NULL Pointer Dereference

ImageMagick is vulnerable to a NULL pointer dereference vulnerability. The vulnerability is due to improper handling of tags in the MSL Magick Scripting Language parser before images are loaded, which allows an attacker to trigger a denial-of-service DoS condition via assertion failure in debug...

Race Condition

node-tar is vulnerable to a Race Condition Vulnerability. The vulnerability is due to improper handling of Unicode path collisions in the PathReservations locking mechanism on normalization-insensitive or case-insensitive filesystems, which allows an attacker to exploit race conditions using...

Improper Authentication And Authorization

github.com/openbao/openbao-plugins is vulnerable to Improper Authentication and Authorization. The vulnerability is due to insufficient validation of IAM role identity across AWS accounts, which allows an attacker from an untrusted account to impersonate a same-named role in a trusted account and...

Improper Access Control

github.com/slackhq/nebula is vulnerable to Improper Access Control. The vulnerability is due to incorrect handling of CIDR ranges in certain configurations, which allows an attacker to spoof or use arbitrary source IP addresses within the Nebula network...

Email Address Parsing Vulnerability

next-auth is vulnerable to email address parsing vulnerability. The vulnerability is due to an incorrect address parsing behavior in Nodemailer, which allows an attacker to craft a malicious email input that redirects authentication or verification emails to an attacker-controlled mailbox instead...

Denial Of Service (DoS)

Next.js is vulnerable to Denial Of Service DoS. The vulnerability is due to the image optimization endpoint loading external images into memory without enforcing a maximum size limit, which allows an attacker to request optimization of arbitrarily large images and trigger out-of-memory conditions...

Sandbox Escape

vm2 is vulnerable to Sandbox Escape. The vulnerability is due to incomplete sanitization of Promise callbacks, where globalPromise.prototype.then and catch are not sanitized while localPromise is, this allowing attackers to bypass sandbox restrictions via async function return values and execute...

Incorrect Regular Expression

Hono is vulnerable to Incorrect Regular Expression. The vulnerability is due to improper validation of IPv4 octet ranges in the IP Restriction Middleware, which allows an attacker to craft malformed IP addresses to bypass IP-based access controls...

Denial Of Service (DoS)

github.com/kyverno/kyverno is vulnerable to Denial Of Service DoS. The vulnerability is due to unbounded memory usage in the policy engine when processing crafted policies that exponentially amplify string data via context variables, which allows an attacker with policy creation privileges to...

Timing Attack

OctoPrint is vulnerable to Timing Attack. The vulnerability is due to character-by-character API key comparison with early termination, which allows a network-based attacker to infer valid API keys by measuring response times and guessing the key one character at a time...

Memory Leak

ImageMagick is vulnerable to a memory leak. The vulnerability is due to improper handling of malformed OpenCL device profile XML files in the LoadOpenCLDeviceBenchmark function, which fails to free allocated string memory when elements are not properly closed, allowing an attacker to trigger memo...

Server-Side Template Injection

fof/pretty-mail is vulnerable to Server-Side Template Injection. The vulnerability is due to improper validation and sanitization of email template inputs, which allows an attacker with administrative access to inject malicious template expressions and execute arbitrary system commands during ema...

Server-Side Request Forgery (SSRF)

shopware/core is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of user-supplied input used in server-side HTTP requests, which allows an attacker to coerce the server into sending requests to internal or external systems, potentially leading to...

Arbitrary File Write

Shopware is vulnerable to Arbitrary file write. The vulnerability is due to insufficient validation of uploaded plugin files, which allows an attacker to write files to arbitrary directories and upload a PHP shell, resulting in persistent shell access on on-premises installations...

Arbitrary Command Injection

Elysia is vulnerable to Arbitrary Command Injection. The vulnerability is due to unsanitized injection of dynamic cookie configuration into compiled routes, which allows an attacker with write access to the cookie configuration to inject and execute arbitrary code...

Denial Of Service (DoS)

Next.js is vulnerable to a Denial of Service DoS vulnerability. The vulnerability is due to unbounded request body buffering and unbounded decompression in the Partial Prerendering PPR resume endpoint, which allows an attacker to send specially crafted unauthenticated POST requests or compressed...

