38108 matches found
SQL Injection
WordPress Zero Spam plugin is vulnerable to SQL Injection. The vulnerability is due to insufficient sanitization and escaping of the order and orderby parameters before they are used in SQL queries in the admin dashboard, allowing attackers to inject malicious SQL statements and manipulate databa...
Cross Site Scripting (XSS)
getgrav/grav is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of...
Security Sandbox Bypass
getgrav/grav is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to insufficient protection of the Twig template sandbox, which allows an authenticated user with editor permissions to inject malicious template directives and execute arbitrary code on the server...
Cross-Site Scripting (XSS)
code16/sharp is vulnerable to Cross-Site Scripting XSS.The vulnerability is due to improper handling of expressions wrapped in & within the SharpShowTextField component, which are evaluated by Vue, allowing an attacker to inject and execute arbitrary JavaScript or HTML in a user’s browser when th...
Stored Cross Site Scripting (XSS)
starcitizentools/citizen-skin is vulnerable to Stored Cross Site Scripting XSS. The vulnerability is due to improper handling of system message content in the sticky header, where innerHTML is assigned from user-editable message text, which allows an attacker with interface message edit privilege...
Use Of Web Browser Cache Containing Sensitive Information
Drupal core is vulnerable to Use of Web Browser Cache Containing Sensitive Information. The vulnerability is due to improper cache control handling, which allows sensitive information to be stored in browser cache and potentially accessed by unauthorized users...
User Interface (UI) Misrepresentation Of Critical Information
Drupal core is vulnerable to User Interface UI Misrepresentation of Critical Information. The vulnerability is due to improper handling of UI content rendering, which allows an attacker to spoof or misrepresent content and mislead users within the application interface...
Path Traversal
Grav is vulnerable to Path Traversal. The vulnerability is due to insufficient validation of the username path during user creation, where Grav writes the account YAML file to an unintended location outside user/accounts/ when a username contains path traversal sequences, allowing attackers to...
Stored Cross-site Scripting (XSS)
getformwork/formwork is vulnerable to stored cross-site scripting XSS. The vulnerability is due to improper sanitization of input in the blog tag field, which allows an attacker to inject malicious scripts that execute in the browser of any authenticated user accessing or editing the affected blo...
SQL Injection
phpMyFAQ is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of inputs in the main configuration update functionality, which allows a privileged attacker with configuration edit permissions to execute arbitrary SQL commands and compromise the database...
Local File Inclusion (LFI)
PrivateBin is vulnerable to Local File Inclusion LFI. The vulnerability is due to improper validation of the template cookie in the template-switching feature, which allows an attacker to include arbitrary PHP files and potentially read sensitive data or achieve remote code execution...
Host Header Injection
Backdrop CMS is vulnerable to Host Header Injection. The vulnerability is due to improper validation of the Host header in password reset requests, which allows an attacker to manipulate redirects to malicious domains and potentially perform session hijacking via cookie injection...
Authentication Bypass
robrichards/xmlseclibs is vulnerable to authentication bypass. The vulnerability is due to improper handling in the libxml2 canonicalization process where invalid XML inputs may return an empty string, which allows an attacker to bypass authentication by manipulating the DigestValue computation...
Privilege Escalation
getgrav/grav is vulnerable to privilege escalation. The vulnerability is due to missing username uniqueness validation during user creation, which allows an attacker to create an account with an existing administrator username and gain full administrative access...
Cross Site Scripting (XSS)
code16/sharp is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input validation and output encoding in src/Form/Fields/SharpFormUploadField.php, which allows an attacker to inject and execute arbitrary malicious scripts in a victim’s browser...
Path Traversal
getgrav/grav is vulnerable to path traversal. The vulnerability is due to insufficient input sanitization in the backup tool, which allows an authenticated attacker with administrative privileges to exploit user-supplied paths and access arbitrary files outside the intended webroot directory...
