Remote Code Execution

rdoc is vulnerable to Remote Code Execution. The vulnerability is due to unrestricted class restoration when parsing .rdocoptions as a YAML file, allowing for object injection and code injection...

URL Protocol Bypass

katex is vulnerable to URL Protocol Bypass. The vulnerability is due to insufficient validation of URL protocols by the KaTeX library's trust option. It allows malicious inputs containing URLs with uppercase characters in the protocol to bypass the blacklist mechanism...

Improper Preservation Of Permissions

Apache Airflow is vulnerable to Improper Preservation of Permissions. This vulnerability is caused due to Airflow's local file task handler incorrectly setting permissions for parent folders of the log folder, potentially granting unintended group write access...

Denial Of Service (DoS)

katex is vulnerable to a Denial of Service DoS attack. The vulnerability is due to the inadequate handling of untrusted mathematical expressions containing \def or \newcommand, which leads to a near-infinite loop despite efforts to mitigate it with mechanisms like maxExpand...

Cross Site Scripting (XSS)

katex is vulnerable to Cross-Site Scripting XSS attacks. The vulnerability is due to insufficient input validation when processing untrusted mathematical expressions containing \includegraphics. It allows attackers to inject and execute arbitrary JavaScript code or generate invalid HTML, leading ...

Privilege Escalation

org.igniterealtime.openfire:xmppserver is vulnerable to Privilege Escalation. The vulnerability is caused due to insufficient validation and management of user privileges within the ROOMCACHE component, which allows unauthorized users to escalate their privileges...

Denial Of Service (DoS)

katex is vulnerable to a Denial of Service DoS attack. The vulnerability is due to the inadequate handling of untrusted mathematical expressions, which can lead to a near-infinite loop despite setting maxExpand to prevent such occurrences...

Remote Code Execution (RCE)

johnbillion/wp-crontrol is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation of PHP code, which can result RCE...

Cross-site Scripting (XSS)

phpMyFAQ is vulnerable to Cross-site Scripting XSS. The vulnerability is due to inadequate input validation of the "news" parameter in a POST request, allowing an attacker to inject malicious JavaScript code. Upon visiting the compromised news page, the XSS payload is triggered...

Authorization Bypass

Grafana vulnerable to Authorization Bypass Through User-Controlled Key. The vulnerability is due to insufficient validation of organization IDs in the DeleteDashboardSnapshot within dashboardsnapshot.go. This allows an attacker to bypass authorization and delete a snapshot by sending a DELETE...

Privilege Escalation

wixtoolset.util.wixext and wix are vulnerable to Privilege Escalation. The vulnerability is due to the improper handling of directory operations within the RemoveFolderEx function, which allows a standard users to delete protected directories by exploiting directory junctions...

SSL Spoofing

azure-core is vulnerable to SSL spoofing attacks. The vulnerability is due to improper SSL configuration, which could allow an attackers to impersonate domains...

Memory Leak

github.com/golang-fips/openssl and github.com/microsoft/go-crypto-openssl are vulnerable to Memory Leak. The vulnerability is due to the mishandling of non-compliant RSA keys during encryption and verification, leading to a gradual depletion of available memory, which can result in a system crash...

Cross-site Scripting (XSS)

phpMyFAQ is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the handling of file attachments. An attacker with admin privileges can upload an attachment containing JS code without an extension, and the application will render it as HTML, leading to the execution of arbitrary...

Improper Privilege Management

org.igniterealtime.openfire:xmppserver is vulnerable to Improper Privilege Management. The vulnerability is caused by the lack of proper validation of user privileges when a user account is deleted and subsequently recreated with the same username. This allows an attacker to exploit the system an...

Insecure Temporary File Usage

wixtoolset.sdk,wix is vulnerable to Insecure Temporary File Usage. The vulnerability is due to insufficient protection against low privilege users tampering with installation binaries, which can result in privilege escalation...

Denial Of Service (DoS)

io.netty: netty-codec-http is vulnerable to Denial Of Service DoS. The vulnerability is due to missing form field restrictions within the HttpPostRequestDecoder class. An attacker can send a chunked POST request with many small form fields, possibly resulting in Denial of Service DoS...

