38108 matches found
Remote Code Execution (RCE)
dolibarr/dolibarr is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper input handling caused by insecure mechanisms that allow arbitrary command execution and access to sensitive files on the file system...
Improper Access Control
marshmallow-packages/nova-tiptap is vulnerable to Improper Access Control. The vulnerability is due to missing authentication middleware and lack of file validation on the /nova-tiptap/api/file endpoint, which allows an attacker to upload arbitrary files e.g., PHP scripts or binaries to any...
Use Of Hard-coded Credentials
@haxtheweb/haxcms-nodejs is vulnerable to Use of Hard-coded Credentials. The vulnerability is due to hardcoded default credentials and JWT private keys, followed by the lack of prompts or UI options to change them, which allows an attacker to gain unauthorized access to user or superuser accounts...
Cross-Site Scripting (XSS)
@haxtheweb/haxcms-nodejs is vulnerable to cross-site scripting. The vulnerability is due to the explicit disabling of the Content Security Policy CSP in the Helmet configuration in app.js, which allows an attacker to inject and execute malicious scripts in the context of the application...
Improper Input Validation
org.apache.jena, jena is vulnerable to Improper Input Validation. The vulnerability is due to lack of validation on file access paths in configuration files uploaded by administrators, which allows an attacker to upload arbitrary configurations and potentially manipulate system behavior...
Improper Authentication
@haxtheweb/haxcms-nodejs is vulnerable to improper authentication. The vulnerability is due to an insecure default configuration in the NodeJS backend that disables JWT checks by default, which allows an attacker to gain unauthorized access if the server is deployed without modifying these defaul...
Improper Access Control
org.apache.jena, jena-fuseki is vulnerable to improper access control. The vulnerability is due to insufficient validation or restriction on file path locations when administrators create database files in Apache Jena, allows creation of files outside the intended directory structure...
HTTP Parameter Pollution
form-data is vulnerable to HTTP Parameter Pollution HPP. The vulnerability is due to the use of weak randomness in generating boundary values in lib/formdata.js, which allows an attacker to perform HTTP Parameter Pollution HPP by manipulating form data...
Improper Input Validation
@haxtheweb/haxcms-nodejs is vulnerable to improper input validation. The vulnerability is due to the application not properly handling exceptions when required URL parameters are missing in authenticated API requests, which allows an attacker to crash the application via the listFiles and saveFil...
Cross-Site Scripting (XSS)
bagisto/bagisto is vulnerable to Cross-Site Scripting. The vulnerability is due to improper validation of uploaded SVG files, which allows an attacker to execute arbitrary code via a crafted file upload...
SQL Injection
github.com/uptrace/bun is vulnerable to SQL injection. The vulnerability is due to improper handling of SQL arguments in the appendArg function in /pgdriver/format.go, which allows an attacker to inject arbitrary SQL commands...
SQL Injection
github.com/go-pg/pg is vulnerable to SQL injection. The vulnerability is due to improper handling of input in the /types/appendvalue.go component, which allows an attacker to inject and execute arbitrary SQL commands...
Command Injection
Thor is vulnerable to Command Injection. The vulnerability is due to unsafe command construction caused by the library forming shell commands directly from user-controlled input...
Remote File Inclusion
librenms/librenms is vulnerable to Remote File Inclusion RFI. The vulnerability is due to unsafe dynamic file inclusion caused by the ajaxform.php endpoint using user-controlled POST input in the type parameter to include .inc.php files without proper validation or allowlisting, potentially leadi...
Remote Code Execution (RCE)
pyloadng is vulnerable to Path Traversal. The vulnerability is due to improper validation of uploaded filenames in the /json/upload endpoint, which allows an attacker to traverse directories and write arbitrary files to any location accessible to the pyLoad process...
Embedded Malicious Code
eslint-config-prettier is vulnerable to Embedded Malicious Code. The vulnerability is due to embedded malicious code caused by a compromised install.js script which executes node-gyp.dll malware on Windows during installation...
