Regular Expression Denial Of Service (ReDoS)

transformers is vulnerable to a Regular Expression Denial Of Service ReDoS. The vulnerability is due to the douseweightdecay method in the AdamWeightDecay optimizer processing user-controlled regular expressions in the includeinweightdecay and excludefromweightdecay lists, which allows an attacke...

SMTP Injection

Jakarta Mail is vulnerable to SMTP injection. The vulnerability is due to improper input validation of SMTP message fields of raw carriage return and line feed \r and \n UTF-8 characters in headers and parameters, An attackers can exploit this to inject additional SMTP commands or split messages ...

Arbitrary File Write

bbot is vulnerable to Arbitrary File Write. The vulnerability is due to insufficient sanitization of archive entry paths, and an attacker can craft archive entries with absolute or directory-traversal paths that cause bbot to write arbitrary files to arbitrary locations and achieve remote code...

Remote Code Execution

Flowise is vulnerable toRemote Code Execution. The vulnerability is due to unsafe evaluation of user-supplied configuration in the convertToValidJSONString function executing the mcpServerConfig input as JavaScript, An attackers can use this to execute arbitrary Node.js code to run commands or...

XML External Entity (XXE)

langchaincommunity is vulnerable to XML External Entity XXE. The vulnerability is due to insecure XML parsing in the EverNoteLoader component that uses etree.iterparse without disabling external entity references, which allows an attacker to craft a malicious XML payload to access sensitive local...

Arbitrary File Write

github.com/usememos/memos is vulnerable to arbitrary file write. The vulnerability is due to improper validation of file paths in the CreateResource endpoint when storing objects locally, which allows an attacker to create files with path traversal sequences and write arbitrary files on the serve...

Heap-based Buffer Overflow

ImageMagick is vulnerable to a heap-based buffer overflow. The vulnerability is due to improper memory handling in the SeekBlob and WriteBlob functions, which allows an attacker to write data beyond allocated memory, potentially leading to arbitrary code execution or application crashes...

Cross-site Scripting (XSS)

@modelcontextprotocol/inspector is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper handling of malicious redirect URIs when connecting to untrusted remote MCP servers, which allows an attacker to inject and execute arbitrary scripts that can interact with the inspecto...

Prototype Pollution

js-toml is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of user-supplied TOML input during parsing, which allows an attacker to craft malicious TOML data that modifies properties of the global Object.prototype, potentially leading to arbitrary code execution or...

Cross-site Scripting (XSS)

github.com/usememos/memos is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the application not verifying the content type of uploaded attachments or user avatars and serving the data back as is, which allows an authenticated attacker to inject malicious scripts that execute...

XML Injection

io.minio:minio is vulnerable to XML Injection. The vulnerability is due to automatic substitution of XML tag values containing system property or environment variable references during processing, which allows an attacker to craft malicious XML input that exposes sensitive information such as...

Deserialization Of Untrusted Data

org.apache.iotdb:iotdb-confignode is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to insufficient validation of externally supplied serialized data, which allows an attacker to craft malicious serialized objects that can be deserialized to execute arbitrary code or...

Sensitive Information Disclosure

github.com/runatlantis/atlantis is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the /status endpoint publicly exposing detailed version information, which allows an attacker to identify specific software versions and exploit known vulnerabilities to compromise the...

Uncontrolled Search Path Element

tkeasygui is vulnerable to Uncontrolled Search Path Element. The vulnerability is due to improper control over the directories searched for executable files, which allows an attacker to place malicious files in a trusted path and execute arbitrary code with the privileges of the running program...

Remote Code Execution

org.springframework.cloud, spring-cloud-gateway-server is vulnerable to Remote Code Execution. The vulnerability is due to exposed actuator endpoints evaluating user-controlled input via the GatewayEvaluationContext, allowing attackers to modify Spring Environment properties when the actuator...

Denial Of Service (DoS)

org.apache.iotdb, iotdb-core is vulnerable to a Denial-of-service DoS. The vulnerability is due to improper input validation that cause resource exhaustion, allows an attacker over the network to consume system resources and disrupt service...

