Secret Key Exposure

Pyroscope is vulnerable to Secret Key Exposure. The vulnerability is due to improper exposure of Tencent COS storage backend configuration values through the Pyroscope API, allowing attackers with API access to retrieve the secretkey used for cloud storage authentication...

Path Traversal

org.openmrs.web, openmrs-web is vulnerable to Path Traversal. The vulnerability is due to improper path boundary validation in the /openmrs/moduleResources/moduleid endpoint, where user-controlled input is concatenated into filesystem paths without normalization or restriction checks, which allow...

Authentication Bypass

github.com/gravitl/netmaker is vulnerable to Authentication Bypass. The vulnerability is due to the VerifyHostToken function failing to validate JWT signatures when verifying host tokens, which allows an attacker to forge a JWT signed with an arbitrary key and impersonate any host in the network ...

Information Disclosure

Free5GC is vulnerable to Information Disclosure. The vulnerability is due to improper request handling in the UDR endpoint GET /nudr-dr/v2/application-data/influenceData/subs-to-notify, where error responses for missing or malformed parameters do not terminate execution. As a result, processing...

Server-Side Request Forgery

github.com/quantumnous/new-api, is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to incomplete SSRF protection that fails to block the unspecified address 0.0.0.0, allowing authenticated users to bypass private-IP filtering and force the server to make requests to...

Server-Side Request Forgery

esm.sh is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation in the /https fetch route, where localhost and internal network protections rely on hostname string checks that can be bypassed using DNS alias domains, allowing attackers to induce...

Remote Code Execution (RCE)

Yoke is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient validation of the overrides.yoke.cd/flight annotation in the Air Traffic Controller ATC component, where attacker-controlled URLs are used to download and execute arbitrary WASM modules. This allows users wi...

Implicit Bearer Token Injection

github.com/kyverno/kyverno is vulnerable to Implicit Bearer Token Injection. The vulnerability is due to the apiCall service helper automatically injecting the Kyverno controller's Authorization: Bearer service account token into outbound requests when no authorization header is explicitly...

Exposure Of Sensitive Information

io.github.davidalmeidac, sealed-env-core is vulnerable to Exposure of Sensitive Information. The vulnerability is due to embedding the operator’s plaintext TOTP secret in the base64-encoded JWS payload of minted unseal tokens, which allows an attacker to decode observed tokens from logs,...

Improper Authorization

Fleet is vulnerable to Improper Authorization. The vulnerability is due to incomplete application of ServiceAccount impersonation in certain Helm deployer code paths, which allows an attacker with git push access to read secrets from arbitrary namespaces on downstream clusters...

Improper Access Control

github.com/free5gc/udr is vulnerable to Improper Access Control. The vulnerability is due to improper request handling in the Traffic Influence Subscription deletion endpoint, which allows an attacker to bypass validation and delete arbitrary subscriptions despite receiving a misleading 404...

Missing Authentication For Critical Function

Sliver is vulnerable to Missing Authentication For Critical Function. The vulnerability is due to the DNS C2 listener allocating server-side sessions without validating TOTP values and lacking session cleanup, which allows an attacker to create excessive sessions and exhaust server memory...

SQL Injection

Focalboard is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of category IDs before they are incorporated into dynamic SQL statements, which allows an attacker to inject malicious SQL that is later executed and used to extract sensitive data from the database...

Command Injection

uniget is vulnerable to Command Injection. The vulnerability is due to unsafe execution of the untrusted check field from metadata files through /bin/bash -c without proper validation or sanitization, which allows an attacker to execute arbitrary shell commands on the victim's system...

Sensitive Information Exposure

com.ritense.valtimo, web is vulnerable to sensitive information exposure. The vulnerability is due to the LoggingRestClientCustomizer automatically logging full HTTP request and response details, including headers and bodies, in error messages, which allows an attacker to access sensitive...

Denial Of Service (DoS)

volcano.sh/volcano is vulnerable to Denial of Service DoS. The vulnerability is due to the webhook server not enforcing a size limit on incoming HTTP request bodies, which allows an attacker with access to the in-cluster webhook endpoint to send arbitrarily large requests and cause the webhook...

Authorization Bypass

Netmaker is vulnerable to Authorization Bypass. The vulnerability is due to improper authorization logic in the Authorize middleware, where a valid host JWT token is accepted when hostAllowed=true without verifying that the host is authorized to access the specific target resource, allowing acces...

