Path Traversal

Aim is vulnerable to Path Traversal. The vulnerability is due to missing path validation due to the extraction of crafted backup tar files in the restorerunbackup function without validating file paths, allowing remote attackers to write arbitrary files to the server's filesystem...

Cross-site Scripting (XSS)

github.com/goharbor/harbor is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to unsanitized content in the markdown field on the info tab page, which allows injection of malicious scripts...

Directory Traversal

files-bucket-server is vulnerable to Directory Traversal. The vulnerability is due to insufficient input validation due to lack of proper sanitization of user-supplied paths, allowing attackers to access files outside the intended directory...

OS Command Injection

bun is vulnerable to OS Command Injection. The vulnerability is due to the failure to neutralize special characters in the $ shell API, allowing attackers to execute arbitrary commands through crafted input...

Local File Inclusion (LFI)

Dagster is vulnerable to Local File Inclusion LFI. The vulnerability is due to improper validation of the notebookpath field in ExternalNotebookData requests, which allows an attacker to perform path traversal and read arbitrary files by bypassing the intended extension-based check...

Cross-Site Scripting (XSS)

aim is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the lack of sanitization or sandboxing in the /api/reports endpoint, which allows an attacker to execute arbitrary JavaScript in victims' browsers through malicious Python code interpreted by pyodide.code.runjs when the...

Missing Origin Validation In WebSockets

Next.js is vulnerable to Missing Origin Validation in WebSockets . The vulnerability is due to limited source code exposure in local development mode when the App Router is enabled, which allows an attacker to trick a user into visiting a malicious webpage while npm run dev is active, potentially...

Deserialization Of Untrusted Data

org.apache.inlong, manager-pojo is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to improper handling and validation of serialized data, allows attackers to inject malicious data that the system trusts and processes. Note: Specially due to secondary mining bypass for...

Server-Side Request Forgery (SSRF)

private-ip is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient input validation due to the failure to treat multicast IP addresses 224.0.0.0/4 as private, allowing attackers to bypass protections and make unauthorized requests...

Regular Expression Denial Of Service (ReDoS)

fastapi-guard is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to incomplete regex filtering due to an insufficient patch that fails to detect...

Sensitive Information Disclosure

github.com/goharbor/harbor is vulnerable to Sensitive Information Disclosure. The vulnerability is due to an ORM leak caused by improper filtering logic in the /api/v2.0/users endpoint, allowing administrators to extract password hash and salt values using the q URL parameter...

Server-Side Request Forgery (SSRF)

Apache Ranger is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper input validation due to the Edit Service Page in the UI allowing crafted requests that can trigger unintended internal or external network calls...

Cross-Domain Token Exposure

Ollama is vulnerable to Cross-Domain Token Exposure. The vulnerability is due to improper handling of the realm value in the WWW-Authenticate header by the /api/pull endpoint, which allows an attacker to steal authentication tokens and bypass access controls...

Insecure Direct Object Reference (IDOR)

in2code/powermail is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient access control on file download functionality, which allows an attacker to download arbitrary files from the webserver...

Improper Authentication

goauthentik.io is vulnerable to improper authentication. The vulnerability is due to deactivated users who registered or linked accounts via OAuth/SAML retaining partial access, which allows an attacker to authorize applications if they know the application URL, despite their account being...

Denial Of Service (DoS)

github.com/kyverno/kyverno is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of JMESPath variable substitutions, specifically the lack of validation for invalid JMESPath functions within policy expressions. It allows nil values to be injected into places where...

Cross-site Scripting (XSS)

Cadwyn is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to improper handling of the version parameter in the /docs endpoint, which allows an attacker to execute arbitrary JavaScript in a user's session via a one-click attack...

Server Side Request Forgery (SSRF)

com.xuxueli, xxl-job-core is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation in the httpJobHandler function of SampleXxlJob.java, which allows an attacker to send crafted requests to internal or external systems remotely...

Privilege Escalation

org.keycloak, keycloak-services is vulnerable to privilege escalation. The vulnerability is due to improper privilege enforcement when Fine-Grained Admin Permissions FGAPv2 are enabled, which allows an attacker with the manage-users role to escalate privileges to realm-admin...

Denial Of Service (DoS)

@hapi/subtext is vulnerable to Denial Of Service DoS. The vulnerability is due to improper parsing of the Content-Encoding HTTP header, which causes a system error on invalid values and is rethrown up the stack without handling, allowing an attacker to crash the application and shut down services...

Insecure Direct Object Reference (IDOR)

in2code/femanager is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient access control due to direct access to user data objects without proper authorization checks, allowing unauthorized modification of user data...

Missing Authorization

BackendAI is vulnerable to Missing Authorization. The vulnerability is due to session takeover caused by improper validation of session access, allowing attackers to hijack active sessions and access, steal, or alter session data...

Sensitive Information Disclosure

BackendAI is vulnerable to Sensitive Information Disclosure. The vulnerability is due to insecure session handling caused by exposing the sensitive data in active sessions, allowing attackers to retrieve user credentials from the management platform...

Missing Authentication

backend.ai is vulnerable to Missing Authentication. The vulnerability is due to improper access control caused by lack of authentication checks in the registration feature, allowing arbitrary users to create accounts and access private data even when registration is disabled...

Improper Access Control

@account-kit/smart-contracts is vulnerable to improper access control. The vulnerability is due to a security issue in old account deployment functions from the factory, which allows an attacker to potentially exploit outdated deployment mechanisms; however, smart wallets in use on all existing...

Command Injection

@translated/lara-mcp is vulnerable to command injection. The vulnerability is due to unsanitized input passed to childprocess.exec, which allows an attacker to inject and execute arbitrary system commands through shell metacharacters...

