38108 matches found
Improper Authentication
esphome is vulnerable to improper authentication. The vulnerability is due to the webserver authentication check incorrectly passing when the client-supplied base64-encoded Authorization value is empty or a substring of the correct value, which allows an attacker to gain unauthorized access to...
Command Injection
mcp-markdownify-server is vulnerable to Command Injection. The vulnerability is due to unsanitized user input being passed into childprocess.exec, which allows an attacker to inject arbitrary shell commands and achieve remote code execution under the server process's privileges...
Denial Of Service (DoS)
Netty is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of malformed HTTP/2 control frames due to a flaw in enforcing the max concurrent streams limit, leading to resource exhaustion and denial of service...
Denial Of Service (DoS)
PocketMine-MP is vulnerable to Denial Of Service DoS. The vulnerability is due to improper validation because the server does not verify uniqueness of packIds in STATUSSENDPACKS, allowing a malicious Bedrock client to send duplicate UUIDs and force repeated pack transfers until memory is exhauste...
Sensitive Information Disclosure
local-deep-research is vulnerable to Sensitive Information Disclosure. The vulnerability is due to insecure local storage because confidential data API keys, etc. are kept in an unencrypted SQLite database with a fixed, non-configurable location, allowing anyone with container or host filesystem...
Arbitrary Code Injection
Craft CMS is vulnerable to Arbitrary Code Injection. The vulnerability is due to inadequate protection of restore functionality because, with a compromised security key and the ability to place an arbitrary file in storage/backups, an attacker can craft a request to /updater/restore-db that...
Arbitrary File Creation
github.com/charmbracelet/soft-serve is vulnerable to Arbitrary file creation. The vulnerability is due to uncontrolled data being written through its SSH API, which allows an attacker to create or override arbitrary files...
Denial Of Service (DoS)
io.undertow, undertow-core is vulnerable to Denial of Service DoS. The vulnerability is due to malformed client requests triggering server-side stream resets without abuse counters, which allows an attacker to repeatedly cause stream aborts and induce excessive server workload...
Denial Of Service (DoS)
Netty is vulnerable to Denial Of Service DoS. The vulnerability is due to the BrotliDecoder and certain decompression decoders allocating a large number of reachable byte buffers when processing specially crafted input, eventually leading to out-of-memory conditions...
Privilege Escalation
sap/xssecis vulnerable to Privilege Escalation. The vulnerability is due to a flaw where the library can incorrectly accept or elevate security context from untrusted input, and an unauthenticated attacker can exploit this by sending specially crafted requests or tokens to obtain arbitrary...
OS Command Injection
@aiondadotcom/mcp-ssh is vulnerable to OS command injection. The vulnerability is due to insufficient input validation in the file server-simple.mjs component, which allows unsanitized data to be incorporated into system-level command execution and therefore enables an attacker to execute arbitra...
HTTP Request Smuggling
eventlet is vulnerable to HTTP Request Smuggling. The vulnerability is due to improper handling of HTTP trailer sections, which allows an attacker to bypass front-end security controls, launch targeted attacks against active site users, and poison web caches...
Open Redirection
googlesignin is vulnerable to Open Redirection. The vulnerability is due to open redirect due to the proceedto session value accepting protocol-relative URLs which can be set via a malicious form submission, allowing an attacker to redirect users to another origin...
Denial Of Service (DoS)
github.com/consensys/gnark is vulnerable to Denial of Service DoS. The vulnerability is due to the fake-GLV scalar multiplication algorithm not converging quickly enough for certain inputs, which allows an attacker to trigger excessive computation and cause service disruption...
Cache Key Confusion
Next.js is vulnerable to cache key confusion. The vulnerability is due to improper handling of request headers in the Image Optimization API routes, which allows an attacker to receive cached image responses intended for authorized users...
Content Injection
Next.js is vulnerable to content injection. The vulnerability is due to attacker-controlled external image sources being able to trigger file downloads with arbitrary content and filenames under specific configurations, which allows an attacker to perform phishing or deliver malicious files...
