38108 matches found
User Enumeration
ibexa/user is vulnerable to User Enumeration. The vulnerability is due to overly descriptive error messages, which allows an attacker to determine whether a user account exists by observing differences in error responses...
Sensitive Information Exposure
@actual-app/sync-server is vulnerable to sensitive Information Exposure. The vulnerability is due to logging parsed API responses to STDOUT using console.log/console.debug, which allows an attacker with access to application logs to obtain sensitive data such as bearer tokens, bank account detail...
Cross-site Scripting (XSS)
ibexa/admin-ui is vulnerable to cross-site scripting XSS. The vulnerability is due to improper escaping of user-controlled input in image asset names, content language names, and future publishing within the back office, which allows an attacker with editor or administrator-level permissions to...
Arbitrary File Write
github.com/git-lfs/git-lfs is vulnerable to arbitrary file write. The vulnerability is due to Git LFS not validating symbolic or hard links before writing files during git lfs checkout or git lfs pull, which allows an attacker to craft a malicious repository that causes Git LFS to write to...
Remote Code Execution (RCE)
n8n is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient isolation in the workflow expression evaluation system, which allows an authenticated attacker to supply crafted expressions that are executed in the runtime context, enabling arbitrary code execution with th...
Cross-Site Scripting (XSS)
ezsystems/ezplatform-admin-ui is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper escaping of user-controlled input in image asset names, content language names, and future publishing features, which allows an attacker with back-office editor or administrator privilege...
Server-Side Request Forgery (SSRF)
@lobehub/chat is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation and restriction of user-supplied URLs in the tools.search.crawlPages tRPC endpoint, which allows an attacker with a valid token to supply arbitrary URLs and force the server to mak...
Improper Authentication
github.com/mattermost/mattermost-server is vulnerable to improper authentication. The vulnerability is due to failure to validate email ownership during the Slack import process, which allows an attacker to create verified user accounts with arbitrary email domains and bypass email-based team...
Improper Access Control
@strapi/core is vulnerable to improper access control. The vulnerability is due to improper sanitization of query parameters in the document service lookup operator, which allows an attacker to craft malicious queries to access private fields such as admin passwords and reset tokens...
Deserialization Of Untrusted Data
Apache Causeway is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to unsafe Java deserialization of user-controllable URL parameters in ViewModel handling, which allows an authenticated attacker to execute arbitrary code with application privileges...
Prototype Pollution
js-yaml is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of special object properties such as proto during YAML parsing, which allows an attacker to modify object prototypes and manipulate application behavior when untrusted YAML input is processed...
Cross-site Scripting (XSS)
OWASP Java HTML Sanitizer is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization when HtmlPolicyBuilder permits noscript and style tags with allowTextIn, which allows an attacker to craft malicious CSS or HTML payloads that bypass the defined policy and execu...
Cross-site Request Forgery (CSRF)
Jenkins is vulnerable to Cross-site Request Forgery CSRF. The vulnerability is due to missing or insufficient CSRF protection on login-related functionality, which allows an attacker to trick a victim into unknowingly authenticating into the attacker’s account...
Improper Authentication
github.com/edgelesssys/contrast is vulnerable to Improper Authentication. The vulnerability is due to unauthenticated LUKS2 volume metadata and support for null key-encryption algorithms, which allows an attacker to craft a malicious volume that opens with any passphrase and captures all written...
Sensitive Information Disclosure
Jenkins is vulnerable to Sensitive Information Disclosure. The vulnerability is due to build authorization tokens not being masked in the job configuration form, which allows an attacker who can view the configuration page to observe and capture these tokens...
Sensitive Information Disclosure
Jenkins is vulnerable to Sensitive Information Disclosure. The vulnerability is due to build authorization tokens being stored unencrypted in job configuration files, which allows an attacker with extended read permissions or file system access to view and misuse these credentials...
Missing Authorization
Jenkins is vulnerable to Missing Authorization. The vulnerability is due to a missing permission check on viewing encrypted credential data, which allows attackers with only View/Read permissions to access and view encrypted password values in views...
