38467 matches found
Denial Of Service
HashiCorp memberlist is vulnerable to Denial Of Service. The vulnerability is due to improper handling of push/pull state messages, where specially crafted gossip traffic can exhaust memory on a receiving node, allowing attackers with network access to terminate the process...
Uncontrolled Resource Consumption (Infinite Loop)
pypdf is vulnerable to Uncontrolled Resource Consumption Infinite Loop. The vulnerability is due to improper handling of crafted PDF files containing threads/articles during the merge operation, which allows an attacker to trigger an infinite loop by supplying a malicious PDF, resulting in a...
Out-of-Bounds Write
pymonocypher is vulnerable to Out-of-Bounds Write. The vulnerability is due to the argon2i32 implementation failing to validate the nbblocks buffer size before writing, which allows an attacker to trigger a write past the end of the provided buffer, potentially causing heap corruption and resulti...
Path Traversal
psd-tools is vulnerable to Path Traversal. The vulnerability is due to improper validation and sanitization of attacker-controlled file paths in the SmartObject.save and SmartObject.open APIs, which allows an attacker to write arbitrary files to attacker-chosen locations outside the intended...
Remote Code Execution (RCE)
Joro is vulnerable to Remote Code Execution RCE. The vulnerability is due to the default proxy mode exposing an unauthenticated local API with a wildcard CORS policy, which allows an attacker to use cross-origin JavaScript to upload a malicious native plugin and trigger a restart...
OS Command Injection
Nuclio is vulnerable to OS Command Injection. The vulnerability is due to improper sanitization of event.headers keys and event.body values when constructing curl commands for Kubernetes CronJob containers, which allows an attacker to inject and execute arbitrary shell commands by manipulating...
OS Command Injection
File Browser is vulnerable to OS Command Injection. The vulnerability is due to the Hook Authentication feature interpolating user-supplied username and password into an external shell command without proper sanitization, which allows an unauthenticated remote attacker to inject shell...
Missing Authentication
SiYuan is vulnerable to Missing Authentication. The vulnerability is due to the kernel HTTP server unconditionally trusting all chrome-extension:// origins without authentication and the default empty AccessAuthCode on desktop installations, which allows an attacker controlling a malicious or...
Cross-site Scripting (XSS)
Craft CMS is vulnerable to Stored cross-site scripting XSS. The vulnerability is due to improper escaping of entry titles during drag-and-drop operations, where user-controlled titles are decoded and inserted into HTML without proper sanitization, allowing attackers to execute arbitrary JavaScrip...
Remote Code Execution
Craft CMS is vulnerable to remote code execution RCE. The vulnerability is due to unsafe rendering of user-controlled data as an unsandboxed Twig template, where the Referer HTTP header is compiled without sandboxing during entry saves, allowing authenticated attackers to execute arbitrary code o...
Cross-Site Request Forgery (CSRF)
Leantime is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to missing validation of the OIDC state parameter in the verifyState method, where attacker-controlled authorization callbacks are accepted without verification, allowing attackers to perform session fixation and...
Improper Authorization
Leantime is vulnerable to Improper Authorization. The vulnerability is due to missing authorization checks in the Users::getUser JSON-RPC API, where authenticated users can retrieve sensitive credential data for arbitrary user accounts, allowing attackers to obtain password hashes, TOTP secrets,...
Improper Certificate Validation
Coder is vulnerable to Improper Certificate Validation. The vulnerability is due to the AI Bridge Proxy aibridgeproxyd creating a default HTTPS transport with InsecureSkipVerify enabled when no upstream proxy is configured, which allows an on-path man-in-the-middle attacker to present a forged TL...
Improper Input Validation
github.com/coder/coder is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of the scheme and host in external workspace application URLs before substituting the $SESSIONTOKEN placeholder, which allows an attacker controlling a malicious workspace templa...
Improper Access Control
Coder is vulnerable to Improper Access Control. The vulnerability is due to the tailnet coordinator validating an agent's Addresses but not its AllowedIPs, which allows an authenticated attacker to advertise unauthorized IP prefixes that are propagated to WireGuard peers, potentially enabling...
Stored Cross Site Scripting
showdown is vulnerable to stored cross-site scripting. The vulnerability is due to a failure to properly escape table header ID attributes in the parseHeaders function, where attackers can inject arbitrary HTML and script-executing SVG elements through double-quote characters in markdown table...
