Sensitive Data Exposure

github.com/juju/utils is vulnerable to Sensitive Data Exposure. The vulnerability is due to the cert.NewLeaf function generating certificates that may contain private key information, which allows an attacker to extract the private key if the certificate is transmitted over the network in plainte...

Insecure Deserialization

com.typesafe.akka, akka-cluster-metrics is vulnerable to insecure deserialization. The vulnerability is due to the use of Java serialization without proper validation or safeguards in the akka-cluster-metrics module, which allows an attacker to exploit the deserialization process to execute...

Symbolic Link Traversal

@modelcontextprotocol/server-filesystem is vulnerable to Symbolic Link Traversal. The vulnerability is due to insufficient validation of symbolic links within allowed directories, which allows an attacker to access unintended files by leveraging symlinks to bypass directory restrictions...

Path Traversal

@modelcontextprotocol/server-filesystem is vulnerable to path traversal. The vulnerability is due to improper validation of directory prefixes, which allows an attacker to access unintended files by crafting paths that match allowed directory prefixes...

Information Exposure

org.junit.platform, junit-platform-reporting is vulnerable to information exposure. The vulnerability is due to a flaw in the OpenTestReportGeneratingListener leaking Git credentials in generated Open Test Reporting XML files, which allows an attacker to steal exposed tokens from publicly...

Sensitive Information Disclosure

github.com/filebrowser/filebrowser is vulnerable to Sensitive Information Disclosure. The vulnerability is due to exposure of sensitive data in URLs due to the use of access tokens as GET parameters, which can be logged in client- or server-side logs...

Command Injection

github.com/filebrowser/filebrowser is vulnerable to Command Injection. The vulnerability is due to improper allowlist enforcement and flawed implementation that allows users to execute shell commands beyond those explicitly permitted in their user-specific allowlist...

Integrity Validation Bypass

Electron is vulnerable to Integrity Validation Bypass. The vulnerability is due to insufficient enforcement of ASAR integrity and loading restrictions due to reliance on embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses, which can be bypassed when apps are launched from...

Privilege Escalation

Graylog is vulnerable to Privilege Escalation. The vulnerability is due to insufficient permission checks due to a flaw in the Graylog REST API that allows authenticated users to create and use API tokens for other users, such as the local Administrator, if they know the target user's ID...

Private Key Extraction

tiny-secp256k1 is vulnerable to private key extraction. The vulnerability is due to the ability to bypass Buffer.isBuffer checks when the global Buffer is overridden by the NPM buffer package, which allows an attacker to reuse the nonce k across different messages and extract the private key by...

Insecure Password Handling

github.com/filebrowser/filebrowser is vulnerable to Insecure Password Handling. The vulnerability is due to a missing password policy and lack of brute-force protection, which allows an attacker to perform brute-force attacks to retrieve user account passwords...

Improper Access Control

github.com/filebrowser/filebrowser is vulnerable to Improper Access Control. The vulnerability is due to an error-prone implementation of password-protected links, which allows an attacker to access shared files without authentication through direct download links obtained from browser history or...

Unauthorized Command Execution

github.com/filebrowser/filebrowser, is vulnerable to unauthorized command execution.The vulnerability is due to improper enforcement of scope restrictions on the Command Execution feature, which allows an attacker to execute arbitrary shell commands outside their assigned scope and gain...

Improper Input Validation

tiny-secp256k1 is vulnerable to improper input validation. The vulnerability is due to the ability to pass a malicious JSON-stringifiable object to the verify function when the global Buffer is overridden by the NPM buffer package, which allows an attacker to perform a type confusion attack and...

Denial Of Service (DoS)

github.com/babylonlabs-io/babylon is vulnerable to Denial Of Service DoS. The vulnerability is due to the acceptance of transaction fees in denominations other than the native Babylon genesis denom ubbn, which allows an attacker to halt the blockchain by submitting such transactions...

Command Injection

@cyanheads/git-mcp-server is vulnerable to command injection. The vulnerability is due to the unsanitized use of user input in childprocess.exec, which allows an attacker to inject arbitrary shell commands and achieve remote code execution under the server's privileges...

