Use After Free

chromium is vulnerable to Use After Free. The vulnerability exists in the Reading Mode component of the library which allows an attacker to convince user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures...

Use After Free

chromium is vulnerable to Use After Free. The vulnerability exists in the Side Panel component of the library which allows an attacker to convince user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures...

Remote Code Execution (RCE)

chromium is vulnerable to Remote Code Execution RCE. The vulnerability exists due to the incorrect security UI in Downloads, which allows a remote malicious attacker to obfuscate security UI via a crafted HTML page...

Use After Free

chromium is vulnerable to Use After Free. The vulnerability exists in the Profiles component of the library which allows an attacker to convince user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures...

Domain Spoofing

chromium is vulnerable to Domain Spoofing. The vulnerability occurs due to incorrect security UI in Picture In Picture within google chrome which allows a remote malicious attacker to perform domain spoofing via a crafted local HTML page...

Arbitrary Code Execution

chromium is vulnerable to Arbitrary Code Execution. The vulnerability exists due to the inappropriate implementation in Downloads, which allows a remote malicious attacker to execute arbitrary code via a malicious file...

Remote Code Execution (RCE)

chromium is vulnerable to Remote Code Execution RCE. The vulnerability exists due to the inappropriate implementation in WebApp, which allows a remote malicious attacker to obfuscate security UI via a crafted HTML page...

Denial Of Service (DoS)

wabt is vulnerable to Denial of Service DoS. The vulnerability occurs within the CWriter::MangleType function, resulting in a DoS...

Denial Of Service (DoS)

wabt is vulnerable to Denial of Service DoS. The vulnerability occurs within the hang.wasm component, resulting in an infinite loop causing an application crash...

Chain Halt

github.com/cosmos/packet-forward-middleware is vulnerable to a Chain Halt. The vulnerability exists because it does not properly validate IBC packets in the incoming router, allowing an attacker to cause a chain halt...

Unauthorised User Account Creation

authentik is vulnerable to unauthorized user creation and potential account takeover. With the default flows, unauthenticated users can create a new account. If a flow allows email password recovery, attackers can overwrite the email address of admin accounts and take over the account...

Remote Code Execution (RCE)

dolibarr/dolibarr is vulnerable to Remote Code Execution. This vulnerability exists in the dolKeepOnlyPhpCode function in website.lib.php due to improper user inputs validation, allowing an attacker to inject and execute arbitrary PHP code in the system...

Account Takeover

authentik is vulnerable to potential account takeover. authentik uses a blueprint to create default admin user, which also optionally sets an admin password from environment variable. When the default admin is deleted, it is possible for an attacker to set the password for admin user without...

Denial Of Service

Squid is vulnerable to Denial Of Service. The vulnerability is due to improper validation of particular index which allows an attacker to initiate a TLS Handshake with a malicious crafted SSL Certificate in a server certificate chain thus leading to denial of service...

Denial Of Service (DoS)

libgpac.so is vulnerable to Denial Of Service. The vulnerability is due to a lack of check ensuring that the pointer avcc is not NULL in the gfmediachangepl function. This allows an attacker to craft input that causes gfisomavcconfigget to return NULL, potentially leading to an application crash...

Heap Buffer Overflow

libgpac.so is vulnerable to Heap Buffer Overflow. The vulnerability is due to the gfisomusecompactsize function in isomwrite.c which does not check the value of stsz-sampleCount. This allows an attacker to craft a scenario where stsz-sampleSize is non-zero, and stsz-sampleCount is zero. This lead...

Information Disclosure

request-tracker4 is vulnerable to Information Disclosure. The vulnerability allows an attacker to exploit a flaw in the way that RT handles mail-gateway REST API calls to expose sensitive information...

Information Disclosure

request-tracker4 is vulnerable to Information Disclosure. The vulnerability occurs due to request tracker accepting unvalidated RT email headers in incoming emails, resulting in disclosure of confidential information...

