38108 matches found
Improper Authorization
Salt is vulnerable to Improper Authorization. The vulnerability is due to improper authorization due to the master's minionevent method allowing authorized minions to inject arbitrary events into the master's event bus...
Deserialization Of Untrusted Data
goodby-csv is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to insecure deserialization due to the presence of classes that can be used in a gadget chain enabling remote code execution when deserializing untrusted data in a vulnerable application...
Remote Code Execution (RCE)
@modelcontextprotocol/inspector is vulnerable to Remote Code Execution RCE. The vulnerability is due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio...
Directory Traversal
Salt is vulnerable to a Directory traversal. The vulnerability is due to improper validation of file paths during cache creation, allowing attackers to write or overwrite files outside the intended cache directory...
Remote Code Execution (RCE)
Salt is vulnerable to Remote command execution. The vulnerability is due to improper input validation in the 'on demand' pillar functionality, allowing a specially crafted git URL to trigger arbitrary command execution on the master with elevated privileges...
Arbitrary Directory Creation Or File Deletion
salt is vulnerable to Arbitrary Directory Creation Or File Deletion. The vulnerability is due to lack of input validation on the tgtenv variable, which is used to construct file paths using os.path.join, allows attackers to supply malicious path components e.g., ../ to traverse directories...
File Overwrite
Salt is vulnerable to File overwrite. The vulnerability is due to unvalidated input used to construct paths in the VirtKey class when handling “on-demand pillar” data, allowing unauthorized file overwrites in the default configuration...
Improper Authentication
salt is vulnerable to Improper Authentication. The vulnerability is due to improper validation logic in the salt.auth.pki module, which treats the presence of a valid public certificate as sufficient for authentication without requiring the corresponding private key, allows an attacker to bypass...
Authorization Bypass
Salt is vulnerable to an Authorization Bypass. The vulnerability is due to improper validation of minion messages, allowing an attacker with access to a minion key to execute jobs on other minions...
HTTP Response Splitting
org.springframework:spring-web is vulnerable to HTTP Response Splitting. The vulnerability is due to improper input sanitization due to using unsanitized user-supplied input with non-ASCII charsets in ContentDisposition.BuilderfilenameString, Charset, allowing attackers to inject malicious conten...
Brute Force Attack
vantage6 is vulnerable to Brute Force Attack. The vulnerability is due to insufficient rate limiting due to the ability to make unlimited password change attempts using an authenticated session, allowing attackers to guess passwords...
Use Of Insufficiently Random Values
vantage6 is vulnerable to Use of Insufficiently Random Values. The vulnerability is due to insecure randomness of UUID1 for auto-generating JWT secret keys, which is partially predictable and not cryptographically secure...
Denial Of Service (DoS)
libtomcrypt.so, is vulnerable to integer overflow. The vulnerability is due to an integer overflow flaw in the embedded libtommath library used by Perl CryptX, which allows an attacker to trigger a crash or cause unexpected behavior, potentially leading to Denial of Service DoS...
Integer Overflow
github.com/cosmwasm/wasmd is vulnerable to integer overflow. The vulnerability is due to a contract error being ignored during IBC channel initialization, allowing the channel to open despite the error...
HTML Injection
starcitizentools/citizen-skin is vulnerable to Arbitrary HTML injection. The vulnerability is due to system messages being inserted into the DOM as raw HTML, allowing users with editinterface rights to inject content without needing editsitejs permissions...
Incorrect Privilege Assignment Vulnerability
github.com/hashicorp/nomad is vulnerable to Incorrect Privilege Assignment. The vulnerability is due to a flawed implementation of prefix-based ACL policy lookup, which can cause rules to be incorrectly matched or shadowed, allowing an attacker to bypass intended access restrictions and potential...
Mass Assignment Attack
org.springframework, spring-context is vulnerable to Mass Assignment Attack. The vulnerability is due to incomplete enforcement of the disallowedFields mechanism, which allows certain request parameters to bypass intended binding restrictions even after applying locale-independent lowercase...
