Remote Code Execution (RCE)

org.apache.jackrabbit:jackrabbit-standalone, jackrabbit-standalone-components and jackrabbit-webapp are vulnerable to Remote Code Execution RCE. Use of the component commons-beanutils, which contains a class that can be used for remote code execution over RMI, allows an attacker to upload and...

Denial Of Service (DoS)

neutron is vulnerable to Denial of Service. The vulnerability exists because resources are produced without regard to the user's quota, which allow an attacker to submit a large number of requests, causing the application to crash...

Privilege Dropping

github.com/apptainer/apptainer is vulnerable to Privilege Dropping. The vulnerability exists because the library does not restore the old syscall setresuid behavior when escalating or dropping privileges, which allows an attacker to provide a maliciously crafted starter config to delete any...

Path Traversal

shiro-web is vulnerable to Path Traversal. The vulnerability exists because the InvalidRequestFilter.java does not properly validate the URLs, which allows an attacker to access files outside the expected directory, leading to an authentication bypass when used together with APIs or other web...

SQL Injection

manager-service is vulnerable to SQL Injection. The vulnerability exists because the toAuditCkSql function of AuditServiceImpl.java directly concatenates the groupId, streamId, auditId, and dt into the SQL query statement without doing any validation, which allows an attacker to inject and execut...

Deserialization Of Untrusted Data

manager-pojo is vulnerable to Deserialization Of Untrusted Data. The vulnerability exists because the MySQLSinkDTO.java does not properly check encoding in the MySQL JDBC URLs, which allows an attacker to bypass the current logic and achieve arbitrary file read through the...

Exposure Of Resources To Wrong Sphere

org.apache.inlong is vulnerable to Exposure of Resources to Wrong Sphere. The vulnerability exists due to the lack of permission checks in the WorkflowApprover API of the library, which allows an attacker to use general user permission to delete and update the process...

Cross-site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of user-input sanitization in the link.js which allows an attacker to inject and execute arbitrary JavaScript into the browser...

Authentication Bypass

github.com/dapr/dapr is vulnerable to Authentication Bypass. The library allows bypassing of API token authentication, which enables an attacker to send unauthorized HTTP requests via the Dapr sidecar, only impacting users who rely on this authentication method...

Improper Path Sanitisation

cloudfoundry/archiver is vulnerable to improper path sanitization. The vulnerability is due to not sanitizing relative file paths while processing archive entries. This can result in an attacker writing/overwritting files outside of the target directory leading to denial of service or loss of...

Cross-site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of user-input sanitization in the document.js which allows an attacker to inject and execute arbitrary JavaScript into the browser...

Cross-Site Request Forgery (CSRF)

cockpit-hq/cockpit is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists in multiple functions of the Admin portal, which allows an attacker to execute arbitrary administrator commands...

Cross-site Scripting (XSS)

nilsteampassnet/teampass is vulnerable to stored Cross-site Scripting XSS. The vulnerability exists in Default session expiration time due to improper user-input sanitization which allows an attacker to inject and execute arbitrary javascript or html code...

Cross-Site Scripting (XSS)

indico is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape the special characters in confirmation prompts when deleting content, which allows an attacker with at least submission privileges to inject and execute malicious javascript on a victim's browser, when...

Cross-site Scripting (XSS)

nilsteampassnet/teampass is vulnerable to Cross-site Scripting XSS. The vulnerability exists at Search page due to lack of user-input sanitization in the pages/item component which allows an attacker to inject and execute arbitrary javascript or html codes...

Remote Code Execution (RCE)

nilsteampassnet/teampass is vulnerable to Remote Code Execution RCE. The vulnerability exists due to lack of restrictions of certain input fields which are directly inserted into a tp.config.php which allows an attacker to inject and execute malicious PHP code...

Cross-site Scripting (XSS)

nilsteampassnet/teampass is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to lack of sanitization in many configuration fields which allows an attacker to inject and execute arbitrary javascript or html codes...

SQL Injection

pimcore/pimcore is vulnerable to sql injection. The vulnerability exists due to improper sql implementation in GridHelperService.php which allows an attacker to inject and execute malicious sql queries in the system...

Cross-site Scripting (XSS)

nilsteampassnet/teampass is vulnerable to Cross-site Scripting XSS attacks. The vulnerability exists because the folder name outputs are not properly encoded which allows an attacker to inject and execute arbitrary html code...

Privilege Escalation

github.com/kubeoperator/kubepi is vulnerable toPrivilege Escalation . The vulnerability exists due to improper permission restrictions when creating or updating users which allows an attacker to perform authorized actions on users such as changing roles...

Information Disclosure

github.com/kubeoperator/kubepi is vulnerable to Information Disclosure. The vulnerability exists because the password hash is not properly restricted to authenticated users which allows an attacker to gain access to sensitive information such as a password hash...

Information Exposure

pimcore/pimcore is vulnerable to information exposure. The vulnerability exists because it does not properly validate information access permissions or restrict sensitive runtime information, which allows an attacker to read sensitive information in the system...

Cross Site Scripting (XSS)

OpenCms is vulnerable to Cross Site Scripting XSS. The vulnerability exists due to the /workplace!explorer component which allows an attacker to inject and execute arbitrary JavaScript via uploading a crafted SVG file...

Information Disclosure

nilsteampassnet/teampass is vulnerable to Information Disclosure. The vulnerability exists because the library does not properly verify the input URLs, which allows an attacker to gain sensitive information by accessing an incorrect path...

