38184 matches found
Session Fixation
laravel/framework is vulnerable to Session Fixation. The vulnerability is due to ineffective token validation allowing malicious users to maintain access even after the actual user's logout or password reset...
Token Disclosure
github.com/fluxcd/source-controller is vulnerable to Token Disclosure though logs. The vulnerability is due to improper credential masking in error statements when the source-controller encounters an error when connecting to Azure Blob Storage, resulting in the Azure SAS token being logged along...
SQL Injection
com.amazon.redshift, redshift-jdbc42 is vulnerable to SQL Injection. The vulnerability is due to the use of a non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL statement which negates a parameter value. The vulnerability allows a...
Insecure Direct Object Reference (IDOR)
org.bonitasoft.engine, bonita-server is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to the absence of dynamic permissions, which previously existed only in the Subscription edition and were not customizable in the Community edition...
Unrestricted File Upload
cockpit-hq/cockpit is vulnerable to Unrestricted File Upload. The vulnerability is due to an improper file upload checks within the /media/api POST endpoint which can be exploited to compromise the system's integrity, allowing unauthorized access or data manipulation...
Cross-site Scripting (XSS)
laravel/framework is vulnerable to Cross-site Scripting XSS. The vulnerability is caused due to improper sanitization of user-defined Blade Component tag attributes within ComponentTagCompiler.php, which allows an attackers to execute malicious scripts...
Arbitrary File Read / Account Takeover
getgrav/grav is vulnerable to to Account Takeover. The vulnerability is due to a lack of proper access controls and input validation mechanisms, allowing low privilege users with page edit privilege to exploit Twig Syntax to read sensitive server files, compromising user accounts and potentially...
Cross Site Scripting (XSS)
kongadmin is vulnerable to Cross Site Scripting XSS. This vulnerability is due to inadequate input validation on the username parameter, allowing attackers to inject malicious scripts into the application...
Server-side Request Forgery
org.apache.karaf, cave is vulnerable to Server-side Request Forgery. The vulnerability is due to improper input validation, which allows attackers to manipulate the server into making unauthorized requests to internal services, potentially accessing sensitive data or interacting with internal...
Cross-Site Scripting (XSS)
typo3/cms-core is vulnerable to Cross-Site Scripting XSS. The vulnerability is caused due to a lack of proper input sanitization and encoding of user-generated content in the form module. Exploiting this flaw enables attackers to inject and execute malicious scripts...
Heap-based Buffer Overflow
IBM MQ Appliance 9.3 CD and LTS are vulnerable to a Heap-based Buffer Overflow. The vulnerability is due to improper bounds checking, allowing a remote authenticated attacker to overflow a buffer and execute arbitrary code on the system or cause the server to crash...
Use After Free
qt6-qtwebengine is vulnerable to Use after Free. The vulnerability is due to heap corruption caused by a crafted HTML page, which allows an attacker to exploit the system...
Improper TLS Ciphers Configuration
github.com/nats-io/nats-server/ is vulnerable to Improper TLS Ciphers Configuration. The vulnerability is due to the loss of restricted ciphersuite settings when using CLI options to set a key/cert for TLS, enabling all ciphersuites supported by Go by default...
URL Manipulation
oceanic.js is vulnerable to a URL Manipulation. The vulnerability is due to improper input handling in certain functions such as Client.rest.channels.removeBan, which allows an attacker to manipulate the request specially crafted input to be normalized into unintended URLs, potentially resulting ...
Improper Digest Validation
github.com/containers/image is vulnerable to Improper Digest Validation. The vulnerability is due to improper validation of digest values, which allows an attacker to trigger authenticated registry accesses when pulling untrusted images...
Information Disclosure
scrapy is vulnerable to Information Disclosure. The vulnerability is due to redirects ignoring scheme specific proxy settings, which results in http / https schemes using the wrong proxy if the proxy was configured to be scheme specific...
Authorization Header Leakage
scrapy is vulnerable to Authorization Header Leakage. The vulnerability is due to including the authorization header during redirects, where the domain remains the same but the scheme or port changes...
