Denial Of Service (DoS)

Undici is vulnerable to Denial Of Service DoS. The vulnerability is due to a memory leak because of a repeated webhook calls to servers with invalid SSL certificates...

Denial Of Service

Next.js is vulnerable to Denial of Service. The vulnerability is due to a race condition in misconfigured Pages Router setups allowing pageProps data to be served instead of standard HTML responses...

Unauthorized State Modification

reflex is vulnerable to Unauthorized State Modification. The vulnerability is due to improper access control and event handler, including private and non-client-side fields, that allows an attacker to modify arbitrary state fields, including private ones, if their names are guessed...

Local Privilege Escalation

github.com/redhatinsights/yggdrasil is vulnerable to local privilege escalation. The vulnerability is due to missing authentication and authorization checks on a DBus method that dispatches messages to worker processes, allowing any local user to trigger privileged package management actions...

Signature Replay Vulnerability

github.com/babylonlabs-io/babylon is vulnerable to a signature replay vulnerability. The vulnerability is due to insufficient message domain separation and inadequate length validation in the MsgCommitPubRandList handler, which allows attackers to replay valid signatures on maliciously crafted...

Cross-Site Scripting

Bootstrap Multiselect is vulnerable to Reflective Cross-Site Scripting XSS. The vulnerability is due to unsanitized output of POST data in a PHP script, which allows attackers to execute arbitrary JavaScript in the context of a victim's browser through Cross-Site Request Forgery CSRF...

Sensitive Information Exposure

org.apache.iotdb:node-commons is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper sanitization and logging of sensitive authentication data by the OpenIdAuthorizer component. Specifically, sensitive information such as credentials or tokens is inserted directly...

Remote Code Execution (RCE)

org.apache.iotdb, iotdb-core is vulnerable to Remote Code Execution RCE. The vulnerability is due to untrusted URI of UDF, allowing attackers with UDF creation privileges to register malicious functions from external sources...

XML External Entity (XXE)

io.github.bonigarcia, webdrivermanager is vulnerable to XML External Entity XXE. The vulnerability is due to insufficient restrictions on XML parsers, allowing external entity expansion "Billion Laughs" attack that can lead to Denial of Service...

Sensitive Information Exposure

org.apache.iotdb, iotdb-jdbc is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper sanitization and logging of sensitive information in the Apache IoTDB JDBC driver. Specifically, sensitive data such as credentials or query contents may be inadvertently written to...

Incorrect Authorization

Mattermost is vulnerable to Improper Authorization. The vulnerability is due to authenticated users with restricted invite rights being able to add guest users to a team via the API, bypassing intended access controls...

Authentication Bypass

Mattermost is vulnerable to Authentication Bypass. The vulnerability is due to insufficient enforcement of login failure limits due to the failure to lock out LDAP users after repeated unsuccessful login attempts, allowing attackers to trigger external LDAP account lockouts via brute-force attemp...

Cross-site Scripting (XSS)

github.com/lf-edge/ekuiper is vulnerable to cross-site scripting XSS. The vulnerability is due to improper input sanitization due to injection of malicious scripts in the confKey parameter of the Connection Configuration, which are executed in the browser when accessed by another user...

XML External Entity (XXE) Injection

sulu/sulu is vulnerable to XML External Entity XXE Injection. The vulnerability is due to the XML DOM library processing external entities when SVG files are uploaded without properly disabling or restricting external XML entity loading, allows malicious SVG files to include references to externa...

Cross-Site Request Forgery (CSRF)

github.com/justinas/nosurf is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to misuse of the Go net/http library, which causes nosurf to treat all incoming requests as plain-text HTTP. As a result, it fails to verify that the Referer header is from the same origin,...

Code Injection

github.com/cosmos/evm are vulnerable to Code Injection. The vulnerability is due to setting lower EVM call gas limits, which allows the precompile code to partially execute and then fail without reverting the already made state changes...

Information Disclosure

oxid-esales/oxideshop-ce is vulnerable to information disclosure. The vulnerability is due to improper error handling and also Smarty syntax errors in CMS pages that may allow an attacker to access user information...

