Authentication Bypass

mantisbt/mantisbt is vulnerable to Authentication Bypass. The vulnerability is due to the use of loose comparison == instead of strict comparison === in authentication logic, which allows an attacker to exploit MD5 hash collisions interpreted as numeric zero and gain unauthorized access without...

Insecure Deserialization

quantconnect.common is vulnerable to insecure deserialization. The vulnerability is due to insecure configuration of the TypeNameHandling property in the Json.NET library, which allows an attacker to exploit unsafe deserialization of crafted JSON payloads and potentially execute arbitrary code...

Cross-site Scripting (XSS)

Bagisto is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient validation of uploaded files in the TinyMCE image upload functionality, which allows an attacker with sufficient privileges to upload a crafted HTML file containing JavaScript that executes in a user’s...

Arbitrary File Upload

mautic/grapes-js-builder-bundle is vulnerable to Arbitrary File Upload. The vulnerability is due to lack of file type restrictions during uploads, which allows an attacker to upload and execute malicious files on the server...

Authenticated SQL Injection

torrentpier/torrentpier is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the topicid parameter in modcp.php, which allows an authenticated moderator to inject malicious SQL queries and exploit the database...

Cross-Site Scripting (XSS)

magento is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization of user input in form fields, which allows an attacker to inject malicious scripts that execute in a victim’s browser when the affected page is viewed...

Weak Password Policy

librenms/librenms is vulnerable to a weak password policy. The vulnerability is due to insufficient enforcement of strong password rules in the user management functionality, which allows an attacker to exploit weak and predictable credentials through brute-force or credential stuffing attacks...

Cross-site Scripting (XSS)

aimeos/ai-cms-grapesjs is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to lack of proper sanitization when Content Security Policy is disabled, which allows an attacker to inject malicious JavaScript through editor content...

Remote Code Execution (RCE)

CSLA .NET is vulnerable to remote code execution RCE. The vulnerability is due to the use of the obsolete NetDataContractSerializer NDCS in WcfProxy, which allows an attacker to execute arbitrary code during the deserialization process...

SQL Injection

Admidio is vulnerable to SQL Injection. The vulnerability is due to improper handling of user input in member assignment data retrieval functionality, which allows an attacker to execute arbitrary SQL commands and manipulate database data...

Insecure Storage Of Sensitive Information

Liferay Portal and Liferay DXP are vulnerable to insecure storage of sensitive information. The vulnerability is due to storing password reset tokens in plain text in the database, which allows an attacker with database access to retrieve the token, reset a user’s password, and take over the user...

Stored Cross-Site Scripting (XSS)

Jenkins AnchorChain Plugin is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper validation of URL schemes when generating links from workspace content, allowing attackers to inject javascript: URLs that execute malicious scripts in the Jenkins user interface...

Improper Access Control

dnn.platform is vulnerable to improper access control. The vulnerability is due to the default HTML editing configuration allowing unauthenticated file uploads, which allows an attacker to upload arbitrary files and potentially leverage them for further compromise...

Integer Overflow

ImageMagick is vulnerable to an integer overflow. The vulnerability is due to improper validation of width and height values in the TIM image parser’s ReadTIMImage function when calculating the image size without overflow checks, which allows an attacker to supply a crafted TIM image that trigger...

Cross-site Scripting (XSS)

org.jenkins-ci.plugins:cloudbees-jenkins-advisor is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper escaping of server responses, which allows an attacker to inject malicious scripts that execute in the context of users viewing the affected content...

Improper Access Control

com.liferay, com.liferay.blogs.item.selector.web is vulnerable to improper access control. The vulnerability is due to missing permission checks on blog entry images, which allows an attacker to access and view images via a crafted URL...

Session Fixation

Jenkins Bitbucket OAuth Plugin is vulnerable to session fixation. The vulnerability is due to the plugin not invalidating the previous session on login, where an attacker can reuse an existing session and gain unauthorized access...

Cross-site Request Forgery

Jenkins Nexus Task Runner Plugin is vulnerable to a Cross-Site Request Forgery CSRF. The vulnerability is due to missing CSRF protection on sensitive plugin endpoints, where crafted requests can trigger actions without user interaction, allowing attackers to force an authenticated Jenkins user to...