Clickjacking
@haxtheweb/haxcms-nodejs and elmsln/haxcms are vulnerable to Clickjacking. The vulnerability is due to missing anti-framing headers caused by the absence of X-Frame-Options or equivalent headers in both the CMS and generated sites, allowing unauthenticated attackers to embed sensitive pages in...
Cross-Site Scripting (XSS)
Liferay Portal Frontend Taglib module is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of user-supplied input in the keywords parameter of the management toolbar search, which allows an attacker to inject arbitrary web scripts or HTML...
Path Traversal
org.dspace, dspace-api is vulnerable to path traversal. The vulnerability is due to improper validation of file paths in the Simple Archive Format SAF importer, which allows an attacker to craft a malicious SAF package referencing arbitrary system files...
Cross-site Scripting (XSS)
@openlist-frontend/openlist-frontend is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper handling of .py files containing JavaScript within...
Stored Cross-site Scripting (XSS)
org.glassfish.main.admingui, console-common is vulnerable to Stored Cross-site Scripting XSS. The vulnerability is due to improper handling of user input in the configuration file, which allows an attacker to inject and store malicious scripts in the application through modifications in the...
Open Redirect
github.com/grafana/grafana is vulnerable to open redirect. The vulnerability is due to improper validation of redirect URLs, which allows an attacker to chain it with path traversal issues to perform cross-site scripting XSS attacks...
Cross-site Scripting (XSS)
org.glassfish.main.admingui:console-cluster-plugin is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization caused by the Administration Console accepting and storing malicious user input, which is later rendered without adequate escaping...
Improper Access Control
github.com/grafana/grafana is vulnerable to Improper Access Control. The vulnerability is due to insufficient permission checks in the Grafana Alerting DingDing integration, which allows an attacker with Viewer permissions to access or interact with alerting configurations...
Cross-site Scripting (XSS)
org.glassfish.main.admingui:console-cluster-plugin and org.glassfish.main.admingui:console-common are vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization caused by the Administration Console failing to adequately validate user-supplied input, enabling t...
Cross-site Scripting (XSS)
@nuxtjs/mdc is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of Markdown content caused by allowing injection of a tag, which can alter relative URL resolution and enable loading of external attacker-controlled resources, leading to arbitrary JavaScript...
Brute Force Attack
org.glassfish.main.admingui, console-common is vulnerable to Login Brute Force attack. The vulnerability is due to the lack of limitation on the number of failed login attempts, which allows an attacker to repeatedly try different credentials to gain unauthorized access...
Server Side Request Forgery (SSRF)
org.glassfish.main.admingui, console-common is vulnerable to Server-Side Request Forgery. The vulnerability is due to insufficient validation of user-supplied URLs in specific endpoints, which allows an attacker to make arbitrary requests to internal or external systems on behalf of the server...
Stored Cross-site Scripting (XSS)
org.glassfish.main.admingui, console-common is vulnerable to Stored Cross-site Scripting XSS. The vulnerability is due to improper input sanitization in the Administration Console, which allows an attacker to inject and store malicious scripts that execute in the context of users accessing the...
Regular Expression Denial Of Service (ReDoS)
@eslint/plugin-kit is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression handling in the parseJSONLikeConfig API's input parsing, which allows an attacker to trigger excessive backtracking...
Directory Traversal
simogeo/filemanager is vulnerable to Directory Traversal. The vulnerability is due to improper input validation caused by the filemanager.php endpoint failing to sanitize user input in crafted HTTP requests, allowing attackers to traverse directories...
Improper File Permissions
chainguard.dev/melange is vulnerable to improper file permissions. The vulnerability is due to SBOM files in APKs being generated with file system permissions mode 666, which allows an attacker to tamper with the SBOMs...
Improper File Permissions
apko is vulnerable to Improper File Permissions. The vulnerability is due to critical files being inadvertently set with world-writable permissions 0666, which allows an attacker to likely escalate privileges to root...
