38287 matches found
Denial-of-Service (DoS)
Marshmallow is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to inefficient processing in Schema.loaddata, many=True, where moderately sized inputs can trigger excessive CPU consumption, allowing attackers to degrade service availability through crafted requests...
Improper Validation
github.com/elastic/beats are vulnerable to Improper Validation. The vulnerability is due to insufficient validation of indexes, positions, or offsets in input handling, which allows an attacker to trigger a buffer overflow by sending a malformed Syslog message or a malicious Dissect tokenizer...
Arbitrary File Access
Werkzeug is vulnerable to Arbitrary File Access. The vulnerability is due to insufficient validation in the safejoin function on Windows, where path segments using reserved device names such as CON or AUX with extensions or trailing spaces are allowed, enabling attackers to access special device...
Denial-of-Service (DoS)
urllib3 is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to unbounded decompression of redirect response bodies in the streaming API, where urllib3 decompresses entire redirect responses regardless of read limits, allowing a malicious server to trigger excessive resource...
Server-Side Request Forgery (SSRF)
httparty is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of user-supplied URLs, which allows an attacker to force the application to send unauthorized requests to internal servers and potentially leak sensitive information such as API keys...
Sensitive Information Disclosure
Sentry-Javascript is vulnerable to Sensitive Information Disclosure. The vulnerability is due to over-collection of sensitive HTTP headers when sendDefaultPii is enabled, where headers such as Cookie can be sent to and stored in Sentry traces, allowing users with access to the Sentry organization...
Authentication Bypass
Ollama is vulnerable to an Authentication Bypass. The vulnerability is due to where critical model management APIs are exposed without access controls, allowing remote attackers to perform unauthorized operations without authentication...
Improper Access Control
allauth-django is vulnerable to improper access control. The vulnerability is due to previously issued access and refresh tokens remaining valid even after a user account is marked as isactive=False, which allows an attacker to continue authenticating and accessing protected resources using those...
Authorization Bypass
Axios Cache Interceptor is vulnerable to an Authorization Bypass. The vulnerability is due to improper cache key generation, where cached responses are keyed only by URL and ignore the Authorization header and Vary: Authorization, causing responses generated for one user’s auth token to be reused...
Improper Authentication
allauth-django is vulnerable to improper authentication. The vulnerability is due to the use of the mutable preferredusername attribute as the identifier for third-party provider accounts, which allows an attacker to change this value and potentially impersonate or gain unauthorized access to...
OAuth Parameter Injection
Auth0 Next.js is vulnerable to OAuth Parameter Injection. The vulnerability is due to insufficient validation of the returnTo parameter, where attacker-controlled input can inject unintended OAuth query parameters into the authorization request, potentially resulting in tokens being issued with...
Denial Of Service (DoS)
Nuxt is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to improper handling of query strings in CDN-cached routes, where crafted requests such as /?/payload.json can cause JSON responses to be cached and served to normal users, allowing attackers to poison the CDN cache and rende...
Cross-site Scripting (XSS)
React Router is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of untrusted input in the API during server-side rendering when generating keys via the getKey or storageKey props, which allows an attacker to inject and execute arbitrary JavaScript...
Path Traversal
React Router is vulnerable to Path Traversal. The vulnerability is due to the use of createFileSessionStorage with an unsigned cookie, which allows an attacker to manipulate session identifiers to attempt read/write operations outside the intended session file directory, potentially accessing...
Stored Cross-Site Scripting (XSS)
n8n is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sandbox enforcement when the “Respond to Webhook” node returns HTML content with executable scripts, which allows an attacker with workflow creation privileges to execute arbitrary JavaScript in the context...
Path Traversal
@vitejs/plugin-rs is vulnerable to . The vulnerability is due to missing input validation on the frindSourceMapURL development endpoint, where an unauthenticated attacker can supply a file:// URL in the filename parameter to read arbitrary files accessible to the Node.js process...
Open Redirect
React Router is vulnerable to Open Redirect. The vulnerability is due to unsafe handling of SPA navigation redirects generated from loaders or actions in certain modes, which allows an attacker to inject untrusted redirect URLs and trigger unintended JavaScript execution on the client...
