38108 matches found
Arbitrary File Read
Weblate is vulnerable to arbitrary file read. The vulnerability is due to improper handling of crafted symbolic links in repositories, which allows an attacker to read arbitrary files from the server file system...
Denial Of Service (DoS)
Nodemailer is vulnerable to a denial of service DoS. The vulnerability is due to improper handling of a crafted email address header that triggers infinite recursion in the address parser, which allows an attacker to exhaust resources and disrupt service availability...
Unauthorized Code Execution
nbconvert is vulnerable to unauthorized code execution. The vulnerability is due to improper handling of SVG-to-PDF conversion on Windows where a malicious inkscape.bat file in the working directory can be executed, which allows an attacker to run arbitrary code when a user performs the conversio...
Time-of-Check-Time-of-Use (TOCTOU) Race Condition
filelock is vulnerable to a Time-of-Check-Time-of-Use TOCTOU race condition. The vulnerability is due to improper file existence checking before opening lock files with truncation, which allows an attacker to exploit a symlink race and corrupt or truncate arbitrary files...
Cross-site Scripting (XSS)
Orejime is vulnerable to cross-site scripting XSS. The vulnerability is due to Orejime converting data- attributes into active attributes e.g., data-href → href without sanitization, which allows an attacker to execute malicious javascript: code if they can inject HTML into the page...
Regular Expression Denial Of Service (ReDoS)
@fedify/fedify is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to nested quantifiers in the HTML parsing regex within the document loader, which allows an attacker to trigger catastrophic backtracking by sending specially crafted HTML responses...
Regular Expression Denial Of Service (ReDoS)
PyMdown Extensions is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression processing in the pymdownx.blocks.caption extension, which allows an attacker to supply crafted input that triggers excessive processing time and causes the...
OS Command Injection
systeminformation is vulnerable to OS Command Injection. The vulnerability is due to direct concatenation of the user-supplied drive parameter into a PowerShell command in the fsSize function without proper sanitization, which allows an attacker to execute arbitrary commands on Windows systems wh...
Server-Side Request Forgery (SSRF)
Parse Server is vulnerable to Server-Side Request ForgerySSRF. The vulnerability is due to allowing clients to supply a custom apiURL parameter in the Instagram authentication adapter, which allows an attacker to redirect authentication requests to malicious endpoints and potentially bypass...
Prototype Pollution
@trpc/server is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of FormData field names in the formDataToObject function, which allows an attacker to submit specially crafted fields that pollute Object.prototype and potentially cause authorization bypass or denial...
Server-Side Request Forgery (SSRF)
local-deep-research is vulnerable to Server-Side Request ForgerySSRF. The vulnerability is due to the download service using raw requests.get without applying SSRF protections, which allows an attacker to submit malicious URLs to access internal services, cloud metadata endpoints, or perform...
Arbitrary File Upload
Cadmium CMS is vulnerable to an Arbitrary File Upload. The vulnerability is due to insufficient validation and restriction in the /admin/content/filemanager/uploads functionality, which allows an attacker to upload malicious files and potentially execute arbitrary code on the server...
Remote Code Execution (RCE)
Apache Airflow is vulnerable to Remote Code ExecutionRCE. The vulnerability is due to improper validation in the /api/v2/dagReports endpoint, which allows an attacker to execute DAG code in the context of the API server when DAG files are accessible in the deployment environment...
Directory Traversal
homeassistant is vulnerable to Directory Traversal. The vulnerability is due to insufficient validation of file paths during concatenation in the Downloader integration, which allows an attacker to manipulate paths and access unintended files...
Arbitrary File Upload
httparty is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper request validation which allows an attacker to manipulate requests and access internal services or expose sensitive data such as API keys...
Insecure Direct Object Reference (IDOR)
pretix is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to improper authorization checks on file access endpoints, which allows an attacker to retrieve sensitive files of other users by supplying a known UUID...
Server-Side Request Forgery (SSRF)
Cowrie is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to the wget and curl emulation making real outbound HTTP requests without rate limiting, which allows an attacker to repeatedly trigger requests and abuse the honeypot to generate denial-of-service traffic toward...
XML External Entity (XXE)
fast-xml-parser is vulnerable to XML External Entity XXE. The vulnerability is due to improper restriction of entity expansion in the XML parser, which allows an attacker to supply a crafted XML with excessive entity definitions causing resource exhaustion and denial of service by forcing the...
Insecure Direct Object Reference (IDOR)
spreeapi is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to improper ownership validation in the guest checkout flow, which allows an attacker to manipulate address ID parameters and bind arbitrary guest addresses to their order...
Pretix Unsafely Evaluates Variables In Emails
Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when "name" is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained two security-relevant bugs: - It was possible to exfiltrate...
Authorization Bypass
askbot is vulnerable to Authorization Bypass. The vulnerability is due to an incomplete permissions check, where an attacker authenticated with normal user permissions can modify the profile picture of other application users...
Subgroup Attack
cryptography is vulnerable to a Subgroup Attack. The vulnerability is due to missing validation of the point belonging to the expected prime-order subgroup of the curve, where an attacker can provide a public key point P from a small-order subgroup and this can lead to security issues in various...
Server-Side Request Forgery
Indico is vulnerable to Server-Side Request Forgery. The vulnerability is due to Indico making outgoing requests to user-provided URLs in various places, where users can access special targets such as localhost or cloud metadata endpoints, and attackers can exploit this to access sensitive data...
Out-of-bounds Write
Pillow is vulnerable to Out-of-Bounds Write. The vulnerability is due to improper handling of specially crafted PSD image files, which allows an attacker to trigger memory corruption during image processing...
