38467 matches found
Mass Assignment
Flowise is vulnerable to Mass Assignment. The vulnerability is due to insufficient validation and authorization checks in the evaluator create and update operations, where authenticated users can modify server-controlled properties to take over evaluators across workspaces...
Path Traversal
github.com/openclaw/crabbox is vulnerable to path traversal. The vulnerability is due to improper validation of workspace path resolution in the Islo provider, which allows an attacker to supply crafted absolute or relative paths through a malicious .crabbox.yaml or crabbox.yaml file to perform...
Denial Of Service (DoS)
OpenClaw is vulnerable to a Denial Of Service DoS. The vulnerability is due to improper validation of oversized frames in the voice-call realtime WebSocket path, which allows a remote attacker to send oversized WebSocket frames and cause service unavailability...
Improper Access Control
Fission is vulnerable to improper access control. The vulnerability is due to the router automatically registering internal function routes without validating associated HTTPTrigger restrictions, which allows an attacker to invoke arbitrary functions directly by guessing the function name and...
Authorization Bypass
9router is vulnerable to Authorization Bypass. The vulnerability is due to improper authorization handling in the Administrative API endpoint /api, which allows an attacker to bypass access controls and perform unauthorized actions remotely...
Prototype Pollution
parseFormData is vulnerable to Prototype Pollution. The vulnerability is due to improper filtering of reserved property keys in bracket and dot-notation FormData field parsing, which allows an attacker to modify Object.prototype and pollute the prototype chain of application objects...
Remote Code Execution (RCE)
9router is vulnerable to Remote Code Execution RCE. The vulnerability is due to missing authentication checks on /api/cli-tools/ and /api/mcp/ endpoints, which allows an attacker to chain unauthenticated API calls and execute arbitrary OS commands remotely...
Denial Of Service (DoS)
@libp2p/gossipsub is vulnerable to Denial of Service DoS. The vulnerability is due to missing limits on subscription entries, unbounded topic handling, and failure to clean up empty topic sets, which allows an attacker to exhaust Node.js heap memory and crash the process through crafted...
XML Injection
samlify is vulnerable to XML injection. The vulnerability is due to improper escaping of user-controlled values inserted into XML element text, where unescaped attribute values can inject additional SAML attributes into signed assertions, allowing attackers to escalate privileges by adding truste...
Remote Code Execution (RCE)
@penpot/mcp is vulnerable to Remote Code Execution RCE. The vulnerability is due to an unauthenticated /execute endpoint exposed on all network interfaces, which allows an attacker to remotely execute arbitrary JavaScript code on the server...
Arbitrary Code Injection
Froxlor is vulnerable to Arbitrary Code Injection. The vulnerability is due to improper escaping of single quotes in PhpHelper::parseArrayToString, which allows an attacker to inject arbitrary PHP code through the privilegeduser parameter that gets executed on subsequent requests...
SQL Injection
XWiki Full Calendar Macro is vulnerable to SQL Injection. The vulnerability is due to a SQL injection vulnerability by accessing database info or starting a DoS attack, where users with the right to view the Calendar.JSONService page including guest users can exploit this issue and access databas...
Authorization Bypass
Kyverno is vulnerable to Authorization Bypass. The vulnerability is due to a critical authorization boundary bypass in namespaced Kyverno Policy apiCall, where the resolved urlPath is executed using the Kyverno admission controller ServiceAccount, with no enforcement that the request is limited t...
LFS Object Overwrite
Gogs is vulnerable to LFS object overwrite. The vulnerability is due to overwritable LFS objects across different repositories, where attackers can manipulate the uploaded file like injecting backdoor, and Gogs does not verify uploaded LFS file content against its claimed SHA-256...
Improper Authentication
Shopware is vulnerable to Improper Authentication. The vulnerability is due to insufficient validation and binding of shop installations to their original domains during app re-registration, which allows an attacker to hijack app communication and obtain API credentials intended for legitimate...
Remote Code Execution (RCE)
statamic/cms is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe execution of user-controlled Antlers template content in Antlers-enabled inputs, which allows an attacker with authenticated control panel access to execute arbitrary code in the application context...
Cross-site Scripting (XSS)
ci4-cms-erp/ci4ms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization and output encoding of user-controlled post data in the Menu Management functionality, which allows an attacker to inject malicious scripts that execute in administrative dashboards and...
