Arbitrary File Write

github.com/harness/gitness is vulnerable to Arbitrary file write. The vulnerability is due to improper sanitization of the upload path, which allows an attacker to craft a malicious upload request and write arbitrary files to any location on the file system...

Denial Of Service (DoS)

github.com/versity/versitygw is vulnerable to Denial Of Service DoS. The vulnerability is due to sending AWS chunk data without a Content-Length HTTP header, which causes the server to panic and crash, allowing an attacker to repeatedly trigger service disruption...

Denial Of Service (DoS)

github.com/hashicorp/vault is vulnerable to Denial of Service DoS. The vulnerability is due to processing specially crafted complex payloads within the default request size limit, which allows an attacker to consume excessive memory and CPU resources...

Out-of-Bounds Read

Exiv2 is vulnerable to Out-of-Bounds Read. The vulnerability is due to improper memory handling due to reading beyond allocated memory when writing metadata into a crafted image file, which can be exploited to cause denial of service by crashing Exiv2...

Denial Of Service (DoS)

Exiv2 is vulnerable to Denial-of-Service DoS. The vulnerability is due to a quadratic algorithm in the ICC profile parsing code in jpegBase::readMetadata, which can be exploited by crafted JPG image files to cause excessive processing time...

Weak Password Storage

github.com/neuvector/neuvector is vulnerable to Weak Password Storage. The vulnerability is due to storing user passwords and API keys with a simple, unsalted hash, making them susceptible to offline rainbow-table attacks...

Use Of Default Credentials

github.com/neuvector/neuvector is vulnerable to Use of Default Credentials. The vulnerability is due to hardcoded default password due to the use of a fixed string as the default admin password, which can be exploited if not changed immediately after deployment, allowing attackers with network...

Insertion Of Sensitive Information Into Log File

github.com/edgelesssys/contrast vulnerable to Insertion of Sensitive Information into Log File. The vulnerability is due to the logging configuration. An attacker can access sensitive information by exploiting the log output when the log level is set to info or debug...

Allocation Of Resources Without Limits

github.com/ulikunitz/xz is vulnerable to Allocation Of Resources Without Limits. The vulnerability is due to denial of service due to improper header validation that allows arbitrary data to be prepended to an LZMA stream, causing the implementation to allocate a full decode buffer and consume...

Insufficient Session Expiration

github.com/coder/coder/v2 is vulnerable to Insufficient Session Expiration. The vulnerability is due to session expiration bypass due to Coder allowing a web session to remain active when the OpenID Connect provider does not return a refresh token, so the session can continue past the IdP-issued...

Remote Code Execution (RCE)

picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization/execution because trace.Trace.runctx can be used to execute code from untrusted pickle or otherwise crafted inputs in the interpreter context, allowing arbitrary code execution...

Stored Cross-site Scripting (XSS)

formcms is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper validation of uploaded avatar files, which allows an attacker to upload malicious .html files containing JavaScript that execute in a privileged user’s browser when accessed via a public URL...

Remote Code Execution (RCE)

com.ritense.valtimo, core is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper restriction of script execution within process definitions in the Camunda/Operator engine, which allows admins with process-definition privileges to execute arbitrary code or access sensitiv...

Denial Of Service (DoS)

@plone/volto is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of specific URL requests which allows an attacker to crash the NodeJS server component and cause downtime...

Improper Access Control

contao/contao is vulnerable to Improper Access Control. The vulnerability is due to protected content elements rendered as fragments being indexed in the front-end search, which allows an attacker to access sensitive content publicly...

Improper Access Control

contao/contao is vulnerable to improper access control. The vulnerability is due to the table access voter in the back end not checking if a user is allowed to access the corresponding module, which allows an attacker to gain unauthorized access to restricted modules...

Improper Access Control

contao/contao is vulnerable to Improper Access Control. The vulnerability is due to news feeds not filtering protected news archives, which allows an attacker to access and view restricted news items through the public RSS feed...

Improper Access Control

contao/contao is vulnerable to Improper Access Control. The vulnerability is due to insufficient permission validation in certain conditions, which allows an attacker to edit fields of pages and articles without the necessary permissions...

Information Disclosure

github.com/neuvector/neuvector is vulnerable to information disclosure. The vulnerability is due to passwords in Java command parameters being logged in security event logs when a process rule violation occurs, which allows an attacker to obtain sensitive credentials...

Arbitrary Code Execution

ImageMagick is vulnerable to Arbitrary Code Execution. The vulnerability is due to format string vulnerability due to user input being passed directly to FormatLocaleString without proper sanitization, allowing attackers to overwrite arbitrary memory and potentially achieve remote code execution...

Remote Code Execution (RCE)

picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe execution/deserialization due to runcommand executing untrusted input e.g., data from malicious pickle files or injected code in the interpreter context, allowing arbitrary code execution...

Remote Code Execution (RCE)

picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of pickle files in UnixSubprocessTransport.start, which allows an attacker to execute arbitrary code by providing a malicious pickle file...

Remote Code Execution (RCE)

picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to the idlelib.run.Executive.runcode function executing arbitrary pickle files, which allows an attacker to run malicious code remotely...

Arbitrary Code Execution (ACE)

picklescan is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to the use of doctest.debugscript to execute remote pickle files, which allows an attacker to execute arbitrary code on the target system...

