Open Redirection

mautic/core is vulnerable to Open Redirection. The vulnerability is due to insufficient validation of the returnUrl parameter, which allows an attacker to redirect users to arbitrary external websites, potentially enabling phishing attacks...

Regular Expression Denial Of Service (ReDoS)

vLLM is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to the use of a highly complex and nested regular expression for tool call detection, which allows an attacker to trigger excessive backtracking and degrade service performance...

Insecure Direct Object Reference (IDOR)

mautic/core is vulnerable to an Insecure Direct Object Reference IDOR. The vulnerability is due to missing authorization checks in the segment cloning function, which allows authenticated users to clone segments even if they don’t have the necessary permissions...

Regular Expression Denial Of Service (ReDoS)

vllm is vulnerable to Regular Expression Denial of Service ReDoS attacks. The vulnerability is due to certain regular expression patterns that lead to catastrophic backtracking when processing crafted input, allowing an attacker to slow down or crash the application...

Cross-Site Scripting (XSS)

github.com/argoproj/argo-cd is vulnerable to cross-site scripting XSS. The vulnerability is due to improper URL protocol filtering on the repository page, allowing attackers to perform actions such as creating, modifying, and deleting Kubernetes resources via the API...

Username Enumeration

mautic/core is vulnerable to User Enumeration. The vulnerability is due to differences in response times between valid and invalid usernames in the "Forget your password" functionality, which allows an attacker to determine the existence of valid usernames...

Unauthorized Access To Unpublished Page Previews

mautic/core is vulnerable to Unauthorized Access to unpublished page previews. The vulnerability is due to missing authorization checks on predictable preview URLs, allowing unauthenticated users and search engines to access and index draft content...

Sensitive Information Disclosure

mautic/core is vulnerable to Sensitive Information Disclosure. The vulnerability is due to unauthenticated arbitrary file access where the missing web server restrictions on .env files, allowing attackers to directly view sensitive configurations via a browser...

Unauthorized Access

com.ritense.valtimo:object-management and com.ritense.valtimo:objecten-api is vulnerable to Unauthorized Access. The vulnerability is due to improper access control and the lack of enforcement of object-management configurations, allowing unauthorized users to list, view, edit, create, or delete...

Directory Traversal

Traefik is vulnerable to Directory Traversal. The vulnerability is due to insufficient path sanitization due to the ability to manipulate URLs containing /../ which can bypass middleware and access unintended backend services when using PathPrefix, Path, or PathRegex matchers...

Directory Traversal

Traefik is vulnerable to Directory Traversal. The vulnerability is due to insufficient path sanitization due to the ability to manipulate URLs containing /../ which can bypass middleware and access unintended backend services when using PathPrefix, Path, or PathRegex matchers...

Cross-site Scripting (XSS)

chrome-php/chrome is vulnerable to cross-site scripting XSS. The vulnerability is due to improper encoding due to CSS Selector expressions not being properly escaped, allowing injection of malicious scripts...

OS Command Injection

LLama-Index CLI is vulnerable to OS Command Injection. The vulnerability is due to improper input handling due to unsanitized use of the --files argument passed directly into os.system, allowing arbitrary command execution...

Information Leakage

djangoselect2 is vulnerable to information leakage. The vulnerability is due to improper handling of instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget, allowing an attacker to access restricted query sets and sensitive data...

Server Side Request Forgery (SSRF)

@strapi/admin is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of webhook URLs, allowing requests to internal domains such as localhost and 127.0.0.1...

Deserialization Of Untrusted Data

org.apache.inlong, manager-pojo is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to insecure deserialization in InLong JDBC, which allows attackers to bypass security mechanisms and perform arbitrary file read attacks...

Deserialization Of Untrusted Data

Apache InLong is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to improper input validation during deserialization, which allows an attacker to exploit URL encoding and backspace characters to bypass security checks and perform a JDBC injection attack...

