Remote Code Execution (RCE)

org.xwiki.commons:xwiki-commons-velocity is vulnerable Remote Code Execution RCE. The vulnerability is due to improper HTML escape functionality, where the escaping tool used in XWiki fails to properly escape the character. This allows an attacker to inject malicious XWiki syntax, potentially...

Information Leakage

matrix-appservice-irc is vulnerable to Information Leakage. The vulnerability is due to insufficient access checks when constructing a reply in MatrixHandler.ts, allowing malicious users to reply to events they shouldn't have access to...

Use After Free

GRUB2 is vulnerable to Use After Free. The vulnerability is caused due to GRUB2 not calling the module fini functions on exit, resulting in hooks remaining in the UEFI system table after exit. This leads to a use-after-free condition and could lead to a secure boot bypass...

Remote Code Execution (RCE)

mysql2 is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation of supportBigNumbers and bigNumberStrings values within the readCodeFor function, which allows an attacker to execute arbitrary code...

Cross Site Scripting (XSS)

mautic/core is vulnerable to Cross Site Scripting XSS. The vulnerability is due to to insufficient input validation within the notification feature when saving Dashboards, allowing users to inject and execute JavaScript code...

Out-Of-Bounds

chromium is vulnerable to out-of-bounds. The vulnerability is due to out-of-bounds memory access in the Compositing the GPU process feature, allowing a remote attacker can potentially perform a sandbox escape via specific UI gestures...

Use-After-Free

chromium is vulnerable to Use-after-free. The vulnerability is due to improper handling of memory within the web GPU API implementation, the web GPU API implementation, allows a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Heap Buffer Overflow

chromium vulnerable to Heap Buffer Overflow. The vulnerability is due to improper handling of data by the a graphics engine used for rendering in Chrome in ANGLE Almost Native Graphics Layer Engine, allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Improper Input Validation

Apache Zeppelin is vulnerable to Improper Input Validation. The vulnerability is due to the cron API with invalid or improper privileges, allowing the notebook to run with elevated privileges. This vulnerability can be exploited by attackers to escalate their privileges and potentially gain...

Cross-site Scripting (XSS)

Apache Zeppelin is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper encoding or escaping of output in the helium module. An attacker can modify helium.json and perform attacks on normal users by injecting malicious scripts...

Improper Input Validation

Apache Zeppelin is vulnerable to Improper Input Validation. The vulnerability is due to improper sanitization of LDAP search property configuration, which allows an attacker to execute malicious queries...

Code Injection

org.apache.zeppelin/zeppelin is vulnerable to Code Injection. The vulnerability is due to improper handling of configuration overrides such as ZEPPELININTPCLASSPATHOVERRIDES, allowing attackers to execute shell scripts or inject malicious code though environment variables...

Command Injection

github.com/go-skynet/localai is vulnerable to command injection. The vulnerability is due to the lack of sanitization of user-supplied filenames before passing them to ffmpeg via a shell command in the audioToWav function, allowing attackers to execute arbitrary commands on the host system...

Prototype Pollution

mysql2 is vulnerable to Prototype Pollution. The vulnerability is due to insecure object creation and improper user input sanitization which is passed through the parserFn method in both textparser.js and binaryparser.js...

Cache Poisoning

mysql2 is vulnerable to cache poisoning. The vulnerability is due to insufficient validation of user-supplied input within the keyFromFields function, allowing an attacker to inject a colon : character within a value of the attacker-crafted key, which results in cache poisoning...

Session Fixation

@festify/secure-session is vulnerable to a Session Fixation. This vulnerability is due to the session removal process where even after marking the session for deletion, an attacker could continue using it...

Code Injection

Apache Zeppelin is vulnerable to a Code Injection. The vulnerability is due to improper verification of the JDBC driver configuration which allows an attacker to inject malicious code when connecting MySQL database...

Sensitive Data Exposure

github.com/kopia/kopiais vulnerable to Sensitive Data Exposure. This vulnerability is due to the "repository status" CLI command with JSON output containing sensitive storage connection credentials which are inadvertently exposed to the console...

OS Command Injection

yt-dlp is vulnerable to OS Command Injection. This vulnerability is due to insufficient escaping of special characters, specifically in the expansion of output templates within the --exec option...

Server Side Request Forgery

org.wildfly.security:wildfly-elytron-realm-token is vulnerable to Server Side Request Forgery. The vulnerability is due to JwtValidator.resolvePublicKey not performing any whitelisting or filtering on the destination URL address during the process of checking jku and sending an HTTP request...

Local File Inclusion (LFI)

gradio is vulnerable to a Local File Inclusion. This vulnerability is due to improper validation of user-supplied input in the UploadButton component, specifically in the handling of file paths during file uploads to the /queue/join endpoint, which allows attackers to read arbitrary files on the...

Arbitrary Code Execution

transformers is vulnerable to Arbitrary Code Execution. This vulnerability is due to the deserialization of untrusted data within the loadrepocheckpoint function in the TFPreTrainedModel class, where attackers can exploit the use of pickle.load on data from potentially untrusted sources to execut...

Remote Code Execution (RCE)

aim is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper user access restriction to the RunView object, allowing for the execution of arbitrary code via a crafted query parameter to the /api/runs/search/run/ endpoint...

Cross-Site Request Forgery (CSRF)

aim is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to the lack of CSRF and CORS protection in the aim dashboard, allowing attackers to perform actions such as deleting runs, updating data, and stealing data like log records and notes without the user's consent...