Improper Access Control
github.com/bishopfox/sliver is vulnerable to Improper Access Control. The vulnerability is due to the custom WireGuard netstack not restricting traffic between connected clients, which allows an attacker with leaked or recovered keypairs to communicate with other implants, access exposed port...
Server-side Request Forgery (SSRF)
Astro is vulnerable to server-side request forgery SSRF. The vulnerability is due to improper image proxy domain validation, which allows an attacker to bypass restrictions using backslashes in the href parameter and trigger server-side requests to arbitrary URLs...
Authentication Bypass
Node-SAML is vulnerable to an Authentication Bypass. The vulnerability is due to loading assertions from the unsigned original SAML response instead of the signature-verified data, allowing attackers to modify authentication details within a valid assertion, such as altering the username, and...
Race Condition
com.okta.sdk, okta-sdk-api is vulnerable to a Race Condition. The vulnerability is due to concurrent use of the ApiClient class, where shared request state can cause response headers or status codes from one request to affect another, potentially leading to incorrect or unsafe API responses...
Improper Path Handling
formio is vulnerable to improper path handling. The vulnerability is due to improper validation of crafted request paths, which allows an unauthenticated or unauthorized attacker to bypass API access controls and retrieve data from protected endpoints...
Improper Authorization
github.com/mattermost/mattermost-server is vulnerable to Improper Authorization. The vulnerability is due to failure to verify whether a user has permission to join a Mattermost team when processing the original invite token, which allows an attacker to manipulate the RelayState parameter and joi...
Improper Neutralization Of Special Elements
ESAPI esapi-java-legacy is vulnerable to an Improper Neutralization of Special Elements. The vulnerability is due to insufficient sanitization in the Encoder.encodeForSQL interface, where the SQL encoding logic fails to properly neutralize special characters, resulting in incomplete protection an...
Weak Password Hash Generation
xxl-job is vulnerable to a Weak Password Hash Generation vulnerability. The vulnerability is due to insufficient computational effort in the 'makeToken' function of 'IndexController.java', where an attacker can manipulate the token-generation logic to obtain and resulting remote compromise...
Regular Expression Denial Of Service (ReDoS)
Yarn is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to improper handling of user-controlled options in the setOptions function, which allows a local attacker to supply crafted input that triggers excessive regular expression processing and causes a denial of...
Unvalidated Redirect
NocoDB is vulnerable to an unvalidated redirect. The vulnerability is due to missing validation of the user-controlled continueAfterSignIn parameter in the login flow, which allows an attacker to redirect authenticated users to arbitrary external websites after login...
Improper Input Validation
sha.js is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of input data, which allows an attacker to manipulate crafted inputs to influence how data is processed...
Improper Input Validation
cipher-base is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of input data, which allows an attacker to manipulate crafted inputs to alter processing behavior...
Improper Password Length Validation
@strapi/core is vulnerable to improper password length validation. The vulnerability is due to the lack of enforcing a maximum password length when using bcryptjs, which truncates passwords beyond 72 bytes, allowing an attacker to authenticate using only the first 72 bytes of an overlong password...
Prototype Pollution
Vuetify is vulnerable to Prototype Pollution. The vulnerability is due to the internal mergeDeep utility merging user-supplied preset objects without proper safeguards, which allows an attacker to supply a crafted preset to pollute JavaScript object prototypes and potentially cause denial of...
Cross-Origin Resource Sharing (CORS) Misconfiguration
@strapi/core is vulnerable to Cross-Origin Resource Sharing CORS Misconfiguration. The vulnerability is due to improper validation of the Origin header in default configurations, which allows an attacker to exploit this by hosting a malicious site on a different origin and sending credentialed...
Cross-site Scripting (XSS)
Vuetify is vulnerable to Cross-site Scripting XSS. The vulnerability is due to unsanitized HTML being assigned to the innerHTML of the VDatePicker title via the title-date-format property, which allows an attacker to inject and execute arbitrary JavaScript in the victim’s browser...
