38290 matches found
SQL Injection
org.open-metadata, openmetadata-service is vulnerable to SQL Injection. The vulnerability is due to improper handling of the entityType parameter in DocStoreDAO.listCount allowing attackers to supply crafted entityType values that modify the query and extract arbitrary data from the database...
Directory Traversal
@mastra/mcp-docs-server is vulnerable to Directory Traversal. The vulnerability is due to improper validation of file path inputs in the directory suggestion logic, which allows an attacker to bypass path traversal checks and list the contents of arbitrary directories on the user’s filesystem...
Cross-site Scripting (XSS)
starcitizenwiki/embedvideo is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper restriction of HTML attributes in the video embedding functionality, which allows an attacker to inject and execute arbitrary web scripts through crafted wikitext...
Cross-site Scripting (XSS)
novosga/novosga is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of user-supplied input in the logoNavbar/logoLogin parameters within the /admin component’s SVG File Handler, which allows an attacker to inject and execute arbitrary web scripts remotely...
Prototype Pollution
@messageformat/runtime is vulnerable to Prototype Pollution. The vulnerability is due to insufficient validation of nested message keys during message data processing, which allows an attacker to inject arbitrary properties into the Object prototype and cause denial of service or unexpected...
Command Injection
adb-mcp Server is vulnerable to Command Injection. The vulnerability is due to improper handling of user-supplied input in certain MCP Server tool definitions and implementations, which allows an attacker to inject and execute arbitrary system commands...
Arbitrary Code Execution
@anthropic-ai/claude-code is vulnerable to Arbitrary Code Execution. The vulnerability is due to the automatic execution of Yarn plugins when running yarn --version, which allows an attacker to bypass the directory trust dialog and execute code before the user confirms trust in the directory...
Open Redirection
@lobehub/chat is vulnerable to Open Redirection. The vulnerability is due to improper validation of X-Forwarded- and Host headers in the OIDC redirect handling logic, which allows an attacker to inject a malicious host and redirect users to arbitrary domains...
Symlink Validation Bypass
tar-fs is vulnerable to symlink validation bypass. The vulnerability is due to improper validation of symbolic links during tar extraction, which allows an attacker to overwrite arbitrary files if the destination directory is predictable with a crafted tarball...
Improper Input Validation
github.com/siderolabs/omni is vulnerable to an improper input validation. The vulnerability is due to the lack of validation on the destination address in the WireGuard SideroLink interface configuration, which allows an attacker with access to a malicious workload to send arbitrary packets over...
Remote Code Execution (RCE)
Llama Stack is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation of parameters in the resolveastbytype function, which allows an attacker to supply malicious input leading to arbitrary code execution...
HTTP Request Smuggling
Http4s is vulnerable to HTTP Request Smuggling. The vulnerability is due to improper handling of the HTTP trailer section, which allows an attacker—when the app is deployed behind a reverse proxy that forwards trailer headers—to bypass front-end security controls, target active users, and poison...
HTML Injection
mailgen is vulnerable to HTML injection. The vulnerability is due to improper sanitization of user-supplied content and Mailgen.generatePlaintextemail retaining HTML tags from input. An attacker can supply crafted content to inject HTML into generated plaintext emails...
Buffer Overflow
CodeChecker is vulnerable to Buffer Overflow. The vulnerability is due to unsafe handling of input when executing the CodeChecker log command, and attackers can exploit this by supplying crafted log data to cause memory corruption and potentially achieve code execution...
Cross-site Scripting (XSS)
s-cart/core and gp247/core are vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of the User-Agent header in the Admin Log Viewer, which allows an attacker to inject malicious scripts that execute in an administrator’s browser when viewing the security log...
Authorization Bypass Through User-Controlled Key
github.com/mattermost/mattermost-server is vulnerable to Authorization Bypass Through User-Controlled Key. The vulnerability is due to improper access-control validation due to the board file download endpoint accepting predictable UUIDs without authorization checks. This allows an attacker can...
Cross-Site Scripting (XSS)
dotnetnuke.core is vulnerable to a Cross-Site Scripting XSS. The vulnerability is due to improper input validation in the Biography field, which allows an attacker to inject and execute malicious JavaScript code in the context of the website, affecting other users including administrators and...
