Stack-based Buffer Overflow

libzephyr.so is vulnerable to Stack-based Buffer Overflow. The vulnerability is due to the leecredreconfreq function insubsys/bluetooth/host/l2cap.c because the chancount variable value becomes greater than maximum value allowed in L2CAPECREDCHANMAXPERREQ. This leads to buffer overflow resulting ...

Clear Text Credentials Exposure

Nautobot Device Onboarding is vulnerable to Clear Text Credentials Exposure. The vulnerability is due to credentials being visible via the Job Results view under the Additional Data tab as arguments for Celery Task execution when creating an OnboardingTask. As a result the attacker is exposed to...

Denial Of Service (DoS)

github.com/go-jose/go-jose is vulnerable to Billion Hashes Attack. The vulnerability is due to the decryptKey function in symmetric.go because it only checks if the value of p2c is a positive integer, but lacks a maximum size check. This allow an attacker to provide a PBES2 encrypted JWE blob wit...

Denial Of Service (DoS)

libgpac.so is vulnerable to Denial Of Service DoS. The vulnerability exists due to a memory leak in the gfmpdparsestring function in mpd.c which allows an attacker to cause an application crash...

Cross Site Scripting (XSS)

openCRX is vulnerable to Cross Site Scripting XSS. The vulnerability is due to a lack of validation in Category creation field, which allows an attacker to inject HTML into the application...

Cross Site Scripting (XSS)

openCRX is vulnerable to Cross Site Scripting XSS. The vulnerability is due to a lack of validation in Create product name field, which allows an attacker to inject HTML into the application...

Cross Site Scripting (XSS)

org.opencrx: opencrx-core-models is vulnerable to HTML Injection. The vulnerability is due to a lack of proper input sanitization in the Product Configuration Name Field. This allows an attacker to inject malicious HTML into the application...

Cross Site Scripting (XSS)

org.opencrx: opencrx-core-models is vulnerable to HTML Injection. The vulnerability is due to a lack of proper input sanitization in the Activity Saved Search Creation. This allows an attacker to inject malicious HTML into the application...

Improper Authorization

next-auth is vulnerable to Improper Authorization. A malicious actor could create an empty/mock user by getting hold of a NextAuth.js-issued JWT from an interrupted OAuth sign-in flow state, PKCE or nonce. Manually overriding the next-auth.session-token cookie value with this non-related JWT woul...

Information Disclosure

azurecli, is vulnerable to Information Disclosure. The vulnerability exists due to sensitive information thats exposed in log files, allowing an attacker to recover plaintext passwords and usernames from log files...

Denial Of Service (DoS)

libgpac.so is vulnerable to Denial of Service DoS. The vulnerability is due to the extractattributes function of mediatools/m3u8.c which allows an attacker to cause denial-of-service DoS conditions on a vulnerable system by tricking it into processing a specially crafted m3u8 file. The attacker...

Weak Encryption

upydev is vulnerable to Weak Encryption. The vulnerability is due to PKCS 1v1.5 padding used in the RSA algorithm. This could lead to a Bleichenbacher attack...

Cross Site Scripting (XSS)

org.opencrx: opencrx-core-models is vulnerable to HTML Injection. The vulnerability is due to a lack of proper input sanitization in the Accounts Group Name Field. This allows an attacker to inject malicious HTML into the application...

JSON Web Token (JWT) Algorithm Confusion

fast-jwt is vulnerable to JWT Algorithm Confusion. The vulnerability is caused by a missing validation on publicKeyPemMatcher constant defined in fast-jwt/src/crypto.js which is used to match all common PEM formats for public keys. An attacker can craft a malicious JWT token utilizing the HS256...

Cross Site Scripting (XSS)

openCRX is vulnerable to Cross Site Scripting XSS attack. The vulnerability is due to a lack of validation in the name field under an accounts group. An attacker can potentially use this vulnerability for phishing attacks, website defacement or DoS...

LDAP Injection

Apache Derby is vulnerable to LDAP Injection. The vulnerability is due to improper input validation in the username field which can be used to bypass authentication checks. This can be exploited by an attacker by injecting malicious usernames, and as a result fill up the disk by creating junk Der...