Privilege Escalation
getgrav/grav is vulnerable to sensitive information exposure. The vulnerability is due to improper access control in the admin panel, which allows an attacker with read access to view password hashes and potentially exploit them to achieve privilege escalation...
Cross-Site Scripting (XSS)
getgrav/grav is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to improper input validation in the /admin/pages/page endpoint, which allows an attacker to inject malicious scripts via the dataheadercontentitems parameter...
Improper Check For Unusual Or Exceptional Conditions
Drupal core is vulnerable to Improper Check for Unusual or Exceptional Conditions. The vulnerability is due to insufficient validation of access conditions, which allows an attacker to perform forceful browsing and access restricted resources without proper authorization...
Cross-site Scripting (XSS)
getkirby/cms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user-controlled fields such as page titles or usernames displayed in the "Changes" dialog, which allows an attacker to inject malicious code that executes when another authenticated user...
Stored Cross-Site Scripting (XSS)
getgrav/grav is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization in the dataheadertemplate parameter at the /admin/pages/page endpoint, which allows an attacker to inject and store malicious scripts that execute when the content is rendere...
Arbitrary SQL Execution
Neuron is vulnerable to arbitrary SQL execution. The vulnerability is due to the MySQLWriteTool executing caller‑provided SQL using PDO::prepare and execute without semantic restrictions, where an attacker can inject destructive statements such as DROP TABLE, TRUNCATE, DELETE, or ALTER via...
Persistent HTML Injection
privatebin/privatebin is vulnerable to persistent HTML injection. The vulnerability is due to an unsanitized attachment filename attachmentname when attachments are enabled, which allows an attacker to modify the filename before encryption so that, after decryption, arbitrary HTML is inserted...
Denial Of Service (DoS)
processwire/processwire is vulnerable to Denial of Service. The vulnerability is due to automatic extraction of user-supplied ZIP files uploaded via Language Support without size or resource limits prior to validation, which allows an attacker with low privileges to upload a crafted ZIP and trigg...
Insecure Direct Object Reference (IDOR)
getgrav/grav is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to improper access control in the Admin Panel, which allows a low-privilege attacker to access sensitive information of other users by manipulating direct object references...
SQL Injection
nukeviet/nukeviet is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the topicsid parameter in modules/news/admin/addtotopics.php, which allows an attacker to execute malicious SQL queries through crafted input...
Server-Side Template Injection (SSTI)
getgrav/grav is vulnerable to a Server-Side Template Injection SSTI. The vulnerability is due to improper input handling in form submissions, which allows an attacker to send a crafted POST payload to expose sensitive configuration details, including plugin configurations...
Account Takeover
prestashop/pscheckout is vulnerable to Account takeover. The vulnerability is due to missing validation in the Express Checkout feature, which allows an attacker to silently authenticate using a victim’s email address and take over the account...
SQL Injection
devcode-it/openstamanager is vulnerable to a SQL Injection. The vulnerability is due to improper validation of the display parameter in the API, which allows an attacker to inject and execute arbitrary SQL queries to access, modify, or delete database data...
Privilege Escalation
getgrav/grav is vulnerable to Privilege Escalation PE. The vulnerability is due to improper handling of Twig processing in page frontmatter, which allows an attacker to inject malicious Twig expressions and escalate privileges or execute arbitrary system commands via the scheduler API...
Privilege Escalation
alextselegidis/easyappointments is vulnerable to Privilege Escalation. The vulnerability is due to improper access control in the index.php file, which allows a remote attacker to escalate privileges by exploiting insufficient authorization checks...
Authentication Bypass
moodle/moodle is vulnerable to an authentication bypass. The vulnerability is due to improper enforcement of multi-factor authentication logic under certain conditions, which allows an attacker with valid credentials to bypass MFA and gain unauthorized access to user accounts...
Server-Side Template Injection (SSTI)
getgrav/grav is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to weak regex validation in the cleanDangerousTwig method, which allows an attacker to execute arbitrary commands on the server...
