Incorrect Authorization

mattermost is vulnerable to Incorrect Authorization. An attacker can soft delete teams they are not part of...

Improper Access Control

nimeasurementlinkservice is vulnerable to Improper Access Control. The vulnerability is due to start function in servicemanager.py which allows binding the server to all network interfaces. This allow an attacker on an adjacent network to reach services exposed on localhost...

Cross Site Scripting (XSS)

zenario is vulnerable to Cross Site Scripting. The vulnerability is due to a lack of user input sanitization in the Organizer - Spare alias. An attacker can exploit this issue by injecting malicious JavaScript on the client side...

Cross Site Scripting (XSS)

ConcreteCMS is vulnerable to Cross Site Scripting. The vulnerability is due to injecting a crafted script into the Forms of the Data objects. The attacker can exploit this vulnerability by injection malicious JavaScript on client side...

Cross Site Scripting (XSS)

ConcreteCMS is vulnerable to Cross Site Scripting. The vulnerability is due to insufficient input validation in the SITE parameter. This allows an attacker to execute malicious JavaScript on the client side...

Cross Site Scripting

AntiSamy is vulnerable to Cross Site Scripting. The vulnerability arises due to flawed parsing of the HTML being sanitized. As a result an attacker can execute malicious JavaScript on client side by using certain crafty inputs resulting in elements in comment tags being interpreted as executable...

Integer Overflow

libtiff.so is vulnerable to Denial of Service DoS. The vulnerability is due to raw2tiff.c which allows an attacker to parse a crafted TIFF image, resulting in in a Heap Buffer Overflow...

Buffer Overflow

libvpx.so is vulnerable to Buffer Overflow. The vulnerability is due to the vp9alloccontextbuffers function in vp9alloccommon.c and the vp9changeconfig function in vp9encoder.c. There are no proper validation or handling for dynamic memory allocations when processing certain specially formatted...

Integer Overflow

libtiff.so is vulnerable to Denial of Service DoS. The vulnerability is caused by a crafted TIFF image, which results in a Heap Buffer Overflow...

Denial Of Service (DoS)

OpenTelemetry is vulnerable to Denial Of Service. The vulnerability is due to the httpmethod not being properly bounded, resulting in the potential for server memory exhaustion when a large number of malicious requests are sent...

Denial Of Service (DoS)

libpoppler is vulnerable to Denial of Service DoS. The vulnerability is due to the PDFDoc::replacePageDict inPDFDoc.cc, which allows an attacker to cause an application crash by saving an embedded file...

Improper Input Validation

postcss is vulnerable to Improper Input Validation. The vulnerability is due to the REBADBRACKET in tokenize.js which does not account for carriage returns \r. This means that any CSS containing a carriage return character \r would not be matched by this regular expression, potentially allowing...

Denial Of Service (DoS)

libpoppler.so is vulnerable to Denial of Service DoS. The vulnerability exists in the pdfunite function which allows an attacker to cause a denial-of-service conditions by parsing a specially crafted PDF...

Remote Code Execution

fsevents is vulnerable to Remote Code Execution. The vulnerability is caused by loading a fsevents binary from an arbitrary AWS S3 bucket during installation. This S3 bucket URL was vulnerable to take over by malicious actors, but a security researcher claimed the bucket URL to protect against...

Denial Of Service (DoS)

libpoppler.so is vulnerable to Denial of Service DoS. The vulnerability is due to a buffer overflow caused by the HtmlOutputDev::page function which allows an attacker to cause a denial-of-service attack by parsing a crafted PDF file...

Integer Overflow

libtommath.so is vulnerable to Denial Of Service DoS. The vulnerability exists due to missing validation checks, which allows an attacker to possibly cause an application crash or code execution...

Denial Of Service (DoS)

libsndfile.so is vulnerable to Denial Of Service DoS. The vulnerability exists due to a signed integer overflow in the mat4readheader function of mat4.c, which allows an attacker to cause an application crash...

Cross Site Scripting (XSS)

snipe/snipe-it is vulnerable to Cross Site Scripting XSS. The vulnerability is caused by not sanitizing/escaping asset history values while displaying the values on the browser on the view asset page. An attacker can inject malicious JavaScript while editing assets in the location field leading t...

Improper Access Control

ceph is vulnerable to Improper Access Control. An attacker could exploit this vulnerability to upload malicious files to any bucket accessible by the specified access key. This could allow the attacker to compromise the data stored in the bucket, or to launch further attacks against the system...

Information Disclosure

mediawiki is vulnerable to Information Disclosure. The vulnerability allows an attacker to inject arbitrary code into a web page, potentially allowing them to steal user data...

Denial Of Service (DoS)

mediawiki is vulnerable to Denial Of Service DoS. The vulnerability exists in the ApiPageSet.php, This vulnerability allows an attacker to crash the application by triggering an unbounded loop and RequestTimeoutException when querying pages redireced to other variants with redirects and...

Remote Code Execution (RCE)

mediawiki is vulnerable to Remote Code Execution RCE. The vulnerability allows an attacker to inject arbitrary code into a web page, potentially allowing them to steal user data or take control of the user's computer...

Cross-site Scripting (XSS)

mediawiki is vulnerable to Cross-site Scripting XSS. The vulnerability allows an attacker to inject arbitrary code into a web page, potentially allowing them to steal user data or take control of the user's computer...

Spoofing Attack

chromium is vulnerable to Spoofing Attack. The vulnerability exists due to the inappropriate implementation in Custom Mobile Tabs in the library, which allows an attacker to spoof security UI via a maliciously crafted HTML page...

Spoofing Attack

chromium is vulnerable to Spoofing Attack. The vulnerability exists due to the inappropriate implementation in the Input component of the library, which allows an attacker to spoof security UI via a maliciously crafted HTML page...