Arbitrary Command Injection
mcp-server-kubernetes is vulnerable to Arbitrary Command Injection. The vulnerability is due to passing user-supplied command strings directly to shell execution sh -c without input validation, which allows an attacker to inject and execute arbitrary commands through crafted inputs or indirect...
Denial Of Service (DoS)
react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack and next are vulnerable to a Denial-Of-Service DoS. The vulnerability is due to insufficient patching of unsafe payload deserialization in React Server Components, where maliciously crafted HTTP requests sent to Server...
Authentication Bypass
ruby-saml is vulnerable to authentication bypass. The vulnerability is due to improper handling of libxml2 canonicalization in Nokogiri when processing invalid XML, which returns an empty string used for DigestValue calculation, allowing an attacker to perform a Signature Wrapping attack and bypa...
Remote Code Execution (RCE)
Fugue is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization in the FlaskRPCServer implementation, where the decode function uses cloudpickle.loads on untrusted data, allowing attackers to send malicious serialized objects that execute arbitrary code on the...
Authentication Bypass
keylime is vulnerable to Authentication Bypass. The vulnerability is due to insufficient validation during agent registration, where a malicious actor can register a new agent with a different TPM while reusing an existing agent’s UUID, allowing the attacker to overwrite the legitimate agent...
Improper Access Control
mad-proxy is vulnerable to Improper Access Control. The vulnerability is due to flaws in HTTP/HTTPS traffic interception logic, allowing attackers to bypass security policies and evade traffic inspection, potentially exposing sensitive data...
Authentication Bypass
ruby-saml is vulnerable to authentication bypass. The vulnerability is due to inconsistent XML parsing between REXML and Nokogiri resulting in different document structures, which allows an attacker to perform a Signature Wrapping attack and bypass authentication...
Directory Traversal
AstrBot is vulnerable to Directory Traversal. The vulnerability is due to the handler function installpluginupload of the interface '/plugin/install-upload' parsing the filename from the request body provided by the user, and directly using the filename to assign to filepath without checking the...
Command Injection
pgAdmin 4 is vulnerable to command injection. The vulnerability is due to the use of shell=True during backup and restore operations on Windows systems, which allows an attacker to execute arbitrary system commands by supplying specially crafted file path input...
Remote Code Execution (RCE)
pgAdmin is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of PLAIN-format dump files during restore operations in server mode, allowing attackers to inject malicious commands that are executed on the server hosting pgAdmin...
Denial-of-service (DoS)
pypdf is vulnerable to a Denial-of-service DoS. The vulnerability is due to improper handling of inline images using the DCTDecode filter during PDF content stream parsing, which allows an attacker to craft a malicious PDF that triggers an infinite loop and causes CPU exhaustion...
Man-In-The-Middle (MITM) Attack
MQTT is vulnerable to a Man-in-the-Middle MITM attack. The vulnerability is due to missing hostname verification by default, which allows an attacker to intercept and manipulate communication between clients and servers...
Arbitrary Code Injection
Ray is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient validation of the User-Agent header combined with lack of protection against DNS rebinding attacks, which allows an attacker to execute arbitrary code on a developer’s system via a malicious website or...
Cross-site Scripting (XSS)
prosemirrortohtml is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper escaping of HTML attribute values, which allows an attacker to inject and execute arbitrary JavaScript code through crafted input...
Reflected Cross Site Scripting (XSS)
FastMCP is vulnerable to a reflected cross-site scripting XSS. The vulnerability is due to unescaped user-controlled input being reflected in the OAuth client callback HTML page oauthcallback.py, which allows an attacker to inject and execute arbitrary JavaScript in the context of the callback...
Deserialization Of Untrusted Data
vLLM is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to insufficient validation of user-supplied serialized tensors during loading, which allows an attacker to craft malicious inputs that trigger out-of-bounds memory writes and crash or compromise the server...
Server-Side Request Forgery (SSRF)
Keras is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper handling of the StringLookup layer during model loading from a crafted .keras archive, which allows an attacker to supply local or remote file paths as vocabulary inputs and exploit tf.io.gfile behavior ...