Improper Access Control

commandkit is vulnerable to an improper access control.The vulnerability is due to a logic flaw in how ctx.commandName is populated for message-based command aliases, which allows an attacker to exploit incorrect permission checks or access-control logic when developers mistakenly treat the alias...

Denial Of Service (DoS)

github.com/siderolabs/omni is vulnerable to Denial of service DoS. The vulnerability is due to improper validation of the resource metadata field in the isSensitiveSpec function, followed by an unchecked call to CreateResource, which allows an attacker to send empty create/update requests...

Information Disclosure

github.com/siderolabs/omni is vulnerable to an information disclosure. The vulnerability is due to sensitive data being leaked through an API, which allows an attacker to access exposed information...

Cross-Site Scripting (XSS)

qwc2 is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of user-supplied input in the attribute table, which allows an authorized attacker to inject and execute arbitrary JavaScript code...

Server-Side Request Forgery (SSRF)

Astro is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insecure and unsanitized use of the x-forwarded-proto and x-forwarded-port headers when constructing URLs, which allows an attacker to manipulate these headers to bypass protected routes, poison caches, trigger...

Cross-site Scripting (XSS)

librenms/librenms is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper filtering in the reportthis function in librenms/includes/functions.php, specifically incorrect use of htmlentities in an href context, which allows an attacker to inject malicious script v...

Improper Access Control

flowise is vulnerable to improper access control.The vulnerability is due to insufficient file path restrictions in the WriteFileTool and ReadFileTool, which allows an attacker to read or write arbitrary files and potentially achieve remote command execution...

Sanitization Bypass

python-ldap is vulnerable to Sanitization Bypass. The vulnerability is due to improper escaping in escapefilterchars when escapemode=1 is used, where crafted list or dict inputs bypass character escaping due to missing type validation, and attackers can exploit this to inject malicious LDAP filte...

Use Of Externally-Controlled Input To Select Classes Or Code ('Unsafe Reflection')

Astro is vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection'. The vulnerability is due to Astro reflecting the unvalidated X-Forwarded-Host header in Astro.url, which allows an attacker to supply a malicious header value that can manipulate generated...

SQL Injection

melisplatform/melis-cms is vulnerable to SQL injection.The vulnerability is due to improper validation of the idPage parameter in the /melis/MelisCms/PageEdition/getTinyTemplates endpoint, which allows an attacker to retrieve, create, update, or delete database records through crafted SQL queries...

Remote Code Execution (RCE)

Happy DOM is vulnerable to Remote Code Execution RCE. The vulnerability is due to the use of a non-isolated Node.js VM context with JavaScript evaluation enabled by default, which allows an attacker to run untrusted code that can escape the sandbox—potentially gaining access to process-level...

Weak-password Policy Bypass

novosga/novosga is vulnerable to weak-password policy bypass. The vulnerability is due to improper validation of the Senha/Confirmação da Senha fields in the User Creation Page /novosga.users/new, which allows an attacker to remotely exploit the weak password policy, though with high complexity a...

Improper Input Validation

nodemailer is vulnerable to improper input validation.The vulnerability is due to improper handling of specially formatted recipient email addresses, which allows an attacker to embed an external address within quotes and redirect emails to an unauthorized destination...

Denial Of Service (DoS)

authlib is vulnerable to Denial Of Service. The vulnerability is due to unbounded DEFLATE decompression in the JWE zip=DEF processing path, where a very small ciphertext can expand into extremely large plaintext during token decryption, and attackers can exploit this by supplying decryptable toke...

Denial Of Service (DoS)

github.com/nwaples/rardecode is vulnerable to a Denial-of-Service DoS. The vulnerability is due to the failure to enforce limits on RAR dictionary sizes, which allows an attacker to supply a specially crafted RAR file that forces excessive memory allocation and triggers an out-of-memory crash...

Path Traversal

clearml is vulnerable to Path Traversal. The vulnerability is due to improper handling of symbolic and hard links in the safeextract function, which allows an attacker to write files outside the intended directory and potentially achieve remote code execution...

