Cross-site Scripting (XSS)

n8n is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of user-supplied HTML input due to malicious payloads being injected via or elements in the Form Trigger node, allowing account takeover through stolen session cookies...

Improper Access Control

@astrojs/node is vulnerable to Improper Access Control. The vulnerability is due to improper validation of image source domains in the image optimization endpoint, which allows an attacker to bypass third-party domain restrictions using protocol-relative URLs and serve unauthorized external image...

Account Takeover

debug is vulnerable to Account Takeover. The vulnerability is due to a compromised npm publishing account, which allowed an attacker to publish a malicious patch version 4.4.2 that injects browser-side malware, enabling redirection of cryptocurrency transactions e.g., MetaMask to...

Directory Traversal

github.com/containers/podman is vulnerable to Directory Traversal.The vulnerability is due to a lack of symlink canonicalization and host-path validation; this allows an attacker who supplies a malicious Kubernetes YAML to cause podman to write the ConfigMap/Secret data contents are defined by th...

Directory Traversal

Copier is vulnerable to Directory Traversal. The vulnerability is due to safe templates being able to write files outside the destination path using Jinja filters and configuration variables...

Cross-site Scripting (XSS)

librenms/librenms is vulnerable to stored cross-site scripting XSS. The vulnerability is due to malicious JavaScript being allowed in the Alert Template creation feature, which executes when the template is rendered...

Authentication Bypass

Liferay Portal is vulnerable to Authentication Bypass. The vulnerability is due to improper request method validation due to MFA-enabled login requests allowing attackers to bypass authentication by changing the POST method to GET...

Cross-Site WebSocket Hijacking (CSWSH)

github.com/komari-monitor/komari is vulnerable to Cross-Site WebSocket Hijacking CSWSH. The vulnerability is due to disabled origin checking in the WebSocket upgrader, which allows an attacker to send malicious requests using a victim’s browser cookies and achieve remote code execution...

Authorization Bypass

github.com/openfga/openfga is vulnerable to Authorization Bypass. The vulnerability is due to improper enforcement of access control policies during execution of Check and ListObject calls in OpenFGA, which allows an attacker to bypass intended access control and gain unauthorized permissions...

Path Traversal

Copier is vulnerable to Path Traversal. The vulnerability is due to exposing unconstrained pathlib.Path objects in the Jinja context, which allows an attacker to read and write arbitrary files on the filesystem...

Improper Input Validation

@anthropic-ai/claude-code is vulnerable to improper input validation. The vulnerability is due to an overly broad allowlist of safe commands, which allows an attacker to bypass confirmation prompts, read file contents, and exfiltrate them over the network without user confirmation...

Cross-site Scripting (XSS)

Liferay Portal is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input validation due to message board threads and categories allowing remote authenticated users to inject malicious JavaScript...

Cross-Site Scripting (XSS)

Bootstrap is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of the data-loading-text attribute in the button plugin, which allows an attacker to inject and execute malicious JavaScript when the button’s loading state is triggered...

Cross-Site Scripting (XSS)

Bootstrap is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper neutralization of user input during web page generation, which allows an attacker to inject malicious scripts into the application...

Insecure Direct Object Reference (IDOR)

com.liferay:com.liferay.roles.selector.web is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to improper access control in the groupId parameter of the comliferayrolesselectorwebportletRolesSelectorPortletgroupId, which allows an attacker with organization...

Symlink Attack

github.com/hashicorp/go-getter is vulnerable to Symlink Attack. The vulnerability is due to the subdirectory download feature allowing symbolic links to escape designated directory boundaries and access unauthorized files...

Privilege Escalation

github.com/kubernetes-sigs/image-builder is vulnerable to privilege escalation. The vulnerability is due to default root credentials being enabled during the Windows image build process with Nutanix or VMware OVA providers, which allows an attacker with access to the build VM to modify the image...

Open Redirection

@astrojs/node is vulnerable to Open Redirection. The vulnerability is due to incorrect handling of double slashes with the Node deployment adapter in standalone mode and trailingSlash set to "always," allowing attackers to redirect users to malicious domains...

Path Traversal

org.springframework, spring-webmvc is vulnerable to Path Traversal Vulnerability. The vulnerability is due to improper URI path canonicalization in non-compliant Servlet containers when serving static resources, which allows an attacker to bypass security restrictions and access unauthorized file...

Sensitive Information Disclosure

@backstage/plugin-scaffolder-backend is vulnerable to Sensitive Information Disclosure. The vulnerability is due to duplicate logging of input values in the fetch:template action, which could expose sensitive data if $ secrets.x is used as an argument...

Remote Code Execution (RCE)

flowise is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe use of a dynamic Function constructor due to user-controlled input being executed, allowing attackers to run arbitrary JavaScript via a crafted POST request...

Reflected Cross-Site Scripting (Reflected XSS)

com.liferay, com.liferay.layout.taglib is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper sanitization of user input in the content page's name field, which allows an attacker to inject and execute malicious JavaScript code when a user views the "document Vi...

SQL Injection

apachesuperset is vulnerable to SQL Injection. The vulnerability is due to improper enforcement of the DISALLOWEDSQLFUNCTIONS security feature, which allows an attacker with SQL Lab access to circumvent the denylist using a special inline block and execute restricted SQL functions...

Cross-site Scripting (XSS)

apachesuperset is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of chart column labels, which allows an attacker to inject malicious payloads that execute in a victim’s browser and potentially lead to session hijacking or arbitrary command...

Information Disclosure

apachesuperset is vulnerable to information disclosure. The vulnerability is due to improper exposure of database queries in the /chart/data API response, which allows an attacker to access sensitive schema information such as table names...

