Server-Side Request Forgery (SSRF)

github.com/usememos/memos is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of user input at the /api/resource endpoint, allowing authenticated users to send crafted requests and perform Server-Side Request Forgery SSRF to enumerate the internal...

Path Traversal

Hono is vulnerable to Path Traversal. The vulnerability is caused due due to a lack of proper path validation when using serveStatic with Deno. This allows an attacker to access unintended files through directory traversal, potentially leading to unauthorized data exposure or manipulation...

Denial Of Service (DoS)

strukturag/libde265 is vulnerable to Denial of Service DoS. The vulnerability is caused due to a lack of proper bounds checking when calculating memory allocation sizes within image.cc. An attacker could manipulate the values to exceed the intended dimensions, leading to a buffer overflow and...

Arbitrary Code Injection

mysql2 is vulnerable to Arbitrary Code Injection. The vulnerability is due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function. This allows an attacker to inject arbitrary code into the system...

Out-of-bounds Read

libfreerdp.so is vulnerable to Out-of-bounds Read. The vulnerability is due to improper handling of nWidth and nHeight when both are zero, This allowing an attacker to potentially access or modify memory outside the intended buffer limits...

Denial Of Service (DoS)

matrixsynapse is vulnerable to a Denial of Service attack. The vulnerability is due to a weakness in how the auth chain cover index is calculated, which allows an attacker to dispatch specially crafted events that induce high CPU consumption and excessive data accumulation in the database,...

Cross-Site Scripting

sylius/sylius is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input anitaization within the Province field in the Address Book. This allows attackers to inject malicious scripts, which can be executed in the browsers of other users who view the Province field...

Prototype Pollution

Conform is vulnerable to prototype pollution. The vulnerability is due to the nested object parsing, allowing attackers to trigger prototype pollution by passing crafted input to parseWith functions. Applications using Conform for server-side validation of form data or URL parameters are affected...

Cross Site Scripting

github.com/gohugoio/hugo/ is vulnerable to Cross Site Scripting. This vulnerability arises due to insufficient escaping of title arguments in Markdown, impacting users who utilize these hooks without full trust in their Markdown content files...

Buffer Overflow

sngrep is vulnerable to a Buffer Overflow. The vulnerability is due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers, where the functions sipgetcallid and sipgetxcallid in sip.c use the strncpy function to copy header contents into fixed-size buffers without checking the data length...

Stack-Buffer Overflow

sngrep is vulnerable to a Stack-Buffer Overflow. The vulnerability is due to inadequate bounds checking when copying 'Content-Length' and 'Warning' headers into fixed-size buffers in the sipvalidatepacket and sipparseextraheaders functions within src/sip.c. It allows remote attackers to execute...

Improper Input Validation

Kubernetes is vulnerable to Improper Input Validation. The vulnerability is due to containers, init containers, and ephemeral containers with the envFrom field populated bypassing the mountable secrets policy, which ensures that pods running with a service account may only reference secrets...

Improper Input Validation

jadx is vulnerable to Improper Input Validation. The vulnerability is due to lack of filtering of the package name before concatenation, allowing an attacker to inject arbitrary code into the package name, which could be exploited to execute commands with shell privileges...

Authentication Bypass Via Spoofing

Apache HugeGraph-api is vulnerable to an Authentication Bypass via Spoofing. The vulnerability is due to insufficient authentication checks, allowing an attacker to bypass authentication by spoofing certain parameters or headers...

Sandbox Escape

@hoppscotch/cli is vulnerable to Sandbox Escape. The vulnerability is due to the insecure usage of the Node.js vm module, which allows untrusted JavaScript code to break out of the sandbox. It allows to gain access to references of objects created outside of the vm context...

Server-Side Request Forgery (SSRF)

Apache HugeGraph-Hubble is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is caused due to inadequate improper input validation, which allows attackers to send crafted requests to internal or restricted network resources...

SQL Injection

librenms/librenms is vulnerable to SQL Injection. The vulnerability is due to inadequate validation of the order parameter sourced from the $request in the file apifunctions.inc.php where the parameter value is directly incorporated into an SQL statement and concatenated. This allows attackers to...

