Insecure Direct Object Reference (IDOR)

Liferay Portal including Liferay DXP is vulnerable to an Insecure Direct Object Reference IDOR. The vulnerability is due to the Contacts Center widget directly exposing the comliferaycontactswebportletContactsCenterPortletentryId parameter without proper authorization checks. An attackers can use...

Improper Authentication

flowise is vulnerable to Improper Authentication. The vulnerability is due to minimal authentication and lack of role-based access controls RBAC, followed by the default installation operating without authentication unless explicitly configured, which allows an attacker to execute unauthorized OS...

Improper Certificate Validation

KubernetesClient is vulnerable to Improper Certificate Validation. The vulnerability is due to inadequate verification of the certificate trust chain, which allows an attacker to present a forged certificate and perform man-in-the-middle attacks or impersonate the Kubernetes API server...

Cross-site Scripting

Liferay Portal is vulnerable to Cross-Site Scripting. The vulnerability is due to the Calendar events feature failing to escape or validate HTML in the First Name, Middle Name, and Last Name text fields, and attackers can exploit this by submitting crafted payloads into those fields to execute...

Path Traversal

esm.sh is vulnerable to Path Traversal. The vulnerability is due to improper validation of the X-Zone-Id HTTP header when constructing filesystem paths, which allows an attacker to use ../ sequences to write files outside the intended storage directory and access arbitrary locations on the system...

Uncontrolled Recursion

express-xss-sanitizer is vulnerable to uncontrolled recursion. The vulnerability is due to an unbounded recursion depth in the sanitize function in lib/sanitize.js when processing a JSON request body, which allows an attacker to cause a denial of service by triggering infinite recursion...

Improper Access Control

Dragonfly is vulnerable to Improper Access Control. The vulnerability is due to the /api/v1/jobs and /preheats endpoints in the Manager web UI being accessible without authentication, which allows an unauthenticated attacker with network access to create numerous malicious jobs and cause a...

Regular Expression Denial Of Service (ReDoS)

Transformers is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient handling of numeric strings in the normalizenumbers method of the EnglishNormalizer class, which allows an attacker to exploit crafted input with long digit sequences to cause excessi...

Relative Path Traversal

Apache Tomcat is vulnerable to Path Traversal. The vulnerability is due to the rewritten URL being normalized before it was decoded. This allows an attackers to manipulate the request URI and, if PUT is enabled, upload malicious files to bypass security constraints protecting /WEB-INF/ and...

Deserialization Of Untrusted Data

com.hubspot.jinjava, jinjava is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to use of mapper.getTypeFactory.constructFromCanonical which allows the underlying ObjectMapper to deserialize attacker-controlled input into arbitrary classes...

Improper Certificate Validation

Dragonfly is vulnerable to Improper Certificate Validation. The vulnerability is due to the Manager’s Certificate gRPC service not verifying whether the requested IP addresses belong to the requesting peer, which allows an attacker to obtain valid TLS certificates for arbitrary IP addresses and...

Improper Neutralization Of Escape, Meta, Or Control Sequences

Apache Tomcat is vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences vulnerability. The vulnerability is due to Tomcat logging unescaped, user-controlled URL data to console output, and attackers can use specially crafted URLs to inject ANSI escape sequences to manipulate...

Improper Input Sanitization

github.com/mattermost/mattermost-server is vulnerable to improper input sanitization. The vulnerability is due to insufficient sanitization of user data during shared channel membership synchronization, which allows an attacker from a malicious or compromised remote cluster to access sensitive us...

Arbitrary File Read

flowise is vulnerable to an arbitrary file read. The vulnerability is due to improper validation of the chatId parameter in the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints, which allows an attacker to read unintended files on the local filesystem and potentially...

Stored Cross-Site Scripting (XSS)

Liferay Portal is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper input validation in the Instance Configuration’s CDN Host HTTP and CDN Host HTTPS text fields, which allows an authenticated instance administrator to inject arbitrary web scripts or HTML into al...

Server Side Request Forgery (SSRF)

Ghost is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of user-supplied URLs, which allows an attacker to send crafted requests to internal resources and potentially access sensitive information...

