Privilege Escalation

k8s.io/kubernetes is vulnerable to Privilege escalation. The vulnerability is due to missing authorization checks during pod creation for dynamic resource claims, allowing a compromised node to create mirror pods that access unauthorized resources...

Improper Signature Verification

rfc3161-client is vulnerable to Improper Signature Verification. The vulnerability is due to insufficient signature validation due to failure to verify the Timestamp Response TSR signature against the timestamping leaf certificate, allowing attackers to forge signatures that appear valid if the...

Server Side Request Forgery (SSRF)

mlflow is vulnerable to missing input validation. The vulnerability is due to missing validation of the gatewaypath parameter in the gatewayproxyhandler function, allowing an attacker to manipulate the request path to access unintended internal endpoints or services...

Improper Access Control

Mattermost is vulnerable to Improper Access Control. The vulnerability is due to inadequate enforcement of channel member management permissions due to a flaw in how playbook run participants are handled when linked to channels, allowing unauthorized user modifications...

Remote Code Execution (RCE)

CrafterCMS is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper control of dynamically-managed code resources due to a Groovy Sandbox bypass that allows authenticated developers to execute OS commands...

Sensitive Information Disclosure

sentry-android is vulnerable to Sensitive Information Disclosure. The vulnerability is due to inadequate data masking of sensitive data appearing in Jetpack Compose text composables during Android session replays under specific configurations...

Cross-Site Scripting (XSS)

changedetectionio is vulnerable to cross-site scripting XSS. The vulnerability is due to improper input sanitization of filter errors in website page change detection watches, allows an attacker to inject and execute malicious scripts in the context of a victim's browser...

Signature Spoofing

pbkdf2 is vulnerable to Signature Spoofing. The vulnerability is due to improper validation of input parameters within the pbkdf2 library, allows an attacker to forge or spoof digital signatures, potentially bypassing authentication or integrity checks...

Host Header Injection

github.com/go-chi/chi is vulnerable to host header injection. The vulnerability is due to improper validation of the Host header in the RedirectSlashes function, allowing an attacker to manipulate redirects...

Remote Code Execution (RCE)

github.com/mattermost/mattermost-server is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper sanitization of filenames in uploaded archive files, which allows path traversal sequences to be processed during extraction...

Unauthorized Access

github.com/mattermost/mattermost-server is vulnerable to unauthorized access. The vulnerability is due to improper access control caused by a failure to correctly retrieve and validate requestorInfo for guest users, allowing attackers to access playbook runs without proper authorization...

Login IP Filter Bypass

DNN.PLATFORM is vulnerable to login IP filter bypass. The vulnerability is due to the ability to craft a special request or proxy, which allows an attacker to bypass IP-based access controls and perform unauthorized login attempts from disallowed IP addresses...

Cross-Site Scripting (XSS)

dnn.platform is vulnerable to cross-site scripting XSS. The vulnerability is due to improper input validation and sanitization in the Activity Feed Attachments endpoint, allowing malicious scripts to be injected and rendered...

Missing Authentication For Critical Function

Apache SeaTunnel is vulnerable to Missing Authentication For Critical Function. The vulnerability is due to insufficient access control and improper input validation due to unauthorized access to the /hazelcast/rest/maps/submit-job endpoint, allowing attackers to exploit the MySQL URL parameters...

Cross-Site Scripting (XSS)

DNN.PLATFORM is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient validation in the TokenReplace function and SkinObjects, which fail to handle specially crafted URLs, allowing attackers to inject and execute arbitrary scripts in the user's browser...

Regular Expression Denial Of Service (ReDoS)

PowSyBl is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression handling due to unvalidated user-supplied regex being compiled and evaluated in the RegexCriterion class, leading to potential CPU exhaustion...

Privilege Escalation

www.velocidex.com/golang/velociraptor is vulnerable to Privilege Escalation The vulnerability is due to the failure to enforce required permissions on the Admin.Client.UpdateClientConfig artifact, allowing users with COLLECTCLIENT permissions to update client configurations and potentially execut...

NTLM Hash Exposure

dnn.platform is vulnerable to NTLM hash exposure. The vulnerability is due to improper handling of authentication requests, allowing malicious interactions to redirect NTLM authentication hashes to an attacker-controlled SMB server...

Arbitrary Code Execution (ACE)

pterodactyl/panel is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to improper handling of the /locales/locale.json endpoint with locale and namespace query parameters, allowing unauthenticated attackers to execute arbitrary code...

Regular Expression Denial Of Service (ReDoS)

com.powsybl, powsybl-commons is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regex handling causing excessive backtracking, which allows an attacker to trigger high CPU usage and potentially crash or slow down the system...

Deserialization Of Untrusted Data

com.powsybl, powsybl-math is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to improper handling of serialized data in the SparseMatrix.read method, which allows malicious input to be deserialized in an unsafe manner...

Path Traversal

DotVVM is vulnerable to Path Traversal. The vulnerability is due to insufficient input validation allowing the attacker to access the arbitrary files when a FileResourceLocation is used and the application is running in Debug mode...

Path Traversal

pythona2a is vulnerable to Path traversal. The vulnerability is due to improper validation or sanitization of user-supplied file paths in the createworkflow function, allows an attacker to access arbitrary files on the server by crafting malicious input that traverses directories...

XML External Entity (XXE) Injection

PowSyBl is vulnerable to XML External Entity XXE. The vulnerability is due to the use of untrusted XML input in the XmlReader class, which can be exploited to read arbitrary files or perform unauthorized network requests...

Cross-Site Scripting (XSS)

Mezzanine CMS is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization in the displayablelinksjs function, allowing attackers to inject malicious JavaScript into blog post titles that executes in another admin's browser...

