38326 matches found
Timing Side-channel Attacks
postquantumfeldmanvss is vulnerable to Timing side-channel attacks. The vulnerability is due to Python's non-constant-time execution model, which causes execution time variations in the findsecurepivot and securematrixsolve functions, allowing attackers to infer secret information through precise...
Deserialization Of Untrusted Data
github.com/cosmos/ibc-go is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to improper deserialization due to non-deterministic behavior when processing acknowledgments, which can halt the chain if exploited by a user opening an IBC channel...
Remote Code Execution (RCE)
graphql-ruby is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe schema loading due to the ability to execute arbitrary code when processing a malicious schema definition using GraphQL::Schema.fromintrospection or GraphQL::Schema::Loader.load from an untrusted source...
Out-of-bounds Read
JSON is vulnerable to an out-of-bounds read. The vulnerability is due to improper handling of specially crafted JSON documents, allowing an attacker to cause a crash or leak sensitive memory contents...
Information Disclosure
net.snowflake, snowflake-jdbc is vulnerable to Information Disclosure. The vulnerability is due to improper logging practices due to the Driver logging the client-side encryption master key locally when the logging level is set to DEBUG during GET/PUT commands, allowing an attacker to retrieve th...
Improper Verification Of Cryptographic Signature
net.i2p.crypto, eddsa, net.i2p, i2p is vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is due to the implementation not satisfying the SUF-CMA property, allowing an attacker to forge alternative valid signatures for a known message...
Denial Of Service
IBC-Go is vulnerable to Denial Of Service. The vulnerability is due to improper handling of JSON unmarshalling for IBC Acknowledgements, allows an attacker to trigger a denial-of-service DoS condition and leads to non-deterministic behavior that can halt the chain...
Authentication Bypass
ruby-saml is vulnerable to Authentication Bypass. The vulnerability is due to inconsistent XML parsing due to differences between ReXML and Nokogiri, allowing attackers to execute a Signature Wrapping attack that can bypass authentication...
Use Of A Cryptographic Primitive With A Risky Implementation
postquantumfeldmanvss is vulnerable to Use of a Cryptographic Primitive with a Risky Implementation. The vulnerability is due to ineffective redundancy checks and timing leaks, allowing an attacker to bypass security mechanisms, extract secret polynomial coefficients, and manipulate commitment...
Cross-Site Scripting (XSS)
@jitbit/htmlsanitizer is vulnerable to cross-site scripting. The vulnerability is due to improper sanitization caused by the code beautifier running after sanitation when used with a contentEditable element, allows an attacker to inject and execute malicious scripts in a victim’s browser...
Information Disclosure
parse-git-config is vulnerable to information disclosure. The vulnerability is due to improper handling of key expansion in the expandKeys function, allows an attacker to obtain sensitive information...
Local Code Execution (LCE)
XPixelGroup BasicSR is vulnerable to local code execution. The vulnerability is due to improper handling of a crafted SLURMNODELIST environment variable when executing "scontrol show hostname", allowing crafted input to influence command execution...
Remote Code Execution (RCE)
github.com/plentico/plenti is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of user-supplied file names in the /postLocal endpoint, allowing arbitrary JavaScript execution...
Authentication Bypass
ruby-saml is vulnerable to Authentication Bypass. The vulnerability is due to a parser differential between ReXML and Nokogiri, allowing an attacker to execute a Signature Wrapping attack and potentially gain unauthorized access...
Out-of-Memory (OOM)
io.smallrye, smallrye-fault-tolerance-core is vulnerable to an out-of-memory OOM. The vulnerability is due to uncontrolled object creation in meterMap when calling the metrics URI, allowing an attacker to trigger excessive memory consumption and cause a denial of service DoS condition...
Cross-Site Scripting (XSS)
org.apache.felix, org.apache.felix.http.webconsoleplugin is vulnerable to cross-site scripting XSS. The vulnerability is due to improper neutralization of user input during web page generation, allowing an attacker to inject and execute malicious scripts in a victim’s browser through improperly...
