Lucene search
K
VeracodeRecent

38326 matches found

Veracode
Veracode
•added 2025/04/10 4:36 a.m.•5 views

Cross-Site Scripting (XSS)

publifycore is vulnerable to cross-site scripting XSS. The vulnerability is due to improper input sanitization in the redirect functionality, allowing a publisher to execute scripts in an administrator's browser...

5.4CVSS6.2AI score0.00242EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2025/04/10 4:35 a.m.•12 views

Path Traversal

tar-fs is vulnerable to Path Traversal. The vulnerability is due to improper validation of symbolic links and pathnames during tar file extraction, which allows attackers to escape the target extraction directory and write files to arbitrary locations on the file system...

7.5CVSS7.2AI score0.02186EPSS
Exploits2References4Affected Software1
Veracode
Veracode
•added 2025/04/09 5:57 p.m.•4 views

Cross-site Scripting (XSS)

github.com/beego/beego is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper HTML escaping due to user-controlled data not being sanitized in the RenderForm function...

9.6CVSS6AI score0.00568EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2025/04/09 8:22 a.m.•6 views

Regular Expression Denial Of Service

uptime-kuma is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regex processing due to catastrophic backtracking triggered by crafted input during notification creation via the web service...

7AI score
Exploits0
Veracode
Veracode
•added 2025/04/09 4:28 a.m.•4 views

Out Of Memory Error

org.infinispan, infinispan-query is vulnerable to a Out Of Memory Error. The vulnerability is due to lack of proper memory handling when processing large POST requests, allows continual requests to trigger buffer leaks and memory exhaustion...

6.5CVSS6.8AI score0.00445EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/04/09 4:27 a.m.•8 views

Path Traversal

org.noear:solon-view is vulnerable to path traversal. The vulnerability is due to insufficient validation of user input in the rendermav function, which allows the manipulation of the template argument to perform path traversal...

5.3CVSS6.6AI score0.00396EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2025/04/09 4:26 a.m.•10 views

Server Side Request Forgery (SSRF)

mobsf is vulnerable to Server Side Request Forgery SSRF Abuse. The vulnerability is due to socket.gethostbyname not properly handling DNS rebinding, allows attackers to exploit DNS resolutions and make requests to internal services...

9.8CVSS6.7AI score0.00415EPSS
Exploits1References5Affected Software1
Veracode
Veracode
•added 2025/04/09 4:20 a.m.•8 views

Unauthorized File Exposure

Vite is vulnerable to Unauthorized File Exposure. The vulnerability is due to improper exposure of non-allowed files through the ?inline or ?raw?import methods when the Vite dev server is explicitly exposed to the network using --host or the server.host config option, allows unauthorized access t...

7.5CVSS6.9AI score0.621EPSS
Exploits9References10Affected Software1
Veracode
Veracode
•added 2025/04/09 4:1 a.m.•10 views

Prototype Pollution

Redoc is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of user-supplied input in the Module.mergeObjects component, allows attackers to manipulate the prototype chain and introduce malicious payloads, which can trigger a Denial of Service DoS...

7.5CVSS6.6AI score0.00515EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2025/04/09 4:1 a.m.•9 views

Prototype Pollution

depath and cool-path are vulnerable to prototype pollution. The vulnerability is due to improper handling of object properties in the set method at setIn lib/index.js:90, allowing attackers to inject arbitrary properties and potentially execute arbitrary code or cause a Denial of Service DoS...

9.8CVSS7.9AI score0.00741EPSS
Exploits1References3Affected Software2
Veracode
Veracode
•added 2025/04/09 4:0 a.m.•3 views

Path Traversal

go.rgst.io/stencil/v2 is vulnerable to Path Traversal. The vulnerability is due to insufficient validation of file paths during archive extraction, which allows directory traversal sequences like ../ to write files outside the intended extraction directory...

7AI score
Exploits0
Veracode
Veracode
•added 2025/04/09 3:35 a.m.•10 views

Integer Overflow

cairo-lang-starknet-classes is vulnerable to Integer overflow. The vulnerability is due to improper bounds checking in the Sierra bytecode decompression logic of the cairo-lang-starknet-classes library, allows an integer overflow to occur when processing malicious Declare v2/v3 transactions...

7.5CVSS6.8AI score0.00454EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/04/08 7:43 p.m.•14 views

Cross-site Scripting (XSS)

Vega is vulnerable to Cross-site Scripting XSS. The vulnerability is due to unsafe evaluation of JavaScript code due to the lack of an expression interpreter when processing Vega/Vega-lite JSON definitions...

