38287 matches found
Arbitrary File Read
changedetection.io is vulnerable to Arbitrary File Read. The vulnerability is due to insufficient validation of user-supplied XPath expressions in the includefilters field, allowing attackers to use functions such as unparsed-text to read arbitrary files from the filesystem accessible to the...
Denial Of Service (DoS)
xgrammar is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of multi-level nested syntax, which can trigger a segmentation fault and crash the application...
Remote Code Execution (RCE)
Craft CMS is vulnerable to Remote Code Execution RCE. The vulnerability is due to a Server-Side Template Injection SSTI flaw in Twig template fields, which allows an authenticated administrator to write a malicious PHP file to a web-accessible directory and execute arbitrary system commands...
Inefficient Decoding
pypdf is vulnerable to inefficient decoding of ASCIIHexDecode streams. The vulnerability is due to an attacker being able to craft a PDF which leads to long runtimes, where accessing a stream uses the /ASCIIHexDecode filter and can be exploited by attackers to cause a denial of service...
Missing Authorization
craftcms/cms is vulnerable to Missing Authorization. The vulnerability is due to missing authorization checks in the GraphQL @parseRefs directive, which allows an attacker to access sensitive attributes of CMS elements without proper permissions...
SQL Injection
CocoIndex is vulnerable to SQL Injection. The vulnerability is due to insufficient validation of the configured table name in the Doris target connector, where untrusted input may be used to construct ALTER TABLE SQL statements, allowing attackers to inject malicious SQL during schema changes...
Server-Side Template Injection
craftcms/cms is vulnerable to Template Injection. The vulnerability is due to unsafe exposure of the create Twig function allowing arbitrary object instantiation combined with a Symfony Process gadget chain, which allows an attacker to execute arbitrary system commands on the server...
Server-Side Template Injection
Craft CMS is vulnerable to Server-Side Template Injection. The vulnerability is due to unsafe exposure of the create Twig function enabling arbitrary object instantiation combined with a Symfony Process gadget chain, which allows an attacker to execute arbitrary code on the server...
Improper Signature Verification
Authlib is vulnerable to improper signature verification. The vulnerability is due to improper validation of JWT tokens where tokens with alg: none and an empty signature bypass the signature verification process, which allows an attacker to forge authentication tokens and gain unauthorized acces...
Command Injection
idno/known is vulnerable to Command Injection. The vulnerability is due to improper handling of file imports combined with template path traversal, which allows an attacker to write malicious files and execute arbitrary code on the server...
Path Traversal
changedetection.io is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths during the backup restore process, which allows an attacker to upload a crafted ZIP archive containing path traversal sequences and overwrite arbitrary files on the system...
Server-Side Request Forgery
Idno is vulnerable to Server-Side Request Forgery. The vulnerability is due to a logic error in the API authentication flow that bypasses CSRF protection, where the endpoint lacks a login requirement and unauthenticated attackers can trigger arbitrary outbound HTTP requests to any host and retrie...
Missing Authorization
craftcms/cms is vulnerable to Missing Authorization. The vulnerability is due to missing authorization checks in the GraphQL @parseRefs directive, which allows an attacker to access sensitive data from CMS elements without proper permissions...
Arbitrary File Upload
wwbn/avideo is vulnerable to Arbitrary File Upload. The vulnerability is due to insufficient validation of files during plugin upload and extraction, which allows an attacker to upload a crafted archive containing malicious PHP code and execute it on the server...
Cross-site Scripting (XSS)
league/commonmark is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper filtering of disallowed HTML tags that can be bypassed using whitespace characters, which allows an attacker to inject and execute malicious scripts...
Missing Authentication For Critical Function
Apache ActiveMQ Artemis is vulnerable to Missing Authentication for Critical Function. The vulnerability is due to missing authentication checks in the Core protocol federation mechanism, allowing an unauthenticated attacker to force the broker to establish an outbound connection to a rogue broke...
Denial Of Service (DoS)
tools.jackson.core, jackson-core is vulnerable to Denial of Service DoS. The vulnerability is due to the UTF8DataInputJsonParser and ReaderBasedJsonParser bypassing the maxNestingDepth constraint when parsing JSON, which allows an attacker to supply excessively nested JSON input that triggers a...
