Sql Injection

Pimcore is vulnerable to SQL Injection attacks. The vulnerability is due to a lack of validation of user-controlled input in the getFilterCondition function. Any backend user with basic permissions can execute SQL queries and elevate their privileges to admin...

Insufficient Verification Of Data Authenticity

github.com/kyverno/kyverno is vulnerable to Insufficient Verification Of Data Authenticity. The vulnerability allows an attacker to control the digest of images used by Kyverno users. To exploit this issue, the attacker would need to compromise the registry from which Kyverno fetches its images...

Weak 2FA Code Generation

Fides is vulnerable to Weak Code Generation. The vulnerability is due to the usage of the python random module used for generating one time codes in the Privacy and Consent request process which is considered to be a cryptographically weak pseudo-random number generator. This issue allows an...

Arbitrary Code Execution

yiisoft/yii is vulnerable to Arbitrary Code Execution. The vulnerability exists in wakeup function at CDbCriteria.php which allows an attacker to inject and execute arbitrary codes if the unserialize method is called on untrusted user input...

Improper Input Validation

K8s.io/kubernetes is vulnerable to Improper Input Validation. The vulnerability exists due to insufficient input sanitization in the in-tree storage plugin for Windows nodes in mountwindows.go, allowing an attacker to bypass admin privileges on this node...

Memory Leak

libgpac.so is vulnerable to Memory Leak. The memory leak is found in the function gfisomaddchapter at /isomedia/isomwrite.c. The vulnerability can allow attackers to trigger a DoS attack via a crafted file...

Security Bypass

Microsoft.AspNetCore.Components is vulnerable to Security Bypass. The vulnerability arises due to a lack of validation on blazer server. An unauthenticated user is able to bypass validation on blazer server forms...

HTTP Request Smuggling

yt-dlp is vulnerable to HTTP Request Smuggling. The vulnerability is due to realextract function in generic.py file there is no validation and sanitization of httpheaders included through the URL. This allows an attacker to setting an arbitrary proxy for a request to an arbitrary url, can...

Remote Code Execution (RCE)

guest-entries is vulnerable to Remote Code Execution RCE. The vulnerability is due to the uploadFile function in GuestEntryController.php, as there are no checks for the file type being uploaded. This allows attackers to upload and potentially execute malicious PHP files...

Transaction Cross Linking

Hyperledger Fabric is vulnerable to Transaction Cross Linking. The vulnerability is due to the insecure concatenation of transactions in a block, allowing an adversary to craft a cross-linked block resulting in Transaction Cross Linking...

HTTP Request Smuggling

aiohttp is vulnerable to HTTP Request Smuggling. The vulnerability exists due to various issues with header parsing in httpparser.py. This allows a remote attacker to smuggle an HTTP request by submitting a maliciously crafted header. This is impactful when AIOHTTPNOEXTENSIONS is enabled or when...

Weak Authentication

TYPO3 is vulnerable to Weak Authentication. The vulnerability is due to the lack of proper session isolation between different sites within the same TYPO3 installation. The attacker can exploit this issue with a valid user account to reuse a session cookie generated for the first site on the seco...

Buffer Overflow

free5gc is vulnerable to Buffer Overflow. The vulnerability allows an attacker to submit crafted PFCP messages resulting in a buffer overflow, potentially leading to Denial of Service...

Improper Access Control

microweber/microweber is vulnerable to Improper Access Control. This vulnerability exists because it does not properly restrict a user from commenting on an unpublished blog...

Remote Code Execution (RCE)

statamic/cms is vulnerable to Remote Code Execution RCE. This vulnerability impacts both front-end forms employing the Forms feature and asset upload fields in the control panel. Malicious actors can exploit this loophole to introduce and execute arbitrary code via uploading image files...

Denial Of Service (DoS)

remarshal is vulnerable to Denial Of Service DoS. The vulnerability exists because remarshal.py does not properly limit the maximum nodes to be expanded. This allows YAML alias nodes to be expanded indefinitely when processing untrusted YAML files. Consequently, an attacker could exploit this...