Improper Input Validation

OpenVPN is vulnerable to Improper Input Validation. The vulnerability is due to improper validation of source IP addresses during session handling, which allows an attacker to open a session from a different IP address than the one that initiated the connection and cause a denial of service for t...

Remote Command Execution

scio-pypi is vulnerable to Remote Command Execution. The vulnerability is due to torch.load executing unsafe deserialization even when weightsonly=True, which allows an attacker to craft malicious model files that trigger arbitrary code execution during loading...

Cross-site Scripting (XSS)

Liferay is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of user-supplied input in multiple fields within the Notifications widget, which allows an attacker to inject malicious scripts via crafted payloads and execute them in a victim’s browser...

Remote Command Execution

n8n and n8n-nodes-base are vulnerable to Remote Command Execution. The vulnerability is due to the Execute Command node allowing arbitrary command execution on the host system, which allows an attacker to exploit insufficient user trust controls to run malicious commands leading to system...

Cross-Site Scripting (XSS)

nicegui is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the framework not sanitizing HTML or JavaScript when rendering unescaped user input through ui.html, which allows an attacker to execute arbitrary JavaScript in a user’s browser...

Cross-site Scripting (XSS)

flowise is vulnerable to cross-site scripting XSS. The vulnerability is due to insufficient input filtering, which allows an attacker to inject malicious client-side code that executes in a victim’s browser...

Cross-site Scripting (XSS)

com.liferay.portal, release.portal.bom is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient sanitization of rich text form fields, which allows an attacker to inject a crafted payload that is later rendered in the browser and executes arbitrary web script or HTML...

Improper Input Validation

litestar is vulnerable to Improper Input Validation. The vulnerability is due to the framework unconditionally trusting the X-Forwarded-For header when generating rate-limit cache keys, which allows an attacker to spoof arbitrary IPs and rotate through them to evade rate-limiting...

DNS Rebinding

sillytavern is vulnerable to DNS rebinding. The vulnerability is due to improper host validation in the web UI, which allows an attacker to exploit it by installing malicious extensions, reading chats, and injecting arbitrary HTML for phishing...

Path Traversal

ZenML is vulnerable to a path traversal. The vulnerability is due to improper validation of file paths during data.tar.gz extraction in the PathMaterializer class, which fails to detect symbolic and hard links, allowing an attacker to write arbitrary files and potentially achieve arbitrary comman...

Command Injection

Glob is vulnerable to Command Injection. The vulnerability is due to the glob CLI passing matched filenames directly to a shell with shell: true when using the -c/--cmd option, which allows an attacker to exploit maliciously crafted filenames containing shell metacharacters to execute arbitrary...

Stored Cross-Site Scripting (XSS)

Flowise is vulnerable to Stored Cross-Site ScriptingXSS. The vulnerability is due to improper sanitization of IFRAME elements in chat logs, which allows an attacker to inject malicious code that executes when an admin views the log...

Stored Cross-site Scripting (XSS)

flowise is vulnerable to Stored Cross-site Scripting XSS. The vulnerability is due to improper sanitization of FORM and INPUT elements in chat logs, which allows an attacker to inject malicious scripts executed when an admin views the log...

Improper Input Validation

thorsten/phpmyfaq is vulnerable to improper input validation. The vulnerability is due to the application's failure to enforce unique email addresses during registration, which allows an attacker to create multiple accounts with the same email and potentially exploit this for account ambiguity,...

Path Traversal

mattermost is vulnerable to Path Traversal. The vulnerability is due to improper validation of the import directory path, where malicious plugins can be placed into the prepackaged plugins directory, and attacker with admin access can exploit this to execute arbitrary code on the server...

Improper Access Control

liferay-portal is vulnerable to an Improper Access Control. The vulnerability is due to virtual products being saved with guest view permissions, where the Commerce component stores uploaded product files in Documents and Media without restricting access. An attacker can exploit this by requestin...

Cross-site Scripting

form-to-database is vulnerable to Cross-Site Scripting. The vulnerability is due to improper handling of form values, where non-string inputs were not sanitized or safely normalized, and attackers can exploit this by injecting malicious JavaScript that executes when the data is rendered...

