38184 matches found
SQL Injection
openlink virtuoso-opensource is vulnerable to a Denial of Service DoS attack. The vulnerability is due to an issue in the libclongjmp component, which allows attackers to cause a DoS via crafted SQL statements...
SQL Injection
openlink virtuoso-opensource is vulnerable to SQL Injection. The vulnerability is due to an issue in the dksetdelete component, enabling attackers to cause a DoS via crafted SQL statements...
SQL Injection
openlink virtuoso-opensource is vulnerable to SQL Injection. The vulnerability is due to an issue in the sqlcuniondtwrap component, allowing attackers to cause a DoS via crafted SQL statements...
SQL Injection
openlink virtuoso-opensource is vulnerable to SQL Injection. The vulnerability is due to an issue in the schnametoobject component, allowing attackers to cause a DoS via crafted SQL statements...
SQL Injection
openlink virtuoso-opensource is vulnerable to SQL Injection. The vulnerability is due to an issue in the mpboxdeserializestring function, which allows attackers to cause a DoS after executing a SELECT statement...
SQL Injection
openlink virtuoso-opensource is vulnerable to SQL Injection. The vulnerability is due to an issue in the chasharray component, enabling attackers to cause a DoS via crafted SQL statements...
SQL Injection
openlink virtuoso-opensource is vulnerable to SQL Injection. The vulnerability is due to an issue in the bifmod component, allowing attackers to cause a DoS via crafted SQL statements...
SQL Injection
openlink virtuoso-opensource is vulnerable to SQL Injection. The vulnerability is due to an issue in the libcmalloc component, enabling attackers to cause a DoS via crafted SQL statements...
SQL Injection
openlink virtuoso-opensource is vulnerable to SQL Injection. The vulnerability is due to an issue in the dfeunitcolloci component, allowing attackers to cause a DoS via crafted SQL statements...
SQL Injection
openlink virtuoso-opensource is vulnerable to SQL Injection. The vulnerability is due to an issue in the artmdivint component, enabling attackers to cause a DoS via crafted SQL statements...
SQL Injection
openlink virtuoso-opensource is vulnerable to SQL Injection. The vulnerability is due to an issue in the sqlopredscontradiction component, enabling attackers to cause a DoS via crafted SQL statements...
SQL Injection
openlink virtuoso-opensource is vulnerable to SQL Injection. The vulnerability is due to an issue in the sqloqueryspec component, enabling attackers to cause a DoS via crafted SQL statements...
SQL Injection
openlink virtuoso-opensource is vulnerable to SQL Injection. The vulnerability is due to an issue in the mpboxcopy component, enabling attackers to cause a DoS via crafted SQL statements...
SQL Injection
openlink virtuoso-opensource is vulnerable to SQL Injection. The vulnerability is due to an issue in the kcvarcol component, enabling attackers to cause a DoS via crafted SQL statements...
SQL Injection
openlink virtuoso-opensource is vulnerable to SQL Injection. The vulnerability is due to an issue in the sqlcmakepolicytrig component, enabling attackers to cause a DoS via crafted SQL statements...
SQL Injection
openlink virtuoso-opensource is vulnerable to SQL Injection. The vulnerability is due to an issue in the sinvcheckexp component, allowing attackers to cause a DoS via crafted SQL statements...
SQL Injection
openlink virtuoso-opensource is vulnerable to SQL Injection. The vulnerability is due to an issue in the dvcompare component, enabling attackers to cause a DoS via crafted SQL statements...
SQL Injection
openlink virtuoso-opensource is vulnerable to SQL Injection. The vulnerability is due to an issue in the gpfnotice component, enabling attackers to cause a DoS via crafted SQL statements...
SQL Injection
openlink virtuoso-opensource is vulnerable to SQL Injection. The vulnerability is due to an issue in the sqlounionscope component, enabling attackers to cause a DoS via crafted SQL statements...
SQL Injection
openlink virtuoso-opensource is vulnerable to SQL Injection. The vulnerability is due to an issue in the stricmp component, allowing attackers to cause a DoS via crafted SQL statements...
SQL Injection
openlink virtuoso-opensource is vulnerable to SQL Injection. The vulnerability is due to an issue in the strhash component, enabling attackers to cause a DoS via crafted SQL statements...
SQL Injection
openlink virtuoso-opensource is vulnerable to SQL Injection. The vulnerability is due to an issue in the psiginfo component, enabling attackers to cause a DoS via crafted SQL statements...
Improper Check For Unusual Or Exceptional Conditions
github.com/spacemeshos/go-spacemesh is vulnerable to Improper Check for Unusual or Exceptional Conditions. The vulnerability is due to the incorrect referencing of previous activation transactions ATXs. An attacker can manipulate the reward system by referencing an earlier ATX, thereby bypassing...
Server-Side Request Forgery
@lobehub/chat is vulnerable to Server-Side Request Forgery. This vulnerability arises due to insufficient validation of user-supplied URLs which allows attackers to forge server-side requests...
Uncontrolled Recursion
Exiv2 is vulnerable to an Uncontrolled Recursion. The vulnerability is due to faulty handling of directory offsets in bigtiffimage.cpp, allowing an infinite loop through recursive function calls when processing specially crafted TIFF files...
Cross-Site Scripting (XSS)
froxlor/froxlor is vulnerable to Cross-Site Scripting. The vulnerability is due to inadequate sanitization of user input in the loginname parameter during failed login attempts, which allows attackers to inject and store malicious scripts that are executed when an administrator views the System...
