38111 matches found
Cross-Site Scripting (XSS)
@sveltejs/kit is vulnerable to cross-site scripting XSS. The vulnerability is due to improper sanitization of search parameter names when iterating over event.url.searchParams in server load functions, allowing attackers to inject malicious scripts via crafted URLs...
XML External Entity (XXE) Injection
ibexa/fieldtype-richtext is vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper XML input sanitization due to unsafe elements being allowed in RichText XML, potentially enabling attackers to read server files...
Insertion Of Sensitive Information Into Log File
Apache Pulsar is vulnerable to Insertion of Sensitive Information into Log File. The vulnerability is due to sensitive data exposure due to logging of plaintext Kafka credentials in application logs by various Kafka connectors...
Sandbox Escape
CefSharp is vulnerable to Sandbox Escape. The vulnerability is due to improper handling of system resource handles in Mojo under certain unspecified conditions, allows a malicious file to exploit the flaw and escape the sandbox...
Denial Of Service (DoS)
helm.sh/helm/v3 is vulnerable to Denial Of Service DoS. The vulnerability is due to memory exhaustion due to specially crafted chart archives that decompress to a size significantly larger than their compressed form...
HTTP Request Smuggling
github.com/clickhouse/ch-go is vulnerable to HTTP Request Smuggling. The vulnerability is due to improper parsing or handling of HTTP requests. Specifically, the vulnerability arises from the way large, uncompressed malicious external data is processed, allowing an attacker to smuggle an addition...
Cross-Site Scripting
yiisoft/yii is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to in specific scenarios where the fallback error renderer is used, allowing an attacker to execute arbitrary scripts in the context of the user’s browser...
Arbitrary File Disclosure
Vite is vulnerable to Arbitrary File Disclosure. The vulnerability is due to incorrect assumptions about the presence of in req.url, which is permitted by some runtimes Node, Bun despite being invalid per HTTP specs, allowing attackers to bypass file system access restrictions using path traversa...
Improper Access Control
github.com/mattermost/mattermost-server is vulnerable to Improper Access Control. The vulnerability is due to insufficient enforcement of access restrictions on the /api/v4/audits endpoint, allowing users with delegated granular administration roles to access User Activity Logs without Compliance...
HTML Injection
verbb/formie is vulnerable to HTML injection. The vulnerability is due to insufficient sanitization of HTML content in the email notification preview feature, allows an attacker to inject malicious HTML content into the email notification preview...
Unauthorized Network Access
jupyter-remote-desktop-proxy is vulnerable to unauthorized network access. The vulnerability is due to jupyter-remote-desktop-proxy not properly restricting VNC server access to UNIX sockets when using TigerVNC, allowing the server to be accessible over the network...
Cross-Site Scripting (XSS)
verbb/formie is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper output escaping when previewing imported form data, which allows an attacker to inject malicious scripts via tampered field labels or handles in the JSON export...
Stack Overflow
Helm is vulnerable to Stack Overflow. The vulnerability is due to uncontrolled recursion due to deeply nested $ref chains in JSON Schema files within charts, which can exceed the stack size limit during parsing...
Improper Input Validation
org.apache.poi:poi-ooxml is vulnerable to Improper Input validation. The vulnerability is due to improper input validation due to the lack of checks for duplicate ZIP entry names in OOXML files, which can lead to inconsistent parsing behavior across different products...
Cross-site Scripting (XSS)
Silverstripe Framework is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient server-side sanitization due to reliance on client-side filtering of specially crafted encoded payloads submitted by content editors...
Cross-site Scripting (XSS)
dnadesign/silverstripe-elemental is vulnerable to cross-site scripting XSS. The vulnerability is due to improper input handling due to failure to cast user input before rendering it in the "Content blocks in use" report grid field...
SQL Injection
joomla/database is vulnerable to SQL injection. The vulnerability is due to improper handling of identifiers due to the quoteNameStr method not safely escaping input, which can allow injection if used in extended classes...
Unsolicited Email Subscription (Spam Abuse)
Shopware is vulnerable to Unsolicited Email Subscription Spam Abuse. The vulnerability is due to insecure default double-opt-in settings due to the lack of confirmation requirements for newsletter sign-ups, allowing attackers to register arbitrary emails and trigger unsolicited emails without use...
Remote Code Execution (RCE)
BentoML is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of specific headers and parameters in POST requests, which allows remote code execution RCE on the server...
SQL Injection
crud-query-parser is vulnerable to SQL Injection. The vulnerability is due to improper neutralization of the order/sort parameter. Specifically, it occurs because there is no property filter setup when using the TypeORM adapter with ordering enabled, allowing an attacker to inject malicious SQL...
Denial Of Service (DoS)
github.com/bep/imagemeta is vulnerable to Denial Of Service DoS. The vulnerability is due to missing upper bounds on memory allocation when parsing metadata in PNG and WebP images, allowing an attacker to craft specially designed images with excessively large metadata...
Path Traversal
umbraco.cms is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths in the management API, allowing authenticated users to upload files to unintended locations...
Denial Of Service (DoS)
github.com/bep/imagemeta is vulnerable to Denial Of Service DoS. The vulnerability is due to untrusted input handling, which allows excessively large data structures to be defined in small payloads...
Denial Of Service (DoS)
XGrammar is vulnerable to Denial Of Service DoS. The vulnerability is due to unbounded in-memory caching of compiled grammars, allows an attacker to exhaust system memory due to unbounded in-memory caching of compiled grammars...
Insertion Of Sensitive Information Into Log Files
org.apache.activemq:artemis-project is vulnerable to Insertion of Sensitive Information into Log File. The vulnerability is due to improper handling of sensitive data in debug logging and the ConfigurationImpl logger exposing all broker property values, including credentials or tokens. It allows ...
