Path Traversal

Whoogle Search is vulnerable to Path Traversal. The vulnerability is caused due to a lack of validation for the name variable in the config function within app/routes.py. This allows an attacker to perform a limited file write, overwriting existing files or creating new ones...

Cross Site Scripting (XSS)

whooglesearch is vulnerable to Cross Site Scripting XSS. The vulnerability due to improper validation of user-controlled srctype and elementurl variables within requests.py. This flaw allows an attacker to control the HTTP response content type and craft a special URL to point to a malicious...

Server Side Request Forgery (SSRF)

whooglesearch is vulnerable to Server Side Request Forgery. The vulnerability due to the GET request in request.py because there is no validation of the user-controlled srctype and elementurl variables within theelement method in app/routes.py.This flaw allows an attacker to craft a GET requests ...

XML External Entity (XXE)

Spreadsheet::ParseXLSX is vulnerable to XML External Entity XXE. The vulnerability is caused due to neglecting noxxe option of XML::Twig. This can be exploited to compromise Confidentiality of the system...

Incorrect Authorization

GitLab CE/EE is vulnerable to Incorrect Authorization. The vulnerability is caused due to incorrect authorization checks in GitLab CE/EE. This can allow a user to abuse slack/mattermost integrations to execute slash commands as another user...

Path Traversal

@hono/node-server is vulnerable to Path Traversal. The vulnerability is due to improper url string validation in src/request.ts, allowing an attacker to use .. in the request URL to access arbitrary files on the static server...

Prototype Pollution

hoolock is vulnerable to Prototype Pollution. The vulnerability is due to utility functions failing to block attempts to access or alter object prototypes. An attacker can modify application data or perform a Denial of Service by exploiting this vulnerability...

Arbitrary Code Execution

clojure is vulnerable to Arbitrary Code Execution. The vulnerability is due to the server deserializing untrusted objects. Classes can be used to construct serialized object which executes arbitrary code upon deserialization...

Cross Site Scripting (XSS)

labelstudio is vulnerable to Cross Site Scripting XSS. The vulnerability is due to not sanitizing/validating the HTML/JavaScript file that was downloaded from the import data feature from a remote web resource. An attacker can exploit this to download a HTML file that executes malicious JavaScrip...

Arbitrary Code Execution

metagpt is vulnerable to Arbitrary Code Execution. The vulnerability is due to the 'RunCode.runscript function passing shell metacharacters to subprocess.Popen caused by improper prompt santization. A user with the QaEngineer role can execute arbitrary code...

Denial Of Service (DoS)

org.springframework: spring-core is vulnerable to Denial of Service DoS. The vulnerability is due to the mishandling of specially crafted HTTP requests, which can result in Denial of Service DoS. As a prerequisite, Spring MVC and Spring Security must be on the classpath for this vulnerability to ...

Server Side Request Forgery (SSRF)

whooglesearch is vulnerable to Server Side Request Forgery SSRF. The vulnerability is due to not sanitizing user-supplied data from the location variable in the window endpoint which passes the same user supplied input to send method within request.py. This can be exploited to send crafted GET...

Expired Pointer Dereference

squid is vulnerable to Expired Pointer Dereference. The vulnerability is due to the usage of a pointer after dereference. An attacker can exploit this vulnerability to mount a Denial Of Service DOS attack against Cache Manager error responses when generating error pages for Client Manager reports...

Cross-site Scripting (XSS)

JFinalcms is vulnerable to Cross-site Scripting XSS. The vulnerability is due to a lack of parameter sanitization which allows attackers to run arbitrary JavaScript code via the /admin/login username parameter...

Command Injection

paddlepaddle is vulnerable to Command Injection. The vulnerability is due to the url parameter being incorporated into the command string without proper validation or sanitization within the wgetdownload function. This allows an attacker to execute arbitrary commands on the host system, utilizing...

Stored Cross Site Scripting (XSS)

apachesuperset is vulnerable to Stored Cross Site Scripting XSS. An authenticated attacker with create or update permissions on charts or dashboards could store a malicious script or add a specific HTML snippet, resulting in Stored Cross Site Scripting XSS...