Sensitive Information Exposure

Harvester is vulnerable to Sensitive Information Exposure. The vulnerability is due to the interactive installer exposing the operating system’s default SSH login password during cluster creation or host addition, potentially allowing unauthorized access to affected systems...

Improper Access Control

Rancher is vulnerable to Improper Access Control. The vulnerability is due to missing authorization checks when handling cloud-credential IDs, which allows an attacker to make unauthorized requests to cloud providers using attached credentials...

Path Traversal

lakeFS is vulnerable to Path Traversal. The vulnerability is due to insufficient path validation in verifyRelPath within pkg/block/local/adapter.go, where strings.HasPrefix is used to validate storage paths without enforcing path boundaries. This allows authenticated users to use path traversal...

Cross-site Scripting (XSS)

FileBrowser Quantum is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper escaping of user-controlled share metadata fields when rendered in HTML using text/template, which allows an attacker to inject and execute malicious scripts when users visit a shared URL...

Improper Access Control

kcp is vulnerable to Improper Access Control. The vulnerability is due to the cache server being exposed without authentication or authorization controls, which allows an attacker to read from and write to the cache server if they can access the root shard...

Use Of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Cloudreve is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG. The vulnerability is due to the generation of security-sensitive secrets using math/rand seeded with predictable timestamps, which allows an attacker to recover the secret key, forge JWTs, and gain...

Command Injection

Arcane is vulnerable to Command Injection. The vulnerability is due to lifecycle label values such as com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-update being passed directly to /bin/sh -c without sanitization, allowing authenticated users to inject...

Server-Side Request Forgery (SSRF)

github.com/centrifugal/centrifug is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper handling of dynamic JWKS endpoint template variables, which allows an unauthenticated attacker to craft a malicious JWT with manipulated iss or aud claims to force Centrifugo t...

Authorization Bypass

Moby is vulnerable to Authorization Bypass. The vulnerability is due to a flaw in the authorization plugin AuthZ enforcement mechanism, allowing attackers to bypass configured authorization controls and perform actions that should have been restricted by authorization policies...

Denial Of Service (DoS)

GoBGP is vulnerable to Denial of Service DoS. The vulnerability is due to improper validation of malformed BGP UPDATE messages during processing of 4-byte AS attributes, where an internal slice index shift can trigger an index out of range panic, causing the GoBGP process to crash...

Server-Side Request Forgery

Arcane is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to the /api/templates/fetch endpoint accepting a user-controlled url parameter and performing server-side HTTP requests without authentication or validation of the URL scheme and destination host, allowing...

OS Command Injection

Fleet is vulnerable to Command Injection. The vulnerability is due to improper sanitization of software package metadata used in auto-generated uninstall scripts, allowing specially crafted package metadata to inject and execute arbitrary commands with elevated privileges root on macOS/Linux or...

Denial Of Service (DoS)

Mattermost is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of excessively long passwords during authentication, which allows an attacker to consume excessive CPU and memory resources by submitting login attempts with multi-megabyte passwords...

Missing Authorization

github.com/argoproj/argo-workflows is vulnerable to Missing Authorization. The vulnerability is due to missing authorization checks in the Sync Service's ConfigMap-backed provider, which allows an attacker to create, read, update, and delete synchronization-related Kubernetes ConfigMaps without...

Authentication Bypass

MinIO is vulnerable to Authentication Bypass. The vulnerability is due to missing signature verification for authTypeStreamingUnsignedTrailer requests in the Snowball auto-extract handler, which allows an attacker with knowledge of a valid access key to upload arbitrary objects without providing ...

Improper Access Control

Traefik is vulnerable to Improper Access Control. The vulnerability is due to insufficient validation of TraefikService backend references ending with @internal, which allows an attacker with HTTPRoute creation permissions to access the internal REST provider and perform unauthorized configuratio...

Out-of-bounds Read

github.com/gomarkdown/markdown is vulnerable to an Out-of-Bounds Read. The vulnerability is due to improper handling of malformed Markdown input containing a character when processed by the SmartypantsRenderer, which allows an attacker to trigger an out-of-bounds read or cause the application to...

