38468 matches found
Improper Access Control.
Vite is vulnerable to improper access control. The vulnerability is due to missing Origin header validation in the WebSocket connection path, which allows an attacker to invoke internal functions and retrieve arbitrary server files via crafted WebSocket requests...
Code Injection
Handlebars is vulnerable to code injection. The vulnerability is due to improper sanitization of user-controlled inputs in the CLI precompiler, which allows an attacker to inject arbitrary JavaScript via crafted template filenames or CLI arguments and execute it when the generated code is run...
Cross-site Request Forgery
RedwoodSDK is vulnerable to Cross-site Request Forgery. The vulnerability is due to server functions exported from 'use server' files being invoked via GET requests, bypassing their intended HTTP method, where browsers send SameSite=Lax cookies on top-level GET requests and an attacker could...
Path Traversal
LiquidJS is vulnerable to Path Traversal. The vulnerability is due to the top-level file loads not enforcing the boundary set by the configured root, where a Liquid instance configured with an empty temporary directory as root can return the contents of arbitrary files and attackers can exploit...
Memory Limit Bypass
LiquidJS is vulnerable to Memory Limit Bypass. The vulnerability is due to the replace filter incorrectly accounting for memory usage when the memoryLimit option is enabled, where an attacker who controls template content can bypass the memoryLimit DoS protection with approximately 2,500x...
Improper Access Control
github.com/1panel-dev/1panel is vulnerable to improper access control. The vulnerability is due to trusting all proxy IPs in Gin’s default configuration, which allows an attacker to spoof the X-Forwarded-For header and bypass IP-based security controls...
Path Traversal
LiquidJS is vulnerable to Path Traversal. The vulnerability is due to the path-based check for partial and layout roots, where a symlink to a file outside the allowed root can be loaded if it is placed inside an allowed partials or layouts directory, and attackers can exploit this by placing...
Arbitrary File Deletion
Gin-vue-admin is vulnerable to arbitrary file deletion. The vulnerability is due to improper validation of the FileMd5 parameter, which allows an attacker to manipulate file paths and delete arbitrary files or folders on the server...
Improper Access Control
@fastify/express is vulnerable to Improper Access Control. The vulnerability is due to incorrect path handling in the onRegister function, where middleware paths are duplicated when inherited by child plugins, causing them to not match incoming requests and resulting in bypass of security control...
Prototype Pollution
Lodash is vulnerable to Prototype Pollution. The vulnerability is due to incomplete validation of path segments in .unset and .omit functions, which allows an attacker to bypass checks using array-wrapped inputs and delete properties from built-in prototypes...
Improper Verification Of Cryptographic Signature
node-forge is vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is due to insufficient validation of RSASSA PKCS1 v1.5 signatures allowing malformed ASN structures and inadequate padding checks, which allows an attacker to forge valid signatures and bypass signatur...
Cross-site Scripting (XSS)
Unhead is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper decoding and validation of HTML entities in URI schemes, which allows an attacker to bypass protocol checks using padded entities and inject malicious scripts into the rendered HTML...
Injection
@nestjs/core is vulnerable to Injection. The vulnerability is due to unsanitized interpolation of user-controlled fields into Server-Sent Events output, which allows an attacker to inject arbitrary events, spoof event types, and manipulate the event stream...
Missing Cryptographic Step
jsrsasign is vulnerable to Missing Cryptographic Step. The vulnerability is due to improper handling of invalid DSA signature values without retry logic, which allows an attacker to recover the private key by forcing signature parameters to predictable values...
Denial Of Service (DoS)
Axios is vulnerable to Denial Of Service DoS. The vulnerability is due to a state corruption bug in HTTP/2 session cleanup logic, which allows a malicious server to trigger concurrent session closures and crash the client process...
Sensitive Information Disclosure
Vite is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper enforcement of file access restrictions in the dev server, which allows an attacker to bypass deny rules using crafted query parameters and access sensitive files...
Improper Verification Of Cryptographic Signature
jsrsasign is vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is due to insufficient validation of DSA domain parameters during signature verification, which allows an attacker to craft malicious parameters and forge valid signatures or certificates...
