Content Spoofing

org.wso2.identity.apps:authentication-portal is vulnerable to Content Spoofing. The vulnerability is due to improper handling and validation of error messages passed through URL parameters, which allows an attacker to inject arbitrary content into the user interface and deceive users through...

Log Injection

Jenkins is vulnerable to Log Injection. The vulnerability is due to insufficient restriction or sanitization of user-supplied content in log messages, which allows an attacker to inject line break characters and forge log entries, misleading administrators during log reviews...

Expression Language Injection

Spring Cloud Gateway Server Webflux is vulnerable to Expression Language Injection. The vulnerability is due to unsafe SpEL evaluation in routes due to the actuator gateway endpoint being exposed and accessible to untrusted users; attackers can create routes that use SpEL to read environment...

Supply Chain Attack

@metamask/sdk, @metamask/sdk-communication-layer, and @metamask/sdk-react are vulnerable to Supply Chain Attack. The vulnerability is due to a compromised debug package that injected malicious code, allowing attackers to intercept or tamper with dApp-to-wallet communications...

Cross-site Scripting (XSS)

com.liferay, com.liferay.dynamic.data.mapping.form.field.type is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation of user-supplied input in "Rich Text" type fields within web content structures, document types, or custom assets using the Data Engine module,...

Remote Code Execution (RCE)

Flowise is vulnerable to remote code execution RCE. The vulnerability is due to unsanitized evaluation of user input in the “Supabase RPC Filter” field, which allows an attacker to execute arbitrary code on the affected system...

Regular Expression Denial Of Service (ReDoS)

transformers is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression processing in the removelanguagecode method of the MarianTokenizer, which allows an attacker to exploit crafted input strings with malformed language code patterns ...

Server-Side Request Forgery (SSRF)

Flowise is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of user-supplied URLs in the /api/v1/fetch-links endpoint, which allows an attacker to exploit the server as a proxy to access internal network resources and explore their link structures...

Cross-site Scripting (XSS)

org.apache.geode, geode-web-api is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of user input in the web API REST interface, which allows an attacker to inject malicious scripts and execute arbitrary code on the returned page, potentially leading to...

Incorrect Execution-Assigned Permissions

org.apache.streampark:streampark is vulnerable to Incorrect Execution-Assigned Permissions. The vulnerability is due to improper handling of execution-assigned permissions, which allows an attacker to gain unauthorized access or execute actions with elevated privileges...

Protection Mechanism Failure

picklescan is vulnerable to Protection Mechanism Failure. The vulnerability is due to improper module name validation in the unsafe globals check, which allows an attacker to bypass security filters by using submodules of dangerous packages e.g., asyncio.unixevents, leading to the execution of...

Improper Authorization

com.liferay, com.liferay.organizations.item.selector.web is vulnerable to an improper authorization. The vulnerability is due to the organization selector not checking user permissions, which allows an attacker to obtain a list of all organizations...

Improper Input Validation

@anthropic-ai/claude-code is vulnerable to Improper Input Validation. The vulnerability is due to an error in command parsing that allows an attacker to bypass the confirmation prompt and trigger execution of untrusted commands by injecting malicious content into a Claude Code context window...

Cross-site Scripting (XSS)

wabac.js is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of the requestURL parameter embedded directly into an inline...

Insecure Direct Object Reference (IDOR)

com.liferay, com.liferay.object.service is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient access control between virtual instances, which allows an attacker to access, create, edit, or relate data and object entries/definitions across different virtu...

Account Takeover

Flowise is vulnerable to Account Takeover. The vulnerability is due to the forgot-password endpoint returning a valid password reset tempToken without authentication or verification, which allows an attacker to generate reset tokens for arbitrary users and reset their passwords...

Privilege Escalation

intelliants/subrion is vulnerable to privilege escalation. The vulnerability is due to improper access control in the built-in “Run SQL Query” feature under the SQL Tool admin panel, which allows authenticated administrators or moderators to execute arbitrary SQL commands and gain escalated...