Heap Buffer Overflow

electron is vulnerable to Heap buffer overflow. The vulnerability is due to improper handling of image data in the nativeImage.createFromPath and nativeImage.createFromBuffer functions, which allows an attacker by supplying crafted image data with controlled height, width, and contents...

Incorrect Authorization

Mattermost is vulnerable to Incorrect Authorization. The vulnerability is due to improper access control due to insufficient validation of channel membership when accessing playbook run metadata, allowing authenticated users to retrieve sensitive information about private channels...

Remote Code Execution (RCE)

org.conductoross, conductor-core is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper access control over Java class execution, which allows attackers to invoke system-level commands...

Deserialization Of Untrusted Data

org.apache.seata, seata-config-core is vulnerable to Deserialization of untrusted data. The vulnerability is due to insecure handling of serialized input, which allows attackers to exploit the system by sending maliciously crafted data...

Deserialization Of Untrusted Data

org.apache.seata, seata-config-core is vulnerable to Deserialization of untrusted data. The vulnerability is due to insecure handling of deserialized input, which allows attackers to exploit it by executing arbitrary code or performing unauthorized actions...

Regular Expression Denial Of Service (ReDoS)

string-math is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression processing, which allows the attack to be exploited via crafted input...

Improper Permission Enforcement

github.com/mattermost/mattermost-server is vulnerable to improper permission enforcement. The vulnerability is due to a failure to enforce channel member management permissions during playbook run participant management, which allows authenticated users with member-level access to bypass...

Path Traversal

lightrag-hku is vulnerable to Path Traversal. The vulnerability is due to improper validation of user-supplied filenames due to unsanitized input in the file.filename parameter in the uploadtoinputdir function, allowing an attacker to write files to arbitrary locations on the server...

Insertion Of Sensitive Information Into Log File

snyk is vulnerable to Insertion of Sensitive Information into Log File. The vulnerability is due to improper logging of sensitive data because of debug and trace log modes capturing container registry credentials, authentication tokens, and access tokens when certain CLI commands are executed...

Improper Command Execution Control

github.com/filebrowser/filebrowser is vulnerable to improper command execution control. The vulnerability is due to the misuse of the command execution feature that relies on a predefined allowlist, which can be bypassed using standard commands that support subcommand execution, allowing attacker...

Stored Cross-site Scripting (XSS)

File Browser is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of Markdown content, allowing JavaScript code in uploaded Markdown files to be executed by the browser...

Denial Of Service (DoS)

com.fasterxml.jackson.core, jackson-core is vulnerable to Denial Of Service DoS. The vulnerability is due to missing depth constraints in the JSON parser, which allows recursive processing of deeply nested input without limits...

Remote Code Execution (RCE)

llamafactory is vulnerable to Remote Code Execution RCE. The vulnerability is due to the unsafe loading of the vheadfile argument without the weightsonly=True safeguard, allowing attackers to exploit the Checkpoint path parameter via the WebUI to execute arbitrary code...

Sensitive Information Disclosure

github.com/go-viper/mapstructure/v2 is vulnerable to Sensitive Information Disclosure. The vulnerability is due to insecure data handling due to improper processing of sensitive fields in security-critical contexts, potentially leading to leakage of sensitive information...

Directory Traversal

billz/raspap-webgui is vulnerable to Directory Traversal. The vulnerability is due to improper input validation due to the entity parameter in ajax/networking/getwgkey.php allowing crafted POST requests that leverage the tee command to overwrite arbitrary files writable by the web server...

Cross-site Scripting (XSS)

TabberNeue is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization due to the ability of any user to inject arbitrary HTML into the DOM through allowed attributes of the tag...

Denial Of Service (DoS)

github.com/hashicorp/vault is vulnerable to Denial Of Service DoS. The vulnerability is due to uncontrolled cancellation during rekey and recovery key operations by a Vault operator, which allows an attacker to disrupt service availability...