Cache Poisoning

Translate is vulnerable to Cache Poisoning. This vulnerability is due to a lack of proper access controls within the translate function index.js, which allows attackers to manipulate cache keys and subsequently choose responses for subsequent users of the system...

Remote Code Execution

friendsofsymfony1/symfony1 is vulnerable to Remote Code Execution. The vulnerability due to improper handling of user input during deserialization of the sfNamespacedParameterHolder class, allowing attackers to achieve remote code execution if the application deserializes user input from the clas...

Path Traversal

webpack-dev-middleware is vulnerable to Path Traversal. The vulnerability is due to insufficient validation of URL addresses, allowing attackers to access any file on the developer's machine by manipulating the URL with specific encoded sequences such as %2e or %2f...

Improper Restriction Of Excessive Authentication Attempts

github.com/argoproj/argo-cd/ is vulnerable to Improper Restriction Of Excessive Authentication Attempts. This vulnerability is due to a weak cache-based mechanism that allows attackers to bypass rate limit and brute force protections, which can result in account compromise...

Cross Site Scripting (XSS)

carrierwave is vulnerable to Cross Site Scripting XSS. The vulnerability is due to a flaw in the handling of Content-Type values during file uploads to object storage, such as Amazon S3. The Content-Type validation can be bypassed by providing multiple values separated by commas, which allows...

Stack-Based Buffer Overflow

gross is vulnerable to stack-based buffer overflow. The vulnerability is due to a stack-based buffer overflow in versions 0.9.3 through 1.x before 1.0.4. Remote attackers can exploit this vulnerability to trigger a denial of service grossd daemon crash or potentially execute arbitrary code in...

Denial Of Service (DoS)

XNIO API is vulnerable to Denial of Service DoS. The vulnerability is caused due to the problematic accumulation of notifier states within the chain. When this chain grows to be excessively large, it can lead to a StackOverflowException, overwhelming the stack and potentially causing Denial of...

Serverless Billing Attack

bref/bref is vulnerable to Serverless Billing Attack. The vulnerability is due to slow multi-byte string operations performed on the Content-Type header values in the Riverline/multipart-parser library used by Bref. It allows an attacker to send specially crafted requests, causing long operations...

HTML Injection

moodle/moodle is vulnerable to HTML Injection. The vulnerability due to Moodle's support for HTML code insertion within the Chat activity, which allows students to insert potentially harmful HTML elements that could lead to performance degradation...

Firewall Bypass

github.com/chirpstack/chirpstack-gateway-bridge/ is vulnerable to Firewall Bypass. The vulnerability is due to the firewall accepting specific TCP packets outside the ESTABLISHED connection state...

DNS Rebind Attack

Docker is vulnerable to DNS Rebind Attack. This vulnerability is due to the lack of proper isolation between containers and the host's DNS resolver, allowing malicious actors to exploit DNS rebinding to bypass network restrictions...

Arbitrary File Read

paddlepaddle is vulnerable to External Control of File Name or Path. The vulnerability is caused due to improper input validation within paddle.vision.ops.readfile, which allows an attacker to read arbitrary files on the system...

Server Side Request Forgery (SSRF)

mobsfscan is vulnerable to Server Side Request Forgery. The vulnerability due to inadequate input validation when extracting the android:host hostname attribute within the AndroidManifest.xml file, allowing attackers to manipulate requests and potentially make connections to internal-only service...

Denial Of Service (DOS)

github.com/argoproj/argo-cd is vulnerable to Denial Of Service. The vulnerability is due to the in-memory data storage which does not persist on restart, which allows attackers to perform unlimited login attempts and potentially disrupt services...

Container Escape

github.com/containers/buildah is vulnerable to container escape. The vulnerability is due to improper Containerfile validation which allows a dummy image with a symbolic link to the host's root filesystem as a mount source. This flaw enabling the mount operation to incorporate the host root...