Arbitrary File Access

getkirby/cms is vulnerable to Arbitrary File Access. The vulnerability is due to missing path traversal checks in the snippet helper or $kirby-snippet method when used with dynamic snippet names, allowing attackers to access and execute arbitrary PHP files on the server...

Improper Authorization

Apache Superset is vulnerable to Improper Authorization. The vulnerability is due to insufficient permission checks that allow authenticated users with read access to take ownership of dashboards, charts, or datasets...

External Control Of File Name Or Path

Microsoft.Build.Tasks.Core are vulnerable to External Control of File Name or Path. The vulnerability is due to external control of file name or path due to improper validation of input that allows an authorized attacker to manipulate file paths over a network...

HTML Injection

Umbraco Forms is vulnerable to HTML Injection. The vulnerability is due to lack of HTML encoding due to user-provided form values being directly embedded into emails without proper sanitization, enabling potential spoofing or bypass of email security systems...

Authentication Bypass

github.com/openpubkey/opkssh is vulnerable to Authentication Bypass. The vulnerability is due to insufficient validation of JWS structures due to a flaw that allows specially crafted JWS tokens to bypass signature verification logic...

Remote Code Execution (RCE)

motioneye is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation of the constructed camera device path in the add/addcamera web API, which allows an attacker with admin credentials to execute arbitrary commands...

Path Traversal

getkirby/cms is vulnerable to Path Traversal. The vulnerability is due to lack of validation in the router to ensure that requested files are within the document root, allowing access checks on files outside the intended directory when using PHP’s built-in server...

Session Fixation

Flask is vulnerable to Session Fixation. The vulnerability is due to incorrect key list construction and Flask passing the signing key first instead of last, allowing an attacker with access to an old signing key to generate valid session tokens and bypass key rotation...

Path Traversal

getkirby/cms is vulnerable to path traversal. The vulnerability is due to a missing path traversal check on dynamic collection names used in the collection helper or $kirby-collection method, allows attackers to manipulate the collection path to access and execute files outside the intended...

Signature Verification Bypass

github.com/openpubkey/opkssh is vulnerable to Signature Verification Bypass. The vulnerability is due to improper verification of JWS structure and signature data caused by incorrect implementation of the JWS signature verification logic, allows an attacker to bypass authentication mechanisms in...

Cross-Site Scripting (XSS)

@lumieducation/h5p-server is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the omission of the sanitizeHtml function call for plain text strings, which allows attackers to inject malicious HTML or JavaScript code...

Denial Of Service (DoS)

llamaindex is vulnerable to Denial of Service DoS. The vulnerability is lack of enforcement of the maxdepth parameter in the getarticleurls function, allowing excessive recursive calls that exhaust system resources...

Denial Of Service (DoS)

Rack is vulnerable to Denial Of Service DoS. The vulnerability is due to unbounded parameter parsing caused by Rack::QueryParser processing query strings and form-encoded bodies without limiting the number of parameters, allowing attackers to exhaust memory and CPU resources...

Cross-Site Scripting (XSS)

Trix is vulnerable to cross-site scripting XSS. The vulnerability is due to insufficient sanitization of pasted content, which allows an attacker to execute arbitrary JavaScript within the user’s session...

Session Fixation

Rack is vulnerable to Session Fixation. The vulnerability is due to race conditions in session handling due to concurrent requests potentially restoring a deleted session when using Rack::Session::Pool, allowing an attacker with a valid session cookie to retain access even after logout...

Session Fixation

rack-session is vulnerable to session Fixation. The vulnerability is due to improper session invalidation due to sessions being restorable if an attacker with a valid session cookie triggers a long-running request concurrent with a legitimate user logout, allowing continued unauthorized access...

Arbitrary Command Injection

Craft CMS is vulnerable to Arbitrary Command Injection. The vulnerability is due to unauthenticated user-supplied data being stored in session files without validation, potentially allowing PHP code injection into a predictable server file path...

