Path Traversal

paddlepaddle is vulnerable to Path Traversal. The vulnerability is due to insufficient input validation, allowing attackers to manipulate file paths and overwrite arbitrary files on the system...

Insecure Deserialization

nGrinder is vulnerable to Insecure Deserialization. The vulnerability is caused due to a lack of proper input filtering during Java object deserialization within Connector.java. Specifically, unauthenticated users could submit serialized Java objects, leading to the potential execution of arbitra...

Denial Of Service (DoS)

Squid is vulnerable to Denial of Service via HTTP Chunked Decoder. The vulnerability is due to an uncontrolled recursion bug in the HTTP Chunked decoder in Squid. This bug allows a remote attacker to cause Denial of Service by sending a crafted, chunked, encoded HTTP message...

Sensitive Information Disclosure

Apache Linkis is vulnerable to Sensitive Information Disclosure. The vulnerability is caused by the inclusion of sensitive information password in the log statement. This potentially leads to exposure to sensitive information...

Insufficient Permission Validation

getgrav/grav is vulnerable to Insufficient Permission Validation. The vulnerability is due to enabling regular users with page creation privileges to access the Frontmatter feature when the datajsonheaderform parameter is included in the POST body while creating a page. The vulnerability is also...

Use Of Cache Containing Sensitive Information

Shopware is vulnerable to Use of Cache Containing Sensitive Information. The vulnerability is due to caching 404 pages with Session Cookies set in the cached response which is used by the Session Handler. This can allow an attacker to access the page with 404 response and steal the session cookie...

Cross Site Scripting(XSS)

esphome is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to unsanitized data being served with Content-Type: text/html; charset=UTF-8 in the API dashboard through Edit configuration file API. It allows a remote authenticated user to inject arbitrary web scripts and potentially...

Improper Authorization

github.com/IceWhaleTech/CasaOS-UserService is vulnerable to Improper Authorization. The vulnerability is due to improper path filtering in the URL of user avatar image files. The regular expression used in the code snippet fails to sufficiently restrict access, allowing unauthorized actors to...

Improper Authorization

github.com/1Panel-dev/1Panel/ is vulnerable to Improper Authorization. The vulnerability is due to insufficient access controls, allowing attackers to exploit the application to gain unauthorized access to the console page...

Username Enumeration

github.com/icewhaletech/casaos-userservice is vulnerable to Username Enumeration. The vulnerability is due to a disclosure of information in the application response with the error message 'User does not exist' or "Invalid password" providing a means for attackers to identify valid usernames,...

Deserialization Of Untrusted Data

org.apache.inlong/inlong-manager is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to improper handling of user-supplied input in AuditServiceImpl.java. The attacker can read arbitrary files by exploiting this vulnerability...

Improper Authorization

Plone is vulnerable to Improper Authorization. The vulnerability is caused due to improper access control checks, allowing remote attackers to view and list all files hosted on the website via sending a crafted request...

Cross Site Scripting

org.jenkins-ci.plugins:gitbucket is vulnerable to Cross Site Scripting. The vulnerability is due to inadequate sanitization of GitBucket URLs on build views, allowing attackers with job configuration access to exploit it...

Password Brute Force Attack

github.com/icewhaletech/casaos-userservice is vulnerable to Password Brute Force Attack. The vulnerability is due to a lack of control on login attempts missing a rate limit on login. This enables attackers to gain super user-level access to the server, allowing unauthorized access to the server...

Insufficiently Protected Credentials

github.com/cloudevents/sdk-go/v2 is vulnerable to Insufficiently Protected Credentials. The vulnerability is due to the improper use of cloudevents.WithRoundTripper, allowing the leakage of credentials to arbitrary endpoints when creating a cloudevents.Client with an authenticated http.RoundTripp...

Arbitrary Code Execution

RPyC is vulnerable to arbitrary code execution. The vulnerability is due to a flaw in the handling of the array attribute specifically when the server-side exposes a method that calls the attribute array for a client provided netref e.g., np.arrayclientnetref. A remote attacker can exploit this b...

