Missing Authorization

TYPO3 CMS is vulnerable to Missing Authorization. The vulnerability is due to missing authorization checks in the backend routing component, which allows authenticated backend users to directly invoke AJAX backend routes without proper access permissions, potentially leading to unauthorized acces...

Path Traversal

monai is vulnerable to Path Traversal Zip Slip. The vulnerability is due to extracting user-controlled paths without sanitization, an attacker can supply a crafted or downloadable ZIP to overwrite system files or drop malicious code...

Denial-of-Service (DoS)

typo3/cms-backend is vulnerable to Denial-of-Service DoS. The vulnerability is due to an uncaught exception in the Bookmark Toolbar, which allows administrator-level backend users to trigger a DoS condition in the backend user interface by saving manipulated data...

Improper Configuration Management

TinyEnv is vulnerable to Improper Configuration Management. The vulnerability is due to the application not requiring the .env file to exist when loading environment variables, which allows an attacker or misconfiguration to cause the application to run with insecure defaults or missing...

Missing Authorization Checks

typo3/cms-workspaces is vulnerable to missing authorization checks. The vulnerability is due to improper access control in the Workspace Module, which allows an attacker to directly invoke the AJAX backend route and disclose sensitive information without proper access permissions...

Remote Code Execution

python-socketio is vulnerable to Remote Code Execution. The vulnerability is due to insecure deserialization using pickle library, due to servers trusting and calling pickle.loads on inter-server message-queue payloads, This allowing an attacker with access to the message queue to send a crafted...

Authentication Bypass

Apache Kylin is vulnerable to Authentication Bypass. The vulnerability is due to improper validation of alternate endpoints that bypass normal authentication checks, allowing an attacker to gain unauthorized access to protected functionality...

Improper Authorization

TYPO3 CMS is vulnerable to Improper Authorization. The vulnerability is due to missing authorization checks in the CSV download feature, which allows an attacker to disclose information from arbitrary database tables within a user’s web mounts without having proper access...

Information Disclosure

Apache Airflow is vulnerable to Information Disclosure. The vulnerability is due to improper access control in handling sensitive connection fields, allowing users with read permissions to view sensitive data through the API and UI...

Open Redirection

typo3/cms-core is vulnerable to Open Redirection. The vulnerability is due to improper sanitization of user-supplied URLs in the GeneralUtility::sanitizeLocalUrl function, which allows an attacker to manipulate sanitized URLs and redirect users to arbitrary external sites, enabling phishing attac...

Improper Access Control

vite is vulnerable to improper access control. The vulnerability is due to files starting with the same name as those in the public directory being served while bypassing the server.fs settings, which allows an attacker to access restricted files when the Vite dev server is exposed to the network...

Improper Permission Checks

Apache ZooKeeper is vulnerable to improper permission checks. The vulnerability is due to insufficient authorization validation in the AdminServer, allowing authorized clients to execute snapshot and restore commands without proper permissions...

Improper Access Control

Vite is vulnerable to Improper Access Control. The vulnerability is due to the dev and preview servers serving any HTML files on the machine regardless of the server.fs settings, which allows an attacker to access unintended files when the Vite server is exposed to the network, potentially leadin...

Regular Expression Denial Of Service (ReDoS)

Cattown is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to the use of inefficient regular expressions with potentially exponential backtracking complexity, which allows an attacker to craft malicious markdown inputs that cause excessive CPU usage and lead to...

Improper Input Validation

github.com/knadh/listmonk is vulnerable to improper input validation. The vulnerability is due to the backend not validating the nonce parameter in HTTP requests, which allows an attacker to chain this flaw with other vulnerabilities such as CSRF or XSS to perform unauthorized actions like improp...

Missing Authorization

Copyparty is vulnerable to Missing Authorization. The vulnerability is due to a missing permission check in the shares feature shr global option, which allows an attacker to access sibling files within a shared folder by guessing their filenames, leading to unauthorized data exposure...

Deserialization Of Untrusted Data

Apache Jackrabbit Core and Apache Jackrabbit JCR Commons are vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to the acceptance of untrusted JNDI URIs for JCR lookup, which allows an attacker to inject malicious JNDI references that trigger deserialization of untrusted...

