Username Enumeration

Liferay Portal is vulnerable to Username Enumeration. The vulnerability is due to information disclosure because attackers can determine if an account exists by measuring differences in server processing time during login requests...

Path Traversal

qbitmanage is vulnerable to Path Traversal. The vulnerability is due to improper validation of the backupid parameter in the restoreconfigfrombackup endpoint, which allows an attacker to bypass directory restrictions and read arbitrary files from the server filesystem...

Privilege Escalation

langflow is vulnerable to privilege escalation. The vulnerability is due to improper access control in Langflow containers, where an authenticated user with RCE access can invoke the internal langflow superuser CLI command to create an administrative account, which allows an attacker to gain full...

Integer Overflow

ImageMagick is vulnerable to integer overflow. The vulnerability is due to unsafe magnified size calculations in the ReadOneMNGImage function coders/png.c, which allows an attacker to trigger memory corruption and potentially exploit the application...

Path Traversal

github.com/mattermost/mattermost-server is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths during plugin import operations, which allows an attacker with restricted admin privileges to install unauthorized custom plugins by bypassing plugin signature...

Cross-site Scripting (XSS)

UnoPim is vulnerable to a stored cross-site scripting XSS vulnerability. The vulnerability is due to a MIME/sanitizer bypass in SVG files, which allows attackers to upload a specially crafted SVG image containing malicious script...

Cross-site Scripting (XSS)

Liferay Portal is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient input sanitization because the comliferaydynamicdatamappingwebportletDDMPortletportletNamespace and comliferaydynamicdatamappingwebportletDDMPortletnamespace parameters can be abused by a remote...

OS Command Injection

@wong2/mcp-cli is vulnerable to OS command injection. The vulnerability is due to unsafe command construction/execution because redirectToAuthorization in /src/oauth/provider.js uses attacker-controlled input in an OS command context, allowing remote command execution...

Denial Of Service (DoS)

vllm is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of excessively large HTTP headers in GET requests, which allows an attacker to exhaust server memory and cause a crash or unresponsiveness...

Directory Traversal

vite-plugin-static-copy is vulnerable to Directory Traversal. The vulnerability is due to improper access control because apps exposing the Vite dev server to the network --host or server.host config option allow attackers to retrieve arbitrary files by which an attacker can access arbitrary file...

Remote Code Execution (RCE)

unopim/unopim is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper input validation because the image upload on user creation performs only client-side file type checks, allowing an attacker to modify a captured upload change extension and content to .php and execute...

XML External Entity Injection (XXE)

org.apache.tika, tika-parser-pdf-module is vulnerable to XML External Entity XXE injection. The vulnerability is due to improper handling of crafted XFA files inside PDFs, which allows an attacker to read sensitive data or trigger malicious requests to internal or third-party servers...

Improper Input Validation

github.com/mattermost/mattermost-servert is vulnerable to Improper Input Validation. The vulnerability is due to failure to sanitize the team invite ID in the /api/v4/teams/:teamId/restore endpoint, which allows a team admin without invite privileges to obtain the team’s invite ID...

Improper Access Control

github.com/mattermost/mattermost-server is vulnerable to Improper Access Control. The vulnerability is due to failing to validate access controls at the time of access, which allows an attacker to read a thread via AI posts...

Path Traversal

github.com/mattermost/mattermost-server is vulnerable to Path Traversal. The vulnerability is due to improper sanitization of path traversal sequences in template file destination paths, which allows an attacker system admin to perform path traversal attacks and place malicious files outside...

Improper Authorization

github.com/mattermost/mattermost-server is vulnerable to Improper Authorization. The vulnerability is due to insufficient validation of authorization for team scheme role modifications, which allows an attacker Team Admins to demote Team Members to Guests via the affected API endpoint...

Remote Code Execution (RCE)

picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization because torch.utils.configmodule.loadconfig used in reduce can load malicious pickle files that bypass Picklescan checks and execute arbitrary code during pickle.load...