Path Traversal

@supabase/auth-js is vulnerable to Path Traversal . The vulnerability is due to missing UUID validation on user-supplied inputs, which allows an attacker to manipulate URL paths and invoke unintended API functions...

Prototype Pollution

Docarray is vulnerable to prototype pollution. The vulnerability is due to lack of input sanitization in the getitem function of torchdataset.py in the Web API component, allows an attacker to remotely manipulate object prototypes...

Validation Bypass

lomkit/laravel-rest-api is vulnerable to a Validation Bypass. The vulnerability is due to how the framework merged validation rules across multiple contexts, allowing malicious actors to bypass expected validations and inject unexpected parameters...

Credential Reuse Attack

github.com/arkmq-org/activemq-artemis-operator is vulnerable to Credential Reuse Attack. The vulnerability is due to improper password management where the activemq-artemis-operator generating static passwords that do not regenerate between separate CR dependencies, which allows an attacker to ga...

Regular Expression Denial Of Service (ReDoS)

marked is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expressions due to catastrophic backtracking when parsing HTML tags and markdown links with specially crafted input...

Out-of-Bounds Read

libassimp.so is vulnerable to Out-of-bounds Read. The vulnerability is due to improper input validation due to insufficient bounds checking in the LWOImporter::CountVertsAndFacesLWO2 function, which may allow local attackers to read unintended memory content...

Out-of-Bounds-Read

libassimp.so is vulnerable to out-of-bounds read. The vulnerability is due to insufficient bounds checking in the SkipSpaces function, which allows memory to be read beyond the valid buffer limits during local access...

Out-of-Bounds-Read

libassimp.so is vulnerable to an out-of-bounds read. The vulnerability is due to insufficient bounds checking in the MDLImporter::ParseSkinLump3DGSMDL7 function when parsing 3DGS MDL7 skin lumps, allowing a local attacker to read unintended memory...

Out-of-Bounds-Read

libassimp.so is vulnerable to out-of-bounds read. The vulnerability is due to improper input handling in the MDLImporter::InternReadFileQuake1 function of MDLLoader.cpp, which allows an attacker to read memory beyond buffer limits...

Out-of-Bounds-Read

libassimp.so is vulnerable to an out-of-bounds read. The vulnerability is due to insufficient validation of input data in the HL1MDLLoader::validateheader function, which allows a local attacker to read out-of-bounds memory...

Prototype Pollution

radashi is vulnerable to prototype pollution. The vulnerability is due to insufficient sanitization of the path argument in the set function, allowing injection of special object properties like proto, prototype, or constructor...

Information Disclosure

org.codelibs.fess, fess is vulnerable to Information Disclosure. The vulnerability is due to insecure temporary file creation by the use of createTempFile without setting restrictive permissions, which allows an attacker with local access to read sensitive data from these files...

Out-of-Bounds-Read

libassimp.so is vulnerable to an Out-of-Bounds-Read. The vulnerability is due to insufficient validation of input data in the MDCImporter::ValidateSurfaceHeader function, specifically involving the pcSurface2 argument, allows an out-of-bounds read when the function processes malformed or unexpect...

Arbitrary Code Execution

InspireMusic is vulnerable to Arbitrary Code Execution. The vulnerability is due to insecure deserialization due to unsafe use of Python's pickle module in the loadstatedict function, which can allow attackers to execute arbitrary code when loading untrusted data...

Out-of-Bounds-Read

libassimp.so is vulnerable to an out-of-bounds read. The vulnerability is due to improper bounds checking due to inadequate validation in the MDLImporter::InternReadFile3DGSMDL345 function of MDLLoader.cpp, which allows a local attacker to read data outside the intended memory bounds...

Cross-Site Scripting (XSS)

dotnetnuke.core is vulnerable to cross-site scripting XSS. The vulnerability is due to improper validation or sanitization of specially crafted URLs, allowing malicious scripts to be injected and executed through certain module actions...

Deserialization Of Untrusted Data

pypickle is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to improper handling of serialized data, which allows an attacker to execute arbitrary code when a malicious pickle file is loaded...

