Path Traversal

mlflow/mlflow is vulnerable to a Path Traversal. The vulnerability is due to improper validation of the source parameter within handlers.py, allowing attackers to craft a parameter that bypasses checks, leading to arbitrary file read access on the server...

Improper Authentication

org.keycloak:keycloak-services is vulnerable to Improper Authentication. This vulnerability is due to improperly enforcement of token types, allowing an authenticated attacker to exchange a logout token for an access token, potentially accessing data beyond permitted permissions...

Incorrect Access Control

org.keycloak, keycloak-services is vulnerable to Incorrect Access Control. The vulnerability is due to inadequate validation of client step-up authentication in the Keycloak library. It allows a password-authenticated attacker to add a false second authentication factor to an account, enabling...

Use-after-free

Torch is vulnerable to a use-after-free vulnerability. The vulnerability is due to missing validation checks in the run function within interpreter.cpp, which can potentially lead to a Denial of Service DoS...

Information Disclosure

Umbraco is vulnerable to Sensitive Information Disclosure. The vulnerability is due to failing webhooks logs being accessible when the solution is not in debug mode, which can contain critical information...

Denial Of Service (DOS)

github.com/evmos/evmos is vulnerable to a Denial Of Service. The vulnerability is due to improper handling of nested MsgEthereumTx messages, allowing bypass of the block gas limit and causing indefinite chain halts...

Path Traversal

org.keycloak:keycloak-services is vulnerable to Path traversal. The vulnerability is due to a flaw in the redirecturi validation logic that may allow bypassing otherwise explicitly allowed hosts...

Improper Access Control

github.com/evmos/evmos is vulnerable to Improper Access Control. The vulnerability is due to Evmos allowing the creation of a vesting account at a designated address for smart contracts on the EVM, enabling attackers to front-run the creation of a contract and block legitimate contract deployment...

Open Redirect

org.springframework: spring-web is vulnerable Open Redirect. The vulnerability is caused due to improper validation checks on the host of the parsed URL, which could lead to potential SSRF attacks if the URL is utilized post-validation...

Cross-Site Request Forgery (CSRF)

org.keycloak, keycloak-services is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to inadequate validation of cross-origin messages in Keycloak's OIDC component's "checkLoginIframe," allowing attackers to exploit Cross-Site Request Forgery CSRF attacks...

Open Redirect

org.keycloak, keycloak-services is vulnerable to Open Redirect. The vulnerability is due to inadequate validation of URLs included in redirects, potentially allowing attackers to access other URLs and sensitive information within the domain or conduct further attacks...

Path Traversal

mlflow is vulnerable to Path Traversal. The vulnerability is due to improper handling of URL parameters, allowing attackers to smuggle path traversal sequences using the ';' character in URLs, manipulating the 'params' portion of the URL to gain unauthorized access to files or directories...

Path Traversal

mlflow is vulnerable to Path Traversal. The vulnerability is due to insufficient validation of user-supplied input in the server's handlers, allowing attackers to access arbitrary files on the server by crafting HTTP POST requests with specially crafted parameters...

Denial Of Service

github.com/traefik/traefik is vulnerable to Denial Of Service. The vulnerability is due to a lack of header frame limits, allowing an attacker to send excessive CONTINUATION frames which causes the endpoint to read arbitrary amounts of header data without proper memory allocation limits...

Authorization Bypass

github.com/openfga/openfga is vulnerable to Authorization Bypass. The vulnerability is due to improper handling of exclusion or intersection models, leading to potential bypass when calling certain APIs...

Biased ECDSA Nonce Generation

PuTTYis vulnerable to biased ECDSA nonce generation. The vulnerability is due to biased ECDSA nonce generation, allowing an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is particularly significant in scenarios where an adversary can re...

Cross Site Scripting (XSS)

phlex is vulnerable to Cross Site Scripting. The vulnerability is due improper filtering of javascript: URL scheme within the href attribute of an tag, which allows an attacker to insert tab \t or newline \n characters between the characters of the protocol, resulting in Cross Site Scripting...

