Sandbox Escape

runc is vulnerable to Sandbox Escape. The vulnerability is caused due to an internal file descriptor leak in runc. An attacker can exploit the leaked file descriptors to cause a newly-spawned container process, initiated by the runc exec command, to have a working directory in the host filesystem...

Path Traversal

github.com/anchore/stereoscope is vulnerable to Path Traversal. The vulnerability due to the UntarToDirectory function lacking file path validation to ensure the contained files are within the restricted path, allowing an attacker to write files to arbitrary locations when stereoscope decompresse...

Server-Side Request Forgery

github.com/apache/servicecomb-service-center is vulnerable to Server-Side Request Forgery. The vulnerability is due to server.go because there is improper validation for user-supplied URLs or IP addresses that the service accesses for schema validation purposes. An attacker can craft a request an...

Denial Of Service (DoS)

github.com/moby/buildkit is vulnerable to Denial Of Service DoS. The vulnerability is due to improper validation for requests from BuildKit clients or frontends, allowing an attacker to craft a request that causes the BuildKit daemon to crash...

Authentication Bypass

Lobe Chat is vulnerable to Authentication Bypass. The vulnerability is caused due to missing authentication checks within route.ts when the application is password-protected deployed with the ACCESSCODE option. This allows an attacker to access plugins without proper authorization...

Arbitrary File Deletion

github.com/moby/buildkit is vulnerable to Arbitrary File Deletion. The vulnerability due to improper path sanitization when a dockerfile utilizes the RUN --mount feature. This feature is used to delete empty files which are created for mountpoints, but can be tricked into deleting arbitrary files...

Missing Entitlement Check

github.com/moby/buildkit is vulnerable to Missing Entitlement Check. The vulnerability due to improper validation of the security.insecure entitlement flag within the BuildKit APIs. An attacker can run a malicious container with elevated permissions as a result of this flaw...

Information Disclosure

Spring Cloud Contract is vulnerable to Information Disclosure. The vulnerability is due to temporary directories created with insecure permissions due to the guava dependency...

Regular Expression Denial Of Service (ReDoS)

nodemailer is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to improper parsing of image files when the parameter attachDataUrls is set, resulting in long or infinite parsing time...

Denial Of Service

Chromium is vulnerable to Denial Of Service. The vulnerability is due to a use after free. A remote attacker can potentially exploit heap corruption via a crafted HTML page...

Denial Of Service

chromium is vulnerable to Denial Of Service. The vulnerability is due to an integer underflow in WebUI. A remote attacker can potentially exploit heap corruption via a malicious file...

Insufficient Policy Enforcement

chromium is vulnerable to Insufficient Policy Enforcement. The vulnerability is due to a flaw in policy enforcement that allows an attacker, who convinces a user to install a malicious extension, to leak cross-origin data via a crafted Chrome Extension...

Cross-site Scripting (XSS)

urql/next is vulnerable to Cross-site scripting XSS. The vulnerability is due to improper sanitization of HTML-like characters in the response stream. An attacker can inject malicious scripts by ensuring that the response returns html tags and that the web-application is using streamed responses...

Improper Input Validation

vyper is vulnerable to Improper Input Validation. The vulnerability is due to the vyper compiler passing a value in builtin rawcall even if the call is a delegatecall or a staticcall and vyper will silently ignore the value= argument...

Denial Of Service (DoS)

Craft CMS is vulnerable to Denial Of Service DoS. The vulnerability is due to improper input validation within the Feed-Me Name and Feed-Me URL fields while saving a feed using an Asset element type with no volume selected. This issue can be exploited by an attacker to perform a DoS...

Cross-Site WebSocket Hijacking (CSWSH)

jenkins-core is vulnerable to Cross-Site Scripting. The vulnerability is due to improper origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking CSWSH vulnerability, allowing attackers to execute CLI commands on the Jenkins controller...

Cross Site Scripting (XSS)

@tanstack/react-query-next-experimental is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper handling of the id variable within the createHydrationStreamProvider method, which allows an attacker to inject arbitrary JavaScript when react-query-next-experimental preforms...