HTTP Request Smuggling (HRS)

webrick is vulnerable to HTTP Request Smuggling. The vulnerability is due to inconsistent parsing of HTTP header terminators in the readheaders method, which allows attackers to smuggle arbitrary HTTP requests when deployed behind certain HTTP proxies...

SQL Injection

apache-airflow-providers-snowflake is vulnerable to SQL Injection. The vulnerability is due to failure to sanitize special elements due to improper sanitation of table and stage parameters in the CopyFromExternalStageToSnowflakeOperator component...

Sensitive Data Exposure

Infinispan CLI is vulnerable to sensitive data exposure. The vulnerability is due to processing a Base64-decoded Kubernetes secret password in plaintext and including it in a command string, which may expose the data in error messages when a command is not found, allowing attackers to exploit thi...

Server Side Request Forgery (SSRF)

github.com/octo-sts/app is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation and sanitization of OpenID Connect token fields, allowing attackers to craft tokens that trigger internal network requests...

Denial Of Service (DoS)

github.com/openbao/openbao is vulnerable to Denial Of Service DoS. The vulnerability is due to lack of proper authentication and auditing for cancellation operations, allows an attacker to unauthenticatedly cancel root and recovery rekey operations...

Command Injection

ios-simulator-mcp is vulnerable to command injection. The vulnerability is due to unsafe use of Node.js exec with untrusted user input in the uitap tool, which allows attackers to inject shell meta-characters via arguments like duration, udid, x, and y...

DHCP Pool Exhaustion

github.com/lxc/incus is vulnerable to DHCP Pool Exhaustion. The vulnerability is due to improper generation of nftables rules for local services when ACLs are used on devices connected to a bridge, which allows bypassing security.macfiltering, security.ipv4filtering, and security.ipv6filtering...

Security Filter Bypass

github.com/lxc/incus is vulnerable to security filter bypass. The vulnerability is due to incorrect generation of nftables rules when applying ACLs on devices connected to a bridge, which allows ARP spoofing and full spoofing of another VM/container on the same bridge...

Template Injection

PySpur is vulnerable to Template Injection. The vulnerability is due to improper neutralization of special elements due to unsafe handling of the usermessage argument in the SingleLLMCallNode function of the Jinja2 Template Handler component...

XML External Entity (XXE) Injection

Allure is vulnerable to XML External Entity XXE injection. The vulnerability is due to improper XML parser configuration due to insecure settings in the xunit-xml-plugin that allow external entity expansion when processing .xml test result files...

Man-in-the-middle(MitM) Attack

github.com/containers/podman is vulnerable to Man-In-The-Middle MITM attack. The vulnerability is due to lack of TLS certificate verification during the image download process from an OCI registry, allowing an attacker to intercept and modify the VM image data, potentially injecting malicious...

Server Side Request Forgery (SSRF)

langchaincommunity is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to lack of request filtering or validation, which allows the component to send requests to internal or local network addresses...

Session Fixation

Moodle is vulnerable to Session Fixation. The vulnerability is due to improper session management and unauthenticated access to the sesskey parameter, which can be reused in the OAuth2 login flow, allowing attackers to hijack user sessions...

Sensitive Information Disclosure

Umbraco.cms is vulnerable to Sensitive Information Disclosure. The vulnerability is due to insufficient access control to an anonymously accessible endpoint revealing password policy configuration, which may aid brute-force attacks...

Sensitive Information Disclosure

io.quarkus:quarkus-vertx is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper context isolation and data leakage when duplicating an already duplicated Vert.x context, potentially exposing sensitive information like request scope, security details, and metadata...

Signature Spoofing

pbkdf2 is vulnerable to Signature Spoofing. The vulnerability is due to improper input validation in the lib/to-buffer.js file, which allows an attacker to bypass signature verification and spoof cryptographic signatures, making malicious data appear authentic...

Unauthorized Access

Claude Code is vulnerable to Unauthorized Access. The vulnerability is due to improper origin validation due to the extensions accepting WebSocket connections from attacker-controlled webpages, allowing unauthorized access to IDE data and limited code execution in specific scenarios...