Denial Of Service (DoS)

Libming is vulnerable to Denial Of Service DoS. The vulnerability is due to improper memory management due to the parseSWFEXPORTASSETS function in util/parser.c failing to release allocated memory, potentially leading to a denial of service...

Denial Of Service (DoS)

Libming is vulnerable to Denial Of Service DoS. The vulnerability is due to improper memory management due to the parseSWFDEFINESCENEANDFRAMEDATA function in util/parser.c failing to release allocated memory, allowing attackers to cause a denial of service via a crafted SWF file...

Variable Reuse In Cached Queries

@graphql-mesh/runtime is vulnerable to variable reuse in cached queries. The vulnerability is due to the LRU-based cache retention of DocumentNode, which prevents updated variables, including authentication tokens, from being applied in subsequent requests. It allows an attacker to force a victim...

Denial Of Service (DoS)

github.com/treeverse/lakefs is vulnerable to Denial Of Service DoS. The vulnerability is due to improper memory management in handling pre-signed multipart upload requests, allowing an attacker to crash the server and disrupt availability...

Denial Of Service (DoS)

Libming is vulnerable to Denial Of Service DoS. The vulnerability is due to memory leaks in the clip actions parsing functions and by missing proper memory deallocation in parseSWFCLIPACTIONS and parseSWFCLIPACTIONRECORD when processing crafted SWF files, allowing an attacker to exhaust system...

Denial Of Service (DoS)

libming.so is vulnerable to Denial Of Service DoS. The vulnerability is due to a memory leak in the parseSWFFILTERLIST function in util/parser.c and by improper memory management when processing crafted SWF files, allowing attackers to exhaust system memory and trigger a denial of service...

Denial Of Service (DoS)

Libming is vulnerable to Denial Of Service DoS. The vulnerability is due to improper memory management due to the parseSWFSOUNDINFO function in util/parser.c failing to release allocated memory, allowing attackers to cause a denial of service via a crafted SWF file...

Authentication Bypass

github.com/hashicorp-forge/hermes is vulnerable to Authentication Bypass. The vulnerability is due to improper validation of JWT when using the AWS ALB authentication mode, potentially allowing an authentication bypass attack...

Denial Of Service (DoS)

Libming is vulnerable to Denial Of Service DoS. The vulnerability is due to improper memory management due to the readSizedString function in util/read.c failing to release allocated memory, allowing attackers to cause a denial of service via a crafted file...

Cross-site Scripting (XSS)

Keycloak is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input validation due to a privileged attacker being able to inject a malicious payload as the permission while creating items Resource and Permissions from the admin console...

Improper Access Control

org.keycloak, keycloak-services is vulnerable to Improper Access Control. The vulnerability is due to improper user-organization mapping due to matching usernames or emails with an organization’s domain pattern at the mapper level, allows an attacker to bypass authorization and escalate privilege...

Cross-Site Scripting (XSS)

@ckeditor/ckeditor5-real-time-collaboration is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of user markers in the real-time collaboration package, which can allow unauthorized JavaScript execution in certain editor and token endpoint configurations...

Hash Collision Attack

tech.kwik, kwik is vulnerable to Hash collision attack. The vulnerability is due to a hash collision in the connection management hash table, allowing remote attackers to cause high CPU load via colliding Source Connection IDs SCIDs...

Information Disclosure

autoqueryable is vulnerable to Information Disclosure. The vulnerability is due to insufficient restrictions on the Unselectable function, allowing a remote attacker to obtain sensitive information...

Reflected Cross-site Scripting (XSS)

github.com/oxyno-zeta/s3-proxy is vulnerable to Reflected Cross-site Scripting XSS. The vulnerability is due to improper input sanitization in the folder-list template, allowing attackers to inject malicious scripts through the Request.URL.Path variable...

Authorization Bypass

OpenFGA is vulnerable to Authorization Bypass. The vulnerability is due to improper handling of access control rules and is caused by a misconfiguration where a relation is assignable to both public access and a userset of the same type, allowing unintended access...

