Insecure Default Initialization Of Resource

github.com/cometbft/cometbft is vulnerable to Insecure Default Initialization Of Resource. The vulnerability is due to insufficient default values for EvidenceParams.MaxAgeNumBlocks and EvidenceParams.MaxAgeDuration consensus parameters, leading to premature expiration of evidence and potential...

Sensitive Information Disclosure

Apache Superset is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper error handling when an authenticated user with privileges to create an Alerts generates a specially crafted SQL statement that triggers an error on the database which is not properly handled...

SQL Injection

intelliants/subrion is vulnerable to SQL Injection. The vulnerability is due to unsanitized user-controlled data used while constructing a query. This allows attackers to manipulate sql queries and execute arbitrary sql commands...

Incorrect Authorization

Apache Superset is vulnerable to Incorrect Authorization. The vulnerability is due to improper access check where a low privilege authenticated user could import an existing dashboard or chart that they do not have access to and then modify its metadata, thereby gaining ownership of the object...

Denial Of Service (DoS)

Rack is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of Range headers, allowing an attacker to craft headers in a way that results in an unexpectedly large response, which can result in Denial of Service DoS...

Access Control Bypass

mezzanine is vulnerable to an Access Control Bypass. The vulnerability is caused by a crafted request to the admin panel allowing unauthorized individuals to bypass restrictions and potentially gain unauthorized access...

Slashing Evasion Through Re-Delegation

github.com/cosmos/cosmos-sdk is vulnerable to slashing evasion during re-delegation. The vulnerability is due to an issue in the slashing mechanism that allows delegations contributing to byzantine behavior of a validator to evade slashing penalties through re-delegation, if the validator has not...

Cross-Site Scripting(XSS)

YARD is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of user input within the frames.erb template file, allowing an attacker to inject arbitrary JavaScript into the page...

Missing Permission Checks

com.hazelcast:hazelcast is vulnerable to Missing Permission Checks. The vulnerability is due to some client operations not checking permissions properly. This flaw allowing authenticated users to access data stored in the cluster...

Denial Of Service

rack is vulnerable to a Denial of service. The vulnerability is due to header parsing routines being susceptible to carefully crafted headers, which can cause the parsing process to take longer than expected, leading to a possible denial of service issue. This specifically impacts the Accept and...

XML External Entity

org.apache.ambari.contrib.views:wfmanager is vulnerable to XML External Entity XXE injection. The vulnerability is due to improper validation of user input, specifically within the Oozie Workflow Scheduler, allowing for root-level file reading and privilege escalation from low-privilege users...

Improper Authorization

apache-superset is vulnerable to Improper Authorization. The vulnerability is due to a user with custom roles that include can write on dataset which allows them to create virtual datasets to data they don't have access to. These users could then use those virtual datasets to get access to...

Improper Authorization

apache-superset is vulnerable to Improper Authorization. The vulnerability is due to improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization...

Authentication Bypass

flaskappbuilder is vulnerable to Authentication Bypass. The vulnerability is due to the manipulation of authentication requests to deceive the backend into utilizing any specified OpenID service, which allows an attacker to forge an HTTP request to gain unauthorized privileged access. Note that...

Improper Neutralization

apache-superset is vulnerable for Improper Neutralization. The vulnerability is caused by a guest user sending syntactically incorrect SQL statements to the chart data rest api. When the API returns an error, sensitive analytic database information is leaked...

Denial Of Service (DOS)

NodeJS is vulnerable to Denial Of Service DOS. The vulnerability is caused due the fact that the fetch function in Node.js always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. An attacker controlling the URL passed int...

Improper Privilege Management

MinIO is vulnerable to Improper Privilege Management. The vulnerability is caused due to an improper access control checks where the access key hierarchy in MinIO allows the creation of access keys that inherit permissions from the parent key, enabling the override of s3 permissions, including...

Improper Access Control

LakeFS is vulnerable to Improper Access Control. The vulnerability is due to improper permission validation, enabling users with ci:ReadAction to access unauthorized data by copying objects to accessible paths...

SMTP Smuggling

Apache James is vulnerable to SMTP Smuggling. The vulnerability is due to the lenient behavior in line delimiter handling which creates a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to bypas...

Double Free

microsoft.azure.uamqp is vulnerable to Double Free. The vulnerability is due to an incorrect AMQPVALUE failed state resulting in a double free exception and possible remote code execution...

Session Token Disclosure

activestorage is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the Set-Cookie header getting cached when serving blobs if Rails is behind a proxy. Certain proxies may cache the Set-Cookie header, which can result in a users session being disclosed to another user...

Header Injection

org.apache.james: apache-mime4j-core is vulnerable to Header Injection. The vulnerability is due to improper input validation when using MIME4J DOM to compose messages, which allows an attacker to add unintended headers to MIME messages...

Regular Expression Denial Of Service (ReDoS)

rack is vulnerable to a Denial Of Service. This vulnerability is due the handling of content type parsing which utilizes a regex pattern with inefficient complexity, which allows attackers to launch DoS attacks...

Path Traversal

onnx is vulnerable to Path Traversal. The vulnerability is due to a flaw in the handling of the externaldata field of the tensor proto, allowing paths to files outside the model's current directory or user-provided directory...

Cross-Site Request Forgery (CSRF)

bagisto/bagisto is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due missing REST route validation, which allows an attacker to execute unauthorized code through manipulated requests...

Regular Expression Denial Of Service (ReDoS)

Rails is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient parsing of the Accept header, specifically due to the regular expression used to separate parameters. This potentially leads to Denial of Service DoS attacks. Note that this vulnerability is...

