Service DoS. The vulnerability is due to compressed HTTP requests which can be maliciously designed to crash the system by consuming excessive memory. Attackers can exploit this by sending specially crafted "zip bomb"...
Improper Input Validation
github.com/golang/go/ is vulnerable to Improper Input Validation. The vulnerability is due to various methods IsPrivate, IsLoopback, etc. which do not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms...
Deserialization Of Untrusted Data
ydata-profiling is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to inadequate input validation in the loads function within serializereport.py, resulting in arbitrary code execution when utilizing the load function directly or passing bytes from external sources into...
Deserialization Of Untrusted Data
mlflow is vulnerable to Deserialization of Untrusted Data. The vulnerability is caused by a lack of validation in the loadfrompickle function in the mlflow/langchain/utils.py file, allowing an attacker to execute arbitrary code on the victim's system through a malicious Langchain AgentExecutor...
Insecure Deserialization
Ydataprofiling is vulnerable to Insecure Deserialization. This vulnerability is due to a lack of proper validation in the ydata-profiling library, allowing maliciously crafted datasets to execute arbitrary code on an end user's system when loaded...
Timing Side-Channel Attack
pypqc is vulnerable to a timing side-channel attack. The vulnerability is due to the attacker's ability to submit numerous decapsulation requests against a single private key and gain timing information, allowing the recovery of the private key with the Kyber512, Kyber768, and Kyber1024 functions...
Local File Inclusion
moodle/moodle is vulnerable to Local File Inclusion.The vulnerability is due to a misconfigured shared hosting environment that allows access to other users' content, permitting a user with both access to restore database activity modules and direct access to the web server outside of the Moodle...
Prompt Injection
Vanna is vulnerable to Prompt Injection. The vulnerability is due to improper input validation in the Vanna library's "ask" method, when allowing external input with "visualize" set to True, which allows a user to execute arbitrary python code...
Cross-site Request Forgery (CSRF)
moodle/moodle is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to the logout option lacking the necessary token, risking users being inadvertently logged out via CSRF attack...
Improper Input Validation
moodle/moodle is vulnerable to Improper Input Validation. The vulnerability is due to the lack of proper sanitization of the referrer URL in admin/tool/mfa/index.php, which is used directly by MFA...
Exposure Of Sensitive Information To An Unauthorized Actor
Moodle is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. The vulnerability is due to misconfiguration in a shared hosting environment, allowing a user with access to restore workshop modules and direct access to the web server outside of the Moodle webroot to execute a...
Information Exposure Through Misconfigured Permissions
Moodle is vulnerable to a Information Exposure Through Misconfigured Permissions. The vulnerability is due to misconfiguration in a shared hosting environment, allowing a user with access to restore feedback modules and direct access to the web server outside of the Moodle webroot to execute a...
Cross-site Scripting (XSS)
moodle/moodle is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient escaping of participants' names in the participant's page table, allowing for malicious code injection when interacting with certain features...
Cross-site Request Forgery (CSRF)
moodle/moodle is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to the admin management of analytics models, which fails to prevent CSRF risks because it does not include the necessary token...
Privilege Escalation
github.com/snapcore/snapd is vulnerable to Privilege Escalation. The vulnerability is due to improper command-line argument parsing, allowing an unprivileged user to trigger actions that require administrator privileges...
Cross-site Scripting (XSS)
moodle/moodle is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitizing of ID numbers displayed in the report, which results in stored XSS...
Improper Input Validation
moodle/moodle is vulnerable to Improper Input Validation. The vulnerability is due to inadequate verification of ReCAPTCHA activation on the login page, which results in captcha bypass...
Cross-site Request Forgery (CSRF)
moodle/moodle is vulnerable to Cross-Site Request Forgery. The vulnerability is due to a missing CSRF token in the admin preset tool...
Cross-site Scripting (XSS)
moodle/moodle is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization when opening the equation editor, leading to a stored XSS risk when editing another user's equation...
Deserialization Of Untrusted Data
mlflow is vulnerable to Deserialization of Untrusted Data. The vulnerability is caused due to inadequate input validation in the loadmodel function within mlflow/pytorch/init.py. This allows an attacker to execute arbitrary code on the victim's system by injecting a malicious pickle object into a...
Denial Of Service (DoS)
github.com/envoyproxy/envoy is vulnerable to Denial Of Service DOS. The vulnerability is due to the async HTTP client buffering the mirror response with an unbounded buffer, which allows attackers to potentially cause an out-of-memory scenario by sending huge responses...
