Denial Of Service (DoS)

Gradio is vulnerable to a Denial of Service DoS. The vulnerability is due to the file upload process, which allows an attacker to append a large number of characters to the end of a multipart boundary, causing continuous processing and warnings...

Denial Of Service (DoS)

openwebui is vulnerable to Denial of Service DoS. The vulnerability is due to the application's processing of multipart boundaries without authentication, allowing attackers to manipulate boundary parsing and exhaust system resources...

Authorization Bypass

Next.js is vulnerable to Authorization Bypass. The vulnerability is due to improper handling of the x-middleware-subrequest header, allowing attackers to bypass authorization checks in middleware...

Denial Of Service (DoS)

vllm is vulnerable to Denial of Service DoS. The vulnerability is due to the unconditional use of the Outlines grammar cache in vLLM, which allows arbitrary schema entries to be stored without limits, leading to potential filesystem exhaustion and Denial of Service DoS...

SQL Injection

apacheairflowprovidersmysql is vulnerable to SQL Injection. The vulnerability is due to insufficient input validation and improper sanitization of user-supplied input in the dumpsql and loadsql functions, allowing attackers to inject and execute unintended SQL commands...

Authentication Bypass

fast-jwt is vulnerable to Authentication Bypass. The vulnerability is due to improper validation of the iss claim, allowing an array of strings as a valid issuer, which can be exploited for JWT forgery and authentication bypass attacks...

Remote Code Execution (RCE)

Kedro is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization due to the ShelveStore class using Python's shelve module, which relies on pickle for serialization, allowing attackers to craft malicious payloads that execute arbitrary Python code upon...

Relative Path Traversal

mlflow is vulnerable to Relative Path Traversal. The vulnerability is due to improper URL handling due to the dbfs service concatenating URLs directly into the file protocol, allowing arbitrary file reads when the service is mounted to a local directory...

Denial Of Service (DoS)

quivr-core is vulnerable to Denial Of Service DoS. The vulnerability is due to improper request handling due to the file upload feature allowing unauthenticated attackers to append characters to a multipart boundary in an HTTP request, causing excessive resource consumption and rendering the...

Remote Code Execution (RCE)

vllm is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization exposed over ZMQ/TCP on all network interfaces when vLLM is configured to use Mooncake, allowing an attacker to execute arbitrary code on distributed hosts...

Cart Manipulation

sylius/paypal-plugin is vulnerable to cart manipulation. The vulnerability is due to improper order validation and enforcement after PayPal payment authorization, allowing users to alter their cart contents before finalizing the order...

Denial Of Service (DoS)

github.com/getkin/kin-openapi is vulnerable to Denial Of Service DoS. The vulnerability is due to the ZipFileBodyDecoder being automatically registered by the module, contrary to the documentation, allowing attackers to upload malicious ZIP files and cause excessive memory usage...

Cross-Site Scripting (XSS)

clickstorm/cs-seo is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper encoding of user input in the TYPO3 backend user interface, allowing a logged-in backend user to inject malicious scripts...

Credentials Exposure

github.com/openshift/hive is vulnerable to credential exposure. The vulnerability is due to improper handling of sensitive credentials, allowing them to be stored in the ClusterProvision object instead of being securely managed within Kubernetes Secrets...

Denial Of Service

github.com/expr-lang/expr is vulnerable to Denial of Service. The vulnerability is due to the absence of input size restrictions, allowing the parser to process arbitrarily large expressions...

Regular Expression Denial Of Service (ReDoS)

Uptime Kuma is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to catastrophic backtracking in the regular expression when processing user-provided strings for notifications, allowing an attacker to cause a denial of service with a specially crafted string...

Privilege Escalation

github.com/containerd/containerd is vulnerable to Privilege Escalation. The vulnerability is due to an integer overflow and improper handling of UID:GID values larger than the maximum 32-bit signed integer, allowing containers to run as root UID 0...

