38290 matches found
Remote Code Execution (RCE)
picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization through torch.jit.unsupportedtensorops.execWrapper executing a remote pickle after Picklescan fails to flag dangerous content, which allows an attacker to achieve remote code execution by...
Cross-Site Scripting (Reflected XSS)
com.liferay, com.liferay.layout.taglib is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper validation of the embedded message field in the form container, which allows an attacker to inject and execute arbitrary JavaScript in a victim’s browser...
Arbitrary File Read
github.com/donknap/dpanel is vulnerable to Arbitrary File Read. The vulnerability is due to improper access control in the /api/app/compose/get-from-uri interface, which allows an attacker logged into Dpanel to read arbitrary files...
Remote Code Execution (RCE)
picklescan is vulnerable to Remote Code Execution RCE.The vulnerability is due to insecure handling of pickle deserialization where the function can execute attacker-controlled reduce payloads and unsafe validation, which allows an attacker to achieve remote code execution by supplying a maliciou...
Insecure Deserialization
picklescan is vulnerable to insecure deserialization. The vulnerability is due to the use of torch.utils.bottleneck.main.runcprofile function to execute remote pickle files, which allows an attacker to run arbitrary code...
Formula Injection (CSV Injection)
unopim/unopim is vulnerable to Formula Injection CSV Injection. The vulnerability is due to malicious content inserted into a CSV file, which allows an attacker to exploit spreadsheet applications interpreting the input as formulas or commands instead of plain text...
Remote Code Execution (RCE)
picklescan is vulnerable to Remote Code Execution RCE.The vulnerability is due to the GuardBuilder.get function being invoked from a crafted pickle's reduce method during deserialization, which bypasses Picklescan's checks and allows an attacker to execute arbitrary code when the victim calls...
Improper Access Control
unopim/unopim is vulnerable to Improper Access Control. The vulnerability is due to insufficient privilege enforcement on the mass-delete endpoint, which allows an attacker without "Delete" permissions to bypass restrictions and delete products...
SQL Injection
Django is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of column aliases in FilteredRelation when crafted dictionaries are expanded as keyword arguments to QuerySet.annotate or QuerySet.alias, which allows an attacker to inject and execute arbitrary SQL...
Stored Cross-site Scripting (XSS)
com.liferay, com.liferay.layout.admin.web is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper validation of the comliferaylayoutadminwebportletGroupPagesPortlettype parameter, which allows a remote authenticated attacker to inject and execute malicious JavaScrip...
Reflected Cross-Site Scripting (Reflected XSS)
com.liferay.portal, release.portal.bom is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper validation of the snippet parameter, which allows an attacker to inject and execute arbitrary JavaScript code in a victim’s browser...
User Enumeration
com.liferay, com.liferay.login.web is vulnerable to User Enumeration. The vulnerability is due to improper handling of account creation requests on the "create account" page, which allows an attacker to determine if a specific account exists in the application...
Cross-Site Scripting (XSS)
com.liferay.portal, release.portal.bom is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper handling of user input in PortalUtil.escapeRedirect, which allows a remote authenticated attacker to inject and execute arbitrary JavaScript...
Allocation Of Resources Without Limits
Bouncy Castle is vulnerable to Allocation of Resources Without Limits. The vulnerability is due to excessive allocation due to improper handling in the AESNativeCBC.java implementation...
Signature Malleability
github.com/consensys/gnark is vulnerable to signature malleability. The vulnerability is due to improper validation of the S value in EdDSA and ECDSA signatures not enforcing 0 ≤ S order, which allows an attacker to create multiple valid signatures for the same public input, potentially enabling...
Out-of-bounds Write
org.bouncycastle, bc-fips is vulnerable to Out-of-bounds Write. The vulnerability is due to improper memory handling in org/bouncycastle/jcajce/provider/BaseCipher, which allows an attacker to write data outside the intended memory bounds and potentially execute arbitrary code...