Spoofing Attack

chromium is vulnerable to Spoofing Attack. The vulnerability exists due to the inappropriate implementation in the Prompts of the library, which allows an attacker to spoof security UI via a maliciously crafted HTML page...

Improper Input Validation

chromium is vulnerable to Spoofing Attack. The vulnerability exists due to the inappropriate implementation in the Custom Tabs of the library, which allows an attacker to obfuscate a permission prompt via a crafted HTML page...

Improper Input Validation

chromium is vulnerable to Spoofing Attack. The vulnerability exists due to the inappropriate implementation in the Intents of the library, which allows an attacker to obfuscate security UI via a maliciously crafted HTML page...

Improper Access Control

chromium is is vulnerable to Improper Access Control. The vulnerability is due to insufficient enforcement of security policies related to the Autofill feature in Google Chrome. This allows a remote attacker to bypass Autofill restrictions via a crafted HTML page...

Spoofing Attack

chromium is vulnerable to Spoofing Attack. The vulnerability exists due to the inappropriate implementation in Prompts in the library, which allows an attacker to spoof security UI via a maliciously crafted HTML page...

Policy Enforcement Bypass

chromium is vulnerable to .The vulnerability arises from insufficient policy enforcement in the Downloads component of the library, enabling an attacker to bypass enterprise policy restrictions through a crafted download...

Improper Authorization

chromium is vulnerable to Improper Authorization. The vulnerability allows a remote attacker to bypass security mechanisms with the use of a crafted HTML page due to inappropriate implementation in interstitials, and perform unauthorized actions...

Improper Authorization

chromium is vulnerable to Improper Authorization. The vulnerability allows a remote attacker to bypass security mechanisms with the use of a crafted HTML page due to inappropriate implementation in picture in picture, and perform unauthorized actions...

Denial Of Service (DoS)

mutt is vulnerable to Denial of Service DoS. The vulnerability allows a remote attacker to send a specially crafted email that causes Mutt to crash when reading or processing the email...

Denial Of Service (DoS)

mutt is vulnerable to Denial of Service DoS. This vulnerability allows an attacker to send a specially crafted email that causes the email client to crash when reading or processing the email due to a Null pointer dereference...

Denial Of Service (DoS)

org.apache.commons: commons-compress is vulnerable to Denial of Service DoS. The vulnerability allows an attacker to cause a DoS attack on an application that uses Apache Commons Compress by sending a specially crafted TAR file leading to uncontrolled resource consumption...

Denial Of Service (DoS)

qemu is vulnerable to Denial of Service DoS. A Division by Zero vulnerability allows local attackers to crash QEMU and the guest operating system by sending a specially crafted SCSI command...

Privilege Escalation

mattermost is vulnerable to Privilege Escalation. Mattermost fails to properly verify the bot permissions, allowing a User Manager role with user edit permissions to manage/update bots...

Arbitrary File Overwrite

ansible is vulnerable to Arbitrary File Overwrite. This vulnerability allows remote attackers to inject arbitrary HTML and script code into the response. This could allow attackers to steal cookies, perform phishing attacks, or take control of vulnerable systems...

Out-of-Bounds Read

binutils is vulnerable to Out-of-Bounds Reads. The vulnerability allows remote attackers to execute arbitrary code on the system by crafting a malicious object file due to the vulnerable logic in the parsemodule function of bfd/vms-alpha.c...

Denial Of Service (DoS)

binutils is vulnerable to Denial of Service DoS. The field thebfd of asymbolstruct is uninitialized in the bfdmachogetsyntheticsymtab function, which may allow a local attacker to cause an application crash...

Denial Of Service (DoS)

binutils is vulnerable to Denial of Service DoS. The use of an uninitialized field in the struct module module, which may allow a local attacker to cause an application crash...

Denial Of Service (DoS)

binutils is vulnerable to Denial of Service DoS. An use of an uninitialized variable causes a logic fail in the bfdinitsectiondecompressstatus function, which may allow a local attacker to cause an application crash...

Integer Overflow

libxrdp.so,is vulnerable to Path Traversal. The vulnerability exists in the extract function in Unzip.java due to a lack of path validation which allows an attacker to obtain sensitive information and execute arbitrary code via the expandIfZip parameter...

Denial Of Service (DoS)

libpoppler.so is vulnerable to Denial of Service DoS. The vulnerability exists in the readXRefTable function in XRef.cc because it does not properly validate the user-inputs, which allows an attacker to cause an application crash...

Denial Of Service (DoS)

libpoppler.so is vulnerable to Denial Of Service DoS. The vulnerability arises from the mishandling of dictionary marking in the markObject function within PDFDoc.cc. This leads to stack consumption in the find function located at Dict.cc, allowing an attacker to cause an application crash by...

Denial Of Service (DoS)

libpoppler.so is vulnerable to Denial of Service DoS. The vulnerability exists in PDFDoc.cc because it does not properly handle the xref data structure, which allows an attacker to cause an application crash...

Denial Of Service (DoS)

libvirt is vulnerable to Denial of service . This security flaw occurs due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's gautoptr cleanup...

Cross Site Scripting (XSS)

quill-mention is vulnerable to Cross Site Scripting. The vulnerability is due to mention.js and quill.mention.js as there is no escaping or sanitization for the list items which are rendered using innerHTML. This allows an attacker to insert a malicious script in innerHTML. When the script is...

Improper Input Validation

libzephyr.so is vulnerable to Improper Input Validation. The vulnerability exists due to the smpkeyscheck function insmp.c due to a missing conditional check which allows an attacker to gain access and perform unauthorized actions...