38326 matches found
Double-signing Attack
github.com/strangelove-ventures/horcrux is vulnerable to a double-signing attack. The vulnerability is due to a race condition in signature state handling when two independent events occurring within the same microsecond, allowing unintended duplicate signatures and leads to unintended...
Reflected Cross-Site Scripting (Reflected XSS)
laravel/framework is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to improper encoding of route parameters in the debug-mode error page, allows an attacker to inject and execute malicious scripts in a victim’s browser by tricking them into visiting a...
Denial Of Service (DoS)
pocketmine/pocketmine-mp is vulnerable to a Denial of Service DoS. The vulnerability exists due to the lack of default limits in the explode function, allowing malicious clients to abuse packets and exhaust server resources...
Header Injection
org.apache.camel, camel-support is vulnerable to a Header Injection. The vulnerability is due to insufficient header filtering, where only headers starting with "Camel", "camel", or "org.apache.camel." are blocked, allows attackers to forge header names and manipulate method invocation in the...
Reflected Cross-Site Scripting (Reflected XSS)
laravel/framework is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to improper encoding of request parameters in the debug-mode error page, allowing user input to be reflected without proper sanitization...
Insertion Of Sensitive Information Into Log Files
Ray is vulnerable to the insertion of sensitive information into log files. The vulnerability is due to inadequate log sanitization, allowing sensitive credentials like the Redis password to be recorded in standard logs...
Information Disclosure
Jenkins is vulnerable to information disclosure. The vulnerability is due to improper redaction of encrypted secret values in config.xml when accessed via REST API or CLI, allowing attackers with View/Read permission to retrieve sensitive information...
Reflected Cross-Site Scripting (Reflