38108 matches found
Cross-site WebSocket Hijacking
webpack-dev-server is vulnerable to Cross-site WebSocket hijacking. The vulnerability is due to improper Origin header validation, which permits IP address origins, allows attackers to hijack WebSocket connections and steal source code via malicious websites...
Denial Of Service (DoS)
github.com/coredns/coredns is vulnerable to Denial of Service DoS. The vulnerability is due to lack of limits on concurrent QUIC streams and goroutines per connection, allowing an attacker to exhaust memory by opening many streams simultaneously...
Authorization Bypass
github.com/authzed/spicedb is vulnerable to Authorization Bypass. The vulnerability is due to improper handling of caveated branches during permission checks in schemas with caveats on arrow’ed relations, allowing an attacker to deny legitimate access and disrupt authorized operations for valid...
Information Disclosure
com.fasterxml.jackson.core, jackson-core is vulnerable to information disclosure. The vulnerability is due to incorrect handling of byte array offsets in the JsonLocation.appendSourceDesc method, causing exception messages to leak unintended memory content, allows an attacker to access sensitive...
SQL Injection
llamaindex is vulnerable to SQL Injection. The vulnerability is due to SQL injection due to improper handling of user input in multiple vector store integrations, allowing attackers to manipulate SQL queries and access or modify unauthorized data...
Timing Side-channel Attack
signxml is vulnerable to a Timing side-channel attack. The vulnerability is due to information leakage during HMAC comparison when requirex509=False and hmackey is used, allowing attackers to infer the correct HMAC...
Algorithm Confusion
signxml is vulnerable to an Algorithm Confusion. The vulnerability is due to Improper enforcement of signature algorithm restrictions are not properly enforced when hmackey is set and requirex509 is disabled, allowing an attacker to bypass verification by using a different signing algorithm inste...
Arbitrary File Upload
xyz.erupt, erupt is vulnerable to arbitrary file upload. The vulnerability is due to improper validation in the /upload/GoodsCategory/image component, allowing attackers to upload crafted files and execute arbitrary code...
Sensitive Information Disclosure
yiisoft/yii2-redis is vulnerable to Sensitive Information Disclosure. The vulnerability is due to information disclosure due to authentication credentials username and password being logged in plain text during failed connection attempts...
Denial Of Service (DoS)
Multer is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of file upload requests with empty string field names, allowing an attacker to crash the server with a crafted request...
Unauthorized Information Disclosure
@haxtheweb/open-apis is vulnerable to unauthenticated information disclosure. The vulnerability is due to improper access control on the haxPsuUsage API endpoint, allowing remote unauthenticated users to retrieve a list of PSU websites hosted on HAX CMS...
Unauthenticated Remote Code Execution (RCE)
github.com/kro-run/kro is vulnerable to Unauthenticated Remote code execution RCE. The vulnerability is due to a confused-deputy scenario, where users with permission to create or modify ResourceGraphDefinition resources can supply arbitrary container images that kro's controllers deploy and run ...
Deserialization Of Untrusted Data
auth0/auth0-php is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to insecure deserialization due to the SDK processing untrusted cookie data without authentication, allowing attackers to inject malicious serialized payloads...
Sensitive Information Disclosure
@auth0/nextjs-auth0 is vulnerable to Sensitive Information Disclosure. The vulnerability is due to missing cache control headers due to session cookies being cached by CDNs, potentially exposing sensitive session information to unauthorized users...
Unauthorized Configuration Manipulation
Jupyter Core is vulnerable to Unauthorized Configuration Manipulation. The vulnerability is due to improper access control on the %PROGRAMDATA% directory, allowing unprivileged users to write configuration files that affect other users on shared Windows systems...
Exposed Dangerous Method Or Function
webpack-dev-server is vulnerable to source code exposure. The vulnerability is due to lack of proper origin checks due to requests for classic scripts not being subject to the same-origin policy, allowing attackers to inject malicious scripts that extract source code if the port and script path a...