Denial Of Service (DoS)

org.eclipse.jetty.http2, jetty-http2-common is vulnerable to Denial Of Service DoS. The vulnerability is due to missing validation of the SETTINGSMAXHEADERLISTSIZE parameter in HTTP/2 settings frames. Specifically, Jetty fails to enforce reasonable limits on this value, allowing an attacker to...

Cross-Site Scripting (XSS)

Koillection is vulnerable to Cross Site Scripting XSS. The vulnerability is due to insufficient input sanitization in the collection, wishlist, and album components, allowing a remote attacker to escalate privileges...

Denial Of Service (DoS)

Django is vulnerable to Denial-of-Service DoS. The vulnerability is due to inefficient HTML parsing due to the striptags function's slow performance when processing large sequences of incomplete HTML tags, which also affects the striptags template filter...

Data Corruption

org.eclipse.jetty:jetty-server is vulnerable to Data Corruption. The vulnerability is due to improper buffer management caused by the incorrect release of a buffer when handling gzip errors during request body inflation, allows attackers to access sensitive data from other requests...

Arbitrary File Write

Ironic is vulnerable to Arbitrary File Write. The vulnerability is due to insufficient validation of user-supplied file paths during image deployment via the API, allowing attackers to write unintended files to the target node disk...

Session Hijacking

code-server is vulnerable to session hijacking. The vulnerability is due to insufficient validation of proxy request URLs, specifically the failure to properly validate the port and domain in requests using the /proxy subpath, allows attackers to redirect traffic—including session cookies—to...

Denial Of Service (DoS)

org.apache.activemq, activemq-client is vulnerable to Denial Of Service DoS. The vulnerability is due to missing or insufficient validation of buffer size values during the unmarshalling of OpenWire commands, allows attackers to supply excessively large size values, leading to uncontrolled memory...

Privilege Escalation

github.com/kyverno/kyverno is vulnerable to Privilege Escalation. The vulnerability is due to missing error propagation in the GetNamespaceSelectorsFromNamespaceLister function and causing policy rules with namespace selectors to be skipped during admission review processing, allows an attacker...

Denial Of Service (DoS)

vllm is vulnerable to a Denial Of Service DoS. The vulnerability is due to inefficient list concatenation operations and also dynamic replacement of placeholder tokens with repeated tokens based on precomputed lengths, allowing an attacker to trigger resource exhaustion by exploiting the quadrati...

Cross-site Scripting (XSS)

org.graylog2:graylog2-server is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insecure input handling due to the ability to inject and submit malicious HTML forms via the Event Definition Remediation Step field, which can result in session cookie theft under specific...

Cross-site Scripting (XSS)

org.graylog2:graylog2-server is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient input sanitization due to improper handling of uploaded files that allows execution of arbitrary JavaScript in the frontend when accessed via the API browser...

Improper Certificate Validation

JRuby-OpenSSL is vulnerable to Improper Certificate Validation. The vulnerability is due to missing hostname verification due to failure to ensure that the hostname in the SSL certificate matches the intended connection target, allowing man-in-the-middle attacks with a valid certificate for a...

Remote Code Execution (RCE)

github.com/patrickhener/goshs is vulnerable to Remote Code Execution RCE. The vulnerability is due to missing validation of the -c CLI option in the dispatchReadPump function, which allows unauthenticated users to execute arbitrary commands via WebSocket connections...

IP Filtering Bypass

@misskey-dev/summaly is vulnerable to IP Filtering Bypass. The vulnerability is due to improper validation of HTTP redirects, where private IP address checks are applied only to the HEAD response but not to the GET response, allowing redirection to private IPs...

Denial Of Service (DoS)

alextselegidis/easyappointments is vulnerable to Denial Of Service DoS. The vulnerability is due to booking logic flaws due to insufficient validation of appointment duration, allowing unauthenticated attackers to block future booking availability by creating excessively long appointments...

Session Hijacking

github.com/zitadel/zitadel is vulnerable to Session Hijacking. The vulnerability is due to insufficient validation of reused IdP intents via repeated IdP intent exploitation, allowing attackers with access to the application's URI to retrieve authentication tokens and impersonate users...