Cross-Site Scripting (XSS)
sylius/sylius is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization within autocomplete fields and the category tree in the Admin panel, which allows an attacker to insert arbitrary JavaScript into Name fields such as the Taxons, Products, Product...
Denial Of Service(DoS)
unbound is vulnerable to Denial of ServiceDoS. The vulnerability is due to DNS queries being accumulated and responses being sent in pulsing bursts, which can cause resource consumption and traffic amplification...
Information Disclosure
github.com/zitadel/zitadel is vulnerable to an Information Disclosure. The vulnerability is due to inadequate error handling, which can allows expose sensitive database connection information to users during a connection failure...
Denial Of Service (DoS)
libfrr.so is vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient handling of NULL return values when calling functions in the getedge function within ospfte.c in the OSPF daemon, resulting in a crash of the daemon and subsequent denial of service...
Regular Expression Denial Of Service (ReDoS)
s3-url-parser is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to a regex with inefficient complexity, allowing an attacker to craft long s3 URLS that triggers excessive resource consumption, leading to denial of service...
Information Disclosure
thelounge is vulnerable to Information Disclosure. The vulnerability is due to inadequate handling of unique identifiers when different connections share the same local port but have various addresses, potentially leading to the public disclosure of user information...
Path Traversal
com.netflix.genie: genie-web is vulnerable to Path Traversal. The vulnerability is caused by improper filename validation in the saveAttachments method within LocalFileSystemAttachmentServiceImpl.java, due to missing checks to prevent a filename from starting with ... An attacker can upload a fil...
SQL Injection
Npgsql is vulnerable to SQL injection. The vulnerability is caused by an integer overflow in the WriteBind method within NpgsqlConnector.FrontendMessages.cs, which leads to miscalculated message lengths when constructing PostgreSQL protocol messages. This allows attackers to manipulate message...
Command Injection
github.com/1panel-dev/1panel is vulnerable to Command injection. The vulnerability arises from insufficient input sanitization, that allowing attackers to write arbitrary files by exploiting the log retrieval API. This can lead to unauthorized command execution or arbitrary file write...
Information Disclosure
github.com/projectcalico/calico is vulnerable to Information Disclosure. The vulnerability is due to a compromised pod with sufficient privilege being able to reconfigure the node’s IPv6 interface, as the node accepts route advertisement by default, allowing the attacker to redirect full or parti...
HTTP Request Smuggling
Next is vulnerable to HTTP Request Smuggling. The vulnerability is due to inconsistent interpretation of a HTTP request, resulting in treating it as both a single request and two separate requests, leading to desynchronized responses. This allows attackers to craft HTTP request to manipulate or...
Server-Side Request Forgery
next is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper handling of the Host header within Server Actions. This allows an attacker to make unauthorized requests that appear to originate from the Next.js application server, allowing access to internal network...
Cross-site Scripting (XSS)
Buildbot is vulnerable to a cross-site scripting XSS. The vulnerability is due to improper santization within the waterfall web status view status/web/waterfall.py, enabling remote attackers to inject arbitrary web script or HTML...
Cross-site Scripting (XSS)
Buildbot is vulnerable to Cross-Site Scripting XSS vulnerabilities. The vulnerability is due to improper sanitization, allowing remote attackers to inject arbitrary web script or HTML...
Remote Code Execution (RCE)
zodb3 is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of certain Zope Enterprise Objects ZEO database sharing, allowing remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol...
Authentication Bypass
Zope Object Database ZODB Authentication Bypass. The vulnerability is due to certain configurations of Zope Enterprise Objects ZEO database sharing, which can be exploited by remote attackers via vectors involving the ZEO network protocol...
Directory Traversal
cherryPy is vulnerable to Directory Traversal. The vulnerability is due to insufficient input validation by utilizing .. sequences within the staticfilter component, which allows remote attackers to read arbitrary files...
XML External Entity (XXE) Injection
@cyclonedx/cyclonedx-library is vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper XML parsing configuration within xmlValidator.node.ts, allowing an attacker to potentially access sensitive files or execute malicious code through crafted XML entities...
Arbitrary Code Execution
ipython is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper origin validation of websocket requests, allowing remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page...
Denial Of Service (DoS)
github.com/vitessio/vitess is vulnerable to Denial Of Service DoS. The vulnerability is caused by an endless loop triggered by a specific query in the vtgate component. This loop leads to continuous memory consumption, eventually resulting in Denial of Service DoS...
Denial Of Service (DoS)
github.com/golang/go is vulnerable to Denial Of Service DoS. The vulnerability is due to improper corruption checks which causes the lookup function to get stuck in an infinite loop, which allows an attacker to cause Denial of Service DoS by submitting a malformed DNS message...
Arbitrary Code Execution
github.com/golang/go is vulnerable to Arbitrary Code Execution. The vulnerability is caused by building a GO module which contains Cgo code due to usage of the -ltolibrary flag in a cgo LDFLAGS directive. Note that this vulnerability is only exploitable on Darwin systems...
Deserialization Of Untrusted Data
org.apache.inlong: manager-pojo is vulnerable to Deserialization of Untrusted Data. The vulnerability is caused by improper query parameters sanitization within the filterSensitive method, which allows an attackers to bypass JDBC security checks...
Use After Free
libvirt is vulnerable to Use After Free. The vulnerability is due to a race condition in the virNetClientIOEventLoop method, where the data pointer to a stack-allocated structure is used after the stack frame is freed. If libvirt is configured with fine-grained access control, an attacker could...