Race Condition Vulnerability

org.apache.tomcat, tomcat-util is vulnerable to Race Condition Vulnerability. The vulnerability is due to improper synchronization in the APR/Native connector when handling client-initiated HTTP/2 connection closures, which allows an attacker to exploit race conditions potentially leading to...

Sensitive Information Exposure

docusaurus-plugin-content-gists is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper handling of configuration options that include GitHub Personal Access Tokens, which are inadvertently embedded into client-side JavaScript bundles during the production build,...

Unauthorized Volume Mount

github.com/edgelesssys/contrast is vulnerable to Unauthorized Volume Mount. The vulnerability is due to unexpected interpretation of VOLUME directives due to containerd automatically creating mount points from VOLUME directives or config.volumes in OCI images even when Kubernetes has not explicit...

OS Command Injection

mcp-remote is vulnerable to OS command injection. The vulnerability is due to crafted input from the authorizationendpoint response URL when connecting to untrusted MCP servers, which allows an attacker to execute arbitrary operating system commands...

Path Traversal

llamaindexreadersobsidian is vulnerable to path traversal. The vulnerability is due to improper handling of hardlinks in the loaddata method of the ObsidianReader class, which allows an attacker to bypass path restrictions and access sensitive files such as /etc/passwd...

Improper Verification Of Cryptographic Signature

Clerk is vulnerable to improper verification of cryptographic signature. The vulnerability is due to the use of the verifyWebhook helper, which may accept improperly signed webhook events, allowing an attacker to forge webhook requests and potentially trigger unauthorized actions...

Stack Overflow

llamaindexcore is vulnerable to stack overflow. The vulnerability is due to unsafe recursive traversal without depth validation, which allows an attacker to submit deeply nested JSON structures and trigger a Denial of Service DoS by causing a RecursionError and crashing the application...

Timing Attack

parisneo/lollms is vulnerable to timing attack. The vulnerability is due to the use of Python's default string equality operator for password comparison, which causes variable response times based on matching characters — allowing an attacker to enumerate valid usernames and incrementally guess...

Information Disclosure

@cloudflare/vite-plugin is vulnerable to information disclosure. The vulnerability is due to the default configuration exposing all files via the local development server, which allows an attacker to access sensitive files like .env and .dev.vars that may contain secrets...

Denial Of Service (DoS)

github.com/babylonlabs-io/babylon is vulnerable to Denial Of Service DoS. The vulnerability is due to sending a message that modifies the validator set exactly at the epoch boundary, which allows an attacker to halt the blockchain by disrupting consensus progression...

Denial Of Service (DoS)

@builder.io/qwik-city is vulnerable to Denial Of Service DoS. The vulnerability is due to the server not handling errors thrown when an invalid QRL function qfunc is sent, which allows an attacker to crash the Node.js server by triggering an unhandled exception...

Command Injection

mcp-server-kubernetes is vulnerable to Command Injection. The vulnerability is due to unsanitized command execution due to direct use of unvalidated user input in childprocess.execSync, allowing injection of shell metacharacters and execution of arbitrary system commands...

Path Traversal

llama-index-core is vulnerable to Path Traversal. The vulnerability is due to insufficient sanitization of the imagepath parameter in the encodeimage function, allowing attackers to access arbitrary files on the server...

Directory Traversal

Dagster is vulnerable to Directory Traversal. The vulnerability is due to improper input sanitization due to the /logs endpoint allowing crafted requests that can access sensitive files, particularly those with names starting with a dot...

Improper Input Validation

transformers is vulnerable to improper input validation. The vulnerability is due to insecure URL validation using the startswith method in imageutils.py, which allows an attacker to exploit URL username injection to craft deceptive URLs that appear to originate from trusted sources like YouTube,...

Regular Expression Denial Of Service (ReDoS)

transformers is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to the use of a vulnerable regular expression pattern config\..\.json in the getconfigurationfile function within the transformers.configurationutils module, which allows an attacker to craft...