Improper Input Validation

Hono is vulnerable to improper input validation. The vulnerability is due to a flaw in the bodyLimit middleware that prioritized the Content-Length header over Transfer-Encoding: chunked, which allows an attacker to bypass the configured request body size limit and potentially cause a denial of...

Cross-site Scripting

jsondiffpatch is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization in HtmlFormatter::nodeBegin, allowing attackers to inject malicious scripts that execute when the HTML formatter renders untrusted diff content...

HTTP Request Smuggling

ASP.NET Core is vulnerable to HTTP Request Smuggling.The vulnerability is due to inconsistent interpretation of HTTP requests between front-end and back-end components, which allows an authorized attacker to bypass security features over a network...

DNS Rebinding

Neo4j Cypher MCP is vulnerable to DNS Rebinding. The vulnerability is due to the MCP server trusting requests from rebinding hostnames, and attackers can lure users to a malicious website that rebinding succeeds on to bypass Same-Origin Policy and invoke tools against local Neo4j instances...

Cross-site Scripting

Liferay Portal is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization in the /c/portal/comment/discussion/geteditor endpoint, allowing attackers to inject and execute arbitrary web scripts in a victim’s browser...

Stored Cross-site Scripting (XSS)

Liferay Portal is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization in the remote app title field, which allows an attacker to inject arbitrary web scripts or HTML content that can be executed in a user’s browser...

Information Disclosure

Liferay Portal is vulnerable to Information Disclosure. The vulnerability is due to improper handling of object entry enumeration responses, which allows an attacker to determine the existence of specific External Reference Codes ERC in the application by exploiting response time differences...

Reflected Cross-Site Scripting (XSS)

com.liferay, com.liferay.portal.search.web is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to improper input validation of user-supplied data in the search bar portlet URL, which allows an attacker to inject and execute arbitrary web scripts or HTML in a victim’s...

Improper Access Control

flaskappbuilder is vulnerable to improper access control. The vulnerability is due to the password reset endpoint remaining accessible when using OAuth, LDAP, or other non-database authentication methods, which allows an attacker to reset passwords and create valid JWT tokens even for disabled us...

Malware Injection

prebid-universal-creative is vulnerable to malware injection. The vulnerability is due to the inclusion of crypto-related malicious code and the latest release, which allows an attacker to execute unauthorized cryptocurrency-related operations on affected systems...

Improper Input Validation

picklescan is vulnerable to Improper Input Validation. The vulnerability is due to inadequate validation in the scanning logic that fails to properly inspect pickle files with PyTorch-related extensions, which allows an attacker to bypass security checks and execute malicious code when the file i...

Protection Mechanism Failure

picklescan is vulnerable to Protection Mechanism Failure. The vulnerability is due to improper error handling in the ZIP archive scanning component when processing files with a bad Cyclic Redundancy Check CRC, which allows an attacker to craft a malicious ZIP archive that halts the scan and...

Improper Authentication

github.com/spectolabs/hoverfly is vulnerable to Improper Authentication. The vulnerability is due to the admin WebSocket endpoint /api/v2/ws/logs not being protected by the same authentication middleware as the REST admin API, which allows an unauthenticated remote attacker to access and stream...

Privilege Escalation

PyInstaller is vulnerable to Privilege Escalation. The vulnerability is due to the bootstrap process appending a special entry to sys.path and attempting to load an optional bytecode-decryption module while that entry is present, which allows an attacker who can create files/directories next to t...

Command Injection

@anthropic-ai/claude-code is vulnerable to Command Injection. The vulnerability is due to the application executing a command templated with git config user.email at startup without validating or sanitizing the input, which allows an attacker to use a maliciously configured Git user email to...

Race Condition

@angular/platform-server, @angular/ssr and @nguniversal/common are vulnerable to Race Condition. The vulnerability is due to the platform injector being stored as a module-scoped global variable during server-side rendering, which allows concurrent requests to overwrite or access each other’s...

Command Injection

interactive-git-checkout is vulnerable to Command Injection. The vulnerability is due to the application passing unsanitized branch names directly to the git checkout command using Node.js’s exec function, which allows an attacker to inject malicious commands and execute arbitrary code on the...

