Server-Side Template Injection (SSTI)

bagisto/bagisto is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to unsanitized user input being rendered by the server-side templating engine, which allows an attacker with product-creation privileges to inject arbitrary template expressions that can lead to remote...

CSV Formula Injection

bagisto/bagisto is vulnerable to CSV Formula Injection. The vulnerability is due to accepting user-supplied product data beginning with spreadsheet formula characters, which allows an attacker to inject malicious formulas that execute when the CSV is opened, enabling data exfiltration or remote...

Weak Authentication

org.apache.druid, druid is vulnerable to Weak Authentication. The vulnerability is due to the Kerberos authenticator using a weak fallback secret generated with a non-cryptographically secure RNG when druid.auth.authenticator.kerberos.cookieSignatureSecret is not set, which allows an attacker to...

Cross-site Scripting

Apache SkyWalking is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper neutralization of script-related HTML tags, allowing attackers to inject malicious JavaScript into web pages...

Server-Side Request Forgery (SSRF)

apache.nms.amqp is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper URL resolution in the createRequestUrl function that treats paths beginning with // or \ as schema-relative URLs, which allows an attacker to override the intended base URL and force the server...

Server-Side Request Forgery (SSRF)

@angular/ssr is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper URL resolution in the createRequestUrl function that treats paths beginning with // or \ as schema-relative URLs, which allows an attacker to override the intended base URL and force the server to...

XML External Entity (XXE) Injection

Apache Tika is vulnerable to XML External Entity XXE injection. The vulnerability is due to improper handling of XFA content in PDFs within the tika-parser-pdf-module, where crafted XFA files can trigger XXE, allowing attackers to read sensitive files or make malicious internal or external reques...

Privilege Escalation

github.com/minio/minio is vulnerable to privilege escalation. The vulnerability is due to improper IAM session-policy validation, where restricted service or STS accounts can bypass inline policy checks when creating new service accounts, which allows an attacker to escalate privileges and gain...

Timing-Based Side-Channel Attack

github.com/mattermost/mattermost-server is vulnerable to timing-based side-channel attacks. The vulnerability is due to improper use of constant-time comparison for sensitive strings, which allows an attacker to exploit timing oracles to perform byte-by-byte brute-force attacks on Cloud API keys...

Interpretation-Conflict

node-forge is vulnerable to an Interpretation-Conflict. The vulnerability is due to crafted ASN.1 structures causing schema desynchronization, where inconsistent parsing can bypass downstream cryptographic checks and security decisions...

Improper Access Control

github.com/mattermost/mattermost-server is vulnerable to improper access control. The vulnerability is due to insufficient validation of guest user permissions when adding channel members, which allows an attacker to add any team member to their private channels via the...

Improper Access Control

github.com/mattermost/mattermost-server is vulnerable to improper access control. The vulnerability is due to Mattermost failing to verify whether a user has permission to join a team when using the original invite token, which allows an attacker to manipulate the OAuth state and join any team on...

Improper Authentication

Strapi is vulnerable to improper authentication. The vulnerability is due to JSON Web Tokens not being invalidated after logout or deactivation, along with a publicly accessible /admin/renew-token endpoint, which allows an attacker to reuse or indefinitely renew stolen tokens to maintain...

Improper Access Control

github.com/mattermost/mattermost-server is vulnerable to improper access control. The vulnerability is due to insufficient validation of guest user permissions when accessing channel information, which allows an attacker to discover active public channels and their metadata via the...

Authentication Bypass

better-auth is vulnerable to an Authentication Bypass. The vulnerability is due to improper handling of the userId field when no session exists, allowing attackers to supply a victim’s ID and have the server treat them as that user, enabling unauthenticated creation or modification of API keys an...

Cross-site Scripting

pyloadng is vulnerable to Cross-site Scripting. The vulnerability is due to unsafe handling of untrusted parameters in the Captcha and CNL endpoints, allowing attackers to inject malicious content or manipulate request processing, leading to Cross-site Scripting or other unintended behaviors...

Unauthorized Account Creation

melis-core is vulnerable to Unauthorized Account Creation. The vulnerability is due to missing authentication on the /melis/MelisCore/ToolUser/addNewUser endpoint, where an unauthenticated attacker can directly invoke this function to create a new administrator account and gain full control of th...

