Directory Traversal

org.springframework.cloud, spring-cloud-config-server is vulnerable to a Directory Traversal. The vulnerability is due to improper validation of specially crafted URL paths in the spring-cloud-config-server module, which allows an attacker to perform a directory traversal attack and access...

Authorization Bypass

github.com/juju/juju is vulnerable to Authorization Bypass. The vulnerability is due to insufficient authorization checks in the Controller facade CloudSpec API method, which allows a low-privileged authenticated attacker to access sensitive cloud credentials...

Path Traversal

org.eclipse.basyx:basyx.sdk is vulnerable to Path Traversal. The vulnerability is due to inadequate path normalization of the fileName parameter in the Submodel HTTP API, which allows an attacker to write arbitrary files to the host filesystem and potentially execute malicious code...

Embedded Malicious Code

@tanstack/ packages are vulnerable to Embedded Malicious Code. The vulnerability is due to misconfigured GitHub Actions workflows and cache poisoning weaknesses that allowed attackers to extract OIDC tokens and publish malicious package versions under a trusted identity...

Information Exposure

follow-redirects is vulnerable to Information Exposure. The vulnerability is due to improper filtering of custom authentication headers during cross-domain redirects, which allows an attacker to obtain sensitive credentials forwarded to unintended domains...

Improper Memory Buffer Handling

uuid is vulnerable to Improper Memory Buffer Handling. The vulnerability is due to missing validation of buffer size and offset values during UUID generation, which allows an attacker to trigger silent partial writes into caller-provided buffers...

Directory Traversal

SiYuan is vulnerable to Directory Traversal. The vulnerability is due to improper handling of double URL decoding in the serveExport function, which allows an attacker to use double-encoded traversal sequences to read arbitrary files from the workspace...

Improper Authentication

openvpn-auth-oauth2 is vulnerable to Improper Authentication. The vulnerability is due to improper handling of authentication logic in experimental plugin mode, which allows unsupported clients to bypass authentication checks and gain unauthorized VPN access...

SQL Injection

SiYuan is vulnerable to SQL Injection. The vulnerability is due to direct execution of user-supplied SQL statements in the /api/search/fullTextSearchBlock endpoint without authorization or validation checks, which allows an attacker to execute arbitrary SQL commands against the database...

Directory Traversal

SiYuan is vulnerable to Directory Traversal. The vulnerability is due to improper validation of file paths in the /export endpoint, which allows an attacker to use double-encoded traversal sequences to read arbitrary files and obtain sensitive information...

Cross-site Scripting (XSS)

SiYuan is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper escaping of attacker-controlled content in SVG output generated by the dynamic icon API endpoint, which allows an attacker to inject and execute malicious JavaScript through crafted URLs...

Server-Side Request Forgery (SSRF)

Grav is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to unsafe processing of Twig templates with undefined PHP function registration enabled, which allows an attacker to trigger unauthorized server-side requests...

Java Deserialisation

net.sf.jasperreports, jasperreports is vulnerable to Java Deserialization. The vulnerability is due to insecure deserialization of untrusted input, which allows an attacker to remotely execute arbitrary code on systems using the affected library...

Path Traversal

elijaa/phpmemcacheadmin is vulnerable to Path Traversal. The vulnerability is due to improper validation of user-supplied input, which allows an attacker to exploit path traversal techniques to delete files stored on the server...

SameSite Cookie Vulnerability

kimai/kimai is vulnerable to SameSite cookie vulnerability. The vulnerability is due to improper cookie handling and insufficient SameSite protection in session management, which allows an attacker to exploit crafted PHP scripts to capture session cookie information and perform potential session...

Remote Code Execution (RCE)

facturascripts/facturascripts is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation of file paths within uploaded ZIP archives, which allows an attacker to overwrite arbitrary files and execute malicious code through a Zip Slip attack...

SQL Injection

LiteLLM is vulnerable to SQL Injection. The vulnerability is due to unsafe inclusion of caller-supplied API key values directly into database queries during proxy API key checks, which allows an attacker to read or modify database contents through crafted Authorization headers...