SQL Injection
flowise-components is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the tableName parameter in PostgresVectorStore, which allows an attacker to execute arbitrary SQL commands...
Denial Of Service (DoS)
Elasticsearch is vulnerable to Denial Of Service DoS. The vulnerability is due to unbounded recursion due to improper handling of deeply nested GeometryCollection objects in Well-Known Text WKT format, which allows attackers to craft specially formatted input that triggers a stack overflow and...
Denial Of Service (DoS)
org.elasticsearch, elasticsearch is vulnerable to a Denial Of Service DoS. The vulnerability is due to a large recursion issue caused by the innerForbidCircularReferences function of the PatternBank class, which allows a user with the readpipeline privilege to crash the node...
Denial Of Service (DoS)
shopware/core is vulnerable to Denial of Service DoS. The vulnerability is due to lack of input length restrictions and inefficient processing of long password inputs, which allows attackers to consume excessive server resources...
Account Enumeration
shopware/core is vulnerable to Account Enumeration. The vulnerability is due to differing API responses that reveal whether an email address is associated with an account, allowing attackers to infer user registration status...
Prototype Pollution
js-object-utilities is vulnerable to Prototype Pollution. The vulnerability is due to unsanitized property assignment due to the lib.set function allowing attackers to modify the global prototype chain using crafted payloads...
Prototype Pollution
estree-util-value-to-estree is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of object properties due to generating ESTree expressions that interpret proto as a prototype rather than a normal property...
HTML Injection
pimcore/admin-ui-classic-bundle is vulnerable to HTML injection. The vulnerability is due to insufficient sanitization of the content parameter in the email sending functionality, allowing arbitrary HTML code to be injected into emails...
Denial Of Service (DoS)
@apollo/gateway is vulnerable to a Denial Of Service DoS. The vulnerability is due to inefficient query planning due to internal optimizations being bypassed when processing deeply nested and reused named fragments...
Denial Of Service (DoS)
Apollo Gateway is vulnerable to a Denial of Service DoS. The vulnerability is due to inefficient query planning due to deeply nested and reused named fragments that cause excessive resource consumption during named fragment expansion...
Prototype Pollution
tarteaucitron.js is vulnerable to prototype pollution. The vulnerability is due to improper input validation in the addOrUpdate function within the file tarteaucitron.js, which allowed manipulation of JavaScript object prototypes...
Clickjacking
tarteaucitronjs is vulnerable to clickjacking. The vulnerability is due to improper validation of user-controlled CSS inputs for element dimensions, allowing attackers to overlay the viewport with malicious elements...
Arbitrary Code Execution (ACE)
Tarteaucitron.js is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to insufficient URL validation, allowing a user with high privileges to input a URL with an insecure scheme, such as javascript:alert, which could lead to arbitrary JavaScript execution when clicked...
Authentication Bypass
org.graylog2, graylog2-server is vulnerable to Authentication Bypass. The vulnerability is due to HTTP Inputs not correctly rejecting messages when a specified header is missing or has an incorrect value, allowing the message to be ingested despite returning a 401 HTTP response...
Unsafe Deserialization
picklescan is vulnerable to Unsafe deserialization. The vulnerability is due to the ability to exploit built-in functions in the NumPy library that indirectly invoke dangerous functions like exec, allowing execution of arbitrary Python or OS commands...
Deserialization Attack
Picklescan is vulnerable to Deserialization Attack. The vulnerability is due to insecure deserialization by Picklescan's failure to detect malicious pickles, which allows an attacker to exfiltrate sensitive information via DNS...
Server Side Request Forgery (SSRF)
LNbits is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of callback URLs in the LNURL authentication handling functionality, allowing attackers to access internal resources by specifying internal network addresses...
Remote Code Execution (RCE)
Picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient detection of dangerous deserialization behavior due to bypassing security checks by invoking benign built-in functions like timeit.timeit in the reduce method, which are not blacklisted and allow...
SQL Injection
apache-airflow-providers-common-sql is vulnerable to SQL Injection. The vulnerability is due to improper input sanitization due to unescaped input in the partitionclause parameter of SQLTableCheckOperator, allowing authenticated users to inject arbitrary SQL when triggering DAGs...
Missing Authentication For Critical Function
Langflow is vulnerable to Missing Authentication for Critical Function. The vulnerability is due to improper input validation due to unsanitized user input being passed to the /api/v1/validate/code endpoint, allowing arbitrary code execution...
Denial Of Service (DoS)
@apeleghq/asn1-der is vulnerable to Denial of ServiceDoS. The vulnerability is due to incorrect arithmetic in the numBitLen function due to the use of the operator causing negative results for values between 2³¹ and 2³²-1, and attackers can exploit this to trigger an infinite loop and cause a...
Incorrect Authorization
api-platform/core is vulnerable to Incorrect Authorization. The vulnerability is due to improper access control caused by the use of the Relay special node type, which allows bypassing the configured security on an operation...
Command Injection
jupyterlabgit is vulnerable to Command Injection. The vulnerability is due to improper handling of shell command substitution in directory names when using cd through the shell, which allows an attacker to execute arbitrary commands without user consent...
Cross-Site Request Forgery (CSRF)
concrete5/concrete5 is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to insufficient sanitization and addresses not being properly sanitized in the output when a country is not specified. It allows an attacker with limited permissions to glean restricted information,...
Insecure Deserialization
lmdeploy is vulnerable to Insecure Deserialization. The vulnerability is due to unsafe handling in the loadweightckpt of the file lmdeploy/lmdeploy/vl/model/utils.py of the component PT File Handler, allowing local attackers to exploit it...