Remote Code Execution (RCE)

vLLM is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe dynamic loading and execution of classes from remote repositories via the automap configuration, which allows an attacker to execute arbitrary code even when trustremotecode is disabled...

Improper Cleanup Of Sensitive Data

Ansible is vulnerable to improper cleanup of sensitive data. The vulnerability is due to the awsssm connection plugin not performing garbage collection after playbook execution, which allows sensitive files to remain in the storage bucket and exposes confidential data to unauthorized access...

Deserialization Of Untrusted Data

Keras framework is vulnerable to Deserialization of untrusted data. The vulnerability is due to improper handling of maliciously crafted Keras files during deserialization, which allows an attacker to execute arbitrary code on an end user’s system by loading a file containing a TorchModuleWrapper...

Server-Side Request Forgery (SSRF)

libtaxii is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper handling of an initial http:// substring in the parse method, even when the XML parser is configured with the nonetwork setting, which allows an attacker to trigger unauthorized network requests throu...

Denial Of Service (DoS)

Starlette is vulnerable to Denial Of Service DoS. The vulnerability is due to quadratic-time processing in the FileResponse HTTP Range header parsing and merging logic, which allows an unauthenticated attacker to send a crafted Range header to exhaust CPU resources...

Insecure Deserialization

Modular is vulnerable to Insecure Deserialization. The vulnerability is due to insecure deserialization when the --experimental-enable-kvcache-agent feature is enabled, allowing attackers to supply crafted serialized data that can be processed by the server and lead to arbitrary code execution...

Server-Side Request Forgery (SSRF)

Open WebUI is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of user-supplied URLs, allowing authenticated users to force the server to send HTTP requests to arbitrary destinations, which may enable access to internal services, cloud metadata...

Remote Code Execution

SGLang is vulnerable to Remote Code Execution. The vulnerability is due to the manipulation of the argument serializednamedtensors, where the function main of the file /updateweightsfromtensor results in deserialization, and attackers can launch the attack remotely by exploiting this vulnerabilit...

Local File Inclusion (LFI)

pythonmistralclient is vulnerable to Local File Inclusion LFI. The vulnerability is due to improper validation of file paths in the 'Create Workbook' feature, which allows an attacker to include and read arbitrary local files from the system...

Command Injection

Cybersecurity AI CAI is vulnerable to Command Injection. The vulnerability is due to insufficient input sanitization in the runsshcommandwithcredentials function, where the username, host, and port parameters are not properly escaped, allowing attackers to inject malicious commands...

Use Of Hard-coded Cryptographic Key

AstrBot is vulnerable to the Use of Hard-coded Cryptographic Key. The vulnerability is due to the presence of a hard-coded signing key in the application, which allows an attacker to forge tokens and execute arbitrary commands by installing a malicious plugin...

Insecure Deserialization

cryptidy is vulnerable to insecure deserialization. The vulnerability is due to the use of pickle.loads on untrusted data in the aesdecryptmessage function within symmetricencryption.py, which allows an attacker to execute arbitrary code by supplying crafted serialized input...

Weak Password Requirements

MLflow is vulnerable to Weak Password Requirements. The vulnerability is due to weak password requirements in the authentication mechanism, which allows an attacker to bypass authentication and gain unauthorized access to the system...

Privilege Escalation

awsadvancedpythonwrapper is vulnerable to Privilege Escalation. The vulnerability is due to improper execution context handling of user-defined functions, which allows an attacker to create crafted functions that execute with elevated privileges and gain unauthorized access...

Arbitrary File Upload

pytorch-lightning is vulnerable to Arbitrary File Upload. The vulnerability is due to improper validation of filenames in the /api/v1/uploadfile/ endpoint, which allows an attacker to overwrite arbitrary files and potentially execute malicious code...

Remote Code Execution (RCE)

vllm is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper parsing of tool call inputs, which allows an attacker to execute arbitrary code through crafted payloads...

Session Fixation

CKAN is vulnerable to Session Fixation. The vulnerability is due to improper session management when server-side session storage is enabled, which allows an attacker to fix or hijack a user’s session by setting or obtaining a valid session identifier...

Denial Of Service (DoS)

urllib3 is vulnerable to Denial-Of-Service DoS. The vulnerability is due to improper handling of highly compressed data in the streaming API, where decompression continues until the requested chunk size is satisfied, allowing a small, highly compressed response to be fully decompressed in a singl...

Arbitrary File Write

fontTools is vulnerable to an arbitrary file write. The vulnerability is due to improper handling of malicious .designspace files in the fontTools.varLib module, which allows an attacker to achieve remote code execution by writing arbitrary files when processed...

Path Traversal

Pyrofork is vulnerable to Path Traversal. The vulnerability is due to improper sanitization of filenames received from Telegram messages in the downloadmedia method, which allows an attacker to supply a malicious filename via DocumentAttributeFilename and perform path traversal during file path...

External Control Of System Or Configuration Setting

Taguette is vulnerable to External Control of System or Configuration Setting. The vulnerability is due to improper validation in the password reset functionality, which allows an attacker to craft a malicious reset link that, when clicked by the victim, enables unauthorized control over the...

Denial Of Service (DoS)

Scrapy and brotli is vulnerable to Denial Of Service DoS. The vulnerability is due to inadequate protection against brotli decompression bombs, which allows an attacker to send highly compressed data that expands excessively in memory and crashes the client...

XML External Entity (XXE) Injection

peppolpy is vulnerable to XML External Entity XXE injection. The vulnerability is due to insecure Saxon XML parser configuration, where external entities are allowed during XML invoice validation, enabling attackers to read local files and exfiltrate their contents to a remote host...

Denial Of Service (DoS)

magento is vulnerable to Denial of Service DoS. The vulnerability is due to insufficient validation of user-supplied input, which allows an attacker to send crafted requests that cause the application to crash or become unresponsive...

