Cross-Site Scripting (XSS)

org.apache.felix, org.apache.felix.http.webconsoleplugin is vulnerable to cross-site scripting XSS. The vulnerability is due to improper neutralization of user input during web page generation, allowing an attacker to inject and execute malicious scripts in a victim’s browser through improperly...

Information Disclosure

org.apache.nifi, nifi-mongodb-services is vulnerable to information disclosure. The vulnerability is due to the inclusion of MongoDB authentication credentials in NiFi provenance event records, allowing authorized users to access sensitive information...

Session Hijacking

flarum/core is vulnerable to Session Hijacking. The vulnerability is due to improper scoping of cookies, allowing an attacker-controlled subdomain to set cookies for the parent domain...

Improper Hostname Validation

golang.org/x/net is vulnerable to improper hostname validation. The vulnerability is due to improper handling of IPv6 zone IDs in host matching against proxy patterns, allowing an attacker to bypass proxy restrictions and potentially send traffic through unintended network paths...

Improper Authentication

Ratify is vulnerable to Improper Authentication. The vulnerability is due to insufficient registry validation due to the Azure authentication providers failing to verify that the target registry is an Azure Container Registry ACR before exchanging an Entra ID EID token, potentially exposing token...

Improper Authorization

Umbraco.Cms.Api.Management is vulnerable to improper access control. The vulnerability is due to insufficient API access restrictions due to low-privilege authenticated users being able to create and update data type information meant for higher-privilege users...

Incorrect Authorization

Umbraco.Cms.Web.Backoffice is vulnerable to Incorrect Authorization. The vulnerability is due to improper access control due to manipulation of backoffice API URLs, allowing authenticated users to retrieve or delete restricted content...

Privilege Escalation

ASP.NET is vulnerable to Privilege Escalation. The vulnerability is due to improper authentication mechanisms due to insufficient validation, allowing an unauthorized attacker to elevate privileges over a network...

Signature Confusion Attack

simplesamlphp/saml2 is vulnerable to a Signature Confusion Attack. The vulnerability is due to improper validation in the HTTP-Redirect binding, which allows an attacker with any signed SAMLResponse to trick the application into accepting an unsigned message...

Path Traversal

Mock API configuration is vulnerable to Path Traversal. The vulnerability is due to improper handling of user input in templating features, which allows attackers to manipulate file paths and access arbitrary files on the mock server filesystem...

Remote Code Execution (RCE)

promptflowcore is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper isolation caused by a lack of compartmentalization, allowing an unauthorized attacker to execute code over a network...

Arbitrary Code Execution (ACE)

Keras is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to insecure deserialization, where the Model.loadmodel function processes a malicious .keras archive, allowing arbitrary Python modules and functions to be executed by modifying the config.json file...

Remote Denial Of Service (DoS)

ruby-saml is vulnerable to remote Denial of Service DoS. The vulnerability is due to the message size check being performed before decompression, allowing attackers to bypass it using compressed SAML responses...

Account Duplication Via Email Reuse

froxlor/froxlor is vulnerable to Account duplication via email reuse. The vulnerability is due to improper validation of email uniqueness, allowing authenticated users to create multiple accounts with the same email address as existing accounts, potentially leading to security issues...

HTML Injection

froxlor/froxlor is vulnerable to HTML Injection. The vulnerability is due to lack of proper input sanitization and output encoding, allowing malicious HTML payloads to be injected and executed in the customer account portal...

Regular Expression Denial Of Service (ReDoS)

Babel is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to quadratic complexity in the .replace method polyfill when compiling regular expression named capturing groups, allowing an attacker to cause excessive processing time with crafted input...

XML External Entity (XXE) Injection

io.github.robothy:local-s3-rest is vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper XML parsing due to the service resolving external entities in the CreateBucketConfiguration XML document, allowing attackers to perform server-side request forgery SSRF and lea...

