Lucene search
K
VeracodeRecent

38326 matches found

Veracode
Veracode
•added 2025/03/26 4:6 a.m.•8 views

Denial Of Service (DoS)

litellm is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of multipart boundaries, allowing an attacker to append characters in HTTP requests, leading to excessive resource consumption and service unavailability...

7.5CVSS7AI score0.00792EPSS
Exploits1References5Affected Software1
Veracode
Veracode
•added 2025/03/26 3:50 a.m.•11 views

Path Traversal

agentscope is vulnerable to Path Traversal. The vulnerability is due to improper input sanitization, where the /api/file endpoint does not properly validate the path parameter, allowing an attacker to traverse directories and access arbitrary files on the server...

7.5CVSS7.1AI score0.00713EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2025/03/26 12:40 a.m.•7 views

Path Traversal

agentscope is vulnerable to Path traversal. The vulnerability is due to improper input validation in the /delete-workflow endpoint, allowing an attacker to delete arbitrary files outside the intended directory...

9.1CVSS7.1AI score0.00953EPSS
Exploits1References6Affected Software1
Veracode
Veracode
•added 2025/03/26 12:39 a.m.•11 views

Denial Of Service (DoS)

ai.h2o, h2o-core is vulnerable to Denial Of Service DoS. The vulnerability is due to improper input validation of the path parameter in the /3/ImportFiles endpoint, allowing it to reference itself recursively and trigger an infinite loop...

7.5CVSS7AI score0.00727EPSS
Exploits1References4Affected Software2
Veracode
Veracode
•added 2025/03/26 12:38 a.m.•14 views

Improper API Key Masking

LiteLLM is vulnerable to improper API key masking. The vulnerability is due to insufficient key redaction in the file litellmlogging.py, allowing an attacker to extract most of the API key and potentially gain unauthorized access to related systems or services...

7.5CVSS7.2AI score0.00708EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2025/03/26 12:37 a.m.•10 views

Improper Authorization

litellm is vulnerable to Improper authorization. The vulnerability is due to improper RBAC implementation, where 'internaluserviewer' users receive an overly privileged API key, allowing privilege escalation to PROXY ADMIN and unauthorized access to admin functionalities...

8.1CVSS7.3AI score0.00315EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/03/25 12:29 p.m.•7 views

Denial Of Service (DoS)

Gradio is vulnerable to a Denial of Service DoS. The vulnerability is due to improper file handling due to the dataframe component using pd.readcsv, which accepts compressed files, allowing an attacker to upload a zip bomb that crashes the server...

7.5CVSS7AI score0.0061EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2025/03/25 12:14 p.m.•4 views

Deserialization Of Untrusted Data

BentoML is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to unsafe deserialization due to the runner server automatically deserializing input when the args-number parameter is greater than 1, allowing an attacker to execute arbitrary code...

9.8CVSS7.8AI score0.00846EPSS
Exploits2References5Affected Software1
Veracode
Veracode
•added 2025/03/25 12:2 p.m.•5 views

Denial Of Service (DoS)

BentoML is vulnerable to Denial of Service DoS. The vulnerability is due to improper request handling due to the server continuously processing appended characters in a multipart boundary of an HTTP request, leading to excessive resource consumption and service unavailability...

7.5CVSS7AI score0.00664EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2025/03/25 11:52 a.m.•7 views

Remote Code Execution (RCE)

vllm is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization due to the AsyncEngineRPCServer using cloudpickle.loads on received messages without sanitization, allowing an attacker to execute arbitrary code by sending malicious pickle data...

9.8CVSS8.2AI score0.01274EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2025/03/25 5:56 a.m.•4 views

Server-Side Request Forgery (SSRF)

composiocore is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of user-supplied URLs in the BROWSERTOOLGOTOPAGE and BROWSERTOOLGETPAGEDETAILS actions, allowing an attacker to trigger SSRF and access arbitrary files on the system...

7.5CVSS7.2AI score0.00679EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2025/03/25 5:11 a.m.•8 views

Cross-Site Scripting (XSS)

github.com/mudler/localai is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user input in the search functionality, allowing the injection and execution of arbitrary JavaScript code...

6.1CVSS6.8AI score0.00491EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2025/03/25 4:46 a.m.•6 views

Remote Code Execution (RCE)

vllm is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization due to the use of pickle.loads without proper input validation, allowing an attacker to execute arbitrary code remotely via a malicious serialized object...