Authentication Bypass

CIE.AspNetCore.Authentication is vulnerable to Authentication Bypass. The vulnerability is due to improper signature validation due to a flaw in the handling of SAML assertions, allowing an attacker to inject a signed element that bypasses verification and enables impersonation of any Spid or CIE...

NULL Pointer Dereference

libxml2 is vulnerable to a NULL Pointer Dereference. The vulnerability is due to improper handling of pattern matching due to a flaw in xmlPatMatch in pattern.c, which can lead to a crash when processing certain XML data...

Use After Free

libxml2 and nokogiri are vulnerable to a Use-After-Free. The vulnerability is due to improper memory handling due to a flaw in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c, which can be exploited when a crafted XML document is validated against an XML schema with...

Stack-based Buffer Overflow

libxml2 and nokogiri are vulnerable to a Stack-based Buffer Overflow. The vulnerability is due to improper input validation due to a flaw in xmlSnprintfElements in valid.c, which can be exploited when DTD validation occurs for an untrusted document or untrusted DTD...

Script Injection

smartbanner.jss is vulnerable to Script Injection. The vulnerability is due to window.opener being accessible to third-party pages when users click the View link, allowing attackers to manipulate the original page via redirection or script injection...

Race Condition

Duende.AccessTokenManagement is vulnerable to a Race condition. The vulnerability is due to improper synchronization in access token retrieval, allowing an attacker to obtain a token with incorrect scopes or resource indicators, potentially leading to unauthorized access...

Improper Access Control

Directus is vulnerable to Improper Access Control. The vulnerability is due to improper evaluation of field-level access permissions when multiple overlapping update policies apply, allowing users to update a superset of fields rather than only those permitted for a specific item...

Server-side Request Forgery

github.com/bishopfox/sliver is vulnerable to Server-side Request Forgery. The vulnerability is due to improper authorization and lack of validation in the Sliver teamserver's reverse port forwarding mechanism, which allows the implant to open a reverse tunnel without operator instruction...

Man-in-the-middle(MitM) Attack

homeassistant is vulnerable to Man-in-the-middleMitM Attack. The vulnerability is due to missing SSL certificate verification and improper migration of the verifyssl parameter to the ssl parameter in aiohttp, which unintentionally disabled SSL verification, allows an attacker to intercept and...

SAML Signature Validation Bypass

SPID.AspNetCore.Authentication is vulnerable to SAML signature validation bypass. The vulnerability is due to the lack of strict validation of the relationship between the signature and the signed object, allowing an attacker to inject a signed XML element and impersonate any SPID or CIE user...

Brute-force Attack

github.com/authelia/authelia is vulnerable to Brute-force attacks. The vulnerability is due to the regulation system counting username and email logins separately, which increases the number of allowed attempts for an attacker...

Denial Of Service

GitLab is vulnerable to Denial of Service DoS. The vulnerability is due to the server failing to safely process maliciously crafted files, and attackers can exploit this to consume excessive resources and disrupt the availability of the service...

Regular Expression Denial Of Service

GitLab is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient input validation due to the processing logic for generating links in dependency files using vulnerable regular expressions, and attackers can exploit this by submitting specially crafted...

Information Disclosure

github.com/mattermost/mattermost-server is vulnerable to Information Disclosure. The vulnerability is due to failing to filter out DMs from the deleted channels endpoint, allowing an attacker to infer user IDs and other metadata from deleted DMs if they were manually marked as deleted in the...

Remote Code Execution (RCE)

jsonpath-plus is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper input sanitization, specifically because of the unsafe default usage of eval='safe' mode, which allows an attacker to execute arbitrary code on the system...

Heap-based Buffer Over-read

libarchive.so is vulnerable to a Heap-based buffer over-read. The vulnerability is due to improper handling of truncated GNU long linknames in headergnulonglink, allowing an attacker to read out-of-bounds memory, potentially causing information disclosure or application crashes...

Regular Expression Denial Of Service (ReDoS)

@octokit/request is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to an unbounded regular expression match, allowing an attacker to send a malicious link header, leading to excessive CPU usage and potential server unresponsiveness...

