38108 matches found
Sensitive Information Disclosure
openmage/magento-lts is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper handling of the X-Original-Url header in certain configurations, which allows an attacker to discover the admin URL without prior knowledge of its location...
Cross-site Scripting (XSS)
craftcms/commerce is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of the Shipping Zone name and description fields in the Store Management section, which allows an attacker to inject and execute malicious JavaScript in an administrator’s browser via th...
Command Injection
OpenClaw is vulnerable to Command Injection. The vulnerability is due to unsafe handling of the PATH environment variable when constructing shell commands in the Docker sandbox, which allows an authenticated attacker to influence command execution within the container context...
Cross-site Scripting (XSS)
craftcms/commerce is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of the “Address Line 1” field in Inventory Locations, which allows an attacker to store and execute malicious JavaScript in an administrator’s browser via the admin panel...
Server-Side Request Forgery (SSRF)
NocoDB is vulnerable to a Server-Side Request Forgery SSRF. The vulnerability is due to an unprotected HEAD request in the uploadViaURL functionality, which allows an attacker to trigger limited outbound requests to arbitrary URLs before SSRF validation is enforced...
Sensitive Information Disclosure
Amazon SageMaker Python SDK is vulnerable to sensitive information disclosure. The vulnerability is due to the ModelBuilder HMAC signing key being returned in cleartext in the DescribeTrainingJob API response, which allows an attacker with API access and S3 output write permissions to upload...
OS Command Injection
clawdbot is vulnerable to an OS command injection. The vulnerability is due to improper escaping and validation of user-supplied input in SSH-related functions, which allows an attacker to inject malicious command strings via the project root path or crafted SSH target arguments, leading to...
Server-Side Request Forgery (SSRF)
Webpack is vulnerable to Server-Side Request Forgery SSRF . The vulnerability is due to missing re-validation of allowedUris after HTTP 30x redirects in the HttpUriPlugin, allowing imports initially constrained to trusted URLs to be redirected to untrusted or internal endpoints, resulting in...
Information Disclosure
Hono is vulnerable to an Information Disclosure. The vulnerability is due to improper handling of HTTP cache control directives in the Cache Middleware, which allows an attacker to exploit cached private or authenticated responses and access sensitive data intended for other users...
Cross-site Scripting
Apache Syncope Enduser is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization of user-controlled input on the Enduser Login page, allowing attackers to inject malicious scripts via crafted links, which can execute in the victim’s browser and potentially...
XML External Entity (XXE) Injection
Apache Syncope Console is vulnerable to XML External Entity XXE injection. The vulnerability is due to improper restriction of external entity references in XML processing, where an authenticated administrator can submit malicious XML in Keymaster parameters via the Console, leading to sensitive...
Remote Code Execution (RCE)
Crafter CMS is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper control of dynamically managed Groovy code, where authenticated developers can bypass the Groovy sandbox by injecting malicious Groovy elements, allowing execution of arbitrary OS commands...
Arbitrary File Write
Semantic Kernel is vulnerable to Arbitrary File Write. The vulnerability is due to insufficient validation of file paths in the SessionsPythonPlugin, where attacker-controlled localFilePath arguments passed to DownloadFileAsync or UploadFileAsync can write files to arbitrary locations on the host...
Cross-site Scripting
Pydantic AI is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient validation of a user-controlled version parameter when constructing CDN URLs, allowing path traversal that causes the server to fetch and serve attacker-controlled JavaScript from the CDN, leading to...
Authentication Bypass
Keylime is vulnerable to an Authentication Bypass. The vulnerability is due to missing enforcement of client-side TLS authentication in the Keylime registrar, allowing unauthenticated clients with network access to perform administrative operations such as listing agents, retrieving public TPM...
Cross-site Scripting (XSS)
billboard.js is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of user-controlled input during chart option binding, which allows an attacker to inject and execute malicious JavaScript code in the context of the application...
Information Disclosure
Hono is vulnerable to an Information Disclosure. The vulnerability is due to improper validation of user-controlled paths in the Serve Static Middleware for the Cloudflare Workers adapter, which allows an attacker to exploit path handling and read arbitrary keys from the Workers environment...