Remote Code Execution (RCE)

bolt/bolt is vulnerable to remote code execution RCE. The vulnerability is due to unsanitized rendering of user-controlled input PHP code injection in the displayname field in backend templates, followed by abuse of session file manipulation endpoints which allows an attacker to create a web shel...

Open Redirect

better-auth is vulnerable to open redirect. The vulnerability is due to improper validation of user-supplied URLs in the originCheck middleware, which allows an attacker to redirect users to arbitrary external sites via crafted requests to routes such as /verify-email, /reset-password/:token,...

Regular Expression Denial Of Service (ReDoS)

transformers is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to a flawed regular expression pattern used in the getimports function to filter try/except blocks, which allows an attacker to craft input strings that cause catastrophic backtracking...

Integer Overflow

github.com/cosmos/cosmos-sdk is vulnerable to Integer Overflow. The vulnerability is due to a malicious validator being able to deposit values that trigger an overflow in the Validator Rewards pool, potentially halting the blockchain...

Command Injection

node-code-sandbox-mcp is vulnerable to command injection. The vulnerability is due to the unsanitized use of input parameters within a call to childprocess.execSync, which allows an attacker to inject arbitrary system commands and achieve remote code execution, bypassing sandbox protections...

Access Control Bypass

pyloadng is vulnerable to Access Control Bypass. The vulnerability is due to improper enforcement of access control rules for localhost-restricted functionality, which allows unauthenticated attackers to bypass security checks and perform unauthorized actions such as creating arbitrary packages...

Local Code Execution (LCE)

helm.sh/helm/v3 is vulnerable to Local Code Execution LCE. The vulnerability is due to insufficient validation and sanitization of the Chart.yaml and Chart.lock files during dependency updates, allowing a maliciously crafted file to trigger local code execution...

Remote Code Execution (RCE)

github.com/lf-edge/ekuiper is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient restrictions in the /config/uploads API, allowing directory traversal ../ to write files outside the intended directory, potentially leading to remote code execution if run with root...

XML External Entity (XXE) Injection

llama-index-readers-papers Papers Loaders package is vulnerable to XML External Entity XXE Injection. The vulnerability is due to the sitemap parser accepting untrusted XML input without disabling entity expansion, allowing attackers to exhaust system memory and cause a denial of service...

Remote Code Execution (RCE)

llama-index-core is vulnerable to Remote Code Execution RCE. The vulnerability is due to the JsonPickleSerializer component falling back to Python’s pickle.loads without proper input validation, allowing execution of arbitrary code from untrusted data...

Regular Expression Denial Of Service (ReDoS)

fastapi-guard is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to inefficient regex pattern matching due to use of poorly optimized regular expressions that cause polynomial-time backtracking on crafted inputs, leading to high CPU usage and service...

Path Traversal

llama-index-readers-obsidian is vulnerable to Path Traversal. The vulnerability is due to improper symlink handling due to failure to resolve symbolic links securely and validate that the resulting paths remain within the intended vault directory, allowing access to files outside the vault...

Denial Of Service (DoS)

mcp is vulnerable to improper input validation. The vulnerability is due to a validation error when processing malformed requests, which allows an attacker to trigger unhandled exceptions and cause service unavailability 500 errors until the service is manually restarted...

Cross-Site Scripting (XSS)

cockpit-hq/cockpit is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user-supplied input in the "name" or "email" arguments within the /system/users/save endpoint, which allows an attacker to inject malicious scripts that execute in the context of the...

Sensitive Information Exposure

io.zipkin, zipkin-server is vulnerable to Sensitive Information Exposure. The vulnerability is due to the presence of an unprotected /heapdump endpoint associated with Spring Boot Actuator, which allows an attacker to retrieve memory dumps and potentially extract sensitive data. Note: There is a...

Hash Collision

llamaindexreaderspapers is vulnerable to Hash Collision. The vulnerability is due to the use of MD5 hashing to generate filenames for downloaded papers, which allows an attacker to exploit hash collisions by submitting papers with identical titles but different content...

Regular Expression Denial Of Service (ReDoS)

Transformers is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression complexity in the SETTINGRE variable within chat.py, which allows an attacker to exploit exponential backtracking using specially crafted input...