Improper Input Validation
Symfony is vulnerable to improper input validation. The vulnerability is due to incorrect interpretation of PATHINFO in the Request class, which allows an attacker to bypass access control mechanisms by crafting URLs that do not start with a /...
Authentication Bypass
mantisbt/mantisbt is vulnerable to Authentication Bypass. The vulnerability is due to the use of loose comparison == instead of strict comparison === in authentication logic, which allows an attacker to exploit MD5 hash collisions interpreted as numeric zero and gain unauthorized access without...
Insecure Deserialization
quantconnect.common is vulnerable to insecure deserialization. The vulnerability is due to insecure configuration of the TypeNameHandling property in the Json.NET library, which allows an attacker to exploit unsafe deserialization of crafted JSON payloads and potentially execute arbitrary code...
Cross-site Scripting (XSS)
Bagisto is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient validation of uploaded files in the TinyMCE image upload functionality, which allows an attacker with sufficient privileges to upload a crafted HTML file containing JavaScript that executes in a user’s...
Arbitrary File Upload
mautic/grapes-js-builder-bundle is vulnerable to Arbitrary File Upload. The vulnerability is due to lack of file type restrictions during uploads, which allows an attacker to upload and execute malicious files on the server...
Authenticated SQL Injection
torrentpier/torrentpier is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the topicid parameter in modcp.php, which allows an authenticated moderator to inject malicious SQL queries and exploit the database...
Cross-Site Scripting (XSS)
magento is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization of user input in form fields, which allows an attacker to inject malicious scripts that execute in a victim’s browser when the affected page is viewed...
Weak Password Policy
librenms/librenms is vulnerable to a weak password policy. The vulnerability is due to insufficient enforcement of strong password rules in the user management functionality, which allows an attacker to exploit weak and predictable credentials through brute-force or credential stuffing attacks...
Cross-site Scripting (XSS)
aimeos/ai-cms-grapesjs is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to lack of proper sanitization when Content Security Policy is disabled, which allows an attacker to inject malicious JavaScript through editor content...
Remote Code Execution (RCE)
CSLA .NET is vulnerable to remote code execution RCE. The vulnerability is due to the use of the obsolete NetDataContractSerializer NDCS in WcfProxy, which allows an attacker to execute arbitrary code during the deserialization process...
SQL Injection
Admidio is vulnerable to SQL Injection. The vulnerability is due to improper handling of user input in member assignment data retrieval functionality, which allows an attacker to execute arbitrary SQL commands and manipulate database data...
Insecure Storage Of Sensitive Information
Liferay Portal and Liferay DXP are vulnerable to insecure storage of sensitive information. The vulnerability is due to storing password reset tokens in plain text in the database, which allows an attacker with database access to retrieve the token, reset a user’s password, and take over the user...
Stored Cross-Site Scripting (XSS)
Jenkins AnchorChain Plugin is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper validation of URL schemes when generating links from workspace content, allowing attackers to inject javascript: URLs that execute malicious scripts in the Jenkins user interface...
Improper Access Control
dnn.platform is vulnerable to improper access control. The vulnerability is due to the default HTML editing configuration allowing unauthenticated file uploads, which allows an attacker to upload arbitrary files and potentially leverage them for further compromise...
Integer Overflow
ImageMagick is vulnerable to an integer overflow. The vulnerability is due to improper validation of width and height values in the TIM image parser’s ReadTIMImage function when calculating the image size without overflow checks, which allows an attacker to supply a crafted TIM image that trigger...
Cross-site Scripting (XSS)
org.jenkins-ci.plugins:cloudbees-jenkins-advisor is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper escaping of server responses, which allows an attacker to inject malicious scripts that execute in the context of users viewing the affected content...
Improper Access Control
com.liferay, com.liferay.blogs.item.selector.web is vulnerable to improper access control. The vulnerability is due to missing permission checks on blog entry images, which allows an attacker to access and view images via a crafted URL...