Command Injection

mcp-kubernetes-server is vulnerable to Command Injection. The vulnerability is due to the use of shell=True in the /mcp/kubectl endpoint, which allows an attacker to inject and execute arbitrary operating system commands...

Remote Code Execution (RCE)

redaxo/source is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient validation of template content allowing PHP code injection, which allows an attacker to execute arbitrary operating system commands when the template is rendered...

Improper Authentication

ibexa/user is vulnerable to improper authentication. The vulnerability is due to an error in the password validation logic during the transition from v4 to v5, which allows an attacker to change the account password without knowing the previous password by exploiting an active authenticated sessi...

Template Injection

langchain-core is vulnerable to Template Injection. The vulnerability is due to the lack of validation in template strings, where attackers can access Python object internals through template syntax. This allows attackers to extract sensitive information from object internals and potentially...

SQL Injection

llamaindex is vulnerable to SQL Injection. The vulnerability is due to unsafe construction of SQL queries without prepared statements in the duckdbretriever component, which allows an attacker to inject arbitrary SQL commands and execute malicious code...

Cross Site Scripting (XSS)

NiceGUI is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the ui.interactiveimage component rendering SVG content using Vue’s v-html directive without sanitization, which allows an attacker to inject malicious HTML or JavaScript via the SVG tag when the image component is...

Remote Code Execution (RCE)

apacheairflow is vulnerable to remote code execution. The vulnerability is due to insufficient validation in the /api/v2/dagReports API endpoint, which allows an attacker with API access to trigger DAG code execution in the context of the API server when DAG files are present in the deployment...

Server-Side Request Forgery

calibreweb is vulnerable to Server-Side Request Forgery. The vulnerability is due to where the blacklist does not check for 0.0.0.0, which would result in a payload of 0.0.0.0 resolving to localhost...

Improper Input Validation

Adobe Commerce is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of user-supplied input, which allows an attacker to exploit the flaw and achieve session takeover without requiring user interaction...

Improper Access Control

mineadmin/mineadmin is vulnerable to Improper Access Control. The vulnerability is due to insecure permission settings in the scheduled tasks feature, which allows an attacker to execute arbitrary commands and potentially achieve full account takeover...

Information Disclosure

nautobotssot is vulnerable to Information Disclosure. The vulnerability is due to improper access control on an unauthenticated configuration page, which allows an attacker to view the ServiceNow public instance name without authentication...

Arbitrary Code Injection

cbpi4 is vulnerable to Arbitrary Code Injection. The vulnerability is due to lack of validation of the "logtime" URL parameter before passing it to the os.system function, which allows an attacker to execute arbitrary commands...

Directory Traversal

Dosage is vulnerable to Directory Traversal. The vulnerability is due to improper handling of file extensions derived from the HTTP Content-Type header, which allows an attacker to write arbitrary files outside the intended directory...

Directory Traversal

ComposioHQ is vulnerable to Directory Traversal. The vulnerability is due to improper path validation in the downloadfileordir function, which allows an attacker to manipulate file paths and access sensitive files or directories on the system...

Denial Of Service (DoS)

getgrav/grav is vulnerable to a Denial of Service DoS. The vulnerability is due to insufficient sanitization of the scheduledat parameter, which allows an attacker to inject malicious cron expressions e.g., a single quote and disrupt the admin panel functionality, leading to a denial of service...

Remote Code Execution (RCE)

Keras is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper enforcement of safe deserialization when parsing model configuration, which allows an attacker to craft a malicious model file that disables safe mode and executes arbitrary code during loading...

Path Traversal

db-gpt is vulnerable to Path Traversal. The vulnerability is due to improper validation of uploaded file paths in the /v1/personal/agent/upload endpoint, which allows an attacker to write arbitrary files to sensitive locations and execute malicious code...

Improper Authentication Control

Filament is vulnerable to improper authentication control. The vulnerability is due to improper handling of app-based MFA recovery codes, which allows an attacker to reuse the same recovery code indefinitely to bypass authentication...

Deserialization Of Untrusted Data

Drupal core is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to improper handling of object attributes, which allows an attacker to manipulate object properties and perform object injection...

Improper Input Validation

mantisbt/mantisbt is vulnerable to improper input validation. The vulnerability is due to lack of email ownership verification during profile updates, which allows an attacker to register an unauthorized email address and potentially cause information disclosure by redirecting notifications...

Cross-site Scripting (XSS)

Magento versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a...

Arbitrary File Upload

studio-42/elfinder is vulnerable to Arbitrary File Upload. The vulnerability is due to improper validation of uploaded files in connector.minimal.php, which allows an attacker to upload malicious files and execute arbitrary PHP code on the server...

Reflected Cross-Site Scripting (XSS)

librenms/librenms is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper output encoding of the Image Name parameter in the /maps/nodeimage endpoint, which allows an attacker to craft a malicious URL that executes arbitrary JavaScript in a victim’s browser when...

Cross-Site Scripting (XSS)

getgrav/grav is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to insufficient input validation in the /admin/pages/page endpoint, which allows an attacker to inject malicious scripts into page metadata and taxonomy fields that are stored and executed when the page is...

Out-of-Bounds Read

mongodb/mongodb-extension is vulnerable to Out-of-Bounds Read. The vulnerability is due to improper handling of large options in mongocbulkoperationt, which allows an attacker to trigger invalid memory reads and potentially cause a crash or information disclosure...

Cross Site Scripting (XSS)

mediawiki/cargo is vulnerable to Cross Site Scripting XSS. The vulnerability is due to insufficient input sanitization during web page generation, which allows an attacker to inject and store malicious scripts that are executed in the context of other users when the affected content is viewed...