Stored Cross-Site Scripting (XSS)
com.liferay, com.liferay.change.tracking.service is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper validation of user-supplied input in the notifications widget’s “Name” text field, which allows an attacker to inject arbitrary web scripts or HTML into a...
OS Command Injection
@sequa-ai/sequa-mcp is vulnerable to OS Command Injection. Thee vulnerability is due to improper validation of redirect URLs due to the redirectToAuthorization function opening unvalidated/non-sequa URLs. An attacker can exploit this by supplying a crafted redirect URL to trigger remote OS comman...
Incorrect Authorization
Liferay Portal is vulnerable to Incorrect Authorization. The vulnerability is due to the Batch Engine failing to properly enforce permission checks for import and export tasks, which allows remote authenticated users to access exported data through the REST APIs...
Information Disclosure
com.liferay:com.liferay.portal.security.audit.event.generators.user.management is vulnerable to Information Disclosure. The vulnerability is due to audit events recording users’ password reminder answers in audit logs, which allows remote authenticated users to retrieve those answers via the audi...
Client-Side Content Injection (XSS)
dotnetnuke.core is vulnerable to Client-Side Content Injection XSS. The vulnerability is due to improper validation of query parameters, which allows an attacker to load and exploit vulnerable themes on client browsers without the site owner’s knowledge...
Cross Site Scripting (XSS)
@meshconnect/web-link-sdk is vulnerable to cross-site scripting XSS. The vulnerability is due to the lack of sanitization of URL protocols in the createLink.openLink function, which allows an attacker to execute arbitrary JavaScript code in the parent page context and access its DOM, storage,...
Command Injection
git-commiters is vulnerable to command injection. The vulnerability is due to improper input sanitization in the gitCommitersoptions, callback function, which allows an attacker to inject arbitrary commands through unsanitized parameters such as cwd or revisionRange...
Information Disclosure
OpenBao is vulnerable to an Information Disclosure Vulnerability. The vulnerability is due to a regression in audit log redaction, where raw HTTP request bodies for ACME and OIDC issuer endpoints are not properly HMAC-redacted, allowing short-lived ACME verification codes, authentication response...
OS Command Injection
github.com/chaos-mesh/chaos-mesh is vulnerable to OS command Injection. The vulnerability is due to unsanitized input handling in the cleanTcs mutation due to user-controlled fields being passed to operating-system command execution without proper validation. An attacker can use this to perform...
Regular Expression Denial Of Service
Grafana-Zabbix is vulnerable to Regular Expression Denial of Service. The vulnerability is due to inefficient regular-expression handling to user-supplied regex queries, that can trigger catastrophic backtracking, and attackers can exploit this by submitting specially crafted regex patterns that...
Information Disclosure
github.com/containers/podman is vulnerable to information disclosure. The vulnerability is due to data written to RUN --mount=type=bind mounts during the Podman build not being discarded, which allows an attacker to access files created within the container from the host system’s temporary build...
Improper Input Validation
@digitalocean/do-markdownit is vulnerable to Improper Input Validation. The vulnerability is due to the callout and fenceenvironment plugins using .includes substring matching when allowedClasses or allowedEnvironments are strings instead of arrays, which allows an attacker to bypass intended...
Deserialization Of Untrusted Data
Snipe-IT is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to improper handling of untrusted serialized data, which allows an attacker to supply malicious objects that can be deserialized to execute arbitrary code or manipulate application logic...
Improper Input Validation
matrix-js-sdk is vulnerable to Improper Input Validation. The vulnerability is due to inadequate validation in the MatrixClient::getJoinedRooms function, which allows an attacker to replace a tombstoned room with an unrelated attacker-controlled room...
Cross-site Scripting (XSS)
Snipe-IT is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of user-supplied input, which allows an attacker to inject and execute arbitrary web scripts in the context of a victim’s browser...
Unchecked Input For Loop Condition
com.liferay.portal, com.liferay.portal.impl is vulnerable to unchecked input for loop condition. The vulnerability is due to improper validation of input data in XML-RPC requests, which allows an attacker to perform a denial-of-service DoS attack by sending a crafted XML-RPC request...
Arbitrary Code Execution
Keras is vulnerable to Arbitrary Code Execution. The vulnerability is due to Model.loadmodel not honoring safemode=True when reading legacy .h5/.hdf5 archives and deserializing pickled Lambda-layer code from a crafted model file, which allows an attacker to supply a malicious archive that execute...
