38467 matches found
Remote Code Execution (RCE)
Apache ActiveMQ is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper input validation in the Jolokia JMX-HTTP bridge /api/jolokia/, where attacker-controlled input reaches BrokerService.addNetworkConnectorString and triggers the VM transport's brokerConfig parameter...
Cross-Site Scripting (XSS)
Drupal Ignition Error Pages is vulnerable to Cross-Site Scripting XSS.The vulnerability is due to improper neutralization of user-controlled input during web page generation, which allows an attacker to inject and execute malicious scripts in a user's browser through crafted input...
SQL Injection
BillaBear is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of user-controlled metric filter names and aggregation properties that are directly interpolated into SQL queries, which allows an authenticated attacker with ROLEACCOUNTMANAGER permissions to execute...
Improper Authorization
Shopper is vulnerable to Improper Authorization. The vulnerability is due to missing and improperly enforced authorization checks in the team settings, which allows an authenticated attacker to create roles, modify permissions, escalate privileges to administrator, and remove legitimate...
SQL Injection
XWiki is vulnerable to SQL Injection. The vulnerability is due to an incomplete fix for the LiveTableResults endpoint that still permits parameter manipulation, which allows an attacker to extract user password salts and hashes one bit at a time through repeated requests...
Sensitive Information Disclosure
Mattermost is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper sanitization of sensitive configuration fields in the Mattermost Calls plugin, which allows an attacker with access to a support packet to obtain plaintext TURN server credentials...
Denial Of Service (DoS)
Spring Cloud Function is vulnerable to Denial of Service DoS. The vulnerability is due to infinite recursion in the routing layer, where specially crafted routing configurations or requests can trigger unbounded recursive processing, leading to excessive memory consumption and potentially causing...
Denial Of Service (DoS)
Spring Cloud Function is vulnerable to Denial of Service DoS. The vulnerability is due to insufficient restrictions on function registration within the Function Registry, allowing an attacker to register an unbounded number of functions and trigger excessive memory consumption, potentially...
Stored Cross-Site Scripting (XSS)
TinyMCE is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of crafted data-mce- attributes in the media plugin, which allows an attacker to inject malicious scripts into stored content that are executed when the content is rendered...
Cross-site Scripting
TinyMCE is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper SVG namespace scope handling in the sanitizer, where crafted nested SVG elements can bypass attribute sanitization and execute arbitrary JavaScript, resulting in cross-site scripting attacks...
Stored Cross-Site Scripting
TinyMCE is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization of data-mce- attributes such as data-mce-href, data-mce-src, and data-mce-style, allowing attackers to inject malicious values that override validated attributes during content...
Cross-Site Scripting (XSS)
drupal/googletag is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper neutralization of user-supplied input during web page generation, which allows an attacker to inject and execute malicious scripts in a victim's browser through crafted input...
Missing Authorization
Drupal Authenticator Login is vulnerable to Missing Authorization. The vulnerability is due to improper authorization checks in the Authenticator Login component, which allows an attacker to perform forceful browsing and access restricted functionality or resources without proper authorization...
Missing Authorization
Pimcore is vulnerable to Missing Authorization. The vulnerability is due to missing authentication and permission checks in the WebDAV MOVE operation, which allows an unauthenticated attacker to delete assets or authenticated low-privileged users to perform unauthorized asset move and overwrite...
Path Traversal
SimpleSAMLphp-casserver is vulnerable to Path Traversal. The vulnerability is due to improper validation of user-controlled ticket identifiers when constructing file paths, where path traversal sequences can access and deserialize arbitrary files outside the ticket directory, allowing attackers t...
Insecure Direct Object Reference
phpMyFAQ is vulnerable to Insecure Direct Object Reference. The vulnerability is due to missing authorization checks in the admin API password update endpoint, where authenticated administrators can modify the userId parameter to change any user's password, allowing privilege escalation to...
OS Command Injection
AVideo is vulnerable to OS command injection. The vulnerability is due to improper sanitization of user-controlled values when constructing shell commands, where shell metacharacters are concatenated into the command without proper escaping, allowing attackers to execute arbitrary operating syste...