Remote Code Execution (RCE)
n8n is vulnerable to Remote Code Execution. The vulnerability is due to unsafe execution of Git pre-commit hooks, where cloning a repository containing a malicious hook and later performing a commit via the Git Node can trigger arbitrary command execution within the n8n environment...
Cross-site Scripting (XSS)
Angular is vulnerable to cross-site scripting XSS. The vulnerability is due to Angular Template Compiler’s internal sanitization schema failing to recognize the href and xlink:href attributes of SVG...
Cross-site Request Forgery
React Router is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to missing CSRF protections on document POST requests to UI routes, where server-side route action handlers or React Server Actions accept authenticated POST requests without origin validation, allowing...
Sensitive Information Disclosure
authkit-nextjs is vulnerable to Sensitive Information Disclosure. The vulnerability is due to missing anti-caching headers on authenticated responses, where session tokens can be cached by CDNs and inadvertently served to other users, leading to unauthorized session exposure in environments with...
Remote Code Execution (RCE)
n8n is vulnerable to Remote Code Execution. The vulnerability is due to insufficient restriction of Git configuration values, where workflows using the Git node can set core.hooksPath to a malicious location, causing arbitrary commands to execute on the n8n host via crafted Git hooks during...
Server-Side Request Forgery (SSRF)
Craft CMS is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of the file.url parameter in the GraphQL save Asset mutation, which allows an attacker with asset management permissions to force the server to fetch internal or restricted resources and...
Improper Access Control
n8n is vulnerable to Improper Access Control. The vulnerability is due to insecure handling of form-based workflows, which allows an unauthenticated attacker to access files on the underlying server and expose sensitive system information...
Improper Authorization
shopware/core is vulnerable to Improper Authorization.The vulnerability is due to media visibility restrictions not being enforced on aggregation API requests, which allows an attacker with low-privilege backend access to bypass authorization checks using crafted aggregation queries and disclose...
Improper Authorization
shopware/core is vulnerable to Improper Authorization. The vulnerability is due to refunds being disabled only at the UI level via the core.cart.enableOrderRefunds setting, which allows an attacker to bypass restrictions by sending a custom crafted request to cancel their own orders...
Improper Access Control
craftcms/cms is vulnerable to Improper Access Control. The vulnerability is due to missing authentication checks on certain administrative actions, which allows an unauthenticated attacker to trigger database backup operations and potentially cause resource exhaustion or information disclosure...
Allocation Of Resources Without Limits
org.elasticsearch.plugin:x-pack-core is vulnerable to Allocation of Resources Without Limits. The vulnerability is due to insufficient limits on memory allocation during snapshot restore operations, which allows an authenticated attacker to send crafted HTTP requests to trigger excessive memory...
Deserialization Of Untrusted Data
org.apache.nifi, nifi-asana-processors is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to the use of unfiltered Java object serialization and deserialization in the GetAsanaObject Processor, which allows an attacker with access to the configured cache server to supply...
Information Disclosure
Aircompressor is vulnerable to Information Disclosure. The vulnerability is due to improper handling of malformed Snappy and LZ4 compressed input in the Java decompressor implementations, which allows a remote attacker to craft input that causes previously used buffer contents to be included in t...
OS Command Injection
github.com/neuvector/neuvector is vulnerable to OS Command Injection. The vulnerability is due to unsanitized use of the environment variables CLUSTERRPCPORT and CLUSTERLANPORT in shell commands executed via popen, which allows an attacker to inject and execute arbitrary commands within the...
Use Of Hard-coded Cryptographic Key
github.com/neuvector/neuvector is vulnerable to use of hard-coded cryptographic key. The vulnerability is due to a cryptographic key being hard-coded and embedded in the source code at compilation time, which allows an attacker with access to the code or binaries to recover the key and decrypt...
Improper Certificate Validation
github.com/neuvector/neuvector is vulnerable to improper certificate validation. The vulnerability is due to the lack of TLS certificate verification and absence of response size limits when transmitting anonymous telemetry data, which allows an attacker to perform man-in-the-middle MITM attacks ...
Out-of-bounds Write
wasm3 is vulnerable to Out-of-bounds Write. The vulnerability is due to improper handling of slot setting and indirect function calls in opSetSloti32 and opCallIndirect, which allows a local attacker to manipulate execution and trigger memory corruption...