Server-Side Request Forgery (SSRF)

hackmd-mcp is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of user-supplied hackmdApiUrl values via the Hackmd-Api-Url HTTP header or a base64-encoded JSON query parameter, which allows an attacker to redirect outbound API requests to internal...

NULL Pointer Dereference

Dragonfly is vulnerable to NULL Pointer Dereference. The vulnerability is due to improper handling of function return values, where a value is dereferenced even when the function returns an error, which allows an attacker to trigger a nil dereference and cause a denial of service through...

Improper Input Validation

Dragonfly is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation in the gRPC and HTTP APIs, which allows an attacker to send crafted requests that create or read arbitrary files on a peer’s system, leading to data theft and potential remote code execution...

Timing Attack

Dragonfly is vulnerable to Timing Attack. The vulnerability is due to the use of simple string comparisons in the Proxy feature’s access control mechanism, which allows an attacker to guess the password one character at a time by analyzing response time variations...

Hash Collision Weakness

Dragonfly is vulnerable to Hash Collision Weakness. The vulnerability is due to the use of insecure hash functions such as MD5 for verifying downloaded files, which allows an attacker to craft malicious files with colliding hashes and replace legitimate files without detection...

Man-In-The-Middle (MITM)

Dragonfly is vulnerable to Man-in-the-Middle MitM attack. The vulnerability is due to the scheduler being hardcoded to use the insecure HTTP protocol for downloading tiny files, which allows an attacker to intercept and modify network requests to deliver malicious or altered data...

Client-Side Path Traversal

Nuxt is vulnerable to Client-Side Path Traversal. The vulnerability is due to improper validation of user-controlled data within the Island payload revival mechanism, which allows an attacker to craft malicious nuxtisland objects that manipulate client-side requests to arbitrary endpoints within...

Improper Access Control

@executeautomation/database-server is vulnerable to Improper Access Control. The vulnerability is due to inadequate enforcement of the “read-only” mode in the npm distribution, which allows an attacker to perform unauthorized operations on connected databases such as PostgreSQL...

Sensitive Information Exposure

com.liferay.portal, com.liferay.portal.kernel is vulnerable to Sensitive Information Exposure. The vulnerability is due to remote staging not properly obtaining the live site's remote address from the database, which allows remote authenticated users—who can obtain the staging server’s shared...

Improper Command Restriction

mcp-kubernetes-server is vulnerable to improper command restriction. The vulnerability is due to incomplete validation of chained commands in the implementation of --disable-write and --disable-delete, which allows an attacker to bypass restrictions and execute unauthorized write or delete...

Denial Of Service (DoS)

go.temporal.io/server is vulnerable to Denial of service DoS. The vulnerability is due to insufficiently specific bounds checking on the authorization header, which allows an attacker to trigger excessive memory allocation leading to a denial of service...

Account Takeover

color is vulnerable to Account Takeover. The vulnerability is due to a phishing-based takeover of the npm publishing account, which allowed an attacker to inject malware that attempted to redirect cryptocurrency transactions in browser environments...

Cross-site Scripting (XSS)

io.vertx:vertx-web is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper escaping of file and directory names in generated HTML when directory listing is enabled, which allows an attacker to craft malicious filenames that execute arbitrary scripts in the browser of users...

Command Injection

org.fitnesse:fitnesse is vulnerable to Command Injection. The vulnerability is due to improper validation of user-supplied input, which allows a remote authenticated attacker to inject and execute arbitrary operating system commands...

Cross-site Scripting

com.liferay.account.admin.web is vulnerable to Cross-Site Scripting. The vulnerability is due to insufficient input validation and improper output encoding due to the Account "Name" text field. This allows an attacker can inject a crafted payload into that field which is stored and later rendered...

Cross-site Scripting

com.liferay.commerce.order.web is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input validation and output encoding due to the Account “Name” text field accepting unneutralized input; an attacker can inject a crafted payload into that field which is stored and...

Timing Attack

com.ongres.scram:scram-common is vulnerable to Timing Attack. The vulnerability is due to the use of Arrays.equals for comparing sensitive authentication values, which performs short-circuit evaluations and causes variable execution times, allowing an attacker to exploit timing differences to inf...

