Path Traversal

ZenML is vulnerable to a path traversal. The vulnerability is due to improper validation of file paths during data.tar.gz extraction in the PathMaterializer class, which fails to detect symbolic and hard links, allowing an attacker to write arbitrary files and potentially achieve arbitrary comman...

Command Injection

Glob is vulnerable to Command Injection. The vulnerability is due to the glob CLI passing matched filenames directly to a shell with shell: true when using the -c/--cmd option, which allows an attacker to exploit maliciously crafted filenames containing shell metacharacters to execute arbitrary...

Stored Cross-Site Scripting (XSS)

Flowise is vulnerable to Stored Cross-Site ScriptingXSS. The vulnerability is due to improper sanitization of IFRAME elements in chat logs, which allows an attacker to inject malicious code that executes when an admin views the log...

Stored Cross-site Scripting (XSS)

flowise is vulnerable to Stored Cross-site Scripting XSS. The vulnerability is due to improper sanitization of FORM and INPUT elements in chat logs, which allows an attacker to inject malicious scripts executed when an admin views the log...

Improper Input Validation

thorsten/phpmyfaq is vulnerable to improper input validation. The vulnerability is due to the application's failure to enforce unique email addresses during registration, which allows an attacker to create multiple accounts with the same email and potentially exploit this for account ambiguity,...

Path Traversal

mattermost is vulnerable to Path Traversal. The vulnerability is due to improper validation of the import directory path, where malicious plugins can be placed into the prepackaged plugins directory, and attacker with admin access can exploit this to execute arbitrary code on the server...

Improper Access Control

liferay-portal is vulnerable to an Improper Access Control. The vulnerability is due to virtual products being saved with guest view permissions, where the Commerce component stores uploaded product files in Documents and Media without restricting access. An attacker can exploit this by requestin...

Cross-site Scripting

form-to-database is vulnerable to Cross-Site Scripting. The vulnerability is due to improper handling of form values, where non-string inputs were not sanitized or safely normalized, and attackers can exploit this by injecting malicious JavaScript that executes when the data is rendered...

Insecure Direct Object Reference (IDOR)

liferay-portal is vulnerable to an Insecure Direct Object Reference IDOR vulnerability. The vulnerability is due to the workflow definition API exposing resources based on user-supplied names without enforcing authorization checks, where the API resolves workflow definitions directly by name...

Improper Access Control

@anthropic-ai/claude-code is vulnerable to improper access control. The vulnerability is due to improper handling of symlinks in permission-deny rules, which allows an attacker to bypass explicit file-access restrictions and access files via symlink paths...

Code Injection

@anthropic-ai/claude-code is vulnerable to code injection.The vulnerability is due to a flaw in the startup trust dialog that allows an attacker to trick the tool into executing untrusted project code before the user approves the dialog...

Open Redirect

liferay-portal is vulnerable to an Open Redirect vulnerability. The vulnerability is due to multiple settings portlets failing to validate user-supplied redirect parameters, where the System Settings, Instance Settings, and Site Settings portlets blindly trust values passed via their respective...

Improper Access Control

liferay-portal is vulnerable to Improper Access Control. The vulnerability is due to JSON Web Services being registered and invoked directly as classes, where these services bypass expected routing and are executed in a way that triggers Service Access Policies SAP unintentionally. This allows...

SQL Injection

Django is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of column aliases in methods like QuerySet.annotate, alias, aggregate, and extra, which allows an attacker to exploit crafted dictionary inputs passed via kwargs to inject malicious SQL—particularly on MySQL...

Directory Traversal

Django is vulnerable to Directory Traversal. The vulnerability is due to improper path validation in the django.utils.archive.extract function, which allows an attacker to supply archive files with paths crafted to share a prefix with the target directory, enabling partial traversal and unintende...

Stored Cross-site Scripting (XSS)

com.liferay.portal, release.portal.bom is vulnerable to Stored cross-site scripting XSS. The vulnerability is due to insufficient sanitization of rich text fields in web content translation, which allows an attacker to inject malicious HTML or script that executes when viewed by other users...

Cross-site Scripting (XSS)

joomla/filter is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper handling and validation of user-supplied input in the checkAttribute method, which allows an attacker to inject malicious scripts that can be executed in a victim’s browser...

