Stored Cross-Site Scripting

TinyMCE is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization of data-mce- attributes such as data-mce-href, data-mce-src, and data-mce-style, allowing attackers to inject malicious values that override validated attributes during content...

Cross-Site Scripting (XSS)

drupal/googletag is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper neutralization of user-supplied input during web page generation, which allows an attacker to inject and execute malicious scripts in a victim's browser through crafted input...

Missing Authorization

Drupal Authenticator Login is vulnerable to Missing Authorization. The vulnerability is due to improper authorization checks in the Authenticator Login component, which allows an attacker to perform forceful browsing and access restricted functionality or resources without proper authorization...

Path Traversal

lsfusion.platform, web-client is vulnerable to Path Traversal. The vulnerability is due to improper validation of the sid argument in the UploadFileRequestHandler component, which allows a remote attacker to perform path traversal by manipulating the parameter and accessing files outside the...

Improper Authorization

github.com/fission/fission is vulnerable to improper authorization. The vulnerability is due to the storagesvc component exposing archive CRUD endpoints without performing authentication or authorization checks, which allows an attacker with access to the storagesvc service to enumerate archive...

Path Traversal

github.com/xyproto/algernon is vulnerable to Path Traversal. The vulnerability is due to DirPage traversing parent directories beyond the configured server root while searching for a handler.lua file, which allows an attacker who can place a malicious handler.lua in an ancestor directory to achie...

Stored Cross-Site Scripting (XSS)

TinyMCE is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of forged mce:protected comments, which allows an attacker to bypass content sanitization and inject malicious scripts that execute when the protected content is restored...

Arbitrary Code Injection

Contour is vulnerable to Arbitrary Code Injection. The vulnerability is due to insufficient sanitization of user-controlled values in cookieRewritePolicies.pathRewrite.value, where values are interpolated into Envoy HTTP Lua filter code using Go text/template, allowing attackers with HTTPProxy...

Improper Access Control

@delmaredigital/payload-puck is vulnerable to Improper Access Control. The vulnerability is due to the use of Payload's local API with overrideAccess: true in /api/puck/ CRUD endpoints, which allows an attacker to bypass collection-level access controls and perform unauthorized actions...

Cross-site Scripting (XSS)

phpMyFAQ is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper escaping of malformed URLs in Utils::parseUrl, which allows an attacker to inject malicious JavaScript through comments and steal admin session cookies when affected pages are viewed...

Cross-site Scripting (XSS)

ci4-cms-erp/ci4ms is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization and escaping of user-supplied page content before rendering, which allows an attacker to inject malicious scripts that execute in the browsers of visitors and administrators viewing the...

Directory Traversal

Python Liquid is vulnerable to Directory Traversal. The vulnerability is due to insufficient validation of absolute file paths in the FileSystemLoader and CachingFileSystemLoader, which allows a malicious template author to load and render arbitrary files outside the configured search paths using...

Path Traversal

.NET Core is vulnerable to Path Traversal. The vulnerability is due to improper handling of specially crafted files, which allows an attacker to write arbitrary files and directories to unintended locations on a vulnerable system...

Path Traversal

Open WebUI is vulnerable to Path Traversal. The vulnerability is due to improper validation and sanitization of uploaded file names derived from HTTP upload requests, which allows an attacker to upload files with crafted dot-segments and traverse outside the intended uploads directory, potentiall...

Denial Of Service (DoS)

Wire is vulnerable to Denial of Service DoS. The vulnerability is due to improper validation of negative lengths in protobuf group-skipping logic, which allows an attacker to trigger an unchecked runtime exception and crash applications processing crafted protobuf payloads...

Improper Integrity Verification

Amazon SageMaker Python SDK is vulnerable to improper integrity verification. The vulnerability is due to missing integrity verification in the Triton inference handler, which allows an authenticated attacker with S3 write access to replace model artifacts with a specially crafted pickle payload...

Cross-Site Scripting (XSS)

github.com/argoproj/argo-cd is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper URL validation in link.argocd.argoproj.io/ annotations, which allows an attacker with developer-level access to inject a javascript: URI using the pipe-separator trick and execute arbitrary...

