38111 matches found
Remote Code Execution (RCE)
org.lucee, lucee is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper XML entity processing in the Lucee REST endpoint, allows an attacker to execute arbitrary code by exploiting improper XML entity processing in the Lucee REST endpoint...
Arbitrary File Upload
redaxo/source is vulnerable to Arbitrary File Upload. The vulnerability is due to insufficient validation of uploaded files in the mediapool/media page, allowing attackers to upload and potentially execute malicious files...
Remote Code Execution (RCE)
DGL is vulnerable to Remote Code Execution RCE.The vulnerability is due to unsafe deserialization due to the use of Python's pickle module for serializing and deserializing network messages, which can allow attackers to execute arbitrary code remotely...
Improper Neutralization
laravel/framework is vulnerable to Improper Neutralization. The vulnerability is due to improper validation enforcement due to the incorrect handling of wildcard validation files., allowing user-crafted malicious requests to bypass file or image validation rules...
Cross-site Scripting (XSS)
redaxo/source is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of the rex-api-result parameter due to insufficient input validation, allowing attackers to inject malicious scripts on the AddOns page...
Remote Code Execution (RCE)
livewire/volt is vulnerable to Remote Code Execution RCE.The vulnerability is due to improper handling of user-crafted request payloads due to inadequate input validation, allowing attackers to execute arbitrary code within Volt components...
Log Injection
Rack is vulnerable to log injection. The vulnerability is due to the Rack::Sendfile middleware logging unsanitized header values from the X-Sendfile-Type header, allowing an attacker to inject escape sequences into logs...
Weak Cryptographic Algorithms
gov.nsa.emissary, emissary is vulnerable to weak cryptographic algorithms. The vulnerability is due to the use of weak cryptographic algorithms e.g., SHA-1, CRC32, and SSDEEP in the ChecksumCalculator class, which can be exploited to generate hash collisions or compromise data integrity...
Server-side Template Injection (SSTI)
spacyllm is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to improper input validation in the template field, allowing attackers to execute Remote Code Execution RCE by injecting a crafted payload...
Insecure Direct Object Reference (IDOR)
github.com/zitadel/zitadel is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient access control in the Admin API, allowing authenticated users without specific IAM roles to modify sensitive settings...
Stored Cross-site Scripting (XSS)
github.com/matrix-org/pinecone is vulnerable to stored Stored Cross-site Scripting XSS. The vulnerability is due to improper sanitization of user input, allowing malicious scripts to be stored and later executed when accessed by users...
Sandbox Bypass
Jinja is vulnerable to sandbox bypass. The vulnerability is due to an oversight in how the Jinja sandboxed environment interacts with the |attr filter, allowing attackers to execute arbitrary code execution ACE by bypassing the sandbox's attribute lookup...
Brute-force Attack
org.wildfly.core, wildfly-elytron-integration is vulnerable to Brute-force Attack. The vulnerability is due to the lack of rate limiting on failed authentication attempts via CLI, allows attackers to perform multiple failed authentication attempts within a short time frame due to the lack of rate...
Username Enumeration
Flask-AppBuilder is vulnerable to Username Enumeration. The vulnerability is due to differences in server response time when brute forcing login requests, allowing unauthenticated users to enumerate existing usernames...
Unauthorized Account Takeover
oxidized-web is vulnerable to Unauthorized Account takeover. The vulnerability is due to missing authentication in the RANCID migration page, allowing an unauthenticated user to gain control over the Linux user account running oxidized-web...
Denial Of Service (DoS)
CGI is vulnerable to Denial of Service DoS. The vulnerability is due to the lack of a length limit on raw cookie values in the CGI::Cookie.parse method, allowing excessively large cookies to consume system resources...
Cross-site Scripting
Stage.js is vulnerable to Cross-site Scripting. The vulnerability is due to improper handling of the global DOM namespace, allowing attacker-injected HTML elements to shadow the document.currentScript lookup and unintended element properties to override JavaScript variables...
Authentication Bypass
github.com/minio/minio is vulnerable to Authentication bypass. The vulnerability is due to improper enforcement of SSH key validation when using LDAP as an external identity provider, allowing unauthorized access if the sshPublicKey attribute is missing...
Uncontrolled Resource Consumption
github.com/jasonlovesdoggo/abacus is vulnerable to a goroutine leak. The vulnerability is due to improper resource cleanup due to the server failing to terminate goroutines when clients disconnect from the /stream endpoint, leading to resource exhaustion and degraded service...
Cross-site Scripting (XSS)
openmage/magento-lts LTS is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input validation due to the ability to execute scripts in the admin panel, potentially leading to XSS attacks against authenticated admin users...
Incorrect Authorization
WSO2 is vulnerable to Incorrect Authorization. The vulnerability is due to improper authorization checks due to the ability to access protected APIs using a refresh token instead of an access token, potentially allowing prolonged unauthorized access to API resources...
Weak Password Hashing
Manifest is vulnerable to Weak Password Hashing. The vulnerability is due to improper password hashing due to the use of SHA3 without a salt, making user passwords more susceptible to cracking if an attacker gains access to the database...
Authentication Bypass
github.com/ryanbekhen/nanoproxy is vulnerable to Authentication Bypass. The vulnerability is due to the use of an outdated version of golang.org/x/crypto, which may contain unresolved security flaws, allows attackers could exploit weaknesses such as weak cryptographic algorithms...
Improper Privilege Management
org.apache.streampipes, streampipes-parent is vulnerable to improper privilege management. The vulnerability is due to missing or improper access control checks in the REST interface, allowing unauthorized access to resources when the resource ID is known...
