Privilege Escalation

awsadvancedpythonwrapper is vulnerable to Privilege Escalation. The vulnerability is due to improper execution context handling of user-defined functions, which allows an attacker to create crafted functions that execute with elevated privileges and gain unauthorized access...

Arbitrary File Upload

pytorch-lightning is vulnerable to Arbitrary File Upload. The vulnerability is due to improper validation of filenames in the /api/v1/uploadfile/ endpoint, which allows an attacker to overwrite arbitrary files and potentially execute malicious code...

Remote Code Execution (RCE)

vllm is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper parsing of tool call inputs, which allows an attacker to execute arbitrary code through crafted payloads...

Session Fixation

CKAN is vulnerable to Session Fixation. The vulnerability is due to improper session management when server-side session storage is enabled, which allows an attacker to fix or hijack a user’s session by setting or obtaining a valid session identifier...

Denial Of Service (DoS)

urllib3 is vulnerable to Denial-Of-Service DoS. The vulnerability is due to improper handling of highly compressed data in the streaming API, where decompression continues until the requested chunk size is satisfied, allowing a small, highly compressed response to be fully decompressed in a singl...

Arbitrary File Write

fontTools is vulnerable to an arbitrary file write. The vulnerability is due to improper handling of malicious .designspace files in the fontTools.varLib module, which allows an attacker to achieve remote code execution by writing arbitrary files when processed...

Path Traversal

Pyrofork is vulnerable to Path Traversal. The vulnerability is due to improper sanitization of filenames received from Telegram messages in the downloadmedia method, which allows an attacker to supply a malicious filename via DocumentAttributeFilename and perform path traversal during file path...

External Control Of System Or Configuration Setting

Taguette is vulnerable to External Control of System or Configuration Setting. The vulnerability is due to improper validation in the password reset functionality, which allows an attacker to craft a malicious reset link that, when clicked by the victim, enables unauthorized control over the...

Denial Of Service (DoS)

Scrapy and brotli is vulnerable to Denial Of Service DoS. The vulnerability is due to inadequate protection against brotli decompression bombs, which allows an attacker to send highly compressed data that expands excessively in memory and crashes the client...

XML External Entity (XXE) Injection

peppolpy is vulnerable to XML External Entity XXE injection. The vulnerability is due to insecure Saxon XML parser configuration, where external entities are allowed during XML invoice validation, enabling attackers to read local files and exfiltrate their contents to a remote host...

Denial Of Service (DoS)

magento is vulnerable to Denial of Service DoS. The vulnerability is due to insufficient validation of user-supplied input, which allows an attacker to send crafted requests that cause the application to crash or become unresponsive...

Command Injection

mcp-kubernetes-server is vulnerable to Command Injection. The vulnerability is due to the use of shell=True in the /mcp/kubectl endpoint, which allows an attacker to inject and execute arbitrary operating system commands...

Remote Code Execution (RCE)

redaxo/source is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient validation of template content allowing PHP code injection, which allows an attacker to execute arbitrary operating system commands when the template is rendered...

Improper Authentication

ibexa/user is vulnerable to improper authentication. The vulnerability is due to an error in the password validation logic during the transition from v4 to v5, which allows an attacker to change the account password without knowing the previous password by exploiting an active authenticated sessi...

Template Injection

langchain-core is vulnerable to Template Injection. The vulnerability is due to the lack of validation in template strings, where attackers can access Python object internals through template syntax. This allows attackers to extract sensitive information from object internals and potentially...

SQL Injection

llamaindex is vulnerable to SQL Injection. The vulnerability is due to unsafe construction of SQL queries without prepared statements in the duckdbretriever component, which allows an attacker to inject arbitrary SQL commands and execute malicious code...

Cross Site Scripting (XSS)

NiceGUI is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the ui.interactiveimage component rendering SVG content using Vue’s v-html directive without sanitization, which allows an attacker to inject malicious HTML or JavaScript via the SVG tag when the image component is...

Remote Code Execution (RCE)

apacheairflow is vulnerable to remote code execution. The vulnerability is due to insufficient validation in the /api/v2/dagReports API endpoint, which allows an attacker with API access to trigger DAG code execution in the context of the API server when DAG files are present in the deployment...

Server-Side Request Forgery

calibreweb is vulnerable to Server-Side Request Forgery. The vulnerability is due to where the blacklist does not check for 0.0.0.0, which would result in a payload of 0.0.0.0 resolving to localhost...

Improper Input Validation

Adobe Commerce is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of user-supplied input, which allows an attacker to exploit the flaw and achieve session takeover without requiring user interaction...

Improper Access Control

mineadmin/mineadmin is vulnerable to Improper Access Control. The vulnerability is due to insecure permission settings in the scheduled tasks feature, which allows an attacker to execute arbitrary commands and potentially achieve full account takeover...

Information Disclosure

nautobotssot is vulnerable to Information Disclosure. The vulnerability is due to improper access control on an unauthenticated configuration page, which allows an attacker to view the ServiceNow public instance name without authentication...

Arbitrary Code Injection

cbpi4 is vulnerable to Arbitrary Code Injection. The vulnerability is due to lack of validation of the "logtime" URL parameter before passing it to the os.system function, which allows an attacker to execute arbitrary commands...

Directory Traversal

Dosage is vulnerable to Directory Traversal. The vulnerability is due to improper handling of file extensions derived from the HTTP Content-Type header, which allows an attacker to write arbitrary files outside the intended directory...

Directory Traversal

ComposioHQ is vulnerable to Directory Traversal. The vulnerability is due to improper path validation in the downloadfileordir function, which allows an attacker to manipulate file paths and access sensitive files or directories on the system...

