Privilege Escalation

apacheairflow is vulnerable to Privilege Escalation. The vulnerability is due to the Run Task feature, as it enables authenticated users to bypass limits, execute code in the webserver context and bypass restrictions on some DAGs, which exposes sensitive data, resulting in privileges escalation...

Path Traversal

libunrar.so is vulnerable to Path Traversal. The vulnerability is due to the library's inability to recognize symbolic links in archives, which can result in the extraction of files outside the restricted directory...

Denial Of Service (DoS)

w3m is vulnerable to Denial of Service DoS attacks. This vulnerability occurs when w3m parses a specially crafted HTML file that contains an out-of-bounds read. If the file is valid, w3m could crash...

Denial Of Service (DoS)

w3m is vulnerable to Denial of Service DoS attacks. This vulnerability occurs when w3m parses a specially crafted HTML file that contains a heap-based buffer overflow. If the file is valid, w3m could crash...

HTTP Request Smuggling

protocol-http1 is vulnerable to HTTP Request Smuggling. The vulnerability exists in the read function of chunked.rb due to improper HTTP/1 implementation based on the RFC spec, such as allowing Content-Length header values with a + or 0x prefix, which can lead to HTTP request smuggling and firewa...

Denial Of Service (DoS)

pocketmine/pocketmine-mp is vulnerable to Denial Of Service DoS. The vulnerability exists in due to the netresearch/jsonmapper dependency due to improper mappings of JSON arrays and objects onto scalar model properties which allows an attacker to send malformed JWT JSON in the LoginPacket causing...

Business Logic Errors

github.com/answerdev/answer is vulnerable to Business Logic Errors. The vulnerability exists due to a lack of server side logic for account deletion, which allows an authenticated attacker to delete the administrator account...

Denial Of Service (DoS)

pocketmine/pocketmine-mp is vulnerable to Denial Of Service DoS. The vulnerability exists due to improperly checked dropped item count which allows players to request that the server drop more of an item than they had available in their hotbar causing an application crash...

Cross-site Scripting (XSS)

github.com/answerdev/answer is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the lack of a validation user input in tagschema.go, which allows an attacker to inject and execute malicious Javascript into the browser...

Cross-site Scripting (XSS)

github.com/answerdev/answer is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the lack of user input validation in tagschema.go, which allows an attacker to inject and execute malicious Javascript into the browser...

Denial Of Service (DoS)

pocketmine/pocketmine-mp is vulnerable to Denial Of Service DoS. The vulnerability exists due to missing rate-limits which allows an attacker to consume resources via mismatched type of a InventoryTransactionPacket which results in an application crash...

Directory Traversal

rust is vulnerable to Directory Traversal. This vulnerability occurs when Cargo downloads a crate that contains files with 0777 permissions. If the user has write access to the Cargo directory, they could exploit this vulnerability to create or modify arbitrary files...

Path Traversal

wrangler is vulnerable to Path Traversal. The vulnerability exists due to a lack of path sanitization in the generateResponse function of cli.js, which allows an attacker on the same network as the local development server to access the victim's files present outside of the development server...

Information Disclosure

sulu/sulu is vulnerable to Observable Response Discrepancy. The vulnerability exists due to the insecure access control used in the security.yaml configuration, which allows an attacker to detect whether a user's username or email exists and which ones do not exist through the Admin Login form...

Denial Of Service (DoS)

gitlab is vulnerable to Denial Of Service DoS. This vulnerability allows an attacker to cause a DoS attack on a GitLab instance by exploiting a regex issue in how the application parses user agents...

Cross-Site Request Forgery (CSRF)

gitlab is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability allows a malicious attacker to gain access and control a project if the owner uploads a file to a malicious project...

Improper Authorization

gitlab is vulnerable to Improper Authorization. This vulnerability allows an attacker to introduce and merge unapproved merge requests MRs without authorization...

Improper Access Control

gitlab is vulnerable to Improper Access Control. This vulnerability allows a malicious developer with limited permissions to remove CODEOWNERS rules from a protected branch and then merge their changes...

Cross-site Scripting (XSS)

hoteldruid is vulnerable to Cross-site Scripting XSS. The vulnerability which exists in multiple pages allows a malicious attacker to execute arbitrary commands within the surname, name and nickname document functions...

Cross-site Scripting (XSS)

gitlab is vulnerable to Cross-site Scripting XSS. The vulnerability is found within the title fields of work item which could allow a malicious attacker to execute arbitrary commands on behalf of the user...

Race Condition

gitlab is vulnerable to Race Condition. An attacker could exploit this vulnerability by tricking a GitLab user into visiting a malicious website. Once the user visits the malicious website, the attacker could exploit the vulnerability to forge a verified email and take over their third-party...

Leak Of Webhook Secret Token

gitlab is vulnerable to Leak Of Webhook Secret Token. The vulnerability exists because the project maintainer could leak a webhook secret token by changing the webhook URL to an endpoint, allowing them to capture request headers...

Email Spamming

rdiffweb is vulnerable to Email Spamming. The vulnerability exists because there is no rate limit checks in the pageprefnotification.py, which allows an attacker to spam the victim's mailbox, causing additional expenses for the organization...

Cross-site Scripting (XSS)

gitlab is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the lack of user input sanitization in the library, which allows an attacker to inject and execute malicious javascript through the maliciously crafted merge request...

Denial Of Service (DoS)

vim is vulnerable to Denial Of Service DoS. The vulnerability exists due to the out-range-pointer offset in the library, allowing an attacker to cause an application crash...

