IP Filtering Bypass

@misskey-dev/summaly is vulnerable to IP Filtering Bypass. The vulnerability is due to improper validation of HTTP redirects, where private IP address checks are applied only to the HEAD response but not to the GET response, allowing redirection to private IPs...

Denial Of Service (DoS)

alextselegidis/easyappointments is vulnerable to Denial Of Service DoS. The vulnerability is due to booking logic flaws due to insufficient validation of appointment duration, allowing unauthenticated attackers to block future booking availability by creating excessively long appointments...

Session Hijacking

github.com/zitadel/zitadel is vulnerable to Session Hijacking. The vulnerability is due to insufficient validation of reused IdP intents via repeated IdP intent exploitation, allowing attackers with access to the application's URI to retrieve authentication tokens and impersonate users...

Authenticated Command Injection

github.com/nrkno/terraform-provider-windns is vulnerable to Authenticated command injection. The vulnerability is due to lack of input sanitization in the windnsrecord resource. Specifically, user-supplied inputs were not properly sanitized before being passed to the underlying PowerShell command...

Arbitrary Code Execution (ACE)

org.apache.parquet, parquet-avro is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to insecure schema parsing in the parquet-avro module and due to improper enforcement of package trust boundaries during deserialization, which allows an attacker to execute arbitrary code by...

Remote Code Execution (RCE)

vllm is vulnerable to Remote Code Execution RCE. The vulnerability is due to the use of Python’s pickle module on untrusted data received over a ZeroMQ SUB socket in multi-node deployments using the V0 engine, which allows an attacker to execute arbitrary code on the target machine and potentiall...

Account Enumeration

umbraco.cms is vulnerable to an Account enumeration. The vulnerability is due to differences in post-login API response times, which allow attackers to determine whether an account exists...

Cross-Site Scripting (XSS)

mezzanine is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization in the "View Entries" feature within the Forms module, which allows an attacker to inject malicious scripts that execute in the context of another user's session...

Improper Access Control

com.baidu.mapp:brcc-core is vulnerable to Improper Access Control. The vulnerability is due to insufficient authorization checks due to the /admin/ API accepting crafted requests that grant unauthorized access to admin functionality...

Cross-site Scripting (XSS)

com.liferay:com.liferay.marketplace.app.manager.web is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization due to failure to properly escape user-supplied input in the Marketplace App Manager Web module, allowing injection of JavaScript by unauthenticat...

Authentication Bypass

passport-wsfed-saml2 is vulnerable to Authentication Bypass. The vulnerability is due to insufficient validation of SAML response attributes due to the ability to tamper with a valid signed SAML response to impersonate users...

Cross-site Scripting (XSS)

mobsf is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization during SVG file handling in the Android APK analysis workflow, which allows malicious scripts to be embedded in the SVG files...

Authentication Bypass

passport-wsfed-saml2 is vulnerable to Authentication Bypass. The vulnerability is due to improper validation of the SAML assertion recipient and insecure handling of signed SAML objects, which allows attackers to reuse valid assertions to impersonate users...

SVG Sanitization Bypass

october/october is vulnerable to SVG sanitization bypass. The vulnerability is due to insufficient validation of file types, allowing authenticated users to bypass SVG sanitization by uploading files with permitted extensions and renaming them to .svg...

Redirect Filter Bypass

@misskey-dev/summaly is vulnerable to Redirect Filter Bypass. The vulnerability is due to a logic error in the summaly function that prevents the allowRedirects option from being passed, which allows an attacker to force the library to follow unintended redirects...

Improper URL Parsing

Browser-Use is vulnerable to Improper URL parsing. The vulnerability is due to mishandled handling of alloweddomains when userinfo is included in the authority component within the isurlallowed method, which allows attackers to bypass domain restrictions...

Access Control Bypass

@keystone-6/core is vulnerable to Access Control Bypass. The vulnerability is due to improper enforcement of isFilterable access controls during update and delete mutations, allowing unauthorized filtering by unique fields to infer protected data...

