Cross-Site Scripting (XSS)

org.apache.jspwiki, jspwiki-main is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of crafted requests using the Image plugin, which allows an attacker to execute JavaScript in the victim's browser and obtain sensitive information...

Improper Access Control

@finos/git-proxy is vulnerable to improper access control. The vulnerability is due to bypassing policies and explicit approvals when pushing to remote repositories, which allows an attacker to push code containing secrets or unwanted changes without required checks or plugin execution...

SQL Injection

bacula-web/bacula-web is vulnerable to SQL Injection. The vulnerability is due to improper input sanitization in HTTP GET requests, which allows an attacker to execute arbitrary code remotely...

Improper Access Control

umbraco.cms.api.delivery is vulnerable to improper access control. The vulnerability is due to output caching not varying by the API key authorization header, which allows an attacker to access cached API responses without a valid key if they were previously requested by an authorized user...

Server Side Request Forgery (SSRF)

bentoml is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to the file upload handlers automatically downloading files from user-provided URLs without validating their targets, which allows an attacker to make the server send arbitrary HTTP requests to internal or...

Sensitive Data Exposure

@finos/git-proxy is vulnerable to sensitive data exposure. The vulnerability is due to improper validation of commits in the pack sent to GitHub, which allows an attacker to inject unreferenced commits containing sensitive data and retrieve them via direct commit URLs without appearing in the...

Improper Authorization

@finos/git-proxy is vulnerable to Improper Authorization. The vulnerability is due to improper validation of branch creation workflows due to the way GitProxy handles new branch creation, allowing attackers to bypass approval of prior commits on the parent branch...

Denial Of Service (DoS)

ruby-saml is vulnerable to Denial Of Service DoS. The vulnerability is due to improper order of validation checks due to the SAML response being validated for Base64 format before checking the configured message size, allowing potential resource exhaustion...

Malicious File Parsing

@finos/git-proxy is vulnerable to malicious file parsing. The vulnerability is due to improper PACK signature detection in parsePush.ts, which allows an attacker to embed misleading signatures in commit content and craft packet structures to bypass approval or hide commits...

Denial Of Service (DoS)

SixLabors.ImageSharp is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of malformed GIF comment extension blocks due to a missing block terminator, causing the GIF decoder to enter an infinite loop when processing specially crafted files...

Log Injection

pyload-ng is vulnerable to Log Injection. The vulnerability is due to improper input sanitization due to failure to filter user-supplied data in the /json/addpackage API, allowing attackers with package addition permissions to inject arbitrary messages into application logs...

Improper Authentication

github.com/openbao/openbao is vulnerable to improper authentication. The vulnerability is due to unexpected normalization in the underlying TOTP library, which allows an attacker to reuse a valid TOTP code multiple times instead of only once...

Authentication Bypass

github.com/openbao/openbao is vulnerable to Authentication bypass. The vulnerability is due to improper normalization in the underlying TOTP library, which allows an attacker to bypass rate limiting by inserting whitespace and reuse existing MFA codes...

SQL Injection

z-push/z-push-dev is vulnerable to SQL Injection. The vulnerability is due to unparameterized queries in the IMAP backend’s basic authentication username field, which allows an attacker to inject malicious SQL commands to access, modify, or delete sensitive data from a linked third-party database...

Path Traversal

bugsink is vulnerable to Path Traversal. The vulnerability is due to constructing file locations directly from untrusted eventid input without validation, which allows an attacker with access to a valid DSN to create or overwrite files in arbitrary locations...

Network Isolation Bypass

github.com/moby/moby is vulnerable to network isolation bypass. The vulnerability is due to Docker failing to re-create iptables rules isolating bridge networks after firewalld reload, which allows an attacker to access all ports of containers across different bridge networks on the same host,...

Cross-site Scripting (XSS)

github.com/usememos/memos is vulnerable to Cross-site Scripting XSS. The vulnerability is due to unrestricted external image embedding because markdown images with arbitrary URLs are automatically fetched when viewing a memo, exposing the user's IP address, browser User-Agent, and other...

Regular Expression Denial Of Service (ReDoS)

calibreweb is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression processing because the stripwhitespaces function allows catastrophic backtracking when processing a specially crafted username parameter during login...

Authentication Bypass

Node-SAML is vulnerable to Authentication Bypass. The vulnerability is due to improper signature verification because the library loads assertions from the unsigned original response document instead of the signed portion, allowing attackers with a validly signed document to alter authentication...

Cross-Site Scripting (XSS)

github.com/techarohq/anubis is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation of the ?redir= parameter in the /.within.website/x/cmd/anubis/api/pass-challenge route, which allows an attacker to craft malicious pass-challenge pages that execute arbitrary...

Command Injection

codeigniter4/framework is vulnerable to Command Injection. The vulnerability is due to improper handling of user-controlled filenames and text content when using the ImageMagick imagick handler in the resize or text methods, which allows an attacker to execute arbitrary shell commands by supplyin...

Cross-site Scripting (XSS)

copyparty is vulnerable to DOM-based Cross-site Scripting XSS. The vulnerability is due to improper sanitization of multimedia tags in music files, including m3u files, which allows an attacker to execute arbitrary JavaScript code in a victim's browser...

Server Side Request Forgery (SSRF)

ssrfcheck is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to an incomplete denylist that fails to classify the reserved multicast IP range 224.0.0.0/4 as invalid, which allows an attacker to craft requests targeting these multicast addresses...

Server-Side Request Forgery (SSRF)

webfinger.js is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient restriction on localhost access because the lookup function fails to block requests to local or internal network services, allowing attackers to craft requests targeting internal resources...