Insecure Direct Object Reference (IDOR)

liferay-portal is vulnerable to an Insecure Direct Object Reference IDOR vulnerability. The vulnerability is due to the workflow definition API exposing resources based on user-supplied names without enforcing authorization checks, where the API resolves workflow definitions directly by name...

Improper Access Control

@anthropic-ai/claude-code is vulnerable to improper access control. The vulnerability is due to improper handling of symlinks in permission-deny rules, which allows an attacker to bypass explicit file-access restrictions and access files via symlink paths...

Code Injection

@anthropic-ai/claude-code is vulnerable to code injection.The vulnerability is due to a flaw in the startup trust dialog that allows an attacker to trick the tool into executing untrusted project code before the user approves the dialog...

Open Redirect

liferay-portal is vulnerable to an Open Redirect vulnerability. The vulnerability is due to multiple settings portlets failing to validate user-supplied redirect parameters, where the System Settings, Instance Settings, and Site Settings portlets blindly trust values passed via their respective...

Improper Access Control

liferay-portal is vulnerable to Improper Access Control. The vulnerability is due to JSON Web Services being registered and invoked directly as classes, where these services bypass expected routing and are executed in a way that triggers Service Access Policies SAP unintentionally. This allows...

SQL Injection

Django is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of column aliases in methods like QuerySet.annotate, alias, aggregate, and extra, which allows an attacker to exploit crafted dictionary inputs passed via kwargs to inject malicious SQL—particularly on MySQL...

Directory Traversal

Django is vulnerable to Directory Traversal. The vulnerability is due to improper path validation in the django.utils.archive.extract function, which allows an attacker to supply archive files with paths crafted to share a prefix with the target directory, enabling partial traversal and unintende...

Stored Cross-site Scripting (XSS)

com.liferay.portal, release.portal.bom is vulnerable to Stored cross-site scripting XSS. The vulnerability is due to insufficient sanitization of rich text fields in web content translation, which allows an attacker to inject malicious HTML or script that executes when viewed by other users...

Cross-site Scripting (XSS)

joomla/filter is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper handling and validation of user-supplied input in the checkAttribute method, which allows an attacker to inject malicious scripts that can be executed in a victim’s browser...

Buffer Overflow

spdk is vulnerable to Buffer Overflow. The vulnerability is due to improper bounds handling in the NVMe-oF target component lib/nvmf, which allows an attacker to craft malicious input that can overflow buffers and potentially execute arbitrary code or cause a crash...

Server-Side Request Forgery (SSRF)

LLaMA-Factory is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to the chat API’s processrequest function making unsanitized HTTP requests to user-supplied URLs, which allows an attacker to force internal/external network requests and read arbitrary files on the server...

Server-Side Request Forgery (SSRF)

vllm is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient restrictions on user-supplied URLs in the MediaConnector class’s loadfromurl and loadfromurlasync methods, which allows an attacker to coerce the server into making arbitrary internal network requests...

Deserialization Of Untrusted Data

pyfory and pyfury are vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to the ability to craft a malicious serialized data stream that triggers the pickle-fallback serializer, which allows an attacker to invoke pickle.loads and achieve remote code execution...

Authorization Bypass

Liferay Portal and Liferay DXP are vulnerable to Authorization Bypass. The vulnerability is due to improper access control on the comliferayportalsecurityauditwebportletAuditPortletauditEventId parameter, which allows an authenticated attacker in one virtual instance to view audit events belongin...

Allocation Of Resources Without Limits Or Throttling

pdfmake is vulnerable to Allocation of Resources Without Limits or Throttling. The vulnerability is due to improper handling of repeatedly redirected URLs during file embedding, where the library follows redirect chains without enforcing limits, and an attacker can exploit this by supplying craft...

Denial Of Service

rack is vulnerable to Denial Of Service. The vulnerability is due to unbounded buffering of the multipart preamble in Rack::Multipart::Parser, where attackers can send extremely large preamble data before the first boundary, causing excessive memory consumption and potential OOM-induced DoS...

Improper Input Validation

auth0/wordpress is vulnerable to Improper Input Validation. The vulnerability is due to the Bulk User Import endpoint not validating the file path wrapper or value, which allows an attacker to supply arbitrary file paths or URLs to manipulate file handling behavior...