Open Redirect

googlesignin is vulnerable to open redirect. The vulnerability is due to improper validation of crafted URLs that bypass the "same origin" check, which allows an attacker to redirect users to a malicious origin and potentially chain it with arbitrary data injection into session cookies...

Privilege Escalation

Kubernetes is vulnerable to Privilege Escalation. The vulnerability is due to improper access control because node users can patch their node object with an OwnerReference to a cluster-scoped resource, leading to unintended node deletion via garbage collection...

Sensitive Information Disclosure

Liferay Portal is vulnerable to Sensitive Information Disclosure.The vulnerability is due to improper tenant isolation because admin users of a virtual instance can add pages outside the default instance, allowing tenants to enumerate all other tenants...

Prototype Pollution

devalue is vulnerable to prototype pollution. The vulnerability is due to devalue.parse not validating that an index is numeric, which allows an attacker to pass a crafted string with a proto property to assign prototypes to objects and properties...

Arbitrary Code Execution

badaso/core is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to improper content-type validation in the Media Manager file-upload endpoint, which allows an attacker to upload PHP files disguised as other formats and execute arbitrary system commands, leading to full host...

Heap Buffer Overflow

ImageMagick is vulnerable to Heap Buffer Overflow. The vulnerability is due to improper memory handling because images with separate alpha channels during magnification in ReadOneMNGImage can leak memory contents into the output image...

Heap Buffer Overflow

ImageMagick is vulnerable to Heap Buffer Overflow. The vulnerability is due to improper memory handling because crafted TIFF files can trigger a buffer overflow and cause the application to crash...

Unauthorized Access

Liferay Portal is vulnerable to Unauthorized Access. The vulnerability is due to improper access control because unauthenticated users guests can access files uploaded by object entries and stored in documentlibrary via direct URL...

Cross-site Scripting (XSS)

Liferay Portal is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input validation because the application fails to sanitize the referer or FORWARDURL parameters, allowing attackers to inject JavaScript using %00...

Improper Input Validation

xgrammar is vulnerable to improper input validation. The vulnerability is due to the lack of validation on user-supplied grammars, which allows an attacker to easily trigger the flaw and potentially exploit affected tools that pass untrusted grammars to xgrammar...

Open Redirect

com.liferay, com.liferay.info.impl is vulnerable to Open Redirect. The vulnerability is due to improper validation of the /c/portal/editinfoitem redirect parameter, which allows an attacker to redirect users to a malicious site...

Stored Cross-site Scripting (XSS)

com.liferay, com.liferay.plugins.admin.web is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization in the components tab, which allows an attacker to inject and execute arbitrary web scripts or HTML in the victim’s browser...

Heap Buffer Overflow

ImageMagick is vulnerable to heap buffer overflow. The vulnerability is due to an off-by-one error in the InterpretImageFilename function when handling format strings with consecutive percent signs %%, which allows an attacker to trigger out-of-bounds memory access...

Memory Corruption

libtiff.so is vulnerable to memory corruption. The vulnerability is due to improper handling in the May function of tiffcrop.c within the tiffcrop component, which allows an attacker to exploit it locally leading to memory corruption...

Denial Of Service (DoS)

Liferay Portal is vulnerable to Denial of Service DoS. The vulnerability is due to insufficient restrictions on file uploads through forms, which are stored in the documentlibrary, allowing an attacker to upload unlimited files and cause a potential DDoS...

Reflected Cross-Site Scripting (Reflected XSS)

Liferay Portal is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to improper input validation in the frontend-editor-ckeditor-web/ckeditor/samples/old/ajax.html path, which allows a remote unauthenticated attacker to inject and execute arbitrary JavaScript in the...

Privilege Defined With Unsafe Actions

org.apache.cassandra, cassandra-all is vulnerable to Privilege Defined With Unsafe Actions. The vulnerability is due to unsafe actions on a system resource, which allow a user with MODIFY permission on all keyspaces to escalate privileges to superuser within an Apache Cassandra cluster...