Information Disclosure

TYPO3 is vulnerable to Information Disclosure. The vulnerability is due to disclosing the full path of the transient data directory resulting in sensitive information disclosure...

Remote Code Execution (RCE)

vantage6node is vulnerable to Remote Code Execution RCE. The system fails to validate the execution of a child task if it has a specified parent task ID which could be exploited by an attacker who gains unauthorized access to the system. By setting a fake parent task ID for a malicious task, the...

Arbitrary Code Execution

salt is vulnerable to Arbitrary Code Execution. The vulnerability exists due to a symlink attack which allows an attacker to inject and execute arbitrary codes into the system...

Information Disclosure

label Studio is vulnerable to Information Disclosure. This vulnerability exists due to improper sensitive fields restrictions in the the object-relational mapper in serializers.py, allowing an attacker to access and sensitive filters...

Denial Of Service (DoS)

github.com/kyverno/kyverno is vulnerable to Denial Of Service DoS. The vulnerability exists in the Kyvernos Notary verifier when an attacker has control over the registry from which Kyverno fetches attestations. In such a scenario, the attacker could provide a malicious response to Kyverno during...

Denial Of Service (DoS)

github.com/kyverno/kyverno is vulnerable to Denial of Service DoS. An attacker with control over the registry from which Kyverno fetches signatures could exploit this vulnerability by returning a malicious response to Kyverno's request. The malicious response could be a malformed signature or a...

Denial Of Service (DoS)

github.com/kyverno/kyverno is vulnerable to Denial of Service DoS. An attacker with control over the registry from which Kyverno fetches attestations could return a malicious response to Kyverno's request, which would cause Kyverno to crash and prevent other users' admission requests from being...

Denial Of Service (DoS)

github.com/kyverno/kyverno is vulnerable to Denial of Service DoS. An attacker with control over the registry from which Kyverno fetches signatures could exploit this vulnerability by returning a malicious response to Kyverno's request. The malicious response could be a malformed signature or a...

XML External Entity (XXE)

org.eclipse.jdt and org.eclipse.platform are vulnerable to XML External Entity XXE. The vulnerability exists because the library does not disable access to external entities by default. This allows an attacker to inject malicious XML documents into an Eclipse project, potentially leading to...

Use-After-Free

openvpn is vulnerable to Use-After-Free. The vulnerability occurs when sending network buffers to a remote peer, resulting in memory leak buffers or a potential remote execution...

Denial Of Service (DoS)

openvpn is vulnerable to Denial of Service DoS. The vulnerability allows a malicious attacker to trigger a divide by zero error resulting in an application crash...

Information Disclosure

moodle/moodle is vulnerable to Information Disclosure. The vulnerability exists because the user information are not properly restricted which allows an attacker to gain access to sensitive information such as usernames...

Arbitrary Code Execution

moodle/moodle is vulnerable to Arbitrary Code Execution. The vulnerability exists in the IMSCP activity which allows an attacker to inject and execute arbitrary codes into the system...

Information Disclosure

moodle/moodle is vulnerable to Information Disclosure. The vulnerability exists because the user group restrictions are not properly implemented which allows an attacker to view summary reports of different user groups...

Cross-site Scripting (XSS)

moodle/moodle is vulnerable to Cross-Site Scripting XSS. This vulnerability exists in tracker.php because it does not properly validate user input, allowing an attacker to inject and execute malicious JavaScript in the browser...

Incorrect Authorization

apacheairflow is vulnerable to Incorrect Authorization. The vulnerability is due to in forms.py as there is no read-only validation on critical fields, this allows authenticated users with DAG-view permissions to modify DAG run details. An attacker can use this for alter details such as...

Denial Of Service

go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc is vulnerable to Denial of Service. The vulnerability is caused by the grpc unary server interceptor having out of the box labels. The labels net.peer.sock.addr and net.peer.sock.port have unbound cardinality. This leads ...

SQL Injection

Piccolo is vulnerable to SQL Injection. The vulnerability is caused by a lack of user input validation while executing SQL statements. The input passed to connection.execute is not properly escaped. An attacker can exploit this vulnerability to obtain direct access to the database and has the...

