Password Enumeration

Liferay Portal is vulnerable to password enumeration. The vulnerability is due to insufficient protection against brute-force attempts, which allows an attacker to systematically guess and determine a user’s password even when account lockout mechanisms are enabled...

Authorization Bypass

Spring Framework is vulnerable to an Authorization Bypass. The vulnerability is due to improper enforcement of authorization checks in STOMP over WebSocket message handling, which allows an attacker to send unauthorized messages and bypass intended security controls...

Sensitive Information Disclosure

Jenkins ReadyAPI Functional Testing Plugin is vulnerable to Sensitive Information Disclosure. The vulnerability is due to storing license keys, client secrets, and passwords in plaintext in job configuration files, allowing users with Item/Extended Read permission or file system access on the...

Directory Traversal

org.craftercms, crafter-studio is vulnerable to Directory Traversal. The vulnerability is due to improper validation of file path inputs, which allows an unauthenticated attacker to overwrite arbitrary files on the operating system via crafted path traversal sequences, potentially leading to Remo...

XML External Entity (XXE)

org.jenkins-ci.plugins, generic-webhook-trigger is vulnerable to XML External Entity XXE. The vulnerability is due to improper XML parser configuration that does not disable external entity processing, which allows an attacker to exploit crafted XML input to access sensitive information or perfor...

Weak Encryption

org.apache.streampark, streampark is vulnerable to weak encryption. The vulnerability is due to the use of AES encryption in ECB mode along with a weak random number generator for protecting sensitive data, which allows an attacker to potentially expose or recover sensitive authentication...

Arbitrary File Upload

ms-mcms is vulnerable to Arbitrary File Upload. The vulnerability is due to insufficient validation of uploaded ZIP files in the New Template module, allowing attackers to upload crafted files that can be executed on the server, leading to arbitrary code execution...

Denial Of Service (DoS)

react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack, and next.js are vulnerable to Denial-Of-Service DoS vulnerability. The vulnerability is due to unsafe deserialization of payloads sent to React Server Components Server Function endpoints, where a crafted HTTP request...

Improper Cache Control

Liferay Portal is vulnerable to improper cache control. The vulnerability is due to the use of incorrect cache-control headers, which allows an attacker to gain unauthorized access to downloaded files through the browser’s cache...

Improper Authentication

com.liferay, com.liferay.portal.cluster.multiple are vulnerable to Improper Authentication. The vulnerability is due to insufficient authentication of cluster messages, which allows a remote attacker to send unauthenticated malicious data that is processed as trusted data by the affected systems...

Improper SSL Hostname Verification

org.springframework.boot, spring-boot-autoconfigure is vulnerable to improper SSL hostname verification. The vulnerability is due to missing hostname verification in Cassandra SSL auto-configuration, which allows an attacker to perform man-in-the-middle attacks by intercepting and spoofing truste...

Improper Session Expiration Enforcement

org.keycloak, keycloak-services is vulnerable to improper session expiration enforcement. The vulnerability is due to session expiration logic relying on a session-local “remember-me” flag without validating the current realm-level configuration, which allows an attacker to exploit existing...

Sandbox Bypass

org.jenkins-ci.plugins, script-security is vulnerable to sandbox bypass. The vulnerability is due to improper handling of default parameter expressions in constructors, which allows an attacker to execute arbitrary code through crafted sandboxed scripts...

Information Disclosure

org.keycloak, keycloak-services is vulnerable to information disclosure. The vulnerability is due to insufficient authorization checks on the /admin/realms/realm/roles endpoint, which allows an attacker to access and disclose sensitive role metadata without proper permissions...

Improper Certificate Validation

org.codehaus.mevenide, netbeans is vulnerable to improper certificate validation. The vulnerability is due to the autoupdate system failing to validate SSL certificates and hostnames for HTTPS-based downloads, which allows an attacker to intercept and modify autoupdate packages and potentially...

XML External Entity (XXE) Injection

cyclonedx-core-java is vulnerable to XML External Entity XXE injection. The vulnerability is due to an insecurely configured XML Validator, where external entity processing was not fully disabled during XML validation, allowing attackers to supply a crafted CycloneDX XML BOM that triggers externa...

Cross-site Request Forgery (CSRF)

org.jenkins-ci.plugins, windocks-start-container is vulnerable to cross-site request forgery CSRF. The vulnerability is due to insufficient request validation, which allows an attacker to trick users into initiating connections to an attacker-specified URL...