Keras Has A Local File Disclosure Via HDF5 External Storage During Keras Weight Loading
Summary TensorFlow / Keras continues to honor HDF5 “external storage” and "ExternalLink" features when loading weights. A malicious ".weights.h5" or a ".keras" archive embedding such weights can direct "loadweights" to read from an arbitrary readable filesystem path. The bytes pulled from that pa...
Cross Site Scripting
distributed is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of user-controlled input in the Dask dashboard when accessed via Jupyter Lab and jupyter-server-proxy, allowing attackers to craft a malicious URL that triggers script execution and results in...
Remote Code Execution (RCE)
agpt Platform is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation in block execution endpoints that allow execution of disabled blocks by UUID without checking the disabled flag, which allows an authenticated attacker to execute the BlockInstallationBlock,...
Infinite Loop
pypdf is vulnerable to Infinite Loop. The vulnerability is due to an infinite loop vulnerability that is present in versions prior to 6.6.2, where an attacker can craft a PDF which leads to an infinite loop by accessing the outlines/bookmarks...
Remote Code Execution (RCE)
craftcms/cms is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper sanitization of user-supplied configuration data in the assembleLayoutFromPost function before passing it to Craft::createObject, which allows an authenticated administrator to inject malicious Yii2...
Cross-site Request Forgery (CSRF)
alextselegidis/easyappointments is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to CSRF protection being enforced only for POST requests while state-changing actions accept GET parameters, which allows an attacker to perform unauthorized administrative actions through...
LDAP Injection
Moonraker is vulnerable to LDAP search filter injection. The vulnerability is due to the lack of proper input validation in the login endpoint, where an attacker can inject malicious LDAP search filters, allowing for brute force methods to discover LDAP entries on the server such as user IDs and...
Path Traversal
Umbraco Forms is vulnerable to Path Traversal. The vulnerability is due to insufficient validation of file paths, where an authenticated backoffice-user can enumerate and traverse paths/files on the system's filesystem and read their contents, particularly on Mac/Linux Umbraco installations using...
Arbitrary Code Execution
logback-core is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to unsafe configuration file processing that allows instantiation of arbitrary classes present on the application classpath, where an attacker with write access to the logback configuration file can cause malicio...
XML External Entity (XXE)
org.assertj, assertj-core is vulnerable to XML External Entity XXE. The vulnerability is due to the DocumentBuilderFactory in org.assertj.core.util.xml.XmlStringPrettyFormatter.toXmlDocumentString being initialized with default settings without disabling DTDs or external entities, which allows an...
Unsafe Deserialization
Scapy is vulnerable to unsafe deserialization. The vulnerability is due to insecure handling of serialized session files, which allows an attacker to execute arbitrary code by tricking a user into loading a malicious session file via the -s option...
Cross Site Scripting (XSS)
Agora is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input handling of the topicName parameter in client/agora/public/js/editorManager.js, which allows an attacker to inject malicious scripts that execute in a user’s browser...
Cross Site Scripting (XSS)
Agora is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient file type validation in profile picture uploads, which allows an attacker to upload malicious content that executes scripts when rendered...
Cross Site Scripting (XSS)
Agora is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization in the tag handling within client/agora/public/js/editorManager.js, which allows an attacker to inject malicious scripts that execute in a user’s browser...
CRLF Injection
Litestar is vulnerable to CRLF Injection. The vulnerability is due to unescaped URL paths during exception logging, which allows an attacker to inject newline characters and forge or manipulate log entries...
Command Injection
Apache Airflow is vulnerable to Command Injection. The vulnerability is due to a non-validated parameter in the exampledagdecorator example DAG, which allows an attacker to redirect execution to a malicious server and execute arbitrary code on a worker when example DAGs are enabled...
Cross-site Request Forgery (CSRF)
fastapi-sso is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to missing persistence and verification of the OAuth state parameter, which allows an attacker to supply a malicious callback URL and link their account to a victim’s session...
Server-Side Request Forgery (SSRF)
Langflow is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation and filtering of user-supplied URLs in the API Request component, which allows an attacker to send crafted requests to internal or restricted network resources and retrieve their...
Arbitrary File Write
Langflow is vulnerable to arbitrary file write. The vulnerability is due to lack of path validation and directory restrictions in the fspath parameter, which allows an attacker to specify arbitrary absolute paths and overwrite files on the server...
Insecure Direct Object Reference (IDOR)
pretix is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient authorization checks on file UUIDs, which allows an attacker to access sensitive files of other users by manipulating or guessing valid UUID values...
Cross-site Scripting (XSS)
Piranha is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user-supplied content in Markdown blocks within the /manager/pages component, which allows an attacker to inject and execute arbitrary web scripts or HTML...
Prototype Pollution
Rollbar.js is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of object merging in the merge function when rollbar.configure is called with untrusted input, which allows an attacker to manipulate object prototypes and potentially alter application behavior...
Improper Access Control
Weblate is vulnerable to improper access control. The vulnerability is due to insufficient validation of invitation ownership, which allows an attacker to accept an invitation intended for another user and gain unauthorized access...
Improper Access Control
misskey-js is vulnerable to improper access control. The vulnerability is due to insufficient authorization checks when exporting posts, which allows an attacker without permission to export posts and view favorites or clips they should not be able to access...
IP Rate Limiting Bypass
misskey-js is vulnerable to an IP rate limiting bypass. The vulnerability is due to improper handling of the X-Forwarded-For header and an insecure default trustProxy configuration, which allows an attacker to forge client IP values and bypass rate-limiting controls...
Prototype Pollution
jsonpath is vulnerable to Prototype Pollution. The vulnerability is due to unsafe handling of object paths in the value function within lib/index.js, where attacker-controlled property paths can modify Object.prototype, allowing arbitrary property injection into global objects and potentially...