Use-After-Free
github.com/envoyproxy/envoy is vulnerable to a Use-After-Free. The vulnerability is due to improper handling of DNS cache operations in the Dynamic Forward Proxy implementation, where a completion callback can trigger new or remove existing DNS resolutions, which allows an attacker to cause...
Cross-site Scripting (XSS)
@lobehub/cha is vulnerable to a Cross-Site Scripting XSS. The vulnerability is due to unsafe SVG rendering due to SVGRenderer using dangerouslySetInnerHTML for image/svg+xml lobeArtifact content. An attacker can inject malicious SVGs via chat messages...
Path Traversal
invokeai is vulnerable to Path Traversal. The vulnerability is due to insufficient validation of filename/path parameters due to the GET /api/v1/images/download/bulkdownloaditemname endpoint accepting user-controlled paths without canonicalization or sanitization. An an attacker can craft request...
Origin Validation Error
@parcel/reporter-dev-server is vulnerable to an Origin Validation Error. The vulnerability is due to the server failing to verify and enforce the Origin header for XMLHttpRequests. An attacker can host a malicious webpage that issues cross-origin XMLHttpRequests to a developer's running dev serve...
Path Traversal
esm.sh is vulnerable to Path Traversal. The vulnerability is due to improper sanitization of user-supplied URL components allowing path-traversal and file-scheme requests by which an attacker can craft specially-formed requests that cause the server to read and return arbitrary local files or oth...
OS Command Injection
github.com/chaos-mesh/chaos-mesh is vulnerable to OS command injection. The vulnerability is due to improper input validation in the cleanIptables mutation, which allows an unauthenticated in-cluster attacker to execute arbitrary commands and achieve remote code execution across the cluster...
Improper Authentication Exposure
github.com/chaos-mesh/chaos-mesh is vulnerable to improper authentication exposure. The vulnerability is due to the Chaos Controller Manager exposing an unauthenticated GraphQL debugging server to the entire Kubernetes cluster, which allows an attacker to kill arbitrary processes in any pod...
Denial Of Service (DoS)
rexml is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of multiple XML declarations during parsing, which allows an attacker to craft malicious XML input that exhausts system resources and causes the application to become unresponsive...
Cross-site Scripting (XSS)
com.liferay, com.liferay.portal.search is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization in the Search widget’s comliferayportalsearchwebportletSearchPortletuserId parameter, which allows an attacker to inject arbitrary web scripts or HTML into the...
Improper Resource Management
Dragonfly is vulnerable to Improper Resource Management. The vulnerability is due to the processPieceFromSource method failing to update the usedTraffic field because of an uninitialized variable, which allows an attacker to exploit incorrect rate limiting and cause a denial-of-service condition...
Missing Authorization
com.liferay, com.liferay.asset.display.page.service is vulnerable to Missing Authorization. The vulnerability is due to missing authorization checks when users attempt to view display page templates, which allows an attacker to access these templates through crafted URLs...
Improper Permission Management
Dragonfly is vulnerable to Improper Permission Management. The vulnerability is due to the use of the os.MkdirAll function without verifying permissions on existing directories, which allows a local attacker to pre-create directories with broad permissions and later tamper with files used by...
Memory Leak
Liferay Portal is vulnerable to Memory Leak. The vulnerability is due to the headless StructuredContents endpoint retaining objects or failing to release memory during request processing. An attacker can exploit this by repeatedly calling the API endpoint to exhaust server memory and cause servic...
Server-Side Request Forgery (SSRF)
Dragonfly is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of user-supplied URLs in the Manager API and peer communication, which allows an attacker to force internal components to send requests to arbitrary or internal services, potentially...
Improper Certificate Validation
Dragonfly is vulnerable to Improper Certificate Validation. The vulnerability is due to TLS certificate verification being disabled in HTTP clients, which allows an attacker to perform a man-in-the-middle attack and supply invalid data, leading to denial of service and file integrity issues...
Improper Input Validation
flowise is vulnerable to improper input validation. The vulnerability is due to missing validation of chatflowId and chatId parameters, which allows an attacker to access arbitrary files through improper handling of file upload operations...