Path Equivalence

Apache Tomcat is vulnerable to Path Equivalence. The vulnerability is due to improper handling of internal dot notation in file names due to inadequate validation in the Default Servlet, allowing remote code execution, information disclosure, or unauthorized file modifications when specific...

Arbitrary Code Execution (ACE)

PickleScan is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to PickleScan failing to detect malicious pickle files when specific ZIP file flag bits are modified, allowing attackers to embed harmful pickle files that remain unnoticed while still being loaded by PyTorch’s...

SQL Injection

pimcore/pimcore is vulnerable to SQL injection. The vulnerability is due to improper input sanitization and lack of parameterized queries, allowing an attacker to manipulate database queries, extract sensitive data, modify records, or escalate privileges...

Origin Validation Error

Rembg is vulnerable to Origin Validation Error. The vulnerability is due to improper CORS middleware configuration, which reflects all origins and sets allowcredentials to True, allowing any website to send authenticated cross-site requests to the Rembg server...

Server Side Request Forgery (SSRF)

Rembg is vulnerable to Server Side Request Forgery SSRF. The vulnerability is due to insufficient validation of user-supplied URLs, allowing an attacker to request internal network resources via the /api/remove endpoint...

Insertion Of Sensitive Information Into Log File

github.com/hashicorp/nomad is vulnerable to Insertion of Sensitive Information into Log File. The vulnerability is due to improper logging practices due to workload identity and client secret tokens being recorded in audit logs...

Cross-site Scripting (XSS)

Concrete CMS is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization due to the "Add Folder" functionality allowing a rogue admin to inject XSS payloads as folder names...

Insufficient Verification Of Data Authenticity

PickleScan is vulnerable to Insufficient Verification of Data Authenticity. The vulnerability is due to a discrepancy in filename handling due to differences between ZIP header filenames and directory listing filenames, which allows an attacker to bypass detection by causing PickleScan to crash...

Stored Cross-site Scripting (XSS)

github.com/lf-edge/ekuiper is vulnerable to Stored Cross-site Scripting XSS. The vulnerability is due to improper input validation in the rule id parameter, allowing an attacker with modification rights to inject a malicious payload that executes in the victim's browser when the rule is modified...

Repository Takeover

github.com/go-vela/server is vulnerable to Repository Takeover. The vulnerability is due to improper validation of webhook headers and body data, allowing an attacker to forge requests and transfer repository ownership along with its secrets...

Remote Code Execution (RCE)

plotai is vulnerable to Remote Code Execution RCE. The vulnerability is due to a lack of validation of LLM-generated output, which allows an attacker to execute arbitrary Python code...

Authentication Bypass

github.com/fleetdm/fleet is vulnerable to Authentication Bypass. The vulnerability is due to insufficient validation of SAML authentication assertions, allowing an attacker to forge responses and create unauthorized accounts if Just-In-Time JIT provisioning or MDM enrollment is enabled...

Path Traversal

Rack is vulnerable to Path Traversal. The vulnerability is due to improper input validation due to Rack::Static not correctly sanitizing user-supplied paths, allowing encoded path traversal sequences to access files outside the intended static file directory...

Cross-Site Request Forgery (CSRF)

org.jenkins-ci.main, jenkins-core is vulnerable to Cross-site request forgery CSRF. The vulnerability is due to improper request validation, which allows unauthorized state changes in Jenkins' UI when a user unknowingly triggers a malicious request...

Server-Side Request Forgery (SSRF)

Axios is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper handling of absolute URLs, which causes axios to send requests directly to the specified absolute URL instead of respecting the baseURL, potentially leading to SSRF and exposing sensitive credentials...

Open Redirect

org.jenkins-ci.main, jenkins-core is vulnerable to Open redirect. The vulnerability is due to improper URL validation, allowing redirects starting with backslash characters, which browsers interpret as scheme-relative redirects, enabling phishing attacks...