Denial Of Service (DoS)
signalk-server is vulnerable to Denial of Service DoS. The vulnerability is due to unbounded in-memory storage of access request objects at the /signalk/v1/access/requests endpoint, which allows an unauthenticated attacker to flood the endpoint and crash the server through memory exhaustion...
CRLF Injection
io.netty, netty-codec-http is vulnerable to CRLF Injection. The vulnerability is due to improper sanitization of the request URI in HttpRequestEncoder, which allows an attacker to inject CRLF sequences and smuggle malicious HTTP requests...
Remote Code Execution (RCE)
Signal K Server is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsanitized npm version specifiers in the appstore install API, where attacker-controlled URLs or git sources can be passed to npm, allowing execution of malicious postinstall scripts when an administrator...
Authorization Bypass
Signal K Server is vulnerable to Authorization Bypass. The vulnerability is due to misleading access request UI and trust of spoofable X-Forwarded-For headers, allowing attackers to impersonate trusted devices and request elevated permissions that administrators may unknowingly approve...
Remote Code Execution (RCE)
feast is vulnerable to remote code execution RCE. The vulnerability is due to the use of yaml.load..., Loader=yaml.Loader to deserialize configuration YAML files before validation, which allows an attacker who can modify these files to instantiate arbitrary Python objects and execute OS commands ...
Unauthenticated Information Disclosure
signalk-server is vulnerable to unauthenticated information disclosure. The vulnerability is due to missing authentication checks on sensitive endpoints, which allows an attacker to retrieve internal system details such as the full SignalK data schema, connected serial devices, and installed...
Denial-of-Service (DoS)
MessagePack for Java is vulnerable to a Denial-Of-Service DoS . The vulnerability is due to unbounded memory allocation during deserialization, where the library trusts attacker-controlled EXT32 payload length metadata and allocates a byte array of that declared size when ExtensionValue.getData i...
Improper Authentication
Langflow is vulnerable to Improper Authentication. The vulnerability is due to missing authentication and authorization checks on critical API endpoints, which allows an unauthenticated attacker to access sensitive user data and perform unauthorized destructive operations...
Arbitrary Code Injection
aizuda snail-job is vulnerable to Arbitrary Code Injection. The vulnerability is due to improper handling of user-controlled input in the QLExpressEngine.doEval function, which allows a remote attacker to inject and execute malicious expressions...
Improper Authentication
Elasticsearch is vulnerable to Improper Authentication. The vulnerability is due to insufficient validation of client certificates in the PKI realm, which allows an attacker with a specially crafted certificate signed by a trusted CA to impersonate other users...
Use Of A Hard-Coded Cryptographic Key
org.apache.streampark, streampark is vulnerable to Use of a Hard-Coded Cryptographic Key. The vulnerability is due to the use of a fixed, immutable encryption key in the application, which allows an attacker to recover the key through code analysis and decrypt sensitive data or forge encrypted...
Improper Authentication
Signal K Server is vulnerable to Improper Authentication. The vulnerability is due to unauthenticated modification of internal server state via the /skServer/validateBackup endpoint, which allows an attacker to overwrite critical configuration files and hijack the administrator restore process to...
Sensitive Information Disclosure
apacheairflow is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper redaction of secret values in rendered templates, which allows authenticated users to view sensitive secrets without appropriate authorization...
Improper Cryptographic Key Management
Apache StreamPark is vulnerable to Improper Cryptographic Key Management. The vulnerability is due to using the user’s password directly as the HMAC signing key for JWTs, which allows an attacker to brute-force passwords offline or forge valid tokens to impersonate users and take over accounts...
Incorrect Authorization
org.apache.streampipes:streampipes-parent is vulnerable to Incorrect Authorization. The vulnerability is due to a flaw in the user ID creation and JWT handling mechanism, which allows a non-administrator attacker to manipulate tokens and swap usernames with an administrator, thereby gaining full...
Remote Code Execution (RCE)
Apache Airflow Providers Edge3 is vulnerable to Remote Code Execution RCE. The vulnerability is due to exposure of a non-public Worker RPC API enabled when the Edge3 provider was installed on Airflow 2, where development-only APIs intended for internal testing allowed DAG authors to execute...