OS Command Injection

Flowise is vulnerable to OS Command Injection. The vulnerability is due to minimal authentication and lack of RBAC, combined with default installations running without authentication, which allows an attacker to execute unsandboxed OS commands remotely...

Denial Of Service (DoS)

pypdf is vulnerable to Denial Of Service DoS. The vulnerability is due to uncontrolled resource consumption due to maliciously crafted PDFs using repeated FlateDecode filters that can exhaust system memory...

Access Control Bypass

github.com/external-secrets/external-secrets is vulnerable to Access Control Bypass. The vulnerability is due to missing namespace selector in List calls for Secret and SecretStore resources, allowing attackers to exfiltrate secrets across the cluster...

Allocation Of Resources Without Limits

Bouncy Castle is vulnerable to Allocation Of Resources Without Limits. The vulnerability is due to improper resource management due to excessive allocation in PKIX certificate path review components...

Improper Neutralization

Active Record is vulnerable to Improper Neutralization. The vulnerability is due to unescaped ANSI sequences being logged when IDs are passed to find or similar methods...

Information Disclosure

omeroweb is vulnerable to information disclosure. The vulnerability is due to error messages displayed during the Forgot Password reset process disclosing user information, which allows an attacker to enumerate or gain insights about valid users...

Arbitrary Code Execution (ACE)

future is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to the unintended automatic import of a file named test.py when the module is loaded, which allows an attacker with file write access to execute arbitrary code...

Improper Access Control

github.com/aws/amazon-ecs-agent is vulnerable to improper access control. The vulnerability is due to the introspection server being accessible off-host under certain security group configurations, which allows an attacker from another instance to gain unauthorized access to the server...

Improper Access Control

apachesuperset is vulnerable to Improper Access Control. The vulnerability is due to a missing authorization check in the /explore endpoint, which allows an attacker to enumerate datasourceid values and disclose sensitive metadata about protected datasources...

Brute-force Attack

soosyze/soosyze is vulnerable to Brute-force Attack. The vulnerability is due to missing rate-limiting and account lockout mechanisms on the /user/login endpoint, which allows an attacker to repeatedly attempt logins and potentially gain unauthorized administrative access...

Session Fixation

org.apache.tomcat, tomcat-catalin is vulnerable to Session Fixation. The vulnerability is due to improper session handling in the rewrite valve, which allows an attacker to fixate a user's session ID and potentially hijack their session...

OS Command Injection

github.com/olivetin/olivetin is vulnerable to OS Command Injection. The vulnerability is due to improper handling of user input in the ParseRequestURI function in service/internal/executor/arguments.go, which allows an attacker to inject and execute arbitrary operating system commands...

Improper Input Validation

helm.sh/helm/v3 is vulnerable to improper input validation. The vulnerability is due to improper type validation when parsing Chart.yaml and index.yaml files, which allows an attacker to cause a panic by providing malformed YAML files...

Prototype Pollution

content-security-policy-parser is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of the proto property in policy names, which allows an attacker to override the Object prototype and potentially execute arbitrary actions through prototype pollution...

Cross-Site Scripting (XSS)

Liferay Portal and Liferay DXP are vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper input handling in the “first display label” field of a custom sort widget configuration, which allows an attacker to inject malicious JavaScript that gets reflected and execut...

Allocation Of Resources Without Limits

Bouncy Castle is vulnerable to Allocation Of Resources Without Limits. The vulnerability is due to excessive resource allocation due to lack of proper limits in the handling of ASN1ObjectIdentifier in API modules...

Command Injection

activestorage is vulnerable to command injection. The vulnerability is due to unsafe defaults in the allowed list of image transformation methods, which allows an attacker to supply arbitrary input and execute malicious commands...

Denial Of Service (DoS)

Liferay Portal is vulnerable to Denial Of Service DoS. The vulnerability is due to failure to enforce the 300kb file size limit on profile picture uploads, allowing oversized files that can degrade system performance...

Denial Of Service (DoS)

helm.sh/helm/v3 is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of crafted JSON Schema files with $ref pointing to /dev/zero, which allows an attacker to exhaust system memory leading to OOM termination...

Cross-site Scripting (XSS)

enshrined/svg-sanitize is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the cleanXlinkHrefs method only checking lower-case attribute names, allowing bypass of the isHrefSafeValue check and enabling XSS or external domain linking...

Improper Access Control

github.com/mattermost/mattermost-plugin-confluence is vulnerable to Improper Access Control. The vulnerability is due to missing access checks on the Confluence space when editing subscriptions, which allows an attacker to modify subscriptions for spaces they do not have access to via the edit...

Improper Access Control

github.com/mattermost/mattermost-plugin-confluence is vulnerable to Improper Access Control. The vulnerability is due to a failure to verify user access to a channel, which allows an attacker to retrieve channel subscription details without proper authorization via the API endpoint...

Improper Authentication

github.com/mattermost/mattermost-plugin-confluence is vulnerable to Improper Authentication. The vulnerability is due to missing enforcement of user authentication in the Mattermost instance, which allows an attacker to access subscription details through an unauthenticated API call to the GET...

Denial Of Service (DoS)

github.com/mattermost/mattermost-plugin-confluence is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of unexpected request bodies, which allows an attacker to repeatedly send invalid request bodies to the server webhook endpoint to crash the plugin...

Cross-site Scripting (XSS)

Liferay Portal is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input validation due to failure to sanitize user-supplied input in the googlegadget component, allowing remote attackers to inject malicious JavaScript...