SQL Injection
org.jeecgframework.boot, jeecg-boot-base-core is vulnerable to SQL Injection. The vulnerability is due to improper handling of SQL queries in the /jeecg-boot/online/cgreport/head/parseSql endpoint, which allows an attacker to bypass SQL blacklist restrictions...
Hard-coded Cryptographic Key
cn.hippo4j, hippo4j-core is vulnerable to use of hard-coded cryptographic key. The vulnerability is due to a hard-coded secret key in JWT creation, which allows an attacker to forge valid access tokens and impersonate any user, including privileged ones like "admin"...
Denial Of Service (DoS)
github.com/cri-o/cri-o is vulnerable to Denial Of Service DoS. The vulnerability is due to improper user creation handling due to reading the entire /etc/passwd file into memory when securityContext.runAsUser specifies a non-existent user, leading to excessive memory consumption and potential...
Improper Access Control
com.liferay.portal, release.portal.bom is vulnerable to Improper Access Control. The vulnerability is due to insufficient access restrictions on files uploaded via forms and stored in the documentlibrary, which allows an attacker to directly access these files through crafted URLs without...
Unrestricted File Upload
com.liferay, com.liferay.dynamic.data.mapping.form.web is vulnerable to Unrestricted File Upload. The vulnerability is due to insufficient validation on the form attachment field, which allows an attacker to upload files with obfuscated extensions and bypass MIME type checks, enabling malicious...
Improper Access Control
Directus is vulnerable to an improper access control vulnerability. The vulnerability is due to a flaw in the file update mechanism, which allows an attacker to modify existing files or upload arbitrary files without authentication, bypassing metadata tracking and evading visibility in the Direct...
Cross-site Scripting (XSS)
Liferay Portal is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient input sanitization due to improper handling of the comliferayusersadminwebportletUsersAdminPortletassetTagNames parameter, allowing remote authenticated attackers to inject JavaScript...
Server-Side Request Forgery (SSRF)
org.apache.eventmesh:eventmesh-runtime is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of user-supplied URLs due to unsafe handling in the eventmesh-runtime module WebhookUtil.java, allowing attackers to read or update internal resources...
Cross-Site Request Forgery (CSRF)
com.liferay.portal, release.portal.bom is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to insufficient CSRF protection for omni-administrator users, which allows an attacker to execute unauthorized actions on behalf of the affected user...
Stored Cross-site Scripting (XSS)
moonshine/moonshine is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper input validation in the Create Article function’s Link parameter, which allows an attacker to inject a crafted payload and execute arbitrary web scripts or HTML...
Cross-Site Scripting (XSS)
com.liferay, com.liferay.layout.type.controller.display.page is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper validation of user input in friendly URLs, which allows a remote unauthenticated attacker to inject malicious JavaScript into web content and...
Symlink Traversal
n8n is vulnerable to symlink traversal. The vulnerability is due to improper handling of symbolic links in the Read/Write File node, which allows an attacker to bypass directory restrictions and read or write to otherwise inaccessible paths...
Cross-site Scripting (XSS)
com.liferay.portal, release.portal.bom is vulnerable to Stored DOM-based Cross-Site Scripting XSS. The vulnerability is due to improper handling of DDM structure field labels in the Asset Publisher configuration UI within the Source.js module, where values are inserted into the DOM using innerHTM...
Cross-Site Request Forgery (CSRF)
com.liferay.portal, release.portal.bom is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper validation of the endpoint parameter, which allows an attacker to perform cross-origin requests on behalf of an authenticated user...
SQL Injection
moonshine/moonshine is vulnerable to SQL injection. The vulnerability is due to improper handling of the Data parameter in the Blog module, which allows an attacker to inject malicious SQL queries...
Arbitrary File Upload
moonshine/moonshine is vulnerable to arbitrary file upload. The vulnerability is due to improper validation of uploaded SVG files, which allows an attacker to execute arbitrary code...
Cross-site Scripting (XSS)
moonshine/moonshine is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the application allowing malicious HTML payloads in the Name parameter when creating a new Admin, leading to arbitrary JavaScript execution...