Path Traversal
Python tarfile module is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths during extraction with TarFile.extractall or TarFile.extract when using the filter="data" or filter="tar" parameter, which allows an attacker to craft a malicious tar archive that...
Cross-site Scripting (XSS)
github.com/forceu/gokapi is vulnerable to Stored Cross-site Scripting XSS. The vulnerability is due to improper input sanitization in the API key renaming feature, which allowed authenticated users to inject JavaScript that would execute when another user accessed the API tab...
Path Traversal
astrbot is vulnerable to a Path Traversal. The vulnerability is due to improper validation or sanitization of file path inputs, allowing attackers to access files outside the intended directories...
Improper File Validation
umbraco.cms is vulnerable to improper file validation. The vulnerability is due to insufficient checks on uploaded file extensions, allowing bypass of configured restrictions via manipulated API requests...
Privilege Escalation
org.wso2.am, am-parent, org.wso2.is, identity-server-parent are vulnerable to privilege escalation. The vulnerability is due to improper validation and access control in the SOAP admin services, which allows attackers to assign elevated privileges to self-registered users under specific deploymen...
Improper Input Validation
github.com/fabiolb/fabio is vulnerable to Improper Input Validation. The vulnerability is due to insecure header handling due to a flaw in processing hop-by-hop headers, allowing clients to remove or manipulate trusted X-Forwarded headers via the Connection header...
Cross-site Scripting (XSS)
github.com/forceu/gokapi is vulnerable to stored cross-site scripting XSS. The vulnerability is due to insufficient sanitization and validation of filenames with embedded JavaScript, allows an attacker to execute malicious JavaScript code in the context of other users’ browsers...
Null Pointer Dereference
github.com/quic-go/quic-go is vulnerable to a Nil-Pointer Dereference. The vulnerability is due to improper handling of ACKs for path probe packets, where they are crafted and sent by a malicious client in a way that triggers the nil-pointer dereference in the server's loss recovery logic, It...
Directory Traversal
tar-fs is vulnerable to Directory traversal. The vulnerability is due to improper path validation during tarball extraction, allowing attackers to write files outside the target directory and potentially overwrite system files or inject malicious content...
Sensitive Data Exposure
django-helpdesk is vulnerable to Sensitive Data Exposure. The vulnerability is due to insecure file permission settings due to os.umask0 in models.py, allows an attacker to access sensitive files or data that should be protected...
Improper Authentication
Mattermost is vulnerable to Improper Authentication. The vulnerability is due to insecure OAuth credential handling due to failure to clear Google OAuth credentials when converting user accounts to bot accounts, enabling unauthorized access via the Google OAuth signup flow...
Server-Side Request Forgery (SSRF)
mcp-markdownify-server is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper input validation due to the Markdownify.get function allowing attacker-controlled URLs to be fetched and their responses read via conversion tools like webpage-to-markdown,...
Improper Token Invalidation
github.com/mattermost/mattermost-server is vulnerable to improper token invalidation. The vulnerability is due to failure to invalidate personal access tokens upon user deactivation, allowing continued access through previously issued tokens...
Improper Access Control
github.com/mattermost/mattermost-server is vulnerable to improper access control. The vulnerability is due to insufficient enforcement of access restrictions, which allows guest users to access metadata about members of public channels via the channel members API endpoint...
Improper Access Control
github.com/mattermost/mattermost-server is vulnerable to improper access control. The vulnerability is due to insufficient enforcement of access restrictions for System Manager roles, allowing users to access unauthorized team details via direct API requests even when configured with 'No access' ...
Information Disclosure
com.erudika, para-server is vulnerable to Information disclosure. The vulnerability is due to unredacted logging of access and secret keys during variable assignment, which is unnecessary for debugging or system health, allows an attacker with access to the logs to obtain sensitive credentials...
Improper Handling Of Case Sensitivity
org.apache.tomcat, tomcat-catalina is vulnerable to improper handling of case sensitivity. The vulnerability is due to inconsistent case sensitivity handling in the pathInfo component of URIs mapped to the CGI servlet, which allows security constraints to be bypassed...