Denial Of Service (DoS)

getgrav/grav is vulnerable to a Denial of Service DoS. The vulnerability is due to insufficient sanitization of the scheduledat parameter, which allows an attacker to inject malicious cron expressions e.g., a single quote and disrupt the admin panel functionality, leading to a denial of service...

Remote Code Execution (RCE)

Keras is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper enforcement of safe deserialization when parsing model configuration, which allows an attacker to craft a malicious model file that disables safe mode and executes arbitrary code during loading...

Path Traversal

db-gpt is vulnerable to Path Traversal. The vulnerability is due to improper validation of uploaded file paths in the /v1/personal/agent/upload endpoint, which allows an attacker to write arbitrary files to sensitive locations and execute malicious code...

Improper Authentication Control

Filament is vulnerable to improper authentication control. The vulnerability is due to improper handling of app-based MFA recovery codes, which allows an attacker to reuse the same recovery code indefinitely to bypass authentication...

Deserialization Of Untrusted Data

Drupal core is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to improper handling of object attributes, which allows an attacker to manipulate object properties and perform object injection...

Improper Input Validation

mantisbt/mantisbt is vulnerable to improper input validation. The vulnerability is due to lack of email ownership verification during profile updates, which allows an attacker to register an unauthorized email address and potentially cause information disclosure by redirecting notifications...

Cross-site Scripting (XSS)

Magento versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a...

Arbitrary File Upload

studio-42/elfinder is vulnerable to Arbitrary File Upload. The vulnerability is due to improper validation of uploaded files in connector.minimal.php, which allows an attacker to upload malicious files and execute arbitrary PHP code on the server...

Reflected Cross-Site Scripting (XSS)

librenms/librenms is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper output encoding of the Image Name parameter in the /maps/nodeimage endpoint, which allows an attacker to craft a malicious URL that executes arbitrary JavaScript in a victim’s browser when...

Cross-Site Scripting (XSS)

getgrav/grav is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to insufficient input validation in the /admin/pages/page endpoint, which allows an attacker to inject malicious scripts into page metadata and taxonomy fields that are stored and executed when the page is...

Out-of-Bounds Read

mongodb/mongodb-extension is vulnerable to Out-of-Bounds Read. The vulnerability is due to improper handling of large options in mongocbulkoperationt, which allows an attacker to trigger invalid memory reads and potentially cause a crash or information disclosure...

Cross Site Scripting (XSS)

mediawiki/cargo is vulnerable to Cross Site Scripting XSS. The vulnerability is due to insufficient input sanitization during web page generation, which allows an attacker to inject and store malicious scripts that are executed in the context of other users when the affected content is viewed...

Cross-site Scripting (XSS)

Magento-lts is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to unescaped translation strings and URLs rendered in the admin notification grid, which allows an attacker with database or feed access to inject malicious scripts into vulnerable fields...

Remote Code Execution (RCE)

FeehiCMS is vulnerable to Remote Code Execution RCE. The vulnerability is due to unrestricted file upload in the Ad Management feature without proper validation or execution restrictions, which allows an attacker to upload and execute malicious PHP files...

Improper Authorization

magento is vulnerable to Improper Authorization. The vulnerability is due to insufficient enforcement of security controls, which allows an attacker to bypass protections and gain unauthorized access without user interactio...

Directory Traversal

alexusmai laravel-file-manager is vulnerable to Directory Traversal. The vulnerability is due to improper path validation in the zip/archiving functionality, which allows an attacker to create crafted archives that include files and directories outside the intended scope...

Improper Input Validation

mantisbt/mantisbt is vulnerable to improper input validation. The vulnerability is due to lack of server-side validation on note length, which allows an attacker to submit excessively long notes and corrupt the issue activity logs, thereby breaking the activity stream UI and preventing future...

Directory Traversal

alexusmai/laravel-file-manager is vulnerable to Directory Traversal. The vulnerability is due to insufficient validation of extraction paths during archive unzip functionality, which allows an attacker to write files to arbitrary locations on the filesystem...

Improper Access Control

mantisbt/mantisbt is vulnerable to improper access control. The vulnerability is due to insufficient access-level checks, which allows an attacker to exploit the Copy From functionality to retrieve column configurations from private projects without authorization...

Self Cross-Site Scripting (Self-XSS)

privatebin/privatebin is vulnerable to self cross-site scripting Self-XSS. The vulnerability is due to improper handling and reflection of HTML content in filenames via the drag-and-drop helper, which allows an attacker to trick a macOS or Linux user into attaching a maliciously crafted file and...

Cross-Site Scripting (XSS)

getgrav/grav is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to insufficient input validation in the datareadableName parameter of the /admin/accounts/groups/Grupo endpoint, which allows an attacker to inject and store malicious scripts that execute when the affected pa...

Improper Access Control

getgrav/grav is vulnerable to improper access control. The vulnerability is due to insufficient restriction on the "Frontmatter" form, which allows a low-privileged user to read sensitive server files and exploit them to compromise user accounts...

Cross-Site Scripting (XSS)

getgrav/grav is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization in the /admin/config/site endpoint, which allows an attacker to inject malicious scripts via the datataxonomies parameter and execute them in users’ browsers...

SQL Injection

nukeviet/nukeviet is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the listid parameter in detail.php and the groupprice or groupid parameters in searchresult.php, which allows an attacker to execute malicious SQL queries through crafted input...

Denial Of Service (DoS)

getgrav/grav is vulnerable to Denial of Service DoS. The vulnerability is due to improper input validation in the “Supported” parameter of the Languages submenu, which allows an attacker to supply malformed input that triggers a fatal regular expression parsing error via the pregmatch function...