Open Redirect

Directus is vulnerable to Open Redirect. The vulnerability is due to improper validation of the RelayState parameter in the SAML authentication callback endpoint, which allows an attacker to craft a malicious authentication request that redirects users to an arbitrary external URL after login...

Improper Access Control

github.com/tencent/weknora is vulnerable to Improper access control. The vulnerability is due to insufficient backend validation on the database query tool after enabling the Agent service, which allows an attacker to use prompt-based bypass techniques to evade query restrictions and extract...

Cryptographic Weakness

Elliptic is vulnerable to cryptographic weakness. The vulnerability is due to incorrect byte-length computation and truncation of the RFC 6979 deterministic nonce k when it contains leading zeros, which results in faulty signatures and allows an attacker, under certain conditions, to derive the...

Regular Expression Denial Of Service (ReDoS)

@modelcontextprotocol/sdk is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to inefficiently constructed regular expressions with nested quantifiers in the UriTemplate class, which allows an attacker to supply a crafted URI that triggers catastrophic backtracki...

Server-Side Request Forgery (SSRF)

Umbraco CMS is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of the baseUrl parameter in dashboard and help controller endpoints, which allows an attacker to craft requests that force the server to make unauthorized requests to external hosts...

Cross-site Scripting (XSS)

october/system is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization in backend configuration stylesheet fields, which allows an attacker with backend customization privileges to inject malicious HTML or JavaScript and execute arbitrary scripts across...

Insecure Deserialization

fickling is vulnerable to Insecure Deserialization. The vulnerability is due to Fickling not treating Python’s runpy module as unsafe, which allows an attacker to craft a malicious pickle using runpy.runpath or runpy.runmodule that is misclassified as suspicious rather than overtly malicious,...

Denial Of Service (DoS)

SvelteKit is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to unbounded memory allocation when processing crafted binary form payloads in the experimental form remote function, allowing attackers to exhaust server memory and disrupt service availability...

Improper Handling Of Unsafe Deserialization

fickling is vulnerable to improper handling of unsafe deserialization. The vulnerability is due to Fickling not treating Python’s cProfile module as unsafe, which results in malicious pickles using cProfile.run being misclassified as SUSPICIOUS instead of OVERTLYMALICIOUS, allowing an attacker to...

Denial Of Service (DoS)

Svelte devalue is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to missing input validation during typed array hydration, where devalue.parse assumes an ArrayBuffer input without verification, allowing crafted inputs to trigger excessive CPU or memory consumption when parsing...

Remote Code Execution (RCE)

fickling is vulnerable to Remote Code Execution RCE. The vulnerability is due to the failure to explicitly block dangerous modules such as ctypes and pydoc, which allows an attacker to chain pydoc.locate with ctypes during pickle analysis to achieve RCE while the malicious pickle file is still...

Improper Security Checks For Unsafe Imports

Fickling is vulnerable to improper security checks for unsafe imports. The vulnerability is due to incomplete validation in the unsafeimports method of the static analyzer, which fails to flag certain high-risk Python modules, allowing an attacker to craft malicious pickle files that bypass safet...

Detection Bypass

fickling is vulnerable to detection bypass. The vulnerability is due to improper handling and analysis of Python builtins during pickle decompilation, which allows an attacker to bypass detection mechanisms and evade static analysis of malicious pickle payloads...

Denial Of Service (DoS)

Devalue is vulnerable to a Denial-Of-Service DoS.The vulnerability is due to missing input validation during ArrayBuffer hydration, where devalue.parse assumes base64-encoded input without verification, allowing crafted data to trigger excessive CPU and memory consumption when parsing untrusted...

Denial Of Service (DoS)

pyasn1 is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to unbounded memory consumption when parsing malformed RELATIVE-OID values, where excessive continuation octets can trigger memory exhaustion and cause service disruption during ASN.1 decoding...

Arbitrary Command Injection

@orval/mcp is vulnerable to Arbitrary Command Injection. The vulnerability is due to improper validation and escaping of the OpenAPI specification summary field during MCP server generation, which allows an attacker to break out of string literals and inject arbitrary code...

Remote Code Execution (RCE)

UmbracoForms is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient validation of user-supplied WSDL URLs used as data sources, which allows an authenticated attacker to supply a malicious web service definition and execute arbitrary code on the server...

