38108 matches found
Improper Signature Verification
Authlib is vulnerable to improper signature verification. The vulnerability is due to improper validation of JWT tokens where tokens with alg: none and an empty signature bypass the signature verification process, which allows an attacker to forge authentication tokens and gain unauthorized acces...
Command Injection
idno/known is vulnerable to Command Injection. The vulnerability is due to improper handling of file imports combined with template path traversal, which allows an attacker to write malicious files and execute arbitrary code on the server...
Path Traversal
changedetection.io is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths during the backup restore process, which allows an attacker to upload a crafted ZIP archive containing path traversal sequences and overwrite arbitrary files on the system...
Server-Side Request Forgery
Idno is vulnerable to Server-Side Request Forgery. The vulnerability is due to a logic error in the API authentication flow that bypasses CSRF protection, where the endpoint lacks a login requirement and unauthenticated attackers can trigger arbitrary outbound HTTP requests to any host and retrie...
Arbitrary File Upload
wwbn/avideo is vulnerable to Arbitrary File Upload. The vulnerability is due to insufficient validation of files during plugin upload and extraction, which allows an attacker to upload a crafted archive containing malicious PHP code and execute it on the server...
Cross-site Scripting (XSS)
league/commonmark is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper filtering of disallowed HTML tags that can be bypassed using whitespace characters, which allows an attacker to inject and execute malicious scripts...
Missing Authentication For Critical Function
Apache ActiveMQ Artemis is vulnerable to Missing Authentication for Critical Function. The vulnerability is due to missing authentication checks in the Core protocol federation mechanism, allowing an unauthenticated attacker to force the broker to establish an outbound connection to a rogue broke...
Denial Of Service (DoS)
tools.jackson.core, jackson-core is vulnerable to Denial of Service DoS. The vulnerability is due to the UTF8DataInputJsonParser and ReaderBasedJsonParser bypassing the maxNestingDepth constraint when parsing JSON, which allows an attacker to supply excessively nested JSON input that triggers a...
Cross-site Scripting (XSS)
Astro is vulnerable to Cross Site Scripting XSS. The vulnerability is due to a Reflected Cross-Site Scripting XSS vulnerability in Astro's development server error pages when the trailingSlash configuration option is used, where an attacker can inject arbitrary JavaScript code that executes in th...
Prototype Pollution
expr-eval and expr-eval-fork is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of JavaScript prototype-based inheritance in the eval interface, which allows an attacker with access to manipulate object prototypes and potentially achieve arbitrary code execution...
Cross-site Scripting (XSS)
Nuxt DevTools is vulnerable to Cross Site Scripting XSS. The vulnerability is due to a lack of proper input validation, where an attacker can inject malicious code and extract Nuxt auth tokens under certain configurations...
Arbitrary Code Execution
Claude Code is vulnerable to Arbitrary Code Execution. The vulnerability is due to Yarn plugin execution occurring before the startup trust dialog when running in a project using Yarn 3.0 or above, allowing malicious project plugins to execute code if a user launches Claude Code in an untrusted...
Input Validation Bypass
ai is vulnerable to Input Validation Bypass. The vulnerability is due to improper validation of uploaded file types, which allows an attacker to bypass filetype whitelists and upload unauthorized files...
Authentication Bypass
Astro is vulnerable to Authentication Bypass. The vulnerability is due to inconsistent path normalization between Astro’s routing logic and middleware validation, where routing applies decodeURI but middleware checks context.url.pathname without decoding, allowing attackers to access protected...
Open Redirect
miniflux.app/v2 is vulnerable to Open Redirect. The vulnerability is due to improper validation of the redirecturl parameter where protocol-relative URLs bypass the url.Parse....IsAbs check, which allows an attacker to redirect users to attacker-controlled websites after login...
Server-Side Request Forgery (SSRF)
mcp-fetch-server is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper private IP validation, which allows an attacker to bypass the validation mechanism and access internal network resources...
Server-Side Request Forgery (SSRF)
Angular SSR is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to Angular’s request handling pipeline trusting user-controlled Host and X-Forwarded- HTTP headers without proper validation, which allows an attacker to manipulate URL reconstruction and perform arbitrary...
