Denial Of Service (DoS)

github.com/mattermost/mattermost-plugin-confluence is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of unexpected request bodies, which allows an attacker to repeatedly send invalid requests to the server webhook endpoint and crash the plugin...

Improper Access Control

github.com/mattermost/mattermost-plugin-confluence is vulnerable to Improper Access Control. The vulnerability is due to missing access checks for user permissions on channels, which allows an attacker to retrieve channel subscription details without proper authorization via the GET...

Missing Authorization

Mattermost Confluence Plugin is vulnerable to Missing Authorization. The vulnerability is due to missing authorization checks due to failure to validate user access to Confluence spaces before allowing subscription creation via the create subscription endpoint...

Two-factor Authentication Bypass

github.com/komari-monitor/komari is vulnerable to two-factor authentication bypass. The vulnerability is due to a logic error in the 2FA verification condition, which allows an attacker to bypass the two-factor authentication mechanism...

Improper Input Validation

picklescan are vulnerable to improper input validation. The vulnerability is due to a parsing logic error in handling the STACKGLOBAL opcode, where the function listglobals tracks arguments in the wrong range, which allows an attacker to bypass proper opcode processing...

Denial Of Service (DoS)

Mattermost Confluence Plugin is vulnerable to Denial Of Service DoS. The vulnerability is due to failure to handle unexpected request bodies in the update channel subscription endpoint, allowing attackers to crash the plugin...

Denial Of Service (DoS)

github.com/mattermost/mattermost-plugin-confluence is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of unexpected request bodies, which allows an attacker to repeatedly send invalid data to the channel subscription endpoint and crash the plugin...

SQL Injection

pyloadng is vulnerable to SQL Injection. The vulnerability is due to improper handling of the addlinks parameter in the /json/addpackage API, which allows an attacker to modify or delete database data leading to errors or loss...

Improper Authorization

github.com/mattermost/mattermost-plugin-confluence is vulnerable to improper authorization. The vulnerability is due to failing to check user authorization in the Mattermost instance, which allows an attacker to create a channel subscription without proper authorization via an API call to the...

Improper Resource Shutdown Or Release

org.apache.tomcat.embed, tomcat-embed-core is vulnerable to Improper Resource Shutdown or Release. The vulnerability is due to improper handling of resource shutdown, which allows an attacker to perform the "made you reset" attack...

Missing Authorization

Mattermost Confluence Plugin is vulnerable to Missing Authorization. The vulnerability is due to missing access validation due to failure to check user permissions when editing channel subscriptions via the API...

Missing Authorization

Mattermost Confluence Plugin is vulnerable to Missing Authorization. The vulnerability is due to missing access validation caused by failure to check user permissions when creating channel subscriptions via the API...

Remote Code Execution (RCE)

Apache Commons OGNL is vulnerable to Remote Code Execution RCE. The vulnerability is due to incomplete blocklist restrictions in the OGNL engine when parsing and evaluating expressions, which allows an attacker to bypass protections and potentially achieve arbitrary code execution...

Improper Authentication

Mattermost Confluence Plugin is vulnerable to improper authentication. The vulnerability is due to the failure to enforce user authentication to the Mattermost instance, which allows an attacker to edit channel subscriptions via an unauthenticated API call...

Reverse Tabnabbing

hfs is vulnerable to reverse tabnabbing. The vulnerability is due to missing rel="noopener noreferrer" when opening web links with target="blank", which allows an attacker to manipulate the original HFS tab via the window.opener property...

Cross-Site WebSocket Hijacking (CSWSH)

github.com/komari-monitor/komari, is vulnerable to Cross-Site WebSocket Hijacking CSWSH. The vulnerability is due to disabled origin checking, which allows an attacker to hijack authenticated user WebSocket connections...

Denial Of Service (DoS)

@oakserver/oak is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of specially crafted x-forwarded-proto or x-forwarded-for headers, which allows an attacker to significantly slow down an oak server...

Server-Side Request Forgery (SSRF)

Liferay Portal is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper access validation due to crafted URLs in FreeMarker templates that allow template editors to bypass restrictions...

Authentication Bypass

Fedify is vulnerable to authentication bypass. The vulnerability is due to processing forged activities before verifying that the signing key belongs to the claimed actor, which allows an attacker to impersonate any ActivityPub actor across all Fedify instances...

Arbitrary Code Execution

Keras is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper validation in the Model.loadmodel method when loading specially crafted .keras model archives...

Path Traversal

tinyscientist is vulnerable to path Traversal. The vulnerability is due to improper validation of file paths in the reviewpaper function, which allows an attacker to craft malicious file paths to read arbitrary PDF files on the server, access sensitive documents, and perform reconnaissance on the...

Stack-based Buffer Overflow

libtiff.so is vulnerable to Stack-based Buffer Overflow. The vulnerability is due to insufficient validation in the readSeparateStripsToBuffer function in tiffcrop.c, allowing attackers to trigger a buffer overflow...

Server-Side Request Forgery (SSRF)

Liferay Portal is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper input validation due to user-supplied URLs in the OpenSSO authentication settings being accepted without proper validation, allowing attackers to make arbitrary HTTP requests to internal systems...

Privilege Escalation

github.com/openbao/openbao is vulnerable to Privilege Escalation. The vulnerability is due to accounts with access to privileged identity entity systems in root namespaces being able to escalate privileges to the global root policy...

Authentication Bypass

github.com/openbao/openbao is vulnerable to Authentication Bypass. The vulnerability is due to using caller-supplied usernames as aliases without normalization when usernameasalias=true in the LDAP auth method, allowing bypass of MFA requirements...

Remote Code Execution (RCE)

org.apache.cxf:cxf-rt-transports-jms is vulnerable to Remote Code Execution RCE. The vulnerability is due to allowing untrusted users to configure JMS with RMI or LDAP URLs, which could be abused for code execution...