5.3CVSS6.4AI score0.00477EPSS
Exploits0References4Affected Software2
Veracode
Veracode
•added 2025/04/08 12:0 p.m.•10 views

Class Pollution

Mesop is vulnerable to Class Pollution. The vulnerability is due to insecure handling of global variables and class attributes due to the ability of attackers to overwrite them at runtime, leading to potential denial of service, identity confusion, or remote code execution...

8.1CVSS7.9AI score0.00629EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/04/08 8:24 a.m.•10 views

Server Side Request Forgery (SSRF)

Apache Kylin is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of user-supplied input, allowing an attacker with admin access to make arbitrary internal requests via the /kylin/api/xxx/diag endpoint...

6.5CVSS6.8AI score0.00577EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2025/04/08 7:59 a.m.•2 views

HTTP Response Splitting

Pitchfork is vulnerable to HTTP Response Splitting.The vulnerability is due to improper input sanitization allowing unvalidated user input being passed to HTTP headers when used with Rack 3...

4.3CVSS7AI score0.00269EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2025/04/08 7:57 a.m.•12 views

Code Injection

org.apache.kylin, kylin is vulnerable to Code Injection. The vulnerability is due to insufficient restrictions on JDBC connection configuration, which allows execution of arbitrary remote code when altered by someone with admin permissions...

7.2CVSS8AI score0.00815EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2025/04/08 7:42 a.m.•22 views

Remote Code Execution

k8s.io/ingress-nginx is vulnerable to Remote Code Execution. The vulnerability is due to improper request handling in the ingress-nginx controller due to the controller processing untrusted network traffic that can be manipulated to execute arbitrary code and access Secrets...

9.8CVSS8.4AI score0.99098EPSS
Exploits20References10Affected Software1
Veracode
Veracode
•added 2025/04/08 7:24 a.m.•18 views

Cross-Site Scripting (XSS)

Vega, vega-functions is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient sandboxing, which allows unsupported JavaScript functions to be called from the Vega expression language...

6.1CVSS6AI score0.00324EPSS
Exploits1References6Affected Software2
Veracode
Veracode
•added 2025/04/08 7:6 a.m.•9 views

Cross-Site Scripting (XSS)

gifplayer is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization or output escaping. Specifically, the application fails to properly handle or sanitize user-supplied input before including it in the webpage, which allows attackers to inject and...

6.9CVSS6.2AI score0.00418EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/04/08 3:40 a.m.•13 views

Hash Collision Attack

io.netty.incubator, netty-incubator-codec-quic is vulnerable to Hash Collision Attack. The vulnerability is due to a hash collision in the hash map used to manage connections, which allows remote attackers to perform a Hash DoS attack by initiating connections with colliding Source Connection IDs...

5.3CVSS7.1AI score0.00508EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2025/04/08 3:39 a.m.•4 views

Unauthorized File Access

awssamcli is vulnerable to Unauthorized File Access. The vulnerability is due to improper handling of symlinks during the Docker build process, allowing access to privileged host files via elevated permissions...

6.9CVSS7AI score0.00674EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2025/04/08 3:36 a.m.•13 views

Unauthorized File Access

awssamcli is vulnerable to Unauthorized File Access. The vulnerability is due to insecure symlink resolution during the build process, which causes the contents of symlinks to be copied into the local workspace cache as regular files, allows an attacker to access restricted files...

6.9CVSS6.4AI score0.00577EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2025/04/07 7:17 a.m.•6 views

Missing Encryption Of Sensitive Data

org.opendaylight.sfc, odl-sfc-openflow-renderer is vulnerable to Missing Encryption of Sensitive Data. The vulnerability is due to missing security attributes or transmission over unencrypted channels, allowing Man-in-the-Middle attacks to access sensitive information...

8.1CVSS7AI score0.00204EPSS
Exploits0References3Affected Software2
Veracode
Veracode
•added 2025/04/07 6:39 a.m.•12 views

Unauthorized Access

pixelfed/pixelfed is vulnerable to Unauthorized Access. The vulnerability is due to insufficient verification of follow requests, allowing unauthorized users to access private posts across Fediverse servers...

