Path Traversal

coderedcms is vulnerable to Path Traversal. An attacker could exploit this vulnerability by sending a specially crafted HTTP request to a vulnerable Wagtail CRX CodeRed Extensions server. The request would contain a specially crafted path that would cause the server to serve the attacker a file...

Information Disclosure

libstb.so is vulnerable to Information Disclosure. The stbigetn function reads a specified number of bytes from context into the specified buffer. When the file stream points to the end, it returns zero which allows a remote attacker to gain access to sensitive information via the exploitable...

Server-Side Request Forgery (SSRF)

github.com/artifacthub/hub is vulnerable to Server-Side Request Forgery SSRF. The vulnerability exists because the authz.go does not disable unsafe rego built-ins by default. This allows an attacker to make malicious HTTP requests, which can be exploited to send requests to internal resources and...

Arbitrary File Write

sbt is vulnerable to Path Traversal. The vulnerability is a result of the absence of path sanitization in the IO.scala file. This oversight allows an attacker to access files outside the expected directory and write arbitrary files. An attacker can exploit this vulnerability by providing a...

Improper Input Validation

pdm is vulnerable to Improper Input Validation. The vulnerability exists in the readlockfile function at repositories.py due to lack of input validations which allows an attacker to trick a user into installing a malicious open source PyPi package...

Invalid Curve Attack

github.com/free5gc/udm is vulnerable to Invalid Curve Attack. The vulnerability exists in the profileB function at suci.go due to lack of validation if a point on the curve is valid which allows an attacker to send arbitrary SUCIs to the UDM which will then be decrypted...

Buffer Overflow

libz.so is vulnerable to Buffer Overflow. The vulnerability is present due to the absence of length checks in the filename, extrafield, and comment parameters within the zip.c. This oversight enables an attacker to trigger an integer overflow, leading to a heap-based buffer overflow in the...

Cross-site Scripting (XSS)

modoboa is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the profile page due to improper input sanitization when switching languages, which allows an attacker to inject malicious JavaScript...

Cross-site Scripting (XSS)

modoboa is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the listen function of twocolsnav.js due to improper handling of profile forms when displaying error messages which allows an attacker to inject and execute arbitrary JavaScript...

Server Side Request Forgery (SSRF)

shenyu is vulnerable to Server-Side Request Forgery. This vulnerability exists because it does not properly validate the requestUrl parameter, allowing an attacker to access internal servers and resources to perform unauthorized actions...

Credential Hijacking

github.com/artifacthub/hub is vulnerable to Credential Hijacking. This vulnerability exists in the registryIsDockerHub function in oci.go because it does not properly check the domain registry in docker hub, which allows an attacker to deploy a fake OCI registry on a domain ending with docker.io,...

Information Disclosure

github.com/grafana/google-sheets-datasource is vulnerable to Information Disclosure. The vulnerability is due to improper error message sanitization in googlesheets.go during the client.GetSpreadsheet function call. This potentially expose the Google Sheet API-key that is configured for the data...

Directory Traversal

Yamcs is vulnerable to Directory Traversal. The vulnerability exists in the storage API because directories are not properly restricted which allows a malicious user to escape the base directory and navigate system directories to gain access to arbitrary files on the system...

Deserialization Of Untrusted Data

org.apache.inlong: manager-pojo is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to filterSensitive function in MySQLSinkDTO.java not properly sanitizing whitespace characters, especially the horizontal tab \t, in URL parameters, which allows these characters to bypass...

Cross-site Scripting

tinymce is vulnerable to Cross-site Scripting. The vulnerability is due to the memBannerText function in Notification.ts which lacks HTML content sanitization within. This allows attacker to perform cross-site scripting XSS attacks while rendering or handling the HTML content of notifications...

Arbitrary File Deletion

Yamcs is vulnerable toArbitrary File Deletion. The vulnerability exists due to improper handling of HTTP requests which allows an attacker to delete arbitrary files via crafted HTTP DELETE request...

Denial Of Service (DoS)

directus is vulnerable to Denial Of Service DoS. The vulnerability exists because invalid websocket frames are not properly handled which allows an attacker to crash the application...

