38108 matches found
Path Traversal
Liferay Portal is vulnerable to path traversal. The vulnerability is due to improper validation of query strings in the ComboServlet, which allows an attacker to access arbitrary CSS/JS files and repeatedly load them to exploit the system...
Integer Overflow
ImageMagick is vulnerable to an integer overflow. The vulnerability is due to improper integer overflow handling in the BMP decoder when calculating image buffer sizes by multiplying image width with bits per pixel, which allows an attacker to exploit a specially crafted BMP file to cause integer...
Improper Certificate Validation
org.opensearch.dataprepper.plugins:geoip-processor is vulnerable to Improper Certificate Validation. The vulnerability is due to the use of deprecated "SSL" when creating SSL contexts, which allows an attacker to potentially force negotiation of outdated and insecure SSL protocols, increasing the...
Server-Side Request Forgery (SSRF)
Apache Kylin is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of user-controlled request targets, which allows an attacker to craft malicious requests that force the server to initiate unintended outbound connections...
Files Or Directories Accessible To External Parties
Apache Kylin is vulnerable to Files or Directories Accessible to External Parties. The vulnerability is due to improper access controls on certain files or directories, which allows an attacker to access resources that should be restricted if administrative access is not adequately protected...
Denial-of-Service (DoS)
quic-go is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to improper handling of premature HANDSHAKEDONE frames during the QUIC handshake, where an assertion failure can be triggered by a misbehaving or malicious server, allowing attackers to crash the client process without...
Reflected Cross-site Scripting (XSS)
com.liferay, com.liferay.product.navigation.control.menu.web is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper validation of the comliferaylayoutadminwebportletGroupPagesPortletbackURLTitle parameter, which allows an attacker to inject arbitrary web script ...
Improper Verification Of Cryptographic Signature
Apache Spark is vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is due to the use of an unauthenticated default encryption cipher AES/CTR/NoPadding for RPC communication when spark.network.crypto.enabled is true and no cipher is explicitly configured, which allow...
Cross-site Scripting (XSS)
com.liferay, com.liferay.calendar.web is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation of user-supplied input in the Calendar widget’s “Name” field, which allows an attacker to inject arbitrary web scripts or HTML via a crafted payload...
Cross-Site Scripting (XSS)
Liferay Portal is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation of user-supplied input in the Web Content Structure Name field, which allows an attacker to inject arbitrary HTML or script code for execution...
Denial Of Service (DoS)
Django is vulnerable to a Denial Of Service DoS. The vulnerability is due to slow NFKC Unicode normalization on Windows in redirect-related functions, which allows an attacker to supply inputs with a very large number of Unicode characters to exhaust server resources and cause a denial of service...
SQL Injection
Apache Flink CDC is vulnerable to SQL Injection. The vulnerability is due to improper validation of user-supplied identifiers, such as crafted database or table names, which allows an attacker to inject malicious SQL and manipulate queries within the application...
Improper Resource Shutdown Or Release
Apache Tomcat is vulnerable to Improper Resource Shutdown or Release. The vulnerability is due to improper cleanup of temporary files created during multipart upload processing, which allows an attacker to trigger excessive accumulation of leftover temporary data, potentially exhausting disk spac...
Denial-of-service (DoS)
financejs is vulnerable to a Denial-of-service DoS. The vulnerability is due to improper handling of input in the seekZero parameter, which allows an attacker to trigger excessive computation and cause the application to become unresponsive...
Sensitive Information Exposure
com.liferay.portal.template.freemarker is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper data handling in Freemarker templates, where sensitive user data is unintentionally included in the template context, allowing an unauthorized actor to access and potential...
Improper Input Validation
@nubosoftware/node-static is vulnerable to improper input validation.The vulnerability is due to the package failing to handle null-byte %00 input correctly, which allows an attacker to trigger an exception and crash the server...
Prototype Pollution
rollbar is vulnerable to Prototype Pollution.The vulnerability is due to improper handling of user-supplied input in the utility.set function, which allows an attacker to inject malicious properties into Object.prototype through a crafted payload...
Command Injection
check-branches is vulnerable to command injection.The vulnerability is due to the tool trusting branch names as plain text and concatenating them into git commands, which allows an attacker to craft malicious branch names to execute arbitrary system commands...