Prototype Pollution

Elysia is vulnerable to Prototype Pollution. The vulnerability is due to improper deep-merge handling in the mergeDeep function when merging schema validation results, which allows an attacker to inject a proto property and, when chained with another flaw, achieve remote code execution...

Denial Of Service (DoS)

Next.js is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to unbounded memory consumption in the Image Optimizer, where the /next/image endpoint loads attacker-controlled external images entirely into memory without size limits when remotePatterns is enabled, allowing large image...

Sensitive Information Disclosure

Umbraco.cms is vulnerable to Sensitive Information Disclosure. The vulnerability is due to unsafe handling and cleanup of temporary files during the dictionary upload process, which allows an attacker with backoffice access to infer the existence of arbitrary files on the server and, in some...

Information Disclosure

Shopware is vulnerable to sensitive Information Disclosure. The vulnerability is due to improper protection of sensitive application data, which allows an attacker to export credential-related information from affected Shopware deployments and potentially reuse recovered credentials across other...

Denial Of Service (DoS)

orjson is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to missing recursion depth limits in orjson.dumps, where deeply nested JSON inputs can cause excessive recursion, leading to stack exhaustion and process crashes...

Denial Of Service (DoS)

Protobuf is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to bypassed recursion depth limits when parsing nested Any messages, where missing depth accounting in the ParseDict logic allows deeply nested inputs to exhaust the Python recursion stack and trigger a RecursionError...

Integer Overflow

@openzeppelin/confidential-contracts is vulnerable to Integer Overflow. The vulnerability is due to a silent overflow failure in the internal mint function that is not checked by wrapper functions, which allows an attacker to cause minting to fail silently while still transferring underlying...

Serialization Injection Vulnerability

LangChain is vulnerable to a Serialization Injection Vulnerability. The vulnerability is due to improper handling of user-controlled objects containing lc keys in the toJSON serialization logic, which allows an attacker to inject crafted data that is mistakenly treated as a trusted LangChain obje...

Serialization Injection Vulnerability

langchaincore is vulnerable to a Serialization Injection Vulnerability. The vulnerability is due to the dumps and dumpd functions not escaping user-controlled dictionaries containing the internal lc key, which allows an attacker to craft malicious input that is interpreted as a trusted LangChain...

Directory Traversal

Swing Music is vulnerable to Directory Traversal. The vulnerability is due to insufficient path validation in the listfolders function of the /folder/dir-browser endpoint, which allows an authenticated attacker to traverse the filesystem and browse arbitrary directories on the server...

Sensitive Information Disclosure

@anthropic-ai/claude-code is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper trust validation during the project-load flow, which allows an attacker to supply a malicious repository configuration that redirects API requests to an attacker-controlled endpoint a...

Arbitrary Command Injection

@orval/core is vulnerable to Arbitrary Command Injection. The vulnerability is due to improper handling and escaping of untrusted OpenAPI specification data in the x-enumDescriptions field during enum generation, which allows an attacker to inject and execute arbitrary TypeScript or JavaScript co...

Denial-Of-Service (DoS)

ESPHome is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to an integer overflow in the API protobuf decoder, where an attacker-controlled fieldlength value can overflow the bounds check in proto.cpp, bypassing validation and causing invalid memory access that crashes the device,...

Arbitrary Code Execution

binary-parser is vulnerable to Arbitrary Code Execution. The vulnerability is due to unsanitized interpolation of untrusted values into dynamically generated code, where attacker-controlled parser field names or encoding parameters are embedded directly into generated JavaScript, allowing arbitra...

Path Traversal

wheel is vulnerable to Path Traversal.The vulnerability is due to unsafe handling of file permissions during wheel extraction, where the unpack function trusts archive header filenames when applying chmod, allowing a malicious wheel to modify permissions of arbitrary system files after path...

Denial-Of-Service (DoS)

Seroval is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to unbounded recursion during serialization, where objects with extreme nesting depth can exceed the maximum call stack size, causing crashes or service disruption when serializing untrusted input...

Stack Overflow

ImageMagick is vulnerable to a stack overflow. The vulnerability is due to infinite recursion in the MSL Magick Scripting Language command when writing to MSL format, which allows an attacker to trigger a stack overflow and cause a denial-of-service condition...

Improper Certificate Validation

wlc is vulnerable to improper certificate validation. The vulnerability is due to skipped SSL verification for specially crafted URLs, which allows an attacker to perform man-in-the-middle attacks and intercept or manipulate communications...

