38468 matches found
Improper Authentication
github.com/1panel-dev/1panel is vulnerable to improper authentication.The vulnerability is due to improper server-side validation of a client-controlled parameter, which allows an unauthenticated attacker to bypass CAPTCHA protections and perform automated login attempts leading to potential...
Server-Side Request Forgery (SSRF)
github.com/zitadel/zitadel is vulnerable to an unauthenticated full-read Server-Side Request Forgery SSRF. The vulnerability is due to improper trust of the x-zitadel-forward-host header in the Login UI V2, which allows an attacker to force the server to make arbitrary HTTP requests and read...
DOM-Based Cross-Site Scripting (XSS)
github.com/zitadel/zitadel, is vulnerable to DOM-Based Cross-Site Scripting XSS. The vulnerability is due to improper validation of the postlogoutredirect parameter in the /logout endpoint, which allows an unauthenticated remote attacker to execute malicious JavaScript in users’ browsers...
Race Condition
@auth0/nextjs-auth0 is vulnerable to a race condition. The vulnerability is due to improper lookup handling in the TokenRequestCache during simultaneous requests on the same client, which allows an attacker to exploit inconsistent token responses and potentially interfere with authentication flow...
Denial Of Service (DoS)
github.com/quic-go/quic-go is vulnerable to a Denial Of Service DoS. The vulnerability is due to missing limits on the size of decoded HTTP/3 headers from QPACK-encoded HEADERS frames, which allows an attacker to send crafted requests with large header fields to trigger excessive memory allocatio...
Rails Active Storage Has A Possible DoS Vulnerability In Proxy Mode Via Multi-range Requests
Impact Active Storage's proxy controller does not limit the number of byte ranges in an HTTP Range header. A request with thousands of small ranges causes disproportionate CPU usage compared to a normal request for the same file, possibly resulting in a DoS vulnerability. Releases The fixed...
Path Traversal
Active Storage is vulnerable to Path Traversal. The vulnerability is due to Active Storage's DiskServicepathfor not validating that the resolved filesystem path remains within the storage root directory, where a blob key containing path traversal sequences e.g. ../ could allow reading, writing, o...
Arbitrary Code Injection
Langflow is vulnerable to Arbitrary Code Injection. The vulnerability is due to the validation process dynamically executing LLM‑generated Python code via exec, where the validation routine runs the generated code and an attacker who can influence the model output can achieve arbitrary server‑sid...
Remote Code Execution (RCE)
Indico is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper sanitization of LaTeX input allowing bypass via crafted syntax, which allows an attacker to read local files or execute arbitrary code on the server when LaTeX rendering is enabled...
Denial Of Service (DoS)
Active Support is vulnerable to Denial of Service. The vulnerability is due to the acceptance of strings containing scientific notation by Active Support number helpers, where the conversion of these strings to extremely large decimal representations can cause excessive memory allocation and CPU...
Privilege Escalation
Signify is vulnerable to Privilege Escalation. The vulnerability is due to improper Authenticode signature validation in signeddata.py and context.py, where a remote attacker can escalate privileges via these components and exploit the vulnerability to gain elevated access...
Cryptography Has Incomplete DNS Name Constraint Enforcement On Peer Names
Summary In versions of cryptography prior to 46.0.5, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography would allow a peer named "bar.example.com" to validate against a wildcard leaf...
Infinite Loop
pypdf is vulnerable to an Infinite Loop. The vulnerability is due to reading a file in non‑strict mode during dictionary recovery, where the DictionaryObject.readfromstream method can enter an infinite loop and an attacker can craft a PDF to trigger it...
Deserialization Of Untrusted Data
Saloon is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to unsafe use of PHP’s unserialize with allowedclasses enabled when restoring OAuth token state, which allows an attacker to supply malicious serialized objects and trigger execution of arbitrary code via gadget...
Server-side Template Injection
giskard-agents is vulnerable to server-side template injection. The vulnerability is due to the ChatWorkflow.chat method passing its string argument directly to a non‑sandboxed Jinja2 Environment, where the input string is treated as a template by inlineenv.fromstring and an attacker can supply...
Improper Authorization
Langflow is vulnerable to an Improper Authorization. The vulnerability is due to improper access control in the readflow helper, which failed to enforce ownership validation when authentication was enabled, allowing an authenticated attacker to read, modify, or delete flows belonging to other...