Cross-site Scripting (XSS)
PrestaShop is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user-supplied email input in the Contact Us form, which allows an attacker to inject malicious scripts that execute when a back-office employee views the customer service thread...
Improper Access Control
getgrav/grav-plugin-api is vulnerable to Improper Access Control. The vulnerability is due to an insecure direct object reference and flawed permission update logic in UsersController::update, which allows an attacker to escalate privileges to Super Administrator and gain full system access...
SQL Injection
elFinder is vulnerable to SQL injection. The vulnerability is due to insufficient validation of file hash values in the MySQL volume driver, where a crafted target file hash is incorporated into SQL queries without proper sanitization, allowing authenticated attackers to disclose data or cause a...
Local File Inclusion
Yii 2 is vulnerable to local file inclusion LFI. The vulnerability is due to improper handling of user-controlled parameters in View::renderPhpFile, where the file parameter can overwrite the internal file path before inclusion, allowing attackers to include arbitrary local files and potentially...
Server-Side Template Injection (SSTI)
OpenMRS is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to improper handling of user-controlled input in Velocity templates within ConceptReferenceRange, which allows an attacker to inject template expressions and execute arbitrary code...
Resource Exhaustion
XWiki Platform is vulnerable to Resource Exhaustion. The vulnerability is due to missing query limits in REST API endpoints that enumerate database list properties, which allows an attacker to exhaust server resources by triggering large unbounded queries on large wiki instances...
Stored Cross-Site Scripting (XSS)
nukeviet/nukeviet is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to insufficient server-side input sanitization in the Request class, which relies primarily on client-side filtering, allowing an attacker to bypass validation by modifying HTTP requests and inject...
Stored Cross-Site Scripting
XWiki Blog Application is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper escaping of blog post titles before insertion into the HTML tag, allowing attackers with blog editing permissions to inject malicious JavaScript that executes in the browser of users...
Improper Certificate Validation
rancher is vulnerable to Improper Certificate Validation. The vulnerability is due to the Rancher CLI automatically retrieving and trusting CA certificates from Rancher’s cacerts setting when the -skip-verify flag is used without the --cacert flag, potentially allowing attackers to influence...
XML External Entity (XXE) Injection
ome, pom-bio-formats is vulnerable to XML External Entity XXE Injection. The vulnerability is due to insecure configuration of DocumentBuilderFactory while parsing Leica XML metadata files, which allows an attacker to perform SSRF, access local resources, or trigger denial of service through...
Cross-site Scripting (XSS)
Gogs is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of data: URI schemes in comments and issue descriptions, which allows an attacker to inject and execute arbitrary JavaScript through malicious links...
Information Exposure
Spring Cloud Config is vulnerable to Information Exposure. The vulnerability is due to improper validation of requests when using Google Secrets Manager as a backend, which allows an attacker to craft requests that expose secrets from unintended GCP projects...
Improper Cleanup Of Namespace Data
OpenBao is vulnerable to improper cleanup of namespace data.The vulnerability is due to incomplete cleanup when retries occur after an initial namespace deletion failure, which allows an attacker to potentially retain access to outstanding leases or leave residual storage entries that should have...
Path Traversal
Hugo is vulnerable to Path Traversal. The vulnerability is due to unrestricted execution of Node-based asset pipeline tools such as PostCSS, Babel, and TailwindCSS during site builds, allowing code from untrusted sites to read or write files outside the project's working directory when processed ...
Improper Authentication
github.com/QuantumNous/new-api is vulnerable to Improper Authentication. The vulnerability is due to insufficient validation of Stripe webhook events, which allows an attacker to forge webhook requests and fraudulently credit quota to an account without making a payment...
Filter Expression Injection
Spring AI is vulnerable to Filter Expression Injection. The vulnerability is due to insufficient sanitization of document IDs in MilvusVectorStoredoDeleteList, where attacker-controlled IDs are incorporated into Milvus filter expressions, allowing injection of malicious query conditions that can...
Directory Traversal
OpenMRS Core is vulnerable to Directory Traversal. The vulnerability is due to improper validation and normalization of ZIP archive entry paths during module extraction, which allows an attacker to write arbitrary files outside the intended directory and achieve remote code execution...