Session Fixation

symfony is vulnerable to Session Fixation. An attacker is able to steal session tokens from users of a vulnerable Symfony application. The attacker could then use the stolen session tokens to impersonate the users and access their accounts...

Cross-site Scripting (XSS)

Moodle/moodle is vulnerable to Cross-Site Scripting XSS. This vulnerability exists in the report.php because it does not properly validate user input, allowing an attacker to inject and execute malicious JavaScript in the browser...

Cross Site Scripting (XSS)

symfony/symfony is vulnerable to Cross Site Scripting XSS. The vulnerability arises due to usage of unsafe filters in the getfilters method. CodeExtension uses issafe=html but fails to ensure the input is safe. An attacker can execute an XSS attack due to this misconfiguration...

Insertion Of Sensitive Information Into Log File

github.com/juanfont/headscale is vulnerable to Insertion Of Sensitive Information Into Log File. The vulnerability is due the HTTP api writting the whole bearer token to info-level logs...

Unrestricted Upload Of Files

statamic/cms is vulnerable to Unrestricted Upload Of File With Dangerous Type. The vulnerability is due to FormController.php as there is only a generic file validation rule, which only confirms the presence of a file without checking its type. This lack of explicit validation of file type, allow...

Improper Access Control

Moodle/moodle is vulnerable to Improper Access Control. The vulnerability exists because it does not properly control access in the Only See membership group, allowing an attacker to view information from other student groups...

Improper Verification Of Cryptographic Signature

github.com/sigstore/gitsign is vulnerable to Improper Verification Of Cryptographic Signature. The vulnerability is applicable in the case where a Rekor server is compromised, as gitsign directly fetches public keys via the API without TUF client validations. This leads to lack of validation and...

Remote Code Execution (RCE)

moodle/moodle is vulnerable to Remote Code Execution RCE. A local file inclusion vulnerability allows an attacker to include arbitrary files on a vulnerable Moodle server by exploiting a flaw in the way that Moodle handles file paths, which could allow the attacker to take complete control of the...

Privilege Escalation

froxlor/froxlor is vulnerable to Privilege Escalation. The vulnerability is caused by improper handling of symbolic links. An attacker could write arbitrary data to the home directory and escalate privileges...

Missing Authorization

Apache Airflow is vulnerable to Missing Authorization. The vulnerability is due to a lack of validation while authorizing users to read DAGs. A user with read permission to specific DAGs can read task instances of other DAGs...

Cross-site Scripting (XSS)

moodle/moodle is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the absence of sanitization in the content of pagelib.php and the lack of access restrictions in editcomments.php. This allows an attacker to inject and execute malicious JavaScript, posing a potential securi...

Cross-site Scripting (XSS)

moodle/moodle is vulnerable to Cross-site Scripting XSS. A cross-site scripting XSS vulnerability in the CSV grade import method allows an attacker to inject malicious code into a Moodle site by uploading a specially crafted CSV file containing the malicious code. The malicious code would then be...

Cross-Site-Scripting (XSS)

symfony is vulnerable to Cross Site Scripting. The vulnerability is due to a lack of validation in the webhookcontroller. The error message in WebhookController returns unescaped user-submitted input. An attacker can potentially trick a victim into clicking a link which will execute arbitrary...

Denial Of Service (DoS)

github.com/hashicorp/vault is vulnerable to Denial of Service DoS. A memory leak vulnerability allows an attacker to cause a denial-of-service DoS attacks against a vulnerable Vault instance by sending a large number of malicious client requests. The malicious requests would cause Vault to consum...

Improper Access Control

moodle/moodle is vulnerable to Improper Access Control. The vulnerability exists due to insufficient checks when updating the parent of a course category in the updatecategories function of externallib.php. This could potentially allow unauthorized users to perform actions or modifications they...

Cache Poisoning

moodle/moodle is vulnerable to Cache Poisoning. The vulnerability exists because the library does not impose any restrictions on the minimum value for a revision. If the revision is either too old or too new, the file content is cached without undergoing any validation through the file serving...