38191 matches found
Session Hijacking
github.com/hashicorp/boundary is vulnerable to Session Hijacking. The vulnerability is due to improper certificate validation. An attacker with privileges to enumerate the active active or pending sessions can obtain a session key and obtain a valid trust on the token. This results in an attacker...
Insufficient Entropy
github.com/consensys/gnark is vulnerable to Insufficient Entropy. The vulnerability is due to a flaw in randomness generation process which allows an attacker to generate a valid proof. The vulnerability allows a third party to derive a valid proof from a valid initial tuple. Note that the impact...
Stored Cross Site Scripting (XSS)
stimulsoft-dashboards-js is vulnerable to Cross Site Scripting. The vulnerability is due to improper sanitization for the ReportName field, which allows an attacker to create a stored XSS payload which remains active and is executed with specific user interactions, such as when a user clicks on t...
Cross Site Scripting (XSS)
stimulsoft-dashboards-js is vulnerable to Cross Site Scripting. The vulnerability is due to improper input validation in the search bar component, allowing a remote attacker to execute arbitrary code via a crafted payload...
Use After Free
libxml2 is vulnerable to Use After Free. The vulnerability is caused due to a lack of validation within the xmlTextReader module. When parsing a crafted XML document using the XML Reader interface with DTD validation and XInclude expansion enabled, a xmlValidatePopElement use-after-free exception...
Timing Attack
Cryptography is vulnerable to a Timing Attack. This vulnerability is due to the predictable structure of padding in ciphertexts during RSA encryption. This flaw enables an attacker to distinguish between different types of padding errors, potentially leading to the decryption of captured messages...
Improper Validation
vyper is vulnerable to Improper Validation. The vulnerability is caused due to a miscalculation in stack management during the compilation of the sha364 operation in the IR. This could allow an attacker to manipulate the input and exploit the error in stack management during compilation...
Side Channel Attack
github.com/containerd/containerd is vulnerable to Side Channel Attack. The vulnerability is caused due to an unprivileged access to Intel's RAPL Running Average Power Limit readings which provides software insights into hardware energy consumption. This can be exploited to mount power-based...
Account Spoofing
phpMyFAQ is vulnerable to User Account Spoofing. The vulnerability is due to the user removal page lacking backend validation, allowing an attacker to manipulate form details by intercepting the request via a proxy, which can allow an attacker to trick an admin into removing the account...
HTML Injection
Sulu is vulnerable to HTML Injection. The vulnerability is due to improper HTML sanitization within the the Tag name. The HTML is executed when the tag name is listed in the auto complete form...
Denial Of Service (DoS)
graphql-go is vulnerable to Uncontrolled Recursion. The vulnerability is caused due to improper malformed input checks within parser.go, which results in Denial Of ServiceDoS...
Arbitrary Code Execution
github.com/git-lfs/git-lfs is vulnerable to Arbitrary Code Execution. The vulnerability is due to Go preferring the current directory when the name of a command run does not contain a directory separator, in the case of Windows. This can result in arbitrary code execution if Git LFS operates on a...
Open Redirect
pyloadng is vulnerable to Open Redirect. The vulnerability is due to the issafeurl and getredirecturl functions within helpers.py improperly validating redirect URLs, which allows an attacker to redirect users to arbitrary domains after login...
Privilege Escalation
github.com/openshift/apiserver-library-go is vulnerable to Privilege Escalation. The vulnerability is caused due to improper input validation within strategy.go. This could allow low-privileged users to set the seccomp profile for pods they control to unconfined...
Denial Of Service (DoS)
github.com/ethereum/go-ethereum is vulnerable to github.com/ethereum/go-ethereum. The vulnerability is caused by a malicious GetProofsV2 request from a connected LES client. The vulnerability only concerns for users using the LES server...
Regular Expression Denial Of Service (ReDoS)
fastapi is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to the python-multipart dependency which utilized a Regex expression with inefficient complexity. An attacker can inject a malicious Content-Type header, which causes the application to hang while it...
Improper Input Validation
github.com/consensys/gnark is vulnerable to Improper Input Validation. The vulnerability is due to a lack of width validation in the range checker gadget. The Range checker allows inputs to be up to 16 bits wider than checked...
