Lucene search
K
VeracodeRecent

38326 matches found

Veracode
Veracode
•added 2025/04/02 12:1 p.m.•23 views

Race Condition

k8s.io/kubernetes/cmd/kube-apiserver is vulnerable to Race Condition. The vulnerability is due to improper enforcement of network policies due to the undefined deletion order during namespace termination, which can result in network policies being removed before the pods they protect, allowing...

3.1CVSS7AI score0.00301EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/04/02 9:42 a.m.•16 views

Authentication Credential Reuse

parse-server is vulnerable to Authentication Credential Reuse. The vulnerability is due to improper isolation of authentication credentials, allowing them to be shared across multiple Parse Server apps using the same third-party authentication provider...

6.9CVSS7.3AI score0.00375EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2025/04/02 8:55 a.m.•11 views

Denial Of Service (DoS)

github.com/envoyproxy/envoy is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of the filter's lifecycle or crash when a local reply is sent to the external server, allows an attacker to trigger a DoS by forcing a failed WebSocket handshake or another scenario...

7.5CVSS6.8AI score0.00406EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2025/04/02 7:9 a.m.•3 views

Authentication Bypass

Mattermost is vulnerable to Authentication Bypass. The vulnerability is due to a flaw that allows authenticated attackers to bypass MFA protections via user search, channel search, or team search queries...

6.5CVSS5.1AI score0.00291EPSS
Exploits0References3Affected Software2
Veracode
Veracode
•added 2025/04/02 3:59 a.m.•19 views

Remote Code Execution (RCE)

InvokeAI is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization using torch.load without proper validation in the /api/v2/models/install API, allowing attackers to execute arbitrary code by embedding malicious code in model files...

9.8CVSS8.6AI score0.05342EPSS
Exploits5References6Affected Software1
Veracode
Veracode
•added 2025/04/02 3:26 a.m.•8 views

Deserialization Of Untrusted Data

com.aizuda, snail-job is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to improper input validation of the nodeExpression argument in the getRuntime function of the Workflow-Task Management Module, allowing an attacker to execute arbitrary code remotely...

8.8CVSS8AI score0.0065EPSS
Exploits1References7Affected Software1
Veracode
Veracode
•added 2025/04/02 3:25 a.m.•11 views

Deserialization Of Untrusted Data

yiisoft/yii2-dev is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to improper handling in the getIterator function of symfony\finder\Iterator\SortableIterator.php, which allows an attacker to execute arbitrary code remotely...

9.8CVSS7.9AI score0.00556EPSS
Exploits1References6Affected Software1
Veracode
Veracode
•added 2025/04/02 3:23 a.m.•10 views

Cross-Site Scripting (XSS)

ContentTools is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of the onload argument in the Image Handler component, allowing an attacker to exploit it...

5.4CVSS6.4AI score0.00328EPSS
Exploits1References5Affected Software2
Veracode
Veracode
•added 2025/04/02 3:21 a.m.•6 views

Authorization Bypass

org.springframework.security, spring-security-core is vulnerable to Authorization Bypass. The vulnerability is due to improper method security annotation detection due to issues in locating annotations on parameterized types or methods, allowing an attacker to access methods or resources without...

5.3CVSS7.1AI score0.00485EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/04/02 3:14 a.m.•16 views

Denial Of Service (DoS)

Ollama is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of GGUF model files, allowing a malicious user to create a crafted file that causes the server to allocate unlimited memory, leading to a DoS condition...

7.5CVSS6.9AI score0.00672EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2025/04/01 1:56 p.m.•9 views

Incorrect Authorization

Mattermost is vulnerable to Incorrect Authorization. The vulnerability is due to improper restriction of command execution due to a flaw that allows authenticated users to run commands in archived channels...

8.8CVSS7.2AI score0.00339EPSS
Exploits0References3Affected Software2
Veracode
Veracode
•added 2025/04/01 1:37 p.m.•10 views

Authentication Bypass

Mattermost is vulnerable to Authentication Bypass. The vulnerability is due to improper enforcement of multi-factor authentication MFA due to a flaw that allows authenticated attackers to bypass MFA protections via API requests to plugin-specific routes...

8.8CVSS7.1AI score0.00317EPSS
Exploits0References3Affected Software2
Veracode
Veracode
•added 2025/04/01 12:52 p.m.•2 views

Incorrect Authorization

Mattermost is vulnerable to Incorrect Authorization. The vulnerability is due to a flaw that allows authenticated users to create or update bookmarks in archived channels...