Server-side Template Injection (SSTI)

litellm is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to insufficient sanitization within the hfchattemplate method in factory.py, which processes the chattemplate parameter from the tokenizerconfig.json file using the Jinja template engine, allowing attackers to...

Denial Of Service (DoS)

jose is vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient validation of the p2c PBES2 Count value. It allows attackers can exploit this vulnerability by providing a large p2c value, leading to a denial of service condition...

Denial Of Service (DoS)

Xpdf is vulnerable to Denial of Service DoS. The vulnerability is due to the TextLine class mishandling characters with large y coordinates, potentially leading to a Denial of Service DoS or other unspecified impacts...

Use After Free

xorg-server is vulnerable to Use After Free. The vulnerability is due to multiple entries pointing to the same non-refcounted glyph, which can lead to a use-after-free scenario when a freed glyph is accessed again...

Buffer Over-Read

The X.org server is vulnerable to Buffer Over-read. The vulnerability is due to improper handling of byte-swapped length values in the ProcAppleDRICreatePixmap function, potentially leading to memory leakage and segmentation faults, especially when triggered by a client with a different endiannes...

Buffer Over-Read

X.org Server is vulnerable to Buffer Over-read. The vulnerability is due to the ProcXIPassiveGrabDevice function, where byte-swapped length values in replies can lead to memory leakage and segmentation faults. This issue, particularly when triggered by a client with a different endianness, could...

Buffer Over-read

X.org Server is vulnerable to Buffer Over-read. The vulnerability is due to the ProcXIGetSelectedEvents function, where byte-swapped length values in replies can lead to memory leakage and segmentation faults. This issue, particularly when triggered by a client with a different endianness, could...

Improper Validation Of Array Index

wolfssl:edge is vulnerable to Improper Validation of Array Index. The vulnerability is due to lack of proper input validation, allowing a malicious packet sender to crash or cause an out-of-bounds read by sending a malformed packet with the correct length...

Denial Of Service (DoS)

Node.js is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of HTTP/2 CONTINUATION frames, where sending a small amount of HTTP/2 frames packets can cause data to be left in nghttp2 memory after a reset, leading to a race condition when the Http2Session destructo...

Denial Of Service (DoS)

gnutls is vulnerable to Denial of ServiceDoS. The vulnerability is due to excessive resource consumption caused by the "certtool --verify-chain" command when verifying a specially crafted .pem bundle, leading to an application crash...

Sensitive Information Disclosure

GnuTLS is vulnerable to Sensitive Information Disclosure. The vulnerability is due to exploiting deterministic behavior in systems like GnuTLS, particularly when using the GNUTLSPRIVKEYFLAGREPRODUCIBLE flag, which can lead to a noticeable step in nonce size from 513 to 512 bits, exposing a...

Excessive Memory Allocation (Throttling)

xpdf is vulnerable to Excessive Memory AllocationThrottling. The vulnerability is due to insufficient input validation, which allows crafted input to trigger excessive memory allocation. For example, sending a crafted PDF document to the pdftoppm binary can exploit this vulnerability, particularl...

Broke Window Attack

Varnish Cache, Varnish Enterprise is vulnerable to a Broke Window Attack. The vulnerability is due to exhaustion of credits for an HTTP/2 connection control flow window...

Buffer Under-read

c-ares is vulnerable to Buffer Under-read. The vulnerability is due to improper handling of embedded NULL characters as the first character in a new line within certain configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and prior to version 1.27.0, the...

NULL Pointer Dereference

XPDF is vulnerable to a Null Pointer Dereference. The vulnerability is due to unhandled null pointer dereference, occurring at line 2393 in the FoFiType1C.cc file...

Heap-based Buffer Overflow

busybox is vulnerable to Heap-based Buffer Overflow. The vulnerability arises from the nexttoken function in the awk.c file, allowing attackers to crash the system or gain unauthorized data access with specially crafted inputs...

Segmentation Violation

XPDF is vulnerable to a segmentation violation. The vulnerability is due to an issue in the component /xpdf/AcroForm.cc at line 538...

Stack Overflow

Xpdf is vulnerable to a stack overflow. The vulnerability is due to a PDF object loop in the page label tree, leading to infinite recursion...

Stack Overflow

Xpdf is vulnerable to a stack overflow. The vulnerability is due to a PDF object loop in the page label tree, leading to infinite recursion...

Divide-by-Zero

Xpdf is vulnerable to a Divide-by-Zero. The vulnerability is due to a bad color space object in the input PDF file...

Stack Overflow

Xpdf is vulnerable to a stack overflow. The vulnerability is due to a stack overflow in the function Dict::find in xpdf/Dict.cc...

Stack Overflow

Xpdf is vulnerable to a stack overflow. The vulnerability is due to a stack overflow in the function gmalloc in goo/gmem.cc...

Arbitrary Code Execution

Firefox, Firefox ESR, Thunderbird are vulnerable to an Arbitrary Code Execution vulnerability. The vulnerability is due to leveraging the Windows Error Reporter to run arbitrary code, escaping the sandbox...

Divide By Zero

Xpdf is vulnerable to a divide-by-zero error in its text extraction code. The vulnerability is due to an excessively large PDF page size, which triggers a divide-by-zero error...

Buffer Overflow

XPDF is vulnerable to a Buffer Overflow vulnerability. The vulnerability is due to an attacker being able to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function. However, the vendor states that it's an expected abort on out-of-memory error...

HTTP Response Splitting

Apache HTTP Server is vulnerable to HTTP Response splitting. The vulnerability is due to inadequate handling of malicious response headers, allowing an attacker to inject headers into backend applications and cause an HTTP desynchronization attack...