Unencrypted Task Creation

vantage6 is vulnerable to Unencrypted Task Creation. The vulnerability is due to improper validation to check if the task is encrypted and if a task is created in an encrypted collaboration...

User Enumeration

vantage6 is vulnerable to User Enumeration. The vulnerability is due to observable differences in response timing between valid and invalid usernames within login requests. This issue can be exploited by an attacker to enumerate through valid usernames...

Cross Site Scripting (XSS)

superbig/craft-audit is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper sanitization of titles within the application. An attacker can inject arbitrary JavaScript via a title to perform a XSS attack...

Cross Site Scripting (XSS)

@apollo/experimental-nextjs-app-support is vulnerable to Cross Site Scripting XSS. The vulnerability due to improper sanitization during server-side rendering of HTML pages, which allows an attacker to perform XSS...

Arbitrary File Read

Jenkins-core is vulnerable to Arbitrary File Read. The vulnerable is due to the command parser improperly substituting the @ character followed by a file path in an argument with the content of the specified file. This flaw allows unauthenticated attackers to read arbitrary files on the Jenkins...

Insecure SSH Configuration

vantage6 is vulnerable to Insecure SSH Configuration. The vulnerability is due to the default configuration on nodes and servers, allowing root login with password authentication. This configuration is overly permissive...

Improper Certificate Validation

meshcentral is vulnerable to Improper Certificate Validation. The vulnerability is due to the disabling of certificate verification in HTTPS connections by setting rejectUnauthorized to false, and utilizing outdated and insecure TLS versions known for security weaknesses; also use of algorithms...

Improper Privilege Management

github.com/hashicorp/vault is vulnerable to Improper Privilege Management. The vulnerability is due to the RenewToken function within expiration.go which only refreshes group memberships when GroupAliases is not nil, along with non-empty EntityID and initialized identityStore. This logic could mi...

Sensitive Information Into Log File

github.com/goreleaser/goreleaser is vulnerable to Information Exposure. The vulnerability is due to a flaw in the handling of debug logs WithField"env", c.Env which is used to log environment variables., The goreleaser release --debug command includes sensitive information such as secrets or...

Server-side Request Forgery (SSRF)

tobiasbg/tablepress is vulnerable to Server-side Request Forgery SSRF. The vulnerability is due to insufficient filtering of user-supplied URLs during table imports. This vulnerability allows an attacker to make unauthorized network requests which potentially leads to Server-Side Request Forgery...

Remote Code Execution (RCE)

vantage6 is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper sanitization of environment variables. An authenticated user can inject code via environment variables, resulting in RCE...

Information Disclosure

truelayer.client is vulnerable to Information Disclosure. The vulnerability is due to insufficient ID validation when building URLs or making HTTP requests, which allows an attacker to inject a valid URL into the ID parameter, resulting in information disclosure by requesting a resource on the...

Arbitrary Command Injection

network is vulnerable to Arbitrary Command Injection. The vulnerability is due to use of the childprocess.exec function without command sanitization. This allows an attacker to execute arbitrary OS commands through macaddressfor function...

Weak Cryptography

DeviceFarmer is vulnerable to Weak Cryptography . The vulnerability is due to use of an outdated and insecure DES-ECB algorithm...

Out-of-bounds Read

ffmpeg is vulnerable to Out-of-bounds Read. The vulnerability is due to improper validation of the dist-alphabetsize variable in the readvlcprefix function. This issue allows unauthorized memory access that potentially leads to sensitive information disclosure or denial of service...

Heap-based Buffer Overflow

GNU coreutils is vulnerable to a heap overflow vulnerability. The vulnerability is due to improper handling of user-controlled data of multiple hundred bytes in length in the linebytessplit function, potentially leading to an application crash and denial of service...

Out-of-bounds Write

ffmpeg is vulnerable to Out-of-bounds Write. The vulnerability is due to Buffer Overflow in the refpicliststruct function within evcps.c. This flaw allows a remote attacker to execute arbitrary code or cause a denial of service DoS through an out-of-array write operation...