Credential Harvesting Functionality

pytorchlightning is vulnerable to credential harvesting functionality. The vulnerability is due to the introduction of functionality in versions 2.6.2 that is consistent with a credential harvesting mechanism, which allows an attacker to capture or misuse sensitive credentials through malicious...

Deserialization Of Untrusted Data

Ray is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to Ray Data globally registering custom Arrow extension types and passing metadata bytes directly to cloudpickle.loads during PyArrow schema parsing, which allows an attacker to achieve arbitrary code execution by...

Path Traversal

yard is vulnerable to Path Traversal. The vulnerability is due to insufficient sanitization of HTTP request paths in the yard server component, which allows an attacker to craft malicious requests that access arbitrary files on the host system outside the intended documentation directory...

Improper Origin Validation

Jupyter Server is vulnerable to improper origin validation. The vulnerability is due to the use of Python’s re.match for Origin header validation, which allows an attacker to bypass CORS origin restrictions by using a malicious domain that starts with a trusted domain name...

Remote Code Execution (RCE)

LiteLLM is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe rendering of user-supplied prompt templates in the POST /prompts/test endpoint without sandboxing, allowing authenticated users to execute arbitrary code within the LiteLLM Proxy process and potentially access...

CRLF Injection

net-imap is vulnerable to CRLF Injection. The vulnerability is due to improper sanitization of Symbol arguments passed to IMAP commands, which allows an attacker to inject CRLF sequences and execute unintended IMAP commands by supplying crafted input...

Authorization Bypass

CKAN is vulnerable to Authorization Bypass. The vulnerability is due to improper authorization enforcement in datastoresearchsql, allowing attackers to bypass access controls and retrieve data from private resources as well as PostgreSQL system information...

Path Traversal

Mako is vulnerable to Path Traversal. The vulnerability is due to inconsistent slash-stripping behavior in TemplateLookup.gettemplate, where URIs beginning with // can bypass path restrictions and access arbitrary files outside the intended template directory, allowing disclosure of files readabl...

Improper Certificate Validation

CKAN is vulnerable to Improper Certificate Validation. The vulnerability is due to insufficient validation of SMTP server certificates, allowing attackers to spoof the configured mail server using invalid or self-signed certificates and enabling man-in-the-middle attacks against email traffic and...

Server-Side Request Forgery

Weblate is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to missing validation of repository URLs during project backup import, where Component.objects.bulkcreate bypasses Django fullclean validation and allows attacker-controlled repository URLs to be written into...

SQL Injection

CKAN is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of input in datastoresearchsql, which allows an attacker to inject arbitrary SQL queries and gain access to private resources and PostgreSQL system information...

Server-Side Request Forgery (SSRF)

PlaywrightCapture is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient restrictions on navigations and resource requests initiated by rendered pages, which allows an attacker to abuse browser-side redirection mechanisms to access local files file:// or reque...

Remote Code Execution (RCE)

dedoc/scramble is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe evaluation of user-controlled input during documentation generation, which allows an attacker to execute arbitrary PHP code in the application context...

Code Generation Literal Injection

Kiota is vulnerable to code generation literal injection. The vulnerability is due to insufficient context-aware escaping of malicious values from OpenAPI descriptions during source code generation, which allows an attacker to inject arbitrary code into generated client applications by supplying ...

Authorization Bypass

com.arcadedb, arcadedb-server is vulnerable to Authorization Bypass. The vulnerability is due to improper initialization of access controls and missing security configuration during database creation, which allows an attacker to bypass database and record-level authorization restrictions...

HTTP Header Injection

io.netty, netty-handler-proxy is vulnerable to HTTP Header Injection. The vulnerability is due to improper validation of user-supplied outbound headers in the HttpProxyHandler CONNECT request construction, which allows an attacker to inject arbitrary HTTP headers into requests sent to the proxy...

Command Injection

github.com/gotenberg/gotenberg is vulnerable to Command Injection. The vulnerability is due to lack of validation of JSON metadata keys passed to ExifTool, which allows an attacker to inject arbitrary ExifTool arguments and execute operating system commands...