Cross-site Scripting (XSS)

opencode-ai is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of LLM-generated markdown that allows arbitrary HTML and JavaScript to be injected into the DOM, which allows an attacker to execute malicious scripts in the local web interface origin...

Code Injection

Enclave is vulnerable to Code Injection. The vulnerability is due to exposure of a host-side Error object with an intact prototype chain to sandboxed code, which allows an attacker to traverse to the host Function constructor and execute arbitrary code in the Node.js host runtime...

Remote Code Execution (RCE)

MCPJam Inspector is vulnerable to Remote Code Execution RCE. The vulnerability is due to exposed HTTP functionality that allows unauthenticated installation of MCP servers while listening on all network interfaces, which allows an attacker to send a crafted HTTP request to execute arbitrary code...

Denial Of Service (DoS)

aiohttp is vulnerable to a Denial of Service DoS. The vulnerability is due to improper handling of POST request bodies when assert statements are bypassed under optimized execution, which allows an attacker to trigger an infinite loop using a specially crafted request and cause a denial of servic...

Cross-site Scripting (XSS)

Vaadin Framework is vulnerable to a Cross-Site Scripting XSS. The vulnerability is due to action captions accepting unsanitized HTML content by default, which allows an attacker to inject and execute malicious scripts when user-controlled input is rendered in UI components...

Local File Inclusion (LFI)

jsPDF is vulnerable to a Local File Inclusion. The vulnerability is due to unsanitized user-controlled file paths passed to file-loading methods in the Node.js build, which allows an attacker to read arbitrary local files and include their contents in generated PDF documents...

Type Confusion

Preact is vulnerable to Type Confusion. The vulnerability is due to weakened JSON serialization protections that allow specially crafted JSON objects to be treated as valid Virtual DOM nodes, which allows an attacker to inject malicious HTML or scripts when untrusted data is rendered without prop...

Command Injection

Kottster is vulnerable to Command Injection. The vulnerability is due to insecure handling of development-mode functionality, which allows an unauthenticated attacker to execute arbitrary code on the server when the application is running in development mode...

Improper Authorization Enforcement

github.com/rancher/rancher is vulnerable to improper authorization enforcement. The vulnerability is due to improper revocation of permissions after removing a custom GlobalRole or its binding, which allows an attacker to retain unauthorized administrative access to clusters when the role contain...

Exposure Of Sensitive Information

github.com/rancher/rancher is vulnerable to Exposure of Sensitive Information. The vulnerability is due to sensitive data being written to Rancher audit logs, which allows an attacker with access to these logs to obtain secret data, cluster import URLs, and registration tokens...

Authentication Bypass

github.com/karmada-io/dashboard is vulnerable to an Authentication Bypass. The vulnerability is due to missing authentication enforcement on backend API endpoints, which allows an unauthenticated attacker with network access to directly invoke the APIs and retrieve sensitive cluster data such as...

SQL Injection

Django is vulnerable to SQL Injection. The vulnerability is due to improper handling of column aliases in FilteredRelation when expanding user-controlled dictionaries passed to QuerySet.annotate or QuerySet.alias, which allows an attacker to inject crafted SQL on PostgreSQL...

Cross-Site Scripting (XSS)

com.xnx3.wangmarket, wangmarket is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input validation in the variableList function of /admin/system/variableList.do, which allows a remote attacker to manipulate the Description parameter and inject malicious scripts that...

Authentication Bypass

n8n is vulnerable to Authentication Bypass. The vulnerability is due to missing verification of Stripe webhook signatures in the Stripe Trigger node, which allows an attacker to send forged webhook requests and trigger workflows as if they were legitimate Stripe events...

Authentication Scheme Parsing Bypass

org.keycloak, keycloak-parent is vulnerable to Authentication Scheme Parsing Bypass. The vulnerability is due to an overly permissive Authorization header parser that accepts non-standard separators such as tabs and improper case variations for the “Bearer” scheme, which allows an attacker to...

Denial Of Service (DoS)

aiohttp is vulnerable to a Denial of Service DoS. The vulnerability is due to improper handling of crafted requests in the Request.post method, which allows an attacker to exhaust server memory and freeze the AIOHTTP server during request processing...

