SMTP Command-smuggling

github.com/wneessen/go-mail is vulnerable to SMTP command-smuggling. The vulnerability is due to incorrect handling of mail.Address values when constructing the MAIL FROM and RCPT TO SMTP commands, which allows an attacker to smuggle extra ESMTP parameters or manipulate recipient routing by...

Improper Input Validation

mkdocs-include-markdown-plugin is vulnerable to improper input validation. The vulnerability is due to unvalidated input colliding with substitution placeholders, which allows an attacker to manipulate included Markdown content and potentially inject or alter data...

Prototype Pollution

spmrc is vulnerable to Prototype Pollution. The vulnerability is due to improper input validation in the set and config functions, which allows an attacker to supply a crafted payload to inject properties on Object.prototype, leading to denial of service DoS or other unexpected behaviors...

Improper Input Validation

github.com/nyaruka/phonenumbers is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of syntactic correctness in the phonenumbers.Parse function, which allows an attacker to provide crafted input and cause a panic resulting in a “runtime error: slice...

Prototype Pollution

csvjson is vulnerable to Prototype Pollution. The vulnerability is due to improper validation of user-supplied input in the toCsv function, which allows an attacker to supply a crafted payload to inject properties on Object.prototype, potentially leading to denial of service DoS or unexpected...

DNS Rebinding Attack

github.com/safedep/vet is vulnerable to DNS rebinding attack. The vulnerability is due to the lack of HTTP Host and Origin header validation, which allows an attacker to access data from the vet scan sqlite3 database remotely when vet is used as an MCP server in SSE mode with default ports...

Prototype Pollution

json-schema-editor-visual is vulnerable to Prototype Pollution. The vulnerability is due to insufficient validation of user-supplied input in the setData and deleteData functions, which allows an attacker to supply a crafted payload to inject or delete properties on Object.prototype, potentially...

Improper Input Validation

github.com/opencontainers/runc is vulnerable to improper input validation. The vulnerability is due to insufficient verification of the bind-mount source /dev/null, which allows an attacker to exploit it via arbitrary mount manipulation, leading to host information disclosure, denial of service,...

Improper File Access

runc is vulnerable to improper file access. The vulnerability is due to insufficient validation of write targets in /proc during concurrent container execution with shared mounts, which allows an attacker to exploit race conditions and redirect writes to unintended procfs files...

Prototype Pollution

web3-core-method is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of user-supplied input in the attachToObject function, which allows an attacker to supply a crafted payload and inject properties into the Object.prototype, potentially leading to denial of servic...

SQL Injection

org.open-metadata, openmetadata-service is vulnerable to SQL injection. The vulnerability is due to improper input sanitization in the listCount function of the TestDefinitionDAO interface, where the testPlatform parameter is directly used to construct a SQL query, allowing attackers to inject...

Prototype Pollution

toggle-array is vulnerable to Prototype Pollution. The vulnerability is due to improper input validation in the enable and disable functions, which allows an attacker to supply a crafted payload and inject properties into the Object.prototype, potentially leading to denial of service DoS or...

Arbitrary Client-Side File Disclosure

aiomysql is vulnerable to Arbitrary Client-Side File Disclosure. The vulnerability is due to the client not validating server requests for local files, and attackers can exploit this by running a rogue MySQL server that sends LOADLOCAL packets to request and retrieve arbitrary files from the clie...

Improper Input Validation

github.com/kcp-dev/kcp is vulnerable to improper input validation. The vulnerability is due to missing UPDATE validation in the initializingworkspaces virtual workspace, which allows an attacker with access to run arbitrary patches on the status field of LogicalCluster objects...

Prototype Pollution

apidoc-core is vulnerable to Prototype Pollution. The vulnerability is due to insufficient input validation in the preProcess function, which allows an attacker to supply a crafted payload and inject properties into the Object.prototype, potentially causing a denial of service DoS or unexpected...

Prototype Pollution

dref is vulnerable to Prototype Pollution. The vulnerability is due to improper validation of user-supplied input in the lib.set function, which allows an attacker to inject malicious properties into the Object.prototype, leading to a potential denial of service DoS condition...

Information Exposure

mllogger is vulnerable to Information Exposure. The vulnerability is due to insufficient validation of the key argument in the streamhandler function of mllogger/server.py, which allows a remote attacker to manipulate that argument to disclose sensitive information...