Information Exposure

microsoft/kiota-java is vulnerable to Information Exposure. The vulnerability is due to the RedirectHandler middleware failing to remove sensitive HTTP headers such as Cookie, Proxy-Authorization, and custom headers when following redirects to a different host or scheme, which allows an attacker ...

Man-in-the-middle

Apache Airflow is vulnerable to Man-in-the-middle. The vulnerability is due to the lack of certificate validation when using the SMTP provider SmtpHook, where a man-in-the-middle between the Airflow worker and the SMTP server could present a self-signed certificate and capture the SMTP credential...

Command Injection

Click is vulnerable to Command Injection. The vulnerability is due to improper handling of user-controlled input in the click.edit function, allowing attackers to inject and execute arbitrary operating system commands from an unprivileged account...

Improper Authorization

github.com/mattermost/mattermost-server is vulnerable to improper authorization. The vulnerability is due to insufficient validation of team membership permissions in the Add Channel Member API, which allows an attacker to exploit the API endpoint to access user metadata and channel membership...

Improper Access Control

Apollo Federation is vulnerable to improper access control. The vulnerability is due to improper enforcement of user-defined access control directives on interface types and fields, which allows an attacker to bypass access restrictions by querying implementing object types and fields through...

Insecure Direct Object Reference (IDOR)

File Browser is vulnerable to an Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient authorization checks in the share deletion functionality, which allows an authenticated attacker with share permissions to delete other users’ shared links by exploiting improper acces...

Improper Authentication

github.com/mattermost/mattermost-server is vulnerable to improper authentication. The vulnerability is due to the failure to enforce multi-factor authentication on WebSocket connections, which allows an unauthenticated attacker to access sensitive information through WebSocket events...

Remote Code Execution

Sonatype Nexus Repository is vulnerable to Remote Code Execution. The vulnerability is due to a flaw in the task management component, where an authenticated attacker with task creation permissions can bypass the nexus.scripts.allowCreation security control and execute arbitrary code...

Denial Of Service (DoS)

brace-expansion is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of brace patterns with a zero step value, which allows an attacker to trigger infinite loops and excessive memory consumption...

Uncontrolled Recursion

@nestjs/microservices is vulnerable to Uncontrolled Recursion. The vulnerability is due to recursive processing of multiple JSON messages in a single TCP frame without proper recursion limits, which allows an attacker to trigger a stack overflow and crash the application...

Path Traversal

ServiceStack is vulnerable to Path Traversal. The vulnerability is due to improper validation of user-supplied paths in the FindType method, which allows an attacker to manipulate file operations and execute arbitrary code...

Denial Of Service

Apache Neethi is vulnerable to Denial of Service DoS. The vulnerability is due to algorithmic complexity in the policy normalization process, where specially crafted WS-Policy documents trigger exponential Cartesian cross-product expansion, leading to excessive memory allocation and JVM heap...

Insecure Deserialization

pdfminer.six vulnerable to insecure deserialization. The vulnerability is due to the unsafe use of Python pickle for deserializing CMap cache files without proper validation, which allows an attacker to place a malicious pickle file in an accessible location and execute arbitrary code or escalate...

Server-Side Request Forgery (SSRF)

Apache Neethi is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to lack of validation of URIs in the PolicyReference API, allowing applications to fetch policies from arbitrary protocols or internal addresses, enabling attackers to trigger outbound requests to internal o...

Denial Of Service

Apache Neethi is vulnerable to Denial of Service.The vulnerability is due to improper handling of circular references during policy normalization, where recursive policy references are not detected, leading to infinite loops or excessive recursion that can cause stack overflow or application hang...

Unsafe Deserialization

Apache MINA is vulnerable to Unsafe Deserialization. The vulnerability is due to delayed enforcement of the classname allowlist in AbstractIoBuffer.getObject, where deserialization via ObjectInputStream.readObject occurs before validation, allowing execution of static initializers in malicious...