38287 matches found
Server-Side Request Forgery (SSRF)
Langflow is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation and filtering of user-supplied URLs in the API Request component, which allows an attacker to send crafted requests to internal or restricted network resources and retrieve their...
Arbitrary File Write
Langflow is vulnerable to arbitrary file write. The vulnerability is due to lack of path validation and directory restrictions in the fspath parameter, which allows an attacker to specify arbitrary absolute paths and overwrite files on the server...
Insecure Direct Object Reference (IDOR)
pretix is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient authorization checks on file UUIDs, which allows an attacker to access sensitive files of other users by manipulating or guessing valid UUID values...
Cross-site Scripting (XSS)
Piranha is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user-supplied content in Markdown blocks within the /manager/pages component, which allows an attacker to inject and execute arbitrary web scripts or HTML...
Prototype Pollution
Rollbar.js is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of object merging in the merge function when rollbar.configure is called with untrusted input, which allows an attacker to manipulate object prototypes and potentially alter application behavior...
Improper Access Control
Weblate is vulnerable to improper access control. The vulnerability is due to insufficient validation of invitation ownership, which allows an attacker to accept an invitation intended for another user and gain unauthorized access...
Improper Access Control
misskey-js is vulnerable to improper access control. The vulnerability is due to insufficient authorization checks when exporting posts, which allows an attacker without permission to export posts and view favorites or clips they should not be able to access...
IP Rate Limiting Bypass
misskey-js is vulnerable to an IP rate limiting bypass. The vulnerability is due to improper handling of the X-Forwarded-For header and an insecure default trustProxy configuration, which allows an attacker to forge client IP values and bypass rate-limiting controls...
Prototype Pollution
jsonpath is vulnerable to Prototype Pollution. The vulnerability is due to unsafe handling of object paths in the value function within lib/index.js, where attacker-controlled property paths can modify Object.prototype, allowing arbitrary property injection into global objects and potentially...
Denial Of Service (DoS)
ajv is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to passing attacker-controlled values from $data references directly into the JavaScript RegExp constructor without validation. This allowing malicious regex patterns that trigger catastrophic backtracking a...
Code Injection
org.apache.avro, avro-compiler is vulnerable to Code Injection. The vulnerability is due to improper validation of untrusted Avro schemas during specific record generation, where attacker-controlled schema content can be incorporated into generated Java source code without sufficient sanitization...
Directory Traversal
redaxo/source is vulnerable to Directory Traversal. The vulnerability is due to improper validation of the EXPDIR POST parameter in the Backup addon's file export functionality, which allows an authenticated attacker with backup permissions to supply crafted relative paths and read arbitrary file...
Authentication Bypass
libxml2 is vulnerable to an Authentication Bypass. The vulnerability is due to a flaw in the XML canonicalization process used during transformations, which allows an attacker to reuse a previously generated valid signature to replay requests and bypass authentication checks...
Improper Authentication
pterodactyl/panel is vulnerable to Improper Authentication. The vulnerability is due to failure to properly invalidate or mark TOTP tokens as used within their validity window, which allows an attacker who intercepts a valid 2FA token to reuse it along with known credentials to bypass two-factor...
Missing XML Validation
Apache Struts is vulnerable to Missing XML Validation. The vulnerability is due to improper validation of XML input data, which allows an attacker to exploit the application by submitting crafted XML content that bypasses security controls...
Improper Directory Validation
@anthropic-ai/claude-code is vulnerable to improper directory validation. The vulnerability is due to insufficient validation of directory changes when using the cd command with write operations, which allows an attacker to navigate into protected folders e.g., .claude and create or modify files...
Improper Access Control
@anthropic-ai/claude-code is vulnerable to improper access control. The vulnerability is due to failure to strictly enforce deny rules on symbolic link targets, which allows an attacker to access restricted files by referencing them through symlinks...
Improper Sandbox Protection
@anthropic-ai/claude-code is vulnerable to improper sandbox protection. The vulnerability is due to the sandbox failing to protect the .claude/settings.json file when it was absent at startup, which allows an attacker to create the file inside the sandbox and inject persistent hooks that execute...
