Improper Input Validation

picklescan is vulnerable to Improper Input Validation. The vulnerability is due to inadequate validation in the scanning logic that fails to properly inspect pickle files with PyTorch-related extensions, which allows an attacker to bypass security checks and execute malicious code when the file i...

Protection Mechanism Failure

picklescan is vulnerable to Protection Mechanism Failure. The vulnerability is due to improper error handling in the ZIP archive scanning component when processing files with a bad Cyclic Redundancy Check CRC, which allows an attacker to craft a malicious ZIP archive that halts the scan and...

Improper Authentication

github.com/spectolabs/hoverfly is vulnerable to Improper Authentication. The vulnerability is due to the admin WebSocket endpoint /api/v2/ws/logs not being protected by the same authentication middleware as the REST admin API, which allows an unauthenticated remote attacker to access and stream...

Privilege Escalation

PyInstaller is vulnerable to Privilege Escalation. The vulnerability is due to the bootstrap process appending a special entry to sys.path and attempting to load an optional bytecode-decryption module while that entry is present, which allows an attacker who can create files/directories next to t...

Command Injection

@anthropic-ai/claude-code is vulnerable to Command Injection. The vulnerability is due to the application executing a command templated with git config user.email at startup without validating or sanitizing the input, which allows an attacker to use a maliciously configured Git user email to...

Race Condition

@angular/platform-server, @angular/ssr and @nguniversal/common are vulnerable to Race Condition. The vulnerability is due to the platform injector being stored as a module-scoped global variable during server-side rendering, which allows concurrent requests to overwrite or access each other’s...

Command Injection

interactive-git-checkout is vulnerable to Command Injection. The vulnerability is due to the application passing unsanitized branch names directly to the git checkout command using Node.js’s exec function, which allows an attacker to inject malicious commands and execute arbitrary code on the...

Command Injection

Hoverfly is vulnerable to Command Injection. The vulnerability is due to improper input validation in the middleware endpoint due to the binary and script parameters being passed directly into a system without sanitization. This allows an attacker to supply crafted values for those parameters to...

Broken Access Control

Indico is vulnerable to Broken Access Control. the vulnerability is due to improper authorization logic that fails to verify the caller's privileges, allowing attackers to invoke the API and obtain profile details of other users without admin permissions...

Improper Validation Of Certificate Expiration

Infrahub is vulnerable to Improper Validation of Certificate Expiration. The vulnerability is due to a flaw in the authentication logic that improperly validates API token expiration, allowing deleted or expired tokens to be treated as valid. This allows an attackers to gain unauthorized access b...

Cross-Site Scripting (XSS)

indico is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization when rendering LaTeX math code in contribution or abstract descriptions, which allows an attacker to inject and execute malicious scripts in the user’s browser...

Reflective Cross-Site Scripting (XSS)

shopware/core is vulnerable to Reflective Cross-Site Scripting XSS. The vulnerability is due to improper input validation in CMS components, which allows an attacker to inject malicious scripts that execute in the user’s browser, enabling the theft of session cookies and administrative tokens or...

Cross-site Scripting

Liferay Portal is vulnerable to Cross-Site Scripting. The vulnerability is due to improper input validation and output encoding in the My Workflow Tasks page due to user-supplied task/comment fields being stored without sanitization. An attacker can submit crafted content that is saved and later...

Arbitrary File Read

xml2rfc is vulnerable to Arbitrary file read. The vulnerability is due to improper input sanitization when generating PDF files, which allows an attacker to inject a malicious link element into the prepped RFCXML and read arbitrary files from the filesystem...

Stored Cross-Site Scripting (XSS)

decap-cms is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization and escaping of user-controlled input fields such as title, description, tags, and body in the admin preview pane, which allows an attacker with low-privilege access to inject...

Insecure Deserialization

monai is vulnerable to Insecure Deserialization. The vulnerability is due to loading of untrusted checkpoint files like torch.load used without safe guards. This allows an attacker to supply a crafted checkpoint that executes arbitrary code during deserialization...

