Remote Code Execution (RCE)

moodle/moodle is vulnerable to Remote Code Execution RCE. The vulnerability is due to its default access permissions for teachers and managers on sites, which allows teachers and managers to potentially execute arbitrary code when the repository is enabled...

Remote Code Execution (RCE)

Wazuh is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization due to improper handling of serialized JSON objects in the DistributedAPI, allowing arbitrary code execution via crafted input...

Authentication Bypass

OctoPrint is vulnerable to Authentication Bypass. The vulnerability is due to insufficient authentication checks allowing direct access to rendered HTML of certain frontend pages. Attackers can exploit this to potentially access sensitive UI components...

Private Key Exfiltration

xrpl.js is vulnerable to Private Key Exfiltration. The vulnerability is due to malicious code injection due to compromised package versions designed to steal private keys...

Token Leakage

github.com/minio/operator is vulnerable to Token Leakage. The vulnerability is due to improper audience scoping of the defaulting of spec.audiences to the Kubernetes apiserver without proper restrictions, allowing tokens to be replayed to other internal systems...

Cross-Site Scripting (XSS)

github.com/songquanpeng/one-api is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input validation and sanitization of the argument "Homepage Content/About System/Footer.", allows malicious content to be injected and executed in the user's browser...

Cross-site Scripting (XSS)

Laravel Starter is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization that allowing users to inject malicious JavaScript code into the tag name field...

Cross-site Scripting (XSS)

org.opencms, opencms-core is vulnerable to stored cross-site scripting XSS. The vulnerability is due to improper handling of the author parameter under the Create/Modify article function, allowing attackers to inject arbitrary web scripts or HTML via a crafted payload...

Denial Of Service (DoS)

github.com/osrg/gobgp is vulnerable to a Denial of Service DoS. The vulnerability is due to insufficient input validation in the pkg/packet/bgp/bgp.go flowspec parser, where the parser fails to handle inputs smaller than 20 bytes, allowing an attacker to send specially crafted data that causes a...

Heap-based Buffer Under-read

libxml2.so is vulnerable to a Heap-based buffer under-read. The vulnerability is due to improper handling of identity constraints in the XML schema processing, specifically in the xmlSchemaIDCFillNodeTables function in xmlschemas.c, allows a heap-based buffer under-read when certain identity...

Denial Of Service (DoS)

github.com/osrg/gobgp is vulnerable to Denial Of Service DoS The vulnerability is due to missing validation of the softwareVersionLen field, allowing an attacker to send a crafted BGP packet with a zero softwareVersionLen value to crash the GoBGP process and cause a denial of service...

Improper Input Validation

github.com/osrg/gobgp is vulnerable to improper input validation. The vulnerability is due to insufficient boundary checking when parsing RTR messages, which allows an attacker to send a malformed RTR message that could result in a buffer over-read or denial of service DoS, potentially causing th...

Denial Of Service (DoS)

github.com/osrg/gobgp is vulnerable to Denial Of Service DoS. The vulnerability is due to improper input length validation in the GoBGP code. Specifically, in pkg/packet/mrt/mrt.go, the code does not properly check the expected byte lengths 12 or 36 bytes based on the address family, allowing...

Denial Of Service (DoS)

github.com/traefik/traefik is vulnerable to Denial Of Service DoS. The vulnerability is due to improper input validation and insufficient handling of malformed tokens during parsing, allows the attacker to exploit the system by sending a crafted token that triggers excessive memory consumption...

Remote Code Execution (RCE)

PyTorch is vulnerable to Remote Command Execution RCE. The vulnerability is due to unsafe deserialization due to the use of torch.loadweightsonly=True on untrusted model files, allowing an attacker to execute arbitrary code by supplying a maliciously crafted model...

Unintended Scope Exposure

SES is vulnerable to unintended scope exposure. The vulnerability is due to improper isolation due to top-level let, const, or class bindings in...

Validation Bypass

Fastify is vulnerable to validation bypass. The vulnerability is due to improper normalization and matching of the Content-Type header, allowing attackers to evade validation by altering casing or whitespace...

