Arbitrary File Deletion

org.jenkins-ci.plugins, scriptler is vulnerable to Arbitrary File Deletion. The vulnerability exists because the library does not restrict a file name query parameter in an HTTP endpoint. This allows an attacker with Scriptler/Configure permission to delete arbitrary files on the Jenkins controll...

Privilege Escalation

SAP BTP Security Services Integration Library is vulnerable to Privilege Escalation. The vulnerability exists due to the lack of permission checks in the library, enabling an attacker to obtain arbitrary permissions within the application under certain conditions...

Denial Of Service (DoS)

nuxt-api-party is vulnerable to Denial of Service DoS. The vulnerability could be exploited via crafting a malicious URL and setting high retry attempts, which allows an attacker to trigger a recursive error handling loop, crashing the server and potentially disrupting service for legitimate user...

Arbitrary Code Execution

mlflow is vulnerable to Arbitrary Code Execution. The vulnerability exists due to improper neutralization of special elements used in a template engine which allows an attacker to inject and execute arbitrary code...

Privilege Escalation

github.com/sap/cloud-security-client-go is vulnerable to Privilege Escalation. The vulnerability exists due to lack of permission restrictions which allows an attacker to obtain arbitrary permissions within the application...

Cross-site Scripting (XSS)

com.jfinal, jfinal is vulnerable to Cross Site Scripting. The vulnerability exists due to improper validation or sanitization of user inputs which allows attackers to inject malicious JS payloads into the system...

Brute Force Of Valid Usernames

umbraco.cms is vulnerable to Brute Force Of Valid Usernames. This can lead to an attacker accessing valid usernames in the system...

Information Exposure

Umbraco is vulnerable to Information Exposure/User Enumeration. The vulnerability is due to PostRequestPasswordReset function in AuthenticationController.cs not have a feature to randomize the response time when processing password reset requests. This allows an attacker to potentially use the...

Sensitive Information Disclosure

laf-client-sdk is vulnerable to Sensitive Information Disclosure. The vulnerability is caused due to directly inserting env variables into the the template while constructing the deployment instance of the app. Sensitive information in the secret and configmap can be read through the k8s envFrom...

Incorrect Authorization

umbracocms is vulnerable to Incorrect Authorization. The vulnerability is due to ValidateUserAccess function in ContentSaveValidationAttribute.cs file not performing any checks for specific user permissions, as there is no differentiation between users with 'send for approval' permissions and tho...

HTML Injection

Umbraco is vulnerable to HTML Injection. The vulnerability is due to improper user sanitization and validation. This issue can be exploited by an attacker to inject malicious html tags...

Improper Access Control

github.com/mattermost/mattermost-server is vulnerable to Improper Access Control. The vulnerability exists due to a lack of permission checks in the library, allowing an attacker to access the playbook and modify it. This can occur if the user was once a member of the team, gained permissions to...

Cross-Site Scripting (XSS)

umbraco.cms is vulnerable to Cross-Site Scripting. The vulnerability is due to login.controller.js because there is no validation if the returnPath URI is from same origin. This allows attacker to perform URL redirection or DOM based XSS into the web application...

Memory Exhaustion

h2o is vulnerable to Memory Exhaustion. The vulnerability is due to improper bound check on the QUIC stack. This issue can be exploited by an attacker to progressively increase the memory retained by the QUIC stack leading to memory exhaustion and denial of service...

Path Traversal

mlflow is vulnerable to Arbitrary File Write. The vulnerability exists due to the lack of URL pat sanitization in the load function of httpdatasetsource.py, allowing an attacker to access files outside the expected directory and download arbitrary files through a malicious URL when loading datase...

Insecure Deserialization/Unsafe Attributes Merge

phenx/php-svg-lib is vulnerable to Insecure Deserialization. The vulnerability is caused due to unsafe attributes such as href, xlink:href and id while merging attributes from the tag to the tag when handling a tag that references an tag. This can lead to an unsafe file read that can cause PHAR...

