38326 matches found
Prototype Pollution
tarteaucitron.js is vulnerable to prototype pollution. The vulnerability is due to improper input validation in the addOrUpdate function within the file tarteaucitron.js, which allowed manipulation of JavaScript object prototypes...
Clickjacking
tarteaucitronjs is vulnerable to clickjacking. The vulnerability is due to improper validation of user-controlled CSS inputs for element dimensions, allowing attackers to overlay the viewport with malicious elements...
Arbitrary Code Execution (ACE)
Tarteaucitron.js is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to insufficient URL validation, allowing a user with high privileges to input a URL with an insecure scheme, such as javascript:alert, which could lead to arbitrary JavaScript execution when clicked...
Authentication Bypass
org.graylog2, graylog2-server is vulnerable to Authentication Bypass. The vulnerability is due to HTTP Inputs not correctly rejecting messages when a specified header is missing or has an incorrect value, allowing the message to be ingested despite returning a 401 HTTP response...
Unsafe Deserialization
picklescan is vulnerable to Unsafe deserialization. The vulnerability is due to the ability to exploit built-in functions in the NumPy library that indirectly invoke dangerous functions like exec, allowing execution of arbitrary Python or OS commands...
Deserialization Attack
Picklescan is vulnerable to Deserialization Attack. The vulnerability is due to insecure deserialization by Picklescan's failure to detect malicious pickles, which allows an attacker to exfiltrate sensitive information via DNS...
Server Side Request Forgery (SSRF)
LNbits is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of callback URLs in the LNURL authentication handling functionality, allowing attackers to access internal resources by specifying internal network addresses...
Remote Code Execution (RCE)
Picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient detection of dangerous deserialization behavior due to bypassing security checks by invoking benign built-in functions like timeit.timeit in the reduce method, which are not blacklisted and allow...
SQL Injection
apache-airflow-providers-common-sql is vulnerable to SQL Injection. The vulnerability is due to improper input sanitization due to unescaped input in the partitionclause parameter of SQLTableCheckOperator, allowing authenticated users to inject arbitrary SQL when triggering DAGs...
Missing Authentication For Critical Function
Langflow is vulnerable to Missing Authentication for Critical Function. The vulnerability is due to improper input validation due to unsanitized user input being passed to the /api/v1/validate/code endpoint, allowing arbitrary code execution...
Denial Of Service (DoS)
@apeleghq/asn1-der is vulnerable to Denial of ServiceDoS. The vulnerability is due to incorrect arithmetic in the numBitLen function due to the use of the operator causing negative results for values between 2³¹ and 2³²-1, and attackers can exploit this to trigger an infinite loop and cause a...
Incorrect Authorization
api-platform/core is vulnerable to Incorrect Authorization. The vulnerability is due to improper access control caused by the use of the Relay special node type, which allows bypassing the configured security on an operation...
Command Injection
jupyterlabgit is vulnerable to Command Injection. The vulnerability is due to improper handling of shell command substitution in directory names when using cd through the shell, which allows an attacker to execute arbitrary commands without user consent...
Cross-Site Request Forgery (CSRF)
concrete5/concrete5 is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to insufficient sanitization and addresses not being properly sanitized in the output when a country is not specified. It allows an attacker with limited permissions to glean restricted information,...
Insecure Deserialization
lmdeploy is vulnerable to Insecure Deserialization. The vulnerability is due to unsafe handling in the loadweightckpt of the file lmdeploy/lmdeploy/vl/model/utils.py of the component PT File Handler, allowing local attackers to exploit it...
Remote Code Execution (RCE)
generator-jhipster-entity-audit is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe reflection caused by using Javers as the Entity Audit Framework, which allows malicious classes on the classpath to be exploited through exposed REST endpoints...
Improper Cache Key Handling
api-platform/core is vulnerable to Improper cache key handling. The vulnerability is due to the isCacheKeySafe method not effectively preventing caching when followed by the parent::normalize call, which may allow an attacker to access unauthorized data...
Cross-Site Scripting (XSS)
pgadmin4 is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to lack of input/output encoding when rendering query results, which allows an attacker to execute arbitrary HTML or JavaScript in the victim's browser...
Remote Code Execution (RCE)
pgAdmin4 is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe use of Python's eval function due to unsanitized input in the querycommitted and highavailability parameters on two POST endpoints...
Improper Verification Of Cryptographic Signature
github.com/minio/minio is vulnerable to authorization bypass. The vulnerability is due to improper signature verification due to the ability to use arbitrary secrets to upload objects if the attacker has prior WRITE permissions and access to the access key and bucket name...
Remote Code Execution (RCE)
BentoML is vulnerable to Remote Code Execution RCE. The vulnerability is due to insecure deserialization due to an unsafe code segment in serde.py that allows arbitrary code execution by unauthenticated users...
Cross-Site Scripting (XSS)
react-draft-wysiwyg is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization or escaping of user-provided data in the Embedded button functionality, allowing malicious payloads to be executed when the data is saved in the tag...
Prototype Pollution
expand-object is vulnerable to Prototype Pollution. The vulnerability is due to improper input validation in the expand function in index.js, which expands strings into objects without filtering out sensitive properties like proto, and allows attackers to manipulate object prototypes, potentially...
Buffer Overflow
bigint-bufferr is vulnerable to Buffer Overflow. The vulnerability is due to improper bounds checking in the toBigIntLE function, which allows attackers to cause a buffer overflow and potentially crash the application...