Denial Of Service (DoS)

libgpac.so is vulnerable to Denial Of Service DoS. The vulnerability is due the gfisomfindodidfortrack function in gpac/src/isomedia/mediaodf.c which causes invalid read memory access. This can lead to application crash resulting in Denial Of Service DOS...

Denial Of Service (DoS)

mupdf is vulnerable to Denial of Service DoS. The vulnerability occurs due to a infinite recursion within the pdfmarklistpush component allowing a malicious attacker to cause a potential DoS...

Improper Access Control

dolibarr/dolibarr is vulnerable to Improper Access Control. The vulnerability is a result of the library's failure to adequately validate user input data. This allows an attacker to read a database table containing sensitive customer data...

Cross-site Scripting (XSS)

evolutioncms/evolution is vulnerable to Cross-site Scripting XSS. An attacker could exploit this vulnerability by injecting a crafted payload into the cmsadmin, cmsadminemail, cmspassword and cmspasswordconfim parameters, resulting in XSS...

Denial Of Service (DoS)

wabt is vulnerable to Denial of Service DoS. The vulnerability occurs when putting @ before a quote " which allows a malicious attacker to cause a libc++abi.dylib crash...

Out-of-bounds Write

exfatprogs is vulnerable to Out Of Bounds Write. The vulnerability is found in the readfiledentryset function within exfat2img.c. When the SecondaryCount exceeds a threshold of 2 plus the maximum number of File Name entries, it could potentially lead to writing data to memory locations beyond the...

Insecure Session Management

thorsten/phpmyfaq is vulnerable to Insecure Session Management. The vulnerability exists because the sessions are not securely handled which allows an attacker to perform unauthorized actions...

Cross-Site Scripting(XSS)

pimcore is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the processDocument function which lack s checks whether a PDF document contains JavaScript code. This allows an attacker to to inject malicious scripts into the browser...

Privilege Escalation

Kubernetes is vulnerable to Privilege Escalation. The vulnerability is due to a lack of input sanitization on windows nodes which allows a user to escalate to admin privileges...

Weak Cryptography

github.com/nats-io/nats-server and github.com/nats-io/nkeys are vulnerable to Weak Cryptography. The vulnerability exists due to improper encryption handling logic because the signing key is zero valued...

Cross-site Scripting (XSS)

phpmyfaq is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the lack of HTML elements validation in login.php, which allows an attacker to inject and execute malicious JavaScript into the browser...

Information Disclosure

matrixsynapse is vulnerable to Information Disclosure. The vulnerability is caused by a missing validation check for the userid parameter used to query cached device information of remote users. This can lead to enumerating the remote users known to a homeserver...

Cross Site Scripting (XSS)

pimcore/admin-ui-classic-bundle is vulnerable to Cross Site Scripting. The vulnerability is due to the getPreviewDocumentAction function in AssetController.php not having any content validation for PDF files. This allows an attacker to craft a malicious PDF file containing harmful scripts and can...

Stored Cross-Site Scripting (XSS)

microweber is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability lies in the "Dashboard" module, allowing an attacker to inject a malicious script which will be executed once a user visits the affected page...

Denial Of Service (DoS)

pypdf is vulnerable to Denial Of Service DoS. The vulnerability is caused by a missing validation check if the current object in a clone operation has already been visited so that it will not be added in to a list of objects to visit again. An attacker can craft a malicious PDF which can lead to ...

Information Disclosure

github.com/authzed/spicedb is vulnerable to Information Disclosure. The vulnerability is due to a lack of datastore URI validation allowing an attacker to insert a password with a colon ":", which then results in the entire URI, including the plaintext password, being displayed in the logs...

Privilege Escalation

Kubernetes is vulnerable to Privilege Escalation. The vulnerability allows allows a user with the ability to create pods on Windows nodes to escalate to admin privileges, which leads to privilege escalation...