Improper Access Control
github.com/mattermost/mattermost is vulnerable to improper access control. The vulnerability is due to insufficient restriction on the archived channel search API, which allows a guest user to discover archived public channels via the /api/v4/teams/teamid/channels/searcharchived endpoint...
Improper Session Invalidation
github.com/usememos/memos is vulnerable to improper session invalidation. The vulnerability is due to access tokens not being revoked after a password change, which allows an attacker to retain unauthorized access using previously issued valid tokens...
Improper Attestation Verification
github.com/evervault/evervault-go is vulnerable to improper attestation verification. The vulnerability is due to incomplete validation of attestation documents, which allows an attacker to bypass integrity checks and potentially make a client trust a compromised or unverified enclave operator...
Improper Authentication And Authorization
kubevirt.io/kubevirt is vulnerable to improper authentication and authorization. The vulnerability is due to improper validation of the Common Name CN field in client TLS certificates during mTLS authentication, which allows an attacker to bypass RBAC controls by impersonating the Kubernetes API...
Improper Neutralization
Soft Serve is vulnerable to improper neutralization. The vulnerability is due to insufficient sanitization of user-supplied inputs and git messages, which allows an attacker to inject malicious ANSI escape sequences and display misleading or fake terminal outputs such as alerts...
Improper Certificate Validation
Apache Log4j Core is vulnerable to Improper Certificate Validation. The vulnerability is due to ignored hostname verification settings in TLS configuration, which allows an attacker to perform a man-in-the-middle attack by presenting a trusted certificate and intercepting secure communications...
Log Injection
Apache Log4j Core is vulnerable to Log Injection. The vulnerability is due to improper handling of newline escaping caused by renamed configuration attributes in Rfc5424Layout, which allows an attacker to inject CRLF sequences into logs and manipulate log entries...
Arbitrary File Read And Write
kubevirt.io/kubevirt is vulnerable to an Arbitrary file read and write. The vulnerability is due to a logic flaw in the hostDisk feature’s DiskOrCreate option, which allows an attacker to read and write arbitrary files owned by more privileged users on the host system...
XML Injection
xmldom is vulnerable to an XML Injection. The vulnerability is due to improper handling of CDATA termination during serialization, which allows an attacker to inject malicious XML markup and manipulate the structure of the output...
Denial Of Service (DoS)
Electron is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of invalid clipboard image data leading to unchecked null bitmap usage, which allows an attacker to cause application crashes when malformed image data is processed...
Authentication Bypass
github.com/kgateway-dev/kgateway is vulnerable to Authentication Bypass. The vulnerability is due to lack of authentication on the xDS port, which allows an attacker with network access to retrieve sensitive configuration data such as certificates, backend services, routing rules, and cluster...
Server-Side Request Forgery (SSRF)
github.com/jon4hz/jellysweep is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of the URL parameter in the /api/images/cache endpoint, which allows an authenticated attacker to make the server download arbitrary content from attacker-controlled URL...
Server-Side Request Forgery (SSRF)
Axios is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper hostname normalization when evaluating NOPROXY rules, where crafted loopback addresses e.g., localhost. or ::1 bypass proxy exclusions and are routed through the proxy, allowing attackers to access...
Denial Of Service
React Server Components is vulnerable to Denial of Service. The vulnerability is due to specially crafted HTTP requests to Server Function endpoints, where the payload of the HTTP request causes excessive CPU usage for up to a minute ending in a thrown error that is catchable...
Header Injection
Axios is vulnerable to Header Injection. The vulnerability is due to the presence of a gadget chain that allows existing Prototype Pollution in dependent code to be escalated, enabling attackers to achieve remote code execution or access sensitive resources such as AWS IMDSv2 metadata...
Cross-Namespace Secret Access
github.com/3scale-sre/marin3r is vulnerable to cross-namespace secret access. The vulnerability is due to insufficient RBAC enforcement in the DiscoveryServiceCertificate, which allows an attacker to bypass access controls and retrieve secrets from unauthorized namespaces...