Improper Authorization

org.springframework, spring-core is vulnerable to improper authorization. The vulnerability is due to incorrect annotation resolution on methods within type hierarchies that use unbounded generics, which allows an attacker to bypass security checks when Spring Security’s @EnableMethodSecurity...

Authorization Bypass

org.springframework.security, spring-security-core is vulnerable to Authorization Bypass. The vulnerability is due to improper resolution of annotations on methods within type hierarchies containing parameterized supertypes with unbounded generics, which allows an attacker to bypass authorization...

Denial Of Service (DoS)

org.apache.fory, fory-core is vulnerable to Denial of Service DoS. The vulnerability is due to insecure deserialization of untrusted data, which allows an attacker to supply a large, specially crafted payload that consumes excessive CPU resources during deserialization...

Denial Of Service (DoS)

xgrammar is vulnerable to Denial Of Service DoS. The vulnerability is due to a regression in the Earley parser, which causes excessive processing time for valid grammar inputs, allowing an attacker to exploit this inefficiency to trigger denial of service through resource exhaustion...

Command Injection

figma-developer-mcp is vulnerable to Command Injection. The vulnerability is due to unsanitized input to shell metacharacters in a POST being passed to a fetchWithRetry curl command, and an unauthenticated attacker with network access can inject and execute arbitrary OS commands as the MCP proces...

Use After Free

Redis is vulnerable to a Use-after-free in. The vulnerability is due to improper memory handling in the Lua garbage collector due to crafted Lua scripts, and attackers can exploit this by executing malicious EVAL or EVALSHA commands...

Arbitrary File Upload

com.vaadin:vaadin-server is vulnerable to an Arbitrary File Upload. The vulnerability is due to insufficient validation of metadata in the start listener of incoming uploads, which allows an attacker to bypass upload validation and potentially upload unauthorized or malicious files...

Information Disclosure

sigs.k8s.io/secrets-store-sync-controller is vulnerable to Information Disclosure. The vulnerability is due to improper error handling and service account tokens being logged during parameter marshaling errors, and attackers with log access can use these tokens to retrieve secrets from cloud vaul...

Origin Validation Error

pgadmin4 vulnerable to Origin Validation Error. The vulnerability is due to insufficient COOP header enforcement because of the application failing to set or correctly validate Cross-Origin-Opener-Policy on OAuth and related pages, and an attacker can abuse this by manipulating the OAuth flow...

HTTP Request Smuggling

io.netty, netty-codec-http is vulnerable to HTTP Request Smuggling. The vulnerability is due to incorrectly accepting standalone newline characters LF as a chunk-size line terminator instead of requiring CRLF per HTTP/1.1 standards, which allows an attacker to craft malicious requests that are...

Use-After-Free

usdcore is vulnerable to a Use-After-Free. The vulnerability is due to multi-threaded deletion of SdfPrimPathNode objects accessing freed memory, allowing an attacker to exploit a crafted .usd file to cause crashes or achieve remote code execution...

Buffer Overflow

ExecuTorch is vulnerable to Buffer Overflow. The vulnerability is due to improper bounds checking due to insufficient validation when loading model data, allowing memory corruption that could lead to crashes or remote code execution...

Sensitive Information Disclosure

github.com/argoproj/argo-cd is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the project details API returning stored repository usernames and passwords in its response, and an attacker with a token scoped only for standard application management can call that endpoi...

Server-side Request Forgery

astrojs/cloudflare is vulnerable to Server-side Request Forgery. The vulnerability is due to insufficient URL validation in the generated image optimization endpoint when the adapter is used with output: 'server' and the default imageService: 'compile', an attacker can exploit this to have the...

Out-of-bounds Write

executorch is vulnerable to Out-of-bounds Write. The vulnerability is due to improper memory boundary handling due to a flaw in the model loading process that allows out-of-bounds reads or writes, potentially leading to crashes or code execution...

Interger Overflow

executorch is vulnerable to integer overflow. The vulnerability is due to improper handling of integer calculations during model loading, which allows an attacker to cause smaller-than-expected memory allocations leading to potential code execution or other unintended effects...

