Improper Authentication

allauth-django is vulnerable to improper authentication. The vulnerability is due to the use of the mutable preferredusername attribute as the identifier for third-party provider accounts, which allows an attacker to change this value and potentially impersonate or gain unauthorized access to...

OAuth Parameter Injection

Auth0 Next.js is vulnerable to OAuth Parameter Injection. The vulnerability is due to insufficient validation of the returnTo parameter, where attacker-controlled input can inject unintended OAuth query parameters into the authorization request, potentially resulting in tokens being issued with...

Denial Of Service (DoS)

Nuxt is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to improper handling of query strings in CDN-cached routes, where crafted requests such as /?/payload.json can cause JSON responses to be cached and served to normal users, allowing attackers to poison the CDN cache and rende...

Cross-site Scripting (XSS)

React Router is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of untrusted input in the API during server-side rendering when generating keys via the getKey or storageKey props, which allows an attacker to inject and execute arbitrary JavaScript...

Path Traversal

React Router is vulnerable to Path Traversal. The vulnerability is due to the use of createFileSessionStorage with an unsigned cookie, which allows an attacker to manipulate session identifiers to attempt read/write operations outside the intended session file directory, potentially accessing...

Stored Cross-Site Scripting (XSS)

n8n is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sandbox enforcement when the “Respond to Webhook” node returns HTML content with executable scripts, which allows an attacker with workflow creation privileges to execute arbitrary JavaScript in the context...

Path Traversal

@vitejs/plugin-rs is vulnerable to . The vulnerability is due to missing input validation on the frindSourceMapURL development endpoint, where an unauthenticated attacker can supply a file:// URL in the filename parameter to read arbitrary files accessible to the Node.js process...

Open Redirect

React Router is vulnerable to Open Redirect. The vulnerability is due to unsafe handling of SPA navigation redirects generated from loaders or actions in certain modes, which allows an attacker to inject untrusted redirect URLs and trigger unintended JavaScript execution on the client...

Remote Code Execution (RCE)

n8n is vulnerable to Remote Code Execution. The vulnerability is due to unsafe execution of Git pre-commit hooks, where cloning a repository containing a malicious hook and later performing a commit via the Git Node can trigger arbitrary command execution within the n8n environment...

Cross-site Scripting (XSS)

Angular is vulnerable to cross-site scripting XSS. The vulnerability is due to Angular Template Compiler’s internal sanitization schema failing to recognize the href and xlink:href attributes of SVG...

Cross-site Request Forgery

React Router is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to missing CSRF protections on document POST requests to UI routes, where server-side route action handlers or React Server Actions accept authenticated POST requests without origin validation, allowing...

Sensitive Information Disclosure

authkit-nextjs is vulnerable to Sensitive Information Disclosure. The vulnerability is due to missing anti-caching headers on authenticated responses, where session tokens can be cached by CDNs and inadvertently served to other users, leading to unauthorized session exposure in environments with...

Remote Code Execution (RCE)

n8n is vulnerable to Remote Code Execution. The vulnerability is due to insufficient restriction of Git configuration values, where workflows using the Git node can set core.hooksPath to a malicious location, causing arbitrary commands to execute on the n8n host via crafted Git hooks during...

Server-Side Request Forgery (SSRF)

Craft CMS is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of the file.url parameter in the GraphQL save Asset mutation, which allows an attacker with asset management permissions to force the server to fetch internal or restricted resources and...

Improper Access Control

n8n is vulnerable to Improper Access Control. The vulnerability is due to insecure handling of form-based workflows, which allows an unauthenticated attacker to access files on the underlying server and expose sensitive system information...

Improper Authorization

shopware/core is vulnerable to Improper Authorization.The vulnerability is due to media visibility restrictions not being enforced on aggregation API requests, which allows an attacker with low-privilege backend access to bypass authorization checks using crafted aggregation queries and disclose...

Improper Authorization

shopware/core is vulnerable to Improper Authorization. The vulnerability is due to refunds being disabled only at the UI level via the core.cart.enableOrderRefunds setting, which allows an attacker to bypass restrictions by sending a custom crafted request to cancel their own orders...