Inproper Authorization
Ant Media Server Community Edition is vulnerable to Improper Authorization. The vulnerability is due to improper HTTP header based authorization which allows unauthorized users to potentially access non-administrative API calls reserved for authorized users...
Cross-Site Scripting (XSS)
typo3/cms-core is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improperly encoding user-controlled values in file entities. This issue allows an attacker to execute arbitrary scripts in the context of the user's browser...
Open Redirect
scrapy is vulnerable to Open Redirect. The vulnerability is due to indiscriminate handling of redirects across different URL schemes, which can result in redirecting requests to potentially malicious destinations, such as local files, malicious FTP servers, or S3 buckets. If an attacker has acces...
HTML Injection
typo3/cms-core is vulnerable to HTML Injection. The vulnerability is caused due to a lack of proper HTML encoding or sanitization in the historyRow.title variable. This allows an attacker to inject malicious HTML markup via the history backend module...
Insufficient Verification Of Data Authenticity
sshpiper is vulnerable to Insufficient Verification of Data Authenticity. The vulnerability is due to the proxy protocol listener which does specify a specific listener, allowing an attacker forage the proxy source address...
Cross-Site Scripting (XSS)
prestashop/prestashop is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the customer thread feature allowing malicious file uploads through the front-office contact form. When an admin opens the attached file in back office, arbitrary JavaScript will be executed which can...
Command Injection
github.com/cea-hpc/sshproxy is vulnerable to Command Injection. The vulnerability is due to missing input santization when constructing the ssh command string, which allows an authorized user to inject options into the ssh command executed by sshproxy...
Insecure Direct Object Reference (IDOR)
prestashop/prestashop is vulnerable to an Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient access controls, which allows any invoice to be downloaded from the front-office in anonymous mode by supplying a random securekey parameter in the URL...
Improper Session Management
reportico-web/reportico is vulnerable to Improper Session Management. The vulnerability is due to improper handling of session tokens, which allows an attacker to reuse a token after a user has logged out...
Authentication Bypass
OctoPrint is vulnerable to an Authentication Bypass. The vulnerability is due to an unauthenticated attacker being able to bypass authentication by spoofing their IP via the X-Forwarded-For header when the autologinLocal option is enabled, even if they are from networks not configured as...
Weak Hashing Algorithm
php-censor/php-censor is vulnerable to a Weak Hashing Algorithm. The vulnerability is due to the rememberKey being generated using only the MD5 hash of the login timestamp without adding any randomness or salt, making it susceptible to brute-force attacks. This allows attackers to easily compute...
Uncontrolled Resource Consumption
typo3/cms-core is vulnerable to Uncontrolled Resource Consumption. The vulnerability is due to a lack of cryptographic HMAC-signature on the frame HTTP query parameter in the ShowImageController, which allows attackers to generate an arbitrary number of thumbnail images on the server side which c...
Remote Code Execution (RCE)
microsoft.netcore.app.runtime is vulnerable to Remote Code Execution. The vulnerability is due to a stack buffer overrun in the .NET Double Parse routine. This allows attackers to execute arbitrary code on the affected system by providing malformed input data that is improperly handled by the...
Denial Of Service (DoS)
Microsoft.AspNetCore.App.Runtime is vulnerable to Denial of Service DoS. The vulnerability is caused by a deadlock that occurs within the .NET Kestrel web server, specifically impacting the handling of concurrent requests under certain conditions, which allows an attacker to potentially disrupt...
Stored Cross-Site Scripting (XSS)
nocodb is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization when viewing uploaded HTML files, allowing malicious scripts to be executed when the file is opened in a browser...
Arbitrary File Read
github.com/dotmesh-io/dotmesh is vulnerable to Arbitrary File Read. The vulnerability is due to the unsafe handling of symbolic links in an unpacking routine, allowing attackers to read and/or write to arbitrary locations outside the designated target folder...
