Denial Of Service (DoS)

rack is vulnerable to Denial Of Service. The vulnerability is due to unbounded in-memory storage of non-file multipart form fields in Rack::Multipart::Parser, where attackers can send extremely large text fields that consume process memory and trigger OOM conditions, leading to DoS...

Improper Authentication

Akka.NET is vulnerable to improper authentication. The vulnerability is due to the lack of mutual TLS enforcement in Akka.Remote, which allows an attacker to connect to a TLS-enabled cluster without presenting a valid client certificate and thereby communicate with the cluster...

XML External Entity (XXE)

langchaintextsplitters is vulnerable to XML External Entity XXE injection. The vulnerability is due to unsafe parsing of arbitrary XSLT stylesheets using lxml without access controls, which allows an attacker to read local files or fetch external resources accessible to the LangChain process...

Denial Of Service (DoS)

finance.js is vulnerable to Denial Of Service.The vulnerability is due to improper handling of the IRR function’s depth parameter, where an unbounded recursion/iteration limit can be triggered to consume excessive CPU and stall or crash the application...

Information Disclosure

lxd is vulnerable to Information Disclosure. The vulnerability is due to improper validation in the image export API, where crafted requests using wildcard fingerprints allow unauthenticated network attackers to probe and determine whether projects exist...

Privilege Escalation

github.com/canonical/lxd is vulnerable to Privilege Escalation. The vulnerability is due to improper authorization in the Operations API, where an attacker with only read permissions can hijack terminal or console WebSocket sessions and execute arbitrary commands...

Denial-of-service (DoS)

@plone/volto is vulnerable to a denial-of-service DoS. The vulnerability is due to improper handling of a specific URL request, which allows an attacker to crash the NodeJS server component by simply visiting that crafted URL...

Unauthenticated Network Exposure

marimo is vulnerable to unauthenticated network exposure. The vulnerability is due to the /mpl// endpoint being accessible without authentication, which allows an attacker to reach internal services and arbitrary ports...

Server-Side Template Injection

github.com/lxc/lxd is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to improper handling of snapshot pattern templates using the Pongo2 template engine, which allows an attacker with instance-configuration permissions to craft malicious templates and read arbitrary...

Cross-Site Request Forgery (CSRF)

github.com/canonical/lxd is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper validation of client-side authentication tokens, which allows an attacker to trigger container creation and startup through crafted HTML form submissions without user consent...

Remote Code Execution (RCE)

Dolibarr is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of the computed field parameter in the User module configuration, which allows an attacker to inject malicious input and execute arbitrary code...

Deserialization Of Untrusted Data

DataChain is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to the library deserializing attacker-controlled data from environment variables, which allows an attacker who can set these variables to supply malicious serialized objects and trigger arbitrary code execution...

Path Traversal

github.com/canonical/lxd is vulnerable to Path Traversal. The vulnerability is due to improper sanitization of log file paths, where crafted file names or symlinks allow authenticated remote attackers to traverse directories and read arbitrary files on the host system...

Denial-of-service (DoS)

github.com/argoproj/argo-cd is vulnerable to a Denial-of-service DoS. The vulnerability is due to Argo CD’s /api/webhook endpoint crashing when it receives a malformed Gogs push event with a missing or null commits.repo field, which allows an attacker to send crafted API requests that crash the A...

Denial-of-service (DoS)

github.com/argoproj/argo-cd is vulnerable to a Denial-of-service DoS. The vulnerability is due to improper handling of malformed Bitbucket Server webhook payloads—specifically a non-array repository.links.clone field—which allows an attacker to send a single unauthenticated malicious request that...

Information Disclosure

github.com/canonical/lxd is vulnerable to Information Disclosure. The vulnerability is due to insufficient validation of process names, where attackers with root access in a container can spoof command-line names to impersonate other containers and obtain their metadata...

Race Condition

Argo CD is vulnerable to a race condition. The vulnerability is due to a flaw in the repository credentials handler that triggers a server panic during concurrent operations on the same repository URL, which allows an attacker to crash the Argo CD server...