Cross-site Scripting (XSS)

TinyMCE is vulnerable to Cross-site Scripting XSS. The vulnerability occurs when an HTML snippet is restored from the undo stack. In this situation, a combination of string manipulation and reparative parsing by the browser's native DomParser API results in malicious mutations to the HTML. This, ...

Credential Disclosure Through Logs

github.com/ydb-platform/ydb-go-sdk is vulnerable to Information Disclosure. The vulnerability is due to a custom implementation of the credentials interface. During logging, the credentials are directly serialized into the error message. If an application defines a custom credential interface, an...

Authentication Bypass

homeassistant is vulnerable to Authentication Bypass. The vulnerability is caused by an attacker triggering a webhook that are marked as only accessible from the local network, even when the attacker is not connected to the local network. The attacker could exploit this vulnerability by sending a...

Authentication Bypass

github.com/nats-io/nats-server is vulnerable to Authentication Bypass. The vulnerability occurs when the only account added is the system account $SYS. In this scenario, the nats-server creates an implicit user in $G and designates it as the noauthuser account. This effectively enables the same...

Broken Authentication

homeassistant is vulnerable due to Broken Authentication. An attacker could exploit this vulnerability by tricking a user into clicking on a malicious link. The link would direct the user to a malicious website that would initiate the OAuth2 login process with a specially crafted redirect URI. If...

Arbitrary File Read

github.com/artifacthub/hub is vulnerable to Arbitrary File Read. The vulnerability is due to a lack of proper validation whether a file is a symbolic link or not. This flaw enables an attacker to read arbitrary files in the system, potentially leading to the leakage of sensitive information when...

Denial Of Service (DoS)

ruby-rmagick is vulnerable to Denial of Service DoS. A memory leak allows a remote attackers to create an interface between Ruby and ImageMagick, that could lead to a Deny of Service DOS by memory exhaustion...

Remote Code Execution (RCE)

exim4 is vulnerable to Remote Code Execution RCE. A memory corruption vulnerability exists in the smtp service of Exim, which listens on TCP port 25 by default that allows an attacker to execute arbitrary code on a vulnerable system by sending a specially crafted SMTP message...

Information Disclosure

exim4 is vulnerable to Information Disclosure. An out-of-bounds read vulnerability exists in the smtp service of Exim which allows an attacker to disclose sensitive information on a vulnerable system by sending a specially crafted SMTP message...

Denial Of Service (DoS)

gitlab is vulnerable to Denial of Service DoS. This vulnerability allows an attacker to exhaust worker resources in the server by opening an HTTP/2 connection with an initial window size of 0...

Cross Site Scripting (XSS)

home-assistant/core and home-assistant-js-websocket are vulnerable to XSS attack.The vulnerability occurs due to a loophole in Websocket authentication logic. The logic utilises a state parameter which contains hassurl. This mechanism enables attackers to spoof websocket responses and trigger XSS...

Remote Code Execution (RCE)

mysql-connector-java is vulnerable to Remote Code Execution. The vulnerability is due to not sanitizing the propertiesTransformClassName when instantiated or not in setupPropertiesTransformer in the ConnectionUrl.java file. This potentially leads to Arbitrary Code Execution...

Clickjacking

home-assistant is vulnerable to Clickjacking attacks. The server doesn't set the X-Frame-Options HTTP security headers . The omission of this header facilitates clickjacking attack which could also lead to RCE...

Cross Site Scripting (XSS)

Home assistant is vulnerable to Cross Site Scripting. The vulnerability is due to improper input validation on the Home Assistant administration page. This can be exploited by the attacker by using javascript: scheme URIs and executing malicious JS in the webpage...

Cross Site Scripting

archivebox is vulnerable to Cross Site Scripting. The vulnerability is due to wget extractor in ArchiveBox, which allows malicious JavaScript in archived pages to execute and act as an admin, especially when the user viewed the pages during a browser session in which logged into the ArchiveBox...

Server Side Request Forgery

Home assistant is vulnerable to Server Side Request Forgery. The vulnerability is due to the service's susceptibility to a partial Server Side Request Forgery which allows an attacker to call the service and potentially invoke any Supervisor REST API endpoints through a POST request...

Denial Of Service (DoS)

apache2 is vulnerable to Denial of Service DoS. This vulnerability allows an attacker to cause denial of service conditions on a vulnerable system by exploiting a race condition that occurs when a HTTP/2 connection is reset RST frame by a client...