Username Enumeration

github.com/openbao/openbao is vulnerable to user enumeration. The vulnerability is due to timing differences in the userpass authentication method between non-existent users and users with stored credentials, which allows an attacker to enumerate valid usernames regardless of password validity...

Authentication Bypass

github.com/openbao/openbao is vulnerable to Authentication bypass. The vulnerability is due to improper aliasing between pre-flight and full login request user entity alias attributions, which allows an attacker to bypass the automatic user lockout mechanisms in the Userpass or LDAP authenticatio...

Improper Access Control

github.com/openbao/openbao is vulnerable to improper access control. The vulnerability is due to the ability of privileged API operators to bypass restrictions on system code execution and network connections through manipulation of audit log prefixes, which allows an attacker to execute...

Race Condition Vulnerability

Library name is vulnerable to race condition. The vulnerability is due to query cancellation during the Scan method execution, which allows an attacker to interfere with parallel queries and cause unexpected results or errors...

Memory Leakage

libhtp.so is vulnerable to Memory Leakage. The vulnerability is due to improper memory management caused by traffic-induced leaks, which can exhaust system memory and lead to loss of visibility...

Open Redirect

Koa is vulnerable to Open Redirect. The vulnerability is due to improper validation of the Referrer argument in the back function of lib/response.js, which allows remote attackers to redirect users to malicious sites...

Use After Free

libtiff.so is vulnerable to Use After Free. The vulnerability is due to improper memory handling in the gethistogram function of tools/tiffmedian.c, which can be exploited locally to execute arbitrary code...

Logic Error

Apache HTTP Server is vulnerable to a logic error. The vulnerability is due to a flaw in the evaluation of RewriteCond expr directives, which causes all expressions to be treated as true, allowing an attacker to bypass intended rewrite conditions and access or redirect resources unexpectedly...

Improper Access Control

github.com/moby/moby is vulnerable to improper access control. The vulnerability is due to failure to recreate firewall rules blocking external access to containers after a firewalld reload, which allows an attacker to remotely access containers with ports published to localhost...

Cross-site Scripting (XSS)

Linkify is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improperly controlled modification of object prototype attributes due to insufficient validation of user-controlled input, which can lead to XSS and manipulation of application variables...

Buffer Overflow

libtiff.so is vulnerable to Buffer Overflow. The vulnerability is due to unsafe memory manipulation in the setrow function within tools/thumbnail.c, leading to a local buffer overflow...

Sensitive Information Disclosure

Opencast is vulnerable to Sensitive Information Disclosure. The vulnerability is due to exposure of hashed credentials due to incorrect handling of global system account credentials when fetching mediapackage elements, allowing attackers with ingest permissions to exfiltrate them to an external U...

Remote Code Execution (RCE)

smolagents is vulnerable Remote Code Execution RCE. The vulnerability is due to inadequate enforcement of static and dynamic checks in localpythonexecutor.py, allowing attackers to exploit whitelisted modules and functions...

Arbitrary File Write

assemblyline-service-client is vulnerable to Arbitrary File Write. The vulnerability is due to insufficient validation of file paths, allowing attackers to write files outside the intended directory...

Arbitrary Code Execution

skops is vulnerable to Arbitrary Code Execution. The vulnerability is due to inconsistent operator function handling due to a flaw in OperatorFuncNode that allows untrusted operator methods to be hidden and reused to invoke seemingly safe functions...

Arbitrary Code Execution

skops is vulnerable to Arbitrary Code Execution. The vulnerability is due to exploitation of the MethodNode class, which allows unexpected attribute access via dot notation during model loading...

Sensitive Information Disclosure

Opencast is vulnerable to Information Disclosure. The vulnerability is due to improper credential handling due to the system sending hashed global system account credentials to arbitrary URLs when fetching media package elements...

Command Injection

calibreweb is vulnerable to Command Injection. The vulnerability is due to improper neutralization of special elements used in an OS command due to insufficient sanitization of user input, allowing blind OS command injection...

Improper Authorization

@haxtheweb/haxcms-nodejs and elmsln/haxcms are vulnerable to Improper Authorization. The vulnerability is due to failure to verify if an authenticated user has permission to interact with a resource before performing operations...

Denial Of Service (DoS)

ImageMagick is vulnerable to Denial Of Service DoS. The vulnerability is due to infinite line generation during a specific XMP file conversion command...

Arbitrary File Upload

simogeo/filemanager is vulnerable to Arbitrary File Upload. The vulnerability is due to improper file type validation due to insufficient checks in the isallowedfiletype function, allowing attackers to upload crafted PHP files and execute arbitrary code...

SQL Injection

eKuiper is vulnerable to SQL Injection. The vulnerability is due to failure to sanitize user-controlled table name input in the getLast API, allowing unauthenticated attackers to execute arbitrary SQL statements...

Cross-site Scripting (XSS)

Mezzanine CMS is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization due to failure to filter user-supplied input in the /blog/blogpost/add component, allowing injection of malicious scripts into blog posts...

Arbitrary Code Injection

letta is vulnerable to Arbitrary Code Injection. The vulnerability is due to insufficient enforcement of execution restrictions in the /v1/tools/run endpoint, allowing crafted payloads to bypass protections and execute arbitrary Python code or system commands...

Remote Code Execution (RCE)

yt-dlp is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of the --exec placeholder on Windows, allowing crafted file paths to execute arbitrary commands...

Local Privilege Escalation

github.com/linuxdeepin/lastore-daemon is vulnerable to Local Privilege Escalation. The vulnerability is due to insecure D-Bus configuration due to allowing users in the sudo group to invoke the InstallPackage method without authentication, enabling arbitrary code execution as root via crafted .de...