HTTP Desynchronisation Attack

Apache HTTP Server modssl is vulnerable to an HTTP desynchronisation Attack. The vulnerability is due to the use of SSLEngine optional for enabling TLS upgrades, which allows a man-in-the-middle attacker to exploit request desynchronisation and hijack an active HTTP session during the TLS upgrade...

Use After Free

Apache HTTP Server is vulnerable to Use After Free. The vulnerability is due to improper memory handling where memory is released after its effective lifetime, which allows an attacker to trigger use-after-free conditions that could lead to a crash or potentially arbitrary code execution...

Stack-based Buffer Overflow

International Components for Unicode ICU is vulnerable to a Stack-based Buffer Overflow. The vulnerability is due to improper handling of the ‘subtag’ struct in the SRBRoot::addTag function while running the genrb binary, which allows an attacker to cause memory corruption and achieve local...

Buffer Overflow

Matplotlib is vulnerable to Buffer Overflow. The vulnerability is due to improper handling of buffer boundaries due to insufficient input validation in certain parsing functions...

Local Privilege Escalation

Sudo is vulnerable to local privilege escalation. The vulnerability is due to the use of a user-controlled /etc/nsswitch.conf file when running with the --chroot option, which allows an attacker to obtain root access on the system...

Improper Access Control

org.apache.zeppelin, zeppelin-server, interpreter is vulnerable to Improper Access Control. The vulnerability is due to the raft server protocol being accessible without authentication, which allows an attacker to view server resources including directories and files...

Information Disclosure

Indico is vulnerable to information disclosure. The vulnerability is due to an endpoint exposing user details such as name, affiliation, and email in bulk when listed in certain fields like ACLs, which allows an attacker to retrieve basic user information without proper authorization...

HTTP Request Smuggling

aiohttp is vulnerable to HTTP request smuggling. The vulnerability is due to improper parsing of trailer sections in HTTP requests when the pure Python version of aiohttp is used or the AIOHTTPNOEXTENSIONS flag is enabled, which allows an attacker to smuggle HTTP requests and potentially bypass...

Arbitrary Code Execution (ACE)

job-iteration is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to improper handling of input in the CsvEnumerator class, which allows an attacker to execute arbitrary commands on the host system by exploiting unsanitized file paths or untrusted input...

Cross-site Scripting (XSS)

org.xwiki.rendering:xwiki-rendering-syntax-xhtml is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the XHTML syntax relying on the xdom+xml/current syntax, which allows insertion of arbitrary HTML including JavaScript, enabling XSS for users with document editing rights...

Remote Code Execution (RCE)

org.xwiki.rendering:xwiki-rendering-transformation-macro is vulnerable to Remote Code Execution RCE. The vulnerability is due to the macro content parser failing to preserve the restricted attribute in the transformation context, allowing execution of normally forbidden macros like script macros ...

Cross-Site Scripting (XSS)

roundup is vulnerable to cross-site scripting XSS. The vulnerability is due to improper sanitization of user-supplied input in URLs when interacting with issue tracker templates devel and responsive, which allows an attacker to inject and execute arbitrary scripts in the context of a user's brows...

Denial Of Service (DoS)

libp2p is vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient validation of RSA key sizes, which allows an attacker to send a large RSA key and exhaust system resources...

XML External Entity (XXE) Injection

org.apache.jackrabbit, jackrabbit-spi-commons, jackrabbit-core is vulnerable to XML External Entity XXE injection. The vulnerability is due to the use of an unsecured document builder to load privileges, which allows an attacker to exploit XXE and potentially access sensitive files or perform...

Server-side Template Injection

binarytorch/larecipe is vulnerable to Server-side Template Injection SSTI. The vulnerability is due to improper handling of user input in template rendering, which allows an attacker to inject malicious templates and potentially achieve Remote Code Execution RCE in vulnerable server configuration...

Denial Of Service (DoS)

org.apache.tomcat:tomcat-coyote is vulnerable to Denial Of Service DoS. The vulnerability is due to failure to handle cases where an HTTP/2 client does not acknowledge the initial settings frame, allowing excessive concurrent streams and leading to resource exhaustion...

