Hash Collision Attack

vllm is vulnerable to hash collision and data integrity issues. The vulnerability is due to improper image serialization using only raw pixel bytes without metadata, allowing attackers to create images with identical hashes and exploit cache poisoning or access sensitive data...

Timing Side-channel Attacks

vllm is vulnerable to Timing side-channel attacks. The vulnerability is due to timing discrepancies during the prefill phase by the PageAttention mechanism reusing matching prefix chunks, which speeds up token generation and allows an attacker to infer prompt similarity or presence...

Improper Certificate Validation

redshift-connector is vulnerable to Improper Certificate Validation. The vulnerability is due to improper SSL certificate validation due to the BrowserAzureOAuth2CredentialsProvider plugin skipping SSL verification for the Identity Provider, allowing token interception...

Sensitive Information Disclosure

github.com/edgelesssys/contrast is vulnerable to information disclosure. The vulnerability is due to improper logging configuration due to secrets being written to stderr and Kubernetes logs when the log level is set to info or debug, which is the default...

Improper Access Control

Apache Commons BeanUtils is vulnerable to Improper Access Control. The vulnerability is due to insecure property access due to failure to restrict access to the declaredClass property of Java enums, allowing attackers to access the classloader and potentially execute arbitrary code...

Open Redirection

mautic/core is vulnerable to Open Redirection. The vulnerability is due to insufficient validation of the returnUrl parameter, which allows an attacker to redirect users to arbitrary external websites, potentially enabling phishing attacks...

Regular Expression Denial Of Service (ReDoS)

vLLM is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to the use of a highly complex and nested regular expression for tool call detection, which allows an attacker to trigger excessive backtracking and degrade service performance...

Insecure Direct Object Reference (IDOR)

mautic/core is vulnerable to an Insecure Direct Object Reference IDOR. The vulnerability is due to missing authorization checks in the segment cloning function, which allows authenticated users to clone segments even if they don’t have the necessary permissions...

Regular Expression Denial Of Service (ReDoS)

vllm is vulnerable to Regular Expression Denial of Service ReDoS attacks. The vulnerability is due to certain regular expression patterns that lead to catastrophic backtracking when processing crafted input, allowing an attacker to slow down or crash the application...

Cross-Site Scripting (XSS)

github.com/argoproj/argo-cd is vulnerable to cross-site scripting XSS. The vulnerability is due to improper URL protocol filtering on the repository page, allowing attackers to perform actions such as creating, modifying, and deleting Kubernetes resources via the API...

Username Enumeration

mautic/core is vulnerable to User Enumeration. The vulnerability is due to differences in response times between valid and invalid usernames in the "Forget your password" functionality, which allows an attacker to determine the existence of valid usernames...

Unauthorized Access To Unpublished Page Previews

mautic/core is vulnerable to Unauthorized Access to unpublished page previews. The vulnerability is due to missing authorization checks on predictable preview URLs, allowing unauthenticated users and search engines to access and index draft content...

Sensitive Information Disclosure

mautic/core is vulnerable to Sensitive Information Disclosure. The vulnerability is due to unauthenticated arbitrary file access where the missing web server restrictions on .env files, allowing attackers to directly view sensitive configurations via a browser...

Unauthorized Access

com.ritense.valtimo:object-management and com.ritense.valtimo:objecten-api is vulnerable to Unauthorized Access. The vulnerability is due to improper access control and the lack of enforcement of object-management configurations, allowing unauthorized users to list, view, edit, create, or delete...

Directory Traversal

Traefik is vulnerable to Directory Traversal. The vulnerability is due to insufficient path sanitization due to the ability to manipulate URLs containing /../ which can bypass middleware and access unintended backend services when using PathPrefix, Path, or PathRegex matchers...

Directory Traversal

Traefik is vulnerable to Directory Traversal. The vulnerability is due to insufficient path sanitization due to the ability to manipulate URLs containing /../ which can bypass middleware and access unintended backend services when using PathPrefix, Path, or PathRegex matchers...