Insecure Deserialization

picklescan is vulnerable to insecure deserialization. The vulnerability is due to the use of the lib2to3.pgen2.pgen.ParserGenerator.makelabel function to execute remote pickle files, which allows an attacker to run arbitrary code...

Insecure Deserialization

picklescan is vulnerable to insecure deserialization. The vulnerability is due to executing remote pickle files using profile.Profile.run, which allows an attacker to run arbitrary code on the system...

Remote Code Execution (RCE)

picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe execution/deserialization because idlelib.pyshell.ModifiedInterpreter.runcode can execute untrusted code e.g., from malicious pickle data in the interpreter context...

Insecure Deserialization

picklescan is vulnerable to insecure deserialization. The vulnerability is due to using the getentity function to execute a remote pickle file, which allows an attacker to run arbitrary code...

Remote Code Execution (RCE)

picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to executing a remote pickle file without proper validation, which allows an attacker to run arbitrary code on the target system...

Remote Code Execution (RCE)

cProfile is vulnerable to Remote Code Execution RCE.The vulnerability is due to unsafe deserialization/execution because cProfile.runctx can be abused to execute code from untrusted pickle files passed into its execution context...

Insecure Deserialization

picklescan is vulnerable to insecure deserialization. The vulnerability is due to the use of the loads function to execute remote pickle files, which allows an attacker to execute arbitrary code...

Arbitrary File Upload

xml2rfc is vulnerable to Arbitrary File Upload. The vulnerability is due to improper input sanitization because an attacker can inject a malicious element into the XML used to generate the PDF, causing the generator to read and include arbitrary filesystem files...

Denial Of Service (DoS)

ImageMagick is vulnerable to Denial of Service. The vulnerability is due to improper handling of geometry strings containing only a colon ":", which sets width/height to zero and leads to a divide-by-zero error, which allows an attacker to crash the application via a crafted input...

Insecure Deserialization

picklescan is vulnerable to insecure deserialization. The vulnerability is due to the use of the ensurepip.runpip function to execute remote pickle files, which allows an attacker to run arbitrary code...

Query Depth Restriction Bypass

@escape.tech/graphql-armor-max-depth is vulnerable to query depth restriction bypass. The vulnerability is due to the ignoreIntrospection option being enabled by default, which allows an attacker to bypass the max-depth restriction by naming a query or fragment schema...

Insecure Deserialization

picklescan is vulnerable to insecure deserialization. The vulnerability is due to the use of torch.utils.bottleneck.main.runautogradprof function to execute remote pickle files, which allows an attacker to run arbitrary code on the system...

Allocation Of Resources Without Limits

@escape.tech/graphql-armor-max-depth is vulnerable to Allocation Of Resources Without Limits. The vulnerability is due to improper introspection handling because when ignoreIntrospection is enabled the default, an attacker can name a query/fragment schema to evade max-depth checks and craft...

Remote Code Execution (RCE)

picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization due to trace.Trace.run executing code from untrusted pickle files, which can execute arbitrary code when a malicious pickle is loaded...

Remote Code Execution (RCE)

picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to insecure deserialization because profile.Profile.runctx can be abused to execute malicious pickle files...

Heap-Based Buffer Overflow

ImageMagick is vulnerable to heap-based buffer overflow. The vulnerability is due to a 32-bit integer overflow in the BMP encoder’s scanline-stride computation, which allows an attacker to overwrite adjacent heap memory with controlled bytes leading to heap corruption...

Denial Of Service (DoS)

llamaindexcore is vulnerable to Denial of Service DoS. The vulnerability is due to uncontrolled recursion when parsing deeply nested JSON files, which allows an attacker to cause high resource consumption and potential crashes of the Python process...

Information Disclosure

github.com/traptitech/traq is vulnerable to Information Disclosure. The vulnerability is due to sensitive information such as OAuth tokens being recorded in SQL error log files when a query fails, which allows an attacker with log access to intentionally trigger errors and acquire the exposed dat...

Denial Of Service (DoS)

jspdf is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of unsanitized image data or URLs in the addImage method, which allows an attacker to supply a malicious PNG file that triggers high CPU utilization and denial of service...

Insecure Deserialization

picklescan is vulnerable to Insecure Deserialization. The vulnerability is due to the use of AutoComplete.getentity to execute remote pickle files, which allows an attacker to run arbitrary code on the target system...

Insecure Deserialization

picklescan is vulnerable to Insecure Deserialization. The vulnerability is due to the use of AutoComplete.fetchcompletions executing remote pickle files, which allows an attacker to run arbitrary code on the system...

Deserialization Of Untrusted Data

picklescan is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to the function fetching and unpickling remote pickle files without validation, which allows an attacker to supply a crafted pickle that executes arbitrary code when deserialized...

Remote Code Execution (RCE)

picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to using the cProfile.run function to execute a remote pickle file, which allows an attacker to execute arbitrary code on the affected system...

Information Disclosure

nx is vulnerable to Information Disclosure. The vulnerability is due to malicious package versions containing code that scans the file system and collects credentials, which allows an attacker to exfiltrate sensitive data by posting it to GitHub under the victim’s account...

Server-Side Template Injection

solspace/craft-freeform is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to improper input handling because the submission title field in forms allows arbitrary code injection when edited by users with form editing access...

SQL Injection

github.com/suyuan32/simple-admin-core is vulnerable to SQL Injection. The vulnerability is due to insufficient input validation because the /sys-api/role/update interface fails to properly sanitize user input, allowing partial data leakage or disruption of system operations...