Command Injection

Hoverfly is vulnerable to Command Injection. The vulnerability is due to improper input validation in the middleware endpoint due to the binary and script parameters being passed directly into a system without sanitization. This allows an attacker to supply crafted values for those parameters to...

Broken Access Control

Indico is vulnerable to Broken Access Control. the vulnerability is due to improper authorization logic that fails to verify the caller's privileges, allowing attackers to invoke the API and obtain profile details of other users without admin permissions...

Improper Validation Of Certificate Expiration

Infrahub is vulnerable to Improper Validation of Certificate Expiration. The vulnerability is due to a flaw in the authentication logic that improperly validates API token expiration, allowing deleted or expired tokens to be treated as valid. This allows an attackers to gain unauthorized access b...

Cross-Site Scripting (XSS)

indico is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization when rendering LaTeX math code in contribution or abstract descriptions, which allows an attacker to inject and execute malicious scripts in the user’s browser...

Reflective Cross-Site Scripting (XSS)

shopware/core is vulnerable to Reflective Cross-Site Scripting XSS. The vulnerability is due to improper input validation in CMS components, which allows an attacker to inject malicious scripts that execute in the user’s browser, enabling the theft of session cookies and administrative tokens or...

Cross-site Scripting

Liferay Portal is vulnerable to Cross-Site Scripting. The vulnerability is due to improper input validation and output encoding in the My Workflow Tasks page due to user-supplied task/comment fields being stored without sanitization. An attacker can submit crafted content that is saved and later...

Arbitrary File Read

xml2rfc is vulnerable to Arbitrary file read. The vulnerability is due to improper input sanitization when generating PDF files, which allows an attacker to inject a malicious link element into the prepped RFCXML and read arbitrary files from the filesystem...

Stored Cross-Site Scripting (XSS)

decap-cms is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization and escaping of user-controlled input fields such as title, description, tags, and body in the admin preview pane, which allows an attacker with low-privilege access to inject...

Insecure Deserialization

monai is vulnerable to Insecure Deserialization. The vulnerability is due to loading of untrusted checkpoint files like torch.load used without safe guards. This allows an attacker to supply a crafted checkpoint that executes arbitrary code during deserialization...

Cache Poisoning

github.com/coredns/coredns is vulnerable to Cache Poisoning. The vulnerability is due to the etcd plugin incorrectly using 64-bit lease IDs as 32-bit TTL values in the TTL function, which allows an attacker to create very large TTLs that enable DNS cache pinning attacks, potentially causing a...

Command Injection

OctoPrint is vulnerable to Command Injection. The vulnerability is due to improper handling of specially crafted filenames in uploaded files that can be included in system commands defined in event handlers, which allows an authenticated attacker to execute arbitrary commands when the correspondi...

Remote Code Execution (RCE)

mahocommerce/maho is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation of uploaded file types in the product management module, which allows an attacker with staff access to upload malicious .php files and execute arbitrary code on the server...

Improper Input Validation

datahihi1/tiny-env is vulnerable to Improper Input Validation. The vulnerability is due to missing sanitization of characters, allowing attackers to inject comment text that can cause misconfigurations or authentication failures...

Reduced Password Entropy

typo3/cms-core is vulnerable to reduced password entropy. The vulnerability is due to a deterministic three-character prefix in the Password Generation component, which reduces randomness and allows an attacker to perform brute-force attacks more efficiently...

Deserialization Of Untrusted Data

monai is vulnerable to Unsafe Deserialization. The vulnerability is due to the pickleoperations function automatically deserializing dictionary key-value pairs with a specific suffix without any validation, An attackers can supply crafted pickle payloads to execute arbitrary code when those value...

Information Disclosure

typo3/cms-core is vulnerable to Information Disclosure. The vulnerability is due to improper handling of error messages in the File Abstraction Layer, which exposes full file paths during failed file-system operations, allowing an attacker to disclose sensitive system information...