Improper Access Control
formcms is vulnerable to Improper Access Control. The vulnerability is due to insufficient authentication checks on the /api/schemas/history/schemaId endpoint, which allows an attacker to access historical schema data if a valid schemaId is known or guessed...
Prototype Pollution
counterpart is vulnerable to Prototype Pollution. The vulnerability is due to insufficient sanitization of user-controlled translation keys, which allows an attacker to supply crafted keys containing prototype chain elements to inject arbitrary properties into the JavaScript Object prototype,...
Prototype Pollution
@hapi/pez is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of multipart payloads, allowing an attacker to craft a part whose content becomes the payload object's prototype, which enables bypassing validation rules or causing exceptions when accessing the request...
Insecure Temporary File Usage
llama-index-core is vulnerable to Insecure Temporary File Usage. The vulnerability is due to the use of a predictable hardcoded cache directory /tmp/llamaindex in getcachedir, where attackers on multi-user Linux systems can steal cached model data, poison embeddings, or exploit symlink race...
Arbitrary Code Execution(ACE)
Expr-eval is vulnerable to Arbitrary Code ExecutionACE. The vulnerability is due to insufficient input validation in the evaluate function, which allows an attacker to supply a crafted variables object and execute arbitrary code...
Argument Injection
@conventional-changelog/git-client is vulnerable to Argument Injection. The vulnerability is due to improper handling of user-controlled parameters in the getTags API, due to the library failing to sanitize input, allowing attackers to inject arbitrary git arguments such as --output= and overwrit...
Prototype Pollution
parse is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of user-supplied input in the SingleInstanceStateController.initializeState function, which allows an attacker to inject malicious properties into Object.prototype via a crafted payload, leading to denial of...
SMTP Command-smuggling
github.com/wneessen/go-mail is vulnerable to SMTP command-smuggling. The vulnerability is due to incorrect handling of mail.Address values when constructing the MAIL FROM and RCPT TO SMTP commands, which allows an attacker to smuggle extra ESMTP parameters or manipulate recipient routing by...
Improper Input Validation
mkdocs-include-markdown-plugin is vulnerable to improper input validation. The vulnerability is due to unvalidated input colliding with substitution placeholders, which allows an attacker to manipulate included Markdown content and potentially inject or alter data...
Prototype Pollution
spmrc is vulnerable to Prototype Pollution. The vulnerability is due to improper input validation in the set and config functions, which allows an attacker to supply a crafted payload to inject properties on Object.prototype, leading to denial of service DoS or other unexpected behaviors...
Improper Input Validation
github.com/nyaruka/phonenumbers is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of syntactic correctness in the phonenumbers.Parse function, which allows an attacker to provide crafted input and cause a panic resulting in a “runtime error: slice...
Prototype Pollution
csvjson is vulnerable to Prototype Pollution. The vulnerability is due to improper validation of user-supplied input in the toCsv function, which allows an attacker to supply a crafted payload to inject properties on Object.prototype, potentially leading to denial of service DoS or unexpected...
DNS Rebinding Attack
github.com/safedep/vet is vulnerable to DNS rebinding attack. The vulnerability is due to the lack of HTTP Host and Origin header validation, which allows an attacker to access data from the vet scan sqlite3 database remotely when vet is used as an MCP server in SSE mode with default ports...
Prototype Pollution
json-schema-editor-visual is vulnerable to Prototype Pollution. The vulnerability is due to insufficient validation of user-supplied input in the setData and deleteData functions, which allows an attacker to supply a crafted payload to inject or delete properties on Object.prototype, potentially...
Improper Input Validation
github.com/opencontainers/runc is vulnerable to improper input validation. The vulnerability is due to insufficient verification of the bind-mount source /dev/null, which allows an attacker to exploit it via arbitrary mount manipulation, leading to host information disclosure, denial of service,...
Improper File Access
runc is vulnerable to improper file access. The vulnerability is due to insufficient validation of write targets in /proc during concurrent container execution with shared mounts, which allows an attacker to exploit race conditions and redirect writes to unintended procfs files...