Improper Warning Message Handling

@anthropic-ai/claude-code is vulnerable to improper warning message handling. The vulnerability is due to an unclear trust prompt that failed to inform users that selecting “Yes, proceed” would execute files in the folder without further confirmation, which allows an attacker to trick users into...

Cross Site Scripting (XSS)

ckeditor5 is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of malicious content inserted into the editor when specific configurations are enabled such as the HTML embed plugin or custom plugins with editable RawElement views, which allows an attacker to...

Incorrect Default Permissions

org.apache.dolphinscheduler, dolphinscheduler is vulnerable to Incorrect Default Permissions. The vulnerability is due to improper default access settings in the application, which allows an attacker to gain unauthorized access or perform unintended actions within the system...

User Enumeration

prestashop/prestashop is vulnerable to User Enumeration. The vulnerability is due to insufficient validation of the idemployee and resettoken parameters due to the back-office accepting manipulated values without proper authentication or checks; an unauthenticated attacker can craft requests to t...

Denial Of Service (DoS)

com.liferay.portal.workflow.kaleo.forms.web is vulnerable to Denial of Service DoS. The vulnerability is due to insufficient restrictions on saving request parameters in the portlet session because the application allows unvalidated request data to be stored in memory; an attacker can send crafte...

Arbitrary Code Injection

electron is vulnerable to Arbitrary Code Injection. The vulnerability is due to modification of the resources folder when the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses are enabled, because these fuses fail to fully protect ASAR integrity on writable filesystems; an attacker wi...

Insufficient Session Expiration

weblate is vulnerable to Insufficient Session Expiration. The vulnerability is due to unsafe settings for the second factor in 2FA due to sessions being allowed to persist for an unusually long period, and an attacker can maintain a valid session to repeatedly attempt authentication, thereby...

Path Confusion

Hono is vulnerable to path confusion leading to proxy-level ACL bypass. The vulnerability is due to reliance on fixed character offsets when parsing request URLs due to incorrect handling of malformed absolute-form Request-URIs; attackers can craft such malformed absolute-form Request-URIs to cau...

User Enumeration

mautic/core is vulnerable to user enumeration. The vulnerability is due to differing response times between valid and invalid usernames, which allows an attacker to enumerate valid accounts and subsequently attempt brute-force attacks...

Insecure Deserialization

DeepDiff is vulnerable to insecure deserialization.The vulnerability is due to class pollution via the Delta class constructor which, when combined with a gadget in DeltaDiff, allows an attacker to modify deepdiff.serialization.SAFETOIMPORT and trigger insecure Pickle deserialization through Delt...

Improper Acess Control

mautic/core is vulnerable to improper access control. The vulnerability is due to insufficient restriction on configuration access, which allows an administrator to extract sensitive information such as database credentials...

Server-Side Request Forgery (SSRF)

mautic/core is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to missing validation of webhook destinations, which allows an attacker with webhook permissions to send crafted requests and potentially access internal services, bypassing firewalls...

Cross Site Scripting (XSS)

mautic/core is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to unsanitized user-supplied input in the “Tags” field of the /s/ajax?action=lead:addLeadTags endpoint being reflected in the server response, which allows an attacker to execute arbitrary JavaScript in the victim’s...

Heap Buffer Overflow

executorch is vulnerable to Heap Buffer Overflow. The vulnerability is due to improper handling in the loading of ExecuTorch models, which allows an attacker to achieve code execution or cause other undesirable effects...

Integer Overflow

executorch is vulnerable to integer overflow. The vulnerability is due to improper handling in the loading of ExecuTorch models, which allows an attacker to place objects outside their allocated memory area leading to potential code execution or other undesirable effects...

Integer Overflow

executorch is vulnerable to integer overflow. The vulnerability is due to improper handling of model loading, which allows an attacker to trigger overlapping allocations leading to potential code execution or other undesirable effects...

Directory Traversal

mobsf is vulnerable to Directory Traversal. The vulnerability is due to improper string path verification using os.path.commonprefix, which allows an attacker to download files outside the intended DWDDIR directory and access data from neighboring directories...

Arbitrary File Write

mobsf is vulnerable to Arbitrary file write. The vulnerability is due to improper validation of uploaded files, which allows an attacker to write arbitrary files to any directory writable by the MobSF process user...