Cache Poisoning

github.com/coredns/coredns is vulnerable to Cache Poisoning. The vulnerability is due to the etcd plugin incorrectly using 64-bit lease IDs as 32-bit TTL values in the TTL function, which allows an attacker to create very large TTLs that enable DNS cache pinning attacks, potentially causing a...

Command Injection

OctoPrint is vulnerable to Command Injection. The vulnerability is due to improper handling of specially crafted filenames in uploaded files that can be included in system commands defined in event handlers, which allows an authenticated attacker to execute arbitrary commands when the correspondi...

Remote Code Execution (RCE)

mahocommerce/maho is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation of uploaded file types in the product management module, which allows an attacker with staff access to upload malicious .php files and execute arbitrary code on the server...

Improper Input Validation

datahihi1/tiny-env is vulnerable to Improper Input Validation. The vulnerability is due to missing sanitization of characters, allowing attackers to inject comment text that can cause misconfigurations or authentication failures...

Reduced Password Entropy

typo3/cms-core is vulnerable to reduced password entropy. The vulnerability is due to a deterministic three-character prefix in the Password Generation component, which reduces randomness and allows an attacker to perform brute-force attacks more efficiently...

Deserialization Of Untrusted Data

monai is vulnerable to Unsafe Deserialization. The vulnerability is due to the pickleoperations function automatically deserializing dictionary key-value pairs with a specific suffix without any validation, An attackers can supply crafted pickle payloads to execute arbitrary code when those value...

Information Disclosure

typo3/cms-core is vulnerable to Information Disclosure. The vulnerability is due to improper handling of error messages in the File Abstraction Layer, which exposes full file paths during failed file-system operations, allowing an attacker to disclose sensitive system information...

Missing Authorization

TYPO3 CMS is vulnerable to Missing Authorization. The vulnerability is due to missing authorization checks in the backend routing component, which allows authenticated backend users to directly invoke AJAX backend routes without proper access permissions, potentially leading to unauthorized acces...

Path Traversal

monai is vulnerable to Path Traversal Zip Slip. The vulnerability is due to extracting user-controlled paths without sanitization, an attacker can supply a crafted or downloadable ZIP to overwrite system files or drop malicious code...

Denial-of-Service (DoS)

typo3/cms-backend is vulnerable to Denial-of-Service DoS. The vulnerability is due to an uncaught exception in the Bookmark Toolbar, which allows administrator-level backend users to trigger a DoS condition in the backend user interface by saving manipulated data...

Improper Configuration Management

TinyEnv is vulnerable to Improper Configuration Management. The vulnerability is due to the application not requiring the .env file to exist when loading environment variables, which allows an attacker or misconfiguration to cause the application to run with insecure defaults or missing...

Missing Authorization Checks

typo3/cms-workspaces is vulnerable to missing authorization checks. The vulnerability is due to improper access control in the Workspace Module, which allows an attacker to directly invoke the AJAX backend route and disclose sensitive information without proper access permissions...

Remote Code Execution

python-socketio is vulnerable to Remote Code Execution. The vulnerability is due to insecure deserialization using pickle library, due to servers trusting and calling pickle.loads on inter-server message-queue payloads, This allowing an attacker with access to the message queue to send a crafted...

Authentication Bypass

Apache Kylin is vulnerable to Authentication Bypass. The vulnerability is due to improper validation of alternate endpoints that bypass normal authentication checks, allowing an attacker to gain unauthorized access to protected functionality...

Improper Authorization

TYPO3 CMS is vulnerable to Improper Authorization. The vulnerability is due to missing authorization checks in the CSV download feature, which allows an attacker to disclose information from arbitrary database tables within a user’s web mounts without having proper access...

Information Disclosure

Apache Airflow is vulnerable to Information Disclosure. The vulnerability is due to improper access control in handling sensitive connection fields, allowing users with read permissions to view sensitive data through the API and UI...

Open Redirection

typo3/cms-core is vulnerable to Open Redirection. The vulnerability is due to improper sanitization of user-supplied URLs in the GeneralUtility::sanitizeLocalUrl function, which allows an attacker to manipulate sanitized URLs and redirect users to arbitrary external sites, enabling phishing attac...