Race Condition
Spring Cloud Config Server is vulnerable to Race Condition. The vulnerability is due to a Time-of-Check Time-of-Use TOCTOU issue in handling the Git repository base directory spring.cloud.config.server.git.basedir, where attackers may manipulate filesystem state between validation and use,...
Arbitrary File Read
Portainer Community Edition is vulnerable to Arbitrary File Read. The vulnerability is due to improper handling of symbolic links in Git-backed stack repositories, where symlinked stack files are created without validation and later followed during file reads, allowing authenticated attackers to...
Remote Code Execution (RCE)
Dalfox is vulnerable to Remote Code Execution RCE. The vulnerability is due to unauthenticated deserialization of user-controlled scan options in the REST API server mode, which allows an attacker to supply arbitrary shell commands that are executed on the host when a scan finding is triggered...
SQL Injection
github.com/ory/hydra is vulnerable to SQL Injection. The vulnerability is due to flaws in the pagination token implementation in the listOAuth2Clients, listOAuth2ConsentSessions, and listTrustedOAuth2JwtGrantIssuers Admin APIs, which allows an attacker who knows the pagination or system secret to...
Secret Key Exposure
Pyroscope is vulnerable to Secret Key Exposure. The vulnerability is due to improper exposure of Tencent COS storage backend configuration values through the Pyroscope API, allowing attackers with API access to retrieve the secretkey used for cloud storage authentication...
Path Traversal
github.com/go-git/go-billy is vulnerable to path traversal. The vulnerability is due to insufficient path sanitization and boundary enforcement across multiple components, which allows an attacker to use crafted paths such as .. to escape the intended base directory and access unintended filesyst...
Arbitrary File Write And Deletion
github.com/go-acme/lego is vulnerable to arbitrary file write and deletion. The vulnerability is due to improper validation of the HTTP-01 challenge token in the webroot challenge provider, which allows a malicious ACME server to supply crafted ../ path traversal sequences and write or delete fil...
Path Traversal
org.openmrs.web, openmrs-web is vulnerable to Path Traversal. The vulnerability is due to improper path boundary validation in the /openmrs/moduleResources/moduleid endpoint, where user-controlled input is concatenated into filesystem paths without normalization or restriction checks, which allow...
Improper Authentication
github.com/pocketbase/pocketbase is vulnerable to Improper Authentication. The vulnerability is due to flawed OAuth2 account auto-linking logic, which allows an attacker who knows a victim's email address to pre-create an unverified account that is later automatically linked and verified when the...
Path Traversal
Alist is vulnerable to Path Traversal. The vulnerability is due to insufficient validation of filename components in multiple file operation handlers, which allows an authenticated attacker to inject path traversal sequences to bypass directory-level authorization and perform unauthorized file...
Authentication Bypass
github.com/gravitl/netmaker is vulnerable to Authentication Bypass. The vulnerability is due to the VerifyHostToken function failing to validate JWT signatures when verifying host tokens, which allows an attacker to forge a JWT signed with an arbitrary key and impersonate any host in the network ...
Information Disclosure
Free5GC is vulnerable to Information Disclosure. The vulnerability is due to improper request handling in the UDR endpoint GET /nudr-dr/v2/application-data/influenceData/subs-to-notify, where error responses for missing or malformed parameters do not terminate execution. As a result, processing...
Server-Side Request Forgery
github.com/quantumnous/new-api, is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to incomplete SSRF protection that fails to block the unspecified address 0.0.0.0, allowing authenticated users to bypass private-IP filtering and force the server to make requests to...
Server-Side Request Forgery
esm.sh is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation in the /https fetch route, where localhost and internal network protections rely on hostname string checks that can be bypassed using DNS alias domains, allowing attackers to induce...
Remote Code Execution (RCE)
Yoke is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient validation of the overrides.yoke.cd/flight annotation in the Air Traffic Controller ATC component, where attacker-controlled URLs are used to download and execute arbitrary WASM modules. This allows users wi...
Implicit Bearer Token Injection
github.com/kyverno/kyverno is vulnerable to Implicit Bearer Token Injection. The vulnerability is due to the apiCall service helper automatically injecting the Kyverno controller's Authorization: Bearer service account token into outbound requests when no authorization header is explicitly...