ZIP Of Death (zip Bomb) Attack

MobSF is vulnerable to a ZIP of Death zip bomb Attack. The vulnerability is due to lack of checks on the total uncompressed size of uploaded ZIP files, allowing attackers to exhaust server disk space during extraction...

Remote Code Execution (RCE)

craftcms/cms is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper sanitization of user input, allowing attackers to inject malicious code if they have administrator access and the ALLOWADMINCHANGES setting is enabled...

Incorrect Authorization

snipe/snipe-it is vulnerable to Improper Authorization. The vulnerability is due to insufficient access control due to incorrect authorization logic allowing unauthorized access to asset information...

Cross-site Scripting (XSS)

league/commonmark is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient sanitization due to the Attributes extension allowing arbitrary HTML attribute injection through Markdown syntax, bypassing existing XSS protections...

XML External Entity (XXE) Injection

Langroid is vulnerable to XML External Entity XXE Injection. The vulnerability is due to insecure XML parsing due to the XMLToolMessage class processing untrusted XML input without proper restrictions, potentially enabling denial of service or local file disclosure...

Unauthorized Access

github.com/inspektor-gadget/inspektor-gadget is vulnerable to unauthorized access. The vulnerability is due to insufficient access controls due to reliance on client access with valid TLS certificates or cluster access in daemon or Kubernetes modes, allows an attacker to gain unauthorized access ...

Authorization Bypass

github.com/openfga/openfga is vulnerable to authorization bypass. The vulnerability is due to improper handling of certain Check and ListObject calls, allowing unauthorized access to restricted resources...

Resource Exhaustion

github.com/linkerd/linkerd2 is vulnerable to Resource Exhaustion. The vulnerability is due to unbounded generation or accumulation of proxy metrics, which allows an attacker to exhaust system resources in affected versions...

Deserialization Of Untrusted Data

apache.nms.activemq is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to unbounded deserialization of data from untrusted servers, allowing them to send malicious payloads that may result in Remote Code Execution RCE...

Address Spoofing

base-x is vulnerable to Address spoofing. The vulnerability is due to improper handling of leading zero bytes during encoding, which allows an attacker to create visually similar addresses and mislead users into sending funds to unintended recipients...

Content Spoofing

AngularJS is vulnerable to Content Spoofing. The vulnerability is due to improper sanitization of the 'href' and 'xlink:href' attributes in SVG elements, which allows attackers to bypass image source restrictions...

Unrestricted File Upload

showdoc/showdoc is vulnerable to unrestricted file upload. The vulnerability is due to improper validation of file extensions, allowing execution of arbitrary PHP code and leading to remote code execution...

Directory Traversal

Vite is vulnerable to Directory Traversal. The vulnerability is due to access control bypass due to insufficient enforcement of file access restrictions when using pattern-matching with dot-slash /. in network-exposed development servers...

Authentication Bypass

org.keycloak:keycloak-services is vulnerable to Authentication Bypass. The vulnerability is due to insufficient authorization enforcement in the org.keycloak.authorization package that may allow users to bypass required actions such as two-factor authentication setup...

Improper Redirect URI Validation

@cloudflare/workers-oauth-provider is vulnerable to improper redirect URI validation. The vulnerability is due to missing validation of the redirecturi during the authorization step, allowing attackers to intercept authorization codes by supplying unapproved redirect URIs...

PKCE Bypass

@cloudflare/workers-oauth-provider is vulnerable to PKCE bypass. The vulnerability is due to missing enforcement of PKCE verification caused by a flaw in the OAuth implementation that lets attackers skip the code challenge check, allowing an attacker to intercept and redeem authorization codes fo...

Rego Code Injection

github.com/open-policy-agent/opa is vulnerable to Rego code injection. The vulnerability is due to unsanitized HTTP request paths being used to construct Rego queries during policy evaluation, allowing attackers to inject Rego code...