XML External Entity (XXE) Injection

Mustang is vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper restriction of external entity references during XML processing, which allows an attacker to exploit XXE attacks to exfiltrate arbitrary files from the affected system...

Stored Cross-site-scripting (XSS)

dotnetnuke.core is vulnerable to cross-site scripting XSS. The vulnerability is due to incomplete sanitization of uploaded SVG file content, which allows an attacker to inject malicious scripts and execute them in a user’s browser...

Information Disclosure

Aircompressor is vulnerable to Information Disclosure. The vulnerability is due to improper handling of malformed compressed data in decompression routines, which allows an attacker to craft input that leaks previous buffer contents and expose sensitive data...

Missing Authorization Checks

org.jenkins-ci.plugins, publish-to-bitbucket is vulnerable to missing authorization checks. The vulnerability is due to a missing permission check when accessing credential-related functionality, which allows an attacker with Overall/Read permission to enumerate credential IDs stored in Jenkins...

Reflected Cross-site Scripting (XSS)

com.liferay.portal, com.liferay.portal.impl are vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper input validation in the googlegadget component, which allows a remote unauthenticated attacker to inject and execute malicious JavaScript in a victim’s browser...

SQL Injection

Mingsoft MCMS is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of user-supplied input in the /mdiy/model/delete URI, which allows an attacker to inject and execute arbitrary SQL commands...

Unrestricted File Upload

dnn.platform is vulnerable to Unrestricted File Upload. The vulnerability is due to the default HTML editor provider allowing unauthenticated file uploads and overwriting of existing files, which allows an attacker to upload malicious files, deface the website, and potentially inject XSS payloads...

SQL Injection

jeecg-boot is vulnerable to SQL Injection. The vulnerability is due to insufficient sanitization of the title parameter in the /sys/dict/loadTreeData endpoint, allowing attackers to inject malicious SQL statements and manipulate backend database queries...

Improper Session Management

Keycloak is vulnerable to improper session management. The vulnerability is due to reuse of session identifiers and improper cleanup during logout when browser cookies are missing, which allows an attacker to gain unauthorized access to another user’s active session and receive their authenticati...

Directory Traversal

Mammoth is vulnerable to Directory Traversal. The vulnerability is due to the lack of path or file type validation when processing DOCX files with externally linked images, which allows an attacker to read arbitrary files on the system or trigger excessive resource consumption by referencing...

Improper Authentication

org.jenkins-ci.plugins, active-directory is vulnerable to improper authentication. The vulnerability is due to the use of a magic constant during password validation, which allows an attacker to log in as any user by using the crafted magic constant as the password...

Denial Of Service (DoS)

org.apache.struts, struts2-core is vulnerable to Denial of Service DoS. The vulnerability is due to a file leak during multipart request processing, which allows an attacker to repeatedly trigger file creation on disk, leading to disk exhaustion and service disruption...

Remote Code Execution (RCE)

org.apache.dubbo:dubbo is vulnerable to Remote Code Execution RCE. The vulnerability is due to insecure deserialization handling in hessian-lite during exception logging, which allows an attacker to execute malicious code through crafted serialized data...

Sensitive Information Exposure

Jenkins ByteGuard Build Actions Plugin is vulnerable to sensitive information exposure. The vulnerability is due to improper masking of API tokens on the job configuration form, which allows an attacker to observe and capture these tokens...

OS Command Injection

Jenkins Git Client Plugin is vulnerable to OS Command Injection. The vulnerability is due to improper escaping of the workspace directory path when constructing arguments in a temporary shell script, where an attacker who can control the workspace directory name can inject and execute arbitrary...

Denial Of Service (DoS)

Liferay Portal and Liferay DXP are vulnerable to denial-of-service DoS. The vulnerability is due to the absence of limits on the number of objects returned from Headless API requests, which allows an attacker to exploit the application by sending requests that retrieve an excessively large number...

SQL Injection

io.dataease, dataease-plugin-common is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the dataSourceId parameter, which allows an attacker to inject and execute arbitrary SQL queries...

