38108 matches found
Information Disclosure
github.com/containers/podman is vulnerable to information disclosure. The vulnerability is due to data written to RUN --mount=type=bind mounts during the Podman build not being discarded, which allows an attacker to access files created within the container from the host system’s temporary build...
Improper Input Validation
@digitalocean/do-markdownit is vulnerable to Improper Input Validation. The vulnerability is due to the callout and fenceenvironment plugins using .includes substring matching when allowedClasses or allowedEnvironments are strings instead of arrays, which allows an attacker to bypass intended...
Deserialization Of Untrusted Data
Snipe-IT is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to improper handling of untrusted serialized data, which allows an attacker to supply malicious objects that can be deserialized to execute arbitrary code or manipulate application logic...
Improper Input Validation
matrix-js-sdk is vulnerable to Improper Input Validation. The vulnerability is due to inadequate validation in the MatrixClient::getJoinedRooms function, which allows an attacker to replace a tombstoned room with an unrelated attacker-controlled room...
Cross-site Scripting (XSS)
Snipe-IT is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of user-supplied input, which allows an attacker to inject and execute arbitrary web scripts in the context of a victim’s browser...
Unchecked Input For Loop Condition
com.liferay.portal, com.liferay.portal.impl is vulnerable to unchecked input for loop condition. The vulnerability is due to improper validation of input data in XML-RPC requests, which allows an attacker to perform a denial-of-service DoS attack by sending a crafted XML-RPC request...
Arbitrary Code Execution
Keras is vulnerable to Arbitrary Code Execution. The vulnerability is due to Model.loadmodel not honoring safemode=True when reading legacy .h5/.hdf5 archives and deserializing pickled Lambda-layer code from a crafted model file, which allows an attacker to supply a malicious archive that execute...
Use-After-Free
github.com/envoyproxy/envoy is vulnerable to a Use-After-Free. The vulnerability is due to improper handling of DNS cache operations in the Dynamic Forward Proxy implementation, where a completion callback can trigger new or remove existing DNS resolutions, which allows an attacker to cause...
Cross-site Scripting (XSS)
@lobehub/cha is vulnerable to a Cross-Site Scripting XSS. The vulnerability is due to unsafe SVG rendering due to SVGRenderer using dangerouslySetInnerHTML for image/svg+xml lobeArtifact content. An attacker can inject malicious SVGs via chat messages...
Path Traversal
invokeai is vulnerable to Path Traversal. The vulnerability is due to insufficient validation of filename/path parameters due to the GET /api/v1/images/download/bulkdownloaditemname endpoint accepting user-controlled paths without canonicalization or sanitization. An an attacker can craft request...
Origin Validation Error
@parcel/reporter-dev-server is vulnerable to an Origin Validation Error. The vulnerability is due to the server failing to verify and enforce the Origin header for XMLHttpRequests. An attacker can host a malicious webpage that issues cross-origin XMLHttpRequests to a developer's running dev serve...
Path Traversal
esm.sh is vulnerable to Path Traversal. The vulnerability is due to improper sanitization of user-supplied URL components allowing path-traversal and file-scheme requests by which an attacker can craft specially-formed requests that cause the server to read and return arbitrary local files or oth...
OS Command Injection
github.com/chaos-mesh/chaos-mesh is vulnerable to OS command injection. The vulnerability is due to improper input validation in the cleanIptables mutation, which allows an unauthenticated in-cluster attacker to execute arbitrary commands and achieve remote code execution across the cluster...
Improper Authentication Exposure
github.com/chaos-mesh/chaos-mesh is vulnerable to improper authentication exposure. The vulnerability is due to the Chaos Controller Manager exposing an unauthenticated GraphQL debugging server to the entire Kubernetes cluster, which allows an attacker to kill arbitrary processes in any pod...
Denial Of Service (DoS)
rexml is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of multiple XML declarations during parsing, which allows an attacker to craft malicious XML input that exhausts system resources and causes the application to become unresponsive...
Cross-site Scripting (XSS)
com.liferay, com.liferay.portal.search is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization in the Search widget’s comliferayportalsearchwebportletSearchPortletuserId parameter, which allows an attacker to inject arbitrary web scripts or HTML into the...
