NULL Pointer Dereference

materialx is vulnerable to null pointer dereference. The vulnerability is due to improper handling of shader node parsing in MTLX files, which allows an attacker to crash a target program by supplying a maliciously crafted file...

Cross-site Scripting (XSS)

microweber/microweber is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the id parameter in the liveedit.modulesettings API endpoint allowing arbitrary JavaScript execution...

Authentication Bypass

github.com/hashicorp/vault is vulnerable to Authentication Bypass. The vulnerability is due to improper enforcement of the user lockout feature due to flaws in the Userpass and LDAP authentication methods that allow lockout bypass...

NULL Pointer Dereference

MaterialX is vulnerable to NULL pointer dereference. The vulnerability is due to improper handling of shader node parsing in MTLX files, which allows an attacker to craft malicious files that can crash a target program...

Authentication Bypass

github.com/hashicorp/vault is vulnerable to Authentication Bypass. The vulnerability is due to improper certificate validation due to accepting non-CA certificates as trusted, allowing attackers to impersonate users with crafted certificates...

Sensitive Information Disclosure

OpenSearch is vulnerable to Sensitive Information Disclosure. The vulnerability is due to redacted values being retrievable through range queries and the fields option in the search API...

Denial Of Service (DoS)

OpenEXR is vulnerable to Denial Of Service DoS. The vulnerability is due to a NULL pointer dereference due to improper handling of deep scanline images with large sample counts in reduceMemory mode...

Denial Of Service (DoS)

MaterialX is vulnerable to Denial Of Service DoS. The vulnerability is due to stack exhaustion due to improper handling of multiple nested nodegraph implementations when parsing malicious MTLX files...

Denial Of Service (DoS)

OpenEXR is vulnerable to denial of service DoS. The vulnerability is due to improper input validation due to trusting unvalidated dataWindow size values from file headers, leading to excessive memory allocation and performance degradation...

Heap-based Buffer Overflow

OpenEXR is vulnerable to Heap-based Buffer Overflow. The vulnerability is due to improper memory handling due to a maliciously forged chunk header when decompressing ZIPS-packed deep scan-line EXR files...

Deserialization Of Untrusted Data

prestashop/prestashop is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to improper handling in the getHeaders function, which allows an attacker to execute arbitrary code via a crafted POST request...

Deserialization

prestashop/prestashop is vulnerable to Deserialization. The vulnerability is due to improper handling of crafted POST requests in the /themes/import component, which allows an attacker to execute arbitrary code...

Remote Code Execution (RCE)

ms-swift is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper output neutralization for logs because malicious input passed into the train method is concatenated into shell commands, allowing arbitrary command execution...

Remote Code Execution (RCE)

ms-swift is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization because yaml.load from PyYAML is used in tests/run.py, allowing attackers to execute arbitrary code via a crafted YAML configuration file...

Deserialization Of Untrusted Data

ms-swift is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to unsafe deserialization due to malicious pickle deserialization in adapter model files, allowing arbitrary command execution when loading specially crafted adapter models from ModelScope...

Cross-Site Scripting

Copyparty is vulnerable to reflected Cross-Site Scripting XSS. The vulnerability is due to improper escaping of user-supplied input in the filter parameter on the recent uploads page, which is reflected into a...

Prototype Pollution

@nyariv/sandboxjs is vulnerable to prototype pollution. The vulnerability is due to insufficient prototype access checks in the sandbox’s executor logic, particularly when handling JavaScript function objects, which allows an attacker to inject arbitrary properties into Object.prototype...

Cross-site Scripting (XSS)

Apache JSPWiki is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient sanitization of wiki markup and markdown header link creation because specially crafted input can execute JavaScript in the victim’s browser, enabling theft of sensitive information...

Improper Output Neutralization For Logs

org.apache.struts, struts-extras is vulnerable to Improper Output Neutralization for Logs. The vulnerability is due to LookupDispatchAction printing untrusted input to logs without filtering, which allows an attacker to craft input that injects misleading log entries, potentially confusing human ...

Authentication Bypass

github.com/oauth2-proxy/oauth2-proxy is vulnerable to Authentication Bypass. The vulnerability is due to the skipauthroutes configuration option matching against the full request URI, including query parameters, when using overly permissive regex patterns, which allows an attacker to craft URLs...

Cross-Site Scripting (XSS)

org.apache.jspwiki, jspwiki-main is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of crafted requests using the Image plugin, which allows an attacker to execute JavaScript in the victim's browser and obtain sensitive information...

Improper Access Control

@finos/git-proxy is vulnerable to improper access control. The vulnerability is due to bypassing policies and explicit approvals when pushing to remote repositories, which allows an attacker to push code containing secrets or unwanted changes without required checks or plugin execution...

SQL Injection

bacula-web/bacula-web is vulnerable to SQL Injection. The vulnerability is due to improper input sanitization in HTTP GET requests, which allows an attacker to execute arbitrary code remotely...

Improper Access Control

umbraco.cms.api.delivery is vulnerable to improper access control. The vulnerability is due to output caching not varying by the API key authorization header, which allows an attacker to access cached API responses without a valid key if they were previously requested by an authorized user...

Server Side Request Forgery (SSRF)

bentoml is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to the file upload handlers automatically downloading files from user-provided URLs without validating their targets, which allows an attacker to make the server send arbitrary HTTP requests to internal or...

Sensitive Data Exposure

@finos/git-proxy is vulnerable to sensitive data exposure. The vulnerability is due to improper validation of commits in the pack sent to GitHub, which allows an attacker to inject unreferenced commits containing sensitive data and retrieve them via direct commit URLs without appearing in the...

