Integer Overflow

gtkwave is vulnerable to Integer Overflow. This vulnerability allows for arbitrary code execution when a specially crafted .lxt2 file is opened by a victim...

Arbitrary Code Execution

gtkwave is vulnerable to Arbitrary Code Execution. The vulnerability arises from inadequate validation of array indices within the tdelta initialization process.A specially crafted .fst file can exploit these vulnerabilities, leading to arbitrary code execution...

Integer Overflow

gtkwave is vulnerable to Integer Overflow. The vulnerability is due to inadequate input validation, allowing a specially crafted .fst file to cause memory corruption when opened by a victim...

Injected Malicious Code

XZ is vulnerable to Injected Malicious Code. Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which...

Cross-site Scripting (XSS)

EasyCorp is vulnerable to the Cross-site Scripting XSS. The vulnerability is due to improper handling of the 'item' argument in the Autocomplete function within the file assets/js/autocomplete.js of the Autocomplete component, leading to cross-site scripting XSS attacks...

Denial Of Service

codeigniter4/framework is vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient validation in the formatMessage function within the language, allowing an attacker to consume a large amount of memory on the server...

Buffer Over-read

libzephyr.so is vulnerable to Buffer Over-read. The vulnerability is due to a flaw in the handling of malformed GATT packets by the BLE victim device when communicating with a malicious BLE device. This flaw allows the malicious BLE device to crash the victim device...

Denial Of Service (DoS)

Elasticsearch is vulnerable to Denial Of Service DoS. The vulnerability is due to a flaw that causes the Elasticsearch ingest node which parses PDF files to crash. Notably, this issue does not occur with password-protected or unencrypted PDF files, and requires the attachment processor to be...

Insufficient Access Control

Kimai is vulnerable to Insufficient Granularity of Access Control. This vulnerability is due to the viewothertimesheet permission between the UI and API performing differently, leading to unauthorized access to timesheet entries...

Remote Code Execution (RCE)

aliyundrivewebdav is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient input validation and sanitization of the sid parameter of the actionqueryqrcode component, which allows attackers to execute arbitrary code...

Denial Of Service (DoS)

github.com/argoproj/argo-cd/ is vulnerable to Denial Of Service. The vulnerability is due to the loadRepoIndex function in the ArgoCD's helm package, which lacks limitations on the size and time while fetching data. An attacker can point ArgoCD to a malicious Helm registry, which results in an ou...

Improper Neutralization Of Special Elements In Output Used By A Downstream Component ('Injection')

Astro-Shield is vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection'. The vulnerability is caused due to inadequate validation of user-controlled content, potentially allowing the inclusion of malicious resources in the generated CSP heade...

Cross-Site Scripting (XSS)

TinyMCE is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper SVG sanitization, which allows an attacker to inject a SVG payload though an object or embed element, which results in Cross-Site Scripting...

Cross-Site Scripting (XSS)

TinyMCE is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper iframe restrictions, which allows an attacker add an iframe element with malicious code which will execute upon insertion. Note that malicious code will be sandboxed due to same-origin browser protections...

Path Traversal

Lektor is vulnerable to Path Traversal. The vulnerability is due to improper sanitization of user-supplied input, allowing an attacker to execute arbitrary shell commands via manipulated files within the templates directory...

Server-Side Template Injection (SSTI)

wintercms/winter is vulnerable to Server-side Template Injection SSTI. The vulnerability is due to insufficient input validation, allowing an admin authenticated remote attacker to execute arbitrary code by injecting a crafted payload into the CMS Pages field and Plugin components...

Information Leakage

@electron/packager is vulnerable to Information Leakage. The vulnerability is due to improper memory allocation during the bundling process, which can expose sensitive information such as environment variables or secret files...

Session Fixation

@workos-inc/authkit-nextjs vulnerable to Session Fixation. This vulnerability is due to the improper handling of expired sessions within session.ts. This allowing an attacker to reuse an expired session by controlling the x-workos-session header...