Session Hijacking
MCP Ruby SDK is vulnerable to Session Hijacking. The vulnerability is due to insufficient session binding, where an attacker who obtains a valid session ID can completely hijack the victim's Server-Sent Events SSE stream and intercept all real-time data...
Cross Site Scripting
Active Support is vulnerable to Cross Site Scripting. The vulnerability is due to SafeBuffer% not propagating the @htmlunsafe flag to the newly created buffer, where a SafeBuffer is mutated in place and then formatted with % using untrusted arguments, and the result incorrectly reports htmlsafe? ...
Improper Input Validation
activestorage is vulnerable to Improper Input Validation. The vulnerability is due to unescaped use of blob keys in Dir.glob within DiskServicedeleteprefixed, which allows an attacker to inject glob metacharacters and delete unintended files from the storage directory...
Denial Of Service
Active Storage is vulnerable to Denial of Service. The vulnerability is due to the proxy controller loading the entire requested byte range into memory before sending it, where a request with a large or unbounded Range header could cause the server to allocate memory proportional to the file size...
Remote Code Execution (RCE)
ruby-lsp is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsanitized interpolation of the rubyLsp.branch setting into a generated Gemfile, which allows an attacker to inject malicious code that executes when a user opens a crafted project...
Cross-Site Scripting
Home Assistant is vulnerable to Cross-Site Scripting. The vulnerability is due to an authenticated party adding a malicious name to their device entity, where the malicious name allows for Cross-Site Scripting attacks against anyone who can see a dashboard with a Map-card which includes that...
Path Traversal
saloonphp/saloon is vulnerable to Path Traversal. The vulnerability is due to lack of validation of fixture names used in file path construction, which allows an attacker to manipulate paths and read or write arbitrary files outside the intended directory...
Server-Side Request Forgery
pyLoad is vulnerable to Server-Side Request Forgery. The vulnerability is due to the download engine accepting arbitrary URLs without validation, where an authenticated attacker can exploit this to access internal network services and exfiltrate cloud provider metadata...
Environment Variable Leak
changedetection.io is vulnerable to Environment Variable Leak. The vulnerability is due to the use of the jq env builtin in include filter expressions, where an authenticated user can leak sensitive environment variables including SALTEDPASS, PLAYWRIGHTDRIVERURL, HTTPPROXY, and any secrets passed...
Cross-Site Scripting
Home Assistant is vulnerable to Cross Site Scripting. The vulnerability is due to the lack of output escaping or sanitization in the History-graph card, where an attacker can inject arbitrary tags that execute JavaScript by changing the name of a sensor to a malicious value...
Arbitrary Code Injection
froxlor/froxlor is vulnerable to Arbitrary Code Injection. The vulnerability is due to improper validation of DNS record content in the DomainZones.add endpoint, which allows an attacker to inject malicious directives into zone files and manipulate DNS configuration...
Server-Side Request Forgery (SSRF)
saloonphp/saloon is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of request endpoints allowing absolute URLs to override the base URL, which allows an attacker to redirect requests to malicious hosts and potentially exfiltrate sensitive data such...
SQL Injection
wwbn/avideo is vulnerable to SQL Injection. The vulnerability is due to improper use of prepared statements where user-controlled input videosid is directly concatenated into the query, which allows an attacker to inject and execute arbitrary SQL commands...
Cleartext Storage Of Sensitive Information
wwbn/avideo is vulnerable to Cleartext Storage of Sensitive Information. The vulnerability is due to storing video passwords in plaintext without encryption or hashing, which allows an attacker with database access to retrieve all passwords in cleartext...
SQL Injection
wwbn/avideo is vulnerable to a SQL Injection. The vulnerability is due to direct interpolation of user-controlled input into SQL queries without parameterization in the fixCleanTitle method, which allows an attacker to inject and execute arbitrary SQL commands...
Denial Of Service
Netty is vulnerable to Denial of Service. The vulnerability is due to the lack of a limit on the number of CONTINUATION frames in Netty's DefaultHttp2FrameReader, where an attacker can send a flood of CONTINUATION frames with zero-byte payloads, bypassing existing size-based mitigations and causi...
OS Command Injection
sbt is vulnerable to OS Command Injection. The vulnerability is due to the lack of validation of the URI fragment, where a malicious fragment can execute arbitrary commands because cmd /c interprets &, |, and ; as command separators...