Man-In-The-Middle (MITM)
org.postgresql:postgresql is vulnerable to Man-In-The-Middle MITM. The vulnerability is due to improper enforcement of channel-binding requirements in the driver allowing authentication methods that do not support channel binding e.g., password, MD5, GSS, SSPI even when channel binding is set to...
Arbitrary File Read
org.apache.kafka, kafka-clients is vulnerable to Arbitrary File Read. The vulnerability is due to the lack of proper validation and restriction on the sasl.oauthbearer.token.endpoint.url and sasl.oauthbearer.jwks.endpoint.url configuration fields, which allows the use of arbitrary URLs, including...
Denial Of Service (DoS)
org.apache.kafka, kafka-clients is vulnerable to Denial Of Service DoS. The vulnerability is due to insecure SASL JAAS JndiLoginModule configuration in the Kafka Connect API and brokers, which allows attackers with AlterConfigs permission to exploit the system...
Remote Code Execution (RCE)
.NET is vulnerable to Remote Code Execution RCE. The vulnerability is due to insecure file handling due to the ability of an attacker to place files in specific locations that can trigger execution of unintended code...
LDAP Injection
Mattermost is vulnerable to LDAP Injection. The vulnerability is due to improper validation due to failure to sanitize LDAP group ID attributes in the /api/v4/ldap/groups/remoteid/link API when objectGUID is used as the Group ID Attribute...
Unauthorized Information Disclosure
github.com/mattermost/mattermost-server is vulnerable to Unauthorized Information Disclosure. The vulnerability is due to insufficient restriction of API access, allowing guest users to view information about public teams they are not members of via direct API calls...
Remote Code Execution (RCE)
org.apache.kafka, kafka is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation and unrestricted setting of the sasl.jaas.config property in Kafka Connect configurations, which allows an attacker to specify malicious LDAP login modules that trigger unsafe Java...
Low-order Point Validation Failure
github.com/cloudflare/circl is vulnerable to low-order point validation failure. The vulnerability is due to the failure to validate user-supplied low-order points during the Diffie-Hellman key exchange, which can allow attackers to force the identity point and compromise session security...
Regular Expression Denial Of Service (ReDoS)
brace-expansion is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient handling of complex or nested patterns in regular expressions within the expand function of the file index.js, allows an attacker to remotely cause excessive resource consumption...
Incorrect Access Control
Erxes is vulnerable to Incorrect Access Control. The vulnerability is due to authentication bypass due to improper validation of the User HTTP header, allowing attackers to impersonate users and access any GraphQL endpoint...
Path Traversal
Erxes is vulnerable to Path Traversal. The vulnerability is due to improper input validation due to insufficient sanitization of file paths in the importHistoriesCreate GraphQL mutation handler, allowing authenticated attackers to write to arbitrary files...
Remote Code Execution (RCE)
Nautobot is vulnerable to Remote Code Execution. The vulnerability is due to insufficient sandboxing due to improper security configuration of the Jinja2 templating feature, allowing malicious users to access secrets or call Python APIs to modify data, bypassing object permissions...
Denial Of Service (DoS)
octoprint is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of malformed multipart/form-data requests due to an endless loop triggered by a missing end boundary, which causes the single-threaded Tornado web server to become unresponsive...
Arbitrary File Exfiltration
octoprint is vulnerable to Arbitrary file exfiltration. The vulnerability is due to insufficient restrictions on file movement by users with FILEUPLOAD permission, allowing files readable by OctoPrint to be moved into the upload folder and downloaded...
Path Traversal
Erxes is vulnerable to a Path Traversal. The vulnerability is due to improper validation in the /read-file endpoint handler, allowing an unauthenticated attacker to read arbitrary files from the system...
Unauthorized Access To Uploaded Media Files
Nautobot is vulnerable to unauthorized access to uploaded media files. The vulnerability is due to improper access control on the file-serving endpoint, allowing attackers to access and download sensitive files without authentication by guessing or knowing their URLs...
