Command Injection

@sunwood-ai-labs/github-kanban-mcp-server is vulnerable to command injection. The vulnerability is due to the use of the unsafe exec API with untrusted user input in the addcomment tool, which allows an attacker to execute arbitrary system commands through crafted input...

XML External Entity (XXE) Injection

org.dspace, dspace-api is vulnerable to XML External Entity XXE injection. The vulnerability is due to improper handling of XML input during archive import and interaction with external services, which allows an attacker to craft malicious XML payloads that may lead to sensitive file disclosure o...

Denial Of Service (DoS)

resolv library is vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient validation of the length of a decompressed domain name in a DNS packet, which allows an attacker to craft a maliciously compressed DNS packet that consumes excessive CPU during name decompression...

Information Disclosure

Directus is vulnerable to information disclosure. The vulnerability is due to the exact Directus version number being exposed as the OpenAPI Spec version at the /server/specs/oas endpoint without authentication, which allows an attacker to identify the running version and target known...

Arbitrary Code Injection

pyLoad-ng is vulnerable to Arbitrary Code Injection. The vulnerability is due to unsafe JavaScript evaluation caused by insecure CAPTCHA processing logic that allows unauthenticated remote attackers to execute arbitrary code in the client browser and potentially on the backend server...

Information Disclosure

Directus is vulnerable to information exposure. The vulnerability is due to logging all incoming request details, including sensitive data like access and refresh tokens when using WebHook triggers in Flows, which allows an attacker with log access to hijack user sessions within the token...

Cross-site Scripting (XSS)

org.opennms:opennms is vulnerable to Cross-site Scripting XSS. The vulnerability is due to stored XSS caused by unsanitized parameters on multiple nodes, allowing attackers to inject malicious HTML or JavaScript into database entries that are rendered on user-facing pages...

Path Traversal

github.com/google/osv-scalibr is vulnerable to path traversal. The vulnerability is due to path traversal caused by improper validation of file paths when using the unpack function with the --remote-image flag on untrusted container images, allowing arbitrary file writes on the host system as the...

SQL Injection

pg-promise is vulnerable to SQL Injection. The vulnerability is due to improper handling of negative numbers, which allows an attacker to manipulate SQL queries by injecting malicious input...

Open Redirect

urllib3 is vulnerable to Open Redirect. The vulnerability is due to the ability to disable redirects globally via PoolManager configuration, which allows an attacker to bypass intended redirect restrictions...

Open Redirect

urllib3 is vulnerable to Open Redirect. The vulnerability is due to urllib3 not properly controlling redirect behavior when used in Pyodide environments, which allows an attacker to exploit browser or Node.js runtime redirect handling, potentially bypassing expected security mechanisms...

Improper Certificate Validation

couchbasenetclient is vulnerable to improper certificate validation. The vulnerability is due to improper configuration defaults and lack of hostname verification in TLS connections, defaulting to IP addresses instead of hostnames, which allows an attacker to perform man-in-the-middle MitM attack...

Information Disclosure

github.com/openbao/openbao is vulnerable to information disclosure. The vulnerability is due to improper handling of malformed data, which allows an attacker to potentially access sensitive information through exposed logs...

Information Disclosure

org.elasticsearch.client, elasticsearch-rest-client is vulnerable to memory disclosure. The vulnerability is due to error messages leaking uninitialized buffer data when handling malformed queries, which allows an attacker to access sensitive information such as documents or authentication detail...

Cross-Site Scripting (XSS)

ag-grid is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of grid contents, which allows an attacker to execute arbitrary JavaScript when user input is rendered in the grid...

Improper Authorization

authentik is vulnerable to Improper Authorization. The vulnerability is due to missing session validation for single-use tokens in RAC endpoints, which allows an attacker to reuse a valid token from a shared URL to access another user’s session...

Access Control Bypass

Apache HTTP Server modssl is vulnerable to Access control bypass. The vulnerability is due to improper handling of TLS 1.3 session resumption across multiple virtual hosts with different trusted client certificate configurations, which allows an attacker with a trusted certificate for one virtual...