Denial Of Service (DoS)
MediaWiki is vulnerable to Denial Of Service DoS. The vulnerability is due to a flaw in includes/specials/SpecialMovePage.php. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands of subpages, then the page will exceed the maximum request...
Cross-site Scripting (XSS)
MediaWiki is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to mishandling of the 0x1b character in includes/CommentFormatter/CommentParser.php, as demonstrated by Special:RecentChanges%1b0000000...
Account Takeover
mantisbt/mantisbt is vulnerable to Account Takeover. The vulnerability is due to insufficient validation of the confirmation hash and token expiration during the password reset process, allowing an attacker to reset another user's password and take over their account...
Denial Of Service (DoS)
octo-sts is vulnerable to Denial of Service DoS. The vulnerability is due to missing HTTP request response size checks, which allows an attacker to cause a Denial of Service by flooding the STS service with traffic...
Information Disclosure
mantisbt/mantisbt is vulnerable to Information Disclosure. The vulnerability is due to insufficient access checks when generating hyperlinks for users who do not have access, allowing some information to be revealed via the link, link label, and tooltip...
SQL Injection
nocodb is vulnerable to SQL Injection. The vulnerability is due improper sanitization of the tablename parameter within VitessClient.ts, which allows an authenticated attacker with the create access permission to execute arbitrary SQL by escaping the query with a ' character within the tablename...
Cross-Site Scripting (XSS)
nautobot is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation of the BANNERTOP, BANNERBOTTOM, and BANNERLOGIN text, which allows an admin authenticated attacker to inject arbitrary HTML into the configuration settings via the /admin/constance/config/endpoint,...
Buffer Over-read
libxml2.so is vulnerable to Buffer over-read. The vulnerability is due to the xmllint --htmlout command in the xmlHTMLPrintFileContext function within xmllint.c, allowing an attacker to potentially access sensitive information, cause a denial of service or execute arbitrary code...
Sensitive Information Disclosure
directus is vulnerable to an Sensitive Information Disclosure. The vulnerability is due to inadequate filtering of hashed data when using the alias API, allowing users to retrieve sensitive information in plaintext that is normally redacted...
Server Side Request Forgery (SSRF)
llama-cpp-python is vulnerable to Server Side Request Forgery SSRF. The vulnerability is due to loading the chat template in a sandbox-less jinja2.Environment, allowing an attacker to execute arbitrary code by crafting a malicious payload within a model, and convincing a user intro running it...
Cross-Site Scripting
mantisbt/mantisbt is vulnerable to Cross-Site Scripting. The vulnerability is due to improper user input sanitization of the custom field's name, allowing attackers to inject HTML and potentially execute arbitrary JavaScript in certain scenarios...
JWT Exposure
@valtimo/components is vulnerable to JWT Exposure. The vulnerability is due to a misconfiguration of the Form.io component, which exposes the user's access token JWT to api.form.io via the x-jwt-token header, allowing attackers to retrieve personal information or execute requests to the Valtimo...
Cross-Site Scripting (XSS)
nocodb is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient user input sanitization within the Formula virtual cell comments functionality, allowing attackers to inject malicious JavaScript code via crafted URLs...
Insufficient Session Token Expiration
directus is vulnerable to Insufficient Session Token Expiration. This vulnerability is due to improperly invalidating session tokens upon logout, resulting in them remaining valid until their expiration time of one day...
SQL Injection
openlink virtuoso-opensource is vulnerable to SQL Injection. The vulnerability is due to an issue in the nssdatabaselookup component, allowing attackers to cause a DoS via crafted SQL statements...
SQL Injection
openlink virtuoso-opensource is vulnerable to SQL Injection. The vulnerability is due to an issue in the dfeqexplist component, enabling attackers to cause a DoS via crafted SQL statements...
SQL Injection
openlink virtuoso-opensource is vulnerable to a SQL Injection. The vulnerability is due to an issue in the IOdefaultxsputn component, allowing attackers to cause a DoS via crafted SQL statements...