4.3CVSS7AI score0.00291EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2025/04/07 6:12 a.m.•8 views

Environment Variable Exposure

Shescape is vulnerable to Environment Variable Exposure. The vulnerability is due to improper escaping of % characters in user input when using shell: 'cmd.exe' or shell: true, which allows an attacker to read environment variables through unintended variable substitution...

5.9CVSS6.9AI score0.0018EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/04/07 5:59 a.m.•9 views

Denial Of Service (DoS)

@mozilla/readability is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression processing caused by specially crafted titles, allowing an attacker to cause a local denial of service...

6.7AI score0.00623EPSS
Exploits0
Veracode
Veracode
•added 2025/04/07 2:38 a.m.•11 views

Denial Of Service (DoS)

@directus/storage-driver-s3 is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of malformed transformation requests, which allows an attacker to trigger a state where all assets return 403 errors, leading to asset unavailability across all Directus policies...

5.3CVSS7AI score0.00406EPSS
Exploits1References3Affected Software3
Veracode
Veracode
•added 2025/04/07 2:37 a.m.•10 views

Denial Of Service (DoS)

@directus/storage-driver-s3 is vulnerable to Denial Of Service DoS. The vulnerability is due to asset unavailability caused by excessive HEAD requests, which allows an attacker to trigger 403 errors for all assets and deny access across all Directus policies...

5.3CVSS7AI score0.00406EPSS
Exploits1References3Affected Software3
Veracode
Veracode
•added 2025/04/07 2:36 a.m.•7 views

Unauthorized API Access

Directus is vulnerable to unauthorized API access by suspended users. The vulnerability is due to missing session validation due to the absence of a check in verifySessionJWT to confirm if a user is still active and authorized...

4.3CVSS7AI score0.00337EPSS
Exploits1References2Affected Software2
Veracode
Veracode
•added 2025/04/04 6:14 a.m.•15 views

Improper Access Control

org.opendaylight.sfc:sfc-parent is vulnerable to Improper Access Control. The vulnerability is due to flaws in the Shiro-based RBAC mechanism due to improper enforcement of role-based access control, allowing attackers to execute privileged operations via crafted requests...

9.8CVSS7.3AI score0.00378EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2025/04/04 6:5 a.m.•18 views

Cross-site Scripting (XSS)

django-tomselect is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization due to user-supplied values not being fully escaped in form widget attributes, allowing potentially dangerous HTML tags to be rendered in the browser...

6.3AI score
Exploits0
Veracode
Veracode
•added 2025/04/04 4:51 a.m.•14 views

Sensitive Information Disclosure

Directus is vulnerable to information disclosure. The vulnerability is due to improper error handling due to sensitive data being exposed in API responses when a ValidationError is triggered in flows using the "Webhook" trigger and "Data of Last Operation" response body...

8.6CVSS6.5AI score0.00505EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2025/04/04 4:36 a.m.•20 views

Relative Path Traversal

Apache Commons VFS is vulnerable to Relative Path Traversal. The vulnerability is due to improper validation in the resolveFile method, which allows encoded ".." sequences to bypass descendant path restrictions and access unintended files...

7.5CVSS6.6AI score0.01277EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2025/04/03 2:20 p.m.•2 views

Cross-site Scripting (XSS)

Apache Oozie is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper neutralization of input during web page generation, allowing attackers to inject malicious scripts into web pages...

5.4CVSS6.4AI score0.00466EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/04/03 2:11 p.m.•6 views

Improper Verification Of Cryptographic Signature

Kyverno is vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is due to improper verification of artifact signatures due to the subjectRegExp and IssuerRegExp fields being ignored in keyless mode, allowing attackers to deploy unauthorized Kubernetes resources,...

8CVSS7AI score0.00317EPSS
Exploits1References6Affected Software1
Veracode
Veracode
•added 2025/04/03 1:49 p.m.•9 views

Incorrect Authorization

Cilium is vulnerable to Incorrect Authorization. The vulnerability is due to improper enforcement of node-based network policies due to misconfigured fromNodes and toNodes rules, which incorrectly permit traffic to or from non-node endpoints that share the specified labels...

4.7CVSS7.1AI score0.00197EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/04/03 6:48 a.m.•10 views

Incorrect Authorization

github.com/cilium/cilium is vulnerable to Incorrect Authorization. The vulnerability is due to improper enforcement of egress restrictions due to a misconfiguration where egress traffic to LoadBalancers deployed via Gateway API is incorrectly allowed, despite network policies blocking such traffi...

