38108 matches found
Memory-Safety Vulnerability
pgx is vulnerable to a memory-safety vulnerability. The vulnerability is due to improper memory handling in the library, which allows an attacker to exploit memory corruption conditions and potentially cause unexpected behavior, denial of service, or arbitrary code execution...
Improper Authentication
Juju is vulnerable to Improper Authentication. The vulnerability is due to improper TLS client and server certificate validation in the internal Dqlite database cluster, which allows an unauthenticated attacker to join the cluster and gain full read and write access to the database...
Arbitrary File Read And Write
Incus is vulnerable to arbitrary file read and write. The vulnerability is due to improper enforcement of the pongo2 chroot isolation mechanism in instance template files, which allows an attacker to bypass filesystem restrictions and perform arbitrary file read/write operations on the host syste...
Use Of Hard-coded Credentials
GoHarbor Harbor is vulnerable to Use of Hard-coded Credentials. The vulnerability is due to the presence of default hard-coded credentials in the application, which allows an attacker to gain unauthorized access to the web UI using known passwords...
Authentication Bypass
github.com/oauth2-proxy/oauth2-proxy is vulnerable to an authentication bypass. The vulnerability is due to improper handling of health check User-Agent values in authrequest-style integrations when --ping-user-agent or --gcp-healthchecks is enabled, which allows an unauthenticated remote attacke...
Missing Authorization
free5GC is vulnerable to Missing Authorization. The vulnerability is due to missing OAuth2 and bearer-token authorization checks in the NEF 3gpp-traffic-influence API, which allows an attacker to perform unauthorized creation, modification, and deletion of traffic-influence subscriptions...
Missing Authentication
github.com/dgraph-io/dgraph is vulnerable to Missing Authentication. The vulnerability is due to the restoreTenant admin mutation missing authorization middleware validation, which allows an unauthenticated attacker to overwrite the database, access server-side files via file:// paths, and perfor...
Inadequate Encryption Strength
github.com/enchant97/note-mark/backend is vulnerable to Inadequate Encryption Strength. The vulnerability is due to missing enforcement of minimum length and entropy requirements for the JWTSECRET value, which allows an attacker to brute-force weak secrets and forge valid JWT tokens...
Authentication Bypass
Traefik is vulnerable to Authentication Bypass. The vulnerability is due to improper handling in the ForwardAuth middleware when trustForwardHeader=false is configured behind a trusted upstream proxy, which allows an attacker to bypass authentication controls and gain unauthorized access...
Path Traversal
github.com/patrickhener/goshs is vulnerable to Path Traversal. The vulnerability is due to a missing return statement in the tdeleteFile function after the path traversal check, which allows an attacker to bypass path validation and perform unauthorized file deletion through crafted traversal pat...
Authentication Bypass
github.com/traefik/traefik is vulnerable to an authentication bypass. The vulnerability is due to improper sanitization of forwarded header alias variants using underscores instead of dashes, which allows an attacker to inject spoofed trusted headers and bypass authentication on protected routes...
Session Fixation
org.apache.wicket, wicket-auth-roles is vulnerable to a session fixation. The vulnerability is due to the missing invocation of the Servlet HTTP request method changeSessionId after session binding, which allows an attacker to exploit session fixation by reusing a predefined session ID to hijack ...
Directory Traversal
github.com/gtsteffaniak/filebrowser is vulnerable to Directory Traversal. The vulnerability is due to improper sanitization of attacker-controlled path input before path validation, which allows an attacker to use traversal sequences to delete arbitrary files outside the intended shared directory...
Unauthenticated Credential Disclosure
github.com/dgraph-io/dgraph is vulnerable to an unauthenticated credential disclosure. The vulnerability is due to the /debug/pprof/cmdline endpoint being accessible without authentication, which exposes the full process command line including the admin token, allowing an attacker to retrieve the...
Directory Traversal
org.springframework.cloud, spring-cloud-config-server is vulnerable to a Directory Traversal. The vulnerability is due to improper validation of specially crafted URL paths in the spring-cloud-config-server module, which allows an attacker to perform a directory traversal attack and access...