Open Redirect

React Router is vulnerable to Open Redirect. The vulnerability is due to insufficient validation of attacker-supplied navigation paths, which allows an attacker to craft a malicious path that forces the application to redirect users to an external, potentially malicious URL...

Arbitrary File Upload

@n8n/n8n-nodes-langchain is vulnerable to Arbitrary File Upload. The vulnerability is due to improper validation and handling of uploaded files in the Chat Trigger component, which allows an attacker to upload a crafted HTML file and execute arbitrary code on the affected system...

Cross-Site Request Forgery (CSRF)

fastapiusers is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to stateless and predictable OAuth state tokens with no session binding or per-request entropy, which allows an attacker to initiate an OAuth flow, reuse a valid state token, and trick a victim into completing...

Denial Of Service (DoS)

org.elasticsearch.plugin, x-pack-security is vulnerable to Denial of Service DoS. The vulnerability is due to the lack of limits or throttling on user settings data allocation, which allows a low-privileged authenticated attacker to submit oversized data and trigger excessive memory allocation...

Improper Access Control

n8n is vulnerable to Improper Access Control. The vulnerability is due to insufficient isolation in the legacy JavaScript execution mode of the Code node, which allows an authenticated attacker with workflow editing privileges to invoke internal helper functions and read or write arbitrary files ...

Cross-site Scripting (XSS)

React Router is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of untrusted input in the meta / APIs during server-side rendering, which allows an attacker to inject malicious script content into generated script:ld+json tags and execute arbitrary JavaScript...

Reflected Cross-Site Scripting (XSS)

Parse Server is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to improper escaping of user-controlled values in password reset and email verification HTML pages, which allows an attacker to inject and execute malicious scripts in a victim’s browser...

Cryptographic Semantic Binding Flaw

ALTCHA libraries are vulnerable to a cryptographic semantic binding flaw. The vulnerability is due to ambiguous HMAC binding between challenge parameters and the nonce, which allows an attacker to splice or reinterpret a valid proof-of-work submission for example by modifying the expiration value...

Denial-of-Service (DoS)

Marshmallow is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to inefficient processing in Schema.loaddata, many=True, where moderately sized inputs can trigger excessive CPU consumption, allowing attackers to degrade service availability through crafted requests...

Improper Validation

github.com/elastic/beats are vulnerable to Improper Validation. The vulnerability is due to insufficient validation of indexes, positions, or offsets in input handling, which allows an attacker to trigger a buffer overflow by sending a malformed Syslog message or a malicious Dissect tokenizer...

Arbitrary File Access

Werkzeug is vulnerable to Arbitrary File Access. The vulnerability is due to insufficient validation in the safejoin function on Windows, where path segments using reserved device names such as CON or AUX with extensions or trailing spaces are allowed, enabling attackers to access special device...

Denial-of-Service (DoS)

urllib3 is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to unbounded decompression of redirect response bodies in the streaming API, where urllib3 decompresses entire redirect responses regardless of read limits, allowing a malicious server to trigger excessive resource...

Server-Side Request Forgery (SSRF)

httparty is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of user-supplied URLs, which allows an attacker to force the application to send unauthorized requests to internal servers and potentially leak sensitive information such as API keys...

Sensitive Information Disclosure

Sentry-Javascript is vulnerable to Sensitive Information Disclosure. The vulnerability is due to over-collection of sensitive HTTP headers when sendDefaultPii is enabled, where headers such as Cookie can be sent to and stored in Sentry traces, allowing users with access to the Sentry organization...

Authentication Bypass

Ollama is vulnerable to an Authentication Bypass. The vulnerability is due to where critical model management APIs are exposed without access controls, allowing remote attackers to perform unauthorized operations without authentication...

Improper Access Control

allauth-django is vulnerable to improper access control. The vulnerability is due to previously issued access and refresh tokens remaining valid even after a user account is marked as isactive=False, which allows an attacker to continue authenticating and accessing protected resources using those...

Authorization Bypass

Axios Cache Interceptor is vulnerable to an Authorization Bypass. The vulnerability is due to improper cache key generation, where cached responses are keyed only by URL and ignore the Authorization header and Vary: Authorization, causing responses generated for one user’s auth token to be reused...