Cross Site Scripting (XSS)

JupyterHub is vulnerable to Cross Site Scripting XSS. The vulnerability is due to the mishandling of cookies on malicious subdomains, which allows an attacker to achieve unauthorized access and control over a user's session and potentially gain full access to the JupyterHub API or the user's...

Unauthorized Access

oro/platform is vulnerable to Unauthorized Access. The vulnerability is due to inadequate access control measures within the OroPlatform's handling of page state data, which allows logged-in users to access the page state data of pinned pages belonging to other users by exploiting pageId hashes...

Unrestricted Upload Of File With Dangerous Type

ZITADEL is vulnerable to Unrestricted Upload of File with Dangerous Type. The vulnerability is caused by bypassing the ContentTypeAllowed function in asset.go with a malicious avatar image upload. Files with MIME types not intended for use as avatar images are allowed. To be vulnerable, a differe...

Insecure Direct Object Reference (IDOR)

pimcore/pimcore is vulnerable to Insecure Direct Object Reference IDOR. This vulnerability is due to insufficient access controls and improper handling of session information within the Pimcore platform. Specifically, the flaw arises from the platform's failure to properly restrict access to...

Privilege Escalation

PanelSW.Custom.WiX is vulnerable to Privilege Escalation. This vulnerability is caused due to the lack of proper access controls in the C:\Windows\Temp directory, allowing standard users to hijack the binaries before execution, potentially leading to Privilege Escalation...

Command Injection

gradio is vulnerable to Command Injection. The vulnerability is due to expressions inside of $ being evaluated and substituted with resulting values before the shell script is run, making it susceptible to injection attacks. The vulnerability allows for unauthorized modification of the base...

XML External Entity (XXE)

langchaincore is vulnerable to XML External Entity XXE. The vulnerability is due to the usage of the etree module from the XML parser within the XMLOutputParser component of LangChain, allowing attackers to inject malicious input into the XMLOutputParser...

Denial Of Service (DoS)

org.elasticsearch:elasticsearch is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of deeply nested pipelines during document processing which can cause the Elasticsearch node to crash, resulting in Denial Of Service...

Improper Authorization

org.elasticsearch:elasticsearch is vulnerable to Improper Authorization. The vulnerability is due to the improper validation of API key permissions, allowing a malicious user with a valid API key for a remote cluster configured with new Remote Cluster Security to read arbitrary documents from any...

SQL Injection

phpmyfaq/phpmyfaq is vulnerable to SQL Injection. The vulnerability is caused due to improper escaping of the email address within News.php. This allows authenticated users with appropriate privileges to execute malicious SQL queries, potentially leading to data exfiltration, account takeover, an...

Improper Access Control

nautobot is vulnerable to Improper Access Control. The vulnerability is due to inadequate access control mechanisms where several Nautobot URL endpoints will not disclose any Nautobot data unless the configuration variable EXEMPTVIEWPERMISSIONS is modified from its default value, allowing...

Cross-site Scripting (XSS)

phpmyfaq/phpmyfaq is vulnerable to Cross-site Scripting XSS. The vulnerability is caused due to the inadequacy of PHP's FILTERVALIDATEEMAIL function, which only validates email format but not its content. This allows an attacker to execute arbitrary client-side JavaScript within the context of...

Arbitrary Code Execution

@thi.ng/paths is vulnerable to arbitrary code execution. The vulnerability is due to improper control of dynamically-managed code resources due to the handling of object properties in the mutIn and mutInManyUnsafe methods...

Prototype Pollution

web3-utils is vulnerable to Prototype Pollution. The vulnerability is due to insecure recursive merge via the utility functions format and mergeDeep, allowing an attacker to manipulate an object's prototype by passing specially crafted input to these functions...

Path Traversal

phpmyfaq is vulnerable to Path Traversal. The vulnerability is due to improper validation / sanitisation on user input file paths. The vulnerability allows attackers with admin rights to upload malicious files to other locations of the web root, resulting in path traversal...

Heap-based Buffer Overflow

azure-c-shared-utility is vulnerable to Heap-based Buffer Overflow. The vulnerability is due to inadequate parameter checking mechanisms, which can be exploited through the buffer length parameter in the Azure C SDK, potentially leading to remote code execution...