Insecure Direct Object Reference (IDOR)

com.liferay.commerce, com.liferay.commerce.order.content.web is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to improper access control on the CommerceOrderPortletcommerceOrderId parameter, which allows an attacker to access shipment addresses from other virtual...

Cross-site Scripting (XSS)

com.liferay, com.liferay.mentions.web are vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user-supplied input in name-related text fields, which allows an attacker to inject malicious scripts that execute in various widgets or apps such as comments,...

Cross-site Scripting

webreinvent/vaahcms is vulnerable to Cross-Site Scripting. The vulnerability is due to improper sanitization in the storeAvatar upload method of UserBase.php, where crafted input can be stored and later executed in a user’s browser, allowing a remote attacker to run arbitrary JavaScript code...

Insecure Direct Object Reference (IDOR)

com.liferay.portal, com.liferay.portal.impl is vulnerable to an Insecure Direct Object Reference IDOR. The vulnerability is due to improper access control on the comliferayusersadminwebportletUsersAdminPortletaddUserIds parameter, which allows an attacker to assign an organization to a user acros...

Remote Code Execution (RCE)

React Server Components are vulnerable to Remote Code Execution RCE. The vulnerability is due to the unsafe deserialization of attacker-controlled payloads sent to Server Function endpoints, which allows an attacker to execute arbitrary code without authentication...

Cross-Site Request Forgery (CSRF)

com.liferay, com.liferay.change.tracking.web is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to insufficient request-validation mechanisms, which allows an attacker to trick users into unknowingly performing actions that add or edit publication comments...

Insecure Direct Object Reference (IDOR)

com.liferay, com.liferay.change.tracking.web is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to improper access control on the AccountEntriesAdminPortlet’s addressId parameter, which allows an attacker to access addresses belonging to other accounts by manipulatin...

Improper Input Validation

github.com/consensys/gnark-crypto is vulnerable to Improper Input Validation. The vulnerability is due to missing range checks during deserialization of ECDSA and EdDSA signature values, which allows an attacker to craft signatures with zero or out-of-range inputs that can trigger a null pointer...

Credential Disclosure

Grype is vulnerable to credential disclosure. The vulnerability is due to improper sanitization of registry credentials in output files generated using the --file or --output json= options, which allows an attacker to obtain exposed registry credentials from the generated output files...

HTML Injection

mailgen is vulnerable to HTML injection. The vulnerability is due to improper stripping of HTML tags in the generatePlaintext method when Unicode line-separator characters bypass the regex filter, which allows an attacker to inject unexpected HTML that can be interpreted as executable script...

Prototype Pollution

sveltekit-superforms is vulnerable to prototype pollution. The vulnerability is due to improper handling of user-supplied data in the parseFormData function of formData.js, which allows an attacker to inject properties into Object.prototype, enabling denial of service, type confusion, and potenti...

Improper Certificate Validation

github.com/in-toto/go-witness is vulnerable to Improper Certificate Validation. The vulnerability is due to the AWS attestor accepting EC2 instance identity documents without properly validating signatures and relying on outdated public certificates, which allows an attacker to supply or intercep...

Prototype Pollution

happy-dom is vulnerable to Prototype Pollution. The vulnerability is due to untrusted JavaScript running in the same isolate as the main application despite the --disallow-code-generation-from-strings flag, which allows an attacker to deploy prototype-pollution payloads to hijack critical...

Information Disclosure

github.com/argoproj/argo-workflows is vulnerable to Information Disclosure. The vulnerability is due to artifact repository credentials being logged in plaintext within the workflow-controller pod logs, which allows an attacker with permission to read pod logs to obtain these credentials and...

Privilege Escalation

authlib is vulnerable to Privilege Escalation. The vulnerability is due to accepting tokens with unknown crit headers, where Authlib violates RFC 7515 rules, allowing attackers to craft signed tokens that bypass strict verifiers and potentially enable policy bypass or privilege escalation...

Directory Traversal

github.com/argoproj/argo-workflows is vulnerable to Directory Traversal. The vulnerability is due to improper validation of archive entry paths during artifact extraction, which allows an attacker to craft malicious archive files that write arbitrary files outside the intended extraction director...

Information Disclosure

github.com/canonical/lxd is vulnerable to an Information Disclosure. The vulnerability is due to differing HTTP status code responses in the Images API, where improper project existence handling allows unauthenticated remote attackers to infer whether a target project exists, enabling unintended...

