Denial Of Service (DoS)

.NET is vulnerable to Denial of Service DoS.The vulnerability is due to resource leaks caused by specially crafted requests, which can result in Denial of Service attacks...

Improper Authentication

Apache Pulsar Proxy is vulnerable to Improper Authentication. The vulnerability is caused due to missing authorization checks in the /proxy-stats endpoint. This can lead to unauthorized access this sensitive endpoints, allowing attackers to view detailed connection statistics and potentially...

SMTP Smuggling

aiosmtpd is vulnerable to inbound SMTP smuggling. The vulnerability is due to interpretation differences of the SMTP protocol, enabling attackers to send spoofed emails with fake sender addresses, facilitating advanced phishing attacks...

Exposure Of Sensitive Information

go-vela/worker is vulnerable to Sensitive Information Exposure. The vulnerability is due to insecure handling of variable substitution, particularly in fields like parameters, image, and entrypoint, which can lead to unintended exposure of secrets during execution...

Open Redirect

directus is vulnerable to Open Redirect. This vulnerability is due to the lack of validation of the 'redirect' parameter in the authentication API, which can get exploited during the login process by redirecting users to a malicious site. Users can be tricked into divulging their passwords throug...

Sensitive Query Strings In GET Request

directus is vulnerable to the Use of a GET Request Method With Sensitive Query Strings. The vulnerability is due to the inclusion of session tokens in URLs, which are often logged in various places, posing a security risk. Attackers gaining access to these logs may hijack active user sessions,...

Improper Input Validation

github.com/cosmos/cosmos-sdk is vulnerable to Improper Input Validation. The vulnerability is due to inadequate validation in the ValidateVoteExtensions function within abciutils.go. This flaw allows attackers to exploit the ValidateVoteExtensions helper function by inferring total voting power...

Unsafe Reflection

stimulusreflex is vulnerable to Unsafe Reflection. The vulnerability is due to insufficient validation of methods that can be called on Reflex instances. This vulnerability allows attackers to execute methods not intended for client-side interaction...

Path Traversal

Jenkins HTML Publisher Plugin is vulnerable to Path Traversal. The vulnerability is caused due to insufficient restrictions on the FOLLOWSYMLINKS variable within HtmlPublisher.java. The lack of finalization and the ability to change this variable via script during runtime allows attackers with...

Cross Site Scripting (XSS)

Phlex is vulnerable to a cross-site scripting XSS. The vulnerability is due to improper case-sensitivity checks, rendering an tag with a user-provided link in the href attribute within the sgml.rb file, resulting in the execution of JavaScript when clicked on by another user...

Improper Authorization

org.jenkins-ci.plugins:docker-build-step is vulnerable to Improper Authorization. The vulnerability is due to inadequate permission validation, allowing attackers with Overall/Read permission to connect to attacker-specified TCP or Unix socket URLs and reconfigure the plugin using provided...

Cross-site Scripting (XSS)

Jenkins OWASP Dependency-Check Plugin is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper vulnerability metadata sanitization from Dependency-Check reports. An attacker can inject malicious scripts that may be executed in the context of the user's browser session by...

Cross-site Scripting (XSS)

Jenkins iceScrum Plugin is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the lack of sanitization of iceScrum project URLs on build views. An attacker can inject malicious scripts if they are able to configure jobs...

Session Fixation

github.com/zitadel/zitadel is vulnerable to Session Fixation. The vulnerability is due to the mishandling of a cookie with subdomains of the ZITADEL instance. While the cookie was initially handled following best practices, its accessibility on subdomains creates a potential security risk, allowi...

Cross Site Scripting(XSS)

Jenkins HTML Publisher Plugin is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper input sanitization, allowing attackers with Item/Configure permission to execute XSS attacks and determine the existence of paths on the Jenkins controller file system...

Cross Site Request Forgery (CSRF)

org.jenkins-ci.plugins: docker-build-step is vulnerable to Cross Site Request Forgery CSRF. The vulnerability is due to inadequate validation of user inputs, allowing attackers to connect to an attacker-specified TCP or Unix socket URL and reconfigure the plugin using provided connection test...