Stored Cross Site Scripting

Umbraco is vulnerable to Stored Cross Site Scripting. The vulnerability is due to improper validation on SVG file uploads. This issue can be exploited by an attacker via uploading malicious SVG file containing JavaScript...

Information Disclosure

nautobot is vulnerable to Information Disclosure. The vulnerability exists because the library uses django-db-file-storage by default, and it does not require any user authentication to access the database file storage. This allows an attacker to view files in the database storage and potentially...

Path Traversal

Umbraco is vulnerable to Path Traversal. The vulnerability is due to backoffice users with permissions to create packages, enabling them to exploit path traversal and write files outside of the expected location. This issue can be exploited by an attacker to write malicious files on the server...

Cross-site Scripting (XSS)

jfinal is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the modal management department of the library, allowing an attacker to inject and execute malicious JavaScript...

Cross-site Scripting (XSS)

jfinal is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the column management department of the library, allowing an attacker to inject and execute malicious JavaScript...

Denial Of Service (DoS)

phenx/php-svg-lib is vulnerable to Denial Of Service DoS. The vulnerability is caused due to a missing validation for circular references reached while parsing the attributes passed to a use tag inside an SVG document. An attacker can craft a malicious SVG file and send multiple request to a syst...

Out Of Date Public Suffix List

gsemac.net is vulnerable to Old Public Suffix List. The library utilizes an out of date Public Suffix list. This list contains all the public suffixes such as .net and .com...

Server Side Request Forgery

nuxt-api-party is vulnerable to Cross-Site Request Forgery. The vulnerability exists due to a faulty regurlar expression which does not take white spaces into account validation within server.ts, allowing an attacker to execute requests bypasssing the whitelist, leading to unauthorized access...

Sensitive Information Disclosure

github.com/treeverse/lakefs is vulnerable to Sensitive Information Disclosure. The application fails to obfuscate or encrypt the S3 token, revealing it in plaintext logs...

Missing Origin Validation

uptime-kuma is vulnerable to Missing Origin Validation. The server doesn't validate the Origin header when a user connects to the server using Socket.IO. An attacker can access protected endpoints and sensitive data by exploiting this vulnerability...

Authorization Bypass

quarkus-smallrye-graphql is vulnerable to Authorization Bypass. The vulnerability is due to doHandle function in SmallRyeGraphQLOverWebSocketHandler.java file there are no checks to ensure that the user is authenticated or authorized to access the GraphQL endpoint. This allows an attacker to acce...

Denial Of Service (DoS)

HashiCorp Vault is vulnerable to Denial of Service. The vulnerability is caused due to the unbounded memory copy operation during the processing of inbound HTTP requests.This could lead to memory exhaustion within the host when handling large unauthenticated and authenticated HTTP requests from a...

Improper Authentication

github.com/treeverse/lakefs is vulnerable to Improper Authentication. The vulnerability is due to the NewSecureString function in securestring.go lacking the security measures handle environment variables. Specifically, it directly accesses environment variables using os.LookupEnv without any for...

Denial Of Service (DoS)

github.com/golang/go is vulnerable to Denial Of Service DoS. The vulnerability exists because the readChunkLine function in chunked.go does not properly check the bytes from the request or response body. A malicious attacker can exploit this to cause a server to automatically read a large amount ...

Server-side Request Forgery (SSRF)

MindsDB is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is caused due to a lack of URL validation in file.py. This allows an attacker to make arbitrary requests to internal resources that the MindsDB server can access, which leads Information Disclosure and SSRF...

Insecure Protocol Handling

github.com/golang/go is vulnerable to Insecure Protocol Handling. The vulnerability exists in the repoRootFromVCSPaths function of vcs.go when using go get to fetch a module with the .git suffix. It may unexpectedly fallback to the insecure git:// protocol if the module is unavailable via the...

Session Fixation

uptime-kuma is vulnerable to Session Fixation. The vulnerability exists when a user changes their login password but a previously logged-in user retains access without being logged out. This behavior persists consistently, even after system restarts or browser restarts. This vulnerability allows...

