Code Injection

Gardener Extensions is vulnerable to Code Injection. The vulnerability is due to improper handling of user-controlled input in Terraformer-based infrastructure provisioning across AWS, Azure, OpenStack, and GCP providers, which allows an attacker with administrative privileges in a Gardener proje...

Cache Poisoning

get-jwks is vulnerable to cache poisoning. The vulnerability is due to a design flaw where the iss issuer claim may be validated only after keys are retrieved from a shared JWKS cache, which allows an attacker to push a chosen public key into the cache with one crafted JWT and then reuse that...

Denial-of-Service (DoS)

rack is vulnerable to Denial-Of-Service. The vulnerability is due to Rack::RequestPOST reading the entire application/x-www-form-urlencoded body into memory due to calling rack.input.readnil without enforcing a length limit, and attackers can send very large form bodies to exhaust process memory...

Buffer Overflow

libcsp.so is vulnerable to Buffer Overflow. The vulnerability is due to improper handling of input data in the cspusartopen function at drivers/usart/zephyr.c, which allows an attacker to cause memory corruption or execute arbitrary code...

Information Disclosure

rack is vulnerable to Information Disclosure. The vulnerability is due to trusting unvalidated x-sendfile-type and x-accel-mapping headers, allowing attackers to craft headers that trick the proxy into making internal requests and bypassing access controls...

Buffer Overflow

libcsp.so is vulnerable to Buffer Overflow. The vulnerability is due to improper handling of the ifname parameter in the cspethinit function, where strcpy is used without validating input length, which allows an attacker to overflow the buffer and potentially execute arbitrary code...

Prototype Pollution

web3-core-subscriptions is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of user-supplied input in the attachToObject function, which allows an attacker to inject properties into Object.prototype...

Server-Side Request Forgery (SSRF)

cors-anywhere is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to instances being configured as open proxies that forward attacker-controlled target URLs, methods, and headers without restriction, which allows an attacker to induce requests to internal-only endpoints...

Prototype Pollution

messageformat is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of nested message keys containing special characters such as proto, which allows an attacker to inject arbitrary properties into the global object prototype, potentially leading to denial of service ...

Path Traversal

mllogger is vulnerable to path traversal. the vulnerability is due to manipulation of the File argument in the loghandler function of mllogger/server.py, which allows an attacker to perform path traversal to read, create, or overwrite files remotely...

Regular Expression Denial Of Service (ReDoS)

sinatra is vulnerable to Denial-Of-Service. The vulnerability is due to inefficient header parsing when the etag method is used, allowing attackers to send crafted headers that consume excessive CPU time and cause denial of service...

Prototype Pollution

node-cube is vulnerable to Prototype Pollution. The vulnerability is due to improper validation of user-supplied input during the prototype chain initialization process, which allows an attacker to inject malicious properties into built-in object prototypes, potentially leading to denial of servi...

Parameter-parsing Bypass

Rack is vulnerable to a parameter-parsing Bypass. The vulnerability is due to Rack::QueryParser enforcing its paramslimit only for parameters separated by & while still splitting on both & and ;, which allows an attacker to bypass the parameter count limit by using ; separators to submit excessiv...

Deserialization Of Untrusted Data

mllogger is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to manipulation of the loghandler argument data in mllogger/server.py, which triggers unsafe deserialization and allows a remote attacker to supply crafted input that can lead to arbitrary code execution or othe...

Prototype Pollution

magix-combine-ex is vulnerable to Prototype Pollution. The vulnerability is due to improper input validation in the util-deps.addFileDepend function, which allows an attacker to inject malicious properties into Object.prototype, leading to denial of service DoS or other unexpected behavior...

Denial Of Service (DoS)

Authlib is vulnerable to Denial-Of-Service via Oversized JWS/JWT. The vulnerability is due to Authlib accepting base64url-encoded header or signature inputs of unbounded size, allowing attackers to send tokens with huge encoded header/signature fields that exhaust CPU and memory during verificati...

Prototype Pollution

ts-fns is vulnerable to Prototype Pollution. The vulnerability is due to insufficient validation of user-supplied keys in the assign function, which allows an attacker to modify the Object.prototype chain and inject arbitrary properties, potentially leading to application crashes, unexpected...