Deserialization Of Untrusted Data
io.opentelemetry.javaagent:opentelemetry-javaagent is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to lack of serialization filtering in the RMI instrumentation endpoint, which allows an attacker with network access to send malicious serialized data and execute...
Incorrect Authorization
Apache Artemis is vulnerable to Incorrect Authorization. The vulnerability is due to incorrect authorization, where an authenticated user with the 'createDurableQueue' permission but without the 'createAddress' permission can create a temporary address when attempting to create a non-durable JMS...
Directory Traversal
Plexus-Utils is vulnerable to Directory Traversal. The vulnerability is due to a flaw in the extractFile method of org.codehaus.plexus.util.Expand, where an attacker can execute arbitrary code by exploiting the Directory Traversal vulnerability...
Deserialization Of Untrusted Data
com.datadoghq:dd-java-agent is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to unsafe deserialization of incoming data by a custom RMI endpoint without applying serialization filters, which allows a network-based attacker to exploit a gadget chain and potentially...
Path Traversal
pf4j is vulnerable to Path Traversal. The vulnerability is due to improper handling of zip entry names, where a lack of proper path normalization and validation can allow directory traversal or Zip Slip attacks...
Interpretation Conflict
github.com/traefik/traefik is vulnerable to Interpretation Conflict. The vulnerability is due to improper path normalization when handling Path, PathPrefix, or PathRegex matchers, which allows an attacker to use URL-encoded characters to bypass middleware and access unintended backend services...
Cross-Site Request Forgery (CSRF)
github.com/1panel-dev/1panel is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to missing CSRF protections such as anti-CSRF tokens or Origin/Referer validation, which allows an attacker to craft a malicious webpage that triggers unauthorized panel name changes when a...
Cross-Site Request Forgery (CSRF)
1Panel is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to missing CSRF protections such as anti-CSRF tokens or Origin/Referer validation in the port-change endpoint, which allows an attacker to trick an authenticated user into submitting a malicious request that changes...
Cross-Site Request Forgery (CSRF)
github.com/1panel-dev/1panel is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to missing CSRF protections such as anti-CSRF tokens or Origin/Referer validation, which allows an attacker to trick an authenticated user into submitting a malicious request to change the...
Denial Of Service (DoS)
github.com/envoyproxy/envoy is vulnerable to a Denial Of Service DoS. The vulnerability is due to a re-entry bug in the JwksFetcherImpl during failed remote JWKS fetching with multiple JWT tokens, which allows an attacker to trigger a crash by sending crafted requests that cause overlapping fetch...
Cross Site Scripting(XSS)
github.com/xyproto/algernon is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of filename inputs, which allows an attacker to inject a crafted payload and execute arbitrary code...
Denial Of Service (DoS)
github.com/sigstore/timestamp-authority is vulnerable to Denial of Service DoS. The vulnerability is due to inefficient processing of untrusted input using string splitting in request parsing functions, which allows an attacker to send crafted inputs that trigger excessive memory allocations and...
Protection Mechanism Failure
github.com/envoyproxy/envoy is vulnerable to Protection Mechanism Failure. The vulnerability is due to accepting and forwarding client data before a successful 2xx response in TCP proxy mode, which allows an attacker to cause desynchronization when upstream proxies reject the CONNECT request...
Denial Of Service (DoS)
github.com/sigstore/fulcio is vulnerable to Denial of Service DoS. The vulnerability is due to inefficient handling of untrusted input in the extractIssuerURL function, which allows an attacker to supply a token with excessive period characters to trigger high memory allocations and degrade servi...
Inadequate Encryption Strength
github.com/cloudflare/gokey is vulnerable to Inadequate Encryption Strength. The vulnerability is due to flawed seed decryption logic that uses only limited entropy from the initialization vector and authentication tag, which allows an attacker with access to the seed file to derive generated...
Improper Access Control
mautic/core is vulnerable to Improper Access Control. The vulnerability is due to missing enforcement of update settings restrictions, which allows a low-privileged user to install or remove arbitrary packages and execute malicious code for privilege escalation...
Cross-site Scripting (XSS)
Angular is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to internationalization of security-sensitive attributes bypassing Angular’s sanitization when combined with untrusted data binding, which allows an attacker to inject malicious scripts...