Cross-Site Scripting

liferay portal is vulnerable to cross-site scripting XSS. The vulnerability is due to improper input validation in the portlet.js module of the Frontend JS library. This flaws allowing attackers to inject arbitrary web script or HTML via the anchor hash part of a URL...

Cross-Site Scripting

Liferay Portal is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to insufficient input validation. This flaw allowing a remote attackers to inject arbitrary web script or HTML via the comliferayrolesadminwebportletRolesAdminPortlettabs2 parameter on the add assignees t...

Cross-Site Scripting

liferay portal is vulnerable to stored cross-site scripting XSS. The vulnerability is due to improper validation of the filename of an attachment in the Message Board widget, allowing remote authenticated users to inject arbitrary web script or HTML...

Cross-Site Scripting

liferay.portal are vulnerable to stored cross-site scripting XSS. The vulnerability is due to improper input validation in the Dynamic Data Mapping module's DDMForm, allowing remote authenticated users to inject arbitrary web script or HTML via the instanceId parameter...

Missing Encryption

github.com/cilium/cilium is vulnerable to Missing Encryption. The vulnerability is due to a lack of encryption to/from the Ingress and health endpoints when CRDs are used to store the Cilium state and Wireguard transparent encryption is enabled, which allows an attacker to eavesdrop on the...

Open Redirect

com.liferay.portal, release.dxp.bom is vulnerable to Open Redirect. The vulnerability is caused due to allowing user supplied input in URLs as a redirect target and not sanitizing the user supplied input in the adaptive media administration page. This allows remote attackers to redirect users to...

Invalid Memory Access

firefox is vulnerable of Invalid Memory Access. The vulnerability due to incorrect object was checked for NULL in the built-in profiler which potentially leads to invalid memory access and undefined behavior...

Cache Poisoning

firefox is vulnerable to Cache Poisoning. The vulnerability is due to incorrect sharing of cache between the fetch API and navigation, as the cache key does not include optional headers that fetch may contain. It allows an attacker could potentially poison the local browser cache by priming it wi...

Buffer Overflow

Firefox and Thunderbird are vulnerable to Buffer Overflow. The vulnerability is due to memory safety issues, some of which indicate evidence of memory corruption. It is presumed that with sufficient effort, these bugs could be exploited to execute arbitrary code...

Incorrect Code Generation

Firefox, Firefox ESR, and Thunderbird are vulnerable to incorrect code generation. The vulnerability is due to incorrect code generation, specifically affecting 32-bit ARM devices. This issue could result in unexpected numeric conversions and potential undefined behavior...

Unexpected Mouse Re-positioning

Firefox, Firefox ESR, and Thunderbird are vulnerable to unexpected mouse re-positioning. The vulnerability is due to a combination of exiting fullscreen mode and using requestPointerLock on a malicious website. This could lead to the user's mouse being re-positioned unexpectedly, causing confusio...

Arbitrary Code Injection

Firefox, Firefox ESR, and Thunderbird are vulnerable to Arbitrary Code Injection. The vulnerability is due to the incorrect honoring of Set-Cookie response headers in multipart HTTP responses. If an attacker could manipulate the Content-Type response header and control part of the response body,...

Integer Overflow

dav1d is vulnerable of integer overflow. The vulnerability due to improper memory allocation in dav1d AV1 decoder that can occur when decoding videos with large frame size. it could indeed lead to memory corruption and pose a security risk...

Permission Dialog Overlapping

Firefox and Thunderbird are vulnerable to Permission Dialog Overlapping. The vulnerability is due to portions of a large custom cursor set by a website potentially overlapping with the permission dialog in Firefox and Thunderbird. This could lead to user confusion and unexpected granted permissio...

Fullscreen Notification Obscuring

Firefox and Thunderbird are vulnerable to Fullscreen Notification Obscuring. The vulnerability is due to a website being able to obscure the fullscreen notification by using a dropdown select input element. This could lead to user confusion and possible spoofing attacks in Firefox and Thunderbird...

Potential Security Threat

firefox-esr is vulnerable to a Potential Security Threat. The vulnerability is due to due to insufficient validation of user input during a sequence of API calls and redirects, enabling an attacker to control and display a malicious alert dialog on another website, with the victim website's URL...