Server Side Request Forgery (SSRF)
spatie/browsershot is vulnerable to Server-side Request Forgery SSRF. The vulnerability is due to a missing restriction on user input in the setUrl function, allowing attackers to access localhost and list its directories...
Missing Authorization
goalgorilla/opensocial is vulnerable to Missing Authorization. The vulnerability is due to missing authorization due to insufficient access control checks that allow unauthorized users to access restricted resources...
Information Disclosure
api-platform/core is vulnerable to Information disclosure. The vulnerability is due to improper handling of exception messages, where non-HTTP exceptions are not sanitized and are directly included in the JSON error response, allows potentially sensitive internal information to be exposed to...
Cross-Site Scripting (XSS)
drupal/core is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper neutralization of input during web page generation, allowing malicious scripts to be executed in the context of a user's browser...
Missing Authorization
goalgorilla/opensocial is vulnerable to Missing Authorization. The vulnerability is due to insufficient access control mechanisms in Open Social, which fail to properly enforce user authorization, allows unauthorized users to bypass restrictions and access sensitive resources through forceful...
Denial Of Service (DoS)
image-size is vulnerable to a Denial of Service vulnerability. The vulnerability is due to an infinite loop due to processing image boxes with size 0, which allows an attacker to cause the application to hang...
Improper Authorization
Jenkins is vulnerable to Improper authorization. The vulnerability is due to missing permission checks in an HTTP endpoint, allowing attackers with only Computer/Create permission to copy an agent and gain unauthorized access to its configuration...
Denial Of Service (DoS)
Django is vulnerable to Denial of Service DoS. The vulnerability is due to inefficient Unicode normalization due to slow NFKC normalization on Windows, which allows attackers to send specially crafted inputs with a large number of Unicode characters to exhaust server resources...
Deserialization Of Untrusted Data
io.jooby, jooby-pac4j is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to insecure deserialization logic in the SessionStoreImplget method, which allows processing of untrusted input...
Server Side Request Forgery (SSRF)
shopxo/shopxo is vulnerable to Server Side Request Forgery SSRF. The vulnerability is due to insufficient input validation and sanitization in multiple places, allowing unauthorized requests and script injection...
Remote Code Execution
@tauri-apps/plugin-shell is vulnerable to Remote Code Execution. The vulnerability is due to insufficient input validation in the /console/dashboard/executorCount?zkClusterKey component, allowing a remote attacker to execute arbitrary code...
SQL Injection
com.vip.saturn, saturn-console is vulnerable to SQL injection. The vulnerability is due to SQL injection due to insufficient input validation in the /console/dashboard/executorCount?zkClusterKey component, allowing remote attackers to execute arbitrary code...
Privilege Escalation
github.com/rancher/rancher is vulnerable to Privilege Escalation. The vulnerability is due to improper access control that allows Restricted Administrators to change the passwords of higher-privileged users without having the Manage Users permission...
Server Side Request Forgery (SSRF)
shopxo/shopxo is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of user-supplied URLs in the Email Settings feature, allows attackers to manipulate the server into making arbitrary requests to internal or external resources...
Server Side Request Forgery (SSRF)
shopxo/shopxo is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of user-supplied URLs in the image upload function, allowing attackers to craft requests that the server executes on their behalf...
Arbitrary Code Execution (ACE)
org.apache.parquet, parquet-avro is vulnerable to Arbitrary Code Execution. The vulnerability is due to unsafe deserialization during schema parsing in the parquet-avro module, which allows bad actors to execute arbitrary code...
Authorization Bypass
org.apache.activemq:artemis-server is vulnerable to Authorization Bypass. The vulnerability is due to improper permission enforcement due to users being able to augment the routing-type of an address without having the necessary createAddress permission, potentially allowing unauthorized message...
Host Header Injection
@react-router/express, @remix-run/express is vulnerable to Host header injection. The vulnerability exists due to improper validation of the Host and X-Forwarded-Host headers, allowing attackers to spoof the request URL by injecting a pathname into the port section of the header...
Object Injection
drupal/core is vulnerable to Object Injection. The vulnerability is due to improperly controlled modification of dynamically-determined object attributes, which allows attackers to inject and manipulate objects within the application...
Authentication Bypass
Apache Pinot is vulnerable to Authentication Bypass. The vulnerability is due to improper request path validation due to the application's failure to enforce authentication when the request path contains a semicolon ; and lacks a forward slash /, allowing unauthorized user creation...
Cross-Site Scripting (XSS)
drupal/core is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper neutralization of user-supplied input during web page generation, which allows malicious scripts to be executed in the context of a user's browser...
Private Data Structure Returned From A Public Method
github.com/apache/answer, is vulnerable to Private Data Structure Returned From A Public Method. The vulnerability is due to the application allowing external content to be loaded without restriction, allowing an attacker to track or identify users by collecting their IP addresses through...
Path Traversal
YesWiki is vulnerable to Path Traversal. The vulnerability is due to insufficient input validation due to improper sanitization of the squelette parameter, allowing unauthorized file read access on the server...
Incorrect Authorization
drupal/core package is vulnerable to Incorrect Authorization. The vulnerability is due to insufficient access controls. This allows forceful browsing in certain core versions, enabling attackers to access restricted resources...
IP Address Spoofing
github.com/phires/go-guerrilla is vulnerable to IP address spoofing. The vulnerability is due to improper enforcement of the PROXY protocol due to the server accepting multiple PROXY commands, allowing clients to override the original IP address...
Remote Code Execution (RCE)
github.com/jaredallard/archives is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper archive parsing due to insufficient validation of specially crafted archive files, which allows an attacker to execute arbitrary code or modify files in the context of the user running...