Information Disclosure

com.sonymobile.jenkins.plugins.mq, mq-notifier is vulnerable to Information Disclosure. The vulnerability is due to logging potentially sensitive build parameters as part of debug information in build logs by default, which could lead to the unintentional exposure of sensitive data...

Cross-Site Scripting

org.jenkins-ci.plugins, build-monitor-plugin is vulnerable to Cross-site Scripting XSS. The vulnerability is due improper sanitization of Build Monitor View names, which allows attackers with the ability to configure Build Monitor Views to inject malicious scripts into the view name...

Improper Access Control

GitLab is vulnerable to Improper Access Control. The vulnerability is due to an authorization bypass affecting gitlab. An attacker could exploit this by utilizing a crafted payload in an old feature branch to bypass CODEOWNERS and perform malicious actions...

Infinite Loop

FRRouting is vulnerable to Infinite Loop. The vulnerability is due to a Loop with Unreachable Exit Condition in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. An attacker can exploit this by sending specially crafted hello messages with the unicast...

Denial Of Service (DoS)

FRRouting is vulnerable to Denial of Service DoS. The vulnerability is due to an attempted access to a missing attribute field in the ospfteparsete function in ospfd/ospfte.c in FRRouting FRR through version 9.1. Remote attackers can exploit this vulnerability by sending a malformed OSPF LSA...

Infinite Loop

NLnet Labs Unbound is vulnerable to Infinite Loop. The vulnerability is due to a certain code path in Unbound which can lead to an infinite loop, causing denial of service. Due to an unchecked condition, the code trimming the text of the EDE records could loop indefinitely. This occurs when Unbou...

Session Replay Attack

libosdp is vulnerable to a Session Replay Attack. The vulnerability is due to the lack of validation for RMACI messages in response to osdpSCRYPT, and the allowance of SCS14 on encrypted connections. Attackers with man-in-the-middle access can intercept RMACI replies during a session and replay...

Server-Side Request Forgery (SSRF)

RSSHub is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to SSRF vulnerabilities in RSSHub, enabling remote attackers to utilize the server as a proxy for sending HTTP GET requests to arbitrary targets. This could result in retrieving information from the internal networ...

Cross Site Scripting(XSS)

djangomarkdownx is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to insufficient sanitization of JavaScript elements in the upload functionality, allowing an attacker to store a specially crafted JavaScript payload...

Cross-site Scripting (XSS)

rsshub is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the internal media proxy failing to sanitize specially crafted images, which allows an attacker to upload an image resulting in XSS. This allows for the execution of arbitrary JavaScript code. Users accessing a...

XML Entity Expansion

libexpat is vulnerable to XML Entity Expansion. The vulnerability is caused due to insufficient input validation and handling of external entities in the XML parser. This allows an attacker to perform an XML Entity Expansion attack...

Privilege Escalation

libbcc is vulnerable to Privilege Escalation. The vulnerability is caused by a missing check for file existence and ownership validation within kbuildhelper.cc. This potentially leads to unauthorized access or privilege escalation...

Denial Of Service (DoS)

JWX is vulnerable to Denial of Service DoS. The vulnerability is caused due improper checking of the decompressed data size, allowing an attacker to craft a malicious input with an exceptionally high compression ratio, leading to a Denial of Service DoS condition by consuming excessive memory...

Path Traversal

WeasyPrint is vulnerable to Path Traversal. The vulnerability is due to improper validation mechanisms in the urlfetcher function, which fails to restrict the inclusion of arbitrary local files and URLs in the generated PDF documents. This flaw allowing an attacker to include or traverse to files...

Cross-site Scripting (XSS)

org.jenkins-ci.plugins, htmlpublisher is vulnerable to Cross-Site Scripting. The vulnerability is due to publishReports function within HtmlPublisher.java not having proper input sanitization, This flow allows attackers with Item/Configure permission to inject malicious scripts into job names,...

Improper Access Control

org.jenkins-ci.plugins, cloudbees-bitbucket-branch-source is vulnerable to Improper access control. The vulnerability is due to flaw in the authorization mechanism in the trust policy "Forks in the same account" allowing changes to Jenkinsfiles from users without write access to the project when...