Improper Access Control

vite is vulnerable to improper access control. The vulnerability is due to files starting with the same name as those in the public directory being served while bypassing the server.fs settings, which allows an attacker to access restricted files when the Vite dev server is exposed to the network...

Improper Permission Checks

Apache ZooKeeper is vulnerable to improper permission checks. The vulnerability is due to insufficient authorization validation in the AdminServer, allowing authorized clients to execute snapshot and restore commands without proper permissions...

Improper Access Control

Vite is vulnerable to Improper Access Control. The vulnerability is due to the dev and preview servers serving any HTML files on the machine regardless of the server.fs settings, which allows an attacker to access unintended files when the Vite server is exposed to the network, potentially leadin...

Regular Expression Denial Of Service (ReDoS)

Cattown is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to the use of inefficient regular expressions with potentially exponential backtracking complexity, which allows an attacker to craft malicious markdown inputs that cause excessive CPU usage and lead to...

Improper Input Validation

github.com/knadh/listmonk is vulnerable to improper input validation. The vulnerability is due to the backend not validating the nonce parameter in HTTP requests, which allows an attacker to chain this flaw with other vulnerabilities such as CSRF or XSS to perform unauthorized actions like improp...

Missing Authorization

Copyparty is vulnerable to Missing Authorization. The vulnerability is due to a missing permission check in the shares feature shr global option, which allows an attacker to access sibling files within a shared folder by guessing their filenames, leading to unauthorized data exposure...

Deserialization Of Untrusted Data

Apache Jackrabbit Core and Apache Jackrabbit JCR Commons are vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to the acceptance of untrusted JNDI URIs for JCR lookup, which allows an attacker to inject malicious JNDI references that trigger deserialization of untrusted...

Malicious Package Injection

DuckDB is vulnerable to malicious package injection. The vulnerability is due to unauthorized access and compromise of the npm package publishing process, which allowed an attacker to upload malicious versions of DuckDB’s Node.js packages containing code that interfered with cryptocurrency...

Insecure Session Handling

github.com/coder/coder is vulnerable to Insecure Session Handling. The vulnerability is due to stale session tokens in prebuilt workspaces, allowing attackers to reuse them to gain unauthorized access...

OS Command Injection

tkeasygui is vulnerable to OS Command Injection. The vulnerability is due to settings that construct messages from external sources without validation, allowing attackers to supply crafted input e.g., shell metacharacters to execute arbitrary OS commands...

Directory Traversal

Internetarchive is vulnerable to Directory traversal. The vulnerability is due to improper sanitization and validation of user-supplied filenames due to File.download accepting unnormalized filenames; an attacker can provide names e.g. ../../../../windows/system32/file.txt to write outside the...

Improper Rate Limiting

ethyca-fides is vulnerable to Improper Rate Limiting. The vulnerability is due to the webserver API incorrectly applying rate limits based on infrastructure IPs instead of client IPs and storing counters in-memory rather than in a shared store, which allows an attacker to bypass rate limiting...

Out-of-Bounds Read

libudisks2.so is vulnerable to Out-of-Bounds Read. The vulnerability is due to the loop device handler failing to validate the lower bound of the index parameter received via D-BUS allowing negative index values, which allows an attacker to crash the daemon or perform local privilege escalation b...

Directory Traversal

bbot is vulnerable to Directory Traversal. The vulnerability is due to gitdumper processing content from remote git repositories without proper sanitization, which allows an attacker to supply a malicious repository that triggers execution of arbitrary commands...

Brute-Force Attack

ethycafides is vulnerable to brute-force attack. The vulnerability is due to the absence of specific anti-automation controls on the Admin UI login endpoint, which allows an attacker to perform credential testing attacks such as credential stuffing or password spraying to gain unauthorized access...

Improper Session Invalidation

ethycafides is vulnerable to improper session invalidation. The vulnerability is due to active user sessions not being invalidated after an admin UI password change, which allows an attacker with previously obtained session tokens to maintain unauthorized access even after a password reset...

Improper Authorization

ethycafides is vulnerable to improper authorization. The vulnerability is due to insufficient scope validation in the OAuth client creation and update endpoints, which allows an attacker or a highly privileged user to escalate privileges to owner-level...