Cross-site Scripting (XSS)
Astro is vulnerable to Cross Site Scripting XSS. The vulnerability is due to a Reflected Cross-Site Scripting XSS vulnerability in Astro's development server error pages when the trailingSlash configuration option is used, where an attacker can inject arbitrary JavaScript code that executes in th...
Prototype Pollution
expr-eval and expr-eval-fork is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of JavaScript prototype-based inheritance in the eval interface, which allows an attacker with access to manipulate object prototypes and potentially achieve arbitrary code execution...
Cross-site Scripting (XSS)
Nuxt DevTools is vulnerable to Cross Site Scripting XSS. The vulnerability is due to a lack of proper input validation, where an attacker can inject malicious code and extract Nuxt auth tokens under certain configurations...
Arbitrary Code Execution
Claude Code is vulnerable to Arbitrary Code Execution. The vulnerability is due to Yarn plugin execution occurring before the startup trust dialog when running in a project using Yarn 3.0 or above, allowing malicious project plugins to execute code if a user launches Claude Code in an untrusted...
Input Validation Bypass
ai is vulnerable to Input Validation Bypass. The vulnerability is due to improper validation of uploaded file types, which allows an attacker to bypass filetype whitelists and upload unauthorized files...
Authentication Bypass
Astro is vulnerable to Authentication Bypass. The vulnerability is due to inconsistent path normalization between Astro’s routing logic and middleware validation, where routing applies decodeURI but middleware checks context.url.pathname without decoding, allowing attackers to access protected...
Open Redirect
miniflux.app/v2 is vulnerable to Open Redirect. The vulnerability is due to improper validation of the redirecturl parameter where protocol-relative URLs bypass the url.Parse....IsAbs check, which allows an attacker to redirect users to attacker-controlled websites after login...
Server-Side Request Forgery (SSRF)
mcp-fetch-server is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper private IP validation, which allows an attacker to bypass the validation mechanism and access internal network resources...
Server-Side Request Forgery (SSRF)
Angular SSR is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to Angular’s request handling pipeline trusting user-controlled Host and X-Forwarded- HTTP headers without proper validation, which allows an attacker to manipulate URL reconstruction and perform arbitrary...
SQL Injection
TypeORM is vulnerable to SQL Injection. The vulnerability is due to improper handling of object values in the sqlstring call where stringifyObjects defaults to false, which allows an attacker to inject crafted SQL through requests to repository.save or repository.update...
Missing Authorization
github.com/treeverse/lakefs is vulnerable to Missing Authorization. The vulnerability is due to lack of authentication checks on the /api/v1/usage-report/summary endpoint, which allows an attacker to access aggregate API usage information without authorization...
Denial Of Service (DoS)
github.com/hashicorp/consul is vulnerable to Denial Of Service DoS. The vulnerability is due to incorrect Content Length header validation, where an attacker can exploit this vulnerability to cause a denial of service...
Denial Of Service (DoS)
github.com/hashicorp/consul is vulnerable to Denial of Service DoS. The vulnerability is due to lack of maximum value on the Content Length header, where an attacker can exploit this vulnerability to cause a denial of service, and this can be done by sending a request with a large Content Length...
Open Redirect
Volo.Abp.Account.Web is vulnerable to Open Redirect. The vulnerability is due to improper validation of the returnUrl parameter in the register function, where an attacker can redirect users to arbitrary external domains by exploiting this vulnerability...
Information Disclosure
Storybook is vulnerable to Information Disclosure. The vulnerability is due to a bug in how Storybook handles environment variables defined in a .env file, which could, in specific circumstances, lead to those variables being unexpectedly bundled into the artifacts created by the storybook build...
Arbitrary Argument Injection
mcp-server-git is vulnerable to Arbitrary Argument Injection. The vulnerability is due to the gitdiff and gitcheckout functions passing user-controlled arguments directly to git CLI commands without sanitization, where flag-like values would be interpreted as command-line options rather than git...