Authorization Bypass
github.com/juju/juju is vulnerable to Authorization Bypass. The vulnerability is due to insufficient authorization checks in the Controller facade CloudSpec API method, which allows a low-privileged authenticated attacker to access sensitive cloud credentials...
Path Traversal
org.eclipse.basyx:basyx.sdk is vulnerable to Path Traversal. The vulnerability is due to inadequate path normalization of the fileName parameter in the Submodel HTTP API, which allows an attacker to write arbitrary files to the host filesystem and potentially execute malicious code...
Embedded Malicious Code
@tanstack/ packages are vulnerable to Embedded Malicious Code. The vulnerability is due to misconfigured GitHub Actions workflows and cache poisoning weaknesses that allowed attackers to extract OIDC tokens and publish malicious package versions under a trusted identity...
Information Exposure
follow-redirects is vulnerable to Information Exposure. The vulnerability is due to improper filtering of custom authentication headers during cross-domain redirects, which allows an attacker to obtain sensitive credentials forwarded to unintended domains...
Improper Memory Buffer Handling
uuid is vulnerable to Improper Memory Buffer Handling. The vulnerability is due to missing validation of buffer size and offset values during UUID generation, which allows an attacker to trigger silent partial writes into caller-provided buffers...
Directory Traversal
SiYuan is vulnerable to Directory Traversal. The vulnerability is due to improper handling of double URL decoding in the serveExport function, which allows an attacker to use double-encoded traversal sequences to read arbitrary files from the workspace...
Improper Authentication
openvpn-auth-oauth2 is vulnerable to Improper Authentication. The vulnerability is due to improper handling of authentication logic in experimental plugin mode, which allows unsupported clients to bypass authentication checks and gain unauthorized VPN access...
SQL Injection
SiYuan is vulnerable to SQL Injection. The vulnerability is due to direct execution of user-supplied SQL statements in the /api/search/fullTextSearchBlock endpoint without authorization or validation checks, which allows an attacker to execute arbitrary SQL commands against the database...
Directory Traversal
SiYuan is vulnerable to Directory Traversal. The vulnerability is due to improper validation of file paths in the /export endpoint, which allows an attacker to use double-encoded traversal sequences to read arbitrary files and obtain sensitive information...
Cross-site Scripting (XSS)
SiYuan is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper escaping of attacker-controlled content in SVG output generated by the dynamic icon API endpoint, which allows an attacker to inject and execute malicious JavaScript through crafted URLs...
Server-Side Request Forgery (SSRF)
Grav is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to unsafe processing of Twig templates with undefined PHP function registration enabled, which allows an attacker to trigger unauthorized server-side requests...
Java Deserialisation
net.sf.jasperreports, jasperreports is vulnerable to Java Deserialization. The vulnerability is due to insecure deserialization of untrusted input, which allows an attacker to remotely execute arbitrary code on systems using the affected library...
Path Traversal
elijaa/phpmemcacheadmin is vulnerable to Path Traversal. The vulnerability is due to improper validation of user-supplied input, which allows an attacker to exploit path traversal techniques to delete files stored on the server...
Remote Code Execution (RCE)
facturascripts/facturascripts is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation of file paths within uploaded ZIP archives, which allows an attacker to overwrite arbitrary files and execute malicious code through a Zip Slip attack...
SQL Injection
LiteLLM is vulnerable to SQL Injection. The vulnerability is due to unsafe inclusion of caller-supplied API key values directly into database queries during proxy API key checks, which allows an attacker to read or modify database contents through crafted Authorization headers...
Remote Code Execution (RCE)
LiteLLM is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe rendering of user-supplied prompt templates in the POST /prompts/test endpoint without sandboxing, allowing authenticated users to execute arbitrary code within the LiteLLM Proxy process and potentially access...
Authorization Bypass
CKAN is vulnerable to Authorization Bypass. The vulnerability is due to improper authorization enforcement in datastoresearchsql, allowing attackers to bypass access controls and retrieve data from private resources as well as PostgreSQL system information...