Denial Of Service (DOS)

netresearch/jsonmapper and pocketmine/netresearch-jsonmapper is vulnerable to Denial Of Service. The vulnerability is due to there is no proper validation when constructing objects from scalar types. This flaw potentially leads to a server crash caused by malformed JSON...

Denial Of Service (DOS)

pocketmine/pocketmine-mp is vulnerable to Denial Of Service. The vulnerability is due to a lack of bounds checking when accessing inventory slots while calling function BaseInventory-getItem. This leads to an unhandled exception and potentially leads to Denial of service via malformed...

Improper Certificate Validation

github.com/hashicorp/vault is vulnerable to Improper Certificate Validation. The vulnerability is due to insufficient validation of client certificates when a non-CA certificate is configured as trusted. This flaw leads to authentication bypass using the TLS certificate auth method with non-CA...

Incorrect Authorization

Apache Archiva is vulnerable to Incorrect Authorization. The vulnerability is due to an issue that allows an unauthenticated attacker to modify account data, potentially leading to account takeover...

Incorrect Authorization

org.apache.archiva:archiva is vulnerable to Incorrect Authorization. The vulnerability is due to unauthorized users being able to register when registration is set to be disabled. This flaw potentially leads to an Access Restriction Bypass...

Denial Of Service

libheif.so is vulnerable to Denial Of Service. The vulnerability is due to improper handling of memory resources during the encoding process, allowing an attacker to trigger a denial of service attack...

Improper Authorization

github.com/stacklok/minder is vulnerable to Improper Authorization. The vulnerability due to improper input validation and insufficient access controls in handlersrepositories.go file by using GetRepository function, allowing users to manipulate the query parameters to access or delete repositori...

Side Channel Attack

libmbedtls.so is vulnerable to Side Channel Attack. The vulnerability is due to a miscalculation in a countermeasure to the Lucky 13 attack, allowing an active network attacker to partially recover plaintext of messages under specific conditions by exploiting timing measurements...

Cross Site Scripting (XSS)

sidekiq-unique-jobs is vulnerable to Cross Site Scripting XSS. The vulnerability is due to insufficient validation of user input in the filter functions, allowing a remote attacker to obtain sensitive information via a crafted URL, resulting in cross-site scripting XSS...

Cross Site Scripting

concrete5/concrete5 is vulnerable to Cross Site Scripting. The vulnerability is due to insufficient validation of administrator-provided data in the Name field of a Group type, allowing a rogue administrator to inject malicious code. This code may execute when users visit the affected page...

Denial Of Service (DOS)

ethabi is vulnerable to a recursive Denial of Service. The vulnerability is due to a recursive pointer issue, specifically related to handling deeply nested array structures in payloads, An attacker can trigger an OverflowError by creating a Python integer too large to convert...

Insecure Handling Of HTTP Requests

tomphttp/bare-server-node is vulnerable to Insecure handling of HTTP requests. The vulnerability is due to improper validation or sanitization of incoming HTTP requests, potentially allowing attackers to manipulate web traffic or perform other malicious activities...

Double Free

libyyjson is vulnerable to Double Free. The vulnerability is due to a lack of loop checks in the poolfree function of pool series allocator. This flaw allows an attacker to execute arbitrary code remotely, resulting in Denial of Service DoS attacks...

Heap-use-after-free

sixlabors.imagesharp is vulnerable to a Heap-use-after-free. The vulnerability is due to improper handling of specially crafted PNG image files during conversion in its PngDecoderCore.cs file's InitializeImage function, potentially leading to information disclosure...

Buffer Overflow

Qpdf is vulnerable to Heap Buffer Overflow. The vulnerability is due to improper handling in the std::sharedcount function at /bits/sharedptrbase.h, allowing attackers to crash the application by exploiting the heap buffer overflow...

Password Reset Bypass

Directus is vulnerable to Password Reset Bypass. The vulnerability is due to the password reset mechanism implementation combined with default database configurations in MySQL and MariaDB. This allows attackers in possession of a known email address to redirect a password reset email intended for...

Deserialization Of Untrusted Data

phpPgAdmin is vulnerable to a deserialization flaw in untrusted data, potentially leading to remote code execution. The vulnerability is due to user-controlled data being directly passed to the PHP 'unserialize' function in multiple instances. For example, the 'ma' POST parameter in the...