Authentication Bypass
github.com/square/go-jose is vulnerable to Authentication Bypass. The vulnerability is due to missing size checks resulting in CBC-HMAC integers overflowing on 32-bit architectures. This could lead to authentication bypass for CBC-HMAC encrypted ciphertexts...
Improper Cookie Management
1Panel is vulnerable to Improper Cookie Management. The vulnerability is due the HTTPS cookie which does not have the Secure keyword. If a user access the site using HTTP, the cookie will be sent in plain text...
Phishing Attack
phpmyfaq/phpmyfaq is vulnerability to a Phishing Attack. The vulnerability is due the functionality to share articles. This vulnerability allows an unauthenticated attacker to utilize the target application's email server to send thousands of phishing messages because the backend email address...
Denial Of Service (DoS)
Open Policy Agent is vulnerable to Denial Of Service DoS. The vulnerability is due to ast/parser.go which incorrectly interprets expression. This results in triggering out of range memory access, resulting in Denial of Service DoS...
Denial Of Service (DoS)
github.com/tendermint/tendermint is vulnerable to Denial Of Service DoS. The vulnerability is due to the makeHTTPClient function within httpclient.go automatically decompressing Gzip-compressed responses, without limitations on the size or content of the response body. This allows an attacker to...
Chain Split
github.com/ethereum/go-ethereum is vulnerable to Memory-Corruption. The vulnerability is due to mishandled memory copies during certain operations, like CALL-variants, leading to data corruption resulting in a consensus error and possible chain split...
Signature Malleability
github.com/consensys/gnark-crypto is vulnerable to Signature Malleability. The vulnerability is due to the deserialization process of EdDSA and ECDSA signatures which does not ensure that the data is in a certain interval. This can be exploited to mount a Signature Malleability attack...
Open Redirect
github.com/caddyserver/caddy is vulnerable to Open Redirect. The vulnerability is caused by the SanitizedPathJoin and directoryListing functions due to improper URL sanitization, allowing an attacker to craft a malicious URL resulting in open redirect...
Denial Of Service (DoS)
apimachinery is vulnerable to Denial Of Service DoS. The vulnerability is due to improper depth restrictions when parsing YAML or JSON. This issue can be exploited by an attacker via sending malicious YAML or JSON payloads to cause kube-apiserver to consume excessive CPU or memory, resulting DoS...
Denial Of Service (DoS)
github.com/tidwall/gjson is vulnerable to Denial Of Service DoS. The vulnerability is due to improper bounds checking during JSON parsing within gjson.go. This can leads to DoS if the application parses untrusted input...
Cross Site Scripting (XSS)
phpmyfaq/phpmyfaq is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper filename sanitization within phpMyFAQ\phpmyfaq\admin\attachments.php, allowing an attacker to execute arbitrary JavaScript code in the client side resulting in XSS...
Improper RPKI Origin Validation
github.com/cloudflare/cfrpki is vulnerable to Improper RPKI Origin Validation. The vulnerability is caused by emitting an invalid VRP MaxLength value through validator/lib/roa.go causing RTR sessions to terminate. This flaw allows an attacker disable RPKI Origin Validation which can result in BGP...
Insertion Of Sensitive Information Into Log File
github.com/elastic/beats is vulnerable to Insertion Of Sensitive Information Into Log File. The vulnerability is caused due to logging the raw event object in the WARN and ERROR level if the ingesting failed with any 4XX HTTP status code except 409 or 209. This can lead to insertion of sensitive ...
Cross Site Scripting (XSS)
antisamy is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper parsing of HTML when the preserveComments directive is enabled in the policy file. This issue can be exploited by an attacker to inject malicious JavaScript via comment tags...
Cross-Site Scripting (XSS)
dash-core-components are vulnerable to Cross Site Scripting XSS. The vulnerability is caused due to improper handling of the href attribute of the tag when the href attribute is controlled by an adversary. This allows an attacker to steal data that is visible to another user who opens a view...
Authentication Bypass
Central Dogma is vulnerable to Authentication Bypass. The vulnerability is due to improper sanitization of the relayState within the SAML request. This issue can be exploited by an attacker to leak user sessions thus leading to authentication bypass...