Remote Code Execution

org.apache.hugegraph:hugegraph-api and org.apache.hugegraph:hugegraph-core are vulnerable to Remote Code Execution.The vulnerability is due to improper input validation, allowing attackers to execute arbitrary commands remotely. This vulnerability is observed in Java8 and Java11...

SQL Injection

librenms/librenms is vulnerable to a SQL Injection. The vulnerability is due to inadequate input validation in the end point POST /search/search=packages within packages.inc.php, allowing a user with global read privileges to execute SQL commands via the package parameter and allows an attacker t...

Improper Preservation Of Permissions

github.com/authelia/authelia/ is vulnerable to Improper Preservation Of Permissions. The vulnerability is due to a flaw in the implementation of user group management. This can lead to unexpected outcomes like the changes to a user group are not taken into account by access control for longer tha...

Cross-site Scripting (XSS)

LibreNMS is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization on the Service template name which is reflecting in delete button onclick event. This allows malicious javascript code to be stored and executed...

Path Traversal

io.github.skylot:jadx-core is vulnerable to Path Traversal. The vulnerability is due to improper handling of escape characters in resource files and insufficient validation in processing zip files. This can lead to the possibility of overwriting other files in the directory when saving the...

Privilege Escalation

Ant Media Server is vulnerable to Privilege Escalation. The vulnerability is caused by running Java Management Extensions JMX with authentication disabled on localhost on port 5599. This allows unprivileged users to connect locally and leverage MLet Bean within JMX to load a remote MBean from an...

Cross Site Scripting

github.com/apache/incubator-answer is vulnerable to Cross Site Scripting. The vulnerability is due to improper neutralization of input during web page generation when user modifies their personal website. This allows attackers to inject malicious scripts into the website, which could be executed ...

Time-of-check Time-of-use (TOCTOU) Attack

OpenStack Storlets is vulnerable to Time-of-check Time-of-use TOCTOU Attack. The vulnerability is caused due to a lack of strict permission checks and restriction, leading to improper permission settings on file creation. This allows an attacker to gain unauthorized access to or modify sensitive...

UI Spoofing

chromium is vulnerable to UI Spoofing. The vulnerability is due to inappropriate implementation in Autofill in Google Chrome, allowing attackers who convince users to install a malicious app can exploit this vulnerability to perform UI spoofing through a crafted app...

Out-of-Bounds-Read

Chrome is vulnerable to Out-of-Bounds-Read. The vulnerability is due to an out-of-bounds read in the Fonts component of Google Chrome, allowing a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...

Use-After-Free

chrome is vulnerable to a Use-after-Free. The vulnerability is due to improper implementation of QUIC Quick UDP Internet Connections protocol within Google Chrome, allows a remote attacker who has compromised the renderer process to potentially exploit heap corruption via a crafted HTML page...

Use-After-Free

chrome is vulnerable to a Use-after-Free. The vulnerability is due to a use-after-free issue in the Downloads component of Google Chrome, allows a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Object Corruption

chrome is vulnerable to a Object Corruption. The vulnerability is due to object corruption in WebAssembly within Google Chrome versions. It allows a remote attacker to potentially exploit object corruption via a crafted HTML page...

Object Corruption

chrome is vulnerable to a Object Corruption. The vulnerability is due to object corruption in the V8 JavaScript engine within Google Chrome. It allows a remote attacker to potentially exploit object corruption via a crafted HTML page...

Security Bypass

chrome is vulnerable to Security Bypass. The vulnerability is due to insufficient policy enforcement in WebUI within Google Chrome, allows a remote attacker to bypass content security policy via a crafted HTML page...

Content Bypass

chrome is vulnerable to a Content Bypass. The vulnerability is due to inappropriate implementation in Networks within Google Chrome versions, allows a remote attacker to bypass mixed content policy via a crafted HTML page...

UI Spoofing

chrome is vulnerable to UI spoofing. The vulnerability is due to inappropriate implementation in Prompts within Google Chrome, allows a remote attacker who convinces a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page...