Prototype Pollution

Vue I18n is vulnerable to Prototype Pollution. The vulnerability is due to improper input handling in the handleFlatJson function, allowing an attacker to modify the global prototype chain, potentially leading to denial of service DoS or more severe injection-based attacks...

Improper Verification Of Cryptographic Signature

dotnet-debugger-extensions, dotnet-dump and dotnet-sos are vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is due to insufficient validation mechanisms, allowing an authorized attacker to execute code over a network...

Double-signing Attack

github.com/strangelove-ventures/horcrux is vulnerable to a double-signing attack. The vulnerability is due to a race condition in signature state handling when two independent events occurring within the same microsecond, allowing unintended duplicate signatures and leads to unintended...

Reflected Cross-Site Scripting (Reflected XSS)

laravel/framework is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to improper encoding of route parameters in the debug-mode error page, allows an attacker to inject and execute malicious scripts in a victim’s browser by tricking them into visiting a...

Denial Of Service (DoS)

pocketmine/pocketmine-mp is vulnerable to a Denial of Service DoS. The vulnerability exists due to the lack of default limits in the explode function, allowing malicious clients to abuse packets and exhaust server resources...

Header Injection

org.apache.camel, camel-support is vulnerable to a Header Injection. The vulnerability is due to insufficient header filtering, where only headers starting with "Camel", "camel", or "org.apache.camel." are blocked, allows attackers to forge header names and manipulate method invocation in the...

Reflected Cross-Site Scripting (Reflected XSS)

laravel/framework is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to improper encoding of request parameters in the debug-mode error page, allowing user input to be reflected without proper sanitization...

Insertion Of Sensitive Information Into Log Files

Ray is vulnerable to the insertion of sensitive information into log files. The vulnerability is due to inadequate log sanitization, allowing sensitive credentials like the Redis password to be recorded in standard logs...

Information Disclosure

Jenkins is vulnerable to information disclosure. The vulnerability is due to improper redaction of encrypted secret values in config.xml when accessed via REST API or CLI, allowing attackers with View/Read permission to retrieve sensitive information...

Reflected Cross-Site Scripting (Reflected XSS)

NocoDB is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to the insecure usage of the EJS template engine, specifically the %- function in resetPassword.ts, which can directly renders unescaped user input, allowing malicious scripts to execute when processed ...

Log Injection

Envoy Gateway is vulnerable to Log Injection. The vulnerability is due to improper log handling due to the use of a default Envoy Proxy access log configuration, allowing attackers to craft user-agent strings that inject and overwrite fields in the access log...

Out-of-bounds Write

ImageSharp is vulnerable to an Out-of-Bounds Write. The vulnerability is due to improper memory handling due to an issue in the GIF decoder, allowing attackers to craft a malicious GIF that causes a crash, potentially leading to a denial of service...

Cleartext Storage Of Sensitive Information

Jenkins is vulnerable to Cleartext Storage of Sensitive Information. The vulnerability is due to improper secret redaction due to config.xml of agents being accessible via the REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted secret values...

Arbitrary File Upload

flowise is vulnerable to an Arbitrary file upload vulnerability. The vulnerability is due to insufficient validation of uploaded files, allowing attackers to upload arbitrary files, which may lead to remote code execution or unauthorized access...

Denial Of Service (DoS)

Django is vulnerable to Denial of Service DoS. The vulnerability is due to inefficient processing due to the django.utils.text.wrap method and wordwrap template filter, which can be exploited using very long strings to cause excessive resource consumption...

Denial Of Service (DoS)

OpenTelemetry.Api is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of tracestate and traceparent headers, allowing an attacker to trigger high CPU usage and degrade application performance...

Denial Of Service (DoS)

org.openidentityplatform.opendj, opendj-server-legacy is vulnerable to a Denial Of Service DoS. The vulnerability is due to an alias loop in the LDAP database, which allows an attacker to make the server unresponsive to all LDAP requests due to infinite alias dereferencing...