Information Disclosure
org.apache.nifi, nifi-mongodb-services is vulnerable to information disclosure. The vulnerability is due to the inclusion of MongoDB authentication credentials in NiFi provenance event records, allowing authorized users to access sensitive information...
Session Hijacking
flarum/core is vulnerable to Session Hijacking. The vulnerability is due to improper scoping of cookies, allowing an attacker-controlled subdomain to set cookies for the parent domain...
Improper Hostname Validation
golang.org/x/net is vulnerable to improper hostname validation. The vulnerability is due to improper handling of IPv6 zone IDs in host matching against proxy patterns, allowing an attacker to bypass proxy restrictions and potentially send traffic through unintended network paths...
Improper Authentication
Ratify is vulnerable to Improper Authentication. The vulnerability is due to insufficient registry validation due to the Azure authentication providers failing to verify that the target registry is an Azure Container Registry ACR before exchanging an Entra ID EID token, potentially exposing token...
Improper Authorization
Umbraco.Cms.Api.Management is vulnerable to improper access control. The vulnerability is due to insufficient API access restrictions due to low-privilege authenticated users being able to create and update data type information meant for higher-privilege users...
Incorrect Authorization
Umbraco.Cms.Web.Backoffice is vulnerable to Incorrect Authorization. The vulnerability is due to improper access control due to manipulation of backoffice API URLs, allowing authenticated users to retrieve or delete restricted content...
Privilege Escalation
ASP.NET is vulnerable to Privilege Escalation. The vulnerability is due to improper authentication mechanisms due to insufficient validation, allowing an unauthorized attacker to elevate privileges over a network...
Signature Confusion Attack
simplesamlphp/saml2 is vulnerable to a Signature Confusion Attack. The vulnerability is due to improper validation in the HTTP-Redirect binding, which allows an attacker with any signed SAMLResponse to trick the application into accepting an unsigned message...
Path Traversal
Mock API configuration is vulnerable to Path Traversal. The vulnerability is due to improper handling of user input in templating features, which allows attackers to manipulate file paths and access arbitrary files on the mock server filesystem...
Remote Code Execution (RCE)
promptflowcore is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper isolation caused by a lack of compartmentalization, allowing an unauthorized attacker to execute code over a network...
Arbitrary Code Execution (ACE)
Keras is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to insecure deserialization, where the Model.loadmodel function processes a malicious .keras archive, allowing arbitrary Python modules and functions to be executed by modifying the config.json file...
Remote Denial Of Service (DoS)
ruby-saml is vulnerable to remote Denial of Service DoS. The vulnerability is due to the message size check being performed before decompression, allowing attackers to bypass it using compressed SAML responses...
Account Duplication Via Email Reuse
froxlor/froxlor is vulnerable to Account duplication via email reuse. The vulnerability is due to improper validation of email uniqueness, allowing authenticated users to create multiple accounts with the same email address as existing accounts, potentially leading to security issues...
HTML Injection
froxlor/froxlor is vulnerable to HTML Injection. The vulnerability is due to lack of proper input sanitization and output encoding, allowing malicious HTML payloads to be injected and executed in the customer account portal...
Regular Expression Denial Of Service (ReDoS)
Babel is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to quadratic complexity in the .replace method polyfill when compiling regular expression named capturing groups, allowing an attacker to cause excessive processing time with crafted input...
XML External Entity (XXE) Injection
io.github.robothy:local-s3-rest is vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper XML parsing due to the service resolving external entities in the CreateBucketConfiguration XML document, allowing attackers to perform server-side request forgery SSRF and lea...
Path Equivalence
Apache Tomcat is vulnerable to Path Equivalence. The vulnerability is due to improper handling of internal dot notation in file names due to inadequate validation in the Default Servlet, allowing remote code execution, information disclosure, or unauthorized file modifications when specific...