Improper Input Validation

com.ibeetl:beetl-spring-classic is vulnerable to Improper Input Validation. The vulnerability is due to improper neutralization of special elements in expression language statements within the SpELFunction component, which allows an attacker to inject and execute malicious expressions remotely...

Improper Authorization

Open WebUI is vulnerable to improper authorization. The vulnerability is due to improper validation of authorized user roles in the API, which allows a pending user account to bypass intended access restrictions and gain unauthorized access to the web application...

Integer Overflow

github.com/iskorotkov/avro is vulnerable to integer overflow. The vulnerability is due to improper handling of attacker-controlled 64-bit values, integer truncation, and overflow-prone arithmetic in multiple decoder paths, which allows an attacker to exploit untrusted Avro streams to trigger...

Path Traversal

github.com/openclaw/crabbox is vulnerable to path traversal. The vulnerability is due to improper validation of workspace path resolution in the Islo provider, which allows an attacker to supply crafted absolute or relative paths through a malicious .crabbox.yaml or crabbox.yaml file to perform...

Denial Of Service (DoS)

OpenClaw is vulnerable to a Denial Of Service DoS. The vulnerability is due to improper validation of oversized frames in the voice-call realtime WebSocket path, which allows a remote attacker to send oversized WebSocket frames and cause service unavailability...

Improper Access Control

Fission is vulnerable to improper access control. The vulnerability is due to the router automatically registering internal function routes without validating associated HTTPTrigger restrictions, which allows an attacker to invoke arbitrary functions directly by guessing the function name and...

Authorization Bypass

9router is vulnerable to Authorization Bypass. The vulnerability is due to improper authorization handling in the Administrative API endpoint /api, which allows an attacker to bypass access controls and perform unauthorized actions remotely...

Prototype Pollution

parseFormData is vulnerable to Prototype Pollution. The vulnerability is due to improper filtering of reserved property keys in bracket and dot-notation FormData field parsing, which allows an attacker to modify Object.prototype and pollute the prototype chain of application objects...

Remote Code Execution (RCE)

9router is vulnerable to Remote Code Execution RCE. The vulnerability is due to missing authentication checks on /api/cli-tools/ and /api/mcp/ endpoints, which allows an attacker to chain unauthenticated API calls and execute arbitrary OS commands remotely...

Denial Of Service (DoS)

@libp2p/gossipsub is vulnerable to Denial of Service DoS. The vulnerability is due to missing limits on subscription entries, unbounded topic handling, and failure to clean up empty topic sets, which allows an attacker to exhaust Node.js heap memory and crash the process through crafted...

Remote Code Execution (RCE)

@penpot/mcp is vulnerable to Remote Code Execution RCE. The vulnerability is due to an unauthenticated /execute endpoint exposed on all network interfaces, which allows an attacker to remotely execute arbitrary JavaScript code on the server...

Arbitrary Code Injection

Froxlor is vulnerable to Arbitrary Code Injection. The vulnerability is due to improper escaping of single quotes in PhpHelper::parseArrayToString, which allows an attacker to inject arbitrary PHP code through the privilegeduser parameter that gets executed on subsequent requests...

SQL Injection

XWiki Full Calendar Macro is vulnerable to SQL Injection. The vulnerability is due to a SQL injection vulnerability by accessing database info or starting a DoS attack, where users with the right to view the Calendar.JSONService page including guest users can exploit this issue and access databas...

Authorization Bypass

Kyverno is vulnerable to Authorization Bypass. The vulnerability is due to a critical authorization boundary bypass in namespaced Kyverno Policy apiCall, where the resolved urlPath is executed using the Kyverno admission controller ServiceAccount, with no enforcement that the request is limited t...

LFS Object Overwrite

Gogs is vulnerable to LFS object overwrite. The vulnerability is due to overwritable LFS objects across different repositories, where attackers can manipulate the uploaded file like injecting backdoor, and Gogs does not verify uploaded LFS file content against its claimed SHA-256...

Improper Authentication

Shopware is vulnerable to Improper Authentication. The vulnerability is due to insufficient validation and binding of shop installations to their original domains during app re-registration, which allows an attacker to hijack app communication and obtain API credentials intended for legitimate...