Sensitive Information Exposure
Apache Camel Undertow Component is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper handling of exception responses, where processing errors return full Java stack traces instead of suppressing them, allowing attackers to obtain sensitive information such as...
Improper Authorization
github.com/coder/coder is vulnerable to Improper Authorization. The vulnerability is due to insufficient validation in the UpsertWorkspaceApp and insertAgentApp functions, which fail to verify that a supplied application ID belongs to the workspace being built before performing a cross-workspace...
Improper Authentication
Apache Camel is vulnerable to Improper Authentication. The vulnerability is due to missing authentication for critical functions, where the KeycloakSecurityPolicy defaults to not verifying the access token, and an invalid token is accepted, allowing unauthenticated access to protected routes...
SSH Configuration Injection
Coder is vulnerable to SSH Configuration Injection. The vulnerability is due to coder config-ssh writing server-supplied HostnameSuffix and SSHConfigOptions into the user's /.ssh/config without properly sanitizing embedded newlines or restricting SSH directives, which allows an attacker controlli...
Improper Authorization
Craft CMS is vulnerable to Improper Authorization. The vulnerability is due to insufficient authorization checks after author reassignment in EntriesController::actionSaveEntry, where attacker-controlled author parameters are applied without revalidating permissions, allowing low-privileged users...
Improper Privilege Management
github.com/coder/coder is vulnerable to Improper Privilege Management. The vulnerability is due to insufficient authorization checks in the PUT /api/v2/users/user/password endpoint, which allows a privileged user-admin attacker to reset the password of an owner account without requiring the curre...
Improper Authentication
github.com/coder/coder is vulnerable to Improper Authentication. The vulnerability is due to improper OIDC email-based account linking and incorrect handling of the emailverified claim, which allows an attacker to authenticate with a malicious or unverified OIDC identity and take over another...
Arbitrary Code Injection
Langroid is vulnerable to Arbitrary Code Injection. The vulnerability is due to improper sandboxing of Python eval that fails to remove builtins, which allows an attacker to execute arbitrary operating system commands through crafted LLM-generated tool messages...
Improper Authorization
The CreateSubAgent RPC is vulnerable to improper authorization. The vulnerability is due to the failure to validate the requested app sharing level against the template's maximum allowed sharing level before persisting workspace apps, which allows a workspace owner to exceed the...
Authentication Bypass
Coder is vulnerable to an authentication bypass. The vulnerability is due to improper validation of the emailverified claim in the OIDC callback and an unconditional email-based account fallback, which allows an attacker to take over accounts by supplying a non-boolean or missing emailverified...
Improper Access Control
Cilium is vulnerable to improper access control. The vulnerability is due to the creation of a world-accessible Envoy admin socket when L7 functionality is enabled, which allows a local attacker to access Envoy administrative endpoints, potentially exposing sensitive information such as TLS...
Improper Authorization
Keycloak is vulnerable to improper authorization. The vulnerability is due to missing validation that the target user belongs to the caller's realm in certain user read endpoints, which allows a tenant realm administrator to access profile information, client roles, and realm roles of users acros...
Path Traversal
Horde IMP is vulnerable to path traversal. The vulnerability is due to insufficient validation of img src URLs, where attackers can bypass the stripos prefix validation by appending traversal sequences after the matching prefix, and read sensitive files whose contents are then exfiltrated as MIME...
Cross Site Scripting
MediaWiki Cargo Extension is vulnerable to Cross Site Scripting. The vulnerability is due to improper neutralization of user-supplied input during web page generation, where malicious scripts are stored and later rendered without proper sanitization, allowing attackers to execute arbitrary...
Improper Authorization
Craft CMS is vulnerable to Improper Authorization. The vulnerability is due to missing authorization checks when deleting asset folders, where the folder deletion operation does not enforce peer asset delete permissions, allowing low-privilege users to delete assets uploaded by other users in...
Mass Assignment
Craft CMS is vulnerable to Mass Assignment. The vulnerability is due to insufficient validation of the newAttributes parameter during bulk duplication, where attackers can override the target element ID and update an existing entry instead of creating a new one, allowing unauthorized modification...
Improper Authorization
Craft CMS is vulnerable to Improper Authorization. The vulnerability is due to missing authorization checks for the source asset during file replacement, where providing both assetId and sourceAssetId bypasses source delete permission validation, allowing authenticated users to delete assets from...
