38195 matches found
Command Injection
libssh.so is vulnerable to Command Injection. The vulnerability is due to insufficient validation of the hostname parameter in the URI parsing process. This allows attackers to use ProxyCommand or the ProxyJump features to exploit and inject malicious code via the unchecked hostname parameter on...
Improper Authentication
pulsar-websocket is vulnerable to Improper authentication. The vulnerability arises due to a lack of authentication a user makes request to the /pingpong endpoint. The attacker can potentially trigger a DoS attack or perform excessive data transfer as a result of this vulnerability...
Buffer Overflow
Espeak-ng is vulnerable to Buffer Overflow. The vulnerability is due to the SetUpPhonemeTable function within synthdata.c. This issue can be exploited by an attacker to cause denial of service...
Path Traversal
mlfow is vulnerable to Path Traversal . The vulnerability is caused due to a lack of appropriate uri validation within uri.py. The attacker can read sensitive files on the mlflow server by exploiting this vulnerability...
Information Disclosure
mltable is vulnerable to Information Disclosure. An attacker could exploit this vulnerability to disclose training data...
Path Traversal
mlflow is vulnerable to Path Traversal. The vulnerability is caused due to an inappropriate handling of path validation in ftp artifact repository, located within ftpartifactrepo.py. This allows an attacker to perform remote code execution and retrieve data & model information...
Deserialization Of Untrusted Data
huggingface/transformers is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to the implementation of TransfoXLTokenizer, which automatically loads the vocab.pkl file from the remote repository using the risky pickle.load function without any restrictions. This issue can ...
Buffer Overflow
libming.so is vulnerable to Buffer Overflow. The vulnerability is due to the parseSWFGLYPHENTRY function within parser.c lacking proper memory allocation size checks and bounds checking on the glyphbits and advancebits parameters. An attacker can exploit this by providing specially crafted input...
Arbitrary File Write
mlflow is vulnerable to Arbitrary File Write. The vulnerability is caused to an inappropriate path validation in the validatepathissafe function. This allows an attacker to arbitrarily write files to the mlflow serve...
Server Side Request Forgery (SSRF)
mlflow is vulnerable to Server Side Request Forgery SSRF. The vulnerability is caused by following redirects while fetching HTTP artifact contents within the model-versions/get-artifact endpoint. A malicious user can exploit this to access internal HTTPs servers and in the worst case achieve remo...
Path Traversal
org.apache.tiles: tiles-core is vulnerable to Path Traversal. The vulnerability is due to missing validation in the DefaultLocaleResolver.LOCALEKEY attribute set on the session while resolving XML definition files. This can lead to Server Side Request Forgery SSRF or XML External Entity Injection...
Cross Site Request Forgery (CSRF)
Phpsysinfo is vulnerable to Cross Site Request Forgery CSRF. The vulnerability is caused due to the missing validation for JSONP requests in readconfig.php file. This could allow an attacker to retrieve sensitive JSON data from the server,leads JSONP hijacking vulnerability...
Denial Of Service (DoS)
apachesuperset is vulnerable to Denial Of Service. The vulnerability is caused by a lack size checks for each file within a ZIP archive. This allows an attacker to upload a maliciously crafted ZIP file such as a ZIP bomb or an oversized file, and upon decompression. This flaw can result in...
Server Side Template Injection (SSTI)
mlflow is vulnerable to Server-side Template Injection SSTI. The vulnerability is due to not using the sandboxed jinja2 loader while merging and rendering profile/recipe configuration yaml files in the renderandmergeyamlfunction within mlflow/utils/fileutils.py. If a user loads a malicious recipe...
Denial Of Service (DoS)
libtinyxml.so is vulnerable to Denial Of Service DoS. The vulnerability arises due to a reachable assertion in tinyxmlparser.cpp. An attacker can potentially crash the application via a crafted XML document with a \0 located after a whitespace...
Authentication Bypass
github.com/navidrome/navidrome is vulnerable to Authentication bypass. The vulnerability is due to the DefaultGet function within auth.go which is used to retrieve the JWT secret key from the database. If the key is not found or an error occurs during retrieval, it defaults to using the hardcoded...