Remote Code Execution

com.alipay.sofa, sofa-rpc-all is vulnerable to Remote Code Execution. The vulnerability is caused due to insufficient blacklist mechanism to restrict deserialization of potentially dangerous classes within the SOFA Hessian protocol. An attacker can exploit this to bypass the SOFA Hessian blacklis...

Cross Site Scripting (XSS)

labelstudio is vulnerable to Cross Site Scripting XSS. The vulnerability due to improper image sanitization during upload, which allows an authenticated user to upload a crafted image file for their avatar which gets rendered as an HTML file. This allows an attacker to execute arbitrary JavaScrip...

Improper Access Control

Silverstripe Admin is vulnerable to Improper Access Control. The vulnerability is caused due to improper access control permissions during CSV import operations. This allows an attacker to modify existing records using the CSV import feature, even if they do not have the explicit edit permissions...

Permission Bypass

silverstripe/graphql is vulnerable to Permission Bypass. The vulnerability is due to ORM data in paginated GraphQL queries when the total number of records exceeded the page size. This allows attacker unauthorized access to data beyond the intended permission scope...

Html Injection

tuitse-tsusin is vulnerable to Html Injection. The vulnerability is due to the tuitsehtml function within html.py lacking proper escape or sanitization functionality for user-supplied data when incorporated into HTML output. This could allow attacker to inject malicious HTML or JavaScript code in...

Cross-site Scripting (XSS)

nautobot is vulnerable to Cross-site Scripting XSS. The vulnerability is due improper sanitization of user-supplied markdown within the rendermarkdown function. This allows an attacker to embedded malicious scripts in markdown content resulting in XSS...

Minerva Attack

ecdsa is vulnerable to Minerva Attack. The vulnerability is due to timing discrepancies within the ecdsa.SigningKey.signdigest function, which allows attackers to deduce the private key by analyzing the time taken to generate ECDSA signatures with varying nonce sizes. The maintainers will not...

Information Disclosure

Silverstripe Framework is vulnerable to Information Disclosure. The vulnerability is caused due to missing access control checks within the GridFieldAddExistingAutocompleter component. This allows an attacker to gain unauthorized access to records or data they should not have visibility into,...

Information Exposure

Dependency-Check Core is vulnerable to Information Exposure Through Log Files. The vulnerability is due to the logging of sensitive information when in debug mode. An attacker with access to debug logs could potentially retrieve the NVD API Key and use it to perform arbitrary actions...

Denial Of Service (DoS)

libmbedtls.so is vulnerable to Denial Of Service DoS. The vulnerability is caused when a client sends a TLS 1.3 ClientHello without extensions. This leads to DoS while connecting to the server...

Denial Of Service (DoS)

libmbedtls.so is vulnerable to Denial Of Service DoS. The vulnerability is due to mishandling of maximum negotiable TLS version. The server refuses TLS1.3 connections if the peer connected with TLS1.2 previously...

Missing Authorization

changedetectionio is vulnerable to Missing Authorization. The vulnerability is due to a missing annotation @auth.checktoken on the WatchHistory API endpoint /api/v1/watch//history. This can allows an unauthorized actor to access the endpoint without providing a x-api-key header and and check a...

Arbitrary Code Execution

llama-hub is vulnerable to Arbitrary Code Execution. The vulnerability is due to missing safeload configuration during YAML parsing. An attackers can execute arbitrary code by exploiting this vulnerability...

SQL Injection

llamaindex is vulnerable to SQL Injection. The vulnerable due to improper prompt sanitization wihtin the Text-to-SQL feature in NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine, and PGVectorSQLQueryEngine. This flaw allows an attacker inject arbitrary SQL...

Denial Of Service

librttopo.so is vulnerable to Denial Of Service. The vulnerability is due to mishandling of empty geometries. The remote attackers can perform a DoS via a crafted STAsX3D input which leads to server termination...

Arbitrary Code Execution

pillow is vulnerable to Arbitrary Code Execution. The vulnerability is due to an improper neutralization/sanitization of keys passed to the PIL.ImageMath.eval function environment parameter. An attacker can execute arbitrary code if they have control over the keys passed to PIL.ImageMath.eval...

Sandbox Escape

Artemis Java Test Sandbox is vulnerable to Sandbox Escape. The vulnerability is caused due to missing checkLinkString override in the SecurityManager. This allows an attacker to load untrusted libraries and execute arbitrary Java code within the context of the application...

