38108 matches found
Sensitive Information Disclosure
Jenkins Statistics Gatherer Plugin is vulnerable to Sensitive Information Disclosure. The vulnerability is due to storing the AWS Secret Key in plaintext in the global configuration file, allowing users with access to the Jenkins controller file system to read and misuse the credential...
Cross-site Request Forgery (CSRF)
jp.ikedam.jenkins.plugins, extensible-choice-parameter is vulnerable to cross-site request forgery CSRF. The vulnerability is due to insufficient request validation, which allows an attacker to execute sandboxed Groovy code by tricking a user into performing unintended actions...
Improper Input Validation
org.openidentityplatform.openam, openam-oauth2 is vulnerable to improper input validation. The vulnerability is due to improper validation of the claimsparametersupported feature in the oidc-claims-extension.groovy script, which allows an attacker to inject a crafted JSON claims parameter in the...
Reflected Cross Site Scripting (XSS)
com.liferay.portal, release.portal.bom is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper input validation of the comliferayportallanguageoverridewebinternalportletPLOPortletselectedLanguageId parameter, which allows an attacker to inject and execute arbitra...
Improper Certificate Validation
com.squareup.okhttp3, okhttp is vulnerable to improper certificate validation. The vulnerability is due to improper use of cryptographic hostname verification in verifyHostName, which allows an attacker to present a certificate for an incorrect domain and potentially perform remote information...
Sensitive Information Exposure
Jenkins ByteGuard Build Actions Plugin is vulnerable to Sensitive Information Exposure. The vulnerability is due to storing API tokens in plaintext within job config.xml files, where the plugin does not encrypt or otherwise protect secret values, and allows attackers with Item/Extended Read...
Open Redirect
Liferay Portal is vulnerable to Open Redirect. The vulnerability is due to improper validation of the comliferaylayoutadminwebportletGroupPagesPortletredirect parameter in the page administration module, which allows an attacker to redirect users to arbitrary external URLs...
Phishing Attack
Keycloak is vulnerable to a phishing attack. The vulnerability is due to unsanitized user-controlled input in the errordescription query parameter being rendered directly in trusted error pages, which allows an attacker to craft misleading URLs that display fake messages, links, or contact detail...
Sensitive Information Disclosure
Jenkins Statistics Gatherer Plugin is vulnerable to Sensitive Information Disclosure. The vulnerability is due to failure to mask the AWS Secret Key in the global configuration UI, allowing attackers with configuration access to view and potentially capture the secret value...
Sensitive Information Disclosure
Jenkins Curseforge Publisher Plugin is vulnerable to Sensitive Information Disclosure. The vulnerability is due to storing API keys in plaintext in job configuration files, allowing users with Item/Extended Read permission or file system access on the Jenkins controller to view and misuse the...
Arbitrary Code Execution
QOS.CH logback-core is vulnerable to Arbitrary Code Execution. The vulnerability is due to unsafe conditional processing of configuration files and environment variables, which allows an attacker with existing privileges to inject or modify a malicious configuration and execute arbitrary code at...
Command Injection
sqls-server/sqls is vulnerable to Command Injection. The vulnerability is due to improper sanitization of the EDITOR environment variable and config file path in the openEditor function, which allows an attacker to execute arbitrary commands through crafted input passed to sh -c...
Denial Of Service (DoS)
github.com/sirupsen/logrus is vulnerable to Denial of Service DoS. The vulnerability is due to limitations in the internal bufio.Scanner when Entry.Writer processes a single-line payload larger than 64KB without newline characters, which causes a "token too long" error and closes the writer pipe,...
Information Disclosure
react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack, next and vitejs/plugin-rsc is vulnerable to an Information Disclosure. The vulnerability is due to unsafe handling of stringified arguments in React Server Components RSC Server Functions, where a specifically crafted...
Denial Of Service (DoS)
OpenSearch is vulnerable to Denial Of Service DoS. The vulnerability is due to the handling of overly complex querystring inputs, which allows an attacker to submit specially crafted queries that exhaust system resources and trigger a DoS condition...
Improper Symbolic Link Handling
Gogs is vulnerable to Improper Symbolic Link Handling. The vulnerability is due to the PutContents API not properly validating or restricting symbolic links, which allows an attacker to manipulate file paths and execute code locally on the system...