Captcha Verification Bypass

base64Captcha is vulnerable to Captcha Verification Bypass. The vulnerability is due to improper verification of captcha wherein, if the first parameter is a non-existent id, the second parameter is an empty string, and the third parameter is set to true, the function will always consider the...

Limited File Write

MindsDB is vulnerable to Limited File Write. The vulnerability is caused due to a put method in mindsdb/mindsdb/api/http/namespaces/file.py does not validate the user-controlled name value, which is used to construct a temporary file name. This allows to write files anywhere on the server leading...

Same-Origin Policy Bypass

@koa/cors is vulnerable to Same-Origin Policy Bypass. The vulnerability exists in the index.js because the middleware operates in a way that if an allowed origin is not provided by default, it will return an Access-Control-Allow-Origin header with the value set to the origin from the request. Thi...

Denial Of Service (DoS)

knative.dev/eventing-gitlab is vulnerable to Denial of Service DoS. The vulnerability is due to improper enforcement of the ReadHeaderTimeout which is used to timeout individual read operations in receiveadapter.go. This can lead to a Denial Of Service, making the server unavailable to other user...

IP Spoofing

caddy-geo-ip is vulnerable to IP Spoofing attacks. The vulnerability is due to insecure usage of the trustheader. When trustheader is configured, req.Remoteaddr is overwritten. This allows an attacker to bypass IP range restrictions, and spoof IP addresses through the X-Forwarded-For header...

Always-Incorrect Control Flow Implementation

OpenZeppelin is vulnerable to Always-Incorrect Control Flow Implementation. The vulnerability is due to the duplication of functionDelegateCall in the Multicall.sol file. This could lead to Unintended Duplicate Operations...

Security Misconfiguration

dockerspawner is vulnerable to Security Misconfiguration. The vulnerability is due to overly permissible pull container image configuration. An attacker can launch any pullable image as a result of this vulnerability...

Heap Buffer Overflow

GPAC is vulnerable to Heap Buffer Overflow. The vulnerability is due to improper bound checking via the str2ulong class in src/mediatools/avilib.c, resulting in Heap Buffer Overflow...

Denial Of Service

libgpac.so is vulnerable to Denial Of Service. The vulnerability is due to improper bound check in the cttsboxread function in src/isomedia/boxcodebase.c. This issue can be exploited by an attacker to cause Denial of Service...

Information Disclosure

dbtcore is vulnerable to Information Disclosure. The vulnerability is caused by logging the Personal Access Token PAT in plaintext to the package-lock.yml file. If an attacker gains access to this file, they can exfiltrate the sensitive PAT token...

Cross Site Scripting

mediawiki/semantic-media-wiki is vulnerable to Cross Site Scripting. The vulnerability is due to improper sanitization of input. This issue can be exploited by an attacker via injecting malicious JavaScript...

Account Takeover

microweber/microweber is vulnerable to Account Takeover. The vulnerability exists because login credentials are passed through the GET request, allowing an attacker to capture credentials through network traffic, potentially leading to account takeover...

Local Privilege Escalation

pyinstaller is vulnerable to Local Privilege Escalation. The vulnerability exists due to insecure directories used in the library, allowing an attacker to delete files on the system if the applications contains either matplotlib or win32com, and the temporary directory is not locked to a specific...

Improper Authorization

Chromium is vulnerable to Improper Authorization. The vulnerability is due to improper implementation in Autofill functionlality. This allows an attacker to bypass Autofill restrictions via a crafted HTML page...

Improper Restriction Of Rendered UI Layers Or Frames

chromium is vulnerable to Improper Restriction of Rendered UI Layers or Frames. The vulnerability is due to the Inappropriate implementation in Web Browser UI in Google Chrome. This allows an attacker to overlay or insert additional UI content...

Use After Free

chromium is vulnerable to Use after free.The vulnerability is due to there is no proper memory management in Media Capture feature in Google Chrome. An attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction...

Use After Free

chromium is vulnerable to Use After Free. The vulnerability is due to improper memory management in Media Stream in Google Chrome. This allows an attacker to potentially exploit heap corruption via a crafted HTML page...