4.3CVSS5.1AI score0.00219EPSS
Exploits0References3Affected Software2
Veracode
Veracode
•added 2025/04/01 5:42 a.m.•2 views

Improper Authorization

Mattermost is vulnerable to an Improper Authorization. The vulnerability is due to insufficient enforcement of channel conversion restrictions due to a flaw that allows users with permission to convert public channels to private ones to also convert private channels to public...

5.4CVSS6.8AI score0.00195EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2025/04/01 3:29 a.m.•5 views

Privilege Escalation

github.com/pipe-cd/pipecd is vulnerable to Insecure Permissions. The vulnerability is due to insecure permissions, which allow attackers to access the service account's token and escalate privileges...

9.8CVSS7.3AI score0.00457EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/04/01 2:51 a.m.•8 views

Denial Of Service (DoS)

github.com/golang-jwt/jwt is vulnerable to Denial Of Service DoS. The vulnerability is due to inefficient parsing of untrusted input in the ParseUnverified function, which splits tokens using strings.Split without proper input validation, allowing an attacker to trigger excessive memory allocatio...

7.5CVSS7.5AI score0.00693EPSS
Exploits0References5Affected Software2
Veracode
Veracode
•added 2025/04/01 2:40 a.m.•2 views

Server-Side Request Forgery (SSRF)

Apache Druid is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper neutralization of input during web page generation, which allows a specially crafted URL in the Druid management proxy to redirect requests to an arbitrary server...

5.8CVSS6.2AI score0.01656EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2025/04/01 2:37 a.m.•17 views

Unauthorized Account Access

mlflow is vulnerable to Unauthorized Account Access. The vulnerability is due to improper user account management during the account creation process or lack of a mandatory password requirement, allows accounts to be created without authentication credentials...

5.5CVSS7.4AI score0.00336EPSS
Exploits1References5Affected Software1
Veracode
Veracode
•added 2025/04/01 2:36 a.m.•5 views

Cross-Site Request Forgery (CSRF)

mlflow is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to lack of proper protection mechanisms in the Signup feature, allowing an attacker to craft malicious requests to create an account and perform unauthorized actions...

7.1CVSS7AI score0.00202EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2025/04/01 2:34 a.m.•6 views

Denial Of Service (DoS)

Aimhubio/aim is vulnerable to a Denial Of Service DoS. The vulnerability is due to the tracking server overriding the maximum size for websocket messages, allowing very large images to be tracked, which causes the server to become unresponsive to other requests...

7.5CVSS7AI score0.0059EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2025/03/28 10:50 a.m.•16 views

MD5 Hash Collisions

sagemaker is vulnerable to MD5 Hash Collisions. The vulnerability is due to weak hashing in workflow identification due to the reuse of results from different configurations that produce the same MD5 hash, potentially leading to unintended workflow replacements and integrity issues...

5.9CVSS7AI score0.00247EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/03/28 10:13 a.m.•11 views

Denial Of Service (DoS)

aim is vulnerable to Denial Of Service DoS. The vulnerability is due to inefficient handling of large Text object queries due to excessive processing time when multiple objects are requested simultaneously, causing the server to become unresponsive...

7.5CVSS7.1AI score0.0059EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2025/03/28 7:1 a.m.•7 views

Remote Code Execution (RCE)

Horovod is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of base64-encoded data in the ElasticRendezvousHandler, which ultimately leads to insecure deserialization via cloudpickle.loadsdecoded. It allows an attacker to send a malicious pickle object...

9.8CVSS7.8AI score0.01021EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2025/03/28 6:37 a.m.•7 views

Improper Password Verification

org.springframework.security, spring-security-crypto is vulnerable to Improper password verification. The vulnerability is due to BCrypt's 72-character password truncation causing BCryptPasswordEncoder.matches to validate only the first 72 characters, allowing incorrect password acceptance...

7.4CVSS7.2AI score0.00568EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2025/03/28 5:59 a.m.•13 views

Cross-Site Scripting (XSS)

com.liferay.portal, release.dxp.bom, com.liferay.portal, release.portal.bom is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization of the toastData parameter in the Frontend JS module's layout-taglib/liferay/index.js, allows attackers to inject arbitrar...

6.1CVSS6AI score0.00271EPSS
Exploits0References3Affected Software2
Veracode
Veracode
•added 2025/03/28 5:29 a.m.•10 views

Denial Of Service (DoS)

litellm is vulnerable to Denial of Service DoS. The vulnerability is due to the use of ast.literaleval to parse user input, allowing an attacker to send specially crafted input that crashes the litellm Python server...