Arbitrary Code Execution (ACE)
PickleScan is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to PickleScan failing to detect malicious pickle files when specific ZIP file flag bits are modified, allowing attackers to embed harmful pickle files that remain unnoticed while still being loaded by PyTorch’s...
SQL Injection
pimcore/pimcore is vulnerable to SQL injection. The vulnerability is due to improper input sanitization and lack of parameterized queries, allowing an attacker to manipulate database queries, extract sensitive data, modify records, or escalate privileges...
Origin Validation Error
Rembg is vulnerable to Origin Validation Error. The vulnerability is due to improper CORS middleware configuration, which reflects all origins and sets allowcredentials to True, allowing any website to send authenticated cross-site requests to the Rembg server...
Server Side Request Forgery (SSRF)
Rembg is vulnerable to Server Side Request Forgery SSRF. The vulnerability is due to insufficient validation of user-supplied URLs, allowing an attacker to request internal network resources via the /api/remove endpoint...
Insertion Of Sensitive Information Into Log File
github.com/hashicorp/nomad is vulnerable to Insertion of Sensitive Information into Log File. The vulnerability is due to improper logging practices due to workload identity and client secret tokens being recorded in audit logs...
Cross-site Scripting (XSS)
Concrete CMS is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization due to the "Add Folder" functionality allowing a rogue admin to inject XSS payloads as folder names...
Insufficient Verification Of Data Authenticity
PickleScan is vulnerable to Insufficient Verification of Data Authenticity. The vulnerability is due to a discrepancy in filename handling due to differences between ZIP header filenames and directory listing filenames, which allows an attacker to bypass detection by causing PickleScan to crash...
Stored Cross-site Scripting (XSS)
github.com/lf-edge/ekuiper is vulnerable to Stored Cross-site Scripting XSS. The vulnerability is due to improper input validation in the rule id parameter, allowing an attacker with modification rights to inject a malicious payload that executes in the victim's browser when the rule is modified...
Repository Takeover
github.com/go-vela/server is vulnerable to Repository Takeover. The vulnerability is due to improper validation of webhook headers and body data, allowing an attacker to forge requests and transfer repository ownership along with its secrets...
Remote Code Execution (RCE)
plotai is vulnerable to Remote Code Execution RCE. The vulnerability is due to a lack of validation of LLM-generated output, which allows an attacker to execute arbitrary Python code...
Authentication Bypass
github.com/fleetdm/fleet is vulnerable to Authentication Bypass. The vulnerability is due to insufficient validation of SAML authentication assertions, allowing an attacker to forge responses and create unauthorized accounts if Just-In-Time JIT provisioning or MDM enrollment is enabled...
Path Traversal
Rack is vulnerable to Path Traversal. The vulnerability is due to improper input validation due to Rack::Static not correctly sanitizing user-supplied paths, allowing encoded path traversal sequences to access files outside the intended static file directory...
Cross-Site Request Forgery (CSRF)
org.jenkins-ci.main, jenkins-core is vulnerable to Cross-site request forgery CSRF. The vulnerability is due to improper request validation, which allows unauthorized state changes in Jenkins' UI when a user unknowingly triggers a malicious request...
Server-Side Request Forgery (SSRF)
Axios is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper handling of absolute URLs, which causes axios to send requests directly to the specified absolute URL instead of respecting the baseURL, potentially leading to SSRF and exposing sensitive credentials...
Open Redirect
org.jenkins-ci.main, jenkins-core is vulnerable to Open redirect. The vulnerability is due to improper URL validation, allowing redirects starting with backslash characters, which browsers interpret as scheme-relative redirects, enabling phishing attacks...
Prototype Pollution
Vue I18n is vulnerable to Prototype Pollution. The vulnerability is due to improper input handling in the handleFlatJson function, allowing an attacker to modify the global prototype chain, potentially leading to denial of service DoS or more severe injection-based attacks...
Improper Verification Of Cryptographic Signature
dotnet-debugger-extensions, dotnet-dump and dotnet-sos are vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is due to insufficient validation mechanisms, allowing an authorized attacker to execute code over a network...