Buffer Overflow

spdk is vulnerable to Buffer Overflow. The vulnerability is due to improper bounds handling in the NVMe-oF target component lib/nvmf, which allows an attacker to craft malicious input that can overflow buffers and potentially execute arbitrary code or cause a crash...

Server-Side Request Forgery (SSRF)

LLaMA-Factory is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to the chat API’s processrequest function making unsanitized HTTP requests to user-supplied URLs, which allows an attacker to force internal/external network requests and read arbitrary files on the server...

Server-Side Request Forgery (SSRF)

vllm is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient restrictions on user-supplied URLs in the MediaConnector class’s loadfromurl and loadfromurlasync methods, which allows an attacker to coerce the server into making arbitrary internal network requests...

Deserialization Of Untrusted Data

pyfory and pyfury are vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to the ability to craft a malicious serialized data stream that triggers the pickle-fallback serializer, which allows an attacker to invoke pickle.loads and achieve remote code execution...

Authorization Bypass

Liferay Portal and Liferay DXP are vulnerable to Authorization Bypass. The vulnerability is due to improper access control on the comliferayportalsecurityauditwebportletAuditPortletauditEventId parameter, which allows an authenticated attacker in one virtual instance to view audit events belongin...

Allocation Of Resources Without Limits Or Throttling

pdfmake is vulnerable to Allocation of Resources Without Limits or Throttling. The vulnerability is due to improper handling of repeatedly redirected URLs during file embedding, where the library follows redirect chains without enforcing limits, and an attacker can exploit this by supplying craft...

Denial Of Service

rack is vulnerable to Denial Of Service. The vulnerability is due to unbounded buffering of the multipart preamble in Rack::Multipart::Parser, where attackers can send extremely large preamble data before the first boundary, causing excessive memory consumption and potential OOM-induced DoS...

Improper Input Validation

auth0/wordpress is vulnerable to Improper Input Validation. The vulnerability is due to the Bulk User Import endpoint not validating the file path wrapper or value, which allows an attacker to supply arbitrary file paths or URLs to manipulate file handling behavior...

Denial Of Service (DoS)

rack is vulnerable to Denial Of Service. The vulnerability is due to unbounded in-memory storage of non-file multipart form fields in Rack::Multipart::Parser, where attackers can send extremely large text fields that consume process memory and trigger OOM conditions, leading to DoS...

Improper Authentication

Akka.NET is vulnerable to improper authentication. The vulnerability is due to the lack of mutual TLS enforcement in Akka.Remote, which allows an attacker to connect to a TLS-enabled cluster without presenting a valid client certificate and thereby communicate with the cluster...

XML External Entity (XXE)

langchaintextsplitters is vulnerable to XML External Entity XXE injection. The vulnerability is due to unsafe parsing of arbitrary XSLT stylesheets using lxml without access controls, which allows an attacker to read local files or fetch external resources accessible to the LangChain process...

Denial Of Service (DoS)

finance.js is vulnerable to Denial Of Service.The vulnerability is due to improper handling of the IRR function’s depth parameter, where an unbounded recursion/iteration limit can be triggered to consume excessive CPU and stall or crash the application...

Information Disclosure

lxd is vulnerable to Information Disclosure. The vulnerability is due to improper validation in the image export API, where crafted requests using wildcard fingerprints allow unauthenticated network attackers to probe and determine whether projects exist...

Privilege Escalation

github.com/canonical/lxd is vulnerable to Privilege Escalation. The vulnerability is due to improper authorization in the Operations API, where an attacker with only read permissions can hijack terminal or console WebSocket sessions and execute arbitrary commands...

Denial-of-service (DoS)

@plone/volto is vulnerable to a denial-of-service DoS. The vulnerability is due to improper handling of a specific URL request, which allows an attacker to crash the NodeJS server component by simply visiting that crafted URL...

Unauthenticated Network Exposure

marimo is vulnerable to unauthenticated network exposure. The vulnerability is due to the /mpl// endpoint being accessible without authentication, which allows an attacker to reach internal services and arbitrary ports...

Server-Side Template Injection

github.com/lxc/lxd is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to improper handling of snapshot pattern templates using the Pongo2 template engine, which allows an attacker with instance-configuration permissions to craft malicious templates and read arbitrary...