7.5CVSS7AI score0.00526EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/03/28 4:40 a.m.•105 views

Unexpected Status Code Or Return Value

go-redis is vulnerable to Unexpected Status Code or Return Value. The vulnerability is due to improper request handling due to timeouts in the CLIENT SETINFO command during connection establishment, leading to incorrect command responses and potential data inconsistency...

3.7CVSS7.3AI score0.00694EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/03/28 4:30 a.m.•7 views

Denial Of Service (DoS)

Aim is vulnerable to Denial Of Service DoS. The vulnerability is due to improper thread management due to the ScheduledStatusReporter object running on the main thread of the tracking server, blocking it indefinitely and preventing it from responding to requests...

7.5CVSS7AI score0.00588EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2025/03/28 2:38 a.m.•12 views

WAF Bypass

github.com/corazawaf/coraza is vulnerable to WAF Bypass. The vulnerability is due to improper URI normalization or incorrect parsing of request URIs that start with //, allows an attacker to bypass security rules and potentially evade WAF protections, leading to an incorrect REQUESTFILENAME value...

5.4CVSS7.2AI score0.00294EPSS
Exploits0References2Affected Software2
Veracode
Veracode
•added 2025/03/28 2:37 a.m.•10 views

Unauthorized Object Creation And Deletion

kcp is vulnerable to unauthorized object creation and deletion. The vulnerability is due to improper enforcement of access controls in the APIExport VirtualWorkspace, allowing object creation and deletion in arbitrary workspaces without proper authorization checks...

9.6CVSS7.1AI score0.00348EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/03/28 2:36 a.m.•10 views

Arbitrary File Overwrite

ai.h2o, h2o-core is vulnerable to Arbitrary File Overwrite. The vulnerability is due to a lack of export location restrictions in the model export endpoint, allowing an attacker to overwrite arbitrary files on the server...

7.1CVSS7AI score0.00693EPSS
Exploits1References4Affected Software2
Veracode
Veracode
•added 2025/03/28 2:34 a.m.•3 views

Remote Code Execution (RCE)

litellm is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of the 'postcallrules' configuration, allowing an attacker to specify a system method as a callback, leading to arbitrary command execution...

8.8CVSS8AI score0.01463EPSS
Exploits1References5Affected Software1
Veracode
Veracode
•added 2025/03/27 11:41 p.m.•4 views

Denial-of-Service (DoS)

Synapse is vulnerable to a Denial-Of-Service. The vulnerability is due to improper handling of maliciously crafted federation events, where a malicious Matrix server can send crafted events that prevent Synapse from federating with other servers...

7.5CVSS5.4AI score0.01157EPSS
Exploits0References3Affected Software2
Veracode
Veracode
•added 2025/03/27 2:24 p.m.•7 views

Denial Of Service (DoS)

H2O-3 is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of highly compressed data due to repeatedly parsing a large GZIP file, leading to memory exhaustion and a large number of slow-running jobs, making the server unresponsive...

7.5CVSS7AI score0.00719EPSS
Exploits1References4Affected Software2
Veracode
Veracode
•added 2025/03/27 2:12 p.m.•5 views

Denial Of Service (DoS)

H2O-3 is vulnerable to Denial Of Service DoS. The vulnerability is due to inefficient regular expression complexity due to the /3/ParseSetup endpoint applying a user-specified regular expression to a user-controllable string, leading to resource exhaustion and server unresponsiveness...

7.5CVSS7AI score0.00588EPSS
Exploits1References4Affected Software2
Veracode
Veracode
•added 2025/03/27 8:50 a.m.•4 views

Remote Code Execution (RCE)

agentscope is vulnerable to Remote code execution RCE. The vulnerability is due to improper handling of serialized input, which is deserialized using dill.loads without validation, allowing execution of arbitrary commands...

9.8CVSS7.8AI score0.01631EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2025/03/27 8:4 a.m.•5 views

Denial Of Service (DoS)

ai.h2o, h2o-core is vulnerable to Denial Of Service DoS. The vulnerability is due to the /3/Parse endpoint constructing a regular expression from a user-specified string, which is then applied to another user-specified string, allowing an attacker to send multiple simultaneous requests and exhaus...

7.5CVSS7AI score0.00588EPSS
Exploits1References4Affected Software2
Veracode
Veracode
•added 2025/03/27 7:30 a.m.•3 views

Denial Of Service (DoS)

ai.h2o, h2o-ext-xgboost is vulnerable to Denial Of Service DoS . The vulnerability is due to improper exposure of internal classes through the ast parser in the runtool command, allows attackers to exploit the XGBoostLibExtractTool class to perform arbitrary file writes and shut down the server...

