Memory Corruption

Google Chrome is vulnerable to Memory Corruption. The vulnerability is caused due to an inappropriate implementation in Accessibility. This can allow a remote attacker to potentially exploit object corruption via a crafted HTML page...

Use After Free

chromium is vulnerable to Use After Free. The vulnerability is due to referencing already freed memory. An attacker can potentially exploit heap corruption via specific UI interaction...

Origin Validation Error

Google Chrome is vulnerable to Origin Validation Error. The vulnerability is caused due to the Incorrect security UI that can allow a remote attacker to potentially spoof security UI via a crafted HTML page. This can lead to compromising Integrity of the system...

Information Leak

Google Chrome is vulnerable to Information Leak. The vulnerability is caused due to an Insufficient policy enforcement in iOS Security UI. This can allow a remote attacker to leak cross-origin data via a crafted HTML page...

Spoofing Attack

chromiumsid is vulnerable of Spoofing attack. The vulnerability due to Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85. It allows a remote attacker to perform domain spoofing via a crafted domain name...

Denial Of Service

indent is vulnerable to Denial Of Service. The vulnerability is due to a flaw in the program's handling of specially crafted files, potentially allowing an attacker to crash the application by tricking a user into processing such files...

Click Jacking

Firefox is vulnerable to Click Jacking. The vulnerability is caused due to a bug in popup notifications delay calculation. This can make it possible for an attacker to trick a user into granting permissions...

Privilege Escalation

firefox is vulnerable to Privilege Escalation. The vulnerability is caused due to insufficient access controls.This allows an attacker to access sensitive information, systems, or functionalities that should be restricted...

Cleartext Transmission Of Sensitive Information

firefox is vulnerable to Cleartext Transmission Of Sensitive Information. The vulnerability is due to improper handling of HSTS configurations, allowing an attacker to bypass the security mechanism on a subdomain...

Denial Of Service

firefox is vulnerable to Denial Of Service. The vulnerability is due to a flaw in the handling of certain WASM source files, potentially leading to a crash...

Denial Of Service

firefox is vulnerable to Denial Of Service. The vulnerability is due to memory corruption, potentially allowing attackers to execute arbitrary code...

Out-of-bounds Write

Firefox is vulnerable to Out-of-bounds Write. The vulnerability is caused due to improper handling of memory.The attacker may corrupt the memory of the affected application, leading to unexpected behavior, crashes, or the execution of arbitrary code...

Security Misconfiguration

firefox is vulnerable to Security Misconfiguration. The vulnerability is due to incorrect timestamp usage post-page load, leading to unintentional activation or dismissal of certain browser prompts or dialogs by the user...

Unchecked Return Value

firefox:sid is vulnerable to Unchecked Return Valve vulnerability. The vulnerability is due to an unchecked return value in TLS handshake code that could caused a potentially exploitable crash...

Denial Of Service

firefox is vulnerable to Denial Of Service. The vulnerability is due to JIT compiled code dereferencing a wild pointer value, potentially leading to an exploitable crash...

Stack Buffer Overflow

Firefox is vulnerable to Stack Buffer Overflow. The vulnerability is caused due to via the OscillatorNode object.An attacker can cause a potentially exploitable crash by exploiting this vulnerability...

Denial Of Service

firefox is vulnerable to Denial Of Service.The vulnerability is due to a flaw in the handling of print preview by Linux users, potentially leading to a browser crash...

Protection Mechanism Failure

firefox is vulnerable to Protection Mechanism Failure. The vulnerability is due to a parent page loading a child in an iframe with unsafe-inline, allowing the parent Content Security Policy to override the child's...

Improper Handling Of Parameters

firefox is vulnerable to Improper Handling Of Parameters. The vulnerability is due to a compromised content process, which could update the document URI, enabling an attacker to set an arbitrary URI in the address bar or history...

Origin Validation Error

Firefox, and Thunderbird are vulnerable to Origin Validation Error. The vulnerability is due to a phishing site repurposing an about: dialog to show phishing content with an incorrect origin in the address bar...

Improper Validation Of Array Index

curl is vulnerable to Improper Validation of Array Index. The vulnerability is due to improper handling of array indices within the toolcbwrt component. This potentially leads to a Denial of Service DoS attack...

Path Traversal

Atril is vulnerable to Path Traversal. The vulnerability is due to improper file path validation. The attacker can write arbitrary files anywhere on the filesystem to which the user opening a crafted document has access...

Integer Overflow

ffmpeg is vulnerable to Integer Overflow. The vulnerability is due to improper bounds checking for integers. This allows attackers to perform a DoS via the avcodec/osq module...

Integer Overflow

ffmpeg is vulnerable to Integer Overflow. The vulnerability is due to improper bounds checking of integer values. A remote attacker can execute arbitrary code via the JJPEG XL Parser...

Integer Overflow

ffmpeg is vulnerable to Integer Overflow. The vulnerability is due to lack of bound checking for integer.This allows remote attackers to execute arbitrary code via the jpegxlanimreadpacket component in the JPEG XL Animation decoder...

Denial Of Service

graphviz is vulnerable Denial Of Service. The vulnerability is due to improper handling of input files, leading to the possibility of reading beyond the allocated memory...

Regular Expression Denial Of Service (ReDoS)

GitLab is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is caused due to a lack of input validation within Cargo.toml .An attacker can trigger a Regular Expression Denial of Service ReDoS by using a maliciously crafted input...