Improper Authorization

Kyverno is vulnerable to Improper Authorization. The vulnerability is due to missing validation of the configMap.namespace field in the ConfigMap context loader, which allows a namespace administrator to bypass RBAC restrictions and read ConfigMaps from arbitrary namespaces using Kyverno's...

OS Command Injection

PicoClaw is vulnerable to OS Command Injection. The vulnerability is due to insufficient validation and sanitization of input in the /api/gateway/restart endpoint of the Web Launcher Management Plane, which allows a remote attacker to inject and execute arbitrary system commands on the underlying...

Local File Inclusion (LFI)

github.com/esm-dev/esm.sh is vulnerable to Local File Inclusion. The vulnerability is due to improper handling of the browser field in package.json by the esbuild plugin, which allows an attacker to publish a malicious npm package that causes the server to read and return arbitrary files from the...

Improper Access Control

Kata Containers is vulnerable to Improper Access Control. The vulnerability is due to an oversight in the CopyFile policy and/or handler, which allows an untrusted host to write files to arbitrary locations within the guest workload image, enabling an attacker to overwrite binaries, compromise...

Server-Side Request Forgery (SSRF)

github.com/zalando/skipper is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient restrictions on Kubernetes ExternalName services when Skipper is used as an Ingress controller, which allows an attacker with permissions to create an Ingress and an ExternalName...

Denial Of Service (DoS)

github.com/hashicorp/vault is vulnerable to Denial of ServiceDoS. The vulnerability is due to insufficient access controls on root token generation and rekey operations, which allows an unauthenticated attacker to repeatedly initiate or cancel these operations, occupying the single available...

Sensitive Information Exposure

Portainer Community Edition is vulnerable to Exposure of Sensitive Information. The vulnerability is due to the authentication middleware accepting JWT bearer tokens through the ?token= URL query parameter, which allows an attacker to obtain authentication tokens from browser history, proxy logs,...

OS Command Injection

github.com/kubeai-project/kubeai is vulnerable to OS Command Injection. The vulnerability is due to the ollamaStartupProbeScript function constructing a shell command with unsanitized model URL components ref and modelParam and executing it via bash -c, which allows an attacker with permission to...

Server-Side Request Forgery (SSRF)

FrontMCP is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to unsafe dereferencing of $ref pointers in OpenAPI specifications without URL restrictions, which allows an attacker to trigger requests to internal network resources or read local files through malicious OpenAP...

Improper Input Validation

mppx is vulnerable to improper input validation. The vulnerability is due to improper validation in the cooperative close handler, where the close voucher amount was checked using “” instead of “=” against the on-chain settled amount, which allows an attacker to submit a close voucher equal to th...

Improper Restriction Of Outbound Network Requests (SSRF)

Flowise is vulnerable to improper restriction of outbound network requests SSRF. The vulnerability is due to multiple tool implementations directly importing and invoking raw HTTP clients instead of using the secured wrapper, which allows an attacker to perform unauthorized server-side requests...

Denial Of Service (DoS)

github.com/go-jose/go-jose is vulnerable to Denial Of Service DoS. The vulnerability is due to improper validation of JWE objects during decryption when the alg field indicates a key wrapping algorithm and the encryptedkey field is empty, which allows an attacker to trigger a runtime panic via...

Arbitrary File Write

github.com/hahwul/dalfox/v2 is vulnerable to Arbitrary File Write. The vulnerability is due to unsafe deserialization of attacker-controlled logging configuration fields in REST API server mode, which allows an unauthenticated attacker to supply arbitrary file paths that are then used by the...

Information Disclosure

strapi/strapi is vulnerable to information disclosure. The vulnerability is due to insufficient sanitization of relational query parameters in the where filter, which allows an unauthenticated attacker to perform a boolean-oracle attack against restricted adminusers table fields and potentially...

Missing Authorization

github.com/minio/minio is vulnerable to IMissing Authorization. The vulnerability is due to insufficient validation of user-supplied X-Minio-Replication- headers in the extractMetadataFromMime function, which allows an authenticated attacker with s3:PutObject permissions to inject internal...

Server-Side Request Forgery (SSRF)

n8n-mcp is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of webhook trigger tools, the n8n API client N8NAPIURL, and per-request URLs supplied through the x-n8n-url header in multi-tenant HTTP mode, which allows an authenticated attacker to send...