Credential Leakage
Requests is vulnerable to credential leakage. The vulnerability is due to a URL parsing issue that may expose .netrc credentials to third parties for specially crafted URLs, allowing attackers to exfiltrate sensitive authentication data...
Improper Restriction Of Rendered UI Layers Or Frames
@haxtheweb/haxcms-nodejs is vulnerable to Improper Restriction of Rendered UI Layers or Frames. The vulnerability is due to lack of validation or sanitization of user-supplied URLs in iframe website blocks via malicious iframe embedding, allowing attackers to embed attacker-controlled sites and...
OS Command Injection
@haxtheweb/haxcms-nodejs is vulnerable to OS command injection. The vulnerability is due to insufficient input validation in the gitImportSite functionality, which allows attacker-controlled input to reach the procopen function through a crafted URL string...
Denial Of Service (DoS)
github.com/pion/interceptor is vulnerable to Denial of Service DoS. The vulnerability is due to improper input validation in the RTP packet factory that fails to correctly validate padding length, allowing crafted RTP packets to trigger a panic in Pion-based SFUs...
Environment Variable Exposure
github.com/knadh/listmonk is vulnerable to Environment Variable Exposure. The vulnerability is due to the use of env and expandenv template functions in Sprig, which allows non-super-admin users to capture sensitive environment variables in multi-user installations...
Regular Expression Denial Of Service (ReDoS)
@vue/cli-plugin-pwa is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to unsafe regex handling in the HtmlPwaPlugin component of the Markdown code handler, which can be exploited remotely to degrade performance...
Denial Of Service (DoS)
github.com/kuadrant/authorino is vulnerable to Denial of Service DoS. The vulnerability is due to the lack of limits on post-authorization callbacks, allowing an attacker with developer persona access to overload the service...
Regular Expression Denial Of Service (ReDoS)
taro-css-to-react-native is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression complexity due to unsafe regex processing in css-to-react-native/src/index.js, which may be exploited remotely to cause performance degradation...
Denial Of Service (DoS)
github.com/kuadrant/authorino is vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient access control or privilege enforcement, allowing an attacker to disrupt or shut down the Authorino service, blocking the evaluation of all authentication policies on the cluster...
Deserialization Of Untrusted Data
org.apache.inlong, inlong-manager is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to Improper handling of input parameter, which allows an authenticated attacker to read arbitrary files on the server by exploiting the deserialization flaw through crafted input...
Cross-Site Scripting (XSS)
barryvdh/laravel-translation-manager is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to incorrect input validation and sanitization of user-input data, allowing attackers to inject arbitrary HTML or JavaScript code...
Ttemplate Injection
skyvern is vulnerable to Template injection . The vulnerability is due to improper handling of Jinja templates in sdk/workflow/models/block.py, which allows unintended data to be exposed at runtime...
Local File Inclusion (LFI)
elmsln/haxcms is vulnerable to Local File Inclusion LFI. The vulnerability is due to improper input validation in the saveOutline endpoint, allowing low-privileged authenticated users to manipulate the location field in site.json and access arbitrary files on the server...
Cross-Site Scripting (XSS)
elmsln/haxcms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization in the saveNode and saveManifest endpoints, allowing arbitrary JavaScript execution through non-script HTML tags stored in the site's JSON schema...
Arbitrary Code Injection
org.hibernate.validator:hibernate-validator is vulnerable to Arbitrary Code Injection. The vulnerability is due to expression language injection due to interpolation of user-supplied input in constraint violation messages using Expression Language, which may allow attackers to access sensitive da...
Log Injection
Django is vulnerable to log injection. The vulnerability is due to unescaped user input in request.path during internal HTTP response logging, allowing attackers to manipulate logs, forge entries, or hide malicious activity...
Insertion Of Sensitive Information Into Log Files
com.erudika, para-server is vulnerable to Insertion Of Sensitive Information Into Log Files. The vulnerability is due to logging full request URLs, including sensitive access tokens, in WARN-level logs during failed Facebook profile requests. It allows an attacker with access to the logs or log...