Authentication Bypass
phpMyFAQ is vulnerable to Authentication Bypass. The vulnerability is due to missing token verification and email confirmation in the password reset endpoint, where attackers can reset arbitrary user passwords without authentication, allowing complete account takeover, including administrative...
Path Traversal
WWBN AVideo is vulnerable to Path Traversal. The vulnerability is due to improper validation of attacker-controlled URLs in aVideoEncoderReceiveImage.json.php, where crafted same-origin /videos/... requests bypass path restrictions and expose server-local files, allowing authenticated attackers t...
Sensitive Information Disclosure
Grav is vulnerable to Sensitive Information Disclosure. The vulnerability is due to an overly permissive Twig sandbox allow-list, where users with the admin.pages role can invoke config.toArray to expose the site's merged configuration, allowing attackers to retrieve sensitive information such as...
Deserialization Of Untrusted Data
Pimcore is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to the use of PHP's unserialize function on data from database columns and filesystem files without the allowedclasses restriction, which allows an attacker to inject malicious serialized objects if they can...
Server-Side Request Forgery (SSRF)
WWBN AVideo is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to an incomplete fix in objects/aVideoEncoder.json.php that allows attacker-controlled downloadURL values with common media and archive file extensions to bypass SSRF validation, which allows an authenticated...
User Enumeration
phpMyFAQ is vulnerable to an User Enumeration. The vulnerability is due to missing token validation in the user password update API endpoint, which allows an attacker to enumerate valid username and email pairs and send crafted PUT requests to the /api/index.php/user/password/update endpoint to...
Server-Side Request Forgery (SSRF)
Koel is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of podcast episode URLs before they are fetched by the server, which allows an attacker to supply a crafted RSS feed that causes the server to make arbitrary HTTP requests to internal...
SQL Injection
pimcore/pimcore is vulnerable to SQL injection. The vulnerability is due to improper sanitization of user-supplied SQL configuration in the columnConfigAction endpoint, which is concatenated into database queries, allowing an attacker with the reportsconfig permission to execute arbitrary SELECT ...
Path Traversal
compliance-trestle is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths, which allows an attacker to exploit path traversal and write arbitrary files to unintended locations on the filesystem...
Missing Authentication
org.xwiki.platform, xwiki-platform-rest-server is vulnerable to Missing Authentication. The vulnerability is due to the POST /wikis/wikiName API executing a XAR import without performing authentication or authorization checks, which allows an unauthenticated attacker to create or update documents...
Path Traversal
lsfusion.platform, web-client is vulnerable to Path Traversal. The vulnerability is due to improper validation of the sid argument in the UploadFileRequestHandler component, which allows a remote attacker to perform path traversal by manipulating the parameter and accessing files outside the...
Improper Privilege Management
Capsule is vulnerable to Improper Privilege Management. The vulnerability is due to improper handling of cluster-scoped resources in the TenantResource RawItems processing logic, which allows a tenant administrator to exploit the Capsule Controller's cluster-admin privileges to create unauthorize...
Improper Authorization
github.com/fission/fission is vulnerable to improper authorization. The vulnerability is due to the storagesvc component exposing archive CRUD endpoints without performing authentication or authorization checks, which allows an attacker with access to the storagesvc service to enumerate archive...
Path Traversal
github.com/xyproto/algernon is vulnerable to Path Traversal. The vulnerability is due to DirPage traversing parent directories beyond the configured server root while searching for a handler.lua file, which allows an attacker who can place a malicious handler.lua in an ancestor directory to achie...
Uncontrolled Resource Consumption
go.opentelemetry.io/obi is vulnerable to Uncontrolled Resource Consumption. The vulnerability is due to inefficient processing of BPF probe run-count deltas during histogram observation replay, which allows an attacker to trigger excessive CPU consumption on busy systems, leading to a...
Stored Cross-Site Scripting (XSS)
TinyMCE is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of forged mce:protected comments, which allows an attacker to bypass content sanitization and inject malicious scripts that execute when the protected content is restored...
Arbitrary Code Injection
Contour is vulnerable to Arbitrary Code Injection. The vulnerability is due to insufficient sanitization of user-controlled values in cookieRewritePolicies.pathRewrite.value, where values are interpolated into Envoy HTTP Lua filter code using Go text/template, allowing attackers with HTTPProxy...