HTML Injection

phpmyfaq is vulnerable to HTML injection. The vulnerability is due to insufficient validation on the contentLink parameter, this allowing an attacker to inject HTML code that can affect other users...

OS Command Injection

ansysgeometrycore is vulnerable for OS Command Injection. The vulnerability is due to calling a subprocess with shell=True within the startprogram function. This allows attackers to perform malicious operations on the current machine where the script is run...

Remote Code Execution (RCE)

phpmyfaq/phpmyfaq is vulnerable to Remote Code Execution RCE. The vulnerability is caused due to insufficient validation of the file's content type within attachment.php. This allows an attacker to upload a malicious file with a .php extension, potentially leading to remote code execution RCE on...

Information Disclosure

OroPlatform is vulnerable to Information Disclosure. The vulnerability is due to insufficient access control mechanisms in OroPlatform's JSON navigation response. Specifically, sensitive navigation history, most viewed, and favorite navigation items are disclosed to a storefront user if their ID...

Server Side Request Forgery (SSRF)

gradio is vulnerable to Server Side Request Forgery SSRF. The vulnerability is due to the /proxy route allowing users to proxy arbitrary URLs include potentially internal endpoints. Attackers can proxy arbitrary URLs by exploiting this vulnerability...

Incorrect Authorization

ZITADEL is vulnerable to Incorrect Authorization. The vulnerability is due to certain actions being able to set reserved claims managed by ZITADEL, such as urn:zitadel:iam:user:resourceowner:name. To address this, a protection mechanism has been introduced to prevent actions from altering claims...

Buffer Over-read

stringio is vulnerable to Buffer over-read. The vulnerability is due to improper bounds checking in the ungetbyte and ungetc methods, It allows an attacker to potentially access uninitialized or freed memory content, leading to the exposure of sensitive data...

Memory Leak

io.vertx:vertx-core is vulnerable to Memory Leak. This vulnerability arises when the Vert.x HTTP client establishes connections to different hosts, leading to the leakage of memory. An attacker with intimate runtime knowledge can exploit this vulnerability, potentially accelerating the memory lea...

Regular Expression Denial Of Service (ReDoS)

angular is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression backtracking in the ng-srcset directive. This potentially leads to Regular Expression Denial of Service ReDoS...

Inadequate Encryption Strength

Cilium is vulnerable to Inadequate Encryption Strength. The vulnerability is due to an ESP sequence number collision when multiple nodes are configured with the same key, leading to chosen plaintext, key recovery, and replay attacks by a man-in-the-middle attacker...

Open Redirect

express is vulnerable to Open Redirect. The vulnerability is due to improper handling of user-provided URLs during redirection in Express.js, which performs encoding using the encodeurl library before passing it to the 'location' header. It allows bypass of an improperly implemented allow lists a...

SQL Injection

Reportico is vulnerable to SQL Injection. The vulnerability is due to improper input validation in the project parameter, allowing attackers to inject SQL queries and obtain sensitive information or other system information...

Denial Of Service (DoS)

Riverline/multipart-parser is vulnerable to Denial of Service DoS. The vulnerability is due to the lack of limits on the length of header lines, allowing attackers to overwhelm server resources by sending requests with exceptionally long headers, potentially leading to Denial of Service DoS...

Sql Injection

phpmyfaq/phpmyfaq is vulnerable to a SQL Injection. The vulnerability is due to improper escaping of email addresses in the insertentry and saveentry functions, which allows authenticated users with add/edit rights to manipulate records, leading to data exfiltration, account takeover, and...

Untrusted Search Path

PanelSwWix4.Sdk is vulnerable to Untrusted Search Path. The vulnerability is due to Burn's practice of copying binaries to the unprotected C:\Windows\Temp directory and running them from that unprotected location. This directory is not adequately protected against low privilege user modifications...

Authorization Bypass

@oneuptime/common-server and @oneuptime/model are vulnerable to Authorization Bypass Through User-Controlled Key. The vulnerability is due to improper validation of the ismasteradmin key stored in the browser local storage. Attackers can manipulate this key from false to true, granting themselves...