Improper Certificate Validation

org.opensearch.dataprepper.plugins, opensearch is vulnerable to Improper Certificate Validation. The vulnerability is due to the plugins defaulting to a “trust-all” SSL configuration when no certificate path is provided, which allows an attacker to perform man-in-the-middle interception and...

Denial-of-service (DoS)

github.com/argoproj/argo-cd is vulnerable to a denial-of-service DoS. The vulnerability is due to Argo CD’s /api/webhook endpoint accessing an array index without validating its length, which allows an attacker to crash the argocd-server process using a single unauthenticated HTTP POST with an...

Denial Of Service (DoS)

ImageMagick is vulnerable to Denial of Service DoS. The vulnerability is due to unsigned integer underflow and division-by-zero conditions in the CLAHEImage function when tile width or height is zero, which allows an attacker to trigger out-of-bounds memory access or application crashes by...

Cross-site Scripting (XSS)

org.opencastproject:opencast-common is vulnerable to Cross-site Scripting XSS. The vulnerability is due to unfiltered rendering of user-supplied metadata in the paella player, which allows an attacker with write access to inject malicious HTML or JavaScript that executes in viewers’ browsers...

Stored Cross-site Scripting (XSS)

com.liferay, com.liferay.item.selector.web is vulnerable to stored cross-site scripting XSS. The vulnerability is due to improper sanitization of user-supplied input in the asset author’s First Name, Middle Name, or Last Name fields, which allows an authenticated attacker to inject arbitrary web...

Insertion Of Sensitive Information Into Log File

org.elasticsearch:elasticsearch is vulnerable to Insertion of Sensitive Information into Log File. The vulnerability is due to improper handling of request auditing for the reindex API, which allows an attacker to expose sensitive data if specific logging conditions are met...

Reflected Cross-site Scripting (XSS)

com.liferay.portal, release.portal.bom is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper validation of user-supplied input in the redirect parameter for Announcements and Alerts, which allows an attacker to inject arbitrary web scripts or HTML...

Improper Resource Limitation

github.com/mantra-chain/mantrachain is vulnerable to improper resource limitation. The vulnerability is due to the send hooks not enforcing transaction gas limits, which allows an attacker to trigger recursive wasm contract calls that exponentially exhaust gas...

Path Traversal

Liferay Portal is vulnerable to path traversal. The vulnerability is due to improper validation of query strings in the ComboServlet, which allows an attacker to access arbitrary CSS/JS files and repeatedly load them to exploit the system...

Integer Overflow

ImageMagick is vulnerable to an integer overflow. The vulnerability is due to improper integer overflow handling in the BMP decoder when calculating image buffer sizes by multiplying image width with bits per pixel, which allows an attacker to exploit a specially crafted BMP file to cause integer...

Improper Certificate Validation

org.opensearch.dataprepper.plugins:geoip-processor is vulnerable to Improper Certificate Validation. The vulnerability is due to the use of deprecated "SSL" when creating SSL contexts, which allows an attacker to potentially force negotiation of outdated and insecure SSL protocols, increasing the...

Server-Side Request Forgery (SSRF)

Apache Kylin is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of user-controlled request targets, which allows an attacker to craft malicious requests that force the server to initiate unintended outbound connections...

Files Or Directories Accessible To External Parties

Apache Kylin is vulnerable to Files or Directories Accessible to External Parties. The vulnerability is due to improper access controls on certain files or directories, which allows an attacker to access resources that should be restricted if administrative access is not adequately protected...

Denial-of-Service (DoS)

quic-go is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to improper handling of premature HANDSHAKEDONE frames during the QUIC handshake, where an assertion failure can be triggered by a misbehaving or malicious server, allowing attackers to crash the client process without...

Reflected Cross-site Scripting (XSS)

com.liferay, com.liferay.product.navigation.control.menu.web is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper validation of the comliferaylayoutadminwebportletGroupPagesPortletbackURLTitle parameter, which allows an attacker to inject arbitrary web script ...

Improper Verification Of Cryptographic Signature

Apache Spark is vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is due to the use of an unauthenticated default encryption cipher AES/CTR/NoPadding for RPC communication when spark.network.crypto.enabled is true and no cipher is explicitly configured, which allow...

