Cross-Site Request Forgery (CSRF)

com.liferay, com.liferay.change.tracking.web is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to insufficient request-validation mechanisms, which allows an attacker to trick users into unknowingly performing actions that add or edit publication comments...

Insecure Direct Object Reference (IDOR)

com.liferay, com.liferay.change.tracking.web is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to improper access control on the AccountEntriesAdminPortlet’s addressId parameter, which allows an attacker to access addresses belonging to other accounts by manipulatin...

Improper Input Validation

github.com/consensys/gnark-crypto is vulnerable to Improper Input Validation. The vulnerability is due to missing range checks during deserialization of ECDSA and EdDSA signature values, which allows an attacker to craft signatures with zero or out-of-range inputs that can trigger a null pointer...

Credential Disclosure

Grype is vulnerable to credential disclosure. The vulnerability is due to improper sanitization of registry credentials in output files generated using the --file or --output json= options, which allows an attacker to obtain exposed registry credentials from the generated output files...

HTML Injection

mailgen is vulnerable to HTML injection. The vulnerability is due to improper stripping of HTML tags in the generatePlaintext method when Unicode line-separator characters bypass the regex filter, which allows an attacker to inject unexpected HTML that can be interpreted as executable script...

Prototype Pollution

sveltekit-superforms is vulnerable to prototype pollution. The vulnerability is due to improper handling of user-supplied data in the parseFormData function of formData.js, which allows an attacker to inject properties into Object.prototype, enabling denial of service, type confusion, and potenti...

Improper Certificate Validation

github.com/in-toto/go-witness is vulnerable to Improper Certificate Validation. The vulnerability is due to the AWS attestor accepting EC2 instance identity documents without properly validating signatures and relying on outdated public certificates, which allows an attacker to supply or intercep...

Prototype Pollution

happy-dom is vulnerable to Prototype Pollution. The vulnerability is due to untrusted JavaScript running in the same isolate as the main application despite the --disallow-code-generation-from-strings flag, which allows an attacker to deploy prototype-pollution payloads to hijack critical...

Information Disclosure

github.com/argoproj/argo-workflows is vulnerable to Information Disclosure. The vulnerability is due to artifact repository credentials being logged in plaintext within the workflow-controller pod logs, which allows an attacker with permission to read pod logs to obtain these credentials and...

Privilege Escalation

authlib is vulnerable to Privilege Escalation. The vulnerability is due to accepting tokens with unknown crit headers, where Authlib violates RFC 7515 rules, allowing attackers to craft signed tokens that bypass strict verifiers and potentially enable policy bypass or privilege escalation...

Directory Traversal

github.com/argoproj/argo-workflows is vulnerable to Directory Traversal. The vulnerability is due to improper validation of archive entry paths during artifact extraction, which allows an attacker to craft malicious archive files that write arbitrary files outside the intended extraction director...

Information Disclosure

github.com/canonical/lxd is vulnerable to an Information Disclosure. The vulnerability is due to differing HTTP status code responses in the Images API, where improper project existence handling allows unauthenticated remote attackers to infer whether a target project exists, enabling unintended...

Remote Code Execution (RCE)

Parse is vulnerable to remote code execution RCE. The vulnerability is due to improper handling of malicious payloads in several methods including ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, and internal encode/decode functions, which allows an attacker to inject data tha...

Integer Overflow

github.com/filecoin-project/go-f3 is vulnerable to a Integer Overflow. The vulnerability is due to improper signer index validation, where a crafted “poison” message can trigger an integer overflow and cause go-f3 to panic, allowing attackers to crash any Filecoin node that directly consumes the...

Improper Input Validation

github.com/cometbft/cometbft is vulnerable to Improper Input Validation. The vulnerability is due to the lack of validation for BitArrays with mismatched element and bit counts, which allows an attacker to supply malformed BitArrays that can trigger processing errors or panics within the system...

Improper Null Termination

python-ldap is vulnerable to an Improper Null Termination. The vulnerability is due to incorrect handling of the NUL byte in escapednchars, where it emits a backslash plus a literal NUL instead of the RFC-4514 \00, allowing attackers to supply crafted input that consistently breaks DN constructio...