Remote Code Execution (RCE)

Apache Ignite is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper deserialization due to the configured Class Serialization Filters being ignored for some Ignite endpoints, allowing an attacker to send a maliciously crafted message that executes arbitrary code on the...

Denial Of Service (DoS)

Keylime is vulnerable to Denial-of-Service DoS. The vulnerability is due to improper handling of database entries due to stricter type checking, which prevents previously stored data from being processed, leading to application failure when querying attacker-populated entries...

Cross-site Scripting (XSS)

Vega and vega-selections are vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper function invocation due to the vlSelectionTuples function allowing attacker-controlled input to execute arbitrary JavaScript via Function, leading to potential code execution...

Server Side Request Forgery (SSRF)

labelstudio is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to the lack of proper validation or restrictions on the custom S3 endpoint URL, allowing an attacker to send HTTP requests to arbitrary internal services by specifying them as the S3 endpoint...

Cross-Site Scripting (XSS)

labelstudio is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user-provided HTML content in the /projects/upload-example endpoint, allowing attackers to inject malicious JavaScript via a specially crafted labelconfig query parameter in a GET request...

Path Traversal

labelstudiosdk is vulnerable to Path Traversal. The vulnerability is due to improper file path validation in the VOC, COCO, and YOLO export functionalities, where the download function in the label-studio-sdk package fails to properly validate file paths during task exports, allowing attackers to...

Regular Expression Denial Of Service (ReDoS)

@octokit/plugin-paginate-rest is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to improper handling of the link parameter in the headers section of the request, which allows a specially crafted input to exploit the regular expression logic and trigger a denial...

Mutation Cross-site Scripting (mXSS)

DOMPurify is vulnerable to mutation cross-site scripting mXSS. The vulnerability is due to an incorrect template literal regular expression in DOMPurify, allows an attacker to execute mutation cross-site scripting mXSS...

Cross-Site Scripting (XSS)

alextselegidis/easyappointments is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper handling of the legalsettings parameter, which allows a remote attacker to execute arbitrary code...

Regular Expression Denial-of-Service (ReDoS)

@octokit/endpoint is vulnerable to Regular Expression Denial-of-Service ReDoS. The vulnerability is due to inefficient regex processing due to the endpoint.parseoptions function allowing crafted input to trigger excessive backtracking, leading to high CPU utilization and application hang...

Regular Expression Denial Of Service (ReDoS)

@octokit/request-error is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression processing in the handling of HTTP request headers. Specifically, the regex used to process authorization headers fails to handle excessive whitespace...

Memory Leakage

go-crypto-winnative is vulnerable to a Memory Leakage. The vulnerability is due to improper resource management due to failure to release the key handle in cng.TLS1PRF, causing a small memory leak on each call...

Log Injection

Rack is vulnerable to Log Injection. The vulnerability is due to improper handling of user input in Rack::CommonLogger, which allows attackers to inject newline characters into log entries by crafting a username with CRLF and whitespace characters, potentially manipulating the log format or...

Denial Of Service (DoS)

parse-duration is vulnerable to Denial Of Service DoS. The vulnerability is due to CPU-bound operations that resolve a provided string, causing delays of 0.5ms to 50ms per operation and crashes due to memory exhaustion when the string size reaches approximately 10 MB with Unicode characters, allo...

Information Disclosure

Elliptic is vulnerable to Information Disclosure. The vulnerability is due to inadequate input validation in the ECDSA signing process. Specifically, the system accepts malformed inputs like strings or numbers without proper checks, which allows an attacker to craft input that can lead to the...

Remote Code Execution (RCE)

islandora/crayfish is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient input validation and lack of proper access controls in the web-accessible installation of Hypercube, allow attackers to inject and execute arbitrary code remotely...

Improper Authorization

magento/community-edition and magento/project-community-edition are vulnerable to Improper Authorization. The vulnerability is due to insufficient access controls due to improper authorization enforcement, allowing an attacker to bypass security measures and escalate privileges, potentially leadi...