Use After Free

libtiff.so is vulnerable to Use After Free. The vulnerability is due to improper memory handling in the gethistogram function of tools/tiffmedian.c, which can be exploited locally to execute arbitrary code...

Logic Error

Apache HTTP Server is vulnerable to a logic error. The vulnerability is due to a flaw in the evaluation of RewriteCond expr directives, which causes all expressions to be treated as true, allowing an attacker to bypass intended rewrite conditions and access or redirect resources unexpectedly...

Improper Access Control

github.com/moby/moby is vulnerable to improper access control. The vulnerability is due to failure to recreate firewall rules blocking external access to containers after a firewalld reload, which allows an attacker to remotely access containers with ports published to localhost...

Cross-site Scripting (XSS)

Linkify is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improperly controlled modification of object prototype attributes due to insufficient validation of user-controlled input, which can lead to XSS and manipulation of application variables...

Buffer Overflow

libtiff.so is vulnerable to Buffer Overflow. The vulnerability is due to unsafe memory manipulation in the setrow function within tools/thumbnail.c, leading to a local buffer overflow...

Sensitive Information Disclosure

Opencast is vulnerable to Sensitive Information Disclosure. The vulnerability is due to exposure of hashed credentials due to incorrect handling of global system account credentials when fetching mediapackage elements, allowing attackers with ingest permissions to exfiltrate them to an external U...

Remote Code Execution (RCE)

smolagents is vulnerable Remote Code Execution RCE. The vulnerability is due to inadequate enforcement of static and dynamic checks in localpythonexecutor.py, allowing attackers to exploit whitelisted modules and functions...

Arbitrary File Write

assemblyline-service-client is vulnerable to Arbitrary File Write. The vulnerability is due to insufficient validation of file paths, allowing attackers to write files outside the intended directory...

Arbitrary Code Execution

skops is vulnerable to Arbitrary Code Execution. The vulnerability is due to inconsistent operator function handling due to a flaw in OperatorFuncNode that allows untrusted operator methods to be hidden and reused to invoke seemingly safe functions...

Arbitrary Code Execution

skops is vulnerable to Arbitrary Code Execution. The vulnerability is due to exploitation of the MethodNode class, which allows unexpected attribute access via dot notation during model loading...

Sensitive Information Disclosure

Opencast is vulnerable to Information Disclosure. The vulnerability is due to improper credential handling due to the system sending hashed global system account credentials to arbitrary URLs when fetching media package elements...

Command Injection

calibreweb is vulnerable to Command Injection. The vulnerability is due to improper neutralization of special elements used in an OS command due to insufficient sanitization of user input, allowing blind OS command injection...

Improper Authorization

@haxtheweb/haxcms-nodejs and elmsln/haxcms are vulnerable to Improper Authorization. The vulnerability is due to failure to verify if an authenticated user has permission to interact with a resource before performing operations...

Denial Of Service (DoS)

ImageMagick is vulnerable to Denial Of Service DoS. The vulnerability is due to infinite line generation during a specific XMP file conversion command...

Arbitrary File Upload

simogeo/filemanager is vulnerable to Arbitrary File Upload. The vulnerability is due to improper file type validation due to insufficient checks in the isallowedfiletype function, allowing attackers to upload crafted PHP files and execute arbitrary code...

SQL Injection

eKuiper is vulnerable to SQL Injection. The vulnerability is due to failure to sanitize user-controlled table name input in the getLast API, allowing unauthenticated attackers to execute arbitrary SQL statements...

Cross-site Scripting (XSS)

Mezzanine CMS is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization due to failure to filter user-supplied input in the /blog/blogpost/add component, allowing injection of malicious scripts into blog posts...

Arbitrary Code Injection

letta is vulnerable to Arbitrary Code Injection. The vulnerability is due to insufficient enforcement of execution restrictions in the /v1/tools/run endpoint, allowing crafted payloads to bypass protections and execute arbitrary Python code or system commands...

Remote Code Execution (RCE)

yt-dlp is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of the --exec placeholder on Windows, allowing crafted file paths to execute arbitrary commands...

Local Privilege Escalation

github.com/linuxdeepin/lastore-daemon is vulnerable to Local Privilege Escalation. The vulnerability is due to insecure D-Bus configuration due to allowing users in the sudo group to invoke the InstallPackage method without authentication, enabling arbitrary code execution as root via crafted .de...

Path Traversal

Aim is vulnerable to Path Traversal. The vulnerability is due to missing path validation due to the extraction of crafted backup tar files in the restorerunbackup function without validating file paths, allowing remote attackers to write arbitrary files to the server's filesystem...

Cross-site Scripting (XSS)

github.com/goharbor/harbor is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to unsanitized content in the markdown field on the info tab page, which allows injection of malicious scripts...

Directory Traversal

files-bucket-server is vulnerable to Directory Traversal. The vulnerability is due to insufficient input validation due to lack of proper sanitization of user-supplied paths, allowing attackers to access files outside the intended directory...

OS Command Injection

bun is vulnerable to OS Command Injection. The vulnerability is due to the failure to neutralize special characters in the $ shell API, allowing attackers to execute arbitrary commands through crafted input...

Local File Inclusion (LFI)

Dagster is vulnerable to Local File Inclusion LFI. The vulnerability is due to improper validation of the notebookpath field in ExternalNotebookData requests, which allows an attacker to perform path traversal and read arbitrary files by bypassing the intended extension-based check...

