Cross-Site Scripting (XSS)

yeswiki/yeswiki is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization of the idformulaire parameter on the /?BazaR endpoint, which allows attackers to perform reflected cross-site scripting attacks to steal session cookies, hijack user sessions,...

Unauthorized Backup Access

yeswiki/yeswiki is vulnerable to unauthorized backup access. The vulnerability is due to missing authentication checks and predictable backup filenames, which allows an attacker to create and download backup archives without authentication...

Cross-Site Scripting (XSS)

yeswiki/yeswiki is vulnerable to reflected cross-site scripting. The vulnerability is due to insufficient sanitization of user-supplied input in URL parameters, which allows malicious scripts to be injected and executed in the context of a user's browser...

Insufficient Session Expiration

@auth0/nextjs-auth0 is vulnerable to Insufficient Session Expiration. The vulnerability is due to missing expiration claim due to not invoking .setExpirationTime when generating JWE tokens, allowing tokens to remain valid beyond intended session duration...

Denial Of Service (DoS)

python-markdownify is vulnerable to Denial Of Service DoS. The vulnerability is due to memory exhaustion due to handling excessively large HTML headline tags like , which consume significant memory during processing...

Denial Of Service (DoS)

net-imap is vulnerable to Denial Of Service DoS. The vulnerability is due to memory exhaustion due to automatic and unchecked memory allocation when handling large 'literal' byte counts in server responses from untrusted IMAP servers...

Code Injection

org.apereo.cas:cas-management-webapp-support is vulnerable to Code Injection. The vulnerability is due to improper input handling due to unsanitized Groovy code execution in the saveService function, which allows remote attackers to inject and execute arbitrary code...

Missing Authorization

org.springframework.boot is vulnerable to Missing Authorization. The vulnerability is due to incorrect request matching caused by EndpointRequest.to creating a matcher for null/ when the targeted actuator endpoint is disabled or not exposed, which allows unprotected access to the /null path...

Time-of-check Time-of-use (TOCTOU) Race Condition

snowflake.data is vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition. The vulnerability is due to improper verification of the file owner when reading a user-provided logging configuration file on Linux and macOS, allowing a local attacker to overwrite the configuration and contro...

Regular Expression Denial Of Service (ReDoS)

org.apereo.cas, cas-server-core-configuration-metadata-repository is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to improper processing of the "Name" argument without input validation, which allows remote attackers to trigger excessive backtracking and degra...

Time-of-Check To Time-of-Use (TOCTOU) Race Condition

snowflake-sdk is vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition. The vulnerability is due to improper validation of file ownership and permissions during logging configuration loading, allowing an attacker to modify the file between the check and its use...

Cross-site Scripting (XSS)

n8n is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper MIME type handling in the attachments view endpoint, allowing malicious files to be interpreted as HTML and executed in the browser...

Arbitrary File Upload

net.mingsoft, ms-mcms is vulnerable to Arbitrary File Upload. The vulnerability is due to insufficient validation of uploaded files in MCMS, allowing attackers to upload and execute crafted files, leading to remote code execution...

Cross-Site Scripting (XSS)

org.opencms, opencms-core is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper input sanitization in the Create/Modify article function, allowing JavaScript injection via the image title sub-field...

Insufficient Verification Of Data Authenticity

react-router is vulnerable to data spoofing. The vulnerability is due to improper request validation allows the ability to manipulate pre-rendered data via custom headers, allowing full modification of the data object embedded in HTML...

Denial Of Service (DoS)

@trpc/server is vulnerable to Denial Of Service DoS. The vulnerability is due to improper input validation due in unhandled error when validating malformed connectionParams in WebSocket connections, allowing unauthenticated users to crash the server...

HTTP Request Smuggling

h11 is vulnerable to HTTP Request Smuggling. The vulnerability is due to improper input validation in lenient parsing of line terminators in chunked transfer encoding, which can be exploited when combined with a misconfigured proxy...

Cache Poisoning

react-router is vulnerable to Cache Poisoning. The vulnerability is due to improper request handling due to allowing header-based switching from SSR to SPA mode, which can trigger an error response that is then cached, affecting application availability...

Denial Of Service (DoS)

github.com/mattermost/mattermost-server is vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient input validation caused by a failure to properly validate user-controlled props in the RetrospectivePost custom post type of the Playbooks plugin, which allows an attacker to...

Denial Of Service (DoS)

github.com/mattermost/mattermost-server is vulnerable to Denial Of Service DoS. The vulnerability is due to missing validation of uniqueness and quantity of task actions in the UpdateRunTaskActions GraphQL operation, allowing attackers to overload the server by submitting excessive actions...

Improper Domain Validation

org.apache.httpcomponents.client5, httpclient5 is vulnerable to improper domain validation. The vulnerability is due to disabled domain checks where a bug in the PSL validation logic, affecting cookie management and host name verification, which allows an attacker to perform cookie injection or...

Improper Authorization

github.com/mattermost/mattermost-server is vulnerable to improper authorization. The vulnerability is due to insufficient permission validation for the API endpoint /plugins/playbooks/api/v0/signal/keywords/ignore-thread, allowing any user or attacker to delete posts created by the Playbooks bot...

Improper Neutralization Of Escape, Meta, Or Control Sequences

Apache Tomcat is vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences. The vulnerability is due to certain uncommon rewrite rule configurations, specially crafted requests to bypass these rules, which allows an attacker to circumvent security constraints enforced by them...

Time-of-check Time-of-use (TOCTOU) Race Condition

github.com/snowflakedb/gosnowflake is vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition. The vulnerability is due to insufficient file ownership validation in checking and using the logging configuration file; this allows local attackers with write access to the file or its...