Improper Access Control

github.com/opencontainers/runc is vulnerable to improper access control. The vulnerability is due to insufficient validation when bind-mounting /dev/pts/$n to /dev/console after pivotroot, which allows an attacker to manipulate mount paths and gain writable access to sensitive locations,...

OS Command Injection

@react-native-community/cli is vulnerable to OS Command Injection. The vulnerability is due to an exposed endpoint that accepts attacker-controlled POST data and passes it to system execution paths without proper sanitization, which allows an unauthenticated network attacker to run arbitrary...

SQL Injection

Django is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of user-supplied input when processing crafted dictionaries with dictionary expansion in the connector argument of query methods, which allows an attacker to inject arbitrary SQL queries into database...

Insecure Direct Object Reference (IDOR)

com.liferay.commerce, com.liferay.commerce.service is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to comliferaycommerceorderwebinternalportletCommerceOrderPortletcommerceOrderId parameter not being validated across virtual instances. This allows an attacker in on...

SQL Injection

org.open-metadata, openmetadata-service is vulnerable to SQL Injection. The vulnerability is due to improper handling of the entityType parameter in TestDefinitionDAO.listCount due to concatenating untrusted input into an SQL query, allowing attackers to supply crafted entityType values that modi...

SQL Injection

org.open-metadata, openmetadata-service is vulnerable to SQL Injection. The vulnerability is due to improper handling of the supportedDataTypeParam parameter in TestDefinitionDAO.listCount due to concatenating untrusted input into an SQL query, allowing attackers to supply crafted...

SQL Injection

org.open-metadata, openmetadata-service is vulnerable to SQL Injection. The vulnerability is due to improper handling of the entityType parameter in DocStoreDAO.listCount allowing attackers to supply crafted entityType values that modify the query and extract arbitrary data from the database...

Directory Traversal

@mastra/mcp-docs-server is vulnerable to Directory Traversal. The vulnerability is due to improper validation of file path inputs in the directory suggestion logic, which allows an attacker to bypass path traversal checks and list the contents of arbitrary directories on the user’s filesystem...

Cross-site Scripting (XSS)

starcitizenwiki/embedvideo is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper restriction of HTML attributes in the video embedding functionality, which allows an attacker to inject and execute arbitrary web scripts through crafted wikitext...

Cross-site Scripting (XSS)

novosga/novosga is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of user-supplied input in the logoNavbar/logoLogin parameters within the /admin component’s SVG File Handler, which allows an attacker to inject and execute arbitrary web scripts remotely...

Prototype Pollution

@messageformat/runtime is vulnerable to Prototype Pollution. The vulnerability is due to insufficient validation of nested message keys during message data processing, which allows an attacker to inject arbitrary properties into the Object prototype and cause denial of service or unexpected...

Command Injection

adb-mcp Server is vulnerable to Command Injection. The vulnerability is due to improper handling of user-supplied input in certain MCP Server tool definitions and implementations, which allows an attacker to inject and execute arbitrary system commands...

Arbitrary Code Execution

@anthropic-ai/claude-code is vulnerable to Arbitrary Code Execution. The vulnerability is due to the automatic execution of Yarn plugins when running yarn --version, which allows an attacker to bypass the directory trust dialog and execute code before the user confirms trust in the directory...

Open Redirection

@lobehub/chat is vulnerable to Open Redirection. The vulnerability is due to improper validation of X-Forwarded- and Host headers in the OIDC redirect handling logic, which allows an attacker to inject a malicious host and redirect users to arbitrary domains...

Symlink Validation Bypass

tar-fs is vulnerable to symlink validation bypass. The vulnerability is due to improper validation of symbolic links during tar extraction, which allows an attacker to overwrite arbitrary files if the destination directory is predictable with a crafted tarball...

Improper Input Validation

github.com/siderolabs/omni is vulnerable to an improper input validation. The vulnerability is due to the lack of validation on the destination address in the WireGuard SideroLink interface configuration, which allows an attacker with access to a malicious workload to send arbitrary packets over...

Remote Code Execution (RCE)

Llama Stack is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation of parameters in the resolveastbytype function, which allows an attacker to supply malicious input leading to arbitrary code execution...