Server-Side Request Forgery (SSRF)
Next.js is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to the improper use of the next function without explicitly passing the request object, which allows an attacker to exploit incorrectly forwarded user-supplied headers in self-hosted applications...
Unauthorized Disclosure Of Sensitive Data
github.com/rancher/fleet is vulnerable to Unauthorized Disclosure of Sensitive Data. The vulnerability is due to improper access control on BundleDeployment resources with GET or LIST permissions, which allows an attacker to retrieve Helm values containing credentials or other secrets...
Improper Access Control
com.liferay, com.liferay.portal.workflow.kaleo.runtime.impl is vulnerable to Improper Access Control. The vulnerability is due to improper access through the expandoTableLocalService, which allows an attacker to gain unauthorized access to sensitive resources...
Improper Session Invalidation
payload is vulnerable to Improper Session Invalidation. The vulnerability is due to JSON Web Tokens JWT not being invalidated after logout, which allows an attacker who has stolen or intercepted a token to reuse it until its expiration...
Path Traversal
org.opencastproject, opencast-user-interface-configuration is vulnerable to path traversal. The vulnerability is due to insufficient protections in the UI config module where the path is checked without validating the file separator, which allows an attacker to access files within other folders...
Denial Of Service (DoS)
github.com/rancher/rancher is vulnerable to Denial of Service DoS. The vulnerability is due to the lack of enforced request body size limits on certain public and authenticated API endpoints, which allows an attacker to send excessively large payloads that are fully loaded into memory during...
Session Fixation
Payload SQLite adapter is vulnerable to Session Fixation. The vulnerability is due to identifier reuse during account creation, which allows an attacker to reuse a previously saved JWT to authenticate and perform actions as another newly created user...
Arbitrary File Write
github.com/harness/gitness is vulnerable to Arbitrary file write. The vulnerability is due to improper sanitization of the upload path, which allows an attacker to craft a malicious upload request and write arbitrary files to any location on the file system...
Denial Of Service (DoS)
github.com/versity/versitygw is vulnerable to Denial Of Service DoS. The vulnerability is due to sending AWS chunk data without a Content-Length HTTP header, which causes the server to panic and crash, allowing an attacker to repeatedly trigger service disruption...
Denial Of Service (DoS)
github.com/hashicorp/vault is vulnerable to Denial of Service DoS. The vulnerability is due to processing specially crafted complex payloads within the default request size limit, which allows an attacker to consume excessive memory and CPU resources...
Out-of-Bounds Read
Exiv2 is vulnerable to Out-of-Bounds Read. The vulnerability is due to improper memory handling due to reading beyond allocated memory when writing metadata into a crafted image file, which can be exploited to cause denial of service by crashing Exiv2...
Denial Of Service (DoS)
Exiv2 is vulnerable to Denial-of-Service DoS. The vulnerability is due to a quadratic algorithm in the ICC profile parsing code in jpegBase::readMetadata, which can be exploited by crafted JPG image files to cause excessive processing time...
Weak Password Storage
github.com/neuvector/neuvector is vulnerable to Weak Password Storage. The vulnerability is due to storing user passwords and API keys with a simple, unsalted hash, making them susceptible to offline rainbow-table attacks...
Use Of Default Credentials
github.com/neuvector/neuvector is vulnerable to Use of Default Credentials. The vulnerability is due to hardcoded default password due to the use of a fixed string as the default admin password, which can be exploited if not changed immediately after deployment, allowing attackers with network...
Insertion Of Sensitive Information Into Log File
github.com/edgelesssys/contrast vulnerable to Insertion of Sensitive Information into Log File. The vulnerability is due to the logging configuration. An attacker can access sensitive information by exploiting the log output when the log level is set to info or debug...