Prototype Pollution
LangSmith is vulnerable to Prototype Pollution. The vulnerability is due to an incomplete prototype pollution fix in its internally vendored lodash set utility, where the baseAssignValue function only guards against the proto key, but fails to prevent traversal via constructor.prototype, and...
Command Injection
PraisonAIAgents is vulnerable to Command Injection. The vulnerability is due to passing user-controlled command strings directly to subprocess.run with shell=True without sanitization, which allows an attacker to execute arbitrary system commands through crafted inputs or malicious hook...
Directory Traversal
PraisonAI is vulnerable to Directory Traversal. The vulnerability is due to unsafe extraction of archive files without validating member paths, which allows an attacker to overwrite arbitrary files outside the intended directory...
Remote Code Execution (RCE)
stata-mcp is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient validation of user-supplied Stata do-file content, which allows an attacker to inject and execute arbitrary commands...
MLflow Is Vulnerable To Stored Cross-Site Scripting (XSS) Caused By Unsafe Parsing Of YAML-based MLmodel Artifacts In It
MLflow is vulnerable to Stored Cross-Site Scripting XSS caused by unsafe parsing of YAML-based MLmodel artifacts in its web interface. An authenticated attacker can upload a malicious MLmodel file containing a payload that executes when another user views the artifact in the UI. This allows actio...
Eval Injection
Agno is vulnerable to Eval Injection. The vulnerability is due to unsafe use of eval on the fieldtype parameter without proper validation, which allows an attacker to execute arbitrary Python code by manipulating input...
Missing Authentication For Critical Function
marimo is vulnerable to Missing Authentication For Critical Function. The vulnerability is due to missing authentication validation in the /terminal/ws WebSocket endpoint, which allows an attacker to establish a shell and execute arbitrary system commands without authentication...
MLflow Is Vulnerable To An Authorization Bypass Affecting The AJAX Endpoint
MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint used to download saved model artifacts. Due to missing access‑control validation, a user without permissions to a given experiment can directly query this endpoint and retrieve model artifacts they are not authorized to...
Authentication Bypass
GenieACS is vulnerable to Authentication Bypass. The vulnerability is due to missing authentication checks in the NBI API endpoint, which allows an attacker to access the API without proper authorization...
Authentication Bypass
ajenti.plugin.core is vulnerable to Authentication Bypass. The vulnerability is due to improper enforcement of password authentication when 2FA is enabled, which allows an attacker to bypass login controls and gain unauthorized access...
Ajenti.plugin.core Has Race Conditions In 2FA
Impact If the 2FA was activated, it was possible during a short moment after the authentication of an user to bypass its authentication. Patches This is fixed in the version 0.112. Users should upgrade to this version as soon as possible...
Server-Side Request Forgery (SSRF)
pyLoad is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to missing validation of redirect targets during URL fetching, which allows an attacker to supply a crafted URL that redirects to internal resources and bypass SSRF protections...
Arbitrary Code Execution
Lupa is vulnerable to Arbitrary Code Execution. The vulnerability is due to inconsistent enforcement of attributefilter when attributes are accessed via built-in functions like getattr and setattr, allowing attackers to bypass restrictions and potentially achieve arbitrary code execution...
Pypdf: Manipulated XMP Metadata Entity Declarations Can Exhaust RAM
Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. Patches This has been fixed in "pypdf==6.10.0" https://github.com/py-pdf/pypdf/releases/tag/6.10.0. Workarounds If you cannot upgrade yet, consider applying th...
Improper Output Handling
Apache Log4j is vulnerable to Improper Output Handling. The vulnerability is due to JsonTemplateLayout generating invalid JSON when processing non-finite floating-point values e.g., NaN, Infinity, which are not compliant with RFC 8259, allowing attacker-controlled data in log events to produce...
Denial Of Service (DoS)
Apache Cassandra is vulnerable to Denial Of Service DoS. The vulnerability is due to inefficient handling of repeated password change operations, which allows an attacker to trigger increased query latency and degrade system performance...
Sensitive Information Disclosure
Apache Cassandra is vulnerable to Sensitive Information Disclosure. The vulnerability is due to storing sensitive data such as passwords in plaintext within the cqlsh history file, which allows an attacker with local access to read and retrieve sensitive information...