Heap-based Buffer Overflow

libgpac.so is vulnerable to Heap-based Buffer Overflow. The vulnerability is due to improper input size validation within the ffwrite component function in utils/osfile.c, which allows remote attackers to execute arbitrary code or cause a Denial of Service DoS through crafted input...

Null Pointer Deference

libgpac.so is vulnerable to Null Pointer Deference. The vulnerability is due to the gfdashsetupperiod function within dashclient.c which has no validation when parsing DASH manifest files to ensure values are non-null before accessing their properties. This flaw allow attackers to craft malicious...

Command Injection

github.com/1panel-dev/1panel is vulnerable to Command Injection. The vulnerability is caused due to a lack of proper input validation in the "Path" argument, This flaw allows an attacker to manipulate the "Path" and inject arbitrary commands and can potentially lead to Command Injection...

Use After Free

chromiumsid is vulnerable to Use After Free. The vulnerability is due to improper handling of memory after it has been freed, allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Inappropriate Implementation

Google Chrome is vulnerable to Inappropriate Implementation. The vulnerability is due to an implementation error in the V8 engine, allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Out Of Bounds Memory Access

chromium is vulnerable to Out Of Bounds Memory Access . The vulnerability is due to a flaw in the V8 JavaScript engine, allowing a remote attacker to perform out-of-bounds memory access via a crafted HTML page...

Improper Access Control

GitLab is vulnerable to Improper Access Control. The vulnerability is due to an authorization bypass affecting gitlab. An attacker could exploit this by utilizing a crafted payload in an old feature branch to bypass CODEOWNERS and perform malicious actions...

Improper Authorization

GitLab is vulnerable to Improper Authorization. The vulnerability is due to a privilege escalation flaw in GitLab. Users with a custom role of managegroupaccesstokens could rotate group access tokens with owner privileges, allowing them to escalate their privileges within the system...

Sensitive Information Exposure

Thunderbird is vulnerable to Sensitive Information Exposure. The vulnerability is due to the encrypted subject of an email message being incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. This could lead to the accidental leakage of confidential...

Improper Access Control

GitLab is vulnerable to Improper Access Control. The vulnerability is due to improper authorization in GitLab. Group members with sub-maintainer roles were able to change the title of privately accessible deploy keys associated with projects in the group, which they should not have permission to...

Denial Of Service (DoS)

iNet wireless daemon IWD is vulnerable to Denial of Service. The vulnerability is due to initialization issues in situations where parsing of advertised service information fails, leading to a denial of service daemon crash or potentially other unspecified impacts...

Data Amplification

github.com/go-jose/go-jose is vulnerable to Data Amplification. The vulnerability due to insufficient checks or controls in the handling of compressed data within the Decrypt or DecryptMulti functions. Specifically, when an attacker sends a JSON Web Encryption JWE containing compressed data, the...

OS Command Injection

paddlepaddle is vulnerable to OS Command Injection. The vulnerability is due to insufficient URL encoding in the scraping command implemented, allowing potential attackers to execute arbitrary commands on the host system, resulting in Command Injection...

Path Traversal

pgadmin4 is vulnerable to Path Traversal. The vulnerability is due to Insufficient Input Validation due to concatenating the sessions directory path with the session ID using the os.path.join function, without setting a trusted base path, allowing an attacker to manipulate the session ID and...

Denial Of Service (DoS)

jose is vulnerable to Denial Of Service DoS. This vulnerability is due to a flaw in the support for decompressing plaintext post-decryption. An attacker can exploit a scenario with exceptionally high compression ratios, leading to JWE token lengths falling below application-defined limits. This...

Remote Code Execution (RCE)

paddlepaddle is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of user input in the HDFSClient class within fs.py.This allows an attacker to execute arbitrary commands by injecting malicious input, resulting in Code Injection...

Improper Authorization

github.com/grafana/grafana/ is vulnerable to Improper Authorization. The vulnerability is due to the API allowing the creation of a data source with a universal identifier UID, granting unintended access to all organization data sources...

Command Injection

paddlepaddle is vulnerable to Command Injection. The vulnerability is caused due to the lack of proper input validation in the user-supplied data savepath and name parameters, which are directly incorporated into the subprocess call. This can lead to command injection...