Denial Of Service

openssl is vulnerable to Denial Of Service. The vulnerability is due to improper processing of maliciously formatted PKCS12 file. A PKCS12 file loads from untrusted source and can crash openssl leading to Denial Of Service...

Improper Authorization

openjdk21 is vulnerable to Improper Authorization. The vulnerability is due to an issue in the Compiler component, allowing an unauthenticated attacker with network access through multiple protocols to compromise the affected systems...

Denial Of Service (DOS)

mariadb is vulnerable to Denial Of Service DOS. The vulnerability is due to how the InnoDB component handles certain conditions, allowing a high privileged attacker with network access via multiple protocols to cause a hang or frequently repeatable crash of the MySQL Server...

Null Pointer Dereference

stb is vulnerable to Null Pointer Dereference. The vulnerability is due to the improper handling within the stbiconvertformat function, this allowing attackers to trigger a Denial of Service DoS through a specially crafted pic file...

Denial Of Service (DOS)

openssl is vulnerable to Denial Of Service DOS. The vulnerability is caused due to excessive time spent while checking invalid RSA public keys. This eventually results in Denial Of Service DOS...

Out-of-bounds Write

openssl:edge is vulnerable of Out-of-bounds Write. The vulnerability due to the application state might be corrupted with various application dependent consequences when returning to the caller. It allows an attacker could get complete control of the application process which leads to denial of...

Protection Mechanism Failure

dotnet is vulnerable to Protection Mechanism Failure. The vulnerability is due to improper validation of X.509 certificates, allowing an attacker to submit a certificate containing a malformed signature which returns an incorrect failure code. While the certificate will be correctly rejected, an...

Key Boundary Confusion

wolfssl is vulnerable to Key Boundary Confusion attack. The vulnerability is due to wolfSSL failing to enforce boundaries between DTLS messages handled by different keys, allowing for the amalgamation of messages meant for different security contexts into a single record...

Marvin Attack

wolfssl is vulnerable to Marvin Attack. The vulnerability is due to the implementation of the RSA cipher within the wolfSSL library, when Enables static RSA cipher suites using the "--enable-all" option and the "-DWOLFSSLSTATICRSA" CFLAGS option.It allows an attacker to decrypt ciphertexts and...

Use After Free

The Apache Xerces is vulnerable to use-after-free. The vulnerability is due to improper handling of memory, leading to potential arbitrary code execution or denial of service. As a remedy, it is recommended to disable DTD processing, either through DOM parser features or by setting the...

Improper Access Control

Oracle Java SE is vulnerable to Improper Access Control. The vulnerability is caused due to improper handling of untrusted code in the Java sandbox environment. This allows unauthenticated attackers with network access to exploit the system and gain unauthorized access to create, delete, or modif...

Unauthorized Access

Oracle Java SE is vulnerable to Unauthorized Access. The vulnerability is due to a flaw in the security component that allows a low-privileged attacker with logon access to the infrastructure to compromise the system, potentially resulting in unauthorized access to critical data or complete acces...

Unauthorized Data Manipulation

Oracle Java SE is vulnerable to Unauthorized Data Manipulation attack. The vulnerability is due to improper handling of data supplied to APIs in the Hotspot component without using untrusted Java Web Start applications or untrusted Java applets, which allows an unauthenticated attacker with netwo...

Unauthenticated Remote Attack

Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition is vulnerable to an unauthenticated remote attack via multiple protocols. This vulnerability affects multiple versions, including Oracle Java SE 8u391, 11.0.21, 17.0.9, and 21.0.1, Oracle GraalVM for JDK 17.0.9 and 21.0.1,...

Improper Access Control

openjdk is vulnerable to an Improper Access Control vulnerability. The vulnerability is due to improper handling of certain APIs within the Scripting component, allowing attackers to exploit it through multiple network protocols without authentication...

Unauthorized Access

Oracle openjdk vulnerable to Unauthorized Access to critical data. The vulnerability is due to insufficient validation in the Hotspot component, particularly when APIs within this component receive and process data from sources such as web services.The vulnerability allows an unauthenticated...