Improper Access Control
@delmaredigital/payload-puck is vulnerable to Improper Access Control. The vulnerability is due to the use of Payload's local API with overrideAccess: true in /api/puck/ CRUD endpoints, which allows an attacker to bypass collection-level access controls and perform unauthorized actions...
Server-Side Template Injection (SSTI)
Formie is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to unsafe evaluation of user-supplied values in Hidden fields as Twig templates during submission handling, which allows an unauthenticated attacker to inject malicious template code and potentially compromise t...
Cross-site Scripting (XSS)
phpMyFAQ is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper escaping of malformed URLs in Utils::parseUrl, which allows an attacker to inject malicious JavaScript through comments and steal admin session cookies when affected pages are viewed...
Information Exposure
Composer is vulnerable to Information Exposure. The vulnerability is due to improper validation of GitHub OAuth token formats that causes invalid tokens to be written to standard error, which allows an attacker to obtain sensitive authentication tokens from logs when validation fails...
Cross-site Scripting (XSS)
ci4-cms-erp/ci4ms is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization and escaping of user-supplied page content before rendering, which allows an attacker to inject malicious scripts that execute in the browsers of visitors and administrators viewing the...
Directory Traversal
Python Liquid is vulnerable to Directory Traversal. The vulnerability is due to insufficient validation of absolute file paths in the FileSystemLoader and CachingFileSystemLoader, which allows a malicious template author to load and render arbitrary files outside the configured search paths using...
Path Traversal
.NET Core is vulnerable to Path Traversal. The vulnerability is due to improper handling of specially crafted files, which allows an attacker to write arbitrary files and directories to unintended locations on a vulnerable system...
Path Traversal
Open WebUI is vulnerable to Path Traversal. The vulnerability is due to improper validation and sanitization of uploaded file names derived from HTTP upload requests, which allows an attacker to upload files with crafted dot-segments and traverse outside the intended uploads directory, potentiall...
Improper Resource Shutdown Or Release
UltraJSON is vulnerable to Improper Resource Shutdown or Release. The vulnerability is due to failure to release the serialized JSON string object when a write operation raises an exception in ujson.dump, which allows an attacker to repeatedly trigger failed writes and cause memory exhaustion,...
Denial Of Service (DoS)
Wire is vulnerable to Denial of Service DoS. The vulnerability is due to improper validation of negative lengths in protobuf group-skipping logic, which allows an attacker to trigger an unchecked runtime exception and crash applications processing crafted protobuf payloads...
Improper Integrity Verification
Amazon SageMaker Python SDK is vulnerable to improper integrity verification. The vulnerability is due to missing integrity verification in the Triton inference handler, which allows an authenticated attacker with S3 write access to replace model artifacts with a specially crafted pickle payload...
Cross-Site Scripting (XSS)
github.com/argoproj/argo-cd is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper URL validation in link.argocd.argoproj.io/ annotations, which allows an attacker with developer-level access to inject a javascript: URI using the pipe-separator trick and execute arbitrary...
Improper Input Validation
com.ibeetl:beetl-spring-classic is vulnerable to Improper Input Validation. The vulnerability is due to improper neutralization of special elements in expression language statements within the SpELFunction component, which allows an attacker to inject and execute malicious expressions remotely...
Improper Authorization
Open WebUI is vulnerable to improper authorization. The vulnerability is due to improper validation of authorized user roles in the API, which allows a pending user account to bypass intended access restrictions and gain unauthorized access to the web application...
Command Injection
go-git is vulnerable to Command Injection. The vulnerability is due to improper escaping of single quotes in repository paths when constructing SSH remote execution commands, where specially crafted repository paths can break out of the quoted command, allowing attackers to inject and execute...
Integer Overflow
github.com/iskorotkov/avro is vulnerable to integer overflow. The vulnerability is due to improper handling of attacker-controlled 64-bit values, integer truncation, and overflow-prone arithmetic in multiple decoder paths, which allows an attacker to exploit untrusted Avro streams to trigger...