Cross-site Scripting (XSS)

chrome-php/chrome is vulnerable to cross-site scripting XSS. The vulnerability is due to improper encoding due to CSS Selector expressions not being properly escaped, allowing injection of malicious scripts...

OS Command Injection

LLama-Index CLI is vulnerable to OS Command Injection. The vulnerability is due to improper input handling due to unsanitized use of the --files argument passed directly into os.system, allowing arbitrary command execution...

Information Leakage

djangoselect2 is vulnerable to information leakage. The vulnerability is due to improper handling of instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget, allowing an attacker to access restricted query sets and sensitive data...

Server Side Request Forgery (SSRF)

@strapi/admin is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of webhook URLs, allowing requests to internal domains such as localhost and 127.0.0.1...

Deserialization Of Untrusted Data

org.apache.inlong, manager-pojo is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to insecure deserialization in InLong JDBC, which allows attackers to bypass security mechanisms and perform arbitrary file read attacks...

Deserialization Of Untrusted Data

Apache InLong is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to improper input validation during deserialization, which allows an attacker to exploit URL encoding and backspace characters to bypass security checks and perform a JDBC injection attack...

Path Traversal

@supabase/auth-js is vulnerable to Path Traversal . The vulnerability is due to missing UUID validation on user-supplied inputs, which allows an attacker to manipulate URL paths and invoke unintended API functions...

Prototype Pollution

Docarray is vulnerable to prototype pollution. The vulnerability is due to lack of input sanitization in the getitem function of torchdataset.py in the Web API component, allows an attacker to remotely manipulate object prototypes...

Validation Bypass

lomkit/laravel-rest-api is vulnerable to a Validation Bypass. The vulnerability is due to how the framework merged validation rules across multiple contexts, allowing malicious actors to bypass expected validations and inject unexpected parameters...

Credential Reuse Attack

github.com/arkmq-org/activemq-artemis-operator is vulnerable to Credential Reuse Attack. The vulnerability is due to improper password management where the activemq-artemis-operator generating static passwords that do not regenerate between separate CR dependencies, which allows an attacker to ga...

Regular Expression Denial Of Service (ReDoS)

marked is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expressions due to catastrophic backtracking when parsing HTML tags and markdown links with specially crafted input...

Out-of-Bounds Read

libassimp.so is vulnerable to Out-of-bounds Read. The vulnerability is due to improper input validation due to insufficient bounds checking in the LWOImporter::CountVertsAndFacesLWO2 function, which may allow local attackers to read unintended memory content...

Out-of-Bounds-Read

libassimp.so is vulnerable to out-of-bounds read. The vulnerability is due to insufficient bounds checking in the SkipSpaces function, which allows memory to be read beyond the valid buffer limits during local access...

Out-of-Bounds-Read

libassimp.so is vulnerable to an out-of-bounds read. The vulnerability is due to insufficient bounds checking in the MDLImporter::ParseSkinLump3DGSMDL7 function when parsing 3DGS MDL7 skin lumps, allowing a local attacker to read unintended memory...

Out-of-Bounds-Read

libassimp.so is vulnerable to out-of-bounds read. The vulnerability is due to improper input handling in the MDLImporter::InternReadFileQuake1 function of MDLLoader.cpp, which allows an attacker to read memory beyond buffer limits...

Out-of-Bounds-Read

libassimp.so is vulnerable to an out-of-bounds read. The vulnerability is due to insufficient validation of input data in the HL1MDLLoader::validateheader function, which allows a local attacker to read out-of-bounds memory...

Prototype Pollution

radashi is vulnerable to prototype pollution. The vulnerability is due to insufficient sanitization of the path argument in the set function, allowing injection of special object properties like proto, prototype, or constructor...

Information Disclosure

org.codelibs.fess, fess is vulnerable to Information Disclosure. The vulnerability is due to insecure temporary file creation by the use of createTempFile without setting restrictive permissions, which allows an attacker with local access to read sensitive data from these files...