Cross-Site Scripting (XSS)

Rails is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of user input in the translation helpers, specifically in the handling of the default option. This flaw allows an attacker to inject malicious JavaScript code into the browser, resulting in Cross-Si...

Out-of-bounds Read

vyper is vulnerable to Out-of-bounds Read. The vulnerability is due to an excessively large value specified as the starting index for an array in abidecode, causing the read position to overflow. This potentially can leads to Information Disclosure or Denial of service...

NULL Pointer Dereference

pypopgenomics is vulnerable to NULL Pointer Dereference. The vulnerability is due to incorrect function calls missing arguments or wrongly typed arguments and redundant null pointers due to incorrect handling in C extensions...

Information Disclosure

Apache Camel is vulnerable to Information Disclosure. The vulnerability is due to improper validation for EventFactory implementations and the handling of ExchangeCreatedEvent instances. This flaw allows attackers to craft malicious EventFactory instances and provide custom ExchangeCreatedEvent...

Denial Of Service (DOS)

github.com/stacklok/minder is vulnerable to Denial-of-service. The vulnerability due to improper validation of repository IDs during registration. This allows an attacker to register a repository with an invalid or differing upstream ID, causing Minder to inaccurately report the repository as...

Cross-site Scripting (XSS)

Magento LTS is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input validation on form fields within File.php. This allows a low-privileged attacker to inject malicious scripts, resulting in Cross-site Scripting XSS...

Missing TTLS Encryption

github.com/edgelesssys/marblerun is vulnerable to Missing TTLS Encryption. The vulnerability is due to unsecured plain TCP connections between Marbles if the parameters don't include an environment variable. This flaw allows an attacker intercept and manipulate the communication between Marbles...

ReDoS (Regular Expression Denial Of Service)

scrapy is vulnerable to ReDoS Regular Expression Denial Of Service. The vulnerability is due to a Regular Expression with inefficient complexity which is used to parse XML content when utilizing the XMLFeedSpider class when scraping XML. If the class is utilized to scrape an attacker-controlled w...

Out-of-bounds Read

vyper is vulnerable to Out-of-bounds Read. The vulnerability is due to a flaw in the extract32 function, where providing a start index that updates the byte array may result in reading and returning dirty memory...

Denial Of Service(DoS)

suricata is vulnerable to Denial Of ServiceDoS . The vulnerability is due to consume excessive CPU and memory resources when processing crafted network traffic which could allow an attacker to craft traffic in a way that causes Suricata to consume excessive CPU and memory, leading to extreme...

Heap Use-after-free

Suricata is vulnerable to a Heap Use-after-free. The vulnerability is due to inadequate handling network traffic, particularly when the ruleset utilizes the http.requestheader or http.responseheader keyword, allows an attacker to still access and potentially manipulate or exploit that freed memor...

Allocation Of Resources Without Limits

Suricata is vulnerable to Allocation of Resources Without Limits. The vulnerability is due to excessive memory use during pgsql parsing in Suricata versions prior to 7.0.3, leading to Out-of-Memory OOM-related crashes...

Out-of-Bounds Read

libxpm.so is vulnerable to Out-of-bounds Read. The vulnerability is due to a boundary condition, allowing a local user to trigger an out of bounds read error and read memory contents from the filesystem...

Denial Of Service

jetty-http is vulnerable to Denial Of Service DoS. The vulnerability is due to GOAWAY frames failing to be written to the queue when there is TCP congestion within the server. An attacker can exploit idle timeout periods to leave HTTP/2 or 3 connections in the ESTABLISHED state, even when they...

Path Traversal

esphome is vulnerable to Path Traversal. The vulnerability is due to a lack of file extension validation within webserver.py. If the attacker can write arbitrary content to a file and the system processes that file as code, they might achieve Remote Code Execution RCE...

Information Disclosure

microsoft/microsoft-graph-core is vulnerable to Information Disclosure. The vulnerability is due to the inclusion of test code that enables the use of the phpInfo function, specifically through the GetPhpInfo.php script, which can expose sensitive system information if the server is misconfigured...

Denial Of Service (DOS)

LibHTP is vulnerable to Denial of Service. The vulnerability is due to excessive processing time of HTTP headers due to crafted traffic...

Authentication Bypass

com.linecorp.armeria: armeria-saml is vulnerable to Authentication Bypass. The vulnerability is due to improper filtering of SAML messages, allowing attackers to craft malicious messages to bypass authentication functionality...

Server-Side Request Forgery

langchain is vulnerable to Server-Side Request Forgery. The vulnerability is due to improper validation of URLs, allowing the inclusion of external links even when preventoutside is set to True, by not adequately comparing the domain of the base URL with the domain of the links being processed...

Unrestricted File Upload

Kirby is vulnerable to unrestricted file upload. The vulnerability is due to the absence of validation or checks for the file type or file extension during the upload process. This allows attackers to bypass server protections and upload files not intended for the upload target, potentially leadi...

Cross-site Scripting (XSS)

getkirby/cms is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient validation and sanitization of the URL input, allowing attackers to execute arbitrary JavaScript code in the user's context by embedding a malicious javascript: URL in the link target of a link button...

Arbitrary Code Execution

langchain is vulnerable to Arbitrary Code Execution. The vulnerability is due to lack of prohibition against the command execution attributes in palchain/base.py. The attacker can execute arbitrary commands via these attributes...

Cross-Site Scripting (XSS)

Kirby is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation of user input in the "Custom" link type, allowing the execution of arbitrary JavaScript code through the javascript: URL scheme, resulting in Cross-Site Scripting XSS...

Improper Input Validation

pretix is vulnerable to Improper Input Validation. The vulnerability is due to improper validation of files uploaded by users, which could allow attackers to upload malicious files and execute arbitrary code...