Server-Side Template Injection
Beetl is vulnerable to Server-Side Template Injection. The vulnerability is due to the blacklist filtering which can be bypassed by a user controlled template, leading to arbitrary code execution...
Insecure Cryptographic Algorithm
Ylianst MeshCentral is vulnerable to the use of an Insecure Cryptographic Algorithm. The vulnerability is due to the usage of the HMAC-MD5 algorithm, which allows an attacker to brute force the encrypted content...
Insecure Transport
go.etcd.io/etcd/client/pkg/v3 is vulnerable to Insecure Transport. The vulnerability is due to default weak ciphers configuration...
Local File Inclusion (LFI)
zmarkdown is vulnerable to Local File Inclusion LFI. The vulnerability is due to improper restrictions of images paths within LaTeX documents. This allowed an attacker to specify a local file path e.g., /tmp/img.png in the image markdown syntax which leads to Local File Inclusion LFI, resulting i...
Denial Of Service (DOS)
go.etcd.io/etcd is vulnerable to Denial of Service DoS The vulnerability is due to the parseCompactionRetention function within etcd.go improperly validating the retention input. An attacker can specify a negative retention which triggers continuous execution or repetitive processes, resulting in...
Improper Certificate Validation
go.etcd.io/etcd is vulnerable to Improper Certificate Validation. The vulnerability is due to etcd gateway's handling of endpoint validation when the --discovery-srv flag is enabled, because it only checks for TCP reachability without ensuring that the endpoint accepted TLS connections through...
Untrusted Search Path
Yarn is vulnerable to Untrusted Search Path. The vulnerability is caused due to improper validation before constructing a file path within the validate method in child.js .This could allow an attacker to execute malicious commands in unexpected ways if the attacker tricks a user into executing...
Inaccurate Logging
go.etcd.io/etcd is vulnerable to Inaccurate Logging. The vulnerability is due to errors being logged with insufficient information regarding why the authentication failed. This may be misleading while auditing etcd logs...
Server Side Request Forgery (SSRF)
zmarkdown is vulnerable to Server Side Request Forgery SSRF. The vulnerability is due to improper filtering of URLs to determine if the URL is within a private network, which attacker to download private images on the local network...
Out-of-bounds Read
Vyper is vulnerable to Out-of-bounds Read. The vulnerability is due to improper validation of the return data length. This allows an attacker to manipulate the data to extend beyond the intended boundaries...
Improper Privilege Management
sudo is vulnerable to Improper Privilege Management. The vulnerability is caused due to a flaw in handling of ipahostname, where ipahostname from /etc/sssd/sssd.conf was not propagated in sudo. This results in client hosts retain privileges even after retracting them leading to privilege...
Incorrect Default Permissions
Ubuntu's pipewire-pulse is vulnerable to Incorrect Default Permissions. The vulnerability is caused due to Ubuntu's pipewire-pulse in snap grants microphone access even when the snap interface for audio-record is not set. This leads to compromising Confidentiality of the system...
Denial Of Service
man2html is vulnerable to Denial Of Service. The vulnerability is due a specific string being read from a file which will overwrite the size parameter in the top chunk of the heap. This causes the program to segmentation abort which leads to Denial Of Service...
Improper Certificate Validation
curl is vulnerable to Improper Certificate Validation.The vulnerability is due to the retention of SSL session IDs in the cache, even when the OCSP stapling verification fails. This flaw allows subsequent connections to the same hostname to succeed without proper verification if the session ID...
Use After Free
Google Chrome is vulnerable to Use After Free. The vulnerability is caused due to a flaw in Google Chrome Passwords. This can allow a remote attacker to potentially exploit heap corruption via specific UI interaction compromising Confidentiality, Integrity and Availability of the system...
Improper Access Control
chromium is vulnerable to Improper Access Control. The vulnerability is due to an inappropriate autofill implementation. An attacker can bypass Autofill restrictions via a crafted HTML page...
Information Leak
Google Chrome is vulnerable to Information Leak. The vulnerability is caused due to Inappropriate implementation in Extensions API that causes an attacker to convince a user to install a malicious extension. This can be exploited to leak cross-origin data via a crafted Chrome Extension...