Restriction Bypass

@escape.tech/graphql-armor-cost-limit is vulnerable to Restriction bypass. The vulnerability is due to the default enabling of the ignoreIntrospection setting in GraphQL servers, which fails to enforce query cost restrictions when a query or fragment is named schema, allows attackers to bypass co...

Authentication Bypass

github.com/k3s-io/k3s is vulnerable to unintended unauthenticated access. The vulnerability is due to a Kubernetes kubelet configuration change that, in some cases, sets ReadOnlyPort to 10255, allowing unauthenticated access and potential exposure of credentials...

Privilege Escalation

github.com/rancher/rancher is vulnerable to privilege escalation. The vulnerability is due to improper namespace isolation due to using the project name as the namespace for storing related resources, allowing users to gain access to projects in different clusters...

Improper Certificate Validation

github.com/rancher/steve is vulnerable to improper certificate validation. The vulnerability is due to the default setting does not verify the certificate presented by the remote server, which allows an attacker to intercept or alter TLS communications...

Remote Code Execution

craftcms/cms is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient sanitization or validation that allows attackers to execute arbitrary code remotely in affected versions...

Man-In-The-Middle (MITM)

github.com/rancher/flee is vulnerable to Man-in-the-Middle MitM attack. The vulnerability is due to improper certificate validation and Fleet automatically trusting remote server SSH certificates if not listed in the knownhosts file, allowing potential spoofing by an attacker...

Sensitive Information Disclosure

moodle/moodle is vulnerable to Sensitive Information Disclosure. The vulnerability is due to insufficient error handling due to stack traces exposing sensitive user data such as names, contact information, and hashed passwords to unauthenticated users through specific API calls...

Sensitive Information Disclosure

moodle/moodle is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper access control to search functionality exposing student identities in anonymous assignment submissions...

Unauthorized RSS Feed Access

moodle/moodle is vulnerable to Unauthorized RSS Feed Access. The vulnerability is due to insufficient capability checks that allows unauthorized users to access and view RSS feeds...

Improper Access Control

moodle/moodle is vulnerable to Improper Access Control. The vulnerability is due to missing authentication enforcement, which allows users to enroll in courses without completing two-step verification...

Cross-Site Request Forgery (CSRF)

moodle/moodle is vulnerable to cross-site request forgery CSRF. The vulnerability is due to missing validation checks in the tour duplication feature, allowing unauthorized users to duplicate existing tours without logging in...

Unauthorized Access

moodle/moodle is vulnerable to Unauthorized Access. The vulnerability is due to insufficient access control or improper enforcement of two-factor authentication 2FA, which allows an attacker to access sensitive student information before identity verification is complete...

Unauthorized Access

moodle/moodle is vulnerable to Unauthorized Access. The vulnerability is due to broken access control and missing capability checks in certain grade reports, allowing unauthorized users to view restricted information...

Cross-Site Scripting

moodle/moodle is vulnerable to Cross-site scripting XSS. The vulnerability is due to insufficient sanitization of the return URL in the policy tool, allows for malicious scripts to be executed...

Unauthorized Data Access

moodle/moodle is vulnerable to Unauthorized Data Access. The vulnerability is due to lack of proper validation of user permissions before allowing access to cohort data, which allows an attacker to view cohort information they are not authorized to access...

Information Disclosure

moodle/moodle is vulnerable to an Information Disclosure. The vulnerability is due to insufficient capability checks, allowing users enrolled in a course to access details of other users without proper permission...

Insecure Deserialization

LLaMA-Factory is vulnerable to Insecure Deserialization. The vulnerability is due to insecure deserialization causing because of the use of torch.load on untrusted .bin files, allowing arbitrary command execution during deserialization...

Use Of Weak Hash

pnpm is vulnerable to Use of Weak Hash. The vulnerability is due to improper path shortening caused by the use of the md5 function for compression, which can cause different libraries to resolve to the same storage path if a hash collision occurs...

TLS Downgrade Attack

github.com/refraction-networking/utls is vulnerable to TLS Downgrade Attack. The vulnerability is due to missing downgrade protection caused due to failure to implement and verify the downgrade canary in TLS 1.3 handshakes when using a custom ClientHello spec, allowing an attacker to force a...

Server-Side Request Forgery (SSRF)

Crawl4AI is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper input validation and insufficient sanitization of user-controlled URLs in /crawl4ai/asyncdispatcher.py, allowing unauthorized internal network access...

Command Injection

youtubedlsharp is vulnerable to Command Injection. The vulnerability is due to unsafe argument conversion where the UseWindowsEncodingWorkaround being enabled by default, allowing malicious commands to be injected when starting yt-dlp on Windows...

SQL Injection

@posthog/plugin-server is vulnerable to SQL Injection. The vulnerability is due to the lack of proper validation of a user-supplied string before using it to construct SQL queries, allows attackers to inject malicious SQL code and execute arbitrary commands in the context of the database account...

Cross-Site Request Forgery (CSRF)

moodle/moodle is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to information leakage through URLs due to confidential CSRF protection data being exposed on edit and delete pages within the moddata module, allows an attacker to potentially perform Cross-Site Request...

Information Disclosure

moodle/moodle is vulnerable to an Information Disclosure. The vulnerability is due to inadequate input validation and authorization checks within the messaging web service, allows users to access data they are not authorized to view, such as other users' names and online statuses...

Cross-Site Request Forgery (CSRF)

moodle/moodle is vulnerable to Cross-site Request Forgery CSRF. The vulnerability is due to the absence of a CSRF token in the analysis request action of the Brickfield tool, allows attackers to forge unauthorized requests on behalf of authenticated users...

Remote Code Execution (RCE)

moodle/moodle is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper access control in the Moodle LMS Dropbox repository, allows teachers and managers, by default, to have access to the affected functionality, creating an opportunity for remote code execution...