Information Leakage

scrapy is vulnerable to Information Leakage. The vulnerability is due to the failure to remove the Authorization header when redirecting across domains, resulting in the exposure of sensitive credentials to unauthorized actors which could potentially lead to account hijacking...

Path Traversal

langchain is vulnerable to Path Traversal. The vulnerability is due to improper pathname validation in the LocalFileStore functionality, which allows an attacker to read or write files anywhere on the filesystem...

Local File Inclusion (LFI)

mlflow is vulnerable to Local File Inclusion LFI. The vulnerability is due to improper parsing of URIs within the function islocaluri in uri.py,, which allows an attackers to read arbitrary files on the system...

Denial Of Service (DOS)

Apache Traffic Server ATS is vulnerable to an HTTP/2 CONTINUATION DoS attack. The vulnerability is due to the attack causing ATS to consume more server resources, potentially leading to resource exhaustion. Users can mitigate this by setting a new setting...

XML External Entity (XXE)

scrapy is vulnerable to XML External Entity XXE. The vulnerability is due to the lxml.etree.fromstring function which lacks input validation, enabling attackers to execute denial of service attacks, access local files, create network connections, or bypass firewalls through specially crafted XML...

Denial Of Service (DoS)

microsoft.identity.client is vulnerable to Denial of Service. The vulnerability is due to an incorrect activity export configuration, allowing a malicious application on the same Android device to interfere with the authentication processes. This vulnerability is only exploitable to applications...

Command Injection

llamaindex is vulnerable to Command Injection. The vulnerability is due to insufficient input validation in the safeeval function, allowing attackers to craft inputs that execute arbitrary OS commands without containing underscores, thus bypassing security checks...

Session Fixation

Zenml-io/zenml is vulnerable to session fixation. The vulnerability is due to JWT tokens used for user authentication not being invalidated upon logout, allowing an attacker to reuse a victim's JWT token to bypass authentication mechanisms...

Path Traversal

MLflow is vulnerable to a path traversal attack. The vulnerability is due to improper handling of the artifactlocation parameter when creating an experiment, allowing attackers to exploit the fragment component of the URI to read arbitrary files on the server in the context of the server's proces...

Path Traversal

mlflow is vulnerable to a path traversal vulnerability. The vulnerability is due to an extra unquote operation in the deleteartifacts function of localartifactrepo.py, which fails to properly sanitize user-supplied paths. Attackers can exploit the double decoding process in the...

Remote Code Execution (RCE)

bentoML is vulnerable to an Remote Code Execution RCE. The vulnerability is due to missing media type checks when handling serialized objects, resulting remote code execution through crafted POST requests containing pickled objects...

Cross-site Scripting (XSS)

mindsdb is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper CSV file sanitization, which allows an attacker to uploud malicious JavaScript payloads embedded within CSV files, triggering XSS when viewed...

Path Traversal

gradio is vulnerable to Path Traversal. The vulnerability is caused due to the lack of proper validation of user-controlled input when invoking methods on a Component class. This issue may lead to unauthorized access to sensitive files on the host machine, potentially exposing confidential data...

Integer Overflow

GTKWave 3.3.115 is vulnerable to an Integer overflow. The vulnerability is due to not allocating enough memory to stringlens array in LXT2 numdictentries functionality. A specially crafted .lxt2 file can lead to arbitrary code execution when opened by a victim...

Integer Overflow

GTKWave 3.3.115 is vulnerable to Integer Overflow. The vulnerability is due to not allocating enough memory to stringpointers array in the LXT2 numdictentries functionality. A specially crafted .lxt2 file can lead to arbitrary code execution when opened by a victim...

Out-of-bounds Write

GTKWave 3.3.115 is vulnerable to Out-of-bounds Write. The vulnerability is due to not checking upper bounds while looping over lt-numrealfacs in the VZT vztrdprocessblock autosort functionality. A specially crafted .vzt file can lead to arbitrary code execution when opened by a victim...