4.3CVSS6.5AI score0.0021EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/04/03 3:56 a.m.•9 views

Improper Security Check Handling

api-platform/core is vulnerable to Improper Security Check Handling. The vulnerability is due to a missing break statement in the security check logic, caused by a fallback mechanism that replaces the intended security check after GraphQL resolvers. It allows an attacker to bypass intended securi...

4.4CVSS7.2AI score0.00278EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2025/04/03 3:13 a.m.•11 views

Overly Permissive Authorization

aws-cdk-lib is vulnerable to Overly Permissive Authorization. The vulnerability is due to the CDK Construct Library automatically generating an overly permissive AWS IAM trust policy, which allows any user with unrestricted sts:AssumeRole permissions to assume the role...

7AI score
Exploits0
Veracode
Veracode
•added 2025/04/03 3:4 a.m.•44 views

Denial Of Service (DoS)

OpenDaylight Service Function Chaining SFC is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of name resolution or references and allows an attacker to exploit incorrect resolutions to cause a Denial of Service DoS...

7.5CVSS7.6AI score0.0037EPSS
Exploits0References3Affected Software2
Veracode
Veracode
•added 2025/04/03 2:50 a.m.•9 views

Out Of Memory Error

org.keycloak, keycloak-services is vulnerable to an Out Of Memory Error. The vulnerability is due to unbounded caching of JWT tokens with long expiration times, causing excessive memory consumption and potential system failure. It allows an attacker to cause a Denial of Service DoS by exhausting...

4.9CVSS6.9AI score0.00654EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2025/04/03 12:0 a.m.•10 views

Sensitive Information Exposure

org.apache.commons, commons-vfs2 is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper handling of exception messages, where the FtpFileObject class exposes the original URI, including sensitive information like passwords, when a file is not found. It allows an...

5CVSS6.5AI score0.00776EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2025/04/02 11:58 p.m.•10 views

Arbitrary File Disclosure

Vite is vulnerable to Arbitrary File Disclosure. The vulnerability is due to improper handling of trailing separators in query strings and is caused by the removal of trailing separators ? without proper validation in regex checks, allows attackers to bypass file access restrictions and retrieve...

7.5CVSS7.2AI score0.76736EPSS
Exploits28References7Affected Software1
Veracode
Veracode
•added 2025/04/02 11:57 p.m.•15 views

Arbitrary Code Execution (ACE)

k8s.io/ingress-nginx is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to improper input validation in the auth-tls-match-cn Ingress annotation, which allows attackers to inject arbitrary Nginx configuration...

8.8CVSS9.6AI score0.34677EPSS
Exploits7References9Affected Software1
Veracode
Veracode
•added 2025/04/02 11:55 p.m.•11 views

Arbitrary Code Execution (ACE)

k8s.io/ingress-nginx is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to improper access control, allowing an unauthenticated attacker with access to the pod network to execute arbitrary code in the context of the ingress-nginx controller...

9.8CVSS8.3AI score0.99098EPSS
Exploits20References11Affected Software1
Veracode
Veracode
•added 2025/04/02 11:30 p.m.•12 views

Arbitrary Code Execution (ACE)

k8s.io/ingress-nginx is vulnerable to Arbitrary Code Execution ACE . The vulnerability is due to improper handling of mirror-target and mirror-host annotations, allowing arbitrary configuration injection into nginx...

8.8CVSS9.8AI score0.83066EPSS
Exploits7References9Affected Software1
Veracode
Veracode
•added 2025/04/02 11:28 p.m.•10 views

Directory Traversal

k8s.io/ingress-nginxx is vulnerable to Directory traversal. The vulnerability is due to the ingress-nginx Admission Controller including attacker-provided data in a filename, allowing traversal within the container...

4.8CVSS6.6AI score0.03517EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2025/04/02 11:26 p.m.•14 views

Arbitrary Code Execution (ACE)

k8s.io/ingress-nginx is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to improper validation and sanitization of user-supplied input in the auth-url Ingress annotation, allowing attackers to inject arbitrary nginx configuration directives...

8.8CVSS9.6AI score0.31809EPSS
Exploits8References9Affected Software1
Veracode
Veracode
•added 2025/04/02 11:22 p.m.•8 views

Server Side Request Forgery (SSRF)

nossrf is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper hostname validation, allowing attackers to bypass the protection mechanism and access local or reserved IP addresses...

9.1CVSS7AI score0.00365EPSS
Exploits1References1Affected Software1
Total number of security vulnerabilities38326