Improper Resource Management
Dragonfly is vulnerable to Improper Resource Management. The vulnerability is due to the processPieceFromSource method failing to update the usedTraffic field because of an uninitialized variable, which allows an attacker to exploit incorrect rate limiting and cause a denial-of-service condition...
Missing Authorization
com.liferay, com.liferay.asset.display.page.service is vulnerable to Missing Authorization. The vulnerability is due to missing authorization checks when users attempt to view display page templates, which allows an attacker to access these templates through crafted URLs...
Improper Permission Management
Dragonfly is vulnerable to Improper Permission Management. The vulnerability is due to the use of the os.MkdirAll function without verifying permissions on existing directories, which allows a local attacker to pre-create directories with broad permissions and later tamper with files used by...
Memory Leak
Liferay Portal is vulnerable to Memory Leak. The vulnerability is due to the headless StructuredContents endpoint retaining objects or failing to release memory during request processing. An attacker can exploit this by repeatedly calling the API endpoint to exhaust server memory and cause servic...
Server-Side Request Forgery (SSRF)
Dragonfly is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of user-supplied URLs in the Manager API and peer communication, which allows an attacker to force internal components to send requests to arbitrary or internal services, potentially...
Improper Certificate Validation
Dragonfly is vulnerable to Improper Certificate Validation. The vulnerability is due to TLS certificate verification being disabled in HTTP clients, which allows an attacker to perform a man-in-the-middle attack and supply invalid data, leading to denial of service and file integrity issues...
Improper Input Validation
flowise is vulnerable to improper input validation. The vulnerability is due to missing validation of chatflowId and chatId parameters, which allows an attacker to access arbitrary files through improper handling of file upload operations...
Insecure Direct Object Reference (IDOR)
Liferay Portal including Liferay DXP is vulnerable to an Insecure Direct Object Reference IDOR. The vulnerability is due to the Contacts Center widget directly exposing the comliferaycontactswebportletContactsCenterPortletentryId parameter without proper authorization checks. An attackers can use...
Improper Authentication
flowise is vulnerable to Improper Authentication. The vulnerability is due to minimal authentication and lack of role-based access controls RBAC, followed by the default installation operating without authentication unless explicitly configured, which allows an attacker to execute unauthorized OS...
Improper Certificate Validation
KubernetesClient is vulnerable to Improper Certificate Validation. The vulnerability is due to inadequate verification of the certificate trust chain, which allows an attacker to present a forged certificate and perform man-in-the-middle attacks or impersonate the Kubernetes API server...
Cross-site Scripting
Liferay Portal is vulnerable to Cross-Site Scripting. The vulnerability is due to the Calendar events feature failing to escape or validate HTML in the First Name, Middle Name, and Last Name text fields, and attackers can exploit this by submitting crafted payloads into those fields to execute...
Path Traversal
esm.sh is vulnerable to Path Traversal. The vulnerability is due to improper validation of the X-Zone-Id HTTP header when constructing filesystem paths, which allows an attacker to use ../ sequences to write files outside the intended storage directory and access arbitrary locations on the system...
Uncontrolled Recursion
express-xss-sanitizer is vulnerable to uncontrolled recursion. The vulnerability is due to an unbounded recursion depth in the sanitize function in lib/sanitize.js when processing a JSON request body, which allows an attacker to cause a denial of service by triggering infinite recursion...
Improper Access Control
Dragonfly is vulnerable to Improper Access Control. The vulnerability is due to the /api/v1/jobs and /preheats endpoints in the Manager web UI being accessible without authentication, which allows an unauthenticated attacker with network access to create numerous malicious jobs and cause a...
Regular Expression Denial Of Service (ReDoS)
Transformers is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient handling of numeric strings in the normalizenumbers method of the EnglishNormalizer class, which allows an attacker to exploit crafted input with long digit sequences to cause excessi...
Relative Path Traversal
Apache Tomcat is vulnerable to Path Traversal. The vulnerability is due to the rewritten URL being normalized before it was decoded. This allows an attackers to manipulate the request URI and, if PUT is enabled, upload malicious files to bypass security constraints protecting /WEB-INF/ and...
Deserialization Of Untrusted Data
com.hubspot.jinjava, jinjava is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to use of mapper.getTypeFactory.constructFromCanonical which allows the underlying ObjectMapper to deserialize attacker-controlled input into arbitrary classes...