Deserialization Of Untrusted Data

org.apache.seata:seata-serializer-fury is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to insecure deserialization due to improper handling of untrusted input data, which could allow attackers to execute arbitrary code...

Cross-Site Scripting (Reflected XSS)

Liferay Portal is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization in entrycoverimagecaption.jsp within the Blogs module, which allows a remote unauthenticated attacker to inject malicious JavaScript and execute it in a victim’s browser...

Integer Overflow

executorch is vulnerable to integer overflow. The vulnerability is due to improper handling in model loading that causes smaller-than-expected memory allocation, which allows an attacker to achieve code execution or other malicious effects...

Sensitive Information Exposure

@workos-inc/authkit-remix is vulnerable to Sensitive Information Exposure. The vulnerability is due to sealedSession and accessToken being returned from the authkitLoader, which allows an attacker to obtain sensitive authentication artifacts rendered in the browser HTML...

Sensitive Information Exposure

@workos-inc/authkit-react-router is vulnerable to Sensitive Information Exposure. The vulnerability is due to authentication artifacts such as sealedSession and accessToken being returned from the authkitLoader and rendered into browser HTML, which allows an attacker to obtain sensitive session...

ZIP Payload Obfuscation Through Parsing Differentials

uv is vulnerable to ZIP payload obfuscation through parsing differentials. The vulnerability is due to improper ZIP archive validation due to failure to reconcile file entries against the central directory, allowing attackers to craft archives with inconsistent or stacked ZIPs that behave...

Privilege Escalation

github.com/operator-framework/operator-sdk is vulnerable to Privilege Escalation. The vulnerability is due to the usersetup script setting /etc/passwd to group-writable, allowing attackers to modify it and gain root privileges within the container...

Denial Of Service (DoS)

github.com/rs/cors is vulnerable to Denial of Service DoS. The vulnerability is due to excessive heap allocations when processing malicious preflight requests with Access-Control-Request-Headers containing many commas...

CRLF Injection

Keycloak-services is vulnerable to CRLF Injection. The vulnerability is due to improper input validation due to special characters in email registration being improperly handled, allowing attackers to inject SMTP commands and send unsolicited emails...

Arbitrary File Deletion

github.com/ollama/ollama is vulnerable to arbitrary file deletion. The vulnerability is due to improper validation of crafted packets sent to the /api/pull endpoint, which allows an attacker to delete arbitrary files...

Brute-force Attack

jwe is vulnerable to Brute-force Attack. The vulnerability is due to insufficient validation of JWE authentication tags, which allows an attacker to brute force tags, recover the GCM GHASH key, and craft arbitrary JWEs leading to loss of confidentiality...

Arbitrary Code Execution (ACE)

skops is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to Card.getmodel falling back to joblib for non-.zip file formats without warning, which allows an attacker to load a malicious model file and execute arbitrary code...

Open Redirect

Astro is vulnerable to Open Redirect. The vulnerability is due to improper handling of paths with double slashes in the trailing slash redirection logic, which allows an attacker to redirect users to arbitrary external domains and perform phishing or social engineering attacks...

Cross-site Scripting (XSS)

concrete5/concrete5 is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper handling of malicious folders in the Members Dashboard Home Folder, which allows an attacker with admin privileges to inject XSS that executes when users log in...

Cryptographic Weakness

thinbus-srp is vulnerable to cryptographic weakness. The vulnerability is due to a protocol compliance bug where the client generates only 252 bits of entropy instead of the intended 2048 bits, which allows an attacker to exploit the reduced security margin and potentially break the authenticatio...

Arbitrary File Write

tmp is vulnerable to arbitrary file/directory write. The vulnerability is due to improper handling of the dir parameter when creating temporary files/directories via symbolic link, which allows an attacker to create symbolic links and overwrite arbitrary files...

Cross-Site Scripting (Reflected XSS)

concrete5/concrete5 is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to unsanitized input in the Conversation Messages Dashboard Page, which allows an attacker to steal session cookies or tokens, deface web content, redirect victims to malicious sites, or execute unauthorized...

Broken Authentication

github.com/hashicorp/vault is vulnerable to Broken Authentication. The vulnerability is due to improper MFA enforcement when usernameasalias is set to true and a user has multiple CNs with leading or trailing spaces, which allows attackers to bypass MFA authentication...

Cleartext Transmission Of Sensitive Information

github.com/go-acme/lego is vulnerable to Cleartext Transmission of Sensitive Information. The vulnerability is due to the library not enforcing HTTPS when communicating with Certificate Authorities CAs, which allows attackers to intercept ACME protocol operations and access sensitive details like...

Regular Expression Denial Of Service (ReDoS)

Hugging Face Transformers is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to the use of a regex pattern /^/^// in the converttfweightnametoptweightname function, which allows attackers to craft malicious input strings causing catastrophic backtracking and...

Race Condition

shopware/platform is vulnerable to Race Condition. The vulnerability is due to improper handling of concurrent requests in the voucher system, which allows attackers to bypass voucher restrictions and exceed usage limitations...

Denial Of Service (DoS)

setasign/fpdi is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of user-supplied PDF files, which allows an attacker to upload a crafted malicious PDF that leads to memory exhaustion and server crash...

Prototype Pollution

js-toml is vulnerable to Prototype Pollution. The vulnerability is due to improper input validation when parsing maliciously crafted TOML input, allowing modification of properties on Object.prototype...

Remote Code Execution (RCE)

github.com/tnborg/panel is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper path handling in the CleanPath middleware from the go-chi/chi package, which fails to process r.URL.Path, followed by flaws in backend login path exposure, which allows an attacker to bypass...