Information Disclosure

github.com/rancher/rancher is vulnerable to Information Disclosure. The vulnerability is due to improper handling of Impersonate-Extra- headers, which are sent to external entities via the /meta/proxy endpoint, allowing an attacker to access identifiable or sensitive information such as email...

Improper Input Validation

Rancher Manager is vulnerable to improper input validation. The vulnerability is due to missing server-side validation on the .username field, which allows an attacker with update permissions on other user resources to cause denial of access for targeted accounts...

Cross-site Request Forgery (CSRF)

Apollo Studio Embeddable Explorer & Embeddable Sandbox are vulnerable to cross-site request forgery CSRF. The vulnerability is due to missing origin validation in the client-side handling of window.postMessage events, which allows an attacker to send forged messages that trigger arbitrary GraphQL...

Phishing Attack

github.com/rancher/rancher is vulnerable to Phishing Attack. The vulnerability is due to a weakness in the custom SAML authentication protocol used by the Rancher CLI, which allows an attacker to steal authentication tokens through crafted phishing attempts...

Cross-site Scripting (XSS)

Piranha is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization in the Text content block of Standard and Standard Archive Pages via /manager/pages, which allows an attacker to inject malicious JavaScript that executes in another user’s browser...

Prototype Pollution

sassdoc-extras is vulnerable to Prototype Pollution. The vulnerability is due to improper validation of user-supplied input in the byGroupAndType function, which allows an attacker to inject arbitrary properties into Object.prototype, potentially leading to denial of service or unexpected...

Remote Code Execution (RCE)

cn.hutool, hutool-extra is vulnerable to remote code execution RCE. The vulnerability is due to improper expression handling in the QLExpressEngine class, which allows an attacker to execute arbitrary expressions leading to arbitrary method invocation and potential remote code execution...

XPath Injection

smolagents is vulnerable to XPath injection. The vulnerability is due to insecure XPath construction due to searchitemctrlf concatenating unsanitized user input into XPath expressions, allowing attackers to inject XPath to bypass filters, access unintended DOM nodes, or disrupt web automation...

Prototype Pollution

mpregular is vulnerable to Prototype Pollution. The vulnerability is due to insufficient validation of user-supplied input in the mp.addEventHandler function, which allows an attacker to inject arbitrary properties into Object.prototype, potentially leading to denial of service or other unexpecte...

Reverse Tabnabbing Attacks

jupyterlab is vulnerable to Reverse Tabnabbing attacks. The vulnerability is due to missing the noopener attribute in links generated by LaTeX typesetters in Markdown cells and files, which allows an attacker to exploit links with target=blank to potentially hijack the originating browser tab...

Code Injection

Gardener Extensions is vulnerable to Code Injection. The vulnerability is due to improper handling of user-controlled input in Terraformer-based infrastructure provisioning across AWS, Azure, OpenStack, and GCP providers, which allows an attacker with administrative privileges in a Gardener proje...

Cache Poisoning

get-jwks is vulnerable to cache poisoning. The vulnerability is due to a design flaw where the iss issuer claim may be validated only after keys are retrieved from a shared JWKS cache, which allows an attacker to push a chosen public key into the cache with one crafted JWT and then reuse that...

Denial-of-Service (DoS)

rack is vulnerable to Denial-Of-Service. The vulnerability is due to Rack::RequestPOST reading the entire application/x-www-form-urlencoded body into memory due to calling rack.input.readnil without enforcing a length limit, and attackers can send very large form bodies to exhaust process memory...

Buffer Overflow

libcsp.so is vulnerable to Buffer Overflow. The vulnerability is due to improper handling of input data in the cspusartopen function at drivers/usart/zephyr.c, which allows an attacker to cause memory corruption or execute arbitrary code...

Information Disclosure

rack is vulnerable to Information Disclosure. The vulnerability is due to trusting unvalidated x-sendfile-type and x-accel-mapping headers, allowing attackers to craft headers that trick the proxy into making internal requests and bypassing access controls...

Buffer Overflow

libcsp.so is vulnerable to Buffer Overflow. The vulnerability is due to improper handling of the ifname parameter in the cspethinit function, where strcpy is used without validating input length, which allows an attacker to overflow the buffer and potentially execute arbitrary code...