Code Injection

pandasai is vulnerable to Code Injection. The vulnerability due improper prompt sanitization within the syntheticdataframe function located in the GenerateSDFPipeline component. It allows an attacker to execute arbitrary Python code by the SDFCodeExecutor...

Improper Access Control

vite is vulnerable to Improper Access Control. The vulnerability is due to lack of case sensitive filename validation in the dev server. An attacker can bypass file system access validation by entering a case insensitive file name...

Regular Expression Denial Of Service (ReDoS)

Embedchain is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to the use of a regular expression with inefficient complexity within json.py which allows an attacker to cause Denial of Service DoS...

Cross-site Scripting (XSS)

ghost is vulnerable to Cross-site Scripting XSS. The vulnerability is due to a lack excerptText sanitization within excerpt.js, allowing an attacker to craft malicious payloads that will be rendered in post summaries...

Improper Input Validation

github.com/cometbft/cometbft is vulnerable to Improper Input Validation. The vulnerability is due to the ValidateUpdate function within params.go because there is no proper validation for the VoteExtensionsEnableHeight. This allows an attacker to potentially cause a chain halt when exploited...

Remote Code Execution (RCE)

Embedchain is vulnerable to Remote Code Execution RCE. The vulnerability is due to insecure usage of yaml.load within the loaddata function of openapi.py, allowing an attacker to execute arbitrary code by supplying a crafted YAML file...

Marvin Attack

jsrsasign is vulnerable to the Marvin Attack. The vulnerability is due to timing leakage in the bit size of raw RSA decryption. This flaw can provide a timing oracle, enabling a timing variant of the Bleichenbacher attack...

Sandbox Escape

de.tum.in.ase, artemis-java-test-sandbox is vulnerable to Sandbox Escape. The vulnerability is due to allowing users to create whitelisted class packages in the SecurityManager. An attacker can exploit this to includes class files in a package that Ares trusts leading to arbitrary Java code...

Cross-Frame Scripting (XFS)

plone is vulnerable toCross-Frame Scripting XFS. The vulnerability is due to a lack sanitization for URLs and iframe elements. This allows an attacker to embed malicious scripts within these iframe elements, which are executed when accessed by an administrator...

Rollback Attack

github.com/notaryproject/notation is vulnerable to Rollback Attack. The vulnerability is caused when the container registry is compromised, allowing the attacker to provide outdated artifact versions when consumers have relaxed trust policies...

Cross-Site Scripting (XSS)

MolecularFaces is vulnerable to Cross Site Scripting XSS. The vulnerability is caused due to improper handling of user input within the viewer plugin implementation of . This allows an attacker to inject arbitrary JavaScript code into the client browser by crafting malicious molfiles...

Authentication Bypass

@keep-network/tbtc-v2 is vulnerable to Authentication Bypass. The vulnerability is caused by publishing specially crafted transactions on the Bitcoin blockchain, resulting in seemingly valid SPV proofs within fraudulent transactions...

Sensitive Information Disclosure

clickhouse-client, clickhouse-jdbc and clickhouse-r2dbc are vulnerable to Sensitive Information Disclosure. The client certificate password is revealed while handling a ClickHouseException when sslkey is specified. This exception can be thrown during an execution of a query, which results in...

Information Disclosure

Ansible-core is vulnerable to information disclosure. The vulnerability is due to a failure to respect the ANSIBLENOLOG configuration in some scenarios, leading to sensitive information being included in the output during certain tasks, such as loop items...

Denial Of Service (DoS)

com.upokecenter: cbor is vulnerable to Denial Of Service DoS. The vulnerability is due inefficiencies within the Concise Binary Object Representation CBOR algorithm. An attacker can pass a malicious input to DecodeFromBytes to perform a DoS attack...

Arbitrary Code Execution

de.tum.in.ase: artemis-java-test-sandbox is vulnerable to Arbitrary Code Execution. The vulnerability is due to missing class sanitization during the creation of special subclasses of type InvocationTargetException. An attacker can execute arbitrary student code in the trusted context...

Cross-Site Scripting

jupyterlab is vulnerable to Cross-Site Scripting. The vulnerability is due to there is no sanitization and escaping for markdown content, specifically in the Table of Contents extension. This allows an attacker to execute malicious scripts when a user previewed a markdown file...