38326 matches found
Race Condition
k8s.io/kubernetes/cmd/kube-apiserver is vulnerable to Race Condition. The vulnerability is due to improper enforcement of network policies due to the undefined deletion order during namespace termination, which can result in network policies being removed before the pods they protect, allowing...
Authentication Credential Reuse
parse-server is vulnerable to Authentication Credential Reuse. The vulnerability is due to improper isolation of authentication credentials, allowing them to be shared across multiple Parse Server apps using the same third-party authentication provider...
Denial Of Service (DoS)
github.com/envoyproxy/envoy is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of the filter's lifecycle or crash when a local reply is sent to the external server, allows an attacker to trigger a DoS by forcing a failed WebSocket handshake or another scenario...
Authentication Bypass
Mattermost is vulnerable to Authentication Bypass. The vulnerability is due to a flaw that allows authenticated attackers to bypass MFA protections via user search, channel search, or team search queries...
Remote Code Execution (RCE)
InvokeAI is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization using torch.load without proper validation in the /api/v2/models/install API, allowing attackers to execute arbitrary code by embedding malicious code in model files...
Deserialization Of Untrusted Data
com.aizuda, snail-job is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to improper input validation of the nodeExpression argument in the getRuntime function of the Workflow-Task Management Module, allowing an attacker to execute arbitrary code remotely...
Deserialization Of Untrusted Data
yiisoft/yii2-dev is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to improper handling in the getIterator function of symfony\finder\Iterator\SortableIterator.php, which allows an attacker to execute arbitrary code remotely...
Cross-Site Scripting (XSS)
ContentTools is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of the onload argument in the Image Handler component, allowing an attacker to exploit it...
Authorization Bypass
org.springframework.security, spring-security-core is vulnerable to Authorization Bypass. The vulnerability is due to improper method security annotation detection due to issues in locating annotations on parameterized types or methods, allowing an attacker to access methods or resources without...
Denial Of Service (DoS)
Ollama is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of GGUF model files, allowing a malicious user to create a crafted file that causes the server to allocate unlimited memory, leading to a DoS condition...
Incorrect Authorization
Mattermost is vulnerable to Incorrect Authorization. The vulnerability is due to improper restriction of command execution due to a flaw that allows authenticated users to run commands in archived channels...
Authentication Bypass
Mattermost is vulnerable to Authentication Bypass. The vulnerability is due to improper enforcement of multi-factor authentication MFA due to a flaw that allows authenticated attackers to bypass MFA protections via API requests to plugin-specific routes...
Incorrect Authorization
Mattermost is vulnerable to Incorrect Authorization. The vulnerability is due to a flaw that allows authenticated users to create or update bookmarks in archived channels...
Improper Authorization
Mattermost is vulnerable to an Improper Authorization. The vulnerability is due to insufficient enforcement of channel conversion restrictions due to a flaw that allows users with permission to convert public channels to private ones to also convert private channels to public...
Privilege Escalation
github.com/pipe-cd/pipecd is vulnerable to Insecure Permissions. The vulnerability is due to insecure permissions, which allow attackers to access the service account's token and escalate privileges...
Denial Of Service (DoS)
github.com/golang-jwt/jwt is vulnerable to Denial Of Service DoS. The vulnerability is due to inefficient parsing of untrusted input in the ParseUnverified function, which splits tokens using strings.Split without proper input validation, allowing an attacker to trigger excessive memory allocatio...
Server-Side Request Forgery (SSRF)
Apache Druid is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper neutralization of input during web page generation, which allows a specially crafted URL in the Druid management proxy to redirect requests to an arbitrary server...
Unauthorized Account Access
mlflow is vulnerable to Unauthorized Account Access. The vulnerability is due to improper user account management during the account creation process or lack of a mandatory password requirement, allows accounts to be created without authentication credentials...
