Insecure Deserialization

picklescan is vulnerable to insecure deserialization. The vulnerability is due to using the getentity function to execute a remote pickle file, which allows an attacker to run arbitrary code...

Remote Code Execution (RCE)

picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to executing a remote pickle file without proper validation, which allows an attacker to run arbitrary code on the target system...

Remote Code Execution (RCE)

cProfile is vulnerable to Remote Code Execution RCE.The vulnerability is due to unsafe deserialization/execution because cProfile.runctx can be abused to execute code from untrusted pickle files passed into its execution context...

Insecure Deserialization

picklescan is vulnerable to insecure deserialization. The vulnerability is due to the use of the loads function to execute remote pickle files, which allows an attacker to execute arbitrary code...

Arbitrary File Upload

xml2rfc is vulnerable to Arbitrary File Upload. The vulnerability is due to improper input sanitization because an attacker can inject a malicious element into the XML used to generate the PDF, causing the generator to read and include arbitrary filesystem files...

Denial Of Service (DoS)

ImageMagick is vulnerable to Denial of Service. The vulnerability is due to improper handling of geometry strings containing only a colon ":", which sets width/height to zero and leads to a divide-by-zero error, which allows an attacker to crash the application via a crafted input...

Insecure Deserialization

picklescan is vulnerable to insecure deserialization. The vulnerability is due to the use of the ensurepip.runpip function to execute remote pickle files, which allows an attacker to run arbitrary code...

Query Depth Restriction Bypass

@escape.tech/graphql-armor-max-depth is vulnerable to query depth restriction bypass. The vulnerability is due to the ignoreIntrospection option being enabled by default, which allows an attacker to bypass the max-depth restriction by naming a query or fragment schema...

Insecure Deserialization

picklescan is vulnerable to insecure deserialization. The vulnerability is due to the use of torch.utils.bottleneck.main.runautogradprof function to execute remote pickle files, which allows an attacker to run arbitrary code on the system...

Allocation Of Resources Without Limits

@escape.tech/graphql-armor-max-depth is vulnerable to Allocation Of Resources Without Limits. The vulnerability is due to improper introspection handling because when ignoreIntrospection is enabled the default, an attacker can name a query/fragment schema to evade max-depth checks and craft...

Remote Code Execution (RCE)

picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization due to trace.Trace.run executing code from untrusted pickle files, which can execute arbitrary code when a malicious pickle is loaded...

Remote Code Execution (RCE)

picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to insecure deserialization because profile.Profile.runctx can be abused to execute malicious pickle files...

Heap-Based Buffer Overflow

ImageMagick is vulnerable to heap-based buffer overflow. The vulnerability is due to a 32-bit integer overflow in the BMP encoder’s scanline-stride computation, which allows an attacker to overwrite adjacent heap memory with controlled bytes leading to heap corruption...

Denial Of Service (DoS)

llamaindexcore is vulnerable to Denial of Service DoS. The vulnerability is due to uncontrolled recursion when parsing deeply nested JSON files, which allows an attacker to cause high resource consumption and potential crashes of the Python process...

Information Disclosure

github.com/traptitech/traq is vulnerable to Information Disclosure. The vulnerability is due to sensitive information such as OAuth tokens being recorded in SQL error log files when a query fails, which allows an attacker with log access to intentionally trigger errors and acquire the exposed dat...

Denial Of Service (DoS)

jspdf is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of unsanitized image data or URLs in the addImage method, which allows an attacker to supply a malicious PNG file that triggers high CPU utilization and denial of service...

Insecure Deserialization

picklescan is vulnerable to Insecure Deserialization. The vulnerability is due to the use of AutoComplete.getentity to execute remote pickle files, which allows an attacker to run arbitrary code on the target system...

Insecure Deserialization

picklescan is vulnerable to Insecure Deserialization. The vulnerability is due to the use of AutoComplete.fetchcompletions executing remote pickle files, which allows an attacker to run arbitrary code on the system...

Deserialization Of Untrusted Data

picklescan is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to the function fetching and unpickling remote pickle files without validation, which allows an attacker to supply a crafted pickle that executes arbitrary code when deserialized...

Remote Code Execution (RCE)

picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to using the cProfile.run function to execute a remote pickle file, which allows an attacker to execute arbitrary code on the affected system...

Information Disclosure

nx is vulnerable to Information Disclosure. The vulnerability is due to malicious package versions containing code that scans the file system and collects credentials, which allows an attacker to exfiltrate sensitive data by posting it to GitHub under the victim’s account...

Server-Side Template Injection

solspace/craft-freeform is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to improper input handling because the submission title field in forms allows arbitrary code injection when edited by users with form editing access...

SQL Injection

github.com/suyuan32/simple-admin-core is vulnerable to SQL Injection. The vulnerability is due to insufficient input validation because the /sys-api/role/update interface fails to properly sanitize user input, allowing partial data leakage or disruption of system operations...

Open Redirect

googlesignin is vulnerable to open redirect. The vulnerability is due to improper validation of crafted URLs that bypass the "same origin" check, which allows an attacker to redirect users to a malicious origin and potentially chain it with arbitrary data injection into session cookies...

Privilege Escalation

Kubernetes is vulnerable to Privilege Escalation. The vulnerability is due to improper access control because node users can patch their node object with an OwnerReference to a cluster-scoped resource, leading to unintended node deletion via garbage collection...

Sensitive Information Disclosure

Liferay Portal is vulnerable to Sensitive Information Disclosure.The vulnerability is due to improper tenant isolation because admin users of a virtual instance can add pages outside the default instance, allowing tenants to enumerate all other tenants...