Denial Of Service (DoS)

org.keycloak, keycloak-quarkus-dist is vulnerable to a Denial of Service DoS. The vulnerability is due to the default JDK setting that permits client-initiated TLS 1.2 renegotiation, which allows an attacker to repeatedly trigger renegotiation requests to exhaust server CPU resources...

Arbitrary Code Execution

melisplatform/melis-cms-slider is vulnerable to Arbitrary Code Execution. The vulnerability is due to insufficient validation of uploaded files, where the mcsdetailimg parameter in the saveDetailsForm endpoint accepts malicious file uploads, and attackers can exploit this to upload executable...

Improper Authentication

python-social-auth is vulnerable to Improper Authentication. The vulnerability is due to automatic user association by email even when the associatebyemail pipeline is not enabled, where unvalidated or non-unique emails provided by third-party authentication services can be linked to existing...

Denial Of Service (DoS)

vllm is vulnerable to Denial Of Service DoS. The vulnerability is due to unrestricted Jinja template injection through the chattemplate and chattemplatekwargs parameters, where crafted templates can trigger unbounded loops or heavy rendering operations, and attackers can exploit this to exhaust C...

Cross-site Scripting (XSS)

homeassistant is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of energy entity names containing HTML, which allows an authenticated attacker—or a malicious energy provider default name—to inject JavaScript that executes when users hover over graph...

Cross-site Scripting (XSS)

bagisto/bagisto is vulnerable to stored cross-site scripting XSS.The vulnerability is due to the application's failure to sanitize malicious payloads in uploaded SVG files, which allows an authenticated admin attacker to embed JavaScript that executes in the victim’s browser...

Cross-site Scripting (XSS)

mailgen is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization in the generatePlaintext method, which fails to remove HTML tags provided as encoded entities, allowing an attacker to inject malicious HTML or JavaScript that can execute when the resulting...

Improper Access Control

agentapi is vulnerable to an Improper Access Control. The vulnerability is due to client-side DNS rebinding when the API is served over plain HTTP on localhost, where an attacker can bypass origin restrictions and access the /messages endpoint, and attackers can exploit this to exfiltrate sensiti...

Improper Input Sanitization

alt-design/alt-redirect is vulnerable to improper input sanitization. The vulnerability is due to the addon failing to consistently strip query-string parameters—such as case-varied, encoded, or duplicate keys—which allows an attacker to bypass sanitization and potentially perform cache poisoning...

Improper Access Control

commandkit is vulnerable to an improper access control.The vulnerability is due to a logic flaw in how ctx.commandName is populated for message-based command aliases, which allows an attacker to exploit incorrect permission checks or access-control logic when developers mistakenly treat the alias...

Denial Of Service (DoS)

github.com/siderolabs/omni is vulnerable to Denial of service DoS. The vulnerability is due to improper validation of the resource metadata field in the isSensitiveSpec function, followed by an unchecked call to CreateResource, which allows an attacker to send empty create/update requests...

Information Disclosure

github.com/siderolabs/omni is vulnerable to an information disclosure. The vulnerability is due to sensitive data being leaked through an API, which allows an attacker to access exposed information...

Cross-Site Scripting (XSS)

qwc2 is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of user-supplied input in the attribute table, which allows an authorized attacker to inject and execute arbitrary JavaScript code...

Server-Side Request Forgery (SSRF)

Astro is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insecure and unsanitized use of the x-forwarded-proto and x-forwarded-port headers when constructing URLs, which allows an attacker to manipulate these headers to bypass protected routes, poison caches, trigger...

Cross-site Scripting (XSS)

librenms/librenms is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper filtering in the reportthis function in librenms/includes/functions.php, specifically incorrect use of htmlentities in an href context, which allows an attacker to inject malicious script v...

Improper Access Control

flowise is vulnerable to improper access control.The vulnerability is due to insufficient file path restrictions in the WriteFileTool and ReadFileTool, which allows an attacker to read or write arbitrary files and potentially achieve remote command execution...

Sanitization Bypass

python-ldap is vulnerable to Sanitization Bypass. The vulnerability is due to improper escaping in escapefilterchars when escapemode=1 is used, where crafted list or dict inputs bypass character escaping due to missing type validation, and attackers can exploit this to inject malicious LDAP filte...