Arbitrary File Upload

Mattermost is vulnerable to Arbitrary File Upload. The vulnerability is due to insufficient validation of upload types because remote cluster upload sessions allow system admins to upload non-attachment file types, potentially enabling placement of files in arbitrary filesystem directories...

Path Traversal

github.com/mattermost/mattermost-server is vulnerable to path traversal. The vulnerability is due to improper sanitization of file names, which allows an attacker with file upload permissions to overwrite file attachment thumbnails via file streaming APIs...

Denial Of Service (DoS)

pyLoad-ng is vulnerable to Denial of Service DoS. The vulnerability is due to improper input validation because the jk parameter is passed directly to dykpy.evaljs without verification, allowing crafted input to exhaust CPU resources and render the web UI unresponsive...

Denial Of Service (DoS)

com.liferay.portal, release.portal.bom are vulnerable to Denial Of Service DoS. The vulnerability is due to allowing unlimited file uploads through object entries attachment fields, which are stored in the documentlibrary, allowing an attacker to cause a potential Denial-of-Service DDoS attack...

Insecure Deserialization

picklescan is vulnerable to Insecure Deserialization. The vulnerability is due to the use of torch.utils.collectenv.run function to execute remote pickle files, which allows an attacker to execute arbitrary code...

Remote Code Execution (RCE)

picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of untrusted pickle data in the function’s reduce flow, which allows an attacker to craft a malicious pickle that bypasses the victim’s Picklescan check and achieve arbitrary code execution when t...

Remote Code Execution (RCE)

picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization through torch.jit.unsupportedtensorops.execWrapper executing a remote pickle after Picklescan fails to flag dangerous content, which allows an attacker to achieve remote code execution by...

Cross-Site Scripting (Reflected XSS)

com.liferay, com.liferay.layout.taglib is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper validation of the embedded message field in the form container, which allows an attacker to inject and execute arbitrary JavaScript in a victim’s browser...

Arbitrary File Read

github.com/donknap/dpanel is vulnerable to Arbitrary File Read. The vulnerability is due to improper access control in the /api/app/compose/get-from-uri interface, which allows an attacker logged into Dpanel to read arbitrary files...

Remote Code Execution (RCE)

picklescan is vulnerable to Remote Code Execution RCE.The vulnerability is due to insecure handling of pickle deserialization where the function can execute attacker-controlled reduce payloads and unsafe validation, which allows an attacker to achieve remote code execution by supplying a maliciou...

Insecure Deserialization

picklescan is vulnerable to insecure deserialization. The vulnerability is due to the use of torch.utils.bottleneck.main.runcprofile function to execute remote pickle files, which allows an attacker to run arbitrary code...

Formula Injection (CSV Injection)

unopim/unopim is vulnerable to Formula Injection CSV Injection. The vulnerability is due to malicious content inserted into a CSV file, which allows an attacker to exploit spreadsheet applications interpreting the input as formulas or commands instead of plain text...

Remote Code Execution (RCE)

picklescan is vulnerable to Remote Code Execution RCE.The vulnerability is due to the GuardBuilder.get function being invoked from a crafted pickle's reduce method during deserialization, which bypasses Picklescan's checks and allows an attacker to execute arbitrary code when the victim calls...

Improper Access Control

unopim/unopim is vulnerable to Improper Access Control. The vulnerability is due to insufficient privilege enforcement on the mass-delete endpoint, which allows an attacker without "Delete" permissions to bypass restrictions and delete products...

SQL Injection

Django is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of column aliases in FilteredRelation when crafted dictionaries are expanded as keyword arguments to QuerySet.annotate or QuerySet.alias, which allows an attacker to inject and execute arbitrary SQL...

Stored Cross-site Scripting (XSS)

com.liferay, com.liferay.layout.admin.web is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper validation of the comliferaylayoutadminwebportletGroupPagesPortlettype parameter, which allows a remote authenticated attacker to inject and execute malicious JavaScrip...

Reflected Cross-Site Scripting (Reflected XSS)

com.liferay.portal, release.portal.bom is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper validation of the snippet parameter, which allows an attacker to inject and execute arbitrary JavaScript code in a victim’s browser...