Cross-Site Scripting (XSS)

aim is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the lack of sanitization or sandboxing in the /api/reports endpoint, which allows an attacker to execute arbitrary JavaScript in victims' browsers through malicious Python code interpreted by pyodide.code.runjs when the...

Missing Origin Validation In WebSockets

Next.js is vulnerable to Missing Origin Validation in WebSockets . The vulnerability is due to limited source code exposure in local development mode when the App Router is enabled, which allows an attacker to trick a user into visiting a malicious webpage while npm run dev is active, potentially...

Deserialization Of Untrusted Data

org.apache.inlong, manager-pojo is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to improper handling and validation of serialized data, allows attackers to inject malicious data that the system trusts and processes. Note: Specially due to secondary mining bypass for...

Server-Side Request Forgery (SSRF)

private-ip is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient input validation due to the failure to treat multicast IP addresses 224.0.0.0/4 as private, allowing attackers to bypass protections and make unauthorized requests...

Regular Expression Denial Of Service (ReDoS)

fastapi-guard is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to incomplete regex filtering due to an insufficient patch that fails to detect...

Sensitive Information Disclosure

github.com/goharbor/harbor is vulnerable to Sensitive Information Disclosure. The vulnerability is due to an ORM leak caused by improper filtering logic in the /api/v2.0/users endpoint, allowing administrators to extract password hash and salt values using the q URL parameter...

Server-Side Request Forgery (SSRF)

Apache Ranger is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper input validation due to the Edit Service Page in the UI allowing crafted requests that can trigger unintended internal or external network calls...

Cross-Domain Token Exposure

Ollama is vulnerable to Cross-Domain Token Exposure. The vulnerability is due to improper handling of the realm value in the WWW-Authenticate header by the /api/pull endpoint, which allows an attacker to steal authentication tokens and bypass access controls...

Insecure Direct Object Reference (IDOR)

in2code/powermail is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient access control on file download functionality, which allows an attacker to download arbitrary files from the webserver...

Improper Authentication

goauthentik.io is vulnerable to improper authentication. The vulnerability is due to deactivated users who registered or linked accounts via OAuth/SAML retaining partial access, which allows an attacker to authorize applications if they know the application URL, despite their account being...

Denial Of Service (DoS)

github.com/kyverno/kyverno is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of JMESPath variable substitutions, specifically the lack of validation for invalid JMESPath functions within policy expressions. It allows nil values to be injected into places where...

Cross-site Scripting (XSS)

Cadwyn is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to improper handling of the version parameter in the /docs endpoint, which allows an attacker to execute arbitrary JavaScript in a user's session via a one-click attack...

Server Side Request Forgery (SSRF)

com.xuxueli, xxl-job-core is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation in the httpJobHandler function of SampleXxlJob.java, which allows an attacker to send crafted requests to internal or external systems remotely...

Privilege Escalation

org.keycloak, keycloak-services is vulnerable to privilege escalation. The vulnerability is due to improper privilege enforcement when Fine-Grained Admin Permissions FGAPv2 are enabled, which allows an attacker with the manage-users role to escalate privileges to realm-admin...

Denial Of Service (DoS)

@hapi/subtext is vulnerable to Denial Of Service DoS. The vulnerability is due to improper parsing of the Content-Encoding HTTP header, which causes a system error on invalid values and is rethrown up the stack without handling, allowing an attacker to crash the application and shut down services...

Insecure Direct Object Reference (IDOR)

in2code/femanager is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient access control due to direct access to user data objects without proper authorization checks, allowing unauthorized modification of user data...

Missing Authorization

BackendAI is vulnerable to Missing Authorization. The vulnerability is due to session takeover caused by improper validation of session access, allowing attackers to hijack active sessions and access, steal, or alter session data...

Sensitive Information Disclosure

BackendAI is vulnerable to Sensitive Information Disclosure. The vulnerability is due to insecure session handling caused by exposing the sensitive data in active sessions, allowing attackers to retrieve user credentials from the management platform...

Missing Authentication

backend.ai is vulnerable to Missing Authentication. The vulnerability is due to improper access control caused by lack of authentication checks in the registration feature, allowing arbitrary users to create accounts and access private data even when registration is disabled...

Improper Access Control

@account-kit/smart-contracts is vulnerable to improper access control. The vulnerability is due to a security issue in old account deployment functions from the factory, which allows an attacker to potentially exploit outdated deployment mechanisms; however, smart wallets in use on all existing...

Command Injection

@translated/lara-mcp is vulnerable to command injection. The vulnerability is due to unsanitized input passed to childprocess.exec, which allows an attacker to inject and execute arbitrary system commands through shell metacharacters...

Improper Authentication

github.com/mattermost/mattermost-server is vulnerable to improper authentication. The vulnerability is due to the failure to negotiate a new token when accepting an invite, which allows an attacker who intercepts both the invite and password to send synchronization payloads to the original server...

Improper Authorization

github.com/mattermost/mattermost-server is vulnerable to Improper Authorization. The vulnerability is due to a failure to verify authorization when retrieving cached posts by PendingPostID, which allows an attacker to read posts from private channels they do not have access to by guessing the...

Path Traversal

Mattermost is vulnerable to Path Traversal. The vulnerability is due to insufficient input sanitization caused by failure to validate file attachment paths in the bulk import JSONL file, allowing a system admin to read arbitrary system files via path traversal...

Denial Of Service (DoS)

Starlette is vulnerable to Denial Of Service DoS. The vulnerability is due to blocking of the main event thread caused by improper handling of large multipart file uploads, where a bug in the UploadFile logic fails to anticipate memory rollover, blocking the application from accepting new...