Prototype Pollution
web3-core-method is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of user-supplied input in the attachToObject function, which allows an attacker to supply a crafted payload and inject properties into the Object.prototype, potentially leading to denial of servic...
Prototype Pollution
toggle-array is vulnerable to Prototype Pollution. The vulnerability is due to improper input validation in the enable and disable functions, which allows an attacker to supply a crafted payload and inject properties into the Object.prototype, potentially leading to denial of service DoS or...
Arbitrary Client-Side File Disclosure
aiomysql is vulnerable to Arbitrary Client-Side File Disclosure. The vulnerability is due to the client not validating server requests for local files, and attackers can exploit this by running a rogue MySQL server that sends LOADLOCAL packets to request and retrieve arbitrary files from the clie...
Improper Input Validation
github.com/kcp-dev/kcp is vulnerable to improper input validation. The vulnerability is due to missing UPDATE validation in the initializingworkspaces virtual workspace, which allows an attacker with access to run arbitrary patches on the status field of LogicalCluster objects...
Prototype Pollution
apidoc-core is vulnerable to Prototype Pollution. The vulnerability is due to insufficient input validation in the preProcess function, which allows an attacker to supply a crafted payload and inject properties into the Object.prototype, potentially causing a denial of service DoS or unexpected...
Prototype Pollution
dref is vulnerable to Prototype Pollution. The vulnerability is due to improper validation of user-supplied input in the lib.set function, which allows an attacker to inject malicious properties into the Object.prototype, leading to a potential denial of service DoS condition...
Information Exposure
mllogger is vulnerable to Information Exposure. The vulnerability is due to insufficient validation of the key argument in the streamhandler function of mllogger/server.py, which allows a remote attacker to manipulate that argument to disclose sensitive information...
Information Disclosure
github.com/rancher/rancher is vulnerable to Information Disclosure. The vulnerability is due to improper handling of Impersonate-Extra- headers, which are sent to external entities via the /meta/proxy endpoint, allowing an attacker to access identifiable or sensitive information such as email...
Cross-site Request Forgery (CSRF)
Apollo Studio Embeddable Explorer & Embeddable Sandbox are vulnerable to cross-site request forgery CSRF. The vulnerability is due to missing origin validation in the client-side handling of window.postMessage events, which allows an attacker to send forged messages that trigger arbitrary GraphQL...
Phishing Attack
github.com/rancher/rancher is vulnerable to Phishing Attack. The vulnerability is due to a weakness in the custom SAML authentication protocol used by the Rancher CLI, which allows an attacker to steal authentication tokens through crafted phishing attempts...
Cross-site Scripting (XSS)
Piranha is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization in the Text content block of Standard and Standard Archive Pages via /manager/pages, which allows an attacker to inject malicious JavaScript that executes in another user’s browser...
Prototype Pollution
sassdoc-extras is vulnerable to Prototype Pollution. The vulnerability is due to improper validation of user-supplied input in the byGroupAndType function, which allows an attacker to inject arbitrary properties into Object.prototype, potentially leading to denial of service or unexpected...
Remote Code Execution (RCE)
cn.hutool, hutool-extra is vulnerable to remote code execution RCE. The vulnerability is due to improper expression handling in the QLExpressEngine class, which allows an attacker to execute arbitrary expressions leading to arbitrary method invocation and potential remote code execution...
XPath Injection
smolagents is vulnerable to XPath injection. The vulnerability is due to insecure XPath construction due to searchitemctrlf concatenating unsanitized user input into XPath expressions, allowing attackers to inject XPath to bypass filters, access unintended DOM nodes, or disrupt web automation...
Prototype Pollution
mpregular is vulnerable to Prototype Pollution. The vulnerability is due to insufficient validation of user-supplied input in the mp.addEventHandler function, which allows an attacker to inject arbitrary properties into Object.prototype, potentially leading to denial of service or other unexpecte...
Reverse Tabnabbing Attacks
jupyterlab is vulnerable to Reverse Tabnabbing attacks. The vulnerability is due to missing the noopener attribute in links generated by LaTeX typesetters in Markdown cells and files, which allows an attacker to exploit links with target=blank to potentially hijack the originating browser tab...