Command Validation Bypass
@anthropic-ai/claude-code is vulnerable to command validation bypass. The vulnerability is due to improper validation of piped sed operations with the echo command, which allows an attacker to bypass file write restrictions and write to sensitive directories when the “accept edits” feature is...
Command Injection
@signalk/set-system-time, is vulnerable to command injection. The vulnerability is due to unsafe construction of shell commands while processing navigation.datetime values via WebSocket delta messages, which allows an attacker with write access or unauthenticated access when security is disabled ...
XML Injection
jsPDF is vulnerable to XML Injection. The vulnerability is due to improper input sanitization in the addMetadata function, which allows an attacker to inject arbitrary XMP metadata into generated PDFs and compromise their integrity when the input is unsanitized...
Arbitrary PDF Object Injection
jsPDF is vulnerable to arbitrary PDF object injection. The vulnerability is due to insufficient sanitization of user-controlled Acroform properties and methods, which allows an attacker to inject malicious PDF objects such as JavaScript actions that execute when the document is opened...
Arbitrary Code Execution
Langroid is vulnerable to Arbitrary Code Execution. The vulnerability is due to literalok returning False instead of raising an error along with unrestricted access to dangerous dunder attributes, which allows an attacker to chain DataFrame methods to expose the eval builtin and execute arbitrary...
Unsafe Deserialization
The affected library is vulnerable to Unsafe Deserialization. The vulnerability is due to improper handling of pickle deserialization combined with the use of logging.FileHandler, which allows an attacker to bypass RCE-focused blocklists and create zero-byte files in arbitrary locations on the...
Denial Of Service (DoS)
Undertow is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of large HTTP parameter names in HttpServletRequestImpl.getParameterNames, where excessively large parameter names supplied by a client can cause unbounded memory allocation during request parsing,...
Denial Of Service (DoS)
qs is vulnerable to Denial of Service DoS. The vulnerability is due to parseArrayValue returning val.split',' before enforcing arrayLimit, allowing attackers to supply a comma-heavy parameter that creates arbitrarily large arrays in memory without triggering throwOnLimitExceeded, leading to...
SQL Injection
devcode-it/openstamanager is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the term parameter in SQL LIKE clauses within the global search functionality, which allows an attacker to inject malicious SQL queries and extract sensitive data through time-based...
Server-Side Request Forgery (SSRF)
Pydantic AI is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of URLs in the download functionality when processing untrusted message history, which allows an attacker to supply malicious URLs that force the server to make unauthorized requests to...
Cross-site Scripting (XSS)
SCEditor is vulnerable to Cross-site Scripting XSS. The vulnerability is due to lack of sanitization of user-controlled configuration options passed to sceditor.create, which allows an attacker to inject malicious scripts and execute arbitrary JavaScript in the application context...
Improper Encoding Or Escaping Of Output
HtmlSanitizer is vulnerable to Improper Encoding or Escaping of Output. The vulnerability is due to improper sanitization of content inside the allowed tag, which allows an attacker to inject malicious scripts that can execute when the shadowrootmode attribute is set...
Authentication Bypass
Apache Shiro is vulnerable to Authentication Bypass. The vulnerability is due to inconsistent case handling between Shiro’s filter chain matching and the underlying case-insensitive filesystem, where filter rules may be defined only for lower-case paths while the filesystem resolves file names...
Authorization Bypass
fuxa-server is vulnerable to an Authorization Bypass. The vulnerability is due to improper enforcement of role-based access controls on WebSocket endpoints, where the server fails to validate authentication and authorization for device tag modification requests, allowing unauthenticated remote...
Prototype Pollution
@adonisjs/bodyparser is vulnerable to a Prototype Pollution. The vulnerability is due to improper handling of multipart form-data parsing, which allows a remote attacker to manipulate object prototypes at runtime and potentially alter application behavior...
Arbitrary Code Execution
SandboxJS is vulnerable to Arbitrary Code Execution. The vulnerability is due to exposing Map in SAFEPROTOTYPES, where Map.prototype can be accessed and its has method overwritten from within the sandbox, allowing attackers to alter host behavior and escape the sandbox restrictions...