SQL Injection
TypeORM is vulnerable to SQL Injection. The vulnerability is due to improper handling of object values in the sqlstring call where stringifyObjects defaults to false, which allows an attacker to inject crafted SQL through requests to repository.save or repository.update...
Missing Authorization
github.com/treeverse/lakefs is vulnerable to Missing Authorization. The vulnerability is due to lack of authentication checks on the /api/v1/usage-report/summary endpoint, which allows an attacker to access aggregate API usage information without authorization...
Denial Of Service (DoS)
github.com/hashicorp/consul is vulnerable to Denial Of Service DoS. The vulnerability is due to incorrect Content Length header validation, where an attacker can exploit this vulnerability to cause a denial of service...
Denial Of Service (DoS)
github.com/hashicorp/consul is vulnerable to Denial of Service DoS. The vulnerability is due to lack of maximum value on the Content Length header, where an attacker can exploit this vulnerability to cause a denial of service, and this can be done by sending a request with a large Content Length...
Open Redirect
Volo.Abp.Account.Web is vulnerable to Open Redirect. The vulnerability is due to improper validation of the returnUrl parameter in the register function, where an attacker can redirect users to arbitrary external domains by exploiting this vulnerability...
Information Disclosure
Storybook is vulnerable to Information Disclosure. The vulnerability is due to a bug in how Storybook handles environment variables defined in a .env file, which could, in specific circumstances, lead to those variables being unexpectedly bundled into the artifacts created by the storybook build...
Arbitrary Argument Injection
mcp-server-git is vulnerable to Arbitrary Argument Injection. The vulnerability is due to the gitdiff and gitcheckout functions passing user-controlled arguments directly to git CLI commands without sanitization, where flag-like values would be interpreted as command-line options rather than git...
Stack Overflow
fast-xml-parser is vulnerable to stack overflow vulnerability. The vulnerability is due to improper handling in the XML builder when preserveOrder:true is enabled, which allows an attacker to trigger a stack overflow and crash the application by providing crafted input data...
XML External Entity (XXE)
fast-xml-parser is vulnerable to XML External Entity XXE. The vulnerability is due to improper handling of a dot . in DOCTYPE entity names, which is treated as a regex wildcard during entity replacement, allowing an attacker to shadow built-in XML entities and bypass entity encoding, thereby...
Directory Traversal
No description provided...
Directory Traversal
mcp-server-git is vulnerable to Directory Traversal. The vulnerability is due to the gitinit tool accepting arbitrary filesystem paths and creating Git repositories without validating the target location, where an attacker can exploit this to create repositories at arbitrary locations, and...
Incorrect Authorization
Auth0-PHP is vulnerable to Incorrect Authorization. The vulnerability is due to improper validation of access tokens, where affected applications may accept ID tokens as Access tokens, and attackers can exploit this by manipulating the audience validation in access tokens...
Denial Of Service
pypdf is vulnerable to Denial of Service. The vulnerability is due to an attacker crafting a PDF with unusually large values in the /ToUnicode entry of a font, where parsing this entry leads to long runtimes and large memory consumption, and how attackers can exploit it by using this vulnerabilit...
Infinite Loop
pypdf is vulnerable to Infinite Loop. The vulnerability is due to an attacker being able to craft a PDF which leads to an infinite loop, where accessing the children of a TreeObject, for example as part of outlines, can be exploited by attackers...
Input Validation Bypass
Apache Superset is vulnerable to Input Validation Bypass. The vulnerability is due to specially crafted SQL statements can bypass the read-only verification check when using a PostgreSQL database connection, and attackers can exploit it to execute unauthorized actions...
Denial Of Service (DoS)
pypdf is vulnerable to Denial Of Service DoS. The vulnerability is due to manipulated FlateDecode XFA streams, where an attacker can craft a PDF that leads to RAM exhaustion by accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode...
Path Traversal
mcp-server-git is vulnerable to Path Traversal. The vulnerability is due to the gitadd tool not validating file paths, where relative paths containing ../ sequences that resolve outside the repository were accepted and staged into the Git index, and attackers can exploit this to potentially...