Improper Authorization

@finos/git-proxy is vulnerable to Improper Authorization. The vulnerability is due to improper validation of branch creation workflows due to the way GitProxy handles new branch creation, allowing attackers to bypass approval of prior commits on the parent branch...

Denial Of Service (DoS)

ruby-saml is vulnerable to Denial Of Service DoS. The vulnerability is due to improper order of validation checks due to the SAML response being validated for Base64 format before checking the configured message size, allowing potential resource exhaustion...

Malicious File Parsing

@finos/git-proxy is vulnerable to malicious file parsing. The vulnerability is due to improper PACK signature detection in parsePush.ts, which allows an attacker to embed misleading signatures in commit content and craft packet structures to bypass approval or hide commits...

Denial Of Service (DoS)

SixLabors.ImageSharp is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of malformed GIF comment extension blocks due to a missing block terminator, causing the GIF decoder to enter an infinite loop when processing specially crafted files...

Log Injection

pyload-ng is vulnerable to Log Injection. The vulnerability is due to improper input sanitization due to failure to filter user-supplied data in the /json/addpackage API, allowing attackers with package addition permissions to inject arbitrary messages into application logs...

Improper Authentication

github.com/openbao/openbao is vulnerable to improper authentication. The vulnerability is due to unexpected normalization in the underlying TOTP library, which allows an attacker to reuse a valid TOTP code multiple times instead of only once...

Authentication Bypass

github.com/openbao/openbao is vulnerable to Authentication bypass. The vulnerability is due to improper normalization in the underlying TOTP library, which allows an attacker to bypass rate limiting by inserting whitespace and reuse existing MFA codes...

SQL Injection

z-push/z-push-dev is vulnerable to SQL Injection. The vulnerability is due to unparameterized queries in the IMAP backend’s basic authentication username field, which allows an attacker to inject malicious SQL commands to access, modify, or delete sensitive data from a linked third-party database...

Path Traversal

bugsink is vulnerable to Path Traversal. The vulnerability is due to constructing file locations directly from untrusted eventid input without validation, which allows an attacker with access to a valid DSN to create or overwrite files in arbitrary locations...

Network Isolation Bypass

github.com/moby/moby is vulnerable to network isolation bypass. The vulnerability is due to Docker failing to re-create iptables rules isolating bridge networks after firewalld reload, which allows an attacker to access all ports of containers across different bridge networks on the same host,...

Cross-site Scripting (XSS)

github.com/usememos/memos is vulnerable to Cross-site Scripting XSS. The vulnerability is due to unrestricted external image embedding because markdown images with arbitrary URLs are automatically fetched when viewing a memo, exposing the user's IP address, browser User-Agent, and other...

Regular Expression Denial Of Service (ReDoS)

calibreweb is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression processing because the stripwhitespaces function allows catastrophic backtracking when processing a specially crafted username parameter during login...

Authentication Bypass

Node-SAML is vulnerable to Authentication Bypass. The vulnerability is due to improper signature verification because the library loads assertions from the unsigned original response document instead of the signed portion, allowing attackers with a validly signed document to alter authentication...

Cross-Site Scripting (XSS)

github.com/techarohq/anubis is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation of the ?redir= parameter in the /.within.website/x/cmd/anubis/api/pass-challenge route, which allows an attacker to craft malicious pass-challenge pages that execute arbitrary...

Command Injection

codeigniter4/framework is vulnerable to Command Injection. The vulnerability is due to improper handling of user-controlled filenames and text content when using the ImageMagick imagick handler in the resize or text methods, which allows an attacker to execute arbitrary shell commands by supplyin...

Cross-site Scripting (XSS)

copyparty is vulnerable to DOM-based Cross-site Scripting XSS. The vulnerability is due to improper sanitization of multimedia tags in music files, including m3u files, which allows an attacker to execute arbitrary JavaScript code in a victim's browser...

Server Side Request Forgery (SSRF)

ssrfcheck is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to an incomplete denylist that fails to classify the reserved multicast IP range 224.0.0.0/4 as invalid, which allows an attacker to craft requests targeting these multicast addresses...

Server-Side Request Forgery (SSRF)

webfinger.js is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient restriction on localhost access because the lookup function fails to block requests to local or internal network services, allowing attackers to craft requests targeting internal resources...

Username Enumeration

github.com/openbao/openbao is vulnerable to user enumeration. The vulnerability is due to timing differences in the userpass authentication method between non-existent users and users with stored credentials, which allows an attacker to enumerate valid usernames regardless of password validity...

Authentication Bypass

github.com/openbao/openbao is vulnerable to Authentication bypass. The vulnerability is due to improper aliasing between pre-flight and full login request user entity alias attributions, which allows an attacker to bypass the automatic user lockout mechanisms in the Userpass or LDAP authenticatio...

Improper Access Control

github.com/openbao/openbao is vulnerable to improper access control. The vulnerability is due to the ability of privileged API operators to bypass restrictions on system code execution and network connections through manipulation of audit log prefixes, which allows an attacker to execute...

Race Condition Vulnerability

Library name is vulnerable to race condition. The vulnerability is due to query cancellation during the Scan method execution, which allows an attacker to interfere with parallel queries and cause unexpected results or errors...

Memory Leakage

libhtp.so is vulnerable to Memory Leakage. The vulnerability is due to improper memory management caused by traffic-induced leaks, which can exhaust system memory and lead to loss of visibility...

Open Redirect

Koa is vulnerable to Open Redirect. The vulnerability is due to improper validation of the Referrer argument in the back function of lib/response.js, which allows remote attackers to redirect users to malicious sites...