Improper Authentication

rasapro is vulnerable to Improper Authentication. The vulnerability is due to voice connectors not properly implementing authentication, even when a token is configured in the credentials.yml file, allowing an attacker to submit voice data from an unauthenticated source...

Cross-site Scripting (XSS)

Liferay Portal is vulnerable to Stored Cross-site Scripting XSS. The vulnerability is due to improper handling of radio button type custom fields, allowing remote authenticated attackers to inject malicious JavaScript into a page...

Cross-Site Scripting (XSS)

pear/httprequest2 is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the lack of proper sanitization and escaping of user input in the affected files tests/network/getparameters.php and tests/network/postparameters.php, which allows GET and POST parameters to be reflected...

Timing Attack

github.com/mattermost/mattermost-server is vulnerable to a Timing attack. The vulnerability is due to improper implementation of constant time comparison when comparing the MSTeams plugin webhook secret, allows an attacker to exploit timing differences in the comparison process to extract the...

XML Entity Expansion (XEE)

org.apache.solr, solr-core is vulnerable to an XML Entity Expansion XEE. The vulnerability is due to XML resource consumption caused by the use of XML DOCTYPE and ENTITY declarations, which allows an attacker to trigger excessive memory usage during XML parsing, leading to out-of-memory errors...

Incorrect Authorization

github.com/mattermost/mattermost-server is vulnerable to Incorrect Authorization. The vulnerability is due to insufficient access control mechanisms within the integration between the AI and Wrangler plugins in Mattermost. Specifically, Mattermost fails to properly validate or restrict the use of...

Improper Access Control

github.com/mattermost/mattermost-server is vulnerable to improper access control. The vulnerability is due to insufficient enforcement of MFA checks due to a failure to verify that the requesting user matches the target user ID when modifying MFA settings, allowing privilege escalation...

Unauthorized Access

github.com/mattermost/mattermost-server is vulnerable to Unauthorized Access. The vulnerability is due to improper access control due to a failure to enforce the "Allow Users to View Archived Channels" setting when fetching metadata from archived channels, which allows an attacker to access...

Denial Of Service (DoS)

http-proxy-middleware is vulnerable to Denial Of Service DoS. The vulnerability is due to improper conditional logic due to the absence of "else if", which allows an attacker to trigger writeBody twice and potentially disrupt normal application behavior...

XML External Entity (XXE) Injection

RichText is vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper input validation due to unsafe XML elements being processed in user-editable RichText fields, allowing attackers with edit permissions to read server files...

Improper Request Handling

http-proxy-middleware is vulnerable to Improper Request Handling. The vulnerability is due to improper request handling caused by fixRequestBody executing even when bodyParser has failed, which allows attackers to smuggle malicious HTTP requests...

Prompt Injection

github.com/mattermost/mattermost-server is vulnerable to prompt injection. The vulnerability is due to insufficient domain restriction to the AI plugin's Jira tool, allowing authenticated users to exfiltrate data from arbitrary servers via crafted prompts...

Information Disclosure

@backstage/plugin-permission-backend is vulnerable to information disclosure. The vulnerability is due to improper handling of conditional decisions in the permission backend, allowing callers to infer sensitive information...

Improper Access Control

github.com/mattermost/mattermost-server is vulnerable to Improper Access Control. The vulnerability is due to improper enforcement of the 'Allow users to view/update archived channels' system setting, which allows authenticated users to access member information in archived channels even when the...

Cross-site Scripting (XSS)

golang.org/x/net is vulnerable to improper parsing logic. The vulnerability is due to incorrect tag interpretation in unquoted attribute values ending with a solidus / being mistakenly marked as self-closing, especially in foreign content like or . which allows attackers to exploit content in the...

Deserialization Of Untrusted Data

Whoogle Search is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to improper input sanitization due to the handling of crafted search queries in the /models/config.py component...

Denial Of Service (DoS)

PyTorch is vulnerable to Denial of Service DoS. The vulnerability is due to improper input handling in the torch.nn.functional.ctcloss function, which can be exploited locally to trigger a crash...