Out-of-bounds Write

GTKWave 3.3.115 is vulnerable to Out-of-bounds Write. The vulnerability is due to not checking upper bounds while looping over lt-numtimeticks in the VZT vztrdprocessblock autosort functionality. A specially crafted .vzt file can lead to arbitrary code execution when opened by a victim...

Integer Overflow

GTKWave is vulnerable to Integer Overflow. The vulnerability is due to integer overflow during the allocation of the rows array, which can be triggered by opening a specially crafted .lxt2 file, potentially leading to arbitrary code execution...

Integer Overflow

GTKWave is vulnerable to Integer Overflow. The vulnerability is due to integer overflow when allocating the msb array, which can be exploited by opening a specially crafted .lxt2 file, potentially leading to arbitrary code execution...

Integer Overflow

GTKWave is vulnerable to Integer Overflow. The vulnerability is due to integer overflow when allocating the len array, which can be exploited by opening a specially crafted .lxt2 file, potentially leading to arbitrary code execution...

Integer Overflow

GTKWave is vulnerable to Integer Overflow. The vulnerability is due to integer overflow when allocating the value array, which can be exploited by opening a specially crafted .lxt2 file, potentially leading to arbitrary code execution...

Integer Overflow

GTKWave is vulnerable to Integer Overflow. The vulnerability is due to integer overflow when allocating the msb array, which can be exploited by opening a specially crafted .lxt2 file, potentially leading to arbitrary code execution...

Integer Overflow

GTKWave is vulnerable to Integer Overflow. The vulnerability is due to integer overflow when allocating the msb array, which can be exploited by opening a specially crafted .lxt2 file, potentially leading to arbitrary code execution...

Resource Consumption And Excessive Logging

Suricata is vulnerable to Resource Consumption and Excessive Logging. The vulnerability is due to insufficient input validation, causing Suricata to consume excessive CPU resources and generate excessive logging volume in alert records when processing SSH banners that exceed a certain length...

Improper Authorization

github.com/argoproj/argo-cd/v2 is vulnerable to Improper Authorization.The vulnerability is due to an oversight in access control configurations that allow a user to change the project of an Application object, despite restrictions meant to enforce changes only through GitOps workflows...

Weak Pseudo-Random Number Generator

chilkat is vulnerable to the Use Of Cryptographically Weak Pseudo-Random Number Generator PRNG. The vulnerability is due to the predictable nature of the Pseudo-Random Number Generator PRNG utilized in the ChilkatRand::randomBytes function, allowing attackers to obtain sensitive information...

Code Injection

llama-index-core is vulnerable to Code Injection. The vulnerability is due to insufficient input validation within the safeeval function in the executils class, which allows an attacker to bypass method restrictions resulting in unauthorized code execution...

Privilege Escalation

Amazon AWS Amplify CLI is vulnerable to Privilege Escalation. The vulnerability is due to the mishandling of role trust policies when the Authentication component is removed, leaving "Effect":"Allow" in place without conditions, thus exposing sts:AssumeRoleWithWebIdentity to potential misuse...

Out-of-bounds Read

asterix-decoder is vulnerable to Out-of-bounds Read. The vulnerability is due to a flaw in memory management, leading to unintended access to heap memory beyond its allocated boundaries...

Sensitive Information Disclosure

github.com/apache/solr-operator is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the operator's mishandling of authentication credentials in log files, which could expose sensitive information such as usernames and passwords...

HTTP Request Smuggling (HRS)

gunicorn is vulnerable to HTTP Request Smuggling HRS. The vulnerability is due to improper processing of Transfer-Encoding headers by treating them as chunked regardless of the specified encoding , which allows attackers to bypass security restrictions and access restricted endpoints by crafting...

Denial Of Service (DoS)

sqlparse is vulnerable to Denial of Service DoS. The vulnerability is due to a lack of recursion limits, which allows an attacker to pass a heavily nested list to the parse method resulting in a RecursionError...

Denial Of Service (DoS)

SixLabors.ImageSharp is vulnerable to Denial of Service DoS. The vulnerability is caused by processing specially crafted files, which results in excessive memory usage during image decoding...