Denial Of Service (DoS)

org.apache.tomcat:tomcat-catalina is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of multipart upload size limits due to an integer overflow in certain multipart upload configurations, which can bypass configured size restrictions and lead to denial of servic...

Denial Of Service (DoS)

com.nimbusds:nimbus-jose-jwt is vulnerable to Denial Of Service DoS. The vulnerability is due to uncontrolled recursion due to lack of validation on JSON object nesting depth in JWT claim sets, allowing remote attackers to exhaust system resources with deeply nested structures...

Heap Buffer Overflow

ExecuTorch is vulnerable to Heap Buffer Overflow. The vulnerability is due to improper handling of buffer boundaries during the loading of ExecuTorch methods, which allows an attacker to cause a runtime crash and potentially execute arbitrary code...

OS Command Injection

james-heinrich/phpthumb is vulnerable to OS Command Injection. The vulnerability is due to improper sanitization of crafted parameter values in phpthumb.gif.php, which allows an attacker to execute arbitrary operating system commands...

Denial Of Service (DoS)

org.apache.commons, commons-lang3 is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of long input strings in the ClassUtils.getClass... method, which allows an attacker to trigger a StackOverflowError...

Regular Expression Denial Of Service (ReDoS)

Transformers is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to the use of a vulnerable regex pattern in the DonutProcessor.token2json method, which allows an attacker to craft malicious input causing excessive CPU consumption through catastrophic backtrackin...

Cache Deception

better-call is vulnerable to cache deception. The vulnerability is due to insufficient path sanitization during request processing, which allows an attacker to craft deceptive URLs that mimic static assets and bypass CDN cache exclusion rules...

Sensitive Information Disclosure

github.com/juju/juju is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the /log endpoint allowing any authenticated user to read debug log messages, which may contain sensitive information, without requiring specific permissions...

Sensitive Information Disclosure

universal-omega/dynamic-page-list3 is vulnerable to Sensitive Information Disclosure. The vulnerability is due to certain dpl parameters revealing usernames that were meant to be hidden via revision deletion, suppression, or the hideuser block flag...

Sensitive Information Disclosure

parse-server is vulnerable to Sensitive Information Disclosure. The vulnerability is due to allowing public introspection of schema metadata without requiring a session token or master key, potentially aiding attackers in mapping the API surface...

Path Traversal

github.com/ctfer-io/chall-manager is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths during zip extraction due to missing checks on extracted file paths, allowing attackers to write files outside the intended directory when decoding scenario zip archive...

Account Takeover

org.keycloak, keycloak-services is vulnerable to Account Takeover. The vulnerability is due to insufficient validation during account merging and email verification, which allows an attacker to change their email to the victim's address and trigger a verification email to the victim...

Hash Collision Attack

llamaindex is vulnerable to Hash Collision Attack. The vulnerability is due to the use of MD5 hashing for generating document chunk IDs, which allows an attacker to exploit hash collisions by creating structurally distinct chunks with identical text...

Cross-Site Scripting (XSS)

@pdfme/common is vulnerable to cross-site scripting XSS. The vulnerability is due to improper handling of expression evaluation, which allows an attacker to escape the sandbox environment and execute arbitrary code or manipulate object prototypes to perform XSS and other malicious actions...

Denial Of Service (DoS)

github.com/ctfer-io/chall-manager is vulnerable to Denial Of Service DoS. The vulnerability is due to the HTTP Gateway accepting headers indefinitely, enabling Slowloris attacks without requiring authentication or authorization...

Denial Of Service (DoS)

github.com/ctfer-io/chall-manager is vulnerable to Denial Of Service DoS. The vulnerability is due to the lack of size validation when decoding zip archives, which allows an attacker to exploit the system using zip bomb decompression without requiring authentication or authorization...

Race Condition Vulnerability

org.apache.tomcat, tomcat-util is vulnerable to Race Condition Vulnerability. The vulnerability is due to improper synchronization in the APR/Native connector when handling client-initiated HTTP/2 connection closures, which allows an attacker to exploit race conditions potentially leading to...

