38196 matches found
Double Free
libkrb5.so is vulnerable to Double Free. The vulnerability exists due to a failure in authorization data handling in the dotgsreq.c, which allows an attacker to cause the Key Distribution Center KDC to free the same pointer twice when incorrect data is copied from one ticket to another...
Prototype Pollution
tree-kit is vulnerable to Prototype Pollution. The vulnerability occurs because the extend function when the unflat option is set can be used to add arbitrary properties to an object , including properties that are not defined in the object's prototype which allows an attacker to execute arbitrar...
Cross-Site Scripting (XSS)
cockpit-hq/cockpit is vulnerable to Cross-Site Scripting XSS attacks. The vulnerability occurs because the library does not properly escape user input when rendering templates, allowing an authenticated attacker to inject malicious JavaScript code into a Cockpit page, which would then be executed...
Cross-Site Request Forgery (CSRF)
gin is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability occurs because the plugin does not require POST requests for an HTTP endpoint, which allows allows an attacker to copy a malicious folder, which could then be used to steal data or execute arbitrary code...
Cross-Site Scripting (XSS)
org.jenkins-ci.plugins:flaky-test-handler is vulnerable to Cross-Site Scripting XSS attacks. The vulnerability occurs because the plugin does not escape JUnit test contents when showing them on the Jenkins UI which could allow an attacker with access to the JUnit file content to inject malicious...
Server-Side Request Forgery (SSRF)
flarum/core and flarum/framework are vulnerable to Server-Side Request Forgery SSRF. The vulnerability exists due to the insecure implementation of the avatar upload functionality, which allows an attacker to upload files containing malicious URLs by spoofing the MIME type, resulting in SSRF...
Improper Access Control
maven-artifact-choicelistprovider is vulnerable to Improper Access Control. The vulnerability exists because the library does not set the appropriate context for credentials lookup, which allows an attacker with Item or Configure permission to access and capture credentials they are not entitled ...
Information Exposure
github.com/yaklang/yaklang is vulnerable to Information Exposure. The vulnerability exists because it does not properly validate information access permissions in httppool.go, which allows an attacker to read sensitive information in the system...
Denial Of Service (DoS)
libpoppler.so is vulnerable to Denial Of Service DoS. The vulnerability exists due to null-pointer deference in the FoFiType1C::convertToType function of fofi/FoFiType1C.cc, allowing an attacker to cause an application crash...
Denial Of Service (DoS)
libpoppler.so is vulnerable to Denial Of Service DoS. The vulnerability exists due to the heap buffer overflow in the FoFiType1C::cvtGlyph function of fofi/FoFiType1C.cc, allowing an attacker to cause an application crash...
Use After Free
libqpdf.so is vulnerable to Use After Free. The vulnerability exists due to a lack of entity value validations in the libqpdf parameter of PlAESPDF.cc. An attacker could exploit arbitrary code into the system...
Cross-site Scripting (XSS)
librenms/librenms is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to lack of sanitization of user inputs in multiple files which allows an attacker to inject and execute arbitrary javascript...
Arbitrary Code Execution
langchain is vulnerable to Arbitrary Code Execution. The vulnerability is caused by improper input sanitization in the prompt parameter, which could allow an attacker to execute arbitrary commands on the victim's system...
Arbitrary Code Execution
langchain is vulnerable to Arbitrary Code Execution. This vulnerability is caused by a flaw in the frommathprompt and fromcoloredobjectprompt functions, which could allow an attacker to execute arbitrary code on the victim's system by sending a specially crafted prompt...
Arbitrary Code Execution
langchain is vulnerable to Arbitrary Code Execution. The vulnerability is due to the usage of the exec python function in PythonAstREPLTool.run which can be exploited to execute arbitrary Python code through prompt injection...
Arbitrary Code Execution
llama-index is vulnerable to Arbitrary Code Execution. The vulnerability exists because of the improper handling of user input in the PandasQueryEngine function of the library, which allows an attacker to inject and execute malicious code due to the usage of the exec function...
Arbitrary Code Execution
pandasai is vulnerable to Arbitrary Code Execution. An attacker is able to exploit this vulnerability by sending a specially crafted request to the Pandas-AI server. This request would cause the server to execute arbitrary code with the privileges of the root user. The vulnerability exists in...
