Information Disclosure

sigs.k8s.io/secrets-store-sync-controller is vulnerable to Information Disclosure. The vulnerability is due to improper error handling and service account tokens being logged during parameter marshaling errors, and attackers with log access can use these tokens to retrieve secrets from cloud vaul...

Origin Validation Error

pgadmin4 vulnerable to Origin Validation Error. The vulnerability is due to insufficient COOP header enforcement because of the application failing to set or correctly validate Cross-Origin-Opener-Policy on OAuth and related pages, and an attacker can abuse this by manipulating the OAuth flow...

HTTP Request Smuggling

io.netty, netty-codec-http is vulnerable to HTTP Request Smuggling. The vulnerability is due to incorrectly accepting standalone newline characters LF as a chunk-size line terminator instead of requiring CRLF per HTTP/1.1 standards, which allows an attacker to craft malicious requests that are...

Use-After-Free

usdcore is vulnerable to a Use-After-Free. The vulnerability is due to multi-threaded deletion of SdfPrimPathNode objects accessing freed memory, allowing an attacker to exploit a crafted .usd file to cause crashes or achieve remote code execution...

Buffer Overflow

ExecuTorch is vulnerable to Buffer Overflow. The vulnerability is due to improper bounds checking due to insufficient validation when loading model data, allowing memory corruption that could lead to crashes or remote code execution...

Sensitive Information Disclosure

github.com/argoproj/argo-cd is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the project details API returning stored repository usernames and passwords in its response, and an attacker with a token scoped only for standard application management can call that endpoi...

Server-side Request Forgery

astrojs/cloudflare is vulnerable to Server-side Request Forgery. The vulnerability is due to insufficient URL validation in the generated image optimization endpoint when the adapter is used with output: 'server' and the default imageService: 'compile', an attacker can exploit this to have the...

Out-of-bounds Write

executorch is vulnerable to Out-of-bounds Write. The vulnerability is due to improper memory boundary handling due to a flaw in the model loading process that allows out-of-bounds reads or writes, potentially leading to crashes or code execution...

Interger Overflow

executorch is vulnerable to integer overflow. The vulnerability is due to improper handling of integer calculations during model loading, which allows an attacker to cause smaller-than-expected memory allocations leading to potential code execution or other unintended effects...

Improper Warning Message Handling

@anthropic-ai/claude-code is vulnerable to improper warning message handling. The vulnerability is due to an unclear trust prompt that failed to inform users that selecting “Yes, proceed” would execute files in the folder without further confirmation, which allows an attacker to trick users into...

Cross Site Scripting (XSS)

ckeditor5 is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of malicious content inserted into the editor when specific configurations are enabled such as the HTML embed plugin or custom plugins with editable RawElement views, which allows an attacker to...

Incorrect Default Permissions

org.apache.dolphinscheduler, dolphinscheduler is vulnerable to Incorrect Default Permissions. The vulnerability is due to improper default access settings in the application, which allows an attacker to gain unauthorized access or perform unintended actions within the system...

User Enumeration

prestashop/prestashop is vulnerable to User Enumeration. The vulnerability is due to insufficient validation of the idemployee and resettoken parameters due to the back-office accepting manipulated values without proper authentication or checks; an unauthenticated attacker can craft requests to t...

Denial Of Service (DoS)

com.liferay.portal.workflow.kaleo.forms.web is vulnerable to Denial of Service DoS. The vulnerability is due to insufficient restrictions on saving request parameters in the portlet session because the application allows unvalidated request data to be stored in memory; an attacker can send crafte...

Arbitrary Code Injection

electron is vulnerable to Arbitrary Code Injection. The vulnerability is due to modification of the resources folder when the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses are enabled, because these fuses fail to fully protect ASAR integrity on writable filesystems; an attacker wi...

Insufficient Session Expiration

weblate is vulnerable to Insufficient Session Expiration. The vulnerability is due to unsafe settings for the second factor in 2FA due to sessions being allowed to persist for an unusually long period, and an attacker can maintain a valid session to repeatedly attempt authentication, thereby...

