38108 matches found
Cross-Site Scripting (Reflected XSS)
Liferay Portal is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization in entrycoverimagecaption.jsp within the Blogs module, which allows a remote unauthenticated attacker to inject malicious JavaScript and execute it in a victim’s browser...
Integer Overflow
executorch is vulnerable to integer overflow. The vulnerability is due to improper handling in model loading that causes smaller-than-expected memory allocation, which allows an attacker to achieve code execution or other malicious effects...
Sensitive Information Exposure
@workos-inc/authkit-remix is vulnerable to Sensitive Information Exposure. The vulnerability is due to sealedSession and accessToken being returned from the authkitLoader, which allows an attacker to obtain sensitive authentication artifacts rendered in the browser HTML...
Sensitive Information Exposure
@workos-inc/authkit-react-router is vulnerable to Sensitive Information Exposure. The vulnerability is due to authentication artifacts such as sealedSession and accessToken being returned from the authkitLoader and rendered into browser HTML, which allows an attacker to obtain sensitive session...
ZIP Payload Obfuscation Through Parsing Differentials
uv is vulnerable to ZIP payload obfuscation through parsing differentials. The vulnerability is due to improper ZIP archive validation due to failure to reconcile file entries against the central directory, allowing attackers to craft archives with inconsistent or stacked ZIPs that behave...
Privilege Escalation
github.com/operator-framework/operator-sdk is vulnerable to Privilege Escalation. The vulnerability is due to the usersetup script setting /etc/passwd to group-writable, allowing attackers to modify it and gain root privileges within the container...
Denial Of Service (DoS)
github.com/rs/cors is vulnerable to Denial of Service DoS. The vulnerability is due to excessive heap allocations when processing malicious preflight requests with Access-Control-Request-Headers containing many commas...
CRLF Injection
Keycloak-services is vulnerable to CRLF Injection. The vulnerability is due to improper input validation due to special characters in email registration being improperly handled, allowing attackers to inject SMTP commands and send unsolicited emails...
Arbitrary File Deletion
github.com/ollama/ollama is vulnerable to arbitrary file deletion. The vulnerability is due to improper validation of crafted packets sent to the /api/pull endpoint, which allows an attacker to delete arbitrary files...
Brute-force Attack
jwe is vulnerable to Brute-force Attack. The vulnerability is due to insufficient validation of JWE authentication tags, which allows an attacker to brute force tags, recover the GCM GHASH key, and craft arbitrary JWEs leading to loss of confidentiality...
Arbitrary Code Execution (ACE)
skops is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to Card.getmodel falling back to joblib for non-.zip file formats without warning, which allows an attacker to load a malicious model file and execute arbitrary code...
Open Redirect
Astro is vulnerable to Open Redirect. The vulnerability is due to improper handling of paths with double slashes in the trailing slash redirection logic, which allows an attacker to redirect users to arbitrary external domains and perform phishing or social engineering attacks...
Cross-site Scripting (XSS)
concrete5/concrete5 is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper handling of malicious folders in the Members Dashboard Home Folder, which allows an attacker with admin privileges to inject XSS that executes when users log in...
Arbitrary File Write
tmp is vulnerable to arbitrary file/directory write. The vulnerability is due to improper handling of the dir parameter when creating temporary files/directories via symbolic link, which allows an attacker to create symbolic links and overwrite arbitrary files...
Cross-Site Scripting (Reflected XSS)
concrete5/concrete5 is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to unsanitized input in the Conversation Messages Dashboard Page, which allows an attacker to steal session cookies or tokens, deface web content, redirect victims to malicious sites, or execute unauthorized...
Broken Authentication
github.com/hashicorp/vault is vulnerable to Broken Authentication. The vulnerability is due to improper MFA enforcement when usernameasalias is set to true and a user has multiple CNs with leading or trailing spaces, which allows attackers to bypass MFA authentication...
Cleartext Transmission Of Sensitive Information
github.com/go-acme/lego is vulnerable to Cleartext Transmission of Sensitive Information. The vulnerability is due to the library not enforcing HTTPS when communicating with Certificate Authorities CAs, which allows attackers to intercept ACME protocol operations and access sensitive details like...
Regular Expression Denial Of Service (ReDoS)
Hugging Face Transformers is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to the use of a regex pattern /^/^// in the converttfweightnametoptweightname function, which allows attackers to craft malicious input strings causing catastrophic backtracking and...
Race Condition
shopware/platform is vulnerable to Race Condition. The vulnerability is due to improper handling of concurrent requests in the voucher system, which allows attackers to bypass voucher restrictions and exceed usage limitations...
Denial Of Service (DoS)
setasign/fpdi is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of user-supplied PDF files, which allows an attacker to upload a crafted malicious PDF that leads to memory exhaustion and server crash...
Remote Code Execution (RCE)
github.com/tnborg/panel is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper path handling in the CleanPath middleware from the go-chi/chi package, which fails to process r.URL.Path, followed by flaws in backend login path exposure, which allows an attacker to bypass...
Denial Of Service (DoS)
github.com/gofiber/fiber is vulnerable to Denial of Service DoS. The vulnerability is due to improper input validation when parsing form data with excessively large numeric slice indexes, leading to integer overflow or memory exhaustion and application crash...
Command Injection
mcp-package-docs is vulnerable to command injection. The vulnerability is due to unsanitized input passed to childprocess.exec, which allows an attacker to inject arbitrary system commands and achieve remote code execution under the server process's privileges...
Arbitrary Code Execution (ACE)
topthink/framework is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper input handling in the routecheck function, which allows an attacker to execute arbitrary code remotely...
Cross-site Scripting (XSS)
com.liferay:com.liferay.captcha.impl are vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper captcha validation which allows attackers to bypass verification and execute scripts in the Gogo shell...