Improper Authorization

pypickle is vulnerable to Improper Authorization. The vulnerability is due to insufficient access control in the Save function of pypickle/pypickle.py, allowing local attackers to perform unauthorized actions...

Server Side Request Forgery (SSRF)

dotnetnuke.siteexportimport is vulnerable to Server Side Request Forgery SSRF. The vulnerability is due to insufficient validation where the SuperUser to specify an external URL during site export, which allows an attacker to import arbitrary data from external sources into the system...

Cross-Site Scripting (XSS)

dotnetnuke.core is vulnerable to cross-site scripting XSS. The vulnerability is due to uploaded SVG files containing scripts that, when rendered inline. It allows an attacker to execute malicious scripts in the context of the user’s browser...

Authorization Bypass

github.com/openfga/openfga is vulnerable to authorization bypass. The vulnerability is due to incorrect permission evaluation when usersets and type-bound public access overlap without proper tuple assignments, allowing attackers unauthorized resource access or actions...

XML External Entity (XXE) Injection

org.eclipse.jgit, org.eclipse.jgit is vulnerable to XML External Entity XXE attacks. The vulnerability is due to insecure handling of XML input by the ManifestParser and AmazonS3 classes when parsing XML files, allows an attacker to perform XML External Entity XXE attack...

Out-of-bounds Read

libassimp.so is vulnerable to Out-of-bounds Read. The vulnerability is due to improper input validation due to insufficient bounds checking of the iIndex argument in the MDLImporter::ImportUVCoordinate3DGSMDL345 function, which can lead to unauthorized memory access...

Out-of-bounds Read

libassimp.so is vulnerable to Out-of-Bounds Read. The vulnerability is due to improper input validation due to insufficient bounds checking in the LWOImporter::GetS0 function when handling the out argument, which can result in reading beyond allocated memory...

Out-of-Bounds Read

libassimp.so is vulnerable to Out-of-Bounds Read. The vulnerability is due to improper input validation due to a lack of bounds checking on the pcVerts argument in the MDCImporter::InternReadFile function, which can lead to reading memory outside the allocated buffer...

Sensitive Information Disclosure

zotregistry.dev/zot is vulnerable to Sensitive Information Disclosure. The vulnerability is due to exposed sensitive data due to the clientsecret being printed to container logs when Keycloak is used as an OIDC provider...

Denial Of Service (DoS)

github.com/gofiber/fiber/v2 is vulnerable to Denial Of Service DoS. The vulnerability is due to improper input handling in the Ctx.BodyParser method panicking when processing user-supplied input with negative slice indices instead of returning an error...

Directory Traversal

setuptools is vulnerable to Directory Traversal. The vulnerability is due to improper input validation in the PackageIndex component allowing arbitrary file writes to the filesystem, potentially leading to remote code execution...

Control Character Injection

github.com/cilium/hubble is vulnerable to control character injection. The vulnerability is due to improper sanitization of control characters in the terminal output when monitoring Kafka traffic using Layer 7 Protocol Visibility and allows an attacker to manipulate output, conceal log entries, o...

Insecure Direct Object Reference (IDOR)

in2code/femanager is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to improper access control on the user parameter in the newAction method of the newController, allows attackers to manipulate the parameter to access data of other frontend users...

Cross-Site Scripting (XSS)

clickstorm/cs-seo is vulnerable to cross-site scripting XSS. The vulnerability is due to improper handling of data in the JSON-LD output, allows an attacker to execute arbitrary JavaScript code in the context of the affected TYPO3 backend session...

Command Injection

github.com/shopify/ejson2env is vulnerable to command injection. The vulnerability is due to improper output sanitization, allowing malicious variable names or values to inject unintended commands into stdout...

Insecure Direct Object Reference (IDOR)

renolit/reint-downloadmanager is vulnerable to Insecure Direct Object Reference. The vulnerability is due to insufficient access control or validation on the downloaduid parameter in the downloadAction, allowing unauthorized users to directly access files they shouldn’t be able to read...