Improper Certificate Validation
Dragonfly is vulnerable to Improper Certificate Validation. The vulnerability is due to the Manager’s Certificate gRPC service not verifying whether the requested IP addresses belong to the requesting peer, which allows an attacker to obtain valid TLS certificates for arbitrary IP addresses and...
Improper Neutralization Of Escape, Meta, Or Control Sequences
Apache Tomcat is vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences vulnerability. The vulnerability is due to Tomcat logging unescaped, user-controlled URL data to console output, and attackers can use specially crafted URLs to inject ANSI escape sequences to manipulate...
Improper Input Sanitization
github.com/mattermost/mattermost-server is vulnerable to improper input sanitization. The vulnerability is due to insufficient sanitization of user data during shared channel membership synchronization, which allows an attacker from a malicious or compromised remote cluster to access sensitive us...
Arbitrary File Read
flowise is vulnerable to an arbitrary file read. The vulnerability is due to improper validation of the chatId parameter in the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints, which allows an attacker to read unintended files on the local filesystem and potentially...
Stored Cross-Site Scripting (XSS)
Liferay Portal is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper input validation in the Instance Configuration’s CDN Host HTTP and CDN Host HTTPS text fields, which allows an authenticated instance administrator to inject arbitrary web scripts or HTML into al...
Server Side Request Forgery (SSRF)
Ghost is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of user-supplied URLs, which allows an attacker to send crafted requests to internal resources and potentially access sensitive information...
Server-Side Request Forgery (SSRF)
hackmd-mcp is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of user-supplied hackmdApiUrl values via the Hackmd-Api-Url HTTP header or a base64-encoded JSON query parameter, which allows an attacker to redirect outbound API requests to internal...
NULL Pointer Dereference
Dragonfly is vulnerable to NULL Pointer Dereference. The vulnerability is due to improper handling of function return values, where a value is dereferenced even when the function returns an error, which allows an attacker to trigger a nil dereference and cause a denial of service through...
Improper Input Validation
Dragonfly is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation in the gRPC and HTTP APIs, which allows an attacker to send crafted requests that create or read arbitrary files on a peer’s system, leading to data theft and potential remote code execution...
Timing Attack
Dragonfly is vulnerable to Timing Attack. The vulnerability is due to the use of simple string comparisons in the Proxy feature’s access control mechanism, which allows an attacker to guess the password one character at a time by analyzing response time variations...
Hash Collision Weakness
Dragonfly is vulnerable to Hash Collision Weakness. The vulnerability is due to the use of insecure hash functions such as MD5 for verifying downloaded files, which allows an attacker to craft malicious files with colliding hashes and replace legitimate files without detection...
Man-In-The-Middle (MITM)
Dragonfly is vulnerable to Man-in-the-Middle MitM attack. The vulnerability is due to the scheduler being hardcoded to use the insecure HTTP protocol for downloading tiny files, which allows an attacker to intercept and modify network requests to deliver malicious or altered data...
Client-Side Path Traversal
Nuxt is vulnerable to Client-Side Path Traversal. The vulnerability is due to improper validation of user-controlled data within the Island payload revival mechanism, which allows an attacker to craft malicious nuxtisland objects that manipulate client-side requests to arbitrary endpoints within...
Improper Access Control
@executeautomation/database-server is vulnerable to Improper Access Control. The vulnerability is due to inadequate enforcement of the “read-only” mode in the npm distribution, which allows an attacker to perform unauthorized operations on connected databases such as PostgreSQL...
Sensitive Information Exposure
com.liferay.portal, com.liferay.portal.kernel is vulnerable to Sensitive Information Exposure. The vulnerability is due to remote staging not properly obtaining the live site's remote address from the database, which allows remote authenticated users—who can obtain the staging server’s shared...
Improper Command Restriction
mcp-kubernetes-server is vulnerable to improper command restriction. The vulnerability is due to incomplete validation of chained commands in the implementation of --disable-write and --disable-delete, which allows an attacker to bypass restrictions and execute unauthorized write or delete...
Denial Of Service (DoS)
go.temporal.io/server is vulnerable to Denial of service DoS. The vulnerability is due to insufficiently specific bounds checking on the authorization header, which allows an attacker to trigger excessive memory allocation leading to a denial of service...