7.5CVSS7.2AI score0.00636EPSS
Exploits1References4Affected Software2
Veracode
Veracode
•added 2025/03/27 6:56 a.m.•5 views

Deserialization Of Untrusted Data

H2O-3 is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to unsafe deserialization due to user-controlled JDBC URLs being passed to DriverManager.getConnection, which can trigger deserialization of untrusted data when MySQL or PostgreSQL drivers are available in the...

9.8CVSS7.1AI score0.01441EPSS
Exploits1References4Affected Software2
Veracode
Veracode
•added 2025/03/27 6:36 a.m.•10 views

Exposed Dangerous Method Or Function

H2O-3 is vulnerable to Exposed Dangerous Method or Function. The vulnerability is due to improper access control due to an exposed EncryptionTool endpoint that allows an attacker to encrypt files on the target server with a chosen key, potentially leading to ransomware-like behavior by overwritin...

6.5CVSS7AI score0.0033EPSS
Exploits1References4Affected Software2
Veracode
Veracode
•added 2025/03/27 6:16 a.m.•3 views

Origin Validation Error

Prefect is vulnerable to Origin Validation Error. The vulnerability is due to improper access control due to unauthorized domains being allowed to access sensitive data, leading to potential data leaks, loss of confidentiality, service disruption, and data integrity risks...

7.6CVSS6.9AI score0.00168EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2025/03/27 5:23 a.m.•13 views

Origin Validation Error

AgentScope is vulnerable to Origin Validation Error. The vulnerability is due to improper access control due to the server not properly restricting access to trusted origins, allowing any external domain to make API requests, leading to unauthorized data access and potential exploitation...

9.8CVSS7AI score0.00273EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2025/03/27 2:48 a.m.•14 views

Arbitrary File Deletion

Aim is vulnerable to Arbitrary File Deletion. The vulnerability is due to path traversal due to improper normalization of the runhash parameter in the LockManager.releaselocks function, allowing attackers to delete arbitrary files via the tracking server API...

9.1CVSS7.1AI score0.00849EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2025/03/27 2:47 a.m.•9 views

Cross-site Scripting (XSS)

AgentScope is vulnerable to Cross-site scripting XSS. The vulnerability is due to improper handling of user input, where the run ID is rendered as HTML without proper sanitization, allowing an attacker to execute arbitrary JavaScript in the user's browser...

6.1CVSS7AI score0.00389EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2025/03/27 2:46 a.m.•8 views

Denial Of Service (DoS)

ai.h2o, h2o-core is vulnerable to Denial Of Service DoS. The vulnerability is due to the typeahead endpoint performing a HEAD request without setting a timeout, allowing an attacker to exploit this by making requests to an attacker-controlled server that hangs, causing the application to become...

7.5CVSS6.9AI score0.00446EPSS
Exploits1References4Affected Software2
Veracode
Veracode
•added 2025/03/27 2:44 a.m.•5 views

Directory Traversal

agentscope is vulnerable to Directory Traversal. The vulnerability is due to improper validation of user-supplied file paths in the /read-examples endpoint, allowing attackers to traverse directories and access arbitrary JSON files...

7.5CVSS7.1AI score0.01211EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2025/03/26 11:21 a.m.•11 views

Arbitrary File Overwrite

H2O-3 is vulnerable to Arbitrary File Overwrite. The vulnerability is due to improper input validation due to the exportModelDetails function in ModelsHandler.java allowing user-controlled input in the mexport.dir parameter, enabling overwriting files at arbitrary locations on the host system...

8.2CVSS7.2AI score0.00514EPSS
Exploits1References4Affected Software2
Veracode
Veracode
•added 2025/03/26 11:13 a.m.•13 views

Sensitive Information Disclosure

LiteLLM is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper error handling due to an issue in proxyserver.py that leaks Langfuse API keys when an error occurs while parsing team settings, potentially exposing full access to stored requests...

7.5CVSS6.8AI score0.00523EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2025/03/26 4:13 a.m.•5 views

Path Traversal

agentscope is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths in the save-workflow and load-workflow functionality, allowing an attacker to read and write arbitrary JSON files on the filesystem...

9.1CVSS7.1AI score0.0091EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2025/03/26 4:10 a.m.•9 views

Arbitrary Code Execution (ACE)

aim is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to the use of an outdated safergetattr function from RestrictedPython, which fails to restrict access to str.formatmap. It allows attackers to read arbitrary object attributes and execute malicious code...

8.1CVSS7.7AI score0.00702EPSS
Exploits1References4Affected Software1
Total number of security vulnerabilities38326