Cross-site Scripting (XSS)

nilsteampassnet/teampass is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the library does not properly encode or escape outputs, allowing an attacker to inject and execute malicious javascript through the index.php?page=folders endpoint when creating a new folder...

Cross-site Scripting (XSS)

copyparty is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the txsvcs function of httpcli.py does not properly escape malicious characters, which allows an attacker to inject and execute malicious javascript by providing a malicious URL containing ?hc= with somewhere in...

Server-Side Template Injection (SSTI)

spring-boot-admin-server is vulnerable to Server-Side Template Injection SSTI. The vulnerability exists because the mailNotifierTemplateEngine function of AdminServerNotifierAutoConfiguration.java does not properly implement the configuration for ClasspathResourceLoader, which allows an attacker ...

Denial Of Service (DoS)

pocketmine/pocketmine-mp is vulnerable to Denial of Service DoS. The vulnerability is due to a lack of validation in the BlockActorDataPacket, which causes the server to spend a significant amount of time processing a packet, leading to an application crash...

Segmentation Violation

ChakraCore is vulnerable to segmentation violation. The vulnerability is due to the Js::EntryPointInfo::HasInlinees function which results in an application crash in specific situations...

Cross-Site Request Forgery (CSRF)

cockpit-hq/cockpit is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists because it does not use a csrf token, which allows an attacker to execute arbitrary commands on the system as an administrator...

Information Exposure

cockpit-hq/cockpit is vulnerable to Information Exposure. The vulnerability exists because the system does not properly validate /models/Content, which allows an attacker to read sensitive information in the system...

Denial Of Service (DoS)

IBM MQ is vulnerable to Denial Of Service DoS. The vulnerability exists due to an error processing messages which allows an attacker to cause an application crash...

Improper Access Control

Jenkins Dimensions Plugin is vulnerable to Improper Access Control. The vulnerability exists due to a missing permission check at an http endpoint which allows an attacker to enumerate credentials IDs stored and perform unauthorized actions...

Stack Overflow

ChakraCore is vulnerable to stack buffer overflow. The vulnerability is due to the Collator object, which can result in a stack overflow during string comparisons resulting in an application crash...

Heap-based Buffer Overflow

gpac is vulnerable to Heap-based Buffer Overflow. A local malicious attaker is able to leverage the vulnerability within the gfm2tsprocesssdt of mediatools/mpegts.c to cause a heap-based buffer overflow...

Double Free

gpac is vulnerable to Double Free. The vulnerability exists in gfav1resetstate within mediatools/avparsers.c which calls free twice on the same memory address which could lead to manipulation of memory locations resulting in a memory leak...

Buffer Overflows

gpac is vulnerable to Buffer Overflows. The vulnerability found within the filters/loadtext.c file, which causes the program to copy the input buffer into the output buffer without verifying the buffer size resulting in buffer overflows...

Denial Of Service (DoS)

jhead is vulnerable to Denial Of Service DoS. The vulnerability occurs due to a wild address read in the ProcessCanonMakerNoteDir function within makernote.c causing an application crash...

Denial Of Service (DoS)

gitlab is vulnerable to Denial Of Service DoS. A malicious authenticated attacker is able to add a large number of tags to a runner in GitLab to cause extreme resorce consumption, resulting in an application crash...

Buffer Overflow

sgt-puzzles is vulnerable to Buffer Overflow. The vulnerability allows a malicious attacker to craft a save file to cause interger overflow or buffer overflow within the system...

Buffer Overflow

sgt-puzzles is vulnerable to Buffer Overflow. The vulnerability allows a malicious attacker to craft a save file to cause interger overflow or buffer overflow within the system...

Buffer Overflow

sgt-puzzles is vulnerable to Buffer Overflow. The vulnerability allows a malicious attacker to craft a save file to cause interger overflow or buffer overflow within the system...

Buffer Overflow

sgt-puzzles is vulnerable to Buffer Overflow. The vulnerability allows a malicious attacker to craft a save file to cause interger overflow or buffer overflow within the system...

Buffer Overflow

sgt-puzzles is vulnerable to Buffer Overflows. The vulnerability allows a malicious attacker to craft a save file to cause interger overflow or buffer overflow within the system...

Buffer Overflow

sgt-puzzles is vulnerable to Buffer Overflows. The vulnerability allows a malicious attacker to craft a save file to cause interger overflow or buffer overflow within the system...

Buffer Overflow

sgt-puzzles is vulnerable to Buffer Overflows. The vulnerability allows a malicious attacker to craft a save file to cause interger overflow or buffer overflow within the system...

Improper Access Control

nilsteampassnet/teampass is vulnerable to Improper Access Control. A remote authenticated attacker is able to gain access to read the information of other users via guessing and editing the ID on the request, resulting in disclosure of sensitive information...

Cross-Site Scripting (XSS)

nilsteampassnet/teampass is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape the special characters before it output to the front end in the user profile form, which allows an attacker to inject and execute malicious javascript on victim's browser via the store...

Denial Of Service (DoS)

gitlab is vulnerable to Denial Of Service DoS. The vulnerability allows a crafted Prometheus Server query to cause high resource consumption which could lead to a system crash...

Denial Of Service (DoS)

gitlab is vulnerbale to Denial Of Service DoS. The application improperly handles data on branch creation leading to excessive resource consumption resulting in denial of service conditions...