8.6AI score
Exploits0References6Affected Software1
Veracode
Veracode
•added 2025/03/25 4:32 a.m.•12 views

Server Side Request Forgery (SSRF)

composiocore is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient input validation in the /api/actions/execute/WEBTOOLSCRAPEWEBSITECONTENT endpoint, which allows an attacker to manipulate server-side requests and access internal resources...

7.5CVSS7AI score0.00671EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2025/03/25 3:33 a.m.•11 views

Denial Of Service (DoS)

ZenML is vulnerable to a Denial of Service DoS. The vulnerability is due to a flaw in multipart request boundary processing, allowing an attacker to trigger an infinite loop and cause excessive resource consumption...

7.5CVSS6.9AI score0.00896EPSS
Exploits1References5Affected Software1
Veracode
Veracode
•added 2025/03/25 3:33 a.m.•7 views

Denial Of Service (DoS)

Gradio is vulnerable to a Denial of Service DoS. The vulnerability is due to the file upload process, which allows an attacker to append a large number of characters to the end of a multipart boundary, causing continuous processing and warnings...

7.5CVSS7AI score0.00744EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2025/03/25 3:31 a.m.•10 views

Denial Of Service (DoS)

openwebui is vulnerable to Denial of Service DoS. The vulnerability is due to the application's processing of multipart boundaries without authentication, allowing attackers to manipulate boundary parsing and exhaust system resources...

7AI score
Exploits0References2Affected Software2
Veracode
Veracode
•added 2025/03/24 2:12 p.m.•15 views

Authorization Bypass

Next.js is vulnerable to Authorization Bypass. The vulnerability is due to improper handling of the x-middleware-subrequest header, allowing attackers to bypass authorization checks in middleware...

9.1CVSS7AI score0.99621EPSS
Exploits58References9Affected Software1
Veracode
Veracode
•added 2025/03/24 8:34 a.m.•10 views

Denial Of Service (DoS)

vllm is vulnerable to Denial of Service DoS. The vulnerability is due to the unconditional use of the Outlines grammar cache in vLLM, which allows arbitrary schema entries to be stored without limits, leading to potential filesystem exhaustion and Denial of Service DoS...

6.5CVSS6.9AI score0.00421EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2025/03/24 7:48 a.m.•11 views

SQL Injection

apacheairflowprovidersmysql is vulnerable to SQL Injection. The vulnerability is due to insufficient input validation and improper sanitization of user-supplied input in the dumpsql and loadsql functions, allowing attackers to inject and execute unintended SQL commands...

6.3CVSS7.8AI score0.00797EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2025/03/24 7:6 a.m.•12 views

Authentication Bypass

fast-jwt is vulnerable to Authentication Bypass. The vulnerability is due to improper validation of the iss claim, allowing an array of strings as a valid issuer, which can be exploited for JWT forgery and authentication bypass attacks...

6.5CVSS7.4AI score0.00519EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/03/24 6:13 a.m.•8 views

Remote Code Execution (RCE)

Kedro is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization due to the ShelveStore class using Python's shelve module, which relies on pickle for serialization, allowing attackers to craft malicious payloads that execute arbitrary Python code upon...

9.8CVSS8.5AI score0.01035EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/03/24 5:53 a.m.•5 views

Relative Path Traversal

mlflow is vulnerable to Relative Path Traversal. The vulnerability is due to improper URL handling due to the dbfs service concatenating URLs directly into the file protocol, allowing arbitrary file reads when the service is mounted to a local directory...

7.5CVSS7AI score0.02504EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2025/03/24 4:20 a.m.•7 views

Denial Of Service (DoS)

quivr-core is vulnerable to Denial Of Service DoS. The vulnerability is due to improper request handling due to the file upload feature allowing unauthenticated attackers to append characters to a multipart boundary in an HTTP request, causing excessive resource consumption and rendering the...

7.5CVSS7.2AI score0.00701EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/03/24 3:58 a.m.•22 views

Remote Code Execution (RCE)

vllm is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization exposed over ZMQ/TCP on all network interfaces when vLLM is configured to use Mooncake, allowing an attacker to execute arbitrary code on distributed hosts...