Malicious Package Injection

DuckDB is vulnerable to malicious package injection. The vulnerability is due to unauthorized access and compromise of the npm package publishing process, which allowed an attacker to upload malicious versions of DuckDB’s Node.js packages containing code that interfered with cryptocurrency...

Insecure Session Handling

github.com/coder/coder is vulnerable to Insecure Session Handling. The vulnerability is due to stale session tokens in prebuilt workspaces, allowing attackers to reuse them to gain unauthorized access...

OS Command Injection

tkeasygui is vulnerable to OS Command Injection. The vulnerability is due to settings that construct messages from external sources without validation, allowing attackers to supply crafted input e.g., shell metacharacters to execute arbitrary OS commands...

Directory Traversal

Internetarchive is vulnerable to Directory traversal. The vulnerability is due to improper sanitization and validation of user-supplied filenames due to File.download accepting unnormalized filenames; an attacker can provide names e.g. ../../../../windows/system32/file.txt to write outside the...

Improper Rate Limiting

ethyca-fides is vulnerable to Improper Rate Limiting. The vulnerability is due to the webserver API incorrectly applying rate limits based on infrastructure IPs instead of client IPs and storing counters in-memory rather than in a shared store, which allows an attacker to bypass rate limiting...

Out-of-Bounds Read

libudisks2.so is vulnerable to Out-of-Bounds Read. The vulnerability is due to the loop device handler failing to validate the lower bound of the index parameter received via D-BUS allowing negative index values, which allows an attacker to crash the daemon or perform local privilege escalation b...

Directory Traversal

bbot is vulnerable to Directory Traversal. The vulnerability is due to gitdumper processing content from remote git repositories without proper sanitization, which allows an attacker to supply a malicious repository that triggers execution of arbitrary commands...

Brute-Force Attack

ethycafides is vulnerable to brute-force attack. The vulnerability is due to the absence of specific anti-automation controls on the Admin UI login endpoint, which allows an attacker to perform credential testing attacks such as credential stuffing or password spraying to gain unauthorized access...

Improper Session Invalidation

ethycafides is vulnerable to improper session invalidation. The vulnerability is due to active user sessions not being invalidated after an admin UI password change, which allows an attacker with previously obtained session tokens to maintain unauthorized access even after a password reset...

Improper Authorization

ethycafides is vulnerable to improper authorization. The vulnerability is due to insufficient scope validation in the OAuth client creation and update endpoints, which allows an attacker or a highly privileged user to escalate privileges to owner-level...

Regular Expression Denial Of Service (ReDoS)

transformers is vulnerable to a Regular Expression Denial Of Service ReDoS. The vulnerability is due to the douseweightdecay method in the AdamWeightDecay optimizer processing user-controlled regular expressions in the includeinweightdecay and excludefromweightdecay lists, which allows an attacke...

SMTP Injection

Jakarta Mail is vulnerable to SMTP injection. The vulnerability is due to improper input validation of SMTP message fields of raw carriage return and line feed \r and \n UTF-8 characters in headers and parameters, An attackers can exploit this to inject additional SMTP commands or split messages ...

Arbitrary File Write

bbot is vulnerable to Arbitrary File Write. The vulnerability is due to insufficient sanitization of archive entry paths, and an attacker can craft archive entries with absolute or directory-traversal paths that cause bbot to write arbitrary files to arbitrary locations and achieve remote code...

Remote Code Execution

Flowise is vulnerable toRemote Code Execution. The vulnerability is due to unsafe evaluation of user-supplied configuration in the convertToValidJSONString function executing the mcpServerConfig input as JavaScript, An attackers can use this to execute arbitrary Node.js code to run commands or...

XML External Entity (XXE)

langchaincommunity is vulnerable to XML External Entity XXE. The vulnerability is due to insecure XML parsing in the EverNoteLoader component that uses etree.iterparse without disabling external entity references, which allows an attacker to craft a malicious XML payload to access sensitive local...

Arbitrary File Write

github.com/usememos/memos is vulnerable to arbitrary file write. The vulnerability is due to improper validation of file paths in the CreateResource endpoint when storing objects locally, which allows an attacker to create files with path traversal sequences and write arbitrary files on the serve...