Improper TLS Certificate Validation
SageMaker is vulnerable to Improper TLS Certificate Validation. The vulnerability is due to TLS certificate verification being disabled when importing Triton Python models, allowing HTTPS connections with invalid or self-signed certificates to succeed, which exposes applications to...
Memory Corruption
PyTorch is vulnerable to memory corruption. The vulnerability is due to an unsafe implementation in the weightsonly unpickler when loading malicious .pth checkpoint files, which allows an attacker to craft a specially designed file that can corrupt memory and potentially execute arbitrary code...
Reflected DOM-based Cross-Site Scripting (XSS)
gi-docgen is vulnerable to a reflected DOM-based Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user-supplied input in the q GET parameter, which allows an attacker to exploit it via a crafted URL to execute arbitrary JavaScript in the victim’s browser...
Cross-User Data Leakage
jsPDF is vulnerable to Cross-User Data Leakage. The vulnerability is due to use of a shared module-scoped variable in the addJS method, where JavaScript content is stored globally in the Node.js build, allowing concurrent PDF generation requests to overwrite each other’s data and cause one user’s...
Denial Of Service (DoS)
org.hibernate.reactive, hibernate-reactive-core is vulnerable to a Denial of Service DoS. The vulnerability is due to improper handling of prematurely closed HTTP connections during database operations, which allows an attacker to exhaust the database connection pool by forcing connection leaks...
Denial-of-Service (DoS)
jsPDF is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to unvalidated image dimensions in the addImage and html methods, where attacker-controlled BMP images with excessively large width or height values trigger excessive memory allocation, leading to out-of-memory errors and...
Out-of-bounds Write
org.apache.hadoop:hadoop-hdfs-native-client is vulnerable to Out-of-bounds Write. The vulnerability is due to improper bounds checking in the HDFS native client, which allows an attacker to trigger memory corruption by writing outside allocated buffers, potentially leading to denial of service or...
Path Traversal
node-tar is vulnerable to Path Traversal. The vulnerability is due to inconsistent path resolution between hardlink security checks and hardlink creation logic, allowing a malicious TAR archive to bypass extraction directory restrictions and create hardlinks to arbitrary files outside the intende...
Server-Side Request Forgery (SSRF)
Keycloak is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of client-configured backchannel notification endpoints in the CIBA feature, allowing attackers to trigger blind server-side requests to internal services or protected network resources...
Denial-of-Service (DoS)
llamaindex.core is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to uncontrolled memory consumption in SimpleDirectoryReader, where all files in a directory are loaded into memory before enforcing the numfileslimit, allowing large directories to exhaust memory and degrade or cra...
Broken Object Level Authorization (BOLA)
studiocms is vulnerable to a Broken Object Level Authorization BOLA vulnerability. The vulnerability is due to missing authorization checks in the Content Management feature, which allows a user with the “Visitor” role to access draft content created by Editor, Admin, or Owner users...
Server-Side Request Forgery (SSRF)
vllm is vulnerable to a Server-Side Request Forgery SSRF. The vulnerability is due to inconsistent URL parsing and hostname validation in the MediaConnector class when processing user-supplied media URLs, which allows an attacker to bypass host restrictions and coerce the vLLM server into making...
Integer Overflow
Apache HTTP Server is vulnerable to an integer overflow. The vulnerability is due to an integer overflow in the ACME certificate renewal backoff logic after repeated renewal failures, which allows an attacker or misconfiguration to trigger continuous, delay-free renewal attempts...
Improper Neutralization
Apache HTTP Server is vulnerable to Improper Neutralization. The vulnerability is due to environment variables set via Apache configuration improperly overriding server-calculated CGI variables, which allows an attacker to influence CGI execution by injecting or manipulating control sequences...
Authentication Bypass
Apache HTTP Server is vulnerable to Authentication Bypass. The vulnerability is due to improper handling of the RequestHeader directive via AllowOverride FileInfo in .htaccess, which allows an attacker to cause CGI scripts to execute under an unexpected user ID...
Server-Side Request Forgery (SSRF)
Apache HTTP Server is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper handling of encoded and merged slashes when AllowEncodedSlashes is enabled and MergeSlashes is disabled on Windows, which allows an attacker to exploit crafted requests or malicious content ...