Arbitrary Code Execution
org.alluxio:alluxio-core-common is vulnerable to Arbitrary Code Execution. The vulnerability is due to the lluxio.util.CommonUtils.getUnixGroups method which improperly sanitizes the shell command which is used to get the Unix groups of a user. This allows an attacker to inject arbitrary code int...
Cross-site Scripting (XSS)
scancodeio is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the lack of sanitization in the key parameter of licenses.py, which allows an attacker to inject and execute malicious JavaScript through the /license/ endpoint...
Improper Access Control
@keystone-6/core is vulnerable to Improper Access Control. The vulnerability exists when the ui.isAccessAllowed parameter in the KeystoneMeta function of adminMetaSchema.ts is set as undefined, which allows an attacker to access the admin meta GraphQL query if the session strategy is not defined...
Missing Authorization
The Mattermost is vulnerable to Missing Authorization. The vulnerability is due to not invalidating existing authorization codes when deauthorizing an OAuth2 app. This can result in attacker generating an access token by leveraging the existing authorization codes...
Cross-site Scripting (XSS)
cockpit-hq/cockpit is vulnerable to Stored Cross-site Scripting XSS. The vulnerability exists because xhtml files are not restricted which allows an attacker to upload a xhtml files in the assets manager, resulting in XSS when viewed...
Integer Overflow
libImlib2.so is vulnerable to Integer Overflow. The vulnerability exists due to invalid memory allocations which allows an attacker to cause an overflow and out-of-bound reads...
Buffer Overflow
libzephyr.so is vulnerable to Buffer Overflows. The vulnerability exists in the memcpy function at usbdcnativeposix.c due to not properly handling the buffer size, which allows an attacker to cause an application crash...
Cross-site Scripting (XSS)
external-svg-loader is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the lack of input sanitization in the renderBody function of svg-loader.js, which allows an attacker to inject and execute malicious JavaScript through a maliciously crafted SVG...
Cross-site Scripting (XSS)
github.com/treeverse/lakefs is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the controller.go and getobject.go, which allows an attacker to inject and execute malicious JavaScript when opening a direct link to an HTML file via lakeFS...
Cross Site Scripting (XSS)
svelecte is vulnerable to Cross Site Scripting XSS. The vulnerability occurs when a user enters a specially crafted item name in the Svelte dropdown. Sites using Svelecte with dynamically created items from external or user-created content may be vulnerable to XSS attacks and clickjacking...
Denial Of Service (DoS)
postgresql is vulnerable to Denial Of Service DoS. This vulnerability occurs when a user sends a specially crafted MERGE command to PostgreSQL. If the command is valid, PostgreSQL could be tricked into entering an infinite loop which could prevent PostgreSQL from serving requests, resulting in a...
SQL Injection
postgresql is vulnerable to SQL injection. This vulnerability occurs when a user sends a specially crafted query that uses the @extowner@ function. If the query is valid, PostgreSQL could be tricked into executing arbitrary SQL code...
HTTP Request Smuggling
tornado is vulnerable to HTTP Request Smuggling. Tornado deviates from HTTP RFCs by interpreting the characters -, +, and in chunk length and Content-Length values. When used behind proxies that interpret non-standard characters differently, which can lead to request smuggling...
Denial Of Service (DoS)
libbind9.so is vulnerable to Denial Of Service DoS. The vulnerability exists when debug logging is turned on, due to assertion errors in renderecs which allows an attacker to cause an application crash...
Denial Of Service (DoS)
libGraphicsMagick.so is vulnerable to Denial of Service DoS attacks. The vulnerability exists due to a divide-by-zero error in the ReadMNGImage function of png.c which allows an attacker to cause an application crash via a crafted mng file...
Denial Of Service (DoS)
libpoppler.so is vulnerable to Denial Of Service DoS. The vulnerability exists in the open function in Outline.cc which allows an attacker to cause an application crash via a crafted PDF file...