User Enumeration

com.liferay, com.liferay.login.web is vulnerable to User Enumeration. The vulnerability is due to improper handling of account creation requests on the "create account" page, which allows an attacker to determine if a specific account exists in the application...

Cross-Site Scripting (XSS)

com.liferay.portal, release.portal.bom is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper handling of user input in PortalUtil.escapeRedirect, which allows a remote authenticated attacker to inject and execute arbitrary JavaScript...

Allocation Of Resources Without Limits

Bouncy Castle is vulnerable to Allocation of Resources Without Limits. The vulnerability is due to excessive allocation due to improper handling in the AESNativeCBC.java implementation...

Signature Malleability

github.com/consensys/gnark is vulnerable to signature malleability. The vulnerability is due to improper validation of the S value in EdDSA and ECDSA signatures not enforcing 0 ≤ S order, which allows an attacker to create multiple valid signatures for the same public input, potentially enabling...

Out-of-bounds Write

org.bouncycastle, bc-fips is vulnerable to Out-of-bounds Write. The vulnerability is due to improper memory handling in org/bouncycastle/jcajce/provider/BaseCipher, which allows an attacker to write data outside the intended memory bounds and potentially execute arbitrary code...

SQL Injection

org.jeecgframework.boot, jeecg-boot-base-core is vulnerable to SQL Injection. The vulnerability is due to improper handling of SQL queries in the /jeecg-boot/online/cgreport/head/parseSql endpoint, which allows an attacker to bypass SQL blacklist restrictions...

Hard-coded Cryptographic Key

cn.hippo4j, hippo4j-core is vulnerable to use of hard-coded cryptographic key. The vulnerability is due to a hard-coded secret key in JWT creation, which allows an attacker to forge valid access tokens and impersonate any user, including privileged ones like "admin"...

Denial Of Service (DoS)

github.com/cri-o/cri-o is vulnerable to Denial Of Service DoS. The vulnerability is due to improper user creation handling due to reading the entire /etc/passwd file into memory when securityContext.runAsUser specifies a non-existent user, leading to excessive memory consumption and potential...

Improper Access Control

com.liferay.portal, release.portal.bom is vulnerable to Improper Access Control. The vulnerability is due to insufficient access restrictions on files uploaded via forms and stored in the documentlibrary, which allows an attacker to directly access these files through crafted URLs without...

Unrestricted File Upload

com.liferay, com.liferay.dynamic.data.mapping.form.web is vulnerable to Unrestricted File Upload. The vulnerability is due to insufficient validation on the form attachment field, which allows an attacker to upload files with obfuscated extensions and bypass MIME type checks, enabling malicious...

Improper Access Control

Directus is vulnerable to an improper access control vulnerability. The vulnerability is due to a flaw in the file update mechanism, which allows an attacker to modify existing files or upload arbitrary files without authentication, bypassing metadata tracking and evading visibility in the Direct...

Cross-site Scripting (XSS)

Liferay Portal is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient input sanitization due to improper handling of the comliferayusersadminwebportletUsersAdminPortletassetTagNames parameter, allowing remote authenticated attackers to inject JavaScript...

Server-Side Request Forgery (SSRF)

org.apache.eventmesh:eventmesh-runtime is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of user-supplied URLs due to unsafe handling in the eventmesh-runtime module WebhookUtil.java, allowing attackers to read or update internal resources...

Cross-Site Request Forgery (CSRF)

com.liferay.portal, release.portal.bom is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to insufficient CSRF protection for omni-administrator users, which allows an attacker to execute unauthorized actions on behalf of the affected user...

Stored Cross-site Scripting (XSS)

moonshine/moonshine is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper input validation in the Create Article function’s Link parameter, which allows an attacker to inject a crafted payload and execute arbitrary web scripts or HTML...

Cross-Site Scripting (XSS)

com.liferay, com.liferay.layout.type.controller.display.page is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper validation of user input in friendly URLs, which allows a remote unauthenticated attacker to inject malicious JavaScript into web content and...