Uncontrolled Recursion

Square Wire is vulnerable to Uncontrolled Recursion. The vulnerability is due to uncontrolled recursion depth due to the lack of a recursion limit on nested groups in ByteArrayProtoReader32.kt and ProtoReader.kt, which can lead to excessive resource consumption or stack overflow...

Cross-site Scripting (XSS)

Contao is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper file validation due to users being able to upload SVG files containing malicious code, which can be executed in the back end and/or front end...

Regular Expression Denial Of Service (ReDoS)

jsPDF is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to improper input validation due to user-controlled arguments in the addImage, html, and addSvgAsImage methods allowing the use of harmful data URLs, leading to high CPU utilization and service disruption...

Cross-site Scripting (XSS)

codingms/additional-tca is vulnerable to cross-site scripting XSS. The vulnerability is due to improper input encoding due to a logged-in backend user being able to inject HTML content through the TYPO3 backend user interface, leading to potential XSS attacks...

Information Disclosure

github.com/metal3-io/baremetal-operator is vulnerable to Information Disclosure. The vulnerability is due to improper access control, allows an attacker to access and exfiltrate Secrets from unauthorized namespaces by creating a BMCEventSubscription in a controlled namespace...

Unintended Secret Exposure

github.com/docker/buildx is vulnerable to unintended secret exposure. The vulnerability is due to improper handling of sensitive data in OpenTelemetry traces and BuildKit daemon's history records, that allows an attacker to access sensitive secrets by extracting them...

Payment Manipulation

Sylius PayPal Plugin is vulnerable to Payment Manipulation. The vulnerability is due to PayPal not receiving updated totals after item quantity changes, allowing attackers to pay less than the actual order value, causing financial losses for merchants...

Privilege Escalation

camaleoncms is vulnerable to Privilege Escalation. The vulnerability is due to the use of the dangerous permit! method through mass assignment, which allows all parameters to pass through without filtering...

Unauthorised Access

k8s.io/kubernetes is vulnerable to Unauthorized Access. The vulnerability is due to improper isolation of gitRepo volumes, which allows users with pod creation permissions to access git repositories from other pods on the same node...

Arbitrary File Upload

flowise is vulnerable to Arbitrary File Upload. The vulnerability is due to lack of access control in the whitelisted route /api/v1/attachments, allowing an unauthorized attacker to upload arbitrary files when storageType is set to local default...

Denial Of Service (DoS)

github.com/cosmos/cosmos-sdk is vulnerable to Denial of Service. The vulnerability is due to improper proposal handling due to malicious proposals triggering errors in the module's end blocker, potentially resulting in a chain halt...

Improper Validation Of Array Index

github.com/onosproject/onos-lib-go is vulnerable to Improper Validation of Array Index. The vulnerability is due to an index out-of-range error in the GetBitString function. An attacker can cause a denial of service by sending crafted input that specifies a zero value for numBits...

XML Signature Bypass

xml-crypto is vulnerable to an XML Signature Bypass. The vulnerability is due to improper validation of signed XML structures, allowing an attacker to modify a signed XML message while still passing signature verification checks...

XML Signature Manipulation

xml-crypto is vulnerable to an XML signature manipulation. The vulnerability is due to improper validation of signed XML documents, which allows an attacker to modify a signed XML message while still passing signature verification checks...

Cross-site Scripting (XSS)

modx/revolution is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper file validation due to authenticated users being able to upload SVG files containing malicious JavaScript, which executes in victims' browsers when viewing the profile image...

Arbitrary Command Injection

k8s.io/kubernetes is vulnerable to Arbitrary Command Injection. The vulnerability is due to improper endpoint access control due to the ability of a user to execute arbitrary commands on the host by querying a node's /logs endpoint...

Denial Of Service (DoS)

Azle is vulnerable to a Denial Of Service DoS. The vulnerability is due to an infinite loop of timers triggered by the setTimer function, leading to continuous execution and resource exhaustion, which can render the canister unresponsive...