Arbitrary Code Execution

Jenkins Templating Engine Plugin is vulnerable to Arbitrary Code Execution. The vulnerability is due to libraries defined in folders not being subject to sandbox protection, allowing attackers with Item/Configure permission to execute arbitrary code in the Jenkins controller JVM...

Cross-site Scripting (XSS)

com.liferay.portal, release.portal.bom is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the absence of the sandbox attribute in elements within the Blogs widget, which allows attackers to inject malicious scripts via crafted content and gain access to the parent page through...

Information Disclosure

Jenkins OpenShift Pipeline Plugin is vulnerable to sensitive information exposure. The vulnerability is due to storing authorization tokens in plaintext within job config.xml files, where the plugin fails to encrypt or securely protect authentication tokens used for OpenShift access, and allows...

Incorrect Authorization

org.nutz:nutzboot-parent is vulnerable to Incorrect Authorization. The vulnerability is due to inadequate validation of transaction parameters from/to/wei in the Transaction API, which allows an attacker to manipulate requests and perform unauthorized actions remotely...

Denial Of Service

rhino is vulnerable to a Denial of Service. The vulnerability is due to improper handling of attacker-controlled floating-point values in the toFixed function, where small or specially crafted numbers trigger an expensive call chain that attempts to raise 5 to an extremely large power, and...

Use Of Hardcoded Cryptographic Key

sureness is vulnerable to Use of Hardcoded Cryptographic Key. The vulnerability is due to the use of a hardcoded key within the application, allowing attackers who obtain or reverse engineer the key to bypass security protections or forge trusted data...

Remote Code Execution (RCE)

Apache DolphinScheduler is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient validation of user input in alert scripts, which allows an attacker to execute arbitrary shell scripts on the server...

Improper Credential Access Control

Jenkins HashiCorp Vault Plugin is vulnerable to an Improper Credential Access Control. The vulnerability is due to failure to set the correct context during Vault credential lookups, where attackers with only Item/Configure permission can trick the plugin into returning Vault credentials outside...

Sensitive Information Disclosure

Jenkins Statistics Gatherer Plugin is vulnerable to Sensitive Information Disclosure. The vulnerability is due to storing the AWS Secret Key in plaintext in the global configuration file, allowing users with access to the Jenkins controller file system to read and misuse the credential...

Cross-site Request Forgery (CSRF)

jp.ikedam.jenkins.plugins, extensible-choice-parameter is vulnerable to cross-site request forgery CSRF. The vulnerability is due to insufficient request validation, which allows an attacker to execute sandboxed Groovy code by tricking a user into performing unintended actions...

Improper Input Validation

org.openidentityplatform.openam, openam-oauth2 is vulnerable to improper input validation. The vulnerability is due to improper validation of the claimsparametersupported feature in the oidc-claims-extension.groovy script, which allows an attacker to inject a crafted JSON claims parameter in the...

Reflected Cross Site Scripting (XSS)

com.liferay.portal, release.portal.bom is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper input validation of the comliferayportallanguageoverridewebinternalportletPLOPortletselectedLanguageId parameter, which allows an attacker to inject and execute arbitra...

Improper Certificate Validation

com.squareup.okhttp3, okhttp is vulnerable to improper certificate validation. The vulnerability is due to improper use of cryptographic hostname verification in verifyHostName, which allows an attacker to present a certificate for an incorrect domain and potentially perform remote information...

Sensitive Information Exposure

Jenkins ByteGuard Build Actions Plugin is vulnerable to Sensitive Information Exposure. The vulnerability is due to storing API tokens in plaintext within job config.xml files, where the plugin does not encrypt or otherwise protect secret values, and allows attackers with Item/Extended Read...

Open Redirect

Liferay Portal is vulnerable to Open Redirect. The vulnerability is due to improper validation of the comliferaylayoutadminwebportletGroupPagesPortletredirect parameter in the page administration module, which allows an attacker to redirect users to arbitrary external URLs...

Phishing Attack

Keycloak is vulnerable to a phishing attack. The vulnerability is due to unsanitized user-controlled input in the errordescription query parameter being rendered directly in trusted error pages, which allows an attacker to craft misleading URLs that display fake messages, links, or contact detail...