SQL Injection
Apache Superset is vulnerable to SQL injection. The vulnerability is due to improper input handling in the sqlExpression fields, allowing attackers to inject sub-queries and bypass row-level security...
Spoofing Attack
org.springframework.cloud, spring-cloud-gateway-server is vulnerable to Spoofing Attack. The vulnerability is due to insufficient validation of X-Forwarded-For and Forwarded headers from untrusted proxies, allowing attackers to spoof client IP addresses...
Arbitrary Command Execution
github.com/cli/go-gh is vulnerable to Arbitrary command execution. The vulnerability is due to unsafe handling of GitHub-provided URLs, allowing an attacker-controlled GitHub Enterprise Server to replace HTTP URLs with local file paths that could be executed on the user's machine...
Improper Access Control
github.com/mattermost/mattermost-server is vulnerable to improper access control. The vulnerability is due to insufficient permission checks when changing team privacy settings, allowing unauthorized team administrators to access and modify team invite IDs via the /api/v4/teams/:teamId/privacy...
Permission Verification Flaw
github.com/navidrome/navidrome is vulnerable to a permission verification flaw. The vulnerability is due to insufficient permission verification, allowing regular authenticated users to perform administrator-only transcoding configuration operations...
Arbitrary File Copy
gradio is vulnerable to an Arbitrary File Copy. The vulnerability is due to insufficient validation and access control in the flagging feature, which allows unauthenticated users to specify arbitrary file paths for copying without proper restrictions...
SQL Injection
github.com/navidrome/navidrome is vulnerable to SQL injection. The vulnerability is due to improper input validation of the role parameter in the /api/artist API endpoint, allowing attackers to inject arbitrary SQL queries...
XML External Entity (XXE) Injection
PHPOffice/math is vulnerable to XML External Entity XXE injection. The vulnerability is due to improper XML parsing using the LIBXMLDTDLOAD flag without filtering, allowing external entity resolution when loading XML data...
Unauthorized File Disclosure
mcp-markdownify-server is vulnerable to Unauthorized File Disclosure. The vulnerability is due to improper access control due to the get-markdown-file tool allowing external prompts to read arbitrary files from the host system...
Denial Of Service (DoS)
vLLM is vulnerable to Denial of Service DoS. The vulnerability is due to improper input validation that accepts unexpected or malformed pattern and type fields in tool-related requests, which can crash the inference worker...
Denial Of Service (DoS)
vllm is vulnerable to Denial of Service ReDoS. The vulnerability is due to improper handling of invalid regular expressions in structured output, which allows an attacker to crash the server by submitting a crafted regex...
Denial Of Service (DoS)
vllm is vulnerable to a Denial of service DoS. The vulnerability is due to improper handling of invalid jsonschema in the /v1/completions API’s Guided Param, which allows an attacker to cause a denial of service by crashing the server...
Hash Collision Attack
vllm is vulnerable to hash collision and data integrity issues. The vulnerability is due to improper image serialization using only raw pixel bytes without metadata, allowing attackers to create images with identical hashes and exploit cache poisoning or access sensitive data...
Timing Side-channel Attacks
vllm is vulnerable to Timing side-channel attacks. The vulnerability is due to timing discrepancies during the prefill phase by the PageAttention mechanism reusing matching prefix chunks, which speeds up token generation and allows an attacker to infer prompt similarity or presence...
Improper Certificate Validation
redshift-connector is vulnerable to Improper Certificate Validation. The vulnerability is due to improper SSL certificate validation due to the BrowserAzureOAuth2CredentialsProvider plugin skipping SSL verification for the Identity Provider, allowing token interception...
Sensitive Information Disclosure
github.com/edgelesssys/contrast is vulnerable to information disclosure. The vulnerability is due to improper logging configuration due to secrets being written to stderr and Kubernetes logs when the log level is set to info or debug, which is the default...
Improper Access Control
Apache Commons BeanUtils is vulnerable to Improper Access Control. The vulnerability is due to insecure property access due to failure to restrict access to the declaredClass property of Java enums, allowing attackers to access the classloader and potentially execute arbitrary code...