Directory Traversal (ZipSlip)

torchserve is vulnerable to Directory Traversal. The vulnerability is due to a lack of zip file path validation in ZipUtils.java file. This can lead to unauthorized access to sensitive files and directories on the system...

Cross Site Scripting (XSS)

OpenCRX is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper input sanitization and validation via the Activity Milestone Name Field. This can be exploited by the attacker to inject malicious JavaScript into the application...

Cross Site Scripting (XSS)

OpenCRX is vulnerable to Cross Site Scripting. The vulnerability is due to improper input sanitization and validation via the Activity Search Criteria Activity Number. This can be exploited by the attacker to inject malicious JavaScript into the application...

Improper Authorization

strapi-plugin-protected-populate is vulnerable to Improper Authorization. The vulnerability is due to the protectPopulate function of protect-route.js, which allows a users to populate fields they don't have access, resulting in field-level security bypass...

Missing Authorization

rundeck is vulnerable to Missing Authorization. The vulnerability arises due to a missing authorization check for the https://host/context/rdJob/ and https://host/context/api//incubator/jobs endpoints. An attacker can view jobs names and groups for which they don't have authorization for...

Cross-Site-Scripting (XSS)

librenms is vulnerable to Cross-Site-Scripting XSS. The vulnerability arises due to improper validation of device group names in DeviceGroupController.php. An attacker can inject arbitrary JavaScript through the device group field, resulting in XSS...

Json Web Token (JWT) Bypass

json-web-token is vulnerable to Json Web Token JWT Bypass. The vulnerability is due to an insecure mechanism used while verifying the signature of a JWT. The library blindly trusts the algorithm listed in the token without further verification. An attacker can forge a token using the HS256...

Insecure AES Initialization Vector

PyPinkSign is vulnerable to the Insecure Initialization Vector. The vulnerability is due to usage of static Initialization Vector for AES encryption. This could lead to Information Disclosure...

Cross-Site Scripting(XSS)

LimeSurvey is vulnerable to Cross-site Scripting XSS. The vulnerability is caused due to a lack of sanitization in generaloptionspanel.php. This could allow an attacker to escalate privileges by injecting malicious scripts...

Information Disclosure

librenms/librenms is vulnerable to Information Disclosure. The vulnerability exists in graph.inc.php due to lack of access restrictions which allows an attacker to gain access to the sensitive information...

Arbitrary Price Manipulation

vendure is vulnerable to Arbitrary Price Manipulation. The vulnerability is due to the ability to specify an arbitrary currencyCode as a query parameter to an API call, allowing users to select any currencyCode and thus payments made through Mollie and Stripe in that particular currencyCode are...

Denial Of Service (DoS)

github.com/free5gc/free5gc is vulnerable to Denial Of Service DoS. The vulnerability exists due to a null pointer dereference when failing to resolve the IP of a ngap message resulting in an application crash...

Authentication Bypass

LibreNMS is vulnerable to Authentication Bypass. The vulnerability is due to improper rate limiting checks on login mechanisms using the GET method in the /?username=admin=password= endpoint. This can be exploited by an attacker to perform a brute force attack at the login endpoint, resulting in...

Path Traversal

Reactor Netty HTTP Server is vulnerable to Path Traversal. The vulnerability is due to improper validation for file paths. An attacker can accesses unauthorized files or directories by using crafted URLs...

Insecure Directory Permissions

Concrete CMS is vulnerable to Insecure Directory Permissions. The vulnerability is due to incorrect permissions set during the creation of directories. An attacker can accesses unauthorized files or directories as a result of this flaw...

Path Traversal

mlflow is vulnerable to Path Traversal. The vulnerability is caused by a missing validation on Windows file paths starting with driver letter and colon e:g C:.. which result into relative paths when ultimately evaluated. This can lead to an attacker breaking out of the root mlflow directory e.g: ...

Cross-Site Scripting(XSS)

Concrete CMS is vulnerable to Cross Site Scripting XSS. The Vulnerability is due to missing validation in the getTitle function in controller.php. This could allow an attacker to inject malicious scripts...

Buffer Overflow

github.com/wmnsk/go-pfcp is vulnerable to Buffer Overflow. The vulnerability exists due to a lack of sanitization in the handling of PFCP Heartbeat messages, which allow to attacker to craft a malformed PFCP Heartbeat message with a mutated IE recovery time stamp...