Cross-site Scripting (XSS)
kindeditor is vulnerable to Cross-site Scripting.The vulnerability exists due to improper input sanitization in the content1 parameter of demo.jsp which allows an attacker to inject and execute malicious JavaScript into the browser...
Cross-site Scripting (XSS)
braft-editor is vulnerable to Cross-site Scripting. The vulnerability exists due to a lack of sanitization of HTML elements in the embed media feature, which allows an attacker to inject and execute malicious Javascript into the browser...
Prototype Pollution
hellojs is vulnerable to Prototype Pollution. The vulnerability is due to a lack of sanitization of the proto and constructor keys during object initialization, which allows an attacker to overwrite the base object, resulting in the execution of arbitrary code via the hello.utils.extend function...
Information Disclosure
github.com/mattermost/mattermost-server is vulnerable to Information Disclosure. The vulnerability exists due to the lack of restricting the post metadata during audit logging, which allows an attacker to gain sensitive information through the permalink contents in logs...
Denial Of Service (DoS)
ryu is vulnerable to Denial of Service DoS attacks. The vulnerability occurs when Ryu parses a specially crafted OFPBundleCtrlMsg message with a queue length of zero, which results in an infinite loop, consuming excessive CPU resources and preventing other users from accessing the service...
Stored Cross-Site Scripting (XSS)
thinkcmf/thinkcmf is vulnerable to Cross-Site Scripting XSS attacks. The vulnerability is due to a lack of sanitization in the userlogin parameter in the /admin/user/addpost endpoint, allowing an attacker to inject and execute malicious javascript on a victim's browser...
Improper Access Control
github.com/mattermost/mattermost-server is vulnerable to Improper Access Control. The vulnerability exists because the library fails to delete the attachments when deleting messages in a thread, allowing a user to access and download the attachment of a deleted message...
Incorrect Authorization
github.com/mattermost/mattermost-server is vulnerable to Incorrect Authorization. The vulnerability exists because the library does not properly validate the requesting user permissions when updating a system admin, allowing a user manager to update a system admin's details such as email, first...
Missing Authorization
github.com/mattermost/mattermost-server is vulnerable to Missing Authorization. The vulnerability exists because the library fails to check if the requesting user is a guest before performing different actions on public playbooks, which allows an attacker to view, join, edit, export and archive...
Business Logic Errors
froxlor/froxlor is vulnerable to Business Logic Errors. The vulnerability exists in the update function pf Admins.php because the admin name is not properly validated for spaces which allows an attacker to save a user name with just spaces/...
Information Disclosure
github.com/1panel-dev/1panel is vulnerable to Information Disclosure. The vulnerability exists due to lack of access restrictions which allows an attacker to perform arbitrary file download and expose sensitive information...
Arbitrary File Write
github.com/1panel-dev/1panel is vulnerable to Arbitrary File Write. The vulnerability exists in SaveContent function at file.go due to lack of parameter filtering which allows an attacker to perform arbitrary file writes in the system...
Arbitrary File Reads
github.com/1panel-dev/1panel is vulnerable to Arbitrary File Reads. The vulnerability exists in LoadFromFile at file.go due to not restricting the request parameters which allows an attacker to directly read arbitrary files on the system...
Improper Encoding
openzeppelin/contracts is vulnerable to Improper Encoding. The vulnerability exists due to improperly validating ERC2771Context which allows an attacker to cause unintended behavior in smart contracts that rely on the sender's accurate identification...
Arbitrary File Read
apache-airflow-providers-apache-drill is vulnerable to Arbitrary File Read. The vulnerability exists because the getconn function of drill.py allows database URL's with unescaped parameters allowing an attacker to read arbitrary files when establishing a connection with the DrillHook...
Remote Code Execution (RCE)
GitPython is vulnerable to Remote Code Execution RCE. The vulnerability exists because the clone function of base.py does not properly sanitize the non-multi options, which allows an attacker to inject an OS command into the clone command. NOTE: this issue exists because of an incomplete fix for...
Cross-Site Request Forgery (CSRF)
com.xuxueli:xxl-job is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists in xxl-job-admin/user/add, which allows an attacker to use a crafted .html file to cause CSRF attacks due to insufficient checks, resulting in arbitrary code execution and privilege escalations...