Denial Of Service (DoS)

github.com/containerd/containerd is vulnerable to a Denial Of Service DoS. The vulnerability is due to a bug in containerd’s CRI implementation where usernamespaced containers are not placed under Kubernetes' cgroup hierarchy, allowing an attacker to bypass resource limits and potentially exhaust...

Authentication Bypass

org.springframework.security, spring-security-aspects is vulnerable to an Authorization Bypass. The vulnerability is due to Spring Security Aspects not detecting method security annotations on private methods when @EnableMethodSecuritymode=ASPECTJ is used, allowing an attacker to invoke those...

Deserialization Of Untrusted Data

transformers is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to insufficient validation of model file inputs, which allows attackers to execute arbitrary code when a user loads a malicious file or page...

Time-of-check Time-of-use (TOCTOU) Race Condition

github.com/containerd/containerd is a Time-of-check Time-of-use TOCTOU Race Condition. The vulnerability is due to insufficient validation of image contents between the time of verification and the time of use during image unpacking, allowing malicious images to modify the host file system...

Cross-site Scripting (XSS)

bolt/bolt is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization of the title and textarea parameters in the Showcase Creation Handler, allowing injection of malicious scripts...

Cross-site Scripting (XSS)

tarteaucitron-wp is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient input sanitization that allowing author-level users to inject arbitrary HTML into posts or pages...

Insecure Direct Object Reference (IDOR)

sjbr/sr-feuser-register is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to missing or improper access control checks on user-supplied identifiers, allowing attackers to access or manipulate data they shouldn't have access to...

Denial Of Service (DoS)

github.com/ackites/killwxapkg is vulnerable to resource consumption. The vulnerability is due to improper handling of wxapkg file decompression also by unknown processing issues, which allows an attacker to remotely trigger a resource consumption attack with high complexity...

Deserialization Of Untrusted Data

transformers is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to improper validation of user-supplied data during the parsing of model files, which allows deserialization of untrusted data...

Deserialization Of Untrusted Data

transformers is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to improper validation of user-supplied data in configuration files, allows an attacker to execute arbitrary code in the context of the current user...

Arbitrary Code Execution

Langroid is vulnerable to Arbitrary Code Execution. The vulnerability is due to unsafe code evaluation due to the use of pandas.eval in the LanceDocChatAgent via the computefromdocs function, allowing attackers to execute malicious code through unsanitized input...

Cross-Site Scripting (XSS)

nitsan/ns-backup is vulnerable to cross-site scripting XSS. The vulnerability is due to improper input sanitization, which allows an attacker to inject malicious scripts...

Predictable Resource Location

nitsan/ns-backup is vulnerable to Predictable Resource Location. The vulnerability is due to the use of predictable or guessable file paths for stored backup files without proper access controls, allows attackers to locate and download sensitive backup files by simply guessing the URL or file nam...

Remote Code Execution (RCE)

srfeuserregister is vulnerable to Remote Code Execution. The vulnerability is due to improper input validation and insufficient sanitization of user-supplied data, which allows attackers to inject and execute arbitrary PHP code on the server...

Command Injection

nitsan/ns-backup is vulnerable to Command Injection. The vulnerability is due to insufficient input validation, which allows user-supplied data to be interpreted as part of a system command...

Regular Expression Denial Of Service (ReDoS)

Transformers is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression processing due to nested quantifiers in the preprocessstring function of transformers.testingutils, which can cause exponential backtracking and high CPU usage when...

Improper Verification Of Cryptographic Signature

OpenPGP.js is vulnerable to Signature Spoofing. The vulnerability is due to improper signature verification due to functions openpgp.verify and openpgp.decrypt returning valid signature results on tampered data in inline-signed or signed-and-encrypted messages...

Unauthorized Data Exposure

typo3/cms-core is vulnerable to unauthorized data exposure. The vulnerability is due to incomplete access control enforcement where frontend user group restrictions are applied only to the first table in multi-table queries using the database abstraction layer DBAL, allowing attackers to access...

Session Hijacking

typo3/cms is vulnerable to Session Hijacking. The vulnerability is due to insufficient authentication mechanisms where the backend user management interface allowing password changes without requiring the current password, finally allows an attacker with access to an admin session to change...

Cross-Site Request Forgery (CSRF)

typo3/cms-webhooks is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to missing CSRF protection on Webhooks, which allows authenticated administrator-level users to perform Server-Side Request Forgery SSRF attacks against internal systems...

Privilege Escalation

typo3/cms-core is vulnerable to Privilege Escalation. The vulnerability is due to insufficient privilege separation, allowing administrator-level backend users to gain unauthorized system maintainer access...

Privilege Escalation

github.com/gardener/gardener is vulnerable to Privilege Escalation. The vulnerability is due to improper authorization checks due to the gardenlet component allowing project administrators to gain control over seed clusters managing their shoot clusters in environments using...

Cross-site Scripting (XSS)

symfony/ux-live-component and symfony/ux-twig-component is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper output escaping due to unescaped rendering of ComponentAttributes values, which may contain unsafe user input leading to HTML attribute injection...

Remote Code Execution (RCE)

vllm is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper socket binding in the TCPStore and PyNcclPipe services listening on all network interfaces, potentially allowing unauthorized access to control message channels...

Code Injection

langroid is vulnerable to code injection. The vulnerability is due to improper input sanitization in TableChatAgent using pandas eval, allowing attackers to execute arbitrary code within the application...