Improper Authorization

gitlab is vulnerable to Improper Authorization. This vulnerability allows a malicious unauthorized GitLab user to attach a malicious runner to any project through GraphQL endpoints...

Improper Authorization

gitlab is vulnerable to Improper Authorization. An attacker could exploit this vulnerability to gain control of a GitLab project by importing members from another project that they control. This could allow the attacker to steal data, modify code, or delete the project...

Authorization Bypass

chromium is vulnerable to Authorization Bypass. The vulnerability exists due to the inappropriate implementation in the prompts in the library, which allows an attacker to bypass permission restrictions via a crafted HTML page...

Cross-Origin Resource Sharing (CORS)

chromium is vulnerable to Cross-Origin Resource Sharing CORS. The vulnerability exists due to the inappropriate implementation in CORS of the library, which allows an attacker to leak cross-origin data via a maliciously crafted HTML page...

Spoofing Attack

chromium is vulnerable to Spoofing Attack. The vulnerability exists due to the inappropriate implementation in Prompts in the library, which allows an attacker to spoof the contents of the security UI via a maliciously crafted HTML page...

Authorization Bypass

chromium is vulnerable to Authorization Bypass. The vulnerability exists due to the inappropriate implementation in the prompts in the library, which allows an attacker to bypass permission restrictions via a crafted HTML page...

Improper Authorization

chromium is vulnerable to Improper Authorization. An attacker could exploit this vulnerability to impersonate a trusted website and trick the user into performing actions such as revealing sensitive information or installing malware. This could have serious consequences for the victim, such as...

Use-After-Free

chromium is vulnerable to Use-After-Free. This allows a remote attacker to convince a user to carry out UI interactions to exploit heap corruption using a crafted UI interaction...

Improper Authorization

chromium is vulnerable to Improper Authorization. An attacker could exploit this vulnerability by tricking a user into visiting a malicious website. If the user is using a vulnerable version of Chrome, the attacker could obfuscate the main origin data of the website. This could then be used to...

Improper Authorization

chromium is vulnerable to Improper Authorization. An attacker could exploit this vulnerability by tricking a user into visiting a malicious website. If the user is using a vulnerable version of Chrome and enters full-screen mode, the attacker could hide the contents of the Omnibox. This could the...

Improper Authorization

chromium is vulnerable to Improper Authorization. An attacker could exploit this vulnerability to impersonate a trusted website and trick the user into performing actions such as revealing sensitive information or installing malware. This could have serious consequences for the victim, such as...

Improper Input Validation

chromium is vulnerable to Improper Input Validation. The vulnerability exists due to lack of user input validation, which allows an attacker who convince a user to install a malicious extension to bypass file access checks via a crafted HTML page...

Insufficient Policy Enforcement

chromium is vulnerable to Insufficient Policy Enforcement. Insufficient policy enforcement in File System API allows a remote attacker to bypass filesystem restrictions via a crafted HTML page...

Arbitrary Code Execution

chromium is vulnerable to Arbitrary Code Execution. Inappropriate implementations in the library may allow a remote attacker who had compromised the renderer process to perform arbitrary read/write operations via a malicious file...

Improper Input Validation

chromium is vulnerable to Improper Input Validation. Insufficient data validation in DevTools allow a remote attacker to bypass navigation restrictions via a crafted HTML page...

Buffer Overflow

jhead is vulnerable to Buffer Overflows. The library is vulnerable to Buffer Overflows via shellescape, jhead.c, jhead. jhead copies strings to a stack buffer when it detects a or &o.; However, jhead does not check the boundary of the stack buffer. As a result, there will be a stack buffer overfl...

Improper Input Validation

trafficserver is vulnerable to Improper Input Validation. The configuration option proxy.config.http.pushmethodenabled doesn't function. However, by default the PUSH method is blocked in the ipallow configuration file...

Local File Inclusion (LFI)

dmidecode is vulnerable to local file inclusion LFI attacks. The vulnerability exists because the library enables -dump-bin to overwrite a local file, which allows execution of Dmidecode via Sudo...

Authorization Bypass

libreoffice is vulnerable to Authorization Bypasses. Improper access control in editor components allows an attacker to craft a document that would cause external links to be loaded without prompt. The documents that uses floating frames linked to external files, would load the contents of those...

Cross-Site Scripting (XSS)

odoo is vulnerable to Cross-Site Scripting XSS attacks. The vulnerability allows a remote attacker to inject arbitrary web script via the browser of a victim, by posting crafted content...

Cross-Site Scripting (XSS)

gitlab is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape the special characters before it output to the front end, allowing an attacker to inject and execute malicious javascript on victim's browser, via the email address field...

Denial Of Service (DoS)

wireshark is vulnerable to Denial of Service DoS attacks. An infinite loop in XRA dissector allows an attacker to cause denial of service conditions via a packet injection or a crafted capture file...

Denial Of Service (DoS)

advancecomp is vulnerable to Denial of Service DoS attacks. A segmentation fault found in the library allows a local authenticated attacker to cause an application crash...

Type Confusion

chromium is vulnerable to Type Confusion. A remote attacker is able to potentially exploit heap corruption via a crafted HTML page...

Spoofing Attack

chromium is vulnerable to Spoofing Attack. The vulnerability exists because the inappropriate implementation in the Picture In Picture of the library, allowing an attacker to spoof the contents of the Omnibox URL bar via a maliciously crafted HTML page through the renderer process...