Deserialization Of Untrusted Data

h2o is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to improper handling of JDBC connection parameters with insufficient input validation, which allows an attacker to bypass regular expression checks using double URL encoding and subsequently read arbitrary files or...

Cross-site Scripting

com.liferay.portal.workflow.kaleo.designer.web is vulnerable to Cross-Site Scripting. The vulnerability is due to the workflow builder accepting and persisting crafted input without neutralizing HTML/JavaScript, allowing attackers to inject arbitrary web script or HTML by submitting specially...

Improper Domain Name Validation

com.liferay.portal, com.liferay.portal.impl is vulnerable to an improper domain name validation. The vulnerability is due to incorrect identification of the subdomain in domain names, which can lead to the creation of a supercookie, allowing an attacker controlling a website with the same top-lev...

Stored Cross-Site Scripting (XSS)

n8n is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user input in the initialMessages field of the @n8n/n8n-nodes-langchain.chatTrigger component, which allows an attacker to inject malicious JavaScript that executes in the browser of users...

Cross-site Scripting (XSS)

com.liferay, com.liferay.dynamic.data.mapping.form.field.type is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper validation of user-supplied input in rich text type fields within objects, which allows an attacker to inject and execute arbitrary web scripts or HTML...

Cross-site Scripting

dotnetnuke.core is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper encoding of user input in URL and template rendering, allowing attackers to inject malicious scripts that execute in victims’ browsers...

Cross-site Scripting

dotnetnuke.core is vulnerable to Cross-Site Scripting. The vulnerability is due to lack of input sanitization of module titles due to administrators and content editors being able to set raw HTML including JavaScript in titles, allowing attackers to inject scripts that execute in other user's...

SQL Injection

net.mingsoft:ms-mcms is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the contenttitle parameter in the /cms/content/list endpoint, which allows an attacker to inject and execute arbitrary SQL queries through crafted input in the FreeMarker template rendering...

Cross-site Scripting (XSS)

net.mingsoft:ms-mcms is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper validation of user-supplied input, which allows an attacker to inject and execute arbitrary JavaScript in the victim’s browser through a crafted payload...

Improper Access Control

Liferay Portal is vulnerable to Improper Access Control. The vulnerability is due to the default membership type being set to “Open” due to newly created sites allowing any registered user to become a member, enabling remote attackers who join the site to view, add, or edit content...

Improper Authentication

com.liferay, com.liferay.multi.factor.authentication.timebased.otp.web is vulnerable to improper authentication. The vulnerability is due to the reuse of time-based one-time passwords TOTP within their validity period, which allows an attacker with access to a user’s TOTP to authenticate as that...

Predictable Random Number Generator (PRNG)

org.sakaiproject.kernel, sakai-kernel-impl is vulnerable to Use of a Predictable Random Number Generator PRNG. The vulnerability is due to the use of java.util.Random, a non-cryptographic PRNG, for initializing the AES256TextEncryptor password, which allows an attacker to predict the encryption k...

Improper Access Control

com.liferay.portal, release.portal.bom is vulnerable to improper access control. The vulnerability is due to the failure to restrict API access before a user changes their initial password, which allows an attacker to remotely access and modify content via the API...

Identity Spoofing

org.igniterealtime.openfire, xmppserver is vulnerable to identity spoofing. The vulnerability is due to regex-based extraction of the Common Name CN from an unescaped, provider-dependent Distinguished Name DN string, which allows an attacker to impersonate other users using crafted certificate...

Denial-of-Service (DoS)

Liferay Portal is vulnerable to a Denial-of-Service DoS. The vulnerability is due to the application not limiting the number of objects returned from GraphQL queries, which allows an attacker to execute queries that return a large number of objects and exhaust system resources...

Stored Cross-Site Scripting (XSS)

com.liferay, com.liferay.users.admin.web is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization or escaping of user input in organization site names, which allows an attacker to inject and execute malicious JavaScript code on affected instances...

Improper Access Control

io.vertx:vertx-web is vulnerable to Improper Access Control. The vulnerability is due to a flaw in the StaticHandler configuration that restricts access only to hidden files but not hidden directories, which allows an attacker to access sensitive files such as .git/config within hidden directorie...