Improper Access Control

craftcms/cms is vulnerable to Improper Access Control. The vulnerability is due to missing authentication checks on certain administrative actions, which allows an unauthenticated attacker to trigger database backup operations and potentially cause resource exhaustion or information disclosure...

Allocation Of Resources Without Limits

org.elasticsearch.plugin:x-pack-core is vulnerable to Allocation of Resources Without Limits. The vulnerability is due to insufficient limits on memory allocation during snapshot restore operations, which allows an authenticated attacker to send crafted HTTP requests to trigger excessive memory...

Deserialization Of Untrusted Data

org.apache.nifi, nifi-asana-processors is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to the use of unfiltered Java object serialization and deserialization in the GetAsanaObject Processor, which allows an attacker with access to the configured cache server to supply...

Information Disclosure

Aircompressor is vulnerable to Information Disclosure. The vulnerability is due to improper handling of malformed Snappy and LZ4 compressed input in the Java decompressor implementations, which allows a remote attacker to craft input that causes previously used buffer contents to be included in t...

OS Command Injection

github.com/neuvector/neuvector is vulnerable to OS Command Injection. The vulnerability is due to unsanitized use of the environment variables CLUSTERRPCPORT and CLUSTERLANPORT in shell commands executed via popen, which allows an attacker to inject and execute arbitrary commands within the...

Use Of Hard-coded Cryptographic Key

github.com/neuvector/neuvector is vulnerable to use of hard-coded cryptographic key. The vulnerability is due to a cryptographic key being hard-coded and embedded in the source code at compilation time, which allows an attacker with access to the code or binaries to recover the key and decrypt...

Improper Certificate Validation

github.com/neuvector/neuvector is vulnerable to improper certificate validation. The vulnerability is due to the lack of TLS certificate verification and absence of response size limits when transmitting anonymous telemetry data, which allows an attacker to perform man-in-the-middle MITM attacks ...

Out-of-bounds Write

wasm3 is vulnerable to Out-of-bounds Write. The vulnerability is due to improper handling of slot setting and indirect function calls in opSetSloti32 and opCallIndirect, which allows a local attacker to manipulate execution and trigger memory corruption...

Denial Of Service (DoS)

signalk-server is vulnerable to Denial of Service DoS. The vulnerability is due to unbounded in-memory storage of access request objects at the /signalk/v1/access/requests endpoint, which allows an unauthenticated attacker to flood the endpoint and crash the server through memory exhaustion...

CRLF Injection

io.netty, netty-codec-http is vulnerable to CRLF Injection. The vulnerability is due to improper sanitization of the request URI in HttpRequestEncoder, which allows an attacker to inject CRLF sequences and smuggle malicious HTTP requests...

Remote Code Execution (RCE)

Signal K Server is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsanitized npm version specifiers in the appstore install API, where attacker-controlled URLs or git sources can be passed to npm, allowing execution of malicious postinstall scripts when an administrator...

Authorization Bypass

Signal K Server is vulnerable to Authorization Bypass. The vulnerability is due to misleading access request UI and trust of spoofable X-Forwarded-For headers, allowing attackers to impersonate trusted devices and request elevated permissions that administrators may unknowingly approve...

Remote Code Execution (RCE)

feast is vulnerable to remote code execution RCE. The vulnerability is due to the use of yaml.load..., Loader=yaml.Loader to deserialize configuration YAML files before validation, which allows an attacker who can modify these files to instantiate arbitrary Python objects and execute OS commands ...

Unauthenticated Information Disclosure

signalk-server is vulnerable to unauthenticated information disclosure. The vulnerability is due to missing authentication checks on sensitive endpoints, which allows an attacker to retrieve internal system details such as the full SignalK data schema, connected serial devices, and installed...

Denial-of-Service (DoS)

MessagePack for Java is vulnerable to a Denial-Of-Service DoS . The vulnerability is due to unbounded memory allocation during deserialization, where the library trusts attacker-controlled EXT32 payload length metadata and allocates a byte array of that declared size when ExtensionValue.getData i...

Improper Authentication

Langflow is vulnerable to Improper Authentication. The vulnerability is due to missing authentication and authorization checks on critical API endpoints, which allows an unauthenticated attacker to access sensitive user data and perform unauthorized destructive operations...