Remote Code Execution (RCE)
D-Tale is vulnerable to Remote Code Execution RCE. The vulnerability is due to a flaw in the /save-column-filter endpoint, where attackers can execute malicious code on the server, allowing them to run arbitrary code and potentially gain control of the system...
Sensitive Data Exposure
Apache Superset is vulnerable to Sensitive Data Exposure. The vulnerability is due to improper serialization of sensitive fields in the API response, where authenticated users with low privileges can retrieve sensitive user information, including password hashes, email addresses, and login...
Denial Of Service
pypdf is vulnerable to Denial of Service. The vulnerability is due to a malformed /FlateDecode stream, where the byte-by-byte decompression is used, and an attacker can craft a PDF which leads to long runtimes...
Sensitive Information Exposure
Flask is vulnerable to Sensitive Information Exposure. The vulnerability is due to incomplete handling of the Vary: Cookie header when accessing the session object, where certain access patterns e.g., using the in operator fail to mark responses as user-specific, allowing caching proxies to store...
SQL Injection
Apache Superset is vulnerable to SQL Injection. The vulnerability is due to an incomplete default list of restricted SQL functions for the ClickHouse engine, where attackers can execute potentially sensitive SQL functions within SQL Lab and charts...
Infinite Loop
pypdf is vulnerable to Infinite Loop. The vulnerability is due to the library's handling of circular /Prev entries in cross-reference streams, where an attacker can craft a PDF that leads to an infinite loop when read, allowing for a denial of service attack...
Buffer Overflow
psd-tools is vulnerable to Buffer Overflow. The vulnerability is due to malformed RLE-compressed image data, where decoderle raises ValueError which propagated all the way to the user, crashing psd.composite and psd-tools export, and attackers can exploit it by crafting a PSD file with malformed...
Path Traversal
Werkzeug is vulnerable to Path Traversal. The vulnerability is due to the safejoin function allowing Windows special device names as filenames if preceded by other path segments, where the function sendfromdirectory uses safejoin to safely serve files at user-specified paths under a directory and...
Deserialization Of Untrusted Data
Apache Camel is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to the DefaultLevelDBSerializer class deserializing data using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions, which allows an attacker to inject a crafted...
SQL Injection
LibreNMS is vulnerable to SQL Injection. The vulnerability is due to improper input sanitization and lack of parameterization in the IPv6 address search logic, where the prefix value is directly concatenated into the SQL query string without validation, and attackers can inject arbitrary SQL...
Authentication Bypass
Apache Tomcat is vulnerable to Authentication Bypass. The vulnerability is due to improper validation between the TLS SNI hostname and the HTTP Host header, allowing a client to send mismatched hostnames and bypass client certificate authentication in configurations with multiple virtual hosts...
Remote Code Execution (RCE)
mchange-commons-java is vulnerable to Remote Code Execution RCE. The vulnerability is due to its independent JNDI dereferencing implementation allowing remote factoryClassLocation values, which can cause the application to download and execute attacker-controlled code when processing a malicious...
Missing Cryptographic Key Commitment
Amazon.Extensions.S3.Encryption is vulnerable to Missing Cryptographic Key Commitment. The vulnerability is due to lack of cryptographic key commitment when storing encrypted data keys in instruction files instead of S3 metadata, which allows an attacker with write access to the bucket to introdu...
Denial Of Service (DoS)
org.bitbucket.bc:jose4j is vulnerable to a Denial-of-Service DoS. The vulnerability is due to improper handling of highly compressed JSON Web Encryption JWE tokens, which allows an attacker to supply a malicious token with an excessive compression ratio that triggers significant memory allocation...
Improper Configuration Control
weblate is vulnerable to improper configuration control. The vulnerability is due to the ability to remotely overwrite Git configuration, which allows an attacker to modify repository behavior and potentially manipulate project operations...
XML External Entity (XXE)
biopython is vulnerable to XML External Entity XXE. The vulnerability is due to improper handling of XML doctype declarations, which allows an attacker to inject malicious external entities and potentially read local files or access internal resources...