SQL Injection
Apache Superset is vulnerable to SQL Injection. The vulnerability is due improper user input validation and sanitization in the wherein JINJA macro. This issue can be exploited by an attacker by injecting a quote within the JINJA macro resulting in the execution of arbitrary SQL statements...
Segmentation Fault
libncurses.so is vulnerable to Segmentation Fault. The vulnerability is due to the ncwrapentry function when processing a malformed input file which results in an application crash...
Unauthorized Access
apache-superset is vulnerable to Unauthorized Access. The vulnerability is due to improper authorization checks. This flaw can be exploited by an attacker by creating a dashboard and adding charts to it. Consequently they become one of the owners of the charts, resulting in unauthorized write...
OS Command Injection
tts-api is vulnerable to OS Command Injection. The vulnerability is due to a lack of validation in the onSpeechDone function within app.js. This could allow an attacker to gain unauthorized access by executing unauthorized commands...
Automatic Renewal Of Expired Authorization Tokens
emailproxy is vulnerable to Automatic Renewal Of Expired Authorization Tokens. The vulnerability is due to expired authorization tokens can be automatically renewed without verifying their validity against the original account configuration, specifically the password set up during the initial...
Authentication Bypass
libslurm.so is vulnerable to Authentication Bypass. The vulnerability is due to a message integrity bypass in slurmprotocolapi.c. An attacker can reuse root-level authentication tokens which allows an attacker to perform unauthorized actions...
Denial Of Service (DoS)
libssh is vulnerable to Denial Of Service DoS. The vulnerability is due to a lack of proper validation and checking of return values in the abstract layer for message digest MD operations implemented by different supported crypto backends. This could lead to low-memory failures and potentially...
Denial Of Service (DoS)
libslurm.so is vulnerable to Denial Of Service DoS. The vulnerability exists due to improper size checks in the sizevalp within pack.c allowing an attacker to cause a Dos...
Improper Access Control
libslurm.so is vulnerable to Improper Access Control. The vulnerability exists due to improper restrictions in the user-group list, which allow an attacker to perform unauthorized actions by modifying their extended group list...
Cross-Site Scripting (XSS)
resque is vulnerable to Cross-Site Scripting. The vulnerability is due to a lack of sanitization in the htmlescape parameter for the currentqueue function. This allows an attacker to manipulates the currentqueue parameter in the request URL. This can leads to arbitrary HTML or JavaScript code...
Prefix Truncation Attack (Terrapin Attack)
libssh is vulnerable to Terrapin attack. The vulnerability is due to mishandling of the handshake phase and sequence numbers in the SSH Binary Packet Protocol BPP with certain OpenSSH extensions. This allows an attacker to bypass integrity checks and omit packets during extension negotiation, and...
Cross Site Scripting (XSS)
resque-scheduler is vulnerable to Reflected Cross Site Scripting XSS. The vulnerability is due to lack of schedulejob or args parameter sanitizion while processing a /resque/delayed/jobs/schedulejob?args=argsid request. An attacker can send a maliciously crafted url replacing schedulejob or the...
Denial Of Service (DoS)
libcjson.so is vulnerable to Denial of Service DoS. The vulnerability is due to a missing null value check, allowing a malicious to cause a segmentation fault via the cJSONSetValuestring function within cJSON.c, resulting in DoS...
Denial Of Service (DoS)
libcjson.so is vulnerable to Denial of Service DoS. The vulnerability is due to lack of a null value check in the JSONInsertItemInArray function within cJSON.c, which allows a malicious user to trigger a segmentation fault resulting in DoS...
Directory Traversal
mlflow is vulnerable to Directory Traversal. The vulnerability exists in the validatepathissafe function within uri.py which allows an attacker to read or write to files outside of the restricted directory using a crafted file path...
Denial Of Service (DoS)
libcryptopp.so is vulnerable to Denial Of Service DoS. The vulnerability exists in the ModularSquareRoot function due to an infinite loop caused by crafted DER public-key data with squared odd numbers, which allows an attacker to cause DoS...
Cross Site Scripting (XSS)
malojaserver is vulnerable to Cross Site Scripting XSS attack. The vulnerability arises due to the error page reflecting the missing path to the user. An attacker can execute arbitrary JavaScript in the malojaserver's client context...