Out-of-Bounds Memory Read

Firefox and Thunderbird are vulnerable to Out-of-Bounds Memory Read. The vulnerability is due to confusion in the length of buffers when storing and re-accessing data on a networking channel, resulting in an out-of-bounds memory read...

Denial Of Service

nodejs:sid is vulnerable to Denial Of Service. The vulnerability is due to the HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, this server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk...

Timing Side Channel Attack

NodeJS is vulnerable to Timing Side Channel Attack. The vulnerability is caused due to a defect in privateDecrypt API of the crypto library during PKCS1 v1.5 padding error handling where there is a significant timing differences in decryption for valid and invalid ciphertexts. An attackers can...

Remote Code Execution (RCE)

Apache DolphinScheduler is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of user input, allowing attackers to execute arbitrary code...

Cross Site Scripting (XSS)

@serenity-is/corelib is vulnerable to Cross Site Scripting XSS. The vulnerability is caused by improper URL validation within LoginPage.tsx because it fails to ensure that URLS don't start with a forward slash /, enabling malicious email links to execute unauthorized scripts...

Man-in-the-Middle

mantisbt/mantisbt is vulnerable to Man-in-the-middle Attack. The vulnerability is due to Inadequate security checks in the password reset flow, allowing an unauthenticated attacker to manipulate the password reset link sent in the notification email to gain unauthorized access to the user's accou...

Improper Certificate Validation

org.apache.dolphinscheduler: dolphinscheduler-common is vulnerable to Improper Certificate Validation. The vulnerability is due to a lack of certificate verification in the HttpUtils class. This allows an attacker to perform a Man-in-the-Middle MITM attack by impersonating the server...

Insecure Deserialization

org.apache.camel:camel-cassandraql is vulnerable to Insecure Deserialization. The vulnerability is due to insufficient validation of serialized objects, which can be exploited by attackers to execute arbitrary code...

Incorrect Authorization

liferay portal is vulnerable to Incorrect Authorization. The vulnerability is caused due to not restricting membership of a child site when the Limit membership to members of the parent site option is enabled. This allows remote authenticated users to add users who are not a member of the parent...

Insecure Deserialisation

org.apache.camel:camel-sql is vulnerable to Insecure Deserialisation. The vulnerability is due to insufficient validation of serialized objects, which can be exploited by attackers to execute arbitrary code...

XML External Entity (XXE)

liferay portal vulnerable to XML External Entity XXE. The vulnerability is due toJava2WsddTask.format method, which allows attackers with permission to deploy widgets/portlets/extensions to obtain sensitive information or consume system resources...

Arbitrary File Read

electron-pdf is vulnerable to Arbitrary File Read. The vulnerability due to the improper input application when validating the HTML content, allowing an attacker to remotely obtain arbitrary local files by injecting malicious HTML content...

Session Fixation

Apache DolphinScheduler is vulnerable to Session Fixation. The vulnerability is due to to a lack of proper session management within LoginController.java. If a user changes their password, the old session is not deactivated...

Cross-site Websocket Hijacking (CSWSH)

meshcentral is vulnerable to Cross-site Websocket HijackingCSWSH. The vulnerability is due to missing origin checks when using the control.ashx endpoint in MeshCentral. If an attacker can convince an admin end-user to click on a malicious link, they then can access the control.ashx admin panel...

Denial Of Service (DoS)

github.com/cosmos/cosmos-sdk is vulnerable to Denial Of Service. The vulnerability is due to the handling of non-sequential sequence numbers by the default PrepareProposalHandler and SenderNonceMempool, potentially allowing invalid blocks to be proposed under certain conditions...

Cross-site Scripting (XSS)

decidim is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper handling of file names during dynamic file uploads. This allows attackers to craft malicious file names that get stored in the database and executed when viewed by other users...

Arbitrary File Read

org.apache.dolphinscheduler: dolphinscheduler-datasource-mysql is vulnerable to Arbitrary File Read. The vulnerability is due to a lack of input validation within MySQLDataSourceProcessor.java, which allows an attacker to manipulate file-related parameters or input in a way that allows them to...

Race Condition

decidim is vulnerable to a Race Condition. The vulnerability is due to the system's inability to handle multiple parallel requests for endorsing a resource, such as a proposal, allowing an attacker to endorse the same resource multiple times...