Prototype Pollution

devalue is vulnerable to prototype pollution. The vulnerability is due to devalue.parse not validating that an index is numeric, which allows an attacker to pass a crafted string with a proto property to assign prototypes to objects and properties...

Arbitrary Code Execution

badaso/core is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to improper content-type validation in the Media Manager file-upload endpoint, which allows an attacker to upload PHP files disguised as other formats and execute arbitrary system commands, leading to full host...

Heap Buffer Overflow

ImageMagick is vulnerable to Heap Buffer Overflow. The vulnerability is due to improper memory handling because images with separate alpha channels during magnification in ReadOneMNGImage can leak memory contents into the output image...

Heap Buffer Overflow

ImageMagick is vulnerable to Heap Buffer Overflow. The vulnerability is due to improper memory handling because crafted TIFF files can trigger a buffer overflow and cause the application to crash...

Unauthorized Access

Liferay Portal is vulnerable to Unauthorized Access. The vulnerability is due to improper access control because unauthenticated users guests can access files uploaded by object entries and stored in documentlibrary via direct URL...

Cross-site Scripting (XSS)

Liferay Portal is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input validation because the application fails to sanitize the referer or FORWARDURL parameters, allowing attackers to inject JavaScript using %00...

Improper Input Validation

xgrammar is vulnerable to improper input validation. The vulnerability is due to the lack of validation on user-supplied grammars, which allows an attacker to easily trigger the flaw and potentially exploit affected tools that pass untrusted grammars to xgrammar...

Open Redirect

com.liferay, com.liferay.info.impl is vulnerable to Open Redirect. The vulnerability is due to improper validation of the /c/portal/editinfoitem redirect parameter, which allows an attacker to redirect users to a malicious site...

Stored Cross-site Scripting (XSS)

com.liferay, com.liferay.plugins.admin.web is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization in the components tab, which allows an attacker to inject and execute arbitrary web scripts or HTML in the victim’s browser...

Heap Buffer Overflow

ImageMagick is vulnerable to heap buffer overflow. The vulnerability is due to an off-by-one error in the InterpretImageFilename function when handling format strings with consecutive percent signs %%, which allows an attacker to trigger out-of-bounds memory access...

Memory Corruption

libtiff.so is vulnerable to memory corruption. The vulnerability is due to improper handling in the May function of tiffcrop.c within the tiffcrop component, which allows an attacker to exploit it locally leading to memory corruption...

Denial Of Service (DoS)

Liferay Portal is vulnerable to Denial of Service DoS. The vulnerability is due to insufficient restrictions on file uploads through forms, which are stored in the documentlibrary, allowing an attacker to upload unlimited files and cause a potential DDoS...

Reflected Cross-Site Scripting (Reflected XSS)

Liferay Portal is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to improper input validation in the frontend-editor-ckeditor-web/ckeditor/samples/old/ajax.html path, which allows a remote unauthenticated attacker to inject and execute arbitrary JavaScript in the...

Privilege Defined With Unsafe Actions

org.apache.cassandra, cassandra-all is vulnerable to Privilege Defined With Unsafe Actions. The vulnerability is due to unsafe actions on a system resource, which allow a user with MODIFY permission on all keyspaces to escalate privileges to superuser within an Apache Cassandra cluster...

Memory Leakage

ImageMagick is vulnerable to Memory Leakage. The vulnerability is due to improper handling of format specifiers because multiple consecutive %d in a filename template within the magick stream command trigger memory leakage...

Stack-based Buffer Overflow

ImageMagick is vulnerable to stack-based buffer overflow. The vulnerability is due to improper pointer arithmetic when multiple consecutive %d format specifiers are used in the magick mogrify command filename template, which allows an attacker to trigger a stack overflow through vsnprintf...

Stored Cross-site Scripting (XSS)

com.liferay, com.liferay.journal.service is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper validation of user input in the web content text field, which allows a remote unauthenticated attacker to inject malicious JavaScript and execute it in the context of a...

Denial Of Service (DoS)

vrana/adminer is vulnerable to Denial of Service. The vulnerability is due to improper handling of crafted serialized payloads in Monolog logging, which allows an attacker to trigger excessive memory consumption via malicious serialized objects, leading to PHP Object Injection and server-level Do...

Request Smuggling

h2 is vulnerable to request smuggling. The vulnerability is due to improper validation of header names/values when downgrading HTTP/2 requests to HTTP/1.1, which allows an attacker to inject CRLF characters, manipulate request boundaries, and bypass security controls...

Denial Of Service (DoS)

Axios is vulnerable to Denial-of-Service. The vulnerability is due to improper handling of data: scheme URLs, where the Node.js HTTP adapter decodes the entire payload into memory and ignores size limits, allowing attackers to supply a very large data URI to cause unbounded memory allocation and...

HTTP Request Smuggling (HRS)

mitmproxy is vulnerable to HTTP request smuggling. The vulnerability is due to mitmproxy embedding python-hyper/h2 ≤ v4.2.0 which has a gap in its HTTP/2 header validation, which allows an attacker to smuggle requests when mitmproxy translates HTTP/2 to HTTP/1...

Remote Code Execution (RCE)

craftcms/cms is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of template inputs in Twig, which allows an attacker to inject malicious templates and execute arbitrary code on the server...

Server-Side Request Forgery (SSRF)

phpoffice/phpspreadsheet is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper input validation because the setPath method in the PhpOffice\PhpSpreadsheet\Worksheet\Drawing class allows attackers to craft requests to internal resources...

Denial Of Service (DoS)

ImageMagick is vulnerable to Denial of Service DoS. The vulnerability is due to a function-type-mismatch in the splay tree cloning callback, which allows an attacker to trigger a deterministic abort under UBSan, leading to service disruption in sanitizer builds...