Sensitive Information Exposure

docusaurus-plugin-content-gists is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper handling of configuration options that include GitHub Personal Access Tokens, which are inadvertently embedded into client-side JavaScript bundles during the production build,...

Unauthorized Volume Mount

github.com/edgelesssys/contrast is vulnerable to Unauthorized Volume Mount. The vulnerability is due to unexpected interpretation of VOLUME directives due to containerd automatically creating mount points from VOLUME directives or config.volumes in OCI images even when Kubernetes has not explicit...

OS Command Injection

mcp-remote is vulnerable to OS command injection. The vulnerability is due to crafted input from the authorizationendpoint response URL when connecting to untrusted MCP servers, which allows an attacker to execute arbitrary operating system commands...

Path Traversal

llamaindexreadersobsidian is vulnerable to path traversal. The vulnerability is due to improper handling of hardlinks in the loaddata method of the ObsidianReader class, which allows an attacker to bypass path restrictions and access sensitive files such as /etc/passwd...

Improper Verification Of Cryptographic Signature

Clerk is vulnerable to improper verification of cryptographic signature. The vulnerability is due to the use of the verifyWebhook helper, which may accept improperly signed webhook events, allowing an attacker to forge webhook requests and potentially trigger unauthorized actions...

Stack Overflow

llamaindexcore is vulnerable to stack overflow. The vulnerability is due to unsafe recursive traversal without depth validation, which allows an attacker to submit deeply nested JSON structures and trigger a Denial of Service DoS by causing a RecursionError and crashing the application...

Timing Attack

parisneo/lollms is vulnerable to timing attack. The vulnerability is due to the use of Python's default string equality operator for password comparison, which causes variable response times based on matching characters — allowing an attacker to enumerate valid usernames and incrementally guess...

Information Disclosure

@cloudflare/vite-plugin is vulnerable to information disclosure. The vulnerability is due to the default configuration exposing all files via the local development server, which allows an attacker to access sensitive files like .env and .dev.vars that may contain secrets...

Denial Of Service (DoS)

github.com/babylonlabs-io/babylon is vulnerable to Denial Of Service DoS. The vulnerability is due to sending a message that modifies the validator set exactly at the epoch boundary, which allows an attacker to halt the blockchain by disrupting consensus progression...

Denial Of Service (DoS)

@builder.io/qwik-city is vulnerable to Denial Of Service DoS. The vulnerability is due to the server not handling errors thrown when an invalid QRL function qfunc is sent, which allows an attacker to crash the Node.js server by triggering an unhandled exception...

Command Injection

mcp-server-kubernetes is vulnerable to Command Injection. The vulnerability is due to unsanitized command execution due to direct use of unvalidated user input in childprocess.execSync, allowing injection of shell metacharacters and execution of arbitrary system commands...

Path Traversal

llama-index-core is vulnerable to Path Traversal. The vulnerability is due to insufficient sanitization of the imagepath parameter in the encodeimage function, allowing attackers to access arbitrary files on the server...

Directory Traversal

Dagster is vulnerable to Directory Traversal. The vulnerability is due to improper input sanitization due to the /logs endpoint allowing crafted requests that can access sensitive files, particularly those with names starting with a dot...

Improper Input Validation

transformers is vulnerable to improper input validation. The vulnerability is due to insecure URL validation using the startswith method in imageutils.py, which allows an attacker to exploit URL username injection to craft deceptive URLs that appear to originate from trusted sources like YouTube,...

Regular Expression Denial Of Service (ReDoS)

transformers is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to the use of a vulnerable regular expression pattern config\..\.json in the getconfigurationfile function within the transformers.configurationutils module, which allows an attacker to craft...

Remote Code Execution (RCE)

bolt/bolt is vulnerable to remote code execution RCE. The vulnerability is due to unsanitized rendering of user-controlled input PHP code injection in the displayname field in backend templates, followed by abuse of session file manipulation endpoints which allows an attacker to create a web shel...

Open Redirect

better-auth is vulnerable to open redirect. The vulnerability is due to improper validation of user-supplied URLs in the originCheck middleware, which allows an attacker to redirect users to arbitrary external sites via crafted requests to routes such as /verify-email, /reset-password/:token,...