Stack Overflow
fast-xml-parser is vulnerable to stack overflow vulnerability. The vulnerability is due to improper handling in the XML builder when preserveOrder:true is enabled, which allows an attacker to trigger a stack overflow and crash the application by providing crafted input data...
XML External Entity (XXE)
fast-xml-parser is vulnerable to XML External Entity XXE. The vulnerability is due to improper handling of a dot . in DOCTYPE entity names, which is treated as a regex wildcard during entity replacement, allowing an attacker to shadow built-in XML entities and bypass entity encoding, thereby...
Directory Traversal
No description provided...
Directory Traversal
mcp-server-git is vulnerable to Directory Traversal. The vulnerability is due to the gitinit tool accepting arbitrary filesystem paths and creating Git repositories without validating the target location, where an attacker can exploit this to create repositories at arbitrary locations, and...
Incorrect Authorization
Auth0-PHP is vulnerable to Incorrect Authorization. The vulnerability is due to improper validation of access tokens, where affected applications may accept ID tokens as Access tokens, and attackers can exploit this by manipulating the audience validation in access tokens...
Denial Of Service
pypdf is vulnerable to Denial of Service. The vulnerability is due to an attacker crafting a PDF with unusually large values in the /ToUnicode entry of a font, where parsing this entry leads to long runtimes and large memory consumption, and how attackers can exploit it by using this vulnerabilit...
Infinite Loop
pypdf is vulnerable to Infinite Loop. The vulnerability is due to an attacker being able to craft a PDF which leads to an infinite loop, where accessing the children of a TreeObject, for example as part of outlines, can be exploited by attackers...
Input Validation Bypass
Apache Superset is vulnerable to Input Validation Bypass. The vulnerability is due to specially crafted SQL statements can bypass the read-only verification check when using a PostgreSQL database connection, and attackers can exploit it to execute unauthorized actions...
Denial Of Service (DoS)
pypdf is vulnerable to Denial Of Service DoS. The vulnerability is due to manipulated FlateDecode XFA streams, where an attacker can craft a PDF that leads to RAM exhaustion by accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode...
Path Traversal
mcp-server-git is vulnerable to Path Traversal. The vulnerability is due to the gitadd tool not validating file paths, where relative paths containing ../ sequences that resolve outside the repository were accepted and staged into the Git index, and attackers can exploit this to potentially...
Remote Code Execution (RCE)
D-Tale is vulnerable to Remote Code Execution RCE. The vulnerability is due to a flaw in the /save-column-filter endpoint, where attackers can execute malicious code on the server, allowing them to run arbitrary code and potentially gain control of the system...
Sensitive Information Exposure
Flask is vulnerable to Sensitive Information Exposure. The vulnerability is due to incomplete handling of the Vary: Cookie header when accessing the session object, where certain access patterns e.g., using the in operator fail to mark responses as user-specific, allowing caching proxies to store...
Denial Of Service
pypdf is vulnerable to Denial of Service. The vulnerability is due to a malformed /FlateDecode stream, where the byte-by-byte decompression is used, and an attacker can craft a PDF which leads to long runtimes...
Sensitive Data Exposure
Apache Superset is vulnerable to Sensitive Data Exposure. The vulnerability is due to improper serialization of sensitive fields in the API response, where authenticated users with low privileges can retrieve sensitive user information, including password hashes, email addresses, and login...
SQL Injection
Apache Superset is vulnerable to SQL Injection. The vulnerability is due to an incomplete default list of restricted SQL functions for the ClickHouse engine, where attackers can execute potentially sensitive SQL functions within SQL Lab and charts...
Infinite Loop
pypdf is vulnerable to Infinite Loop. The vulnerability is due to the library's handling of circular /Prev entries in cross-reference streams, where an attacker can craft a PDF that leads to an infinite loop when read, allowing for a denial of service attack...
Buffer Overflow
psd-tools is vulnerable to Buffer Overflow. The vulnerability is due to malformed RLE-compressed image data, where decoderle raises ValueError which propagated all the way to the user, crashing psd.composite and psd-tools export, and attackers can exploit it by crafting a PSD file with malformed...