38326 matches found
Denial Of Service (DoS)
litellm is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of multipart boundaries, allowing an attacker to append characters in HTTP requests, leading to excessive resource consumption and service unavailability...
Path Traversal
agentscope is vulnerable to Path Traversal. The vulnerability is due to improper input sanitization, where the /api/file endpoint does not properly validate the path parameter, allowing an attacker to traverse directories and access arbitrary files on the server...
Path Traversal
agentscope is vulnerable to Path traversal. The vulnerability is due to improper input validation in the /delete-workflow endpoint, allowing an attacker to delete arbitrary files outside the intended directory...
Denial Of Service (DoS)
ai.h2o, h2o-core is vulnerable to Denial Of Service DoS. The vulnerability is due to improper input validation of the path parameter in the /3/ImportFiles endpoint, allowing it to reference itself recursively and trigger an infinite loop...
Improper API Key Masking
LiteLLM is vulnerable to improper API key masking. The vulnerability is due to insufficient key redaction in the file litellmlogging.py, allowing an attacker to extract most of the API key and potentially gain unauthorized access to related systems or services...
Improper Authorization
litellm is vulnerable to Improper authorization. The vulnerability is due to improper RBAC implementation, where 'internaluserviewer' users receive an overly privileged API key, allowing privilege escalation to PROXY ADMIN and unauthorized access to admin functionalities...
Denial Of Service (DoS)
Gradio is vulnerable to a Denial of Service DoS. The vulnerability is due to improper file handling due to the dataframe component using pd.readcsv, which accepts compressed files, allowing an attacker to upload a zip bomb that crashes the server...
Deserialization Of Untrusted Data
BentoML is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to unsafe deserialization due to the runner server automatically deserializing input when the args-number parameter is greater than 1, allowing an attacker to execute arbitrary code...
Denial Of Service (DoS)
BentoML is vulnerable to Denial of Service DoS. The vulnerability is due to improper request handling due to the server continuously processing appended characters in a multipart boundary of an HTTP request, leading to excessive resource consumption and service unavailability...
Remote Code Execution (RCE)
vllm is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization due to the AsyncEngineRPCServer using cloudpickle.loads on received messages without sanitization, allowing an attacker to execute arbitrary code by sending malicious pickle data...
Server-Side Request Forgery (SSRF)
composiocore is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of user-supplied URLs in the BROWSERTOOLGOTOPAGE and BROWSERTOOLGETPAGEDETAILS actions, allowing an attacker to trigger SSRF and access arbitrary files on the system...
Cross-Site Scripting (XSS)
github.com/mudler/localai is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user input in the search functionality, allowing the injection and execution of arbitrary JavaScript code...
Remote Code Execution (RCE)
vllm is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization due to the use of pickle.loads without proper input validation, allowing an attacker to execute arbitrary code remotely via a malicious serialized object...
Server Side Request Forgery (SSRF)
composiocore is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient input validation in the /api/actions/execute/WEBTOOLSCRAPEWEBSITECONTENT endpoint, which allows an attacker to manipulate server-side requests and access internal resources...
Denial Of Service (DoS)
ZenML is vulnerable to a Denial of Service DoS. The vulnerability is due to a flaw in multipart request boundary processing, allowing an attacker to trigger an infinite loop and cause excessive resource consumption...
Denial Of Service (DoS)
Gradio is vulnerable to a Denial of Service DoS. The vulnerability is due to the file upload process, which allows an attacker to append a large number of characters to the end of a multipart boundary, causing continuous processing and warnings...
Denial Of Service (DoS)
openwebui is vulnerable to Denial of Service DoS. The vulnerability is due to the application's processing of multipart boundaries without authentication, allowing attackers to manipulate boundary parsing and exhaust system resources...
Authorization Bypass
Next.js is vulnerable to Authorization Bypass. The vulnerability is due to improper handling of the x-middleware-subrequest header, allowing attackers to bypass authorization checks in middleware...
Denial Of Service (DoS)
vllm is vulnerable to Denial of Service DoS. The vulnerability is due to the unconditional use of the Outlines grammar cache in vLLM, which allows arbitrary schema entries to be stored without limits, leading to potential filesystem exhaustion and Denial of Service DoS...
SQL Injection
apacheairflowprovidersmysql is vulnerable to SQL Injection. The vulnerability is due to insufficient input validation and improper sanitization of user-supplied input in the dumpsql and loadsql functions, allowing attackers to inject and execute unintended SQL commands...
Authentication Bypass
fast-jwt is vulnerable to Authentication Bypass. The vulnerability is due to improper validation of the iss claim, allowing an array of strings as a valid issuer, which can be exploited for JWT forgery and authentication bypass attacks...
Remote Code Execution (RCE)
Kedro is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization due to the ShelveStore class using Python's shelve module, which relies on pickle for serialization, allowing attackers to craft malicious payloads that execute arbitrary Python code upon...
Relative Path Traversal
mlflow is vulnerable to Relative Path Traversal. The vulnerability is due to improper URL handling due to the dbfs service concatenating URLs directly into the file protocol, allowing arbitrary file reads when the service is mounted to a local directory...
Denial Of Service (DoS)
quivr-core is vulnerable to Denial Of Service DoS. The vulnerability is due to improper request handling due to the file upload feature allowing unauthenticated attackers to append characters to a multipart boundary in an HTTP request, causing excessive resource consumption and rendering the...
Remote Code Execution (RCE)
vllm is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization exposed over ZMQ/TCP on all network interfaces when vLLM is configured to use Mooncake, allowing an attacker to execute arbitrary code on distributed hosts...