Denial Of Service (DoS)
@cubejs-backend/server-core is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of specially crafted requests to a Cube API endpoint, which allows an attacker to make the entire Cube API unavailable...
Arbitrary Code Execution
SandboxJS is vulnerable to a sandbox escape vulnerability. The vulnerability is due to inconsistent key validation during property access, where the key is sanitized using hasOwnPropertykey but not strictly enforced as a string, allowing attackers to supply crafted objects that coerce to differen...
Denial Of Service (DoS)
AdonisJS is vulnerable to a Denial Of Service DoS. The vulnerability is due to unbounded memory accumulation in the multipart file handling logic of @adonisjs/bodyparser, where the parser buffers excessive data in memory while detecting file types, allowing attackers to trigger excessive memory...
Prototype Pollution
SandboxJS is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of the isGlobal protection flag, where wrapping a host global prototype in an array strips its taint and allows sandboxed code to mutate host built-in prototypes, leading to prototype pollution and...
Privilege Escalation
@cubejs-backend/server-core is vulnerable to Privilege Escalation. The vulnerability is due to improper authorization validation of specially crafted requests using a valid API token, which allows an attacker to escalate privileges beyond their intended access level...
Path Traversal
Signal K Server is vulnerable to a path traversal. The vulnerability is due to the validateAppId function blocking forward slashes / but not backslashes , which are treated as directory separators on Windows, allowing an authenticated attacker to escape the intended applicationData directory and...
Prototype Pollution
Locutus is vulnerable to prototype pollution. The vulnerability is due to improper validation of user input that fails to fully prevent manipulation of Object.prototype through crafted inputs leveraging String.prototype, which allows an attacker to pollute the prototype chain and potentially alte...
Denial Of Service
Django is vulnerable to Denial Of Service. The vulnerability is due to inefficient processing of unmatched HTML end tags in Truncator.chars and Truncator.words with html=True and related template filters, where crafted input containing a large number of unmatched closing tags can trigger excessiv...
Denial Of Service (DoS)
Django is vulnerable to Denial Of Service. The vulnerability is due to improper handling of multiple duplicate headers in ASGIRequest, where crafted requests with repeated headers can trigger excessive processing and attackers can exploit this by sending specially crafted HTTP requests to cause...
SQL Injection
Django is vulnerable to SQL injection. The vulnerability is due to improper handling of column aliases containing periods in .QuerySet.orderby when used with FilteredRelation, where unsanitized alias values are included in generated SQL queries and attackers can exploit this by crafting a malicio...
Remote Code Execution (RCE)
@backstage/plugin-techdocs-node is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper sanitization of user-controlled mkdocs.yml configuration specifically MkDocs hooks when TechDocs is configured with runIn: local, which allows an attacker to execute arbitrary Python...
SQL Injection
Django is vulnerable to SQL injection. The vulnerability is due to improper handling of column aliases in FilteredRelation when using dictionary expansion kwargs, where crafted keys containing control characters can manipulate SQL generation in methods such as annotate, aggregate, extra, values,...
SQL Injection
Django is vulnerable to SQL injection. The vulnerability is due to improper sanitization of the band index parameter in RasterField lookups PostGIS backend, allowing remote attackers to inject malicious SQL through crafted raster queries...
Authorization Bypass
FUXA is vulnerable to an Authorization Bypass. The vulnerability is due to improper authorization checks on scheduler management functionality, which allows an unauthenticated remote attacker to create and modify arbitrary schedulers and potentially impact connected ICS/SCADA environments...
Authentication Bypass
org.apache.druid.extensions:druid-basic-security is vulnerable to an Authentication Bypass. The vulnerability is due to improper validation of LDAP authentication responses when anonymous binds are permitted, which allows an attacker to bypass authentication by supplying an existing username with...
User Enumeration
Django is vulnerable to user enumeration. The vulnerability is due to improper handling of authentication timing differences in the django.contrib.auth.handlers.modwsgi.checkpassword function when used with modwsgi, which allows a remote attacker to enumerate valid users by measuring response tim...