Cross-Site Request Forgery (CSRF)

github.com/canonical/lxd is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper validation of client-side authentication tokens, which allows an attacker to trigger container creation and startup through crafted HTML form submissions without user consent...

Remote Code Execution (RCE)

Dolibarr is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of the computed field parameter in the User module configuration, which allows an attacker to inject malicious input and execute arbitrary code...

Deserialization Of Untrusted Data

DataChain is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to the library deserializing attacker-controlled data from environment variables, which allows an attacker who can set these variables to supply malicious serialized objects and trigger arbitrary code execution...

Path Traversal

github.com/canonical/lxd is vulnerable to Path Traversal. The vulnerability is due to improper sanitization of log file paths, where crafted file names or symlinks allow authenticated remote attackers to traverse directories and read arbitrary files on the host system...

Denial-of-service (DoS)

github.com/argoproj/argo-cd is vulnerable to a Denial-of-service DoS. The vulnerability is due to Argo CD’s /api/webhook endpoint crashing when it receives a malformed Gogs push event with a missing or null commits.repo field, which allows an attacker to send crafted API requests that crash the A...

Denial-of-service (DoS)

github.com/argoproj/argo-cd is vulnerable to a Denial-of-service DoS. The vulnerability is due to improper handling of malformed Bitbucket Server webhook payloads—specifically a non-array repository.links.clone field—which allows an attacker to send a single unauthenticated malicious request that...

Information Disclosure

github.com/canonical/lxd is vulnerable to Information Disclosure. The vulnerability is due to insufficient validation of process names, where attackers with root access in a container can spoof command-line names to impersonate other containers and obtain their metadata...

Race Condition

Argo CD is vulnerable to a race condition. The vulnerability is due to a flaw in the repository credentials handler that triggers a server panic during concurrent operations on the same repository URL, which allows an attacker to crash the Argo CD server...

Improper Certificate Validation

org.opensearch.dataprepper.plugins, opensearch is vulnerable to Improper Certificate Validation. The vulnerability is due to the plugins defaulting to a “trust-all” SSL configuration when no certificate path is provided, which allows an attacker to perform man-in-the-middle interception and...

Denial-of-service (DoS)

github.com/argoproj/argo-cd is vulnerable to a denial-of-service DoS. The vulnerability is due to Argo CD’s /api/webhook endpoint accessing an array index without validating its length, which allows an attacker to crash the argocd-server process using a single unauthenticated HTTP POST with an...

Denial Of Service (DoS)

ImageMagick is vulnerable to Denial of Service DoS. The vulnerability is due to unsigned integer underflow and division-by-zero conditions in the CLAHEImage function when tile width or height is zero, which allows an attacker to trigger out-of-bounds memory access or application crashes by...

Cross-site Scripting (XSS)

org.opencastproject:opencast-common is vulnerable to Cross-site Scripting XSS. The vulnerability is due to unfiltered rendering of user-supplied metadata in the paella player, which allows an attacker with write access to inject malicious HTML or JavaScript that executes in viewers’ browsers...

Stored Cross-site Scripting (XSS)

com.liferay, com.liferay.item.selector.web is vulnerable to stored cross-site scripting XSS. The vulnerability is due to improper sanitization of user-supplied input in the asset author’s First Name, Middle Name, or Last Name fields, which allows an authenticated attacker to inject arbitrary web...

Insertion Of Sensitive Information Into Log File

org.elasticsearch:elasticsearch is vulnerable to Insertion of Sensitive Information into Log File. The vulnerability is due to improper handling of request auditing for the reindex API, which allows an attacker to expose sensitive data if specific logging conditions are met...

Reflected Cross-site Scripting (XSS)

com.liferay.portal, release.portal.bom is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper validation of user-supplied input in the redirect parameter for Announcements and Alerts, which allows an attacker to inject arbitrary web scripts or HTML...

Improper Resource Limitation

github.com/mantra-chain/mantrachain is vulnerable to improper resource limitation. The vulnerability is due to the send hooks not enforcing transaction gas limits, which allows an attacker to trigger recursive wasm contract calls that exponentially exhaust gas...