Cross-site Scripting (XSS)

Jenkins Coverage Plugin is vulnerable to a stored Cross-Site Scripting. The vulnerability is caused by missing validation of the coverage results ID when configured via the REST API, allowing attackers with Item/Configure permission to inject a javascript: URL that executes in users’ browsers...

Denial Of Service (DoS)

Liferay Portal / Liferay DXP is vulnerable to Denial of Service DoS. The vulnerability is due to the ComboServlet not enforcing limits on the number or size of files it combines, which allows a remote attacker to craft malicious URL query strings that generate extremely large responses...

CSRF Bypass

Jenkins Bitbucket Server Integration Plugin is vulnerable to CSRF Bypass. The vulnerability is due to an overly permissive implementation of an extension point that selectively disables cross-site request forgery CSRF protection for specific URLs, where attackers can craft URLs that would bypass...

Cross-site Scripting (XSS)

com.liferay, com.liferay.dynamic.data.mapping.item.selector.web are vulnerable to cross-site scripting XSS. The vulnerability is due to improper input validation in user name fields First Name, Middle Name, Last Name, which allows a remote attacker to inject arbitrary web scripts or HTML via...

Use Of Hard-coded Cryptographic Key

Apache StreamPark is vulnerable to use of a hard-coded cryptographic key. The vulnerability is due to Apache StreamPark uses an immutable, embedded key for encryption instead of a securely generated or configurable one, allowing attackers who obtain the key through reverse engineering or source...

Path Traversal

Jenkins Redpen – Pipeline Reporter for Jira Plugin is vulnerable to Path Traversal. The vulnerability is due to insufficient path validation of the workspace directory during artifact upload, where the plugin fails to enforce proper directory constraints, allowing attackers with Item/Configure...

Code Injection

org.jenkins-ci.plugins.workflow, puppet-enterprise-pipeline is vulnerable to code injection The vulnerability is due to unsafe values specified in the custom Script Security whitelist, which allows an attacker with the ability to execute Script Security-protected scripts to execute arbitrary code...

Uncontrolled Resource Consumption

Apache Commons Configuration is vulnerable to Uncontrolled Resource Consumption. The vulnerability is due to multiple design issues in the configuration loading and processing logic, where loading untrusted configuration files or allowing attacker-controlled usage patterns can trigger excessive C...

Improper Certificate Validation

org.apache.gobblin, gobblin-core is vulnerable to Improper Certificate Validation. The vulnerability is due to the application trusting all certificates for LDAP connections in Gobblin-as-a-Service, which allows an attacker to perform man-in-the-middle attacks using malicious certificates...

Deserialization Of Untrusted Data

Dataease is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to improper validation of JDBC connection parameters in the MysqlConfiguration class, which allows an attacker to connect to a malicious MySQL server and execute arbitrary system commands through deserialization...

Remote Code Execution (RCE)

org.apache.hugegraph, hg-pd-core is vulnerable to a Remote Code Execution. The vulnerability is due to insecure Hessian deserialization in the Raft cluster membership logic, where a malicious Raft node can send crafted objects that bypass type safety and trigger unsafe deserialization and attacke...

Improper Restriction Of Command Execution

org.jenkins-ci.plugins, azure-cli is vulnerable to improper restriction of command execution. The vulnerability is due to insufficient validation of executed commands, which allows an attacker with Item/Configure permission to execute arbitrary shell commands on the Jenkins controller...

Remote Code Execution (RCE)

MySQL Connector/J is vulnerable to Remote Code Execution RCE. The vulnerability is due to an unspecified flaw in Connector/J that allows an unauthenticated attacker with network access to compromise the connector through user interaction, potentially resulting in complete takeover of the affected...

XML External Entity (XXE) Injection

Jenkins Semantic Versioning Plugin is vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper validation of controller/agent messages and unrestricted parsing of attacker-controlled files containing external entities, allowing attackers controlling agent processes to...

Denial Of Service

Eclipse Jetty is vulnerable to Denial of Service. The vulnerability is due to improper handling of malformed or illegal HTTP/2 frames such as invalid WINDOWUPDATE frames, which allows an attacker to repeatedly trigger RSTSTREAM responses and exhaust server CPU and memory resources...