Improper Input Validation

git is vulnerable to improper input validation. The vulnerability is due to improper handling of carriage return CR characters in configuration and submodule paths, which allows an attacker to exploit the altered path and potentially trigger unintended execution of a submodule’s post-checkout hoo...

HTTP Desynchronisation Attack

Apache HTTP Server modssl is vulnerable to an HTTP desynchronisation Attack. The vulnerability is due to the use of SSLEngine optional for enabling TLS upgrades, which allows a man-in-the-middle attacker to exploit request desynchronisation and hijack an active HTTP session during the TLS upgrade...

Use After Free

Apache HTTP Server is vulnerable to Use After Free. The vulnerability is due to improper memory handling where memory is released after its effective lifetime, which allows an attacker to trigger use-after-free conditions that could lead to a crash or potentially arbitrary code execution...

Stack-based Buffer Overflow

International Components for Unicode ICU is vulnerable to a Stack-based Buffer Overflow. The vulnerability is due to improper handling of the ‘subtag’ struct in the SRBRoot::addTag function while running the genrb binary, which allows an attacker to cause memory corruption and achieve local...

Buffer Overflow

Matplotlib is vulnerable to Buffer Overflow. The vulnerability is due to improper handling of buffer boundaries due to insufficient input validation in certain parsing functions...

Local Privilege Escalation

Sudo is vulnerable to local privilege escalation. The vulnerability is due to the use of a user-controlled /etc/nsswitch.conf file when running with the --chroot option, which allows an attacker to obtain root access on the system...

Improper Access Control

org.apache.zeppelin, zeppelin-server, interpreter is vulnerable to Improper Access Control. The vulnerability is due to the raft server protocol being accessible without authentication, which allows an attacker to view server resources including directories and files...

Information Disclosure

Indico is vulnerable to information disclosure. The vulnerability is due to an endpoint exposing user details such as name, affiliation, and email in bulk when listed in certain fields like ACLs, which allows an attacker to retrieve basic user information without proper authorization...

HTTP Request Smuggling

aiohttp is vulnerable to HTTP request smuggling. The vulnerability is due to improper parsing of trailer sections in HTTP requests when the pure Python version of aiohttp is used or the AIOHTTPNOEXTENSIONS flag is enabled, which allows an attacker to smuggle HTTP requests and potentially bypass...

Arbitrary Code Execution (ACE)

job-iteration is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to improper handling of input in the CsvEnumerator class, which allows an attacker to execute arbitrary commands on the host system by exploiting unsanitized file paths or untrusted input...

Cross-site Scripting (XSS)

org.xwiki.rendering:xwiki-rendering-syntax-xhtml is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the XHTML syntax relying on the xdom+xml/current syntax, which allows insertion of arbitrary HTML including JavaScript, enabling XSS for users with document editing rights...

Remote Code Execution (RCE)

org.xwiki.rendering:xwiki-rendering-transformation-macro is vulnerable to Remote Code Execution RCE. The vulnerability is due to the macro content parser failing to preserve the restricted attribute in the transformation context, allowing execution of normally forbidden macros like script macros ...

Cross-Site Scripting (XSS)

roundup is vulnerable to cross-site scripting XSS. The vulnerability is due to improper sanitization of user-supplied input in URLs when interacting with issue tracker templates devel and responsive, which allows an attacker to inject and execute arbitrary scripts in the context of a user's brows...

Denial Of Service (DoS)

libp2p is vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient validation of RSA key sizes, which allows an attacker to send a large RSA key and exhaust system resources...

XML External Entity (XXE) Injection

org.apache.jackrabbit, jackrabbit-spi-commons, jackrabbit-core is vulnerable to XML External Entity XXE injection. The vulnerability is due to the use of an unsecured document builder to load privileges, which allows an attacker to exploit XXE and potentially access sensitive files or perform...

Server-side Template Injection

binarytorch/larecipe is vulnerable to Server-side Template Injection SSTI. The vulnerability is due to improper handling of user input in template rendering, which allows an attacker to inject malicious templates and potentially achieve Remote Code Execution RCE in vulnerable server configuration...