Arbitrary Code Execution (ACE)

Qiskit is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to unsafe deserialization in the qiskit.qpy.load function, which allows a maliciously crafted QPY file to execute embedded Python code without privilege escalation...

Timing Side-channel Attacks

postquantumfeldmanvss is vulnerable to Timing side-channel attacks. The vulnerability is due to Python's non-constant-time execution model, which causes execution time variations in the findsecurepivot and securematrixsolve functions, allowing attackers to infer secret information through precise...

Deserialization Of Untrusted Data

github.com/cosmos/ibc-go is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to improper deserialization due to non-deterministic behavior when processing acknowledgments, which can halt the chain if exploited by a user opening an IBC channel...

Remote Code Execution (RCE)

graphql-ruby is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe schema loading due to the ability to execute arbitrary code when processing a malicious schema definition using GraphQL::Schema.fromintrospection or GraphQL::Schema::Loader.load from an untrusted source...

Out-of-bounds Read

JSON is vulnerable to an out-of-bounds read. The vulnerability is due to improper handling of specially crafted JSON documents, allowing an attacker to cause a crash or leak sensitive memory contents...

Information Disclosure

net.snowflake, snowflake-jdbc is vulnerable to Information Disclosure. The vulnerability is due to improper logging practices due to the Driver logging the client-side encryption master key locally when the logging level is set to DEBUG during GET/PUT commands, allowing an attacker to retrieve th...

Improper Verification Of Cryptographic Signature

net.i2p.crypto, eddsa, net.i2p, i2p is vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is due to the implementation not satisfying the SUF-CMA property, allowing an attacker to forge alternative valid signatures for a known message...

Denial Of Service

IBC-Go is vulnerable to Denial Of Service. The vulnerability is due to improper handling of JSON unmarshalling for IBC Acknowledgements, allows an attacker to trigger a denial-of-service DoS condition and leads to non-deterministic behavior that can halt the chain...

Authentication Bypass

ruby-saml is vulnerable to Authentication Bypass. The vulnerability is due to inconsistent XML parsing due to differences between ReXML and Nokogiri, allowing attackers to execute a Signature Wrapping attack that can bypass authentication...

Use Of A Cryptographic Primitive With A Risky Implementation

postquantumfeldmanvss is vulnerable to Use of a Cryptographic Primitive with a Risky Implementation. The vulnerability is due to ineffective redundancy checks and timing leaks, allowing an attacker to bypass security mechanisms, extract secret polynomial coefficients, and manipulate commitment...

Cross-Site Scripting (XSS)

@jitbit/htmlsanitizer is vulnerable to cross-site scripting. The vulnerability is due to improper sanitization caused by the code beautifier running after sanitation when used with a contentEditable element, allows an attacker to inject and execute malicious scripts in a victim’s browser...

Information Disclosure

parse-git-config is vulnerable to information disclosure. The vulnerability is due to improper handling of key expansion in the expandKeys function, allows an attacker to obtain sensitive information...

Local Code Execution (LCE)

XPixelGroup BasicSR is vulnerable to local code execution. The vulnerability is due to improper handling of a crafted SLURMNODELIST environment variable when executing "scontrol show hostname", allowing crafted input to influence command execution...

Remote Code Execution (RCE)

github.com/plentico/plenti is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of user-supplied file names in the /postLocal endpoint, allowing arbitrary JavaScript execution...

Authentication Bypass

ruby-saml is vulnerable to Authentication Bypass. The vulnerability is due to a parser differential between ReXML and Nokogiri, allowing an attacker to execute a Signature Wrapping attack and potentially gain unauthorized access...

Out-of-Memory (OOM)

io.smallrye, smallrye-fault-tolerance-core is vulnerable to an out-of-memory OOM. The vulnerability is due to uncontrolled object creation in meterMap when calling the metrics URI, allowing an attacker to trigger excessive memory consumption and cause a denial of service DoS condition...