Use Of Externally-Controlled Input To Select Classes Or Code ('Unsafe Reflection')

Astro is vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection'. The vulnerability is due to Astro reflecting the unvalidated X-Forwarded-Host header in Astro.url, which allows an attacker to supply a malicious header value that can manipulate generated...

SQL Injection

melisplatform/melis-cms is vulnerable to SQL injection.The vulnerability is due to improper validation of the idPage parameter in the /melis/MelisCms/PageEdition/getTinyTemplates endpoint, which allows an attacker to retrieve, create, update, or delete database records through crafted SQL queries...

Remote Code Execution (RCE)

Happy DOM is vulnerable to Remote Code Execution RCE. The vulnerability is due to the use of a non-isolated Node.js VM context with JavaScript evaluation enabled by default, which allows an attacker to run untrusted code that can escape the sandbox—potentially gaining access to process-level...

Weak-password Policy Bypass

novosga/novosga is vulnerable to weak-password policy bypass. The vulnerability is due to improper validation of the Senha/Confirmação da Senha fields in the User Creation Page /novosga.users/new, which allows an attacker to remotely exploit the weak password policy, though with high complexity a...

Improper Input Validation

nodemailer is vulnerable to improper input validation.The vulnerability is due to improper handling of specially formatted recipient email addresses, which allows an attacker to embed an external address within quotes and redirect emails to an unauthorized destination...

Denial Of Service (DoS)

authlib is vulnerable to Denial Of Service. The vulnerability is due to unbounded DEFLATE decompression in the JWE zip=DEF processing path, where a very small ciphertext can expand into extremely large plaintext during token decryption, and attackers can exploit this by supplying decryptable toke...

Denial Of Service (DoS)

github.com/nwaples/rardecode is vulnerable to a Denial-of-Service DoS. The vulnerability is due to the failure to enforce limits on RAR dictionary sizes, which allows an attacker to supply a specially crafted RAR file that forces excessive memory allocation and triggers an out-of-memory crash...

Path Traversal

clearml is vulnerable to Path Traversal. The vulnerability is due to improper handling of symbolic and hard links in the safeextract function, which allows an attacker to write files outside the intended directory and potentially achieve remote code execution...

Improper Input Validation

OpenVPN is vulnerable to Improper Input Validation. The vulnerability is due to improper validation of source IP addresses during session handling, which allows an attacker to open a session from a different IP address than the one that initiated the connection and cause a denial of service for t...

Remote Command Execution

scio-pypi is vulnerable to Remote Command Execution. The vulnerability is due to torch.load executing unsafe deserialization even when weightsonly=True, which allows an attacker to craft malicious model files that trigger arbitrary code execution during loading...

Cross-site Scripting (XSS)

Liferay is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of user-supplied input in multiple fields within the Notifications widget, which allows an attacker to inject malicious scripts via crafted payloads and execute them in a victim’s browser...

Remote Command Execution

n8n and n8n-nodes-base are vulnerable to Remote Command Execution. The vulnerability is due to the Execute Command node allowing arbitrary command execution on the host system, which allows an attacker to exploit insufficient user trust controls to run malicious commands leading to system...

Cross-Site Scripting (XSS)

nicegui is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the framework not sanitizing HTML or JavaScript when rendering unescaped user input through ui.html, which allows an attacker to execute arbitrary JavaScript in a user’s browser...

Cross-site Scripting (XSS)

flowise is vulnerable to cross-site scripting XSS. The vulnerability is due to insufficient input filtering, which allows an attacker to inject malicious client-side code that executes in a victim’s browser...

Cross-site Scripting (XSS)

com.liferay.portal, release.portal.bom is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient sanitization of rich text form fields, which allows an attacker to inject a crafted payload that is later rendered in the browser and executes arbitrary web script or HTML...

Improper Input Validation

litestar is vulnerable to Improper Input Validation. The vulnerability is due to the framework unconditionally trusting the X-Forwarded-For header when generating rate-limit cache keys, which allows an attacker to spoof arbitrary IPs and rotate through them to evade rate-limiting...

DNS Rebinding

sillytavern is vulnerable to DNS rebinding. The vulnerability is due to improper host validation in the web UI, which allows an attacker to exploit it by installing malicious extensions, reading chats, and injecting arbitrary HTML for phishing...