Remote Code Execution
Picklescan is vulnerable to Remote Code Execution. The vulnerability is due to improper restriction of dangerous globals, allowing an attacker to craft a malicious model that executes pip.main to install and execute malicious packages...
DOM Clobbering
PrismJS is vulnerable to DOM Clobbering. The vulnerability is due to attacker-injected HTML elements shadowing the document.currentScript lookup, allowing an attacker to potentially leads to Cross-Site Scripting XSS...
Authentication Credential Leakage
URI is vulnerable to authentication credential leakage. The vulnerability is due to improper sanitization of userinfo in URI handling methods, allowing an attacker to extract credentials and potentially gain unauthorized access...
Local File Inclusion (LFI)
io.pebbletemplates:pebble is vulnerable to Local File Inclusion LFI. The vulnerability is due to improper access control due to the include tag allowing high-privileged attackers to access sensitive local files by crafting malicious notification templates...
Denial Of Service (DoS)
getformwork/formwork is vulnerable to a Denial of Service DoS. The vulnerability is due to improper input validation due to select fields allowing crafted inputs that crash the system, resulting in a 500 status and making the site and administration panel unavailable...
Cross-site Scripting (XSS)
getformwork/formwork is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization due to the site title field allowing JavaScript tags, which can be used to attack all system members...
Regular Expression Denial Of Service (ReDoS)
CGI is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression processing in the UtilescapeElement method, allowing an attacker to cause denial of service through excessive backtracking with crafted input...
Denial Of Service (DoS)
github.com/cosmos/ibc-go is vulnerable to Denial Of Service DoS. The vulnerability is due to improper deserialization of IBC acknowledgements, allowing an attacker to halt the chain by introducing a non-deterministic state...
Control Character Injection
Mongosh is vulnerable to Control Character Injection. The vulnerability is due to improper input handling due to an attacker controlling the autocompletion feature, allowing the execution of obfuscated malicious text when a user presses ‘tab’ to autocomplete input...
Cross-Site Scripting (XSS)
Seajs is vulnerable to Cross-Site Scripting. The vulnerability is due to improper input sanitization in the seajs package, allowing users to inject scriptless HTML tags with unsanitized name attributes...
CSV Injection
org.apache.ranger, security-admin-web is vulnerable to CSV Injection. The vulnerability is due to improper neutralization of formula elements due to insufficient sanitization of exported CSV data, allowing malicious formulas to execute when opened in a spreadsheet application...
Cross-site Scripting
Mavo is vulnerable to Cross-site Scripting. The vulnerability is due to improper handling of HTML elements, allowing attackers to inject a crafted element and execute arbitrary code...
Cross-site Scripting
Tsup is vulnerable to DOM Clobbering. The vulnerability is due to DOM Clobbering caused by a crafted script in the import.meta.url to document.currentScript in cjsshims.js components...
Improper Input Validation
picklescan is vulnerable to Improper Input Validation. The vulnerability is due to improper validation of file extensions, allowing an attacker to include a malicious pickle file with a non-standard extension that bypasses security checks...
Server Side Request Forgery (SSRF)
github.com/usememos/memos is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of user-supplied URLs, which allows an attacker to perform SSRF attacks...
Arbitrary File Upload
mautic/core is vulnerable to Arbitrary File Upload. The vulnerability is due to improper input validation and insufficient path restrictions, allowing users to upload files to unintended directories outside the designated temporary directory...
Improper File Permissions
spotipy is vulnerable to Improper File Permissions. The vulnerability is due to insecure default file permissions that allow unauthorized users to read the Spotify auth token...
Local Privilege Escalation
Mongosh is vulnerable to local privilege escalation. The vulnerability is due to improper handling of library loading paths, where mongosh searches for and executes files from C:\nodemodules\ without proper validation, allowing an attacker to place a malicious file and gain elevated privileges...
Improper Neutralization
Mongosh is vulnerable to Improper Neutralization. The vulnerability is due to improper input sanitization due to an attacker being able to manipulate a user's clipboard, leading to the pasting of obfuscated malicious code that is executed in mongosh...
Improper Neutralization
Mongosh is vulnerable to Improper Neutralization. The vulnerability is due to improper output sanitization due to an attacker being able to inject control characters into shell output, potentially displaying falsified messages that mislead users into executing unsafe actions...
Stack Overflow
github.com/rancher/rancher is vulnerable to Stack Overflow. The vulnerability is due to improper input handling in Rancher’s /v3-public/authproviders API endpoint, which allows a malicious user to trigger a stack overflow, leading to a crash and denial of service DoS...
Improper Access Control
Rancher is vulnerable to Improper Access Control. The vulnerability is due to improper access due to unauthenticated users being able to list and delete CLI authentication tokens before they can be retrieved, preventing CLI-based login for SAML-authenticated users...
Improper Authentication
Rancher is vulnerable to Improper Authentication. The vulnerability is due to improper validation of SAML assertion data due to Rancher trusting and using unvalidated values in authentication cookies, allowing attackers to manipulate session data and escalate privileges...
Improper Authorization
mautic/core is vulnerable to Improper Authorization. The vulnerability is due to improper enforcement of access controls, allowing any authenticated user to bypass reporting permissions and access all reports via the API...
DOM-based Cross-site Scripting (XSS)
copyparty is vulnerable to DOM-based cross-site scripting. The vulnerability is due to improper handling of maliciously named files during drag-and-drop actions in the Web UI, allowing arbitrary JavaScript execution...
Denial Of Service (DoS)
io.quarkus, quarkus-resteasy is vulnerable to Denial Of Service DoS. The vulnerability is due to improper resource management, where a buffer is not correctly released when a client request times out. It allows an attacker to trigger memory leaks by sending multiple client requests with low...