Cross-site Scripting (XSS)

com.liferay, com.liferay.calendar.web is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation of user-supplied input in the Calendar widget’s “Name” field, which allows an attacker to inject arbitrary web scripts or HTML via a crafted payload...

Cross-Site Scripting (XSS)

Liferay Portal is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation of user-supplied input in the Web Content Structure Name field, which allows an attacker to inject arbitrary HTML or script code for execution...

Denial Of Service (DoS)

Django is vulnerable to a Denial Of Service DoS. The vulnerability is due to slow NFKC Unicode normalization on Windows in redirect-related functions, which allows an attacker to supply inputs with a very large number of Unicode characters to exhaust server resources and cause a denial of service...

SQL Injection

Apache Flink CDC is vulnerable to SQL Injection. The vulnerability is due to improper validation of user-supplied identifiers, such as crafted database or table names, which allows an attacker to inject malicious SQL and manipulate queries within the application...

Improper Resource Shutdown Or Release

Apache Tomcat is vulnerable to Improper Resource Shutdown or Release. The vulnerability is due to improper cleanup of temporary files created during multipart upload processing, which allows an attacker to trigger excessive accumulation of leftover temporary data, potentially exhausting disk spac...

Denial-of-service (DoS)

financejs is vulnerable to a Denial-of-service DoS. The vulnerability is due to improper handling of input in the seekZero parameter, which allows an attacker to trigger excessive computation and cause the application to become unresponsive...

Sensitive Information Exposure

com.liferay.portal.template.freemarker is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper data handling in Freemarker templates, where sensitive user data is unintentionally included in the template context, allowing an unauthorized actor to access and potential...

Improper Input Validation

@nubosoftware/node-static is vulnerable to improper input validation.The vulnerability is due to the package failing to handle null-byte %00 input correctly, which allows an attacker to trigger an exception and crash the server...

Prototype Pollution

rollbar is vulnerable to Prototype Pollution.The vulnerability is due to improper handling of user-supplied input in the utility.set function, which allows an attacker to inject malicious properties into Object.prototype through a crafted payload...

Command Injection

check-branches is vulnerable to command injection.The vulnerability is due to the tool trusting branch names as plain text and concatenating them into git commands, which allows an attacker to craft malicious branch names to execute arbitrary system commands...

Improper Access Control

formcms is vulnerable to Improper Access Control. The vulnerability is due to insufficient authentication checks on the /api/schemas/history/schemaId endpoint, which allows an attacker to access historical schema data if a valid schemaId is known or guessed...

Prototype Pollution

counterpart is vulnerable to Prototype Pollution. The vulnerability is due to insufficient sanitization of user-controlled translation keys, which allows an attacker to supply crafted keys containing prototype chain elements to inject arbitrary properties into the JavaScript Object prototype,...

Prototype Pollution

@hapi/pez is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of multipart payloads, allowing an attacker to craft a part whose content becomes the payload object's prototype, which enables bypassing validation rules or causing exceptions when accessing the request...

Insecure Temporary File Usage

llama-index-core is vulnerable to Insecure Temporary File Usage. The vulnerability is due to the use of a predictable hardcoded cache directory /tmp/llamaindex in getcachedir, where attackers on multi-user Linux systems can steal cached model data, poison embeddings, or exploit symlink race...

Arbitrary Code Execution(ACE)

Expr-eval is vulnerable to Arbitrary Code ExecutionACE. The vulnerability is due to insufficient input validation in the evaluate function, which allows an attacker to supply a crafted variables object and execute arbitrary code...

Argument Injection

@conventional-changelog/git-client is vulnerable to Argument Injection. The vulnerability is due to improper handling of user-controlled parameters in the getTags API, due to the library failing to sanitize input, allowing attackers to inject arbitrary git arguments such as --output= and overwrit...

Prototype Pollution

parse is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of user-supplied input in the SingleInstanceStateController.initializeState function, which allows an attacker to inject malicious properties into Object.prototype via a crafted payload, leading to denial of...