Arbitrary Code Injection

aizuda snail-job is vulnerable to Arbitrary Code Injection. The vulnerability is due to improper handling of user-controlled input in the QLExpressEngine.doEval function, which allows a remote attacker to inject and execute malicious expressions...

Improper Authentication

Elasticsearch is vulnerable to Improper Authentication. The vulnerability is due to insufficient validation of client certificates in the PKI realm, which allows an attacker with a specially crafted certificate signed by a trusted CA to impersonate other users...

Use Of A Hard-Coded Cryptographic Key

org.apache.streampark, streampark is vulnerable to Use of a Hard-Coded Cryptographic Key. The vulnerability is due to the use of a fixed, immutable encryption key in the application, which allows an attacker to recover the key through code analysis and decrypt sensitive data or forge encrypted...

Improper Authentication

Signal K Server is vulnerable to Improper Authentication. The vulnerability is due to unauthenticated modification of internal server state via the /skServer/validateBackup endpoint, which allows an attacker to overwrite critical configuration files and hijack the administrator restore process to...

Sensitive Information Disclosure

apacheairflow is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper redaction of secret values in rendered templates, which allows authenticated users to view sensitive secrets without appropriate authorization...

Improper Cryptographic Key Management

Apache StreamPark is vulnerable to Improper Cryptographic Key Management. The vulnerability is due to using the user’s password directly as the HMAC signing key for JWTs, which allows an attacker to brute-force passwords offline or forge valid tokens to impersonate users and take over accounts...

Incorrect Authorization

org.apache.streampipes:streampipes-parent is vulnerable to Incorrect Authorization. The vulnerability is due to a flaw in the user ID creation and JWT handling mechanism, which allows a non-administrator attacker to manipulate tokens and swap usernames with an administrator, thereby gaining full...

Remote Code Execution (RCE)

Apache Airflow Providers Edge3 is vulnerable to Remote Code Execution RCE. The vulnerability is due to exposure of a non-public Worker RPC API enabled when the Edge3 provider was installed on Airflow 2, where development-only APIs intended for internal testing allowed DAG authors to execute...

Improper TLS Hostname Verification

org.apache.logging.log4j, log4j-core is vulnerable to improper TLS hostname verification. The vulnerability is due to the Socket Appender not enforcing TLS hostname verification even when explicitly enabled, which allows a man-in-the-middle attacker to intercept or redirect log traffic by...

Insecure Deserialization

Apache NiFi is vulnerable to Insecure Deserialization. The vulnerability is due to where the GetAsanaObject Processor stores and retrieves state data using generic Java object deserialization without validation, allowing attackers with direct access to the configured Distributed Map Cache server ...

Authentication Bypass

Signal K Server is vulnerable to Authentication Bypass. The vulnerability is due to unauthenticated exposure of WebSocket server events and access-request status endpoints, which allows an attacker to enumerate request IDs and poll their status to steal plaintext JWT tokens and fully hijack...

Path Traversal

AdonisJS is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths during multipart file handling, which allows a remote attacker to write arbitrary files to arbitrary locations on the server filesystem...

Remote Code Execution (RCE)

n8n is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient isolation in the Pyodide-based Python Code Node, which allows an authenticated attacker with workflow modification privileges to escape the sandbox and execute arbitrary commands on the host system running n8...

Prototype Pollution

apidoc-core is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of malformed data structures in the preProcess functions, which allows an attacker to manipulate JavaScript object prototypes via crafted properties such as define, leading to denial of service or...

Improper Input Validation

qs is vulnerable to Improper Input Validation. The vulnerability is due to the arrayLimit option not being enforced for bracket notation parameters during query parsing, which allows an attacker to supply a large number of array elements and cause memory exhaustion via crafted HTTP requests...

Command Injection

Serverless Framework is vulnerable to Command Injection. The vulnerability is due to unsanitized user input being passed to childprocess.exec in the experimental MCP server feature, which allows an attacker to inject shell metacharacters and execute arbitrary system commands with the privileges o...

Open Redirect

Koa is vulnerable to Open Redirect. The vulnerability is due to improper validation of the Referer header in the back redirect functionality, which allows an attacker to craft specially formed URLs treated as safe relative paths and force a user’s browser to redirect to an external, potentially...