Path Traversal

github.com/weaviate/weaviate is vulnerable to path traversal. The vulnerability is due to insufficient validation of the fileName field in the transfer logic, which allows an attacker who can call the GetFile method while a shard is in the “Pause file activity” state and the FileReplicationServic...

Improper Authentication

Milvus is vulnerable to Improper Authentication. The vulnerability is due to improper validation of the sourceID header in the Milvus Proxy component, which allows an attacker to bypass authentication and gain full administrative access to the Milvus cluster...

Improper Privilege Management

github.com/lxc/incus is vulnerable to Improper Privilege Management. The vulnerability is due to improper handling of custom storage volumes with the security.shifted property, which allows an attacker with root access inside a container to create a setuid binary that can be executed on the host ...

Improper Authentication

ZITADEL is vulnerable to Improper Authentication. The vulnerability is due to improper enforcement of organization login policies during the federation auto-linking process, which allows an attacker to authenticate through a disabled identity provider and link their external identity to an existi...

SQL Injection

Glances is vulnerable to SQL Injection. The vulnerability is due to constructing SQL queries using string concatenation with unsanitized data in the TimescaleDB export module, where values are wrapped in quotes without proper escaping, allowing attacker-controlled inputs e.g., process names or...

Denial Of Service (DoS)

pypdf is vulnerable to Denial Of Service. The vulnerability is due to parsing a PDF content stream with an inflated Length value, where the parser allocates memory based on the declared length without verifying the actual data size, and an attacker can craft a PDF with a large /Length field to...

Denial Of Service (DoS)

Tornado is vulnerable to Denial of Service DoS. The vulnerability is due to synchronous parsing of multipart/form-data without limiting the number of parts, allowing attackers to send large requests with many parts that consume excessive CPU and block the main thread...

Camaleon CMS Vulnerable To Path Traversal Through AWS S3 Uploader Implementation

Camaleon CMS versions 2.4.5.0 through 2.9.1, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...

Information Disclosure

Glances is vulnerable to Information Disclosure. The vulnerability is due to missing access control and filtering in the /api/4/config endpoint, which returns the full configuration including sensitive data such as passwords, API tokens, and cryptographic keys...

Incorrect Authorization

Shopware is vulnerable to Incorrect Authorization. The vulnerability is due to insufficient validation of filter types in the store-api.order endpoint, which allows an attacker to access orders belonging to other customers without authentication...

SQL Injection

Craft Commerce is vulnerable to SQL Injection. The vulnerability is due to lack of whitelist validation on the sort parameter passed to orderBy, which allows an attacker to inject malicious SQL into the ORDER BY clause and manipulate database queries...

Cross-site Scripting (XSS)

Craft CMS is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient sanitization of return URLs using striptags without validating URL schemes, which allows an attacker to inject malicious JavaScript via crafted URLs...

SQL Injection

Craft CMS is vulnerable to a SQL Injection. The vulnerability is due to missing input sanitization in the ElementSearchController::actionSearch endpoint, which allows an attacker to inject malicious SQL queries via parameters like criteriawhere or criteriaorderBy and extract sensitive database...

SQL Injection

craftcms/commerce is vulnerable to SQL Injection. The vulnerability is due to lack of validation and sanitization of sort parameters in the addOrderBy clause, which allows an attacker to inject arbitrary SQL queries and potentially compromise the database...

Unauthorized Data Access

Shopware is vulnerable to unauthorized data access. The vulnerability is due to an insufficient check on filter types for unauthenticated customers, where the deepLinkCode support on the store-api.order endpoint fails to enforce proper authorization and attackers can retrieve other customers' ord...

SQL Injection

Craft CMS is vulnerable to SQL Injection. The vulnerability is due to missing input sanitization in the ElementSearchController::actionSearch endpoint, which allows an attacker to inject malicious SQL queries via parameters like criteriawhere or criteriaorderBy and extract sensitive database...

Arbitrary Code Injection

Craft CMS is vulnerable to Arbitrary Code Injection. The vulnerability is due to unsafe use of unsandboxed Twig rendering with user-controlled input in the conditions system, which allows an attacker to execute arbitrary code through crafted condition rules...