Missing Authorization

rundeck is vulnerable to Missing Authorization. The vulnerability arises due to a missing authorization check for the https://host/context/rdJob/ and https://host/context/api//incubator/jobs endpoints. An attacker can view or delete jobs that they should not have access too...

Privilege Escalation

org.apache.hadoop, hadoop-yarn-server-nodemanager is vulnerable to Privilege Escalation. The vulnerability is caused by making the rpath of container-executor binary of Apache Hadoop configurable from $ORIGIN/ to $ORIGIN/:../lib/native/. This is the path through which .so files are loaded. This c...

Cross-site Scripting

ckeditor4 is vulnerable for Cross-Site scripting. The vulnerability is due to the /ckeditor/samples/old/ajax.html file which allows an attacker to retrieve sensitive information...

Man-in-the-Middle

httpie is vulnerable to Man-in-the-Middle attacks. The vulnerability exists due to the use of urllib3.disablewarnings in client.py, which does not properly enforce hostname verification or certificate validation. This means that HTTPS warnings, crucial for debugging and security awareness, are no...

Denial Of Service (DoS)

libde265.so is vulnerable to Denial of Service DoS. The vulnerability is due to the slicesegmentheader function in the slice.cc component. An attacker is able to cause a DoS condition by crafting a specially crafted file and tricking the system into processing it. This could disrupt service on th...

Authentication Bypass

mlflow is vulnerable to Authentication Bypass. The vulnerability is due to a bypass in both the mlflow server and mlflow UI around MLFlow's implementation of basic authentication. This flaw allows an unauthenticated malicious user to create a user/credential set using the 2.0 REST API...

Denial Of Service (DOS)

pocketmine/raklib is vulnerable to Denial Of Service DOS. The vulnerability is caused by a missing validation on an upper bound for the maximum number of messages/packets that can be stored inside reliable-ordered queue until the data in the queue is ordered. A malicious client can exploit above...

Cross Site Scripting (XSS)

typo3/html-sanitizer is vulnerable to Cross-site Scripting XSS. The vulnerability allows an attacker to inject malicious code into a vulnerable TYPO3 website through bypassing the cross-site scripting prevention mechanisms via crafting a specially crafted URL or form submission. The malicious cod...

Path Traversal

galaxyimporter is vulnerable to Path Traversal. The vulnerability is due to incorrect symbolic link handing, allowing an attacker to construct a specially crafted tarball that,when imported using the galaxy importer of Ansible Automation Hub, creates a symbolic link on the disk, potentially...

Sensitive Information Disclosure

io.quarkus io.quarkus.gradle.plugin is vulnerable to Information Disclosure. The vulnerability is due improper sanitization of artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information...

Mutation Cross-Site Scripting (mXSS)

tinymce is vulnerable to mutation cross-site scripting mXSS. The vulnerability is caused due to lack of sanitization in handling of text nodes.This could allow an attacker to inject malicious scripts...

Full Path Disclosure

pimcore/admin-ui-classic-bundle is vulnerable to full path disclosure vulnerability. The vulnerability is caused due to a missing error detection while the server retrieves the path of a file. This enables the attacker to have the full path of the file they want to view. The attacker can use this...

Double Free

GPAC is vulnerable to Double Free. The vulnerability is due to gffilterpacketdel function within /gpac/src/filtercore/filter.c. This leads to application crash resulting in Denial Of Service DOS...

Heap Use After Free

GPAC is vulnerable to Heap Use After Free. The vulnerability is due to the flushrefsamples function within /gpac/src/isomedia/moviefragments.c. This leads to application crash resulting in Denial Of Service DOS...

Stack Overflow

libgpac.so is vulnerable to stack overflow. The vulnerability is caused due to a lack of validation in the hevcparsevpsextension function in the avparsers.c file. This could lead to Denial of Service attacks...

HTTP Request Smuggling

aiohttp is vulnerable to HTTP Request Smuggling. The vulnerability exists due to an inconsistent interpretation of the Content-Length CL and Transfer-Encoding TE headers in httpparser.py, which can be exploited to bypass proxy rules, poison sockets, and potentially redirect users to malicious...