Insufficiently Random Values

dfinity/auth-client and dfinity/identity are vulnerable to insecure key generation. The vulnerability is due to the Ed25519KeyIdentity.generate function as it uses an insecure seed for key pair generation when no seed value is provided. This flaw breaks the guarantee of secure randomness and can...

Missing Certificate Validation

apacheairflowprovidersmongo is vulnerable to Missing Certificate Validation. The vulnerability is due to the default inclusion of the allowinsecure option when SSL was enabled. This flaw resulted in certificates not being properly validated...

Cross-Site Request Forgery (CSRF)

decidim-templates is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to the CSRF authenticity token check being disabled for the questionnaire templates preview. This flaw allows attackers to gain access to information which was not meant to be public...

Broken Access Control

org.springframework.security: spring-security-core is vulnerable to Broken Access Control. The vulnerability is due to incorrectly retuning a true return value from the AuthenticationTrustResolver.isFullyAuthenticated method when a null authentication parameter is passed to it. This can result in...

Invitation Token Circumvention

deviseinvitable is vulnerable to Invitation Token Circumvention. The vulnerability is due to improper validation of the expiry period of pending invitations, allowing attackers to accept invitations indefinitely through the password reset functionality...

Missing Encryption

github.com/cilium/cilium is vulnerable to Missing Encryption between pods. The vulnerability is caused when external key-value store kvstore and Wireguard transparent encryption are enabled. If an attacker has access to the underlying cluster they can intercept sensitive traffic between pods,...

Improper Input Validation

github.com/cosmos/cosmos-sdk is vulnerable to Improper Input Validation. The vulnerability is due to a lack of BlockedAddressed validation in the x/auth/vesting module which would prevent the creation of a periodic vesting account. If triggered, there is the potential for a chain halt if the...

Privilege Escalation

nodejs is vulnerable to Privilege Escalation. The vulnerability is due to a bug in the implementation of the exception of CAPNETBINDSERVICE, Node.js incorrectly applies this exception even when other capabilities have been set. It potentially allows unprivileged users to execute code with elevate...

Side-Channel Attack

opensc is vulnerable to Side-Channel Attack. The vulnerability due to the lack of side-channel resistance in the removal of PKCS1 encryption padding. Which leads to unauthorized disclosure or potential leakage of private data...

Improper Authentication

iNet wireless daemon IWD is vulnerable to Improper Authentication. The vulnerability is due to an oversight that allows attackers to exploit the EAPOL handshake process by skipping Msg2/4 and sending Msg4/4 with an all-zero key, thereby gaining unauthorized access to a protected Wi-Fi network...

Side Channel Attacks

libmbedtls.so is vulnerable to plain text recovery via side-channel attacks. The vulnerability is due to the ability of local users to achieve partial plaintext recovery for a CBC based ciphersuite via measuring the time it takes to perform certain cryptographic operations. An attacker can gather...

Host Header Injection

pimcore/admin-ui-classic-bundle is vulnerable to Host Header Injection. The vulnerability is caused due to unsafely using the host header from incoming HTTP requests when generating URLs in the function invitationLinkAction within UserController.php , specifically in the way $loginUrl trusts user...

Denial Of Service (DoS)

cbor2 is vulnerable to Denial of Service DoS. The vulnerability is due to missing exit code checks when computing a cbor2 hash, allowing an attacker to send a sufficiently long object during CBOR binary parsing, resulting in Denial of Service Dos...

Sql Injection

org.postgresql, postgresql is vulnerable to Sql Injection. The vulnerability is caused due to not escaping user provided literal parameter values in SQL query when using configuration option PreferQueryMode=SIMPLE. An attacker can exploit this vulnerability to inject SQL to alter the query by...

Regular Expression Denial Of Service (ReDoS)

urlite is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due a regex with inefficient complexity within lib/pattern.js which is utilized by the parse function. An attacker can submit a crafter payload to the parse function which leads to Regular Expression Denial o...

Denial Of Service (DoS)

org.apache.commons: commons-compress is vulnerable to Denial Of Service DoS. This vulnerability is caused when uncompressing a corrupted PAC200 archive, which results in Denial of Service by consuming excessive system resources...