Denial Of Service (DoS)

mcp is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of exceptions triggered after establishing a streamable HTTP session, which allows an attacker to cause a ClosedResourceError on the server side...

DOM Clobbering

tarteaucitron.js is vulnerable to DOM Clobbering. The vulnerability is due to accessing document.currentScript without verifying it references a valid...

Path Traversal

github.com/lf-edge/ekuiper is vulnerable to path traversal. The vulnerability is due to improper validation of file paths, which allows an attacker to read or write arbitrary files on the server, potentially modifying application behavior and gaining full control of the system...

Local File Inclusion (LFI)

microweber/microweber is vulnerable to Local File Inclusion LFI. The vulnerability is due to insufficient path validation and inadequate restrictions in the backup management API, allowing authenticated users to read arbitrary files via crafted requests to the upload and download endpoints...

Stored Cross-site Scripting (XSS)

starcitizentools/citizen-skin is vulnerable to Stored Cross-site Scripting XSS. The vulnerability is due to the Citizen skin inserting short descriptions from the ShortDescription extension as raw HTML, which allows an attacker to inject arbitrary HTML into the DOM by editing a page...

Incorrect Default Permissions

Vagrant is vulnerable to Incorrect Default Permissions. The vulnerability is due to the Vagrantfile being writable from within the guest VM and executed by the host, allowing a low-privileged attacker to achieve guest-to-host code execution...

Improper Authorization

n8n is vulnerable to improper authorization. The vulnerability is due to insufficient access control in the /rest/executions/:id/stop endpoint, which allows an attacker to stop workflow executions they do not own or have access to, potentially causing business disruption...

Denial Of Service (DoS)

n8n is vulnerable to Denial of Service DoS. The vulnerability is due to improper input handling due to the /rest/binary-data endpoint failing to safely process empty filesystem:// or filesystem-v2:// URIs, leading to application instability or crashes...

Cache Poisoning

Next.js is vulnerable to cache poisoning. The vulnerability is due to HTML page requests returning a React Server Component RSC payload under certain conditions, which allows an attacker to poison the cache if the CDN does not correctly differentiate between RSC and HTML content...

Cross-Site Scripting (XSS)

starcitizentools/citizen-skin is vulnerable to cross-site scripting XSS. The vulnerability is due to improper sanitization of page descriptions inserted into raw HTML when using the old search bar, which allows an attacker with page editing privileges to inject XSS payloads into the DOM and explo...

Cache Poisoning

Next.js is vulnerable to Cache Poisoning. The vulnerability is due to improper caching of HTTP 204 responses for static pages, which allows an attacker to poison the cache and cause the 204 response to be served to all users attempting to access the affected page...

Denial Of Service (DoS)

github.com/apache/trafficcontrol is vulnerable to Denial of Service DoS. The vulnerability is due to TCP connections on the DNS port remaining in the ESTABLISHED state indefinitely, which allows an attacker to exhaust the thread pool handling DNS requests and prevent the service from processing...

Improper Access Control

gogs.io/gogs is vulnerable to improper access control. The vulnerability is due to improper validation and access control in handling file operations within the .git directory, which allowed unprivileged users to perform unauthorized deletions and modifications...

Incorrect Default Permissions

github.com/filebrowser/filebrowser is vulnerable to Incorrect Default Permissions. The vulnerability is due to insecure default file permissions because the application not explicitly setting access permissions for uploaded files or its database, relying instead on the system’s default umask, whi...

Open Redirection

n8n is vulnerable to Open Redirection. The vulnerability is due to improper validation of redirect URLs due to the login flow accepting untrusted redirect query parameters, allowing redirection to attacker-controlled domains...

Cross-site Scripting (XSS)

github.com/gogs/gogs is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the inclusion of an outdated version of pdfjs v1.4.20 that allows client-side JavaScript execution...

Heap Based Buffer Overflow

Pillow is vulnerable to heap-based buffer overflow.. The vulnerability is due to writing into a buffer without checking for available space when saving a large 64k image in DDS format, which allows an attacker to trigger a heap buffer overflow by tricking the application into processing malicious...