Remote Code Execution (RCE)

statamic/cms is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe execution of user-controlled Antlers template content in Antlers-enabled inputs, which allows an attacker with authenticated control panel access to execute arbitrary code in the application context...

Cross-site Scripting (XSS)

ci4-cms-erp/ci4ms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization and output encoding of user-controlled post data in the Menu Management functionality, which allows an attacker to inject malicious scripts that execute in administrative dashboards and...

Cross-site Scripting (XSS)

PrestaShop is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user-supplied email input in the Contact Us form, which allows an attacker to inject malicious scripts that execute when a back-office employee views the customer service thread...

Improper Access Control

getgrav/grav-plugin-api is vulnerable to Improper Access Control. The vulnerability is due to an insecure direct object reference and flawed permission update logic in UsersController::update, which allows an attacker to escalate privileges to Super Administrator and gain full system access...

Server-Side Template Injection (SSTI)

OpenMRS is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to improper handling of user-controlled input in Velocity templates within ConceptReferenceRange, which allows an attacker to inject template expressions and execute arbitrary code...

Resource Exhaustion

XWiki Platform is vulnerable to Resource Exhaustion. The vulnerability is due to missing query limits in REST API endpoints that enumerate database list properties, which allows an attacker to exhaust server resources by triggering large unbounded queries on large wiki instances...

Stored Cross-Site Scripting

XWiki Blog Application is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper escaping of blog post titles before insertion into the HTML tag, allowing attackers with blog editing permissions to inject malicious JavaScript that executes in the browser of users...

Improper Certificate Validation

rancher is vulnerable to Improper Certificate Validation. The vulnerability is due to the Rancher CLI automatically retrieving and trusting CA certificates from Rancher’s cacerts setting when the -skip-verify flag is used without the --cacert flag, potentially allowing attackers to influence...

XML External Entity (XXE) Injection

ome, pom-bio-formats is vulnerable to XML External Entity XXE Injection. The vulnerability is due to insecure configuration of DocumentBuilderFactory while parsing Leica XML metadata files, which allows an attacker to perform SSRF, access local resources, or trigger denial of service through...

Cross-site Scripting (XSS)

Gogs is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of data: URI schemes in comments and issue descriptions, which allows an attacker to inject and execute arbitrary JavaScript through malicious links...

Information Exposure

Spring Cloud Config is vulnerable to Information Exposure. The vulnerability is due to improper validation of requests when using Google Secrets Manager as a backend, which allows an attacker to craft requests that expose secrets from unintended GCP projects...

Improper Cleanup Of Namespace Data

OpenBao is vulnerable to improper cleanup of namespace data.The vulnerability is due to incomplete cleanup when retries occur after an initial namespace deletion failure, which allows an attacker to potentially retain access to outstanding leases or leave residual storage entries that should have...

Path Traversal

Hugo is vulnerable to Path Traversal. The vulnerability is due to unrestricted execution of Node-based asset pipeline tools such as PostCSS, Babel, and TailwindCSS during site builds, allowing code from untrusted sites to read or write files outside the project's working directory when processed ...

Improper Authentication

github.com/QuantumNous/new-api is vulnerable to Improper Authentication. The vulnerability is due to insufficient validation of Stripe webhook events, which allows an attacker to forge webhook requests and fraudulently credit quota to an account without making a payment...

Filter Expression Injection

Spring AI is vulnerable to Filter Expression Injection. The vulnerability is due to insufficient sanitization of document IDs in MilvusVectorStoredoDeleteList, where attacker-controlled IDs are incorporated into Milvus filter expressions, allowing injection of malicious query conditions that can...

Directory Traversal

OpenMRS Core is vulnerable to Directory Traversal. The vulnerability is due to improper validation and normalization of ZIP archive entry paths during module extraction, which allows an attacker to write arbitrary files outside the intended directory and achieve remote code execution...

Race Condition

Spring Cloud Config Server is vulnerable to Race Condition. The vulnerability is due to a Time-of-Check Time-of-Use TOCTOU issue in handling the Git repository base directory spring.cloud.config.server.git.basedir, where attackers may manipulate filesystem state between validation and use,...