Arbitrary File Write

Magic Wormhole is vulnerable to Arbitrary File Write. The vulnerability is due to improper validation of file paths during file reception, allowing a malicious sender to overwrite critical local files e.g., /.ssh/authorizedkeys, .bashrc and potentially compromise the system...

Arbitrary File Write

Black is vulnerable to Arbitrary File Write. The vulnerability is due to improper sanitization of the --python-cell-magics option when constructing cache file names, allowing attackers to manipulate the file path and write cache files to arbitrary locations on the filesystem...

Remote Code Execution (RCE)

Craft CMS is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe use of unsandboxed Twig rendering with user-controlled input in the conditions system, which allows an attacker to execute arbitrary code through crafted condition rules...

Information Disclosure

Apache ZooKeeper is vulnerable to Information Disclosure. The vulnerability is due to improper handling of configuration values in ZKConfig, where sensitive client configuration data may be logged at INFO level in the client logfile, potentially exposing confidential information...

Cross-site Scripting (XSS)

Vega is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the attachment of vega library and a vega.View instance to the global window, and the allowance of user-defined Vega JSON definitions, which can lead to arbitrary JavaScript code execution. An attacker can exploit this...

Information Disclosure

Directus is vulnerable to information disclosure. The vulnerability is due to improper filtering of concealed fields in search queries, which allows an authenticated attacker to infer matches from returned records and enumerate sensitive data even though the values appear masked...

Improper File Handling

zx is vulnerable to Improper File Handling. The vulnerability is due to a logic error in the linkNodeModules and cleanup routines when using the --prefer-local option, which allows unintended deletion of an external /nodemodules directory outside the current working directory...

Information Disclosure

Directus is vulnerable to information disclosure. The vulnerability is due to different error messages returned by the /items/collection API when accessing unauthorized existing collections versus non-existent collections, which allows an attacker to enumerate and discover the existence of...

Arbitrary Code Injection

md-to-pdf is vulnerable to Arbitrary Code Injection. The vulnerability is due to a Markdown front-matter block that contains JavaScript delimiter, where the JS engine in gray-matter library executes arbitrary code in the Markdown to PDF converter process of md-to-pdf library, and attackers can...

Race Condition

@hpke/core is vulnerable to Race Condition. The vulnerability is due to the public SenderContext Seal API having a race condition which allows for the same AEAD nonce to be re-used for multiple Seal calls, where an attacker can exploit this to cause complete loss of Confidentiality and Integrity ...

Denial Of Service (DoS)

Node.js is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of malformed HTTP/2 HEADERS frames containing invalid HPACK data, which can trigger an unhandled TLSSocket ECONNRESET error and cause the Node.js process to crash, enabling remote denial of service...

Path Traversal

Node.js is vulnerable to Path Traversal. The vulnerability is due to improper validation of relative symlink paths in the permissions model, allowing attackers to chain directories and symlinks to bypass --allow-fs-read and --allow-fs-write restrictions and access files outside the permitted...

Information Disclosure

Node.js is vulnerable to Information Disclosure. The vulnerability is due to improper buffer allocation handling when using the vm module with the timeout option, where interrupted allocations may return buffers containing uninitialized memory, potentially exposing leftover data such as tokens or...

Sensitive Information Exposure

@perfood/couch-auth is vulnerable to Sensitive Information Exposure. The vulnerability is due to session tokens and passwords being stored in JavaScript objects without explicit memory clearing, allowing sensitive data to remain in memory and potentially be extracted through memory dumps or...

Denial Of Service (DoS)

Servify Express is vulnerable to Denial of Service DoS. The vulnerability is due to the use of express.json without a request size limit, which allows an attacker to send extremely large JSON request bodies that exhaust memory or resources, leading to degraded performance or application crashes...

Information Disclosure

github.com/authzed/spicedb is vulnerable to Information Disclosure. The vulnerability is due to the exclusion operator in the authorization schema, where a large payload can cause the WriteRelationships call to fail silently, and incorrect permission check results are returned, allowing attackers...