9CVSS8.6AI score0.0082EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2025/03/24 3:55 a.m.•10 views

Cart Manipulation

sylius/paypal-plugin is vulnerable to cart manipulation. The vulnerability is due to improper order validation and enforcement after PayPal payment authorization, allowing users to alter their cart contents before finalizing the order...

6.5CVSS7AI score0.00323EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/03/24 3:53 a.m.•7 views

Denial Of Service (DoS)

github.com/getkin/kin-openapi is vulnerable to Denial Of Service DoS. The vulnerability is due to the ZipFileBodyDecoder being automatically registered by the module, contrary to the documentation, allowing attackers to upload malicious ZIP files and cause excessive memory usage...

7.5CVSS7.1AI score0.00497EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2025/03/24 3:44 a.m.•5 views

Cross-Site Scripting (XSS)

clickstorm/cs-seo is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper encoding of user input in the TYPO3 backend user interface, allowing a logged-in backend user to inject malicious scripts...

6.4AI score0.00558EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/03/21 9:28 a.m.•9 views

Credentials Exposure

github.com/openshift/hive is vulnerable to credential exposure. The vulnerability is due to improper handling of sensitive credentials, allowing them to be stored in the ClusterProvision object instead of being securely managed within Kubernetes Secrets...

8.2CVSS6.3AI score0.00452EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/03/21 9:11 a.m.•5 views

Denial Of Service

github.com/expr-lang/expr is vulnerable to Denial of Service. The vulnerability is due to the absence of input size restrictions, allowing the parser to process arbitrarily large expressions...

7.5CVSS6.6AI score0.00577EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/03/21 8:44 a.m.•5 views

Regular Expression Denial Of Service (ReDoS)

Uptime Kuma is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to catastrophic backtracking in the regular expression when processing user-provided strings for notifications, allowing an attacker to cause a denial of service with a specially crafted string...

6CVSS6.9AI score0.00366EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/03/21 8:28 a.m.•9 views

Privilege Escalation

github.com/containerd/containerd is vulnerable to Privilege Escalation. The vulnerability is due to an integer overflow and improper handling of UID:GID values larger than the maximum 32-bit signed integer, allowing containers to run as root UID 0...

7.8CVSS6.9AI score0.00275EPSS
Exploits1References6Affected Software1
Veracode
Veracode
•added 2025/03/21 5:4 a.m.•12 views

Uncontrolled Recursion

Square Wire is vulnerable to Uncontrolled Recursion. The vulnerability is due to uncontrolled recursion depth due to the lack of a recursion limit on nested groups in ByteArrayProtoReader32.kt and ProtoReader.kt, which can lead to excessive resource consumption or stack overflow...

5.8CVSS6.6AI score0.00415EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/03/21 4:48 a.m.•6 views

Cross-site Scripting (XSS)

Contao is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper file validation due to users being able to upload SVG files containing malicious code, which can be executed in the back end and/or front end...

5.4CVSS6.2AI score0.00203EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/03/21 4:34 a.m.•17 views

Regular Expression Denial Of Service (ReDoS)

jsPDF is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to improper input validation due to user-controlled arguments in the addImage, html, and addSvgAsImage methods allowing the use of harmful data URLs, leading to high CPU utilization and service disruption...

8.7CVSS6.6AI score0.00646EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2025/03/21 4:22 a.m.•8 views

Cross-site Scripting (XSS)

codingms/additional-tca is vulnerable to cross-site scripting XSS. The vulnerability is due to improper input encoding due to a logged-in backend user being able to inject HTML content through the TYPO3 backend user interface, leading to potential XSS attacks...

5.5AI score0.0036EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2025/03/21 2:34 a.m.•7 views

Information Disclosure

github.com/metal3-io/baremetal-operator is vulnerable to Information Disclosure. The vulnerability is due to improper access control, allows an attacker to access and exfiltrate Secrets from unauthorized namespaces by creating a BMCEventSubscription in a controlled namespace...

6.5CVSS6.9AI score0.00169EPSS
Exploits0References7Affected Software2
Veracode
Veracode
•added 2025/03/21 2:33 a.m.•13 views

Unintended Secret Exposure

github.com/docker/buildx is vulnerable to unintended secret exposure. The vulnerability is due to improper handling of sensitive data in OpenTelemetry traces and BuildKit daemon's history records, that allows an attacker to access sensitive secrets by extracting them...