Remote Code Execution (RCE)

Parse is vulnerable to remote code execution RCE. The vulnerability is due to improper handling of malicious payloads in several methods including ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, and internal encode/decode functions, which allows an attacker to inject data tha...

Integer Overflow

github.com/filecoin-project/go-f3 is vulnerable to a Integer Overflow. The vulnerability is due to improper signer index validation, where a crafted “poison” message can trigger an integer overflow and cause go-f3 to panic, allowing attackers to crash any Filecoin node that directly consumes the...

Improper Input Validation

github.com/cometbft/cometbft is vulnerable to Improper Input Validation. The vulnerability is due to the lack of validation for BitArrays with mismatched element and bit counts, which allows an attacker to supply malformed BitArrays that can trigger processing errors or panics within the system...

Improper Null Termination

python-ldap is vulnerable to an Improper Null Termination. The vulnerability is due to incorrect handling of the NUL byte in escapednchars, where it emits a backslash plus a literal NUL instead of the RFC-4514 \00, allowing attackers to supply crafted input that consistently breaks DN constructio...

Denial Of Service (DoS)

org.keycloak, keycloak-quarkus-dist is vulnerable to a Denial of Service DoS. The vulnerability is due to the default JDK setting that permits client-initiated TLS 1.2 renegotiation, which allows an attacker to repeatedly trigger renegotiation requests to exhaust server CPU resources...

Arbitrary Code Execution

melisplatform/melis-cms-slider is vulnerable to Arbitrary Code Execution. The vulnerability is due to insufficient validation of uploaded files, where the mcsdetailimg parameter in the saveDetailsForm endpoint accepts malicious file uploads, and attackers can exploit this to upload executable...

Improper Authentication

python-social-auth is vulnerable to Improper Authentication. The vulnerability is due to automatic user association by email even when the associatebyemail pipeline is not enabled, where unvalidated or non-unique emails provided by third-party authentication services can be linked to existing...

Denial Of Service (DoS)

vllm is vulnerable to Denial Of Service DoS. The vulnerability is due to unrestricted Jinja template injection through the chattemplate and chattemplatekwargs parameters, where crafted templates can trigger unbounded loops or heavy rendering operations, and attackers can exploit this to exhaust C...

Cross-site Scripting (XSS)

homeassistant is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of energy entity names containing HTML, which allows an authenticated attacker—or a malicious energy provider default name—to inject JavaScript that executes when users hover over graph...

Cross-site Scripting (XSS)

bagisto/bagisto is vulnerable to stored cross-site scripting XSS.The vulnerability is due to the application's failure to sanitize malicious payloads in uploaded SVG files, which allows an authenticated admin attacker to embed JavaScript that executes in the victim’s browser...

Cross-site Scripting (XSS)

mailgen is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization in the generatePlaintext method, which fails to remove HTML tags provided as encoded entities, allowing an attacker to inject malicious HTML or JavaScript that can execute when the resulting...

Improper Access Control

agentapi is vulnerable to an Improper Access Control. The vulnerability is due to client-side DNS rebinding when the API is served over plain HTTP on localhost, where an attacker can bypass origin restrictions and access the /messages endpoint, and attackers can exploit this to exfiltrate sensiti...

Improper Input Sanitization

alt-design/alt-redirect is vulnerable to improper input sanitization. The vulnerability is due to the addon failing to consistently strip query-string parameters—such as case-varied, encoded, or duplicate keys—which allows an attacker to bypass sanitization and potentially perform cache poisoning...

Improper Access Control

commandkit is vulnerable to an improper access control.The vulnerability is due to a logic flaw in how ctx.commandName is populated for message-based command aliases, which allows an attacker to exploit incorrect permission checks or access-control logic when developers mistakenly treat the alias...

Denial Of Service (DoS)

github.com/siderolabs/omni is vulnerable to Denial of service DoS. The vulnerability is due to improper validation of the resource metadata field in the isSensitiveSpec function, followed by an unchecked call to CreateResource, which allows an attacker to send empty create/update requests...

Information Disclosure

github.com/siderolabs/omni is vulnerable to an information disclosure. The vulnerability is due to sensitive data being leaked through an API, which allows an attacker to access exposed information...