Remote Code Execution

friendsofsymfony1/symfony1 is vulnerable to Remote Code Execution. The vulnerability is due to the ability to abuse the destruct methods in Swift Mailer classes, which can be exploited to execute arbitrary PHP code if a developer unserializes untrusted user input...

Improper Authentication

github.com/mattermost/mattermost-server is vulnerable to Improper Authentication. The vulnerability is due to improper verification of account ownership when switching from email to SAML authentication. This flaw allowing an authenticated attacker to take over other user accounts via a crafted...

Denial Of Service (DOS)

github.com/mattermost/mattermost-server is vulnerable to a Denial of Service. The vulnerability is due to missing limits on the number of @-mentions processed per message, allowing an authenticated attacker to crash the client applications of other users via large, crafted messages...

Cross-Site Scripting

github.com/mattermost/mattermost-server is vulnerable to Cross-Site Scripting. The vulnerability is due to improper escaping of user-controlled outputs when generating HTML pages. This flaw allows an attacker to execute scripts in the context of another user's browser session...

Cross-Site Request Forgery (CSRF)

esphome is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists due to inadequate validation of incoming requests within webserver.py, allowing an attacker to perform unauthorized actions on configuration files such as creating, editing, or deleting files...

Cross-Site Request Forgery (CSRF)

anchorcms/anchor-cms is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is caused due to insufficient validation for requests, allowing malicious actors to forge requests and execute unauthorized actions on behalf of authenticated users...

Cross-Site Request Forgery (CSRF)

anchorcms/anchor-cms is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper request validation, which allows an attacker to forge requests and execute unauthorized actions on behalf of authenticated users...

Improper Access Control

Anope is vulnerable to password reset of suspended accounts. The vulnerability is due to a lack of prevention mechanisms in versions before 2.0.15, allowing the resetting of passwords for suspended accounts...

Improper Authorization

python is vulnerable to Improper Authorization. The vulnerability is due to dereferencing symlinks during cleanup of permissions-related errors, potentially allowing users with the ability to run privileged programs to modify permissions of files referenced by symlinks in certain situations...

Asymmetric Resource Consumption

python is vulnerable to Asymmetric Resource Consumption. This vulnerability is due to an issue in the zip format, allowing for the creation of zip-bombs with a high compression ratio...

Denial Of Service (DoS)

node-tar is vulnerable to Denial of service DoS. The vulnerability is caused by to lack of validation on the number of folders created during the folder creation process. This allows an attacker to consume excessive CPU and memory resources, potentially causing the system to become unresponsive o...

Code Injection

getgrav/grav is vulnerable to Code Injection. The vulnerability is due to unrestricted access to the Twig extension class from the Grav context. This flaw allows attackers to redefine configuration variables and bypass previous Server-Side Template Injection SSTI mitigations...

Server-Side Template Injection

getgrav/grav is vulnerable to Server-Side Template Injection. The vulnerability is due to insufficient sandboxing and validation of user-defined Twig template functions and filters, allowing authenticated users to execute arbitrary code on the server...

Path Traversal

getgrav/grav is vulnerable to Path Traversal. The vulnerability is due to missing .. sanitization of upload file paths, which allows an attacker to replace or create files with specific extensions such as .json, .zip, .css, .gif, etc...

Arbitrary Code Execution

getgrav/grav is vulnerable to Arbitrary Code Execution. This vulnerability is due to improper validation of accessible functions through the Utils::isDangerousFunction and the lack of restrictions on twig functions like twigarraymap, allowing attackers to bypass the validation and execute arbitra...

SQL Injection

github.com/layer5io/meshery is vulnerable to a SQL injection. The vulnerability is due to improper input validation in GetMeshSyncResources function within meshsynchandler.go. This flow allows a remote attacker to obtain sensitive information via the order parameter...

Code Injection

getgrav/grav is vulnerable to Code Injection. The vulnerability is due to unrestricted access to the twig extension class from the Grav context within twig.php, which allows attackers to redefine the escape function and execute arbitrary commands...

Improper Private IP Handling

libzephyr is vulnerable to Improper Private IP Address Handling. The vulnerability is caused due to inadequate filtering mechanisms, resulting in packets with localhost addresses to bypass security checks...