Prototype Pollution

web3-core-subscriptions is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of user-supplied input in the attachToObject function, which allows an attacker to inject properties into Object.prototype...

Server-Side Request Forgery (SSRF)

cors-anywhere is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to instances being configured as open proxies that forward attacker-controlled target URLs, methods, and headers without restriction, which allows an attacker to induce requests to internal-only endpoints...

Prototype Pollution

messageformat is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of nested message keys containing special characters such as proto, which allows an attacker to inject arbitrary properties into the global object prototype, potentially leading to denial of service ...

Path Traversal

mllogger is vulnerable to path traversal. the vulnerability is due to manipulation of the File argument in the loghandler function of mllogger/server.py, which allows an attacker to perform path traversal to read, create, or overwrite files remotely...

Regular Expression Denial Of Service (ReDoS)

sinatra is vulnerable to Denial-Of-Service. The vulnerability is due to inefficient header parsing when the etag method is used, allowing attackers to send crafted headers that consume excessive CPU time and cause denial of service...

Prototype Pollution

node-cube is vulnerable to Prototype Pollution. The vulnerability is due to improper validation of user-supplied input during the prototype chain initialization process, which allows an attacker to inject malicious properties into built-in object prototypes, potentially leading to denial of servi...

Parameter-parsing Bypass

Rack is vulnerable to a parameter-parsing Bypass. The vulnerability is due to Rack::QueryParser enforcing its paramslimit only for parameters separated by & while still splitting on both & and ;, which allows an attacker to bypass the parameter count limit by using ; separators to submit excessiv...

Deserialization Of Untrusted Data

mllogger is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to manipulation of the loghandler argument data in mllogger/server.py, which triggers unsafe deserialization and allows a remote attacker to supply crafted input that can lead to arbitrary code execution or othe...

Prototype Pollution

magix-combine-ex is vulnerable to Prototype Pollution. The vulnerability is due to improper input validation in the util-deps.addFileDepend function, which allows an attacker to inject malicious properties into Object.prototype, leading to denial of service DoS or other unexpected behavior...

Denial Of Service (DoS)

Authlib is vulnerable to Denial-Of-Service via Oversized JWS/JWT. The vulnerability is due to Authlib accepting base64url-encoded header or signature inputs of unbounded size, allowing attackers to send tokens with huge encoded header/signature fields that exhaust CPU and memory during verificati...

Prototype Pollution

ts-fns is vulnerable to Prototype Pollution. The vulnerability is due to insufficient validation of user-supplied keys in the assign function, which allows an attacker to modify the Object.prototype chain and inject arbitrary properties, potentially leading to application crashes, unexpected...

Improper Access Control

github.com/opencontainers/runc is vulnerable to improper access control. The vulnerability is due to insufficient validation when bind-mounting /dev/pts/$n to /dev/console after pivotroot, which allows an attacker to manipulate mount paths and gain writable access to sensitive locations,...

OS Command Injection

@react-native-community/cli is vulnerable to OS Command Injection. The vulnerability is due to an exposed endpoint that accepts attacker-controlled POST data and passes it to system execution paths without proper sanitization, which allows an unauthenticated network attacker to run arbitrary...

SQL Injection

Django is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of user-supplied input when processing crafted dictionaries with dictionary expansion in the connector argument of query methods, which allows an attacker to inject arbitrary SQL queries into database...

Insecure Direct Object Reference (IDOR)

com.liferay.commerce, com.liferay.commerce.service is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to comliferaycommerceorderwebinternalportletCommerceOrderPortletcommerceOrderId parameter not being validated across virtual instances. This allows an attacker in on...

SQL Injection

org.open-metadata, openmetadata-service is vulnerable to SQL Injection. The vulnerability is due to improper handling of the entityType parameter in TestDefinitionDAO.listCount due to concatenating untrusted input into an SQL query, allowing attackers to supply crafted entityType values that modi...

SQL Injection

org.open-metadata, openmetadata-service is vulnerable to SQL Injection. The vulnerability is due to improper handling of the supportedDataTypeParam parameter in TestDefinitionDAO.listCount due to concatenating untrusted input into an SQL query, allowing attackers to supply crafted...