UI Spoofing

chrome is vulnerable to UI spoofing. The vulnerability is due to insufficient data validation in the Downloads component of Google Chrome, allows a remote attacker to perform UI spoofing via a crafted HTML page...

UI Spoofing

chrome is vulnerable to UI spoofing.The vulnerability is due to inappropriate implementation in Extensions within Google Chrome, allows a remote attacker to perform UI spoofing via a crafted Chrome Extension...

Cross Site Scripting(XSS)

chrome is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to insufficient data validation in the Browser Switcher component of Google Chrome, allows a remote attacker to inject scripts or HTML into a privileged page via a malicious file...

Navigation Bypass

chrome is vulnerable to Navigation Bypass. The vulnerability is due to insufficient policy enforcement in Site Isolation within Google Chrome, allows a remote attacker to bypass navigation restrictions via a crafted HTML page...

Denial Of Service (DoS)

libapache2-mod-auth-openidc is vulnerable to Denial Of Service DoS. The vulnerability is due to missing input validation on the modauthopenidcsessionchunks cookie value and the server struggling with requests for a long time and eventually returning a 500 error when the value of the cookie is...

Argument Injection

github.com/hashicorp/go-getter library is vulnerable to Argument Injection. The vulnerability is due to improper handling of user input in the file getgit.go, which allows for the injection of malicious arguments into Git commands during branch discovery...

Server Side Request Forgery

github.com/usememos/memos is vulnerable to Server-Side Request Forgery. The vulnerability exist due to an improper input validation at the /o/get/image endpoint, allowing unauthenticated users to manipulate server-side requests and retrieve images from the internal network and also leads to a...

Server Side Request Forgery

github.com/usememos/memos is vulnerable to Server Side Request Forgery. The vulnerability is due to improper input validation at the /o/get/httpmeta endpoint in the file httpgetter.go, allowing unauthenticated users to enumerate the internal network and receive limited HTML values in JSON form...

Out-Of-Bounds Read

Pytorch is vulnerable to an Out-of-bounds Read. The vulnerability is caused due to a missing validation for mobileivaluesize variable for a value greater than ivalues-size in function FlatbufferLoader::parseModule within torch/csrc/jit/mobile/flatbufferloader.cpp. This introduces potential for...

Cross-Site Scripting

github.com/baidu/openrasp is vulnerable to Cross-Site Scripting. The vulnerability is due to improper handling of input and lack of output sanitization in the redirect parameter on the /login page. This allows attacker to inject arbritrary javascript to be executed with the permissions of a user...

Improper Certificate Validation

apache airflow is vulnerable to Improper Certificate Validation. The vulnerability is due to incomplete certificate validation in FTPTLS connections within the FTP hook, which can potentially be exploited. Implementing proper certificate validation by passing context=ssl.createdefaultcontext duri...

Improper Synchronisation

https://github.com/evmos/evmos/ is vulnerable to Improper Synchronisation. The vulnerability is due to a lack of synchronization between two states during transaction execution, allowing for arbitrary token minting. This exploit occurs because the stateDB.Commit method updates the Cosmos SDK...

Assertion Failure

libjasper.so is vulnerable to an Assertion Failure. The vulnerability is due to improper handling in the jpcstreamlistremove function within jpcdec.c, allowing attackers to trigger a denial of service through a malformed image file...

Improper Authentication

jenkins-core is vulnerable to Improper Authentication. The vulnerability is due to the CLI using remote-based commands that stored encrypted user names in a cache particularly login command, enabling attacker with certain permissions to impersonate any Jenkins user...

Incorrect Permission Assignment For Critical Resource

github.com/git-ecosystem/git-credential-manager/ is vulnerable to Incorrect Permission Assignment For Critical Resource. The vulnerability is due to improper file ownership settings where Debian package does not set root ownership on installed files. This allows user 1001 on a multi-user system t...

Log Injection

flask-cors is vulnerable to Log Injection when the log level is set to debug. The vulnerability is due to improper output neutralization for logs within extension.py. This allows attackers to insert fake log entries through specially crafted GET requests containing CRLF sequences in the request...