Improper Authorization
Craft CMS is vulnerable to Improper Authorization. The vulnerability is due to insufficient permission checks when moving entries between sections, where only view permission is validated for the destination section instead of save permission, allowing low-privileged users to move entries into...
Path Traversal
LaunchServer is vulnerable to path traversal. The vulnerability is due to insufficient validation of file path traversal sequences in the HTTP file server FileServerHandler, which allows an unauthenticated remote attacker to read arbitrary files, obtain sensitive server secrets including signing...
Use Of A Broken Or Risky Cryptographic Algorithm
BC-JAVA bcprov is vulnerable to the Use of a Broken or Risky Cryptographic Algorithm. The vulnerability is due to flaws in the G3413CTRBlockCipher implementation, where the affected cryptographic algorithm can provide weakened cryptographic protection, allowing attackers to compromise the...
Improper Privilege Management
github.com/rancher/rancher is vulnerable to Improper Privilege Management. The vulnerability is due to improper privilege handling for users with the Project Owner role, which allows an attacker with Project Owner privileges to escalate their privileges by exploiting insufficient privilege...
OS Command Injection
github.com/rancher/rancher is vulnerable to OS Command Injection. The vulnerability is due to unsanitized YAML parameters in the /v3/import/tokenclusterId.yaml import endpoint, which allows a remote attacker to inject commands, break out of a container image, and execute malicious containers...
Deserialization Of Untrusted Data
org.openidentityplatform.openam, openam-auth-webauthn is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to the WebAuthn authentication module deserializing attacker-controlled data from a storage attribute under certain conditions, which allows an attacker to achieve...
Deserialization Of Untrusted Data
OpenDJ Community Edition is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to the JMX RMI connector reading and processing attacker-controlled serialized data before authentication, which allows an unauthenticated remote attacker to deserialize arbitrary Java objects on...
Information Disclosure
angular/common is vulnerable to information disclosure. The vulnerability is due to the HttpTransferCache utility failing to consider the withCredentials flag and Cookie header when caching HTTP responses during Server-Side Rendering SSR with hydration enabled, which allows an attacker to obtain...
Cross-Site Scripting (XSS)
DOMPurify is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to DOMPurify skipping the contents of shadow DOM elements inside HTML elements during sanitization, which allows an attacker to embed malicious payloads that execute when the template is cloned and inserted into the pag...
Session Hijacking
Chainlit is vulnerable to Session Hijacking. The vulnerability is due to missing ownership verification during WebSocket session restoration, where a valid sessionId can be used to restore another user's authenticated session, allowing attackers to gain unauthorized access with the victim's...
Server-Side Request Forgery
jackson-databind is vulnerable to server-side request forgery SSRF. The vulnerability is due to eager DNS resolution during InetSocketAddress deserialization, where untrusted hostnames are resolved before application-level validation, allowing attackers to trigger arbitrary DNS requests by...
Open Redirect
Nuxt is vulnerable to Open Redirect. The vulnerability is due to improper validation of protocol-relative URLs in the reloadNuxtApp function, where paths such as //evil.com bypass URL validation and resolve to attacker-controlled domains, allowing attackers to redirect users to malicious websites...
Cross Site Scripting
Nuxt is vulnerable to cross-site scripting XSS. The vulnerability is due to improper validation of script-capable URLs in the navigateTo open option, where javascript: URLs supplied through user-controlled input are not blocked, allowing attackers to execute arbitrary scripts in the application's...
Cache Bypass
Undici is vulnerable to Cache Bypass. The vulnerability is due to Undici's cache interceptor incorrectly classifying some responses as cacheable, where the upstream Cache-Control header uses whitespace-padded qualified private or no-cache field names, and attackers can exploit this by serving a...
Improper Authorization
Apache DolphinScheduler is vulnerable to Improper Authorization. The vulnerability is due to incorrect authorization checks when accessing workflow instance information, where users can retrieve workflow details from projects they are not authorized to access...
Improper Authorization
Apache DolphinScheduler is vulnerable to Improper Authorization. The vulnerability is due to a missing authorization check in the DataSource API, where requests are not properly validated before returning data source metadata, allowing unauthorized users to disclose sensitive data source...
Improper Authorization
Apache DolphinScheduler is vulnerable to Improper Authorization. The vulnerability is due to incorrect authorization checks when deleting task definitions, where users with valid system login privileges can delete task definitions in projects they are not authorized to manage...