Cross-site Scripting (XSS)

phpmyfaq is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the lack of HTML elements validation in Faq.php, which allows an attacker to inject and execute malicious JavaScript in the browser...

Weak Cryptography

jose4j is vulnerable to Weak Cryptography. The vulnerability is present in Pbes2HmacShaWithAesKeyWrapAlgorithm.java due to the ability to set a small iteration count when using the PBE Password-Based Encryption algorithm. This weakness enables an attacker to determine hashed password values...

Timing Attack

generator-jhipster is vulnerable to a Timing Attack. The vulnerability exists because the TokenProvider.java uses String.equalsstr to compare the given token-signature. This comparison method does not effectively validate the token because it stops as soon as it encounters the first character tha...

Cross-site Scripting (XSS)

thorsten/phpmyfaq is vulnerable to Cross-site Scripting XSS. An attacker could exploit this vulnerability by tricking a user into clicking on a malicious link or a file via the file attachment upload functionality, which would contain a specially crafted XSS payload that would be injected into th...

Insufficient Session Expiration

thorsten/phpmyfaq is vulnerable to Insufficient Session Expiration. The vulnerability occur when a users permission changes allowing an authenticated attacker to reuse an old session ID to access a user's account, even after the user has logged out which allows the attacker to perform unauthorise...

Information Disclosure

codeigniter4/framework is vulnerable to Information Disclosure. The vulnerability is due to displaying a detailed error report in production environment when an error or exception occurs. This can lead to leakage of confidential information...

Buffer Overread

Mbed TLS is vulnerable to Buffer Overread. The vulnerability is due to improper validation of record lengths when calculating the MAC. This can potentially leak sensitive data or crash the application...

Remote Code Execution

activemq is vulnerable to Remote Code Execution. The vulnerability is due to BaseDataStreamMarshaller.java as there is no class validation and does not verify that the loaded class is a valid Throwable. This allows an attacker to manipulate serialized class types within the OpenWire protocol,...

Remote Code Execution/Server Side Template Injection

kimai/kimai is vulnerable to Remote Code Execution. The vulnerability is caused by Server-Side Template Injection SSTI which can be escalated to Remote Code Execution RCE. A malicious user can upload a specially crafted Twig file to execute arbitrary code when PDF and HTML rendering functionality...

Inadequate Access Control

PrestaShop is vulnerable to Inadequate Access Control.The vulnerability is due not checking access rights properly in the ajaxProcessGetPossibleHookingListForModule function in AdminModulesPositionsController.php. This may lead to an attacker listing all modules without any access rights...

Denial Of Service (DoS)

libstb.so is vulnerable to Denial Of Service DoS. The vulnerability exists in the stbiloadgiffrommemory function at stbimage.h due to the function call of stbiloadgifmain which allows an attacker to cause an application crash...

Misconfiguration Of LoadBalancer Service

github.com/kubernetes/kubernetes is vulnerable to Misconfiguration of LoadBalancer Service. The vulnerability is present in the proxier.go. In the context of Kube-proxy on Windows, there is an issue where it can inadvertently forward traffic to local processes that are listening on the same port ...

Unverified Password Change

pimcore/admin-ui-classic-bundle is vulnerable to Unverified Password Change. The vulnerability allows an attacker to change the password of any user to their old password on a vulnerable system without knowing the user's current password...

Sensitive Information Disclosure

org.elasticsearch: elasticsearch is vulnerable to Insertion Of Sensitive Information Into Log File. The vulnerability is caused by a failure to filter out sensitive information and credentials before logging to the audit log when requests to Elasticsearch use certain deprecated URIs for APIs. Thi...

Authentication Bypass

github.com/nats-io/nats-server is vulnerable to Authentication Bypass. The vulnerability is due to configureAccounts function in server.go which allows the creation of a no-authenticated user for the global account. This potentially leads an attacker to unauthorized access to the global account...