Denial Of Service (DoS)

org.apache.tomcat:tomcat-coyote is vulnerable to Denial Of Service DoS. The vulnerability is due to failure to handle cases where an HTTP/2 client does not acknowledge the initial settings frame, allowing excessive concurrent streams and leading to resource exhaustion...

Denial Of Service (DoS)

org.apache.tomcat:tomcat-catalina is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of multipart upload size limits due to an integer overflow in certain multipart upload configurations, which can bypass configured size restrictions and lead to denial of servic...

Denial Of Service (DoS)

com.nimbusds:nimbus-jose-jwt is vulnerable to Denial Of Service DoS. The vulnerability is due to uncontrolled recursion due to lack of validation on JSON object nesting depth in JWT claim sets, allowing remote attackers to exhaust system resources with deeply nested structures...

Heap Buffer Overflow

ExecuTorch is vulnerable to Heap Buffer Overflow. The vulnerability is due to improper handling of buffer boundaries during the loading of ExecuTorch methods, which allows an attacker to cause a runtime crash and potentially execute arbitrary code...

OS Command Injection

james-heinrich/phpthumb is vulnerable to OS Command Injection. The vulnerability is due to improper sanitization of crafted parameter values in phpthumb.gif.php, which allows an attacker to execute arbitrary operating system commands...

Denial Of Service (DoS)

org.apache.commons, commons-lang3 is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of long input strings in the ClassUtils.getClass... method, which allows an attacker to trigger a StackOverflowError...

Regular Expression Denial Of Service (ReDoS)

Transformers is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to the use of a vulnerable regex pattern in the DonutProcessor.token2json method, which allows an attacker to craft malicious input causing excessive CPU consumption through catastrophic backtrackin...

Cache Deception

better-call is vulnerable to cache deception. The vulnerability is due to insufficient path sanitization during request processing, which allows an attacker to craft deceptive URLs that mimic static assets and bypass CDN cache exclusion rules...

Sensitive Information Disclosure

github.com/juju/juju is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the /log endpoint allowing any authenticated user to read debug log messages, which may contain sensitive information, without requiring specific permissions...

Sensitive Information Disclosure

universal-omega/dynamic-page-list3 is vulnerable to Sensitive Information Disclosure. The vulnerability is due to certain dpl parameters revealing usernames that were meant to be hidden via revision deletion, suppression, or the hideuser block flag...

Sensitive Information Disclosure

parse-server is vulnerable to Sensitive Information Disclosure. The vulnerability is due to allowing public introspection of schema metadata without requiring a session token or master key, potentially aiding attackers in mapping the API surface...

Path Traversal

github.com/ctfer-io/chall-manager is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths during zip extraction due to missing checks on extracted file paths, allowing attackers to write files outside the intended directory when decoding scenario zip archive...

Account Takeover

org.keycloak, keycloak-services is vulnerable to Account Takeover. The vulnerability is due to insufficient validation during account merging and email verification, which allows an attacker to change their email to the victim's address and trigger a verification email to the victim...

Hash Collision Attack

llamaindex is vulnerable to Hash Collision Attack. The vulnerability is due to the use of MD5 hashing for generating document chunk IDs, which allows an attacker to exploit hash collisions by creating structurally distinct chunks with identical text...

Cross-Site Scripting (XSS)

@pdfme/common is vulnerable to cross-site scripting XSS. The vulnerability is due to improper handling of expression evaluation, which allows an attacker to escape the sandbox environment and execute arbitrary code or manipulate object prototypes to perform XSS and other malicious actions...

Denial Of Service (DoS)

github.com/ctfer-io/chall-manager is vulnerable to Denial Of Service DoS. The vulnerability is due to the HTTP Gateway accepting headers indefinitely, enabling Slowloris attacks without requiring authentication or authorization...

Denial Of Service (DoS)

github.com/ctfer-io/chall-manager is vulnerable to Denial Of Service DoS. The vulnerability is due to the lack of size validation when decoding zip archives, which allows an attacker to exploit the system using zip bomb decompression without requiring authentication or authorization...