Improper Input Sanitization
mdast-util-to-hast is vulnerable to Improper Input Sanitization. The vulnerability is due to the utility allowing multiple unprefixed classnames to be injected via character references in markdown, which allows an attacker to disguise malicious code elements so they appear as trusted parts of the...
Cross-site Scripting (XSS)
@tiptap/extension-link is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to unsanitized user input in link-setting functionality, allowing attackers to inject javascript: URLs that execute arbitrary JavaScript when interacted with...
Improper Permission Assignment
Strimzi is vulnerable to Improper Permission Assignment. The vulnerability is due to Strimzi creating an incorrect Kubernetes Role that grants Kafka Connect and MirrorMaker 2 operands GET access to all Secrets in the namespace, allowing these components to read sensitive data they should not have...
URL Validation Bypass
validator.js is vulnerable to a URL Validation Bypass. The vulnerability is due to isURL using :// instead of : to parse protocols, allowing attackers to craft URLs that bypass protocol and domain checks and potentially enable XSS or open-redirect attacks...
Incomplete Filtering
validator is vulnerable to Incomplete Filtering.The vulnerability is due to improper handling of Unicode variation selectors \uFE0F, \uFE0E, where these characters are not counted toward string length, allowing attackers to submit inputs far longer than intended and potentially causing data...
Cross-site Request Forgery (CSRF)
Apache Geode is vulnerable to cross-site request forgery CSRF. The vulnerability is due to unsafe acceptance of state-changing GET requests in the Management and Monitoring REST API, allowing attackers who obtain a user’s session credentials to trigger malicious commands on behalf of the...
Denial Of Service (DoS)
node-forge is vulnerable to Denial of Service DoS. The vulnerability is due to deep, attacker-crafted ASN.1 structures causing unbounded recursive parsing, allowing remote unauthenticated attackers to exhaust the stack and crash the application when processing untrusted DER input...
Arbitrary Remote Code Execution (RCE)
@vitejs/plugin-rsc is vulnerable to arbitrary remote code execution RCE. The vulnerability is due to unsafe dynamic imports in server function APIs, which allows an attacker with network access to execute code on the development server, read or modify files, exfiltrate sensitive data, or pivot to...
Remote Code Execution (RCE)
Apache Syncope is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe handling of custom Groovy implementations, where a malicious administrator can inject Groovy code that is executed by the Syncope Core at runtime, enabling remote code execution until sandboxing is...
HTML Injection
librenms/librenms is vulnerable to HTML injection. The vulnerability is due to improper sanitization of the alert rule name in the Alerts Alert Rules page, which allows an attacker to inject and execute arbitrary HTML code...
Account Hijacking
prestashop/pscheckout is vulnerable to Account hijacking. The vulnerability is due to the incorrect use of arraysearch in the backoffice logic, which allows an attacker to hijack the targeted PayPal merchant account...
Denial Of Service (DoS)
Apache Struts is vulnerable to Denial Of Service DoS. The vulnerability is due to a file leak in multipart request processing, where temporary files are not properly cleaned up, allowing attackers to trigger uncontrolled disk usage and exhaust server storage...
Server-Side Template Injection (SSTI)
bagisto/bagisto is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to unsanitized user input being rendered by the server-side templating engine, which allows an attacker with product-creation privileges to inject arbitrary template expressions that can lead to remote...
CSV Formula Injection
bagisto/bagisto is vulnerable to CSV Formula Injection. The vulnerability is due to accepting user-supplied product data beginning with spreadsheet formula characters, which allows an attacker to inject malicious formulas that execute when the CSV is opened, enabling data exfiltration or remote...
Weak Authentication
org.apache.druid, druid is vulnerable to Weak Authentication. The vulnerability is due to the Kerberos authenticator using a weak fallback secret generated with a non-cryptographically secure RNG when druid.auth.authenticator.kerberos.cookieSignatureSecret is not set, which allows an attacker to...
Cross-site Scripting
Apache SkyWalking is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper neutralization of script-related HTML tags, allowing attackers to inject malicious JavaScript into web pages...
Server-Side Request Forgery (SSRF)
apache.nms.amqp is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper URL resolution in the createRequestUrl function that treats paths beginning with // or \ as schema-relative URLs, which allows an attacker to override the intended base URL and force the server...