Improper Authentication

github.com/mattermost/mattermost-server is vulnerable to improper authentication. The vulnerability is due to the failure to negotiate a new token when accepting an invite, which allows an attacker who intercepts both the invite and password to send synchronization payloads to the original server...

Improper Authorization

github.com/mattermost/mattermost-server is vulnerable to Improper Authorization. The vulnerability is due to a failure to verify authorization when retrieving cached posts by PendingPostID, which allows an attacker to read posts from private channels they do not have access to by guessing the...

Path Traversal

Mattermost is vulnerable to Path Traversal. The vulnerability is due to insufficient input sanitization caused by failure to validate file attachment paths in the bulk import JSONL file, allowing a system admin to read arbitrary system files via path traversal...

Denial Of Service (DoS)

Starlette is vulnerable to Denial Of Service DoS. The vulnerability is due to blocking of the main event thread caused by improper handling of large multipart file uploads, where a bug in the UploadFile logic fails to anticipate memory rollover, blocking the application from accepting new...

Remote Code Execution (RCE)

dolibarr/dolibarr is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper input handling caused by insecure mechanisms that allow arbitrary command execution and access to sensitive files on the file system...

Improper Access Control

marshmallow-packages/nova-tiptap is vulnerable to Improper Access Control. The vulnerability is due to missing authentication middleware and lack of file validation on the /nova-tiptap/api/file endpoint, which allows an attacker to upload arbitrary files e.g., PHP scripts or binaries to any...

Use Of Hard-coded Credentials

@haxtheweb/haxcms-nodejs is vulnerable to Use of Hard-coded Credentials. The vulnerability is due to hardcoded default credentials and JWT private keys, followed by the lack of prompts or UI options to change them, which allows an attacker to gain unauthorized access to user or superuser accounts...

Cross-Site Scripting (XSS)

@haxtheweb/haxcms-nodejs is vulnerable to cross-site scripting. The vulnerability is due to the explicit disabling of the Content Security Policy CSP in the Helmet configuration in app.js, which allows an attacker to inject and execute malicious scripts in the context of the application...

Improper Input Validation

org.apache.jena, jena is vulnerable to Improper Input Validation. The vulnerability is due to lack of validation on file access paths in configuration files uploaded by administrators, which allows an attacker to upload arbitrary configurations and potentially manipulate system behavior...

Improper Authentication

@haxtheweb/haxcms-nodejs is vulnerable to improper authentication. The vulnerability is due to an insecure default configuration in the NodeJS backend that disables JWT checks by default, which allows an attacker to gain unauthorized access if the server is deployed without modifying these defaul...

Improper Access Control

org.apache.jena, jena-fuseki is vulnerable to improper access control. The vulnerability is due to insufficient validation or restriction on file path locations when administrators create database files in Apache Jena, allows creation of files outside the intended directory structure...

HTTP Parameter Pollution

form-data is vulnerable to HTTP Parameter Pollution HPP. The vulnerability is due to the use of weak randomness in generating boundary values in lib/formdata.js, which allows an attacker to perform HTTP Parameter Pollution HPP by manipulating form data...

Improper Input Validation

@haxtheweb/haxcms-nodejs is vulnerable to improper input validation. The vulnerability is due to the application not properly handling exceptions when required URL parameters are missing in authenticated API requests, which allows an attacker to crash the application via the listFiles and saveFil...

Cross-Site Scripting (XSS)

bagisto/bagisto is vulnerable to Cross-Site Scripting. The vulnerability is due to improper validation of uploaded SVG files, which allows an attacker to execute arbitrary code via a crafted file upload...

SQL Injection

github.com/uptrace/bun is vulnerable to SQL injection. The vulnerability is due to improper handling of SQL arguments in the appendArg function in /pgdriver/format.go, which allows an attacker to inject arbitrary SQL commands...

SQL Injection

github.com/go-pg/pg is vulnerable to SQL injection. The vulnerability is due to improper handling of input in the /types/appendvalue.go component, which allows an attacker to inject and execute arbitrary SQL commands...

Command Injection

Thor is vulnerable to Command Injection. The vulnerability is due to unsafe command construction caused by the library forming shell commands directly from user-controlled input...

Remote File Inclusion

librenms/librenms is vulnerable to Remote File Inclusion RFI. The vulnerability is due to unsafe dynamic file inclusion caused by the ajaxform.php endpoint using user-controlled POST input in the type parameter to include .inc.php files without proper validation or allowlisting, potentially leadi...

Remote Code Execution (RCE)

pyloadng is vulnerable to Path Traversal. The vulnerability is due to improper validation of uploaded filenames in the /json/upload endpoint, which allows an attacker to traverse directories and write arbitrary files to any location accessible to the pyLoad process...

Embedded Malicious Code

eslint-config-prettier is vulnerable to Embedded Malicious Code. The vulnerability is due to embedded malicious code caused by a compromised install.js script which executes node-gyp.dll malware on Windows during installation...

Clickjacking

@haxtheweb/haxcms-nodejs and elmsln/haxcms are vulnerable to Clickjacking. The vulnerability is due to missing anti-framing headers caused by the absence of X-Frame-Options or equivalent headers in both the CMS and generated sites, allowing unauthenticated attackers to embed sensitive pages in...

Cross-Site Scripting (XSS)

Liferay Portal Frontend Taglib module is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of user-supplied input in the keywords parameter of the management toolbar search, which allows an attacker to inject arbitrary web scripts or HTML...

Path Traversal

org.dspace, dspace-api is vulnerable to path traversal. The vulnerability is due to improper validation of file paths in the Simple Archive Format SAF importer, which allows an attacker to craft a malicious SAF package referencing arbitrary system files...

Cross-site Scripting (XSS)

@openlist-frontend/openlist-frontend is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper handling of .py files containing JavaScript within...