Improper Certificate Validation

org.keycloak:keycloak-services is vulnerable to Improper Certificate Validation. The vulnerability is due to insecure default configuration due to setting the verification policy to 'ALL', which unintentionally skips trust store certificate verification...

SQL Injection

ADOdb is vulnerable to SQL Injection. The vulnerability is due to improper escaping due to the use of unsanitized user input in the pginsertid function when connected to a PostgreSQL database...

Information Disclosure

Flags SDK is vulnerable to information disclosure. The vulnerability is due to a flaw in the flags discovery endpoint that allows attackers with detailed knowledge of the issue to list all feature flags, including names, descriptions, options, and default values...

Improper Authentication Bypass

github.com/hashicorp/vault is vulnerable to improper authentication bypass. The vulnerability is due to the Azure Auth method not correctly validating claims in Azure-issued tokens, allowing potential bypass of the boundlocations parameter on login...

Information Disclosure

github.com/hashicorp/vault is vulnerable to information disclosure. The vulnerability is due to insufficient input validation or improper handling of malformed payloads, which allows an attacker to expose sensitive information by triggering logging of secret data during secret creation or update...

Cross-Site Scripting (XSS)

yeswiki/yeswiki is vulnerable to stored cross-site scripting XSS. The vulnerability is due to improper input sanitization in the comments feature, allowing obfuscated JavaScript payloads to bypass filters and execute in users' browsers...

Remote Code Execution (RCE)

vLLM is vulnerable to Remote Code Execution RCE. The vulnerability is due to insecure pickle-based serialization over unsecured ZeroMQ sockets that were exposed to all network interfaces, allows insecure pickle-based serialization over unsecured ZeroMQ sockets that were exposed to all network...

Insecure Randomness

Formidable is vulnerable to Insecure Randomness. The vulnerability is due to weak randomness due to the use of the non-cryptographically secure hexoid module for generating temporary filenames for untrusted content...

Authentication Bypass

@account-kit/smart-contracts is vulnerable to Authentication Bypass. The vulnerability is due to faulty access control due to a bug in the allowlist logic that permitted session keys to bypass allowlist restrictions...

Improper Input Validation

org.apache.tomcat, tomcat-coyote is vulnerable to Improper Input Validation. The vulnerability is due to incorrect error handling of invalid HTTP priority headers, which causes incomplete clean-up of failed requests and a memory leak, allowing an attacker to send many malformed requests to exhaus...

OS Command Injection

aworld is vulnerable to OS Command Injection. The vulnerability is due to improper input sanitization due to unsafe use of subprocess.run and subprocess.Popen in AWorld/aworld/virtualenvironments/terminals/shelltool.py, which allows remote attackers to execute arbitrary operating system commands ...

Regular Expression Denial Of Service (ReDoS)

Transformers is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression processing due to a regex with exponential time complexity in the SubWordJapaneseTokenizer class, leading to excessive backtracking and high CPU usage...

Reflected Cross-Site Scripting (Reflected XSS)

yeswiki/yeswiki is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper sanitization of user input in the file upload form, which allows attackers to craft malicious links that execute arbitrary scripts in the victim’s browser...

Remote Code Execution (RCE)

yeswiki/yeswiki is vulnerable to Remote Code Execution RCE. The vulnerability is due to arbitrary file write, which allows attackers to upload PHP files that can be executed on the server...

Denial Of Service (DoS)

vLLM is vulnerable to Denial Of Service DoS . The vulnerability is due to improper ZeroMQ socket binding caused by the XPUB socket being bound to all interfaces without access control in multi-node deployments, which allows an attacker to connect to the socket and either receive internal data or...

Cross-Site Scripting (XSS)

yeswiki/yeswiki is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to insufficient sanitization of user-supplied input in URLs, which allows attackers to inject malicious scripts that are reflected in the server’s response...