Request Smuggling
github.com/envoyproxy/envoy is vulnerable to Request Smuggling. The vulnerability is due to Envoy incorrectly accepting a 200 response code from a server when a protocol upgrade is requested, even though a 200 response does not indicate a protocol switch. Attackers could exploit this by tricking ...
Use After Free
github.com/envoyproxy/envoy is vulnerable to a use-after-free. The vulnerability is due to QUICHE continuing to push request headers after the StopReading method is called on the stream, which can lead to accessing a destroyed HCM ActiveStream object. This allows attackers to disrupt service by...
Infinite Loop
github.com/envoyproxy/envoy is vulnerable to an Infinite Loop. The vulnerability is caused when handling Brotli-compressed data with extra input, which causes the system to consume excessive resources and potentially become unresponsive to legitimate traffic. An attacker can exploit this with a...
Exposure Of Sensitive Information To An Unauthorized Actor
moodle/moodle is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. The vulnerability is due to a misconfigured shared hosting environment that allows access to other users' content. This allows an attacker to execute arbitrary local file includes by restoring wiki modules...
Code Execution
javascript-deobfuscator is vulnerable to Code Execution. The vulnerability is due to crafted payloads targeting expression simplification, which allows an attacker to execute arbitrary code...
Arbitrary File Read And Write
qdrant-client is vulnerable to Arbitrary file read and write. The vulnerability is due to the snapshot recovery process allowing manipulation of snapshot files to include symlinks and also allows for the reading and writing of arbitrary files on the server...
Use After Free
Envoy is vulnerable to a Use-After-Free vulnerability. The vulnerability is due to improper handling in HttpConnectionManager HCM with EnvoyQuicServerStream, where an attacker can crash Envoy by sending a request without FIN, followed by a RESETSTREAM frame, and then closing the connection after...
Path Traversal
github.com/cri-o/cri-o is vulnerable to Path Traversal. The vulnerability is due to the path of the /etc directory being relative to the base of the container, which could lead to a container escape...
Reflected Cross Site Scripting (XSS)
dolibarr/dolibarr is vulnerable to a Reflected Cross-site Scripting XSS. The vulnerability is due to improper input validation in htdocs/compta/paiement/card.php, allowing remote attackers to inject arbitrary web script or HTML via the facid parameter...
Integer Underflow
Envoy is vulnerable to Integer Underflow. The vulnerability is due to an integer underflow in the QuicStreamSequencerBuffer::PeekRegion implementation, causing a crash at QuicheDataReader::PeekVarInt62Length...
Sensitive Information Disclosure
netty-incubator-codec-ohttp is vulnerable to Sensitive Information Disclosure. The vulnerability due to an error in the BoringSSLAEADContext which results the encryption nonce overflowing. An attacker can manipulate the nonce repetition by causing the sequence number to overflow, which decreases...
Integer Overflow
libaom.so is vulnerable to Integer Overflow. The vulnerability is caused by calling aomimgalloc with a large value of the dw, dh, or align parameter which results in integer overflows in the calculations of buffer sizes...
Integer Overflow
libvpx.so is vulnerable to Integer Overflow. The vulnerability is caused by calling large values of the dw, dh, or align parameter in the functions vpximgalloc and vpximgwrap, leading to invalid buffer sizes and offsets...
XML External Entity (XXE) Injection
typo3/cms is vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper handling of XML input, which allows attackers to load internal or external files within an XML structure and potentially inject arbitrary files to cause a denial of service or other attacks...
Denial Of Service (DoS)
typo3/cms is vulnerable to Denial of Service DoS. The vulnerability is caused by allowing an excessively high maximum result limit in TYPO3's Indexed Search component. This flaw potentially enables attackers to execute a Denial of Service DoS attack...
Cross-Site Scripting
typo3/cms is vulnerable to Cross-Site Scripting. The vulnerability is due to improper sanitization of user input in the CSS styled content component, which allows an authenticated users to inject arbitrary HTML or JavaScript...
Command Injection
gradio is vulnerable to Command Injection. The vulnerability is due to improper neutralization of special elements within the test-functional.yml CI work flow, which results in unauthorized modification of the base repository or exfiltration of the GITHUBTOKEN, COMMENTTOKEN, or...
Sensitive Information Disclosure
keycloak-services is vulnerable to Sensitive Information Disclosure. The vulnerability is due to client-provided parameters included in plain text within the KCRESTART cookie returned by the authorization server's HTTP response to a requesturi authorization request...