Out-of-Bounds-Read

libassimp.so is vulnerable to an Out-of-Bounds-Read. The vulnerability is due to insufficient validation of input data in the MDCImporter::ValidateSurfaceHeader function, specifically involving the pcSurface2 argument, allows an out-of-bounds read when the function processes malformed or unexpect...

Arbitrary Code Execution

InspireMusic is vulnerable to Arbitrary Code Execution. The vulnerability is due to insecure deserialization due to unsafe use of Python's pickle module in the loadstatedict function, which can allow attackers to execute arbitrary code when loading untrusted data...

Out-of-Bounds-Read

libassimp.so is vulnerable to an out-of-bounds read. The vulnerability is due to improper bounds checking due to inadequate validation in the MDLImporter::InternReadFile3DGSMDL345 function of MDLLoader.cpp, which allows a local attacker to read data outside the intended memory bounds...

Cross-Site Scripting (XSS)

dotnetnuke.core is vulnerable to cross-site scripting XSS. The vulnerability is due to improper validation or sanitization of specially crafted URLs, allowing malicious scripts to be injected and executed through certain module actions...

Deserialization Of Untrusted Data

pypickle is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to improper handling of serialized data, which allows an attacker to execute arbitrary code when a malicious pickle file is loaded...

Improper Authorization

pypickle is vulnerable to Improper Authorization. The vulnerability is due to insufficient access control in the Save function of pypickle/pypickle.py, allowing local attackers to perform unauthorized actions...

Server Side Request Forgery (SSRF)

dotnetnuke.siteexportimport is vulnerable to Server Side Request Forgery SSRF. The vulnerability is due to insufficient validation where the SuperUser to specify an external URL during site export, which allows an attacker to import arbitrary data from external sources into the system...

Cross-Site Scripting (XSS)

dotnetnuke.core is vulnerable to cross-site scripting XSS. The vulnerability is due to uploaded SVG files containing scripts that, when rendered inline. It allows an attacker to execute malicious scripts in the context of the user’s browser...

Authorization Bypass

github.com/openfga/openfga is vulnerable to authorization bypass. The vulnerability is due to incorrect permission evaluation when usersets and type-bound public access overlap without proper tuple assignments, allowing attackers unauthorized resource access or actions...

XML External Entity (XXE) Injection

org.eclipse.jgit, org.eclipse.jgit is vulnerable to XML External Entity XXE attacks. The vulnerability is due to insecure handling of XML input by the ManifestParser and AmazonS3 classes when parsing XML files, allows an attacker to perform XML External Entity XXE attack...

Out-of-bounds Read

libassimp.so is vulnerable to Out-of-bounds Read. The vulnerability is due to improper input validation due to insufficient bounds checking of the iIndex argument in the MDLImporter::ImportUVCoordinate3DGSMDL345 function, which can lead to unauthorized memory access...

Out-of-bounds Read

libassimp.so is vulnerable to Out-of-Bounds Read. The vulnerability is due to improper input validation due to insufficient bounds checking in the LWOImporter::GetS0 function when handling the out argument, which can result in reading beyond allocated memory...

Out-of-Bounds Read

libassimp.so is vulnerable to Out-of-Bounds Read. The vulnerability is due to improper input validation due to a lack of bounds checking on the pcVerts argument in the MDCImporter::InternReadFile function, which can lead to reading memory outside the allocated buffer...

Sensitive Information Disclosure

zotregistry.dev/zot is vulnerable to Sensitive Information Disclosure. The vulnerability is due to exposed sensitive data due to the clientsecret being printed to container logs when Keycloak is used as an OIDC provider...

Denial Of Service (DoS)

github.com/gofiber/fiber/v2 is vulnerable to Denial Of Service DoS. The vulnerability is due to improper input handling in the Ctx.BodyParser method panicking when processing user-supplied input with negative slice indices instead of returning an error...

Directory Traversal

setuptools is vulnerable to Directory Traversal. The vulnerability is due to improper input validation in the PackageIndex component allowing arbitrary file writes to the filesystem, potentially leading to remote code execution...