Server-Side Request Forgery (SSRF)
@angular/ssr is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper URL resolution in the createRequestUrl function that treats paths beginning with // or \ as schema-relative URLs, which allows an attacker to override the intended base URL and force the server to...
XML External Entity (XXE) Injection
Apache Tika is vulnerable to XML External Entity XXE injection. The vulnerability is due to improper handling of XFA content in PDFs within the tika-parser-pdf-module, where crafted XFA files can trigger XXE, allowing attackers to read sensitive files or make malicious internal or external reques...
Privilege Escalation
github.com/minio/minio is vulnerable to privilege escalation. The vulnerability is due to improper IAM session-policy validation, where restricted service or STS accounts can bypass inline policy checks when creating new service accounts, which allows an attacker to escalate privileges and gain...
Timing-Based Side-Channel Attack
github.com/mattermost/mattermost-server is vulnerable to timing-based side-channel attacks. The vulnerability is due to improper use of constant-time comparison for sensitive strings, which allows an attacker to exploit timing oracles to perform byte-by-byte brute-force attacks on Cloud API keys...
Interpretation-Conflict
node-forge is vulnerable to an Interpretation-Conflict. The vulnerability is due to crafted ASN.1 structures causing schema desynchronization, where inconsistent parsing can bypass downstream cryptographic checks and security decisions...
Improper Access Control
github.com/mattermost/mattermost-server is vulnerable to improper access control. The vulnerability is due to insufficient validation of guest user permissions when adding channel members, which allows an attacker to add any team member to their private channels via the...
Improper Access Control
github.com/mattermost/mattermost-server is vulnerable to improper access control. The vulnerability is due to Mattermost failing to verify whether a user has permission to join a team when using the original invite token, which allows an attacker to manipulate the OAuth state and join any team on...
Improper Authentication
Strapi is vulnerable to improper authentication. The vulnerability is due to JSON Web Tokens not being invalidated after logout or deactivation, along with a publicly accessible /admin/renew-token endpoint, which allows an attacker to reuse or indefinitely renew stolen tokens to maintain...
Improper Access Control
github.com/mattermost/mattermost-server is vulnerable to improper access control. The vulnerability is due to insufficient validation of guest user permissions when accessing channel information, which allows an attacker to discover active public channels and their metadata via the...
Authentication Bypass
better-auth is vulnerable to an Authentication Bypass. The vulnerability is due to improper handling of the userId field when no session exists, allowing attackers to supply a victim’s ID and have the server treat them as that user, enabling unauthenticated creation or modification of API keys an...
Cross-site Scripting
pyloadng is vulnerable to Cross-site Scripting. The vulnerability is due to unsafe handling of untrusted parameters in the Captcha and CNL endpoints, allowing attackers to inject malicious content or manipulate request processing, leading to Cross-site Scripting or other unintended behaviors...
Unauthorized Account Creation
melis-core is vulnerable to Unauthorized Account Creation. The vulnerability is due to missing authentication on the /melis/MelisCore/ToolUser/addNewUser endpoint, where an unauthenticated attacker can directly invoke this function to create a new administrator account and gain full control of th...
Insecure Direct Object Reference (IDOR)
com.liferay.commerce, com.liferay.commerce.order.content.web is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to improper access control on the CommerceOrderPortletcommerceOrderId parameter, which allows an attacker to access shipment addresses from other virtual...
Cross-site Scripting (XSS)
com.liferay, com.liferay.mentions.web are vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user-supplied input in name-related text fields, which allows an attacker to inject malicious scripts that execute in various widgets or apps such as comments,...
Cross-site Scripting
webreinvent/vaahcms is vulnerable to Cross-Site Scripting. The vulnerability is due to improper sanitization in the storeAvatar upload method of UserBase.php, where crafted input can be stored and later executed in a user’s browser, allowing a remote attacker to run arbitrary JavaScript code...
Insecure Direct Object Reference (IDOR)
com.liferay.portal, com.liferay.portal.impl is vulnerable to an Insecure Direct Object Reference IDOR. The vulnerability is due to improper access control on the comliferayusersadminwebportletUsersAdminPortletaddUserIds parameter, which allows an attacker to assign an organization to a user acros...
Remote Code Execution (RCE)
React Server Components are vulnerable to Remote Code Execution RCE. The vulnerability is due to the unsafe deserialization of attacker-controlled payloads sent to Server Function endpoints, which allows an attacker to execute arbitrary code without authentication...