Insecure File Upload

typo3/cms-core is vulnerable to Insecure File Upload. The vulnerability is due to the file management module, allows an attacker to upload potentially dangerous or misleading files. Such as executable binaries or files with mismatched extensions and MIME types...

Multifactor Authentication (MFA) Bypass

typo3/cms-backend is vulnerable to Multifactor Authentication MFA Bypass. The vulnerability is due to insufficient enforcement of access restrictions on backend routes, allowing MFA to be bypassed after successful authentication...

Incorrect Behavior Order

lockfile-lint-api is vulnerable to Incorrect Behavior Order. The vulnerability is due to early validation of the resolved attribute in package URLs, which can be bypassed by extending the package name, allowing attackers to install unintended npm packages...

Sensitive Information Disclosure

Mattermost is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper authorization due to failing to properly verify a user's permissions when accessing group information via API requests...

Authentication Bypass

auth0/auth0-php is vulnerable to Authentication Bypass. The vulnerability is due to weak authentication tag protection due to session cookies configured with CookieStore being susceptible to brute-force attacks, potentially allowing unauthorized access...

Privilege Escalation

cocotais-bot is vulnerable to Privilege Escalation. The vulnerability is due to improper sanitization and permission validation in the command echoing feature, which allows user-supplied input to be interpreted as privileged commands...

Regular Expression Denial Of Service (ReDoS)

Meteor is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression handling caused by applying a complex regex to user-controlled input forwardedFor, allows an attacker to remotely trigger excessive processing...

Privilege Escalation

github.com/gardener/gardener is vulnerable to a Privilege Escalation. The vulnerability is due to insufficient access control and trust boundary enforcement in the gardenlet component, which allowed project administrators to interact with or influence seed cluster resources beyond their intended...

Signature Wrapping Attack

samlify is vulnerable to a Signature Wrapping attack. The vulnerability is due to improper validation of signed XML documents, allowing an attacker to forge a SAML Response and authenticate as any user...

Denial Of Service (DoS)

Multer is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of error events in HTTP request streams causes internal streams like busboy to remain open, allows an attacker to exhaust server resources...

Denial Of Service (DoS)

multer is vulnerable to Denial of Service DoS. The vulnerability is due to an unhandled exception triggered by a malformed multipart upload request that allows an attacker to crash the process...

Privilege Escalation

github.com/gardener/external-dns-management is vulnerable to a privilege escalation. The vulnerability is due to insufficient isolation and access control between shoot clusters and the seed cluster in the external-dns-management component, which allows an attacker with admin access to a shoot...

Integer Overflow

libavif is vulnerable to Integer Overflow. The vulnerability is due to integer overflow due to unsafe multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes in the avifImageRGBToYUV function in reformat.c...

Buffer Overflow

libavif is vulnerable to Buffer Overflow. The vulnerability is due to integer overflow due to improper bounds checking when calculating stream-offset + size in makeRoom in stream.c, which can lead to a buffer overflow...

SQL Injection

seaweedfs is vulnerable to SQL injection. The vulnerability is due to improper input sanitization due to unsanitized user input being directly embedded into SQL queries in /abstractsql/abstractsqlstore.go...

Open Redirect

Flask-AppBuilder is vulnerable to Open Redirect. The vulnerability is due to improper validation of redirect targets due to trusting the Host header in HTTP requests without verifying it against a safe list of domains...

Cross-site Scripting (XSS)

librenms/librenms is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization in the group name parameter of the /poller/groups form, which allows attackers to inject malicious scripts...

Denial Of Service (DoS)

github.com/ollama/ollama is vulnerable to Denial of Service DoS. The vulnerability is due to improper input validation and unchecked array index access in the /api/pull endpoint, which allows an attacker to send a crafted manifest that crashes the server...

Heap Based Buffer Overflow

openexr is vulnerable to a heap-based buffer overflow. The vulnerability is due to bad pointer math during decompression of DWAA-packed scan-line EXR files with a maliciously forged chunk, which allows an attacker to trigger memory corruption and potentially execute arbitrary code...

Stack Based Buffer Overflow

MaterialX is vulnerable to stack-based buffer overflow. The vulnerability is due to the lack of a limit on nested file import recursion, which allows an attacker to craft deeply chained MaterialX file imports leading to a crash of the process...

Insufficient Control Flow Management

Vyper is vulnerable to Insufficient Control Flow Management. The vulnerability is due to the Vyper compiler skipping evaluation of the start argument in the slice function when length is 0 and the source is a special location like msg.data or .code, allows an attacker to suppress execution of...

Denial Of Service (DoS)

Tornado is vulnerable to a Denial Of Service DoS. The vulnerability is due to Tornado’s multipart/form-data parser continuing to process data after encountering errors, allows an attacker to generate excessive synchronous logging...

Insufficient Control Flow Management

Vyper is vulnerable to Insufficient Control Flow Management. The vulnerability is due to a fastpath optimization in the concat function that skips evaluating argument expressions when their length is zero, allowing the omission of side effects and potentially leading to unintended logic behavior ...

Cross-site Scripting (XSS)

org.jenkins-ci.plugins:cloudbees-jenkins-advisor is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper output encoding due to failure to escape responses from the Jenkins Health Advisor server, allowing attackers to inject scripts through controlled server responses...

Denial Of Service (DoS)

github.com/babylonlabs-io/babylon is vulnerable to Denial Of Service DoS. The vulnerability is due to an integer overflow due to depositing a large amount of tokens into the validator rewards pool, which triggers a panic in cumulative reward ratio calculation during the EndBlocker execution...