Directory Traversal
github.com/juju/juju is vulnerable to Directory Traversal. The vulnerability is due to insufficient authorization checks caused by the /charms endpoint allowing any authenticated user to upload charms without proper validation, enabling attackers to exploit a Zip Slip vulnerability and gain acces...
Open Redirect
@dirac-grid/diracx-web-components is vulnerable to Open Redirect. The vulnerability is due to insufficient validation of redirect URIs caused by the login page accepting arbitrary unverified URLs in the redirect field, which can be abused with parameter pollution to conceal malicious destinations...
Remote Code Execution (RCE)
livewire/livewire is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of component property hydration caused by insecure logic in how certain component properties are updated, allowing unauthenticated attackers to execute commands in specific configurations...
Improper Handling Of HTTP Headers
on-headers is vulnerable to Improper Handling of HTTP Headers. The vulnerability is due to unexpected header modification caused by incorrect processing when an array is passed to response.writeHead, potentially altering response headers unintentionally...
Out-of-bounds Read
@openzeppelin/contracts and @openzeppelin/contracts-upgradeable are vulnerable to Out-of-bounds Read. The vulnerability is due to improper bounds checking caused by the lastIndexOf function in Bytes.sol accessing uninitialized memory when given an empty buffer and a non-maximum position,...
Denial Of Service (DoS)
Multer is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of malformed multipart/form-data upload requests, which allows an attacker to trigger an unhandled exception and crash the process...
Denial Of Service (DoS)
org.apache.cxf, cxf-core is vulnerable to Denial Of Service DoS. The vulnerability is due to a bug where large stream-based messages stored as temporary files are fully read into memory and logged, which allows an attacker to exploit this behavior to cause a denial-of-service DoS via an...
Denial Of Service (DoS)
github.com/filebrowser/filebrowser is vulnerable to Denial of Service DoS. The vulnerability is due to the server loading entire file content into memory without size checks during read operations on the /files/file-name endpoint, which allows an attacker to upload a large file and trigger...
Improper Session Expiration
github.com/filebrowser/filebrowser is vulnerable to Improper Session Expiration.The vulnerability is due to the authentication system issuing long-lived JWT tokens that remain valid even after user logout, which allows an attacker to reuse tokens and gain unauthorized access to user sessions...
Malicious Code
This package contains malicious code and should be removed immediately!...
Remote Code Execution (RCE)
github.com/juju/juju is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient authorization checks caused by allowing any authenticated controller user to upload arbitrary agent binaries to any model or the controller without verifying model membership or permissions...
Cross-site Scripting (XSS)
Vue I18n is vulnerable to Cross-site Scripting XSS. The vulnerability is due to incomplete escaping of interpolated parameters caused by the failure of the escapeParameterHtml: true option to prevent tag-based payload execution when rendered using v-html, even with minor HTML in translation strin...
Sensitive Information Disclosure
io.projectreactor.netty:reactor-netty-http is vulnerable to Sensitive Information Disclosure. The vulnerability is due to credential leakage caused by the HTTP client leaking credentials during chained redirects when explicitly configured to follow redirects...
Incorrect Permission Assignment For Critical Resource
org.apache.apisix:apisix-plugin-runner is vulnerable to Incorrect Permission Assignment for Critical Resource. The vulnerability is due to improper file permission settings caused by insecure local listening file permissions, allowing a local attacker to elevate privileges...
Path Traversal
Measured is vulnerable to Path Traversal. The vulnerability is due to insufficient input validation when initializing the class, which allows an attacker to manipulate inputs and instruct the library to read arbitrary files...
Information Disclosure
Directus is vulnerable to information disclosure. The vulnerability is due to improper handling of user data in the "Log to Console" operation within Directus Flows, which allows an attacker with admin privileges to log and access sensitive data of other users during create or update events...
Improper Access Control
Directus is vulnerable to Improper Access Control. The vulnerability is due to manual trigger Flows not validating user permissions for the payload items, which allows an attacker to execute unauthorized tasks or access restricted collections/items without proper authentication or access rights...