Cross-Site Request Forgery (CSRF)
mlflow is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to lack of proper protection mechanisms in the Signup feature, allowing an attacker to craft malicious requests to create an account and perform unauthorized actions...
Denial Of Service (DoS)
Aimhubio/aim is vulnerable to a Denial Of Service DoS. The vulnerability is due to the tracking server overriding the maximum size for websocket messages, allowing very large images to be tracked, which causes the server to become unresponsive to other requests...
MD5 Hash Collisions
sagemaker is vulnerable to MD5 Hash Collisions. The vulnerability is due to weak hashing in workflow identification due to the reuse of results from different configurations that produce the same MD5 hash, potentially leading to unintended workflow replacements and integrity issues...
Denial Of Service (DoS)
aim is vulnerable to Denial Of Service DoS. The vulnerability is due to inefficient handling of large Text object queries due to excessive processing time when multiple objects are requested simultaneously, causing the server to become unresponsive...
Remote Code Execution (RCE)
Horovod is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of base64-encoded data in the ElasticRendezvousHandler, which ultimately leads to insecure deserialization via cloudpickle.loadsdecoded. It allows an attacker to send a malicious pickle object...
Improper Password Verification
org.springframework.security, spring-security-crypto is vulnerable to Improper password verification. The vulnerability is due to BCrypt's 72-character password truncation causing BCryptPasswordEncoder.matches to validate only the first 72 characters, allowing incorrect password acceptance...
Cross-Site Scripting (XSS)
com.liferay.portal, release.dxp.bom, com.liferay.portal, release.portal.bom is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization of the toastData parameter in the Frontend JS module's layout-taglib/liferay/index.js, allows attackers to inject arbitrar...
Denial Of Service (DoS)
litellm is vulnerable to Denial of Service DoS. The vulnerability is due to the use of ast.literaleval to parse user input, allowing an attacker to send specially crafted input that crashes the litellm Python server...
Unexpected Status Code Or Return Value
go-redis is vulnerable to Unexpected Status Code or Return Value. The vulnerability is due to improper request handling due to timeouts in the CLIENT SETINFO command during connection establishment, leading to incorrect command responses and potential data inconsistency...
Denial Of Service (DoS)
Aim is vulnerable to Denial Of Service DoS. The vulnerability is due to improper thread management due to the ScheduledStatusReporter object running on the main thread of the tracking server, blocking it indefinitely and preventing it from responding to requests...
WAF Bypass
github.com/corazawaf/coraza is vulnerable to WAF Bypass. The vulnerability is due to improper URI normalization or incorrect parsing of request URIs that start with //, allows an attacker to bypass security rules and potentially evade WAF protections, leading to an incorrect REQUESTFILENAME value...
Unauthorized Object Creation And Deletion
kcp is vulnerable to unauthorized object creation and deletion. The vulnerability is due to improper enforcement of access controls in the APIExport VirtualWorkspace, allowing object creation and deletion in arbitrary workspaces without proper authorization checks...
Arbitrary File Overwrite
ai.h2o, h2o-core is vulnerable to Arbitrary File Overwrite. The vulnerability is due to a lack of export location restrictions in the model export endpoint, allowing an attacker to overwrite arbitrary files on the server...
Remote Code Execution (RCE)
litellm is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of the 'postcallrules' configuration, allowing an attacker to specify a system method as a callback, leading to arbitrary command execution...
Denial-of-Service (DoS)
Synapse is vulnerable to a Denial-Of-Service. The vulnerability is due to improper handling of maliciously crafted federation events, where a malicious Matrix server can send crafted events that prevent Synapse from federating with other servers...
Denial Of Service (DoS)
H2O-3 is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of highly compressed data due to repeatedly parsing a large GZIP file, leading to memory exhaustion and a large number of slow-running jobs, making the server unresponsive...