Cart Manipulation
sylius/paypal-plugin is vulnerable to cart manipulation. The vulnerability is due to improper order validation and enforcement after PayPal payment authorization, allowing users to alter their cart contents before finalizing the order...
Denial Of Service (DoS)
github.com/getkin/kin-openapi is vulnerable to Denial Of Service DoS. The vulnerability is due to the ZipFileBodyDecoder being automatically registered by the module, contrary to the documentation, allowing attackers to upload malicious ZIP files and cause excessive memory usage...
Cross-Site Scripting (XSS)
clickstorm/cs-seo is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper encoding of user input in the TYPO3 backend user interface, allowing a logged-in backend user to inject malicious scripts...
Credentials Exposure
github.com/openshift/hive is vulnerable to credential exposure. The vulnerability is due to improper handling of sensitive credentials, allowing them to be stored in the ClusterProvision object instead of being securely managed within Kubernetes Secrets...
Denial Of Service
github.com/expr-lang/expr is vulnerable to Denial of Service. The vulnerability is due to the absence of input size restrictions, allowing the parser to process arbitrarily large expressions...
Regular Expression Denial Of Service (ReDoS)
Uptime Kuma is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to catastrophic backtracking in the regular expression when processing user-provided strings for notifications, allowing an attacker to cause a denial of service with a specially crafted string...
Privilege Escalation
github.com/containerd/containerd is vulnerable to Privilege Escalation. The vulnerability is due to an integer overflow and improper handling of UID:GID values larger than the maximum 32-bit signed integer, allowing containers to run as root UID 0...
Uncontrolled Recursion
Square Wire is vulnerable to Uncontrolled Recursion. The vulnerability is due to uncontrolled recursion depth due to the lack of a recursion limit on nested groups in ByteArrayProtoReader32.kt and ProtoReader.kt, which can lead to excessive resource consumption or stack overflow...
Cross-site Scripting (XSS)
Contao is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper file validation due to users being able to upload SVG files containing malicious code, which can be executed in the back end and/or front end...
Regular Expression Denial Of Service (ReDoS)
jsPDF is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to improper input validation due to user-controlled arguments in the addImage, html, and addSvgAsImage methods allowing the use of harmful data URLs, leading to high CPU utilization and service disruption...
Cross-site Scripting (XSS)
codingms/additional-tca is vulnerable to cross-site scripting XSS. The vulnerability is due to improper input encoding due to a logged-in backend user being able to inject HTML content through the TYPO3 backend user interface, leading to potential XSS attacks...
Information Disclosure
github.com/metal3-io/baremetal-operator is vulnerable to Information Disclosure. The vulnerability is due to improper access control, allows an attacker to access and exfiltrate Secrets from unauthorized namespaces by creating a BMCEventSubscription in a controlled namespace...
Unintended Secret Exposure
github.com/docker/buildx is vulnerable to unintended secret exposure. The vulnerability is due to improper handling of sensitive data in OpenTelemetry traces and BuildKit daemon's history records, that allows an attacker to access sensitive secrets by extracting them...
Payment Manipulation
Sylius PayPal Plugin is vulnerable to Payment Manipulation. The vulnerability is due to PayPal not receiving updated totals after item quantity changes, allowing attackers to pay less than the actual order value, causing financial losses for merchants...
Privilege Escalation
camaleoncms is vulnerable to Privilege Escalation. The vulnerability is due to the use of the dangerous permit! method through mass assignment, which allows all parameters to pass through without filtering...
Unauthorised Access
k8s.io/kubernetes is vulnerable to Unauthorized Access. The vulnerability is due to improper isolation of gitRepo volumes, which allows users with pod creation permissions to access git repositories from other pods on the same node...
Arbitrary File Upload
flowise is vulnerable to Arbitrary File Upload. The vulnerability is due to lack of access control in the whitelisted route /api/v1/attachments, allowing an unauthorized attacker to upload arbitrary files when storageType is set to local default...
Denial Of Service (DoS)
github.com/cosmos/cosmos-sdk is vulnerable to Denial of Service. The vulnerability is due to improper proposal handling due to malicious proposals triggering errors in the module's end blocker, potentially resulting in a chain halt...
Improper Validation Of Array Index
github.com/onosproject/onos-lib-go is vulnerable to Improper Validation of Array Index. The vulnerability is due to an index out-of-range error in the GetBitString function. An attacker can cause a denial of service by sending crafted input that specifies a zero value for numBits...
XML Signature Bypass
xml-crypto is vulnerable to an XML Signature Bypass. The vulnerability is due to improper validation of signed XML structures, allowing an attacker to modify a signed XML message while still passing signature verification checks...
XML Signature Manipulation
xml-crypto is vulnerable to an XML signature manipulation. The vulnerability is due to improper validation of signed XML documents, which allows an attacker to modify a signed XML message while still passing signature verification checks...
Cross-site Scripting (XSS)
modx/revolution is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper file validation due to authenticated users being able to upload SVG files containing malicious JavaScript, which executes in victims' browsers when viewing the profile image...
Arbitrary Command Injection
k8s.io/kubernetes is vulnerable to Arbitrary Command Injection. The vulnerability is due to improper endpoint access control due to the ability of a user to execute arbitrary commands on the host by querying a node's /logs endpoint...
Denial Of Service (DoS)
Azle is vulnerable to a Denial Of Service DoS. The vulnerability is due to an infinite loop of timers triggered by the setTimer function, leading to continuous execution and resource exhaustion, which can render the canister unresponsive...
Arbitrary Code Execution (ACE)
Qiskit is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to unsafe deserialization in the qiskit.qpy.load function, which allows a maliciously crafted QPY file to execute embedded Python code without privilege escalation...