Memory Leakage

ImageMagick is vulnerable to Memory Leakage. The vulnerability is due to improper handling of format specifiers because multiple consecutive %d in a filename template within the magick stream command trigger memory leakage...

Stack-based Buffer Overflow

ImageMagick is vulnerable to stack-based buffer overflow. The vulnerability is due to improper pointer arithmetic when multiple consecutive %d format specifiers are used in the magick mogrify command filename template, which allows an attacker to trigger a stack overflow through vsnprintf...

Stored Cross-site Scripting (XSS)

com.liferay, com.liferay.journal.service is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper validation of user input in the web content text field, which allows a remote unauthenticated attacker to inject malicious JavaScript and execute it in the context of a...

Denial Of Service (DoS)

vrana/adminer is vulnerable to Denial of Service. The vulnerability is due to improper handling of crafted serialized payloads in Monolog logging, which allows an attacker to trigger excessive memory consumption via malicious serialized objects, leading to PHP Object Injection and server-level Do...

Request Smuggling

h2 is vulnerable to request smuggling. The vulnerability is due to improper validation of header names/values when downgrading HTTP/2 requests to HTTP/1.1, which allows an attacker to inject CRLF characters, manipulate request boundaries, and bypass security controls...

Denial Of Service (DoS)

Axios is vulnerable to Denial-of-Service. The vulnerability is due to improper handling of data: scheme URLs, where the Node.js HTTP adapter decodes the entire payload into memory and ignores size limits, allowing attackers to supply a very large data URI to cause unbounded memory allocation and...

HTTP Request Smuggling (HRS)

mitmproxy is vulnerable to HTTP request smuggling. The vulnerability is due to mitmproxy embedding python-hyper/h2 ≤ v4.2.0 which has a gap in its HTTP/2 header validation, which allows an attacker to smuggle requests when mitmproxy translates HTTP/2 to HTTP/1...

Remote Code Execution (RCE)

craftcms/cms is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of template inputs in Twig, which allows an attacker to inject malicious templates and execute arbitrary code on the server...

Server-Side Request Forgery (SSRF)

phpoffice/phpspreadsheet is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper input validation because the setPath method in the PhpOffice\PhpSpreadsheet\Worksheet\Drawing class allows attackers to craft requests to internal resources...

Denial Of Service (DoS)

ImageMagick is vulnerable to Denial of Service DoS. The vulnerability is due to a function-type-mismatch in the splay tree cloning callback, which allows an attacker to trigger a deterministic abort under UBSan, leading to service disruption in sanitizer builds...

Username Enumeration

Liferay Portal is vulnerable to Username Enumeration. The vulnerability is due to information disclosure because attackers can determine if an account exists by measuring differences in server processing time during login requests...

Path Traversal

qbitmanage is vulnerable to Path Traversal. The vulnerability is due to improper validation of the backupid parameter in the restoreconfigfrombackup endpoint, which allows an attacker to bypass directory restrictions and read arbitrary files from the server filesystem...

Privilege Escalation

langflow is vulnerable to privilege escalation. The vulnerability is due to improper access control in Langflow containers, where an authenticated user with RCE access can invoke the internal langflow superuser CLI command to create an administrative account, which allows an attacker to gain full...

Integer Overflow

ImageMagick is vulnerable to integer overflow. The vulnerability is due to unsafe magnified size calculations in the ReadOneMNGImage function coders/png.c, which allows an attacker to trigger memory corruption and potentially exploit the application...

Path Traversal

github.com/mattermost/mattermost-server is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths during plugin import operations, which allows an attacker with restricted admin privileges to install unauthorized custom plugins by bypassing plugin signature...

Cross-site Scripting (XSS)

UnoPim is vulnerable to a stored cross-site scripting XSS vulnerability. The vulnerability is due to a MIME/sanitizer bypass in SVG files, which allows attackers to upload a specially crafted SVG image containing malicious script...