Remote Authentication Bypass

github.com/gravitational/teleport is vulnerable to remote authentication bypass. The vulnerability is due to a flaw in the authentication mechanism that improperly handles or validates user credentials or session data, allowing an attacker to gain unauthorized access to infrastructure systems...

Denial Of Service (DoS)

Apache Tomcat is vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient enforcement of resource limits or throttling mechanisms in Apache Tomcat when handling client requests, allows an attacker to exhaust system resources by sending excessive or continuous requests,...

Authentication Bypass

Apache Tomcat is vulnerable to Authentication Bypass. The vulnerability is due to improper handling of resource mounting paths PreResources or PostResources in Apache Tomcat, which allows access to resources via alternate, unprotected paths...

Server Side Request Forgery (SSRF)

@opennextjs/cloudflare is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to an unimplemented feature in the Cloudflare adapter for Open Next, allows unauthenticated users to proxy arbitrary remote content via the /next/image endpoint...

Denial Of Service (DoS)

Protobuf is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of deeply nested or recursive structures in the Pure-Python backend, leading to a RecursionError...

Improper Access Control

github.com/ubuntu/authd is vulnerable to Improper Access Control. The vulnerability is due to flawed temporary user record handling due to a defect in pre-auth NSS where first-time logins are mistakenly treated as part of the root group during the SSH session...

Denial Of Service (DoS)

org.apache.commons:commons-fileupload2-core is vulnerable to Denial of Service DoS. The vulnerability is due to insufficient resource limiting due to the allocation of resources for multipart headers without proper bounds, allowing attackers to exhaust system resources...

Directory Traversal

openc3-cosmos-tool-iframe is vulnerable to Directory Traversal. The vulnerability is due to improper input validation and insufficient sanitization of user-supplied input in the openc3-api/tables endpoint, allowing attackers to traverse directories and access unauthorized files...

Denial Of Service (DoS)

Liferay Portal is vulnerable to Denial Of Service DoS. The vulnerability is due to unrestricted saving of request parameters in the HTTP session, which allows remote attackers to consume system memory via crafted HTTP requests...

Path Traversal

Liferay is vulnerable to path traversal. The vulnerability is due to improper validation of the comliferayserveradminwebportletServerAdminPortletjarName parameter, which allows remote attackers to add or execute arbitrary files...

Denial Of Service (DoS)

Liferay Portal is vulnerable to Denial Of Service DoS. The vulnerability is due to missing or insufficient validation of GraphQL query depth and complexity, allows attackers to craft overly complex queries that overwhelm the server...

Use-After-Free

pycares is vulnerable to use-after-free. The vulnerability is due to improper lifecycle management of the Channel object, which allows it to be garbage collected while DNS queries are still pending...

Directory Traversal

openc3-cosmos-tool-iframe is vulnerable to Directory Traversal. The vulnerability is due to improper input validation and insufficient sanitization of path parameters in the /script-api/scripts/ endpoint, allowing attackers to access unauthorized directories...

Sensitive Information Disclosure

Weblate is vulnerable to Sensitive Information Disclosure. The vulnerability is due to inclusion of full IP addresses in audit log notifications, which could be accessed by third-party services like SMTP relays or spam filters...

Cross-site Scripting

starcitizentools/citizen-skin is vulnerable to arbitrary HTML injection. The vulnerability is due to the system messages in menu headings being inserted as raw HTML without proper sanitization, allowing untrusted users with the editinterface permission to inject arbitrary HTML into the DOM...

Authentication Bypass

Weblate is vulnerable to Authentication Bypass via Brute-Force. The vulnerability is due to missing rate limiting due to the absence of throttling on the second-factor OTP verification endpoint, which allows attackers to automate OTP guessing...

Cross-Site Scripting (XSS)

ibexa/fieldtype-richtext is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization and escaping in the back office components, allowing malicious scripts to be injected and stored...

Cross-site Scripting (XSS)

starcitizentools/citizen-skin is vulnerable to cross-site scripting XSS. The vulnerability is due to inadequate output encoding due to date messages returned by Language::userDate being directly inserted into raw HTML, allowing users with editinterface rights to inject arbitrary HTML...

HTML Injection

starcitizentools/citizen-skin is vulnerable to HTML injection. The vulnerability is due to unsanitized user-controlled input being directly inserted into raw HTML without proper validation or escaping, allowing an attacker to inject arbitrary HTML into the DOM and potentially perform Cross-Site...

Cross-Site Scripting (XSS)

ibexa/admin-ui is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of user-generated content, allowing attackers with Editor or Administrator privileges to inject persistent XSS payloads that can later execute in the front office...

HTML Injection

starcitizentools/citizen-skin is vulnerable to HTML Injection. The vulnerability is due to improper handling and lack of sanitization of user-editable messages that are directly rendered as HTML, allows an attacker to inject arbitrary HTML into the DOM...

Cross-Site Scripting (XSS)

ezsystems/ezplatform-admin-ui is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization and failure to properly escape in editable fields within the back office, allowing malicious scripts to be stored and later executed...

Denial Of Service (DoS)

Salt is vulnerable to Denial Of Service DoS. The vulnerability is due to unsanitized input handling due to the pubret method using an unvalidated jid value to construct a file path, which can be exploited to cause worker process hangs through crafted read operations...

Directory Traversal

org.noear:solon-faas-luffy is vulnerable to Directory Traversal. The vulnerability is due to improper input validation in the solon-faas-luffy component, which allows a remote attacker to conduct XSS attacks...

Directory Traversal

Salt is vulnerable to Directory Traversal. The vulnerability is due to improper input validation due to the recvfile method allowing arbitrary files to be written to the master cache directory through crafted path input...