Cross-site Scripting (XSS)

@angular/core is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization of HTML from translated content in the Angular internationalization i18n pipeline, where an attacker can execute arbitrary JavaScript by compromising the translation file. When...

Authentication Bypass

Astro is vulnerable to an authentication bypass. The vulnerability is due to improper handling of double URL encoding in middleware pathname checks, which allows an unauthenticated attacker to bypass path-based authentication and gain unauthorized access to protected routes...

Stored Cross-Site Scripting (XSS)

Open WebUI is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of Markdown content in the Notes PDF export functionality, allowing attackers to embed malicious SVG tags that execute arbitrary JavaScript when the note is downloaded as a PDF,...

Server-Side Template Injection

Craft CMS is vulnerable to Server-Side Template Injection. The vulnerability is due to improper handling of Twig input using the map filter in certain fields, which allows an attacker to craft malicious payloads and execute arbitrary code on the server...

Server-Side Template Injection

craftcms/cms is vulnerable to Server-Side Template Injection. The vulnerability is due to improper handling of Twig input using the map filter in certain fields, which allows an attacker with sufficient access to craft malicious payloads and execute arbitrary code on the server...

Denial Of Service

pypdf is vulnerable to Denial Of Service. The vulnerability is due to unbounded processing of RunLengthDecode streams, where the content stream is parsed without proper memory usage checks and an attacker can craft a PDF that leads to large memory consumption...

Path Traversal

dbt-common is vulnerable to Path traversal. The vulnerability is due to the use of os.path.commonprefix for validating extraction paths, where commonprefix compares paths character‑by‑character rather than by path components, and an attacker can exploit this by providing a malicious tarball that...

Path Traversal

OpenChatBI is vulnerable to Path Traversal. The vulnerability is due to insufficient input sanitization of the fileformat parameter in the savereport tool, allowing attackers to manipulate file paths and potentially write files outside the intended directory...

Denial Of Service (DoS)

Python-Markdown is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of malformed HTML-like sequences during Markdown parsing, where html.parser.HTMLParser may raise an unhandled AssertionError, allowing attacker-supplied Markdown input to crash the application...

Arbitrary File Read

changedetection.io is vulnerable to Arbitrary File Read. The vulnerability is due to insufficient validation of user-supplied XPath expressions in the includefilters field, allowing attackers to use functions such as unparsed-text to read arbitrary files from the filesystem accessible to the...

Denial Of Service (DoS)

xgrammar is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of multi-level nested syntax, which can trigger a segmentation fault and crash the application...

Remote Code Execution (RCE)

Craft CMS is vulnerable to Remote Code Execution RCE. The vulnerability is due to a Server-Side Template Injection SSTI flaw in Twig template fields, which allows an authenticated administrator to write a malicious PHP file to a web-accessible directory and execute arbitrary system commands...

Inefficient Decoding

pypdf is vulnerable to inefficient decoding of ASCIIHexDecode streams. The vulnerability is due to an attacker being able to craft a PDF which leads to long runtimes, where accessing a stream uses the /ASCIIHexDecode filter and can be exploited by attackers to cause a denial of service...

Missing Authorization

craftcms/cms is vulnerable to Missing Authorization. The vulnerability is due to missing authorization checks in the GraphQL @parseRefs directive, which allows an attacker to access sensitive attributes of CMS elements without proper permissions...

SQL Injection

CocoIndex is vulnerable to SQL Injection. The vulnerability is due to insufficient validation of the configured table name in the Doris target connector, where untrusted input may be used to construct ALTER TABLE SQL statements, allowing attackers to inject malicious SQL during schema changes...

Server-Side Template Injection

craftcms/cms is vulnerable to Template Injection. The vulnerability is due to unsafe exposure of the create Twig function allowing arbitrary object instantiation combined with a Symfony Process gadget chain, which allows an attacker to execute arbitrary system commands on the server...

Server-Side Template Injection

Craft CMS is vulnerable to Server-Side Template Injection. The vulnerability is due to unsafe exposure of the create Twig function enabling arbitrary object instantiation combined with a Symfony Process gadget chain, which allows an attacker to execute arbitrary code on the server...