Sensitive Information Disclosure

Jenkins Statistics Gatherer Plugin is vulnerable to Sensitive Information Disclosure. The vulnerability is due to failure to mask the AWS Secret Key in the global configuration UI, allowing attackers with configuration access to view and potentially capture the secret value...

Sensitive Information Disclosure

Jenkins Curseforge Publisher Plugin is vulnerable to Sensitive Information Disclosure. The vulnerability is due to storing API keys in plaintext in job configuration files, allowing users with Item/Extended Read permission or file system access on the Jenkins controller to view and misuse the...

Arbitrary Code Execution

QOS.CH logback-core is vulnerable to Arbitrary Code Execution. The vulnerability is due to unsafe conditional processing of configuration files and environment variables, which allows an attacker with existing privileges to inject or modify a malicious configuration and execute arbitrary code at...

Command Injection

sqls-server/sqls is vulnerable to Command Injection. The vulnerability is due to improper sanitization of the EDITOR environment variable and config file path in the openEditor function, which allows an attacker to execute arbitrary commands through crafted input passed to sh -c...

Denial Of Service (DoS)

github.com/sirupsen/logrus is vulnerable to Denial of Service DoS. The vulnerability is due to limitations in the internal bufio.Scanner when Entry.Writer processes a single-line payload larger than 64KB without newline characters, which causes a "token too long" error and closes the writer pipe,...

Information Disclosure

react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack, next and vitejs/plugin-rsc is vulnerable to an Information Disclosure. The vulnerability is due to unsafe handling of stringified arguments in React Server Components RSC Server Functions, where a specifically crafted...

Denial Of Service (DoS)

OpenSearch is vulnerable to Denial Of Service DoS. The vulnerability is due to the handling of overly complex querystring inputs, which allows an attacker to submit specially crafted queries that exhaust system resources and trigger a DoS condition...

Improper Symbolic Link Handling

Gogs is vulnerable to Improper Symbolic Link Handling. The vulnerability is due to the PutContents API not properly validating or restricting symbolic links, which allows an attacker to manipulate file paths and execute code locally on the system...

Improper Input Sanitization

mdast-util-to-hast is vulnerable to Improper Input Sanitization. The vulnerability is due to the utility allowing multiple unprefixed classnames to be injected via character references in markdown, which allows an attacker to disguise malicious code elements so they appear as trusted parts of the...

Cross-site Scripting (XSS)

@tiptap/extension-link is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to unsanitized user input in link-setting functionality, allowing attackers to inject javascript: URLs that execute arbitrary JavaScript when interacted with...

Improper Permission Assignment

Strimzi is vulnerable to Improper Permission Assignment. The vulnerability is due to Strimzi creating an incorrect Kubernetes Role that grants Kafka Connect and MirrorMaker 2 operands GET access to all Secrets in the namespace, allowing these components to read sensitive data they should not have...

URL Validation Bypass

validator.js is vulnerable to a URL Validation Bypass. The vulnerability is due to isURL using :// instead of : to parse protocols, allowing attackers to craft URLs that bypass protocol and domain checks and potentially enable XSS or open-redirect attacks...

Incomplete Filtering

validator is vulnerable to Incomplete Filtering.The vulnerability is due to improper handling of Unicode variation selectors \uFE0F, \uFE0E, where these characters are not counted toward string length, allowing attackers to submit inputs far longer than intended and potentially causing data...

Cross-site Request Forgery (CSRF)

Apache Geode is vulnerable to cross-site request forgery CSRF. The vulnerability is due to unsafe acceptance of state-changing GET requests in the Management and Monitoring REST API, allowing attackers who obtain a user’s session credentials to trigger malicious commands on behalf of the...

Denial Of Service (DoS)

node-forge is vulnerable to Denial of Service DoS. The vulnerability is due to deep, attacker-crafted ASN.1 structures causing unbounded recursive parsing, allowing remote unauthenticated attackers to exhaust the stack and crash the application when processing untrusted DER input...

Arbitrary Remote Code Execution (RCE)

@vitejs/plugin-rsc is vulnerable to arbitrary remote code execution RCE. The vulnerability is due to unsafe dynamic imports in server function APIs, which allows an attacker with network access to execute code on the development server, read or modify files, exfiltrate sensitive data, or pivot to...

Remote Code Execution (RCE)

Apache Syncope is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe handling of custom Groovy implementations, where a malicious administrator can inject Groovy code that is executed by the Syncope Core at runtime, enabling remote code execution until sandboxing is...