Improper Authorization

GitLab is vulnerable to Improper Authorization. The above vulnerability is caused due to improper authorization in GitLab. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project...

Arbitrary File Write

gitlab:sid is vulnerable of Arbitrary File Write. The vulnerability due to write files to arbitrary locations on the GitLab server while creating a workspace. It allows an authenticated user to write arbitrary files in different locations...

Cache Poisoning

Moby is vulnerable to Cache Poisoning. The vulnerability is due to improper cache configuration when the image is built FROM scratch. This issue can be exploited by an attacker to poison the cache and force a user to pull a specially crafted image. Note that 23.0+ users are only affected if they...

Sensitive Information Disclosure

Vault is vulnerable to Sensitive Information Disclosure. The vulnerability is caused when enabling an audit device which specifies the lograw option, which may log sensitive information to other audit devices. This issue can be exploited by an attacker to Disclose Sensitive Information in the log...

Buffer Overflow

Vyper is vulnerable to Buffer Overflow Vulnerability. The vulnerability is due to the improper bounds check for slices because it does not account for the potential overflow of start + length when non-literal values are used. This issue can be exploited by an attacker to perform out of bounds...

Interpretation Conflict

bref/bref is vulnerable to Interpretation Conflict. The vulnerability is due to incorrect parsing of open square braces in a request when a lambda event is converted to a PSR7 object. The difference in the body parsing can result in unintended parsing behavior...

Denial Of Service (DoS)

Bref is vulnerable to Denial Of Service DoS. The vulnerability is due to improper clean up of temporary files after processing a MultiPart requests when the Event-Driven Function runtime is utilized and the handler is a RequestHandlerInterface. This allows an attacker to fill the Lambda instance...

Cross-Site Request Forgery (CSRF)

livewire is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is caused due to tokens persisting across sessions due to insecure caching within the getCsrfToken function. This allows an attacker to execute arbitrary requests on the server...

Cross-site Scripting

statamic/cms is vulnerable to Cross-site Scripting. The vulnerability is due to there is no sanitizing or validating the contents of uploaded files. This allows attackers to upload HTML files disguised as JPG files, enabling the execution of malicious scripts...

Interpretation Conflict

bref/bref is vulnerable to Interpretation Conflict. The vulnerability is caused by the mishandling of headers due to the server only returning the last header if multiple headers are included in a request. If the application relies on multiple headers with the same key being set for security...

Path Traversal

io.github.pixee: java-security-toolkit is vulnerable to a partial path traversal bypass. The vulnerable is due to currentDirectory.getCanonicalPath returning a path that is not terminated by a trailing slash. As such, using startsWith to do string comparisons opens up a flaw allowing for...

Use-After-Free

chromium:sid is vulnerable of Use after free. The vulnerability due to Peer Connection in Google Chrome prior to 121.0.6167.139. it allows a remote attacker to potentially exploit stack corruption via a crafted HTML page...

Use After Free

Canvas in Google Chrome is vulnerable to Use after free.The vulnerability is due to referencing memory after it has been freed which allows a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Double Free

libslurm is vulnerable to a Double Free. The vulnerability is due improper memory management allows attackers to cause a denial of service or possibly execute arbitrary code...

Unauthorized Access

gitlab:sid is vulnerable of Unauthorized Access. The vulnerability due to unauthorized user to read user email addresses through the tags feed, even if the visibility setting for the email address in the user profile is disabled. It allows an unauthorized user can get access to read sensitive...

Use After Free

chromium is vulnerable to Use After Free. The vulnerability is due to improper handling of memory within the Network component, This potentially allowing a remote attacker to exploit heap corruption through a malicious file and can leads to Denial of service...

Cross-site Scripting

gitlab is vulnerable to Cross-site Scripting. The vulnerability is due to there is no proper input sanitization of usernames, this allows an attacker to craft arbitrary API PUT requests and potentially leads to Cross-site Scripting...

Regular Expression Denial Of Service (ReDoS)

Axios is vulnerable to Regular Expression Denial of Service ReDoS. This vulnerability is due to the use of a regex with inefficient time complexity when parsing URLS with many / characters within the combineURLs method. This vulnerability results in Denial of Service if an attacker can manipulate...

Unverified Password Change

OctoPrint is vulnerable to Unverified Password Change. The vulnerability is due to improper validation within the password change functionality for admin accounts. The issue can be exploited to a malicious admin to change the passwords of other admin account...

CSV Injection

firefly-iii is vulnerable to CSV Injection vulnerability. The vulnerability is due to un-escaped user input in CSV files. This issue can be exploited by an attacker resulting in unauthorized access or manipulation of data when opening the csv file...

Race Condition

buildkit is vulnerable to a Race Condition. The vulnerability is caused when two malicious build steps are ran in parallel, sharing the same cache mounts with subpaths. This issue can be exploited by an attacker to access files on the host filesystem...

Sensitive Information Disclosure

github.com/apache/servicecomb-service-center is vulnerable to Sensitive Information Disclosure. The vulnerability allows an attacker to query all environment variables, resulting in Information Disclosure...

Server-Side Request Forgery (SSRF)

Label Studio is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to faulty SSRF validation which executes a single DNS lookup to verify that the IP address is not in an excluded subnet range. This protection can be bypassed by either using HTTP redirection or performing a...