Path Confusion

Hono is vulnerable to path confusion leading to proxy-level ACL bypass. The vulnerability is due to reliance on fixed character offsets when parsing request URLs due to incorrect handling of malformed absolute-form Request-URIs; attackers can craft such malformed absolute-form Request-URIs to cau...

User Enumeration

mautic/core is vulnerable to user enumeration. The vulnerability is due to differing response times between valid and invalid usernames, which allows an attacker to enumerate valid accounts and subsequently attempt brute-force attacks...

Insecure Deserialization

DeepDiff is vulnerable to insecure deserialization.The vulnerability is due to class pollution via the Delta class constructor which, when combined with a gadget in DeltaDiff, allows an attacker to modify deepdiff.serialization.SAFETOIMPORT and trigger insecure Pickle deserialization through Delt...

Improper Acess Control

mautic/core is vulnerable to improper access control. The vulnerability is due to insufficient restriction on configuration access, which allows an administrator to extract sensitive information such as database credentials...

Server-Side Request Forgery (SSRF)

mautic/core is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to missing validation of webhook destinations, which allows an attacker with webhook permissions to send crafted requests and potentially access internal services, bypassing firewalls...

Cross Site Scripting (XSS)

mautic/core is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to unsanitized user-supplied input in the “Tags” field of the /s/ajax?action=lead:addLeadTags endpoint being reflected in the server response, which allows an attacker to execute arbitrary JavaScript in the victim’s...

Heap Buffer Overflow

executorch is vulnerable to Heap Buffer Overflow. The vulnerability is due to improper handling in the loading of ExecuTorch models, which allows an attacker to achieve code execution or cause other undesirable effects...

Integer Overflow

executorch is vulnerable to integer overflow. The vulnerability is due to improper handling in the loading of ExecuTorch models, which allows an attacker to place objects outside their allocated memory area leading to potential code execution or other undesirable effects...

Integer Overflow

executorch is vulnerable to integer overflow. The vulnerability is due to improper handling of model loading, which allows an attacker to trigger overlapping allocations leading to potential code execution or other undesirable effects...

Directory Traversal

mobsf is vulnerable to Directory Traversal. The vulnerability is due to improper string path verification using os.path.commonprefix, which allows an attacker to download files outside the intended DWDDIR directory and access data from neighboring directories...

Arbitrary File Write

mobsf is vulnerable to Arbitrary file write. The vulnerability is due to improper validation of uploaded files, which allows an attacker to write arbitrary files to any directory writable by the MobSF process user...

Improper Authentication

esphome is vulnerable to improper authentication. The vulnerability is due to the webserver authentication check incorrectly passing when the client-supplied base64-encoded Authorization value is empty or a substring of the correct value, which allows an attacker to gain unauthorized access to...

Command Injection

mcp-markdownify-server is vulnerable to Command Injection. The vulnerability is due to unsanitized user input being passed into childprocess.exec, which allows an attacker to inject arbitrary shell commands and achieve remote code execution under the server process's privileges...

Denial Of Service (DoS)

Netty is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of malformed HTTP/2 control frames due to a flaw in enforcing the max concurrent streams limit, leading to resource exhaustion and denial of service...

Denial Of Service (DoS)

PocketMine-MP is vulnerable to Denial Of Service DoS. The vulnerability is due to improper validation because the server does not verify uniqueness of packIds in STATUSSENDPACKS, allowing a malicious Bedrock client to send duplicate UUIDs and force repeated pack transfers until memory is exhauste...

Sensitive Information Disclosure

local-deep-research is vulnerable to Sensitive Information Disclosure. The vulnerability is due to insecure local storage because confidential data API keys, etc. are kept in an unencrypted SQLite database with a fixed, non-configurable location, allowing anyone with container or host filesystem...

Arbitrary Code Injection

Craft CMS is vulnerable to Arbitrary Code Injection. The vulnerability is due to inadequate protection of restore functionality because, with a compromised security key and the ability to place an arbitrary file in storage/backups, an attacker can craft a request to /updater/restore-db that...