Denial Of Service (DoS)
libcryptopp.so is vulnerable to Denial Of Service DoS. The vulnerability is caused when DER public key data for an F2^m curve is not strictly decreasing each polynomial term, which allows an attacker to cause an application crash...
PKCE Downgrade Attack
yiisoft/yii2-authclient is vulnerable to PKCE Downgrade Attack. The vulnerability is caused due to an insecure implementation of PKCE. The application doesn't use authCodeVerifier securely. An attacker can gain unauthorized access to protected resources by exploiting this vulnerability...
Information Disclosure
libcryptopp.so is vulnerable to Information Disclosure. The vulnerability exists due to side channel leakage Marvin Attack which allows an attacker to to infer sensitive information during PKCS1 v1.5 decryption...
Denial Of Service (DoS)
@sentry/astro is vulnerable to Denial of Service DoS. The vulnerability is caused due to the dynamic creation of regular expressions for user-submitted URL parameter values in middleware.ts, resulting in DoS...
Out-of-Bounds Write
libperl.so is vulnerable to Out-of-Bounds Write. The vulnerability exists in the Sparseunipropstring function of regcomp.c due to a property name associated with a \p... regular expression construct, allowing an attacker to write to unallocated space...
Cross Site Scripting (XSS)
resque is vulnerable to Reflected Cross Site Scripting XSS. The vulnerability is due to not sanitizing and escaping the currentqueue portion of the path action tag in HTML form on the /queues endpoint of the resque-web component. This can lead to Reflected XSS when the view related to the /queues...
Cross-Site Scripting (XSS)
Keycloak Services is vulnerable to Cross Site Scripting XSS Attacks. The vulnerability is due to the matchesRedirects method utils/RedirectUtils.java missing some redirection URL sanitization. This could allow an attacker to submit a specially crafted request leading to XSS...
Timing Attack
yiisoft/yii2-authclient is vulnerable to Timing attack. The vulnerable is caused due to an insecure string comparison method strcmp used to compare a nonce. An attacker can potentially perform a time based attack to guess the nonce string...
Rogue Session Attack (Terrapin)
ssh is vulnerable to Terrapin attack. The vulnerability is due to mishandling of the handshake phase and sequence numbers in the SSH Binary Packet Protocol BPP with certain OpenSSH extensions. This allows an attacker to bypass integrity checks and omit packets during extension negotiation, and...
Request Smuggling
aiohttp is vulnerable to Request Smuggling. The vulnerability exists due to improper HTTP method validation in this library, which allows attackers to modify HTTP requests...
Improper Input Validation
libslurm.so is vulnerable to Improper Input Validation. The vulnerability exists due to the lack of length checks for the message size in slurmprotocolapi.c, which allows an attacker to modify RPC traffic in a way that bypasses message hash checks, leading to message extension attacks...
Stack Overflow
Grackle is vulnerable to Stack Overflow Vulnerability. The vulnerability is due to improper bound check while parsing graphql queries. This can lead to application crash resulting in Denial Of Service DOS...
SQL Injection
SchedMD Slurm is vulnerable to SQL Injection. The vulnerability is due to improper validation and sanitization of sql queries. This issue can be exploited by an attacker to inject malicious sql statements...
Cross Site Scripting (XSS)
resque is vulnerable to Reflected Cross Site Scripting XSS. The vulnerability is caused due to not sanitizing and escaping HTML while displaying failed queue lists related web pages of the resque-web component. An attacker can make a user click on a malicious link leading to Reflected XSS when th...
External Control Of File Name Or Path
h2o is vulnerable to External Control of File Name or Path. The vulnerability exists due to improper input validation which allows an attacker to manipulate file paths to access or modify files outside of the intended directories...
Cross-Site Scripting (XSS)
SPS Commerce is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to improper serialization of user inputs which allows an attacker to inject and execute malicious scripts...
Cross-Site Scripting (XSS)
JFinalcms is vulnerable to Cross-Site Scripting XSS. The vulnerability exists via carousel image editing which allows an attacker to inject and execute arbitrary scripts...