HTTP Request Smuggling

Http4s is vulnerable to HTTP Request Smuggling. The vulnerability is due to improper handling of the HTTP trailer section, which allows an attacker—when the app is deployed behind a reverse proxy that forwards trailer headers—to bypass front-end security controls, target active users, and poison...

HTML Injection

mailgen is vulnerable to HTML injection. The vulnerability is due to improper sanitization of user-supplied content and Mailgen.generatePlaintextemail retaining HTML tags from input. An attacker can supply crafted content to inject HTML into generated plaintext emails...

Buffer Overflow

CodeChecker is vulnerable to Buffer Overflow. The vulnerability is due to unsafe handling of input when executing the CodeChecker log command, and attackers can exploit this by supplying crafted log data to cause memory corruption and potentially achieve code execution...

Cross-site Scripting (XSS)

s-cart/core and gp247/core are vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of the User-Agent header in the Admin Log Viewer, which allows an attacker to inject malicious scripts that execute in an administrator’s browser when viewing the security log...

Authorization Bypass Through User-Controlled Key

github.com/mattermost/mattermost-server is vulnerable to Authorization Bypass Through User-Controlled Key. The vulnerability is due to improper access-control validation due to the board file download endpoint accepting predictable UUIDs without authorization checks. This allows an attacker can...

Cross-Site Scripting (XSS)

dotnetnuke.core is vulnerable to a Cross-Site Scripting XSS. The vulnerability is due to improper input validation in the Biography field, which allows an attacker to inject and execute malicious JavaScript code in the context of the website, affecting other users including administrators and...

Stored Cross-Site Scripting (XSS)

com.liferay, com.liferay.change.tracking.service is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper validation of user-supplied input in the notifications widget’s “Name” text field, which allows an attacker to inject arbitrary web scripts or HTML into a...

OS Command Injection

@sequa-ai/sequa-mcp is vulnerable to OS Command Injection. Thee vulnerability is due to improper validation of redirect URLs due to the redirectToAuthorization function opening unvalidated/non-sequa URLs. An attacker can exploit this by supplying a crafted redirect URL to trigger remote OS comman...

Incorrect Authorization

Liferay Portal is vulnerable to Incorrect Authorization. The vulnerability is due to the Batch Engine failing to properly enforce permission checks for import and export tasks, which allows remote authenticated users to access exported data through the REST APIs...

Information Disclosure

com.liferay:com.liferay.portal.security.audit.event.generators.user.management is vulnerable to Information Disclosure. The vulnerability is due to audit events recording users’ password reminder answers in audit logs, which allows remote authenticated users to retrieve those answers via the audi...

Client-Side Content Injection (XSS)

dotnetnuke.core is vulnerable to Client-Side Content Injection XSS. The vulnerability is due to improper validation of query parameters, which allows an attacker to load and exploit vulnerable themes on client browsers without the site owner’s knowledge...

Cross Site Scripting (XSS)

@meshconnect/web-link-sdk is vulnerable to cross-site scripting XSS. The vulnerability is due to the lack of sanitization of URL protocols in the createLink.openLink function, which allows an attacker to execute arbitrary JavaScript code in the parent page context and access its DOM, storage,...

Command Injection

git-commiters is vulnerable to command injection. The vulnerability is due to improper input sanitization in the gitCommitersoptions, callback function, which allows an attacker to inject arbitrary commands through unsanitized parameters such as cwd or revisionRange...

Information Disclosure

OpenBao is vulnerable to an Information Disclosure Vulnerability. The vulnerability is due to a regression in audit log redaction, where raw HTTP request bodies for ACME and OIDC issuer endpoints are not properly HMAC-redacted, allowing short-lived ACME verification codes, authentication response...

OS Command Injection

github.com/chaos-mesh/chaos-mesh is vulnerable to OS command Injection. The vulnerability is due to unsanitized input handling in the cleanTcs mutation due to user-controlled fields being passed to operating-system command execution without proper validation. An attacker can use this to perform...

Regular Expression Denial Of Service

Grafana-Zabbix is vulnerable to Regular Expression Denial of Service. The vulnerability is due to inefficient regular-expression handling to user-supplied regex queries, that can trigger catastrophic backtracking, and attackers can exploit this by submitting specially crafted regex patterns that...