4.1CVSS6.4AI score0.0018EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2025/03/21 2:32 a.m.•9 views

Payment Manipulation

Sylius PayPal Plugin is vulnerable to Payment Manipulation. The vulnerability is due to PayPal not receiving updated totals after item quantity changes, allowing attackers to pay less than the actual order value, causing financial losses for merchants...

6.5CVSS6.6AI score0.00464EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2025/03/21 2:31 a.m.•15 views

Privilege Escalation

camaleoncms is vulnerable to Privilege Escalation. The vulnerability is due to the use of the dangerous permit! method through mass assignment, which allows all parameters to pass through without filtering...

9.4CVSS6.7AI score0.00566EPSS
Exploits16References7Affected Software1
Veracode
Veracode
•added 2025/03/20 10:32 a.m.•10 views

Unauthorised Access

k8s.io/kubernetes is vulnerable to Unauthorized Access. The vulnerability is due to improper isolation of gitRepo volumes, which allows users with pod creation permissions to access git repositories from other pods on the same node...

6.5CVSS6.5AI score0.00516EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2025/03/20 10:28 a.m.•8 views

Arbitrary File Upload

flowise is vulnerable to Arbitrary File Upload. The vulnerability is due to lack of access control in the whitelisted route /api/v1/attachments, allowing an unauthorized attacker to upload arbitrary files when storageType is set to local default...

7AI score
Exploits0
Veracode
Veracode
•added 2025/03/20 10:8 a.m.•8 views

Denial Of Service (DoS)

github.com/cosmos/cosmos-sdk is vulnerable to Denial of Service. The vulnerability is due to improper proposal handling due to malicious proposals triggering errors in the module's end blocker, potentially resulting in a chain halt...

7AI score
Exploits0
Veracode
Veracode
•added 2025/03/20 9:27 a.m.•9 views

Improper Validation Of Array Index

github.com/onosproject/onos-lib-go is vulnerable to Improper Validation of Array Index. The vulnerability is due to an index out-of-range error in the GetBitString function. An attacker can cause a denial of service by sending crafted input that specifies a zero value for numBits...

6.2CVSS6.6AI score0.0015EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/03/20 8:31 a.m.•10 views

XML Signature Bypass

xml-crypto is vulnerable to an XML Signature Bypass. The vulnerability is due to improper validation of signed XML structures, allowing an attacker to modify a signed XML message while still passing signature verification checks...

9.3CVSS6.5AI score0.09378EPSS
Exploits1References8Affected Software1
Veracode
Veracode
•added 2025/03/20 8:6 a.m.•11 views

XML Signature Manipulation

xml-crypto is vulnerable to an XML signature manipulation. The vulnerability is due to improper validation of signed XML documents, which allows an attacker to modify a signed XML message while still passing signature verification checks...

9.3CVSS6.5AI score0.0905EPSS
Exploits0References9Affected Software1
Veracode
Veracode
•added 2025/03/20 7:43 a.m.•22 views

Cross-site Scripting (XSS)

modx/revolution is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper file validation due to authenticated users being able to upload SVG files containing malicious JavaScript, which executes in victims' browsers when viewing the profile image...

5.4CVSS6AI score0.00234EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2025/03/20 7:11 a.m.•4 views

Arbitrary Command Injection

k8s.io/kubernetes is vulnerable to Arbitrary Command Injection. The vulnerability is due to improper endpoint access control due to the ability of a user to execute arbitrary commands on the host by querying a node's /logs endpoint...

5.9CVSS6.6AI score0.01394EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2025/03/20 4:39 a.m.•9 views

Denial Of Service (DoS)

Azle is vulnerable to a Denial Of Service DoS. The vulnerability is due to an infinite loop of timers triggered by the setTimer function, leading to continuous execution and resource exhaustion, which can render the canister unresponsive...

8.7CVSS6.7AI score0.00349EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/03/20 4:37 a.m.•80 views

Arbitrary Code Execution (ACE)

Qiskit is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to unsafe deserialization in the qiskit.qpy.load function, which allows a maliciously crafted QPY file to execute embedded Python code without privilege escalation...

9.8CVSS7.5AI score0.00741EPSS
Exploits0References4Affected Software2
Total number of security vulnerabilities38326