Path Traversal
Mako is vulnerable to Path Traversal. The vulnerability is due to inconsistent slash-stripping behavior in TemplateLookup.gettemplate, where URIs beginning with // can bypass path restrictions and access arbitrary files outside the intended template directory, allowing disclosure of files readabl...
Improper Certificate Validation
CKAN is vulnerable to Improper Certificate Validation. The vulnerability is due to insufficient validation of SMTP server certificates, allowing attackers to spoof the configured mail server using invalid or self-signed certificates and enabling man-in-the-middle attacks against email traffic and...
Server-Side Request Forgery
Weblate is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to missing validation of repository URLs during project backup import, where Component.objects.bulkcreate bypasses Django fullclean validation and allows attacker-controlled repository URLs to be written into...
SQL Injection
CKAN is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of input in datastoresearchsql, which allows an attacker to inject arbitrary SQL queries and gain access to private resources and PostgreSQL system information...
Remote Code Execution (RCE)
dedoc/scramble is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe evaluation of user-controlled input during documentation generation, which allows an attacker to execute arbitrary PHP code in the application context...
Authorization Bypass
com.arcadedb, arcadedb-server is vulnerable to Authorization Bypass. The vulnerability is due to improper initialization of access controls and missing security configuration during database creation, which allows an attacker to bypass database and record-level authorization restrictions...
HTTP Header Injection
io.netty, netty-handler-proxy is vulnerable to HTTP Header Injection. The vulnerability is due to improper validation of user-supplied outbound headers in the HttpProxyHandler CONNECT request construction, which allows an attacker to inject arbitrary HTTP headers into requests sent to the proxy...
Command Injection
github.com/gotenberg/gotenberg is vulnerable to Command Injection. The vulnerability is due to lack of validation of JSON metadata keys passed to ExifTool, which allows an attacker to inject arbitrary ExifTool arguments and execute operating system commands...
Man-in-the-middle
Apache Airflow is vulnerable to Man-in-the-middle. The vulnerability is due to the lack of certificate validation when using the SMTP provider SmtpHook, where a man-in-the-middle between the Airflow worker and the SMTP server could present a self-signed certificate and capture the SMTP credential...
Command Injection
Click is vulnerable to Command Injection. The vulnerability is due to improper handling of user-controlled input in the click.edit function, allowing attackers to inject and execute arbitrary operating system commands from an unprivileged account...
Improper Authorization
github.com/mattermost/mattermost-server is vulnerable to improper authorization. The vulnerability is due to insufficient validation of team membership permissions in the Add Channel Member API, which allows an attacker to exploit the API endpoint to access user metadata and channel membership...
Improper Access Control
Apollo Federation is vulnerable to improper access control. The vulnerability is due to improper enforcement of user-defined access control directives on interface types and fields, which allows an attacker to bypass access restrictions by querying implementing object types and fields through...
Insecure Direct Object Reference (IDOR)
File Browser is vulnerable to an Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient authorization checks in the share deletion functionality, which allows an authenticated attacker with share permissions to delete other users’ shared links by exploiting improper acces...
Improper Authentication
github.com/mattermost/mattermost-server is vulnerable to improper authentication. The vulnerability is due to the failure to enforce multi-factor authentication on WebSocket connections, which allows an unauthenticated attacker to access sensitive information through WebSocket events...
Remote Code Execution
Sonatype Nexus Repository is vulnerable to Remote Code Execution. The vulnerability is due to a flaw in the task management component, where an authenticated attacker with task creation permissions can bypass the nexus.scripts.allowCreation security control and execute arbitrary code...
Denial Of Service (DoS)
brace-expansion is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of brace patterns with a zero step value, which allows an attacker to trigger infinite loops and excessive memory consumption...
Uncontrolled Recursion
@nestjs/microservices is vulnerable to Uncontrolled Recursion. The vulnerability is due to recursive processing of multiple JSON messages in a single TCP frame without proper recursion limits, which allows an attacker to trigger a stack overflow and crash the application...
Path Traversal
ServiceStack is vulnerable to Path Traversal. The vulnerability is due to improper validation of user-supplied paths in the FindType method, which allows an attacker to manipulate file operations and execute arbitrary code...