Allocation Of Resources Without Limits
github.com/ulikunitz/xz is vulnerable to Allocation Of Resources Without Limits. The vulnerability is due to denial of service due to improper header validation that allows arbitrary data to be prepended to an LZMA stream, causing the implementation to allocate a full decode buffer and consume...
Insufficient Session Expiration
github.com/coder/coder/v2 is vulnerable to Insufficient Session Expiration. The vulnerability is due to session expiration bypass due to Coder allowing a web session to remain active when the OpenID Connect provider does not return a refresh token, so the session can continue past the IdP-issued...
Remote Code Execution (RCE)
picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization/execution because trace.Trace.runctx can be used to execute code from untrusted pickle or otherwise crafted inputs in the interpreter context, allowing arbitrary code execution...
Stored Cross-site Scripting (XSS)
formcms is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper validation of uploaded avatar files, which allows an attacker to upload malicious .html files containing JavaScript that execute in a privileged user’s browser when accessed via a public URL...
Remote Code Execution (RCE)
com.ritense.valtimo, core is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper restriction of script execution within process definitions in the Camunda/Operator engine, which allows admins with process-definition privileges to execute arbitrary code or access sensitiv...
Denial Of Service (DoS)
@plone/volto is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of specific URL requests which allows an attacker to crash the NodeJS server component and cause downtime...
Improper Access Control
contao/contao is vulnerable to Improper Access Control. The vulnerability is due to protected content elements rendered as fragments being indexed in the front-end search, which allows an attacker to access sensitive content publicly...
Improper Access Control
contao/contao is vulnerable to improper access control. The vulnerability is due to the table access voter in the back end not checking if a user is allowed to access the corresponding module, which allows an attacker to gain unauthorized access to restricted modules...
Improper Access Control
contao/contao is vulnerable to Improper Access Control. The vulnerability is due to news feeds not filtering protected news archives, which allows an attacker to access and view restricted news items through the public RSS feed...
Improper Access Control
contao/contao is vulnerable to Improper Access Control. The vulnerability is due to insufficient permission validation in certain conditions, which allows an attacker to edit fields of pages and articles without the necessary permissions...
Information Disclosure
github.com/neuvector/neuvector is vulnerable to information disclosure. The vulnerability is due to passwords in Java command parameters being logged in security event logs when a process rule violation occurs, which allows an attacker to obtain sensitive credentials...
Arbitrary Code Execution
ImageMagick is vulnerable to Arbitrary Code Execution. The vulnerability is due to format string vulnerability due to user input being passed directly to FormatLocaleString without proper sanitization, allowing attackers to overwrite arbitrary memory and potentially achieve remote code execution...
Remote Code Execution (RCE)
picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe execution/deserialization due to runcommand executing untrusted input e.g., data from malicious pickle files or injected code in the interpreter context, allowing arbitrary code execution...
Remote Code Execution (RCE)
picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of pickle files in UnixSubprocessTransport.start, which allows an attacker to execute arbitrary code by providing a malicious pickle file...
Remote Code Execution (RCE)
picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to the idlelib.run.Executive.runcode function executing arbitrary pickle files, which allows an attacker to run malicious code remotely...
Arbitrary Code Execution (ACE)
picklescan is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to the use of doctest.debugscript to execute remote pickle files, which allows an attacker to execute arbitrary code on the target system...
Insecure Deserialization
picklescan is vulnerable to insecure deserialization. The vulnerability is due to the use of the lib2to3.pgen2.pgen.ParserGenerator.makelabel function to execute remote pickle files, which allows an attacker to run arbitrary code...
Insecure Deserialization
picklescan is vulnerable to insecure deserialization. The vulnerability is due to executing remote pickle files using profile.Profile.run, which allows an attacker to run arbitrary code on the system...
Remote Code Execution (RCE)
picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe execution/deserialization because idlelib.pyshell.ModifiedInterpreter.runcode can execute untrusted code e.g., from malicious pickle data in the interpreter context...