Denial Of Service (DoS)
H2O-3 is vulnerable to Denial Of Service DoS. The vulnerability is due to inefficient regular expression complexity due to the /3/ParseSetup endpoint applying a user-specified regular expression to a user-controllable string, leading to resource exhaustion and server unresponsiveness...
Remote Code Execution (RCE)
agentscope is vulnerable to Remote code execution RCE. The vulnerability is due to improper handling of serialized input, which is deserialized using dill.loads without validation, allowing execution of arbitrary commands...
Denial Of Service (DoS)
ai.h2o, h2o-core is vulnerable to Denial Of Service DoS. The vulnerability is due to the /3/Parse endpoint constructing a regular expression from a user-specified string, which is then applied to another user-specified string, allowing an attacker to send multiple simultaneous requests and exhaus...
Denial Of Service (DoS)
ai.h2o, h2o-ext-xgboost is vulnerable to Denial Of Service DoS . The vulnerability is due to improper exposure of internal classes through the ast parser in the runtool command, allows attackers to exploit the XGBoostLibExtractTool class to perform arbitrary file writes and shut down the server...
Deserialization Of Untrusted Data
H2O-3 is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to unsafe deserialization due to user-controlled JDBC URLs being passed to DriverManager.getConnection, which can trigger deserialization of untrusted data when MySQL or PostgreSQL drivers are available in the...
Exposed Dangerous Method Or Function
H2O-3 is vulnerable to Exposed Dangerous Method or Function. The vulnerability is due to improper access control due to an exposed EncryptionTool endpoint that allows an attacker to encrypt files on the target server with a chosen key, potentially leading to ransomware-like behavior by overwritin...
Origin Validation Error
Prefect is vulnerable to Origin Validation Error. The vulnerability is due to improper access control due to unauthorized domains being allowed to access sensitive data, leading to potential data leaks, loss of confidentiality, service disruption, and data integrity risks...
Origin Validation Error
AgentScope is vulnerable to Origin Validation Error. The vulnerability is due to improper access control due to the server not properly restricting access to trusted origins, allowing any external domain to make API requests, leading to unauthorized data access and potential exploitation...
Arbitrary File Deletion
Aim is vulnerable to Arbitrary File Deletion. The vulnerability is due to path traversal due to improper normalization of the runhash parameter in the LockManager.releaselocks function, allowing attackers to delete arbitrary files via the tracking server API...
Cross-site Scripting (XSS)
AgentScope is vulnerable to Cross-site scripting XSS. The vulnerability is due to improper handling of user input, where the run ID is rendered as HTML without proper sanitization, allowing an attacker to execute arbitrary JavaScript in the user's browser...
Denial Of Service (DoS)
ai.h2o, h2o-core is vulnerable to Denial Of Service DoS. The vulnerability is due to the typeahead endpoint performing a HEAD request without setting a timeout, allowing an attacker to exploit this by making requests to an attacker-controlled server that hangs, causing the application to become...
Directory Traversal
agentscope is vulnerable to Directory Traversal. The vulnerability is due to improper validation of user-supplied file paths in the /read-examples endpoint, allowing attackers to traverse directories and access arbitrary JSON files...
Arbitrary File Overwrite
H2O-3 is vulnerable to Arbitrary File Overwrite. The vulnerability is due to improper input validation due to the exportModelDetails function in ModelsHandler.java allowing user-controlled input in the mexport.dir parameter, enabling overwriting files at arbitrary locations on the host system...
Sensitive Information Disclosure
LiteLLM is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper error handling due to an issue in proxyserver.py that leaks Langfuse API keys when an error occurs while parsing team settings, potentially exposing full access to stored requests...
Path Traversal
agentscope is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths in the save-workflow and load-workflow functionality, allowing an attacker to read and write arbitrary JSON files on the filesystem...
Arbitrary Code Execution (ACE)
aim is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to the use of an outdated safergetattr function from RestrictedPython, which fails to restrict access to str.formatmap. It allows attackers to read arbitrary object attributes and execute malicious code...