Authorization Bypass

github.com/zeromicro/go-zero is vulnerable to Authorization Bypass. The vulnerability is due to lack of proper origin validation in handlers.go file. The attacker can bypass CORS policy and retrieve user data...

Sql Injection

github.com/jackc/pgx is vulnerable to Sql Injection. The vulnerability is due to lack of sanitization of user-input. The attacker can exploit this vulnerability by injecting malicious sql queries...

Sensitive Information Disclosure

Directus is vulnerable to an Sensitive Information Disclosure. The vulnerability is due to insecure handling of version information, as the exact version number is included in compiled JS bundles that are accessible without authentication. This exposes potential information that a malicious...

Information Disclosure

@sentry/react-native is vulnerable to Information Disclosure. The vulnerability is due to allowing auth tokens to be set in the optional authToken configuration parameter. This flaw potentially leads to Information Disclosure when built into the application bundle and published...

Denial Of Service (DoS)

Clojure is vulnerable to Denial of Service DoS. The vulnerability is caused due to a lack of input validation in the clojure.core$partial$fn5920 function, which is part of the deserialization process. When an attacker manipulates the deserialization of inputs, they can exploit this function to...

Object Constructor And Prototype Override

jsonata is vulnerable to Object Constructor And Prototype Override. The vulnerability is due to a malicious expression leveraging the transform operator to override properties on the Object constructor and prototype. This may lead to denial of service, remote code execution, or other unexpected...

SQL Injection

Lparse-server is vulnerable to a SQL injection when configured to use the PostgreSQL database. The vulnerability is due to inadequate input validation, allowing malicious SQL queries to be injected, particularly when interacting with a PostgreSQL database...

HTTP Header Injection

FullStackHero.WebAPI.Boilerplate is vulnerable to HTTP Header Injection. The vulnerability is due to insufficient input validation in the forgotten password functionality. This allows an attacker to manipulate the host header and leak sensitive information...

Sql Injection

github.com/jackc/pgproto3 is vulnerable to Sql Injection. The vulnerability is due to an integer overflow in the calculated message size, allowing an attacker to cause a single query or bind message to exceed 4 GB in size. This enables the attacker to control how the large message is sent,...

Authentication Bypass

github.com/coder/coder/ is vulnerable to Authentication Bypass. The vulnerability is due to inadequate verification of email domains, allowing an attacker to create an account with an unauthorized email...

Denial Of Service (DoS)

jose4j is vulnerable to Denial of Service DoS. The vulnerability is due to insufficient validation of a large p2c PBES2 Count value, allowing attackers to trigger excessive CPU usage. This potentially leads to Denial of Service DoS...

Access Control Bypass

sulu/sulu is vulnerable to Access Control Bypass. The vulnerability is due to a misconfiguration or flaw in the implementation of role-based access controls, permission checks or security settings, enabling users to bypass intended restrictions, which can leads to a significant security risk...

Privilege Escalation

app-builder-lib is vulnerable to Privilege escalation. The vulnerability is due to NSExec searching the current directory of the installer before searching the system's PATH when making a system call to open cmd.exe in the .nsh installer script. This flaw allows an attacker to exploit the situati...

Cross-Site Scripting (XSS)

org.apache.ambari, ambari is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient validation and constraint enforcement, resulting in a stored XSS. This could potentially be exploited to perform unauthorized actions, ranging from unauthorized data access to session...

CVE-2023-6917

performancecopilot/pcp is vulnerable to Creation of Temporary File With Insecure Permissions. The vulnerability is due to the mixed privilege levels utilized by systemd services associated with the package. While certain services operate within the confines of limited user/group privileges, other...

Incorrect Default Permissions

apache-airflow is vulnerable to Incorrect Default Permissions. The vulnerability is due to authenticated Ops and Viewers users being able to view all information on audit logs, including DAG names and usernames they were not permitted to view...

Improper Access Control

docassemble.base and docassemble.webapp are vulnerable to Improper Access Control. The vulnerability is due to improper validation of user-supplied input through URL parameters. An attacker can gain unauthorized access to information on the system by manipulating URLs to bypass access controls...