Cross-site Scripting (XSS)

Liferay Portal is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient input sanitization because the comliferaydynamicdatamappingwebportletDDMPortletportletNamespace and comliferaydynamicdatamappingwebportletDDMPortletnamespace parameters can be abused by a remote...

OS Command Injection

@wong2/mcp-cli is vulnerable to OS command injection. The vulnerability is due to unsafe command construction/execution because redirectToAuthorization in /src/oauth/provider.js uses attacker-controlled input in an OS command context, allowing remote command execution...

Denial Of Service (DoS)

vllm is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of excessively large HTTP headers in GET requests, which allows an attacker to exhaust server memory and cause a crash or unresponsiveness...

Directory Traversal

vite-plugin-static-copy is vulnerable to Directory Traversal. The vulnerability is due to improper access control because apps exposing the Vite dev server to the network --host or server.host config option allow attackers to retrieve arbitrary files by which an attacker can access arbitrary file...

Remote Code Execution (RCE)

unopim/unopim is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper input validation because the image upload on user creation performs only client-side file type checks, allowing an attacker to modify a captured upload change extension and content to .php and execute...

XML External Entity Injection (XXE)

org.apache.tika, tika-parser-pdf-module is vulnerable to XML External Entity XXE injection. The vulnerability is due to improper handling of crafted XFA files inside PDFs, which allows an attacker to read sensitive data or trigger malicious requests to internal or third-party servers...

Improper Input Validation

github.com/mattermost/mattermost-servert is vulnerable to Improper Input Validation. The vulnerability is due to failure to sanitize the team invite ID in the /api/v4/teams/:teamId/restore endpoint, which allows a team admin without invite privileges to obtain the team’s invite ID...

Improper Access Control

github.com/mattermost/mattermost-server is vulnerable to Improper Access Control. The vulnerability is due to failing to validate access controls at the time of access, which allows an attacker to read a thread via AI posts...

Path Traversal

github.com/mattermost/mattermost-server is vulnerable to Path Traversal. The vulnerability is due to improper sanitization of path traversal sequences in template file destination paths, which allows an attacker system admin to perform path traversal attacks and place malicious files outside...

Improper Authorization

github.com/mattermost/mattermost-server is vulnerable to Improper Authorization. The vulnerability is due to insufficient validation of authorization for team scheme role modifications, which allows an attacker Team Admins to demote Team Members to Guests via the affected API endpoint...

Remote Code Execution (RCE)

picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization because torch.utils.configmodule.loadconfig used in reduce can load malicious pickle files that bypass Picklescan checks and execute arbitrary code during pickle.load...

Arbitrary File Upload

Mattermost is vulnerable to Arbitrary File Upload. The vulnerability is due to insufficient validation of upload types because remote cluster upload sessions allow system admins to upload non-attachment file types, potentially enabling placement of files in arbitrary filesystem directories...

Path Traversal

github.com/mattermost/mattermost-server is vulnerable to path traversal. The vulnerability is due to improper sanitization of file names, which allows an attacker with file upload permissions to overwrite file attachment thumbnails via file streaming APIs...

Denial Of Service (DoS)

pyLoad-ng is vulnerable to Denial of Service DoS. The vulnerability is due to improper input validation because the jk parameter is passed directly to dykpy.evaljs without verification, allowing crafted input to exhaust CPU resources and render the web UI unresponsive...

Denial Of Service (DoS)

com.liferay.portal, release.portal.bom are vulnerable to Denial Of Service DoS. The vulnerability is due to allowing unlimited file uploads through object entries attachment fields, which are stored in the documentlibrary, allowing an attacker to cause a potential Denial-of-Service DDoS attack...

Insecure Deserialization

picklescan is vulnerable to Insecure Deserialization. The vulnerability is due to the use of torch.utils.collectenv.run function to execute remote pickle files, which allows an attacker to execute arbitrary code...

Remote Code Execution (RCE)

picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of untrusted pickle data in the function’s reduce flow, which allows an attacker to craft a malicious pickle that bypasses the victim’s Picklescan check and achieve arbitrary code execution when t...