Sensitive Information Exposure

wlc is vulnerable to sensitive information exposure. The vulnerability is due to support for unscoped API keys in configuration settings, which allows an attacker to obtain the API key if it is inadvertently sent or exposed to unintended remote servers...

Denial-of-service (DoS)

pypdf is vulnerable to denial-of-service DoS. The vulnerability is due to improper handling of PDFs missing the /Root object with a large /Size value in non-strict parsing mode, which allows an attacker to craft an invalid PDF that triggers excessively long runtimes...

Server-Side Request Forgery (SSRF)

github.com/axllent/mailpit is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to the HTML Check feature automatically downloading remote CSS resources without proper validation, which allows an attacker to embed malicious stylesheet links in emails and trigger unauthorize...

HTTP Request Smuggling

io.vertx:vertx-core is vulnerable to HTTP Request Smuggling. The vulnerability is due to improper handling of / in the output buffer by removeDots function in Static Handler which allows the attacker can prevent access to static files by sending specifically crafted request URIs that exploit...

Improper Access Control

Pterodactyl is vulnerable to Improper Access Control. The vulnerability is due to failure to revoke active SFTP sessions when user permissions are removed or modified, which allows an attacker with an existing SFTP connection to retain unauthorized file access after their privileges are revoked...

Server-Side Request Forgery (SSRF)

github.com/axllent/mailpit is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of target addresses in the /proxy endpoint, which allows an attacker to send crafted HTTP GET requests to internal network resources and access internal services or AP...

Server-Side Request Forgery (SSRF)

Chainlit is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to fetching attacker-controlled URLs during element updates, where the SQLAlchemy data layer performs outbound HTTP GET requests on user-supplied url values, allowing authenticated attackers to access internal...

Stored Cross-Site Scripting (XSS)

labelstudio is vulnerable to stored cross-site scripting XSS.The vulnerability is due to insufficient sanitization of user-controlled input in the customhotkeys functionality, which allows an authenticated attacker or one who tricks a user/admin to inject malicious JavaScript that executes in oth...

Arbitrary Code Execution

Orval is vulnerable to Arbitrary Code Execution. The vulnerability is due to unsanitized embedding of untrusted OpenAPI fields, where attacker-controlled values in the x-enumDescriptions field are injected without proper escaping during enum generation, resulting in executable JavaScript/TypeScri...

Path Traversal

mindsdb is vulnerable to a path traversal. The vulnerability is due to improper handling of user-controlled file paths in the file upload API when JSON requests are used, which allows an unauthenticated attacker to exploit directory traversal and read arbitrary files from the server filesystem an...

Command Injection

Wrangler is vulnerable to Command Injection. The vulnerability is due to unsanitized interpolation of the --commit-hash parameter into a shell command, where attacker-controlled input is passed directly to execSync, allowing arbitrary command execution in environments such as CI/CD pipelines that...

Symlink Poisoning

node-tar is vulnerable to Symlink Poisoning. The vulnerability is due to insufficient sanitization of hardlink and symlink linkpath values during archive extraction, where malicious tar entries can bypass the extraction root restriction and overwrite arbitrary files or create dangerous symlinks...

Server-Side Request Forgery (SSRF)

SvelteKit is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper handling of host and origin resolution during prerendered route processing, where crafted requests can trigger internal requests or cause excessive resource usage, leading to SSRF or service disrupti...

SQL Injection

Parsl is vulnerable to SQL Injection.The vulnerability is due to unsafe construction of SQL queries using user-supplied URL parameters without proper sanitization, which allows an unauthenticated attacker to inject arbitrary SQL commands and potentially exfiltrate data or cause a denial of servic...

Command Injection

github.com/tencent/weknora is vulnerable to command injection. The vulnerability is due to improper validation of user-supplied stdioconfig.command and args in MCP stdio settings, which allows an authenticated attacker to inject arbitrary commands and cause the server to execute malicious...

Improper Access Control

github.com/kyverno/kyverno is vulnerable to Improper Access Control. The vulnerability is due to incorrect handling of multiple policy exceptions in enforce mode, which allows an attacker to bypass enforced policies by leveraging a less restrictive exception even when a more restrictive exception...