Arbitrary File Creation

github.com/charmbracelet/soft-serve is vulnerable to Arbitrary file creation. The vulnerability is due to uncontrolled data being written through its SSH API, which allows an attacker to create or override arbitrary files...

Denial Of Service (DoS)

io.undertow, undertow-core is vulnerable to Denial of Service DoS. The vulnerability is due to malformed client requests triggering server-side stream resets without abuse counters, which allows an attacker to repeatedly cause stream aborts and induce excessive server workload...

Denial Of Service (DoS)

Netty is vulnerable to Denial Of Service DoS. The vulnerability is due to the BrotliDecoder and certain decompression decoders allocating a large number of reachable byte buffers when processing specially crafted input, eventually leading to out-of-memory conditions...

Privilege Escalation

sap/xssecis vulnerable to Privilege Escalation. The vulnerability is due to a flaw where the library can incorrectly accept or elevate security context from untrusted input, and an unauthenticated attacker can exploit this by sending specially crafted requests or tokens to obtain arbitrary...

OS Command Injection

@aiondadotcom/mcp-ssh is vulnerable to OS command injection. The vulnerability is due to insufficient input validation in the file server-simple.mjs component, which allows unsanitized data to be incorporated into system-level command execution and therefore enables an attacker to execute arbitra...

HTTP Request Smuggling

eventlet is vulnerable to HTTP Request Smuggling. The vulnerability is due to improper handling of HTTP trailer sections, which allows an attacker to bypass front-end security controls, launch targeted attacks against active site users, and poison web caches...

Open Redirection

googlesignin is vulnerable to Open Redirection. The vulnerability is due to open redirect due to the proceedto session value accepting protocol-relative URLs which can be set via a malicious form submission, allowing an attacker to redirect users to another origin...

Denial Of Service (DoS)

github.com/consensys/gnark is vulnerable to Denial of Service DoS. The vulnerability is due to the fake-GLV scalar multiplication algorithm not converging quickly enough for certain inputs, which allows an attacker to trigger excessive computation and cause service disruption...

Cache Key Confusion

Next.js is vulnerable to cache key confusion. The vulnerability is due to improper handling of request headers in the Image Optimization API routes, which allows an attacker to receive cached image responses intended for authorized users...

Content Injection

Next.js is vulnerable to content injection. The vulnerability is due to attacker-controlled external image sources being able to trigger file downloads with arbitrary content and filenames under specific configurations, which allows an attacker to perform phishing or deliver malicious files...

Server-Side Request Forgery (SSRF)

Next.js is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to the improper use of the next function without explicitly passing the request object, which allows an attacker to exploit incorrectly forwarded user-supplied headers in self-hosted applications...

Unauthorized Disclosure Of Sensitive Data

github.com/rancher/fleet is vulnerable to Unauthorized Disclosure of Sensitive Data. The vulnerability is due to improper access control on BundleDeployment resources with GET or LIST permissions, which allows an attacker to retrieve Helm values containing credentials or other secrets...

Improper Access Control

com.liferay, com.liferay.portal.workflow.kaleo.runtime.impl is vulnerable to Improper Access Control. The vulnerability is due to improper access through the expandoTableLocalService, which allows an attacker to gain unauthorized access to sensitive resources...

Improper Session Invalidation

payload is vulnerable to Improper Session Invalidation. The vulnerability is due to JSON Web Tokens JWT not being invalidated after logout, which allows an attacker who has stolen or intercepted a token to reuse it until its expiration...

Path Traversal

org.opencastproject, opencast-user-interface-configuration is vulnerable to path traversal. The vulnerability is due to insufficient protections in the UI config module where the path is checked without validating the file separator, which allows an attacker to access files within other folders...

Denial Of Service (DoS)

github.com/rancher/rancher is vulnerable to Denial of Service DoS. The vulnerability is due to the lack of enforced request body size limits on certain public and authenticated API endpoints, which allows an attacker to send excessively large payloads that are fully loaded into memory during...

Session Fixation

Payload SQLite adapter is vulnerable to Session Fixation. The vulnerability is due to identifier reuse during account creation, which allows an attacker to reuse a previously saved JWT to authenticate and perform actions as another newly created user...