Heap Buffer Overflow
libsquid.so is vulnerable to Heap Buffer Overflow. The vulnerability is due to improper buffer management when processing URN requests, which may allow remote code execution...
Weak Encryption
jose is vulnerable to weak encryption. The vulnerability is due to encryption algorithms that are claimed to not meet recommended security standards, which allows an attacker to potentially bypass intended cryptographic strength...
NULL Pointer Dereference
libtiff is vulnerable to Null Pointer Dereference. The vulnerability is due to lack of validation in the PSLvl2page function of tiff2ps.c, which can trigger a null pointer dereference under specific configurations...
Command Injection
@anthropic-ai/claude-code is vulnerable to Command Injection. The vulnerability is due to the confirmation prompt being bypassed, allowing execution of untrusted commands if malicious content is injected into the context window...
SQL Injection
adodb/adodb-php is vulnerable to SQL Injection. The vulnerability is due to improper escaping of query parameters due to crafted table names being passed to the metaColumns, metaForeignKeys, or metaIndexes methods when connected to a sqlite3 database...
Null Pointer Dereference
libtiff.so is vulnerable to Null Pointer Dereference. The vulnerability is due to improper handling in the t2preadtiffinit function of tools/tiff2pdf.c in the fax2ps component, which allows a local attacker to trigger a null pointer dereference under complex conditions...
Improper Input Validation
github.com/grafana/grafana-infinity-datasource is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of allowed URL restrictions, which allows an attacker to bypass configured URL checks using a specially crafted URL...
Missing Origin Validation
org.apache.zeppelin, zeppelin-shell is vulnerable to Missing Origin Validation. The vulnerability is due to lack of origin validation in WebSocket connections, which allows an attacker to access the Zeppelin server from another origin and retrieve internal information about paragraphs...
Remote Code Execution (RCE)
pyloadng is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe path construction in the addcrypted endpoint via the package parameter, which allows unauthenticated attackers to write arbitrary files outside the designated directory, enabling privilege escalation and remot...
Regular Expression Denial Of Service (ReDoS)
copyparty is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to allowing arbitrary RegEx inputs in the filter parameter of the "Recent Uploads" page, which allows an attacker to craft a malicious regex that deadlocks the server...
Path Traversal
@anthropic-ai/claude-code is vulnerable to Path Traversal. The vulnerability is due to using prefix matching instead of canonical path comparison, which allows bypassing directory restrictions and accessing files outside the CWD if a directory with the same prefix exists and untrusted content is...
Improper Input Validation
org.apache.zeppelin, zeppelin-jdbc is vulnerable to Improper Input Validation. The vulnerability is due to incomplete JDBC URL validation that failed to handle URL encoded input, which allows an attacker to bypass validation checks and potentially exploit database connections...
Cross-Site Scripting (XSS)
org.apache.zeppelin, zeppelin-web is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to an incomplete blacklist of user input, which allows an attacker to inject malicious scripts and execute them in a victim’s browser...
Cross-site Scripting (XSS)
microweber/microweber is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization due to malicious scripts being injected into user profile fields, which execute in admin browsers...
Remote Code Execution (RCE)
@nestjs/devtools-integration is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper sandboxing and missing cross-origin protections due to unsafe execution of attacker-controlled input in a JavaScript sandbox via the /inspector/graph/interact endpoint...
Sensitive Information Disclosure
org.opensearch.plugin:opensearch-security is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper enforcement of Field Level Security FLS rules due to member attributes of excluded objects still being accessible through search queries, allowing reconstruction of...
Authentication Bypass
Vault is vulnerable to authentication bypass. The vulnerability is due to insufficient enforcement of MFA login rate limits and TOTP token reuse, which allows an attacker to bypass MFA protections and reuse valid tokens for unauthorized access...
Privilege Escalation
github.com/hashicorp/vault is vulnerable to privilege escalation. The vulnerability is due to a privileged operator with write permissions to the root namespace’s identity endpoint being able to escalate their own or another user’s token privileges, which allows an attacker to gain Vault’s root...
Authentication Bypass
github.com/hashicorp/vault is vulnerable to authentication bypass. The vulnerability is due to the TOTP Secrets Engine code validation endpoint allowing code reuse within its validity period, which allows an attacker to replay a previously valid code to gain unauthorized access...
Cross-site Scripting (XSS)
microweber/microweber is vulnerable to cross-site scripting XSS. The vulnerability is due to improper input validation due to the last name field in the /projects/profile homepage endpoint allowing injection of malicious scripts...
Reflected Cross Site Scripting (XSS)
microweber/microweber is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to improper validation of the layout parameter on the /admin/page/create page, which allows arbitrary JavaScript execution in the context of authenticated admin users...
Code Execution
Vault is vulnerable to code execution. The vulnerability is due to a privileged operator with write access to sys/audit being able to exploit a plugin directory in Vault’s configuration, which allows an attacker to execute arbitrary code on the underlying host...
Timing Side-channel Attacks
github.com/hashicorp/vault is vulnerable to Timing side-channel Attacks. The vulnerability is due to differences in response timing in the Userpass auth method, which allows an attacker to distinguish between valid and invalid usernames and potentially enumerate existing accounts...
Path Traversal
github.com/traefik/traefik is vulnerable to path traversal. The vulnerability is due to improper validation of file paths in the WASM plugin installation mechanism, which allows an attacker to supply a malicious ZIP archive with ../ sequences to overwrite arbitrary files on the system...
Remote Code Execution (RCE)
github.com/1panel-dev/1panel is vulnerable to Remote Code Execution RCE. The vulnerability is due to incomplete certificate verification during HTTPS communication between the Core and Agent endpoints, which allows an attacker to gain unauthorized access and execute commands with high privileges...