OS Command Injection
Apache HTTP Server is vulnerable to OS Command Injection. The vulnerability is due to improper handling of shell-escaped query strings when Server Side Includes SSI with exec cmd="..." are used alongside modcgid, which allows an attacker to inject and execute arbitrary system commands by crafting...
Prototype Pollution
nocodb is vulnerable to prototype pollution. The vulnerability is due to improper handling of user-controlled input in the /api/v2/meta/connection/test endpoint, which allows an authenticated attacker with org-level-creator permissions to pollute object prototypes and cause application-wide...
Cross-Site Scripting (XSS)
dotnetnuke.core is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input validation in module friendly names, which allows an attacker to inject and execute malicious scripts during certain module operations in the Persona Bar...
Cross-site Scripting (XSS)
dotnetnuke.core is vulnerable to cross-site scripting XSS. The vulnerability is due to module titles supporting rich text input without proper script sanitization, which allows an attacker to inject and execute malicious scripts in certain scenarios...
Insecure Deserialization
Fickling is vulnerable to Insecure Deserialization. The vulnerability is due to missing marshal and types modules from the unsafe import block list, which allows an attacker to craft a malicious pickle file that bypasses Fickling’s analysis and executes arbitrary code when deserialized by a...
Information Disclosure
Keycloak is vulnerable to sensitive Information Disclosure. The vulnerability is due to insufficient enforcement of User Profile visibility controls in the Admin API, where a limited-privilege administrator can access sensitive custom user attributes via the /unmanagedAttributes endpoint, bypassi...
Improper Access Control.
Weblate is vulnerable to improper access control. The vulnerability is due to insufficient validation of webhook payloads, which allows an attacker to craft malicious webhook requests and trigger unauthorized repository updates across multiple repositories...
Improper Access Control
weblate is vulnerable to improper access control. The vulnerability is due to insufficient authorization checks in the API, which allows an attacker to retrieve user notification settings or enumerate all users...
Denial-Of-Service (DoS)
fast-xml-parser is vulnerable to Denial-Of-Service DoS. The vulnerability is due to improper handling of out-of-range numeric XML entities, where parsing entity values beyond valid Unicode ranges triggers an uncaught RangeError, causing applications to crash when processing untrusted XML input...
Improper TLS Certificate Validation
github.com/neuvector/neuvector is vulnerable to improper TLS certificate validation. The vulnerability is due to TLS verification not being enforced by default for OpenID Connect authentication, which allows an attacker to perform man-in-the-middle MITM attacks by intercepting or tampering with...
Remote Code Execution (RCE)
SandboxJS is vulnerable to Remote Code Execution RCE. The vulnerability is due to missing isolation and replacement of AsyncFunction and related function constructors, which allows an attacker to access the native host AsyncFunction via the .constructor property and execute arbitrary code outside...
Arbitrary Command Injection
cai-framework is vulnerable to Arbitrary Command Injection. The vulnerability is due to passing user-controlled input directly to shell commands via subprocess.Popen with shell=True, which allows an attacker to inject malicious arguments for example -exec in the findfile tool and execute arbitrar...
Denial-of-Service (DoS)
React Server Components packages are vulnerable to Denial-Of-Service DoS. The vulnerability is due to insufficient validation and resource handling in Server Function request processing, where specially crafted HTTP requests to server function endpoints can trigger excessive CPU usage, memory...
Prototype Pollution
deepHas is vulnerable to Prototype Pollution. The vulnerability is due to unsafe handling of nested object keys, where attacker-controlled input can modify properties on JavaScript prototypes, allowing global object behavior to be altered in applications using deephas...
Arbitrary Code Execution
Orval is vulnerable to Arbitrary Code Execution. The vulnerability is due to incomplete sanitization of untrusted input during code generation, where insufficient escaping in jsStringEscape allows attackers to inject executable JavaScript using only non-alphanumeric characters via JSFuck...
Denial Of Service (DoS)
Vault is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of complex JSON payloads caused by a regression that processes JSON requests before applying rate limits, which allows an attacker to exhaust resources and cause a denial of service...
Improper Access Control
Kottster is vulnerable to Improper Access Control. The vulnerability is due to insecure handling of development-mode functionality, which allows an unauthenticated attacker to execute arbitrary code on the server when the application is running in development mode...