Cross-site Scripting (XSS)
Liferay Portal is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper handling of the comliferayjournalwebportletJournalPortletbackURL parameter, which allows injection of malicious JavaScript code...
Sensitive Information Disclosure
Liferay Portal is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper access control due to weak validation in the calendar feature, which allows authenticated users to enumerate other users’ calendars and use this information for phishing attacks...
Memory Leakage
Libtiff.so is vulnerable to Memory Leak. The vulnerability is due to improper memory management due to flaws in the TIFFmallocExt, TIFFCheckRealloc, TIFFHashSetNew, and InitCCITTFax3 functions in tiffcmp.c, which allow local attackers to trigger memory leaks...
Command Injection
screenshot-desktop is vulnerable to command injection. The vulnerability is due to unsanitized user-controlled input being passed into the format option of the screenshot function, which allows an attacker to execute arbitrary commands with the privileges of the calling process...
Cross-Site Scripting (XSS)
express-gateway is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input handling in lib/rest/routes/users.js of the REST Endpoint, which allows an attacker to execute malicious scripts remotely...
Cross-Site Scripting (XSS)
express-gateway is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input handling in the REST Endpoint lib/rest/routes/apps.js, which allows an attacker to remotely inject and execute malicious scripts...
Improper TLS Configuration
github.com/hydraide/hydraide is vulnerable to improper TLS configuration. The vulnerability is due to the client using only RootCAs without proper certificate verification and the server lacking ClientCAs and ClientAuth, which allows an attacker to perform man-in-the-middle MITM attacks and read...
Type Confusion
V8 in Google Chrome is vulnerable to Type Confusion. The vulnerability is due to improper handling of object types in the V8 JavaScript engine, which allows a remote attacker to exploit heap corruption by supplying a crafted HTML page...
Missing Authorization
Liferay Portal is vulnerable to Missing Authorization. The vulnerability is due to improper access control due to authenticated users being able to modify the content of calendar portlet emails, allowing attackers to send phishing emails to other users in the same organization...
Cross-site Scripting (XSS)
Liferay Portal is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization due to the message boards feature allowing remote authenticated attackers to inject malicious JavaScript via the web interface...
Reflected Cross-Site Scripting (Reflected XSS)
com.liferay, com.liferay.expando.web are vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper input validation of the comliferayexpandowebportletExpandoPortletdisplayType parameter, which allows an attacker to inject and execute arbitrary JavaScript code in a...
Cross-Site Scripting (XSS)
Mermaid is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to user-supplied input for architecture diagram icons being passed to the d3 html method, which allows an attacker to inject and execute malicious scripts...
Cross-Site Scripting (XSS)
Mermaid is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to user-supplied input for sequence diagram labels being passed to innerHTML during element size calculation, which allows an attacker to inject and execute malicious scripts...
Blind Server Side Request Forgery (SSRF)
johnbillion/wp-crontrol plugin is vulnerable to Blind Server Side Request Forgery SSRF. The vulnerability is due to improper use of the wpremoterequest function, which allows an attacker with Administrator-level access to send arbitrary web requests and interact with internal services...
Use Of Default Credentials
nginx-defender is vulnerable to Use of Default Credentials. The vulnerability is due to insecure configuration due to default administrative passwords being present in example configuration files, allowing attackers with network access to gain full administrative control if not changed...
Namespace Label Injection
github.com/projectcapsule/capsule is vulnerable to namespace label injection. The vulnerability is due to improper validation of labels in system namespaces, which allows an attacker to inject arbitrary labels, bypass multi-tenant isolation, and escalate privileges to access cross-tenant resource...
Denial Of Service (DoS)
org.bouncycastle, bc-fips is vulnerable to Denial Of Service DoS. The vulnerability is due to excessive allocation in the org.Bouncycastle.Crypto.Fips.NativeLoader module, which allows an attacker to exhaust system resources and cause a denial of service...