Heap-based Buffer Overflow

ImageMagick is vulnerable to a heap-based buffer overflow. The vulnerability is due to improper memory handling in the SeekBlob and WriteBlob functions, which allows an attacker to write data beyond allocated memory, potentially leading to arbitrary code execution or application crashes...

Cross-site Scripting (XSS)

@modelcontextprotocol/inspector is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper handling of malicious redirect URIs when connecting to untrusted remote MCP servers, which allows an attacker to inject and execute arbitrary scripts that can interact with the inspecto...

Prototype Pollution

js-toml is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of user-supplied TOML input during parsing, which allows an attacker to craft malicious TOML data that modifies properties of the global Object.prototype, potentially leading to arbitrary code execution or...

Cross-site Scripting (XSS)

github.com/usememos/memos is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the application not verifying the content type of uploaded attachments or user avatars and serving the data back as is, which allows an authenticated attacker to inject malicious scripts that execute...

XML Injection

io.minio:minio is vulnerable to XML Injection. The vulnerability is due to automatic substitution of XML tag values containing system property or environment variable references during processing, which allows an attacker to craft malicious XML input that exposes sensitive information such as...

Deserialization Of Untrusted Data

org.apache.iotdb:iotdb-confignode is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to insufficient validation of externally supplied serialized data, which allows an attacker to craft malicious serialized objects that can be deserialized to execute arbitrary code or...

Sensitive Information Disclosure

github.com/runatlantis/atlantis is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the /status endpoint publicly exposing detailed version information, which allows an attacker to identify specific software versions and exploit known vulnerabilities to compromise the...

Uncontrolled Search Path Element

tkeasygui is vulnerable to Uncontrolled Search Path Element. The vulnerability is due to improper control over the directories searched for executable files, which allows an attacker to place malicious files in a trusted path and execute arbitrary code with the privileges of the running program...

Remote Code Execution

org.springframework.cloud, spring-cloud-gateway-server is vulnerable to Remote Code Execution. The vulnerability is due to exposed actuator endpoints evaluating user-controlled input via the GatewayEvaluationContext, allowing attackers to modify Spring Environment properties when the actuator...

Denial Of Service (DoS)

org.apache.iotdb, iotdb-core is vulnerable to a Denial-of-service DoS. The vulnerability is due to improper input validation that cause resource exhaustion, allows an attacker over the network to consume system resources and disrupt service...

Improper Authorization

org.springframework, spring-core is vulnerable to improper authorization. The vulnerability is due to incorrect annotation resolution on methods within type hierarchies that use unbounded generics, which allows an attacker to bypass security checks when Spring Security’s @EnableMethodSecurity...

Authorization Bypass

org.springframework.security, spring-security-core is vulnerable to Authorization Bypass. The vulnerability is due to improper resolution of annotations on methods within type hierarchies containing parameterized supertypes with unbounded generics, which allows an attacker to bypass authorization...

Denial Of Service (DoS)

org.apache.fory, fory-core is vulnerable to Denial of Service DoS. The vulnerability is due to insecure deserialization of untrusted data, which allows an attacker to supply a large, specially crafted payload that consumes excessive CPU resources during deserialization...

Denial Of Service (DoS)

xgrammar is vulnerable to Denial Of Service DoS. The vulnerability is due to a regression in the Earley parser, which causes excessive processing time for valid grammar inputs, allowing an attacker to exploit this inefficiency to trigger denial of service through resource exhaustion...

Command Injection

figma-developer-mcp is vulnerable to Command Injection. The vulnerability is due to unsanitized input to shell metacharacters in a POST being passed to a fetchWithRetry curl command, and an unauthenticated attacker with network access can inject and execute arbitrary OS commands as the MCP proces...

Use After Free

Redis is vulnerable to a Use-after-free in. The vulnerability is due to improper memory handling in the Lua garbage collector due to crafted Lua scripts, and attackers can exploit this by executing malicious EVAL or EVALSHA commands...

Arbitrary File Upload

com.vaadin:vaadin-server is vulnerable to an Arbitrary File Upload. The vulnerability is due to insufficient validation of metadata in the start listener of incoming uploads, which allows an attacker to bypass upload validation and potentially upload unauthorized or malicious files...