Authentication Bypass

Dpanel is vulnerable to Authentication Bypass. The vulnerability is due to use of a hardcoded JWT secret due to the default configuration embedding a static secret, allowing attackers to forge valid tokens and gain unauthorized administrative access...

Sensitive Information Disclosure

Weblate is vulnerable to Sensitive Information Disclosure. The vulnerability is due to exposed sensitive data due to source repository URLs containing credentials being included in client-side URL parameters and logs in plaintext...

Incorrect Execution-Assigned Permissions

aws-cdk-lib is vulnerable to Incorrect Execution-Assigned Permissions. The vulnerability is due to unexpected Aspect execution order due to the introduction of a new priority system that overrides hierarchical aspect evaluation, potentially leading to incorrect permissions boundaries being assign...

Cross-site Scripting (XSS)

jquery-validation is vulnerable to Cross-site Scripting XSS. The vulnerability is due to unsanitized user input in the showLabel function due to improper handling of placeholder values that populate messages via $.validator.messages...

Server-Side Request Forgery (SSRF)

Kyverno is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of Service Call destinations due to the ability of attackers to craft policies that initiate requests to arbitrary servers under their control...

Improper Authorization

github.com/nats-io/nats-server is vulnerable to Improper Authorization. The vulnerability is due to missing access restrictions due to certain JetStream management API requests lacking proper access controls, allowing unauthorized administrative actions across accounts...

Denial Of Service (DoS)

vllm is vulnerable to Denial of Service DoS. The vulnerability is due to unbounded in-memory cache growth due to allowing unique schema requests to continually populate the grammar cache, potentially exhausting system RAM...

Privilege Escalation

github.com/argoproj/argo-events is vulnerable to Privilege Escalation. The vulnerability is due to insufficient permission controls due to allowing users with EventSource and Sensor custom resource permissions to escalate privileges and gain access to the host system and cluster...

Incorrect Authorization

Mattermost is vulnerable to Incorrect Authorization. The vulnerability is due to inadequate permission validation that allowing users with delegated granular admin roles to modify system administrators without proper restrictions...

Stack Based Buffer Overflow

org.jsonschema2pojo, jsonschema2pojo-core is vulnerable to Stack-based buffer overflow. The vulnerability is due to improper input validation in the apply function of the SchemaRule.java file, allows attackers to exploit the function, leading to a stack-based buffer overflow...

Authentication Bypass

github.com/mattermost/mattermost-server is vulnerable to a Authentication Bypass. The vulnerability is due to inadequate cache management during the user-to-bot conversion process, which allows an attacker to log in to the bot once using the original user credentials by bypassing normal...

Unauthorized Metadata Access

Mattermost is vulnerable to unauthorized metadata access. The vulnerability is due to improper validation and a failure to check if a file has been deleted when creating a bookmark, allowing an attacker to create bookmarks for deleted files and access their metadata...

OS Command Injection

tcg/voyager is vulnerable to OS Command Injection. The vulnerability is due to insufficient validation of input passed to a specific PHP Artisan command, allowing authenticated administrators to execute arbitrary OS commands in Laravel 8 or later...

Denial Of Service (DoS)

golang.org/x/crypto are vulnerable to a Denial Of Service DoS. The vulnerability is due to incomplete or slow key exchanges, which cause pending content to be read into memory but never transmitted, allowing an attacker to consume server resources and cause a denial of service...

Cross-Site Request Forgery (CSRF)

github.com/gorilla/csrf is vulnerable to Cross Site Request Forgery CSRF. The vulnerability is due to improper origin validation caused by relying on the r.URL.Scheme field to detect TLS, which is not set for server requests, allowing an attacker with XSS on a related domain to perform...

Unauthorized Access

@directus/api is vulnerable to Unauthorized Data Access. The vulnerability is due to insecure logging practices. Specifically, the access token in the query string is not redacted when the LOGSTYLE is set to raw, allowing sensitive information to be exposed in system logs...