Path Traversal

github.com/arduino/arduino-create-agent is vulnerable to Path Traversal. The vulnerability results from inadequate sanitization of the filename parameter. Exploiting this flaw, an attacker can execute HTTP requests on the localhost interface or bypass CORS configuration. Consequently, they may be...

Path Traversal

github.com/arduino/arduino-create-agent is vulnerable to Directory Traversal. When the attacker has access to the localhost interface, they can send a specially crafted HTTP POST request to the /v2/pkgs/tools/installed endpoint, specifying the path of the file or folder that they want to delete...

Out-of-bounds Read

apache2 is vulnerable to Out-of-bounds Read. An attacker could exploit this vulnerability by sending a specially crafted HTTP request to a vulnerable Apache HTTP Server. The request would contain a specially crafted modmacro directive that would cause the server to read data from outside of the...

Cross-site Scripting (XSS)

yamcs-web is vulnerable to Cross-site Scripting XSS. The vulnerability is present because there is insufficient validation when uploading files in the library. This flaw enables an attacker to upload an HTML file that contains arbitrary JavaScript. When a user opens this file, the arbitrary...

Directory Traversal

github.com/arduino/arduino-create-agent is vulnerable to Directory Traversal. When the attacker has access to the localhost interface, they can send a specially crafted HTTP DELETE request to the /v2/pkgs/tools/installed endpoint, specifying the path of the file or folder that they want to delete...

Cross-site Scripting (XSS)

yamcs-web is vulnerable to Cross-site Scripting XSS. The vulnerability is present because there is insufficient validation when uploading files in the library. This flaw enables an attacker to upload an HTML file that contains arbitrary JavaScript. When a user opens this file, the arbitrary...

Information Disclosure

bunkum is vulnerable to Information Disclosure. An attacker could exploit this vulnerability by sending a specially crafted HTTP request to a vulnerable Bunkum application. This request would cause the application to release a token from its cache, and then immediately reuse the token. The attack...

Server Side Request Forgery

langchain is vulnerable to Server-Side Request Forgery. This vulnerability exists because it does not properly filter URLs in the init function in recursiveurlloader.py, allowing an attacker to trick a server into sending HTTP requests to any domain by taking advantage of the server's capacity to...

Denial Of Service (DoS)

torbot is vulnerable to Denial of Service DoS. An attacker is able to cause a denial-of-service DoS conditions on a vulnerable system by exploiting a regular expression that has exponential complexity by tricking a user into opening a malicious link or by sending a specially crafted HTTP request ...

Misuse Of Cryptographic API

mycli is vulnerable to a Misuse of Cryptographic API. The vulnerability arises because the config.py lacks proper data diffusion and contains repeating patterns. Specifically, the use of AES ECB encryption in this context does not provide adequate security measures. As a result, an attacker may...

Race Condition

libredis.so is vulnerable to Race Condition. The vulnerability allows an attacker to gain unauthorized access to a Redis server by exploiting a race condition that occurs when the server is starting up. The attacker could exploit this vulnerability by sending a specially crafted request to a...

Denial Of Service (DOS)

github.com/ethereum/go-ethereum is vulnerable to Denial of Service. This vulnerability exists when --http --graphql is used which allows an attacker to cause an application crash via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint is not designed to withstand...

Prototype Pollution

deobfuscator is vulnerable to Prototype Pollution. This vulnerability allows an attacker to modify the prototype of the Object constructor via the LiteralMap transformer, which could then be used to execute arbitrary code on the victim's system...

Denial Of Service (DoS)

samba is vulnerable to Denial of Service DoS. An attacker could exploit this vulnerability by sending a series of malicious RPC requests to a vulnerable Samba AD DC server. This could cause the server to start multiple incompatible RPC listeners, which would disrupt the AD DC service. This could...

Denial Of Service (DoS)

samba is vulnerable to Denial of Service DoS. An attacker could exploit this vulnerability by sending a series of malicious RPC requests to a vulnerable Samba server. The RPC requests would be designed to cause the server to block for a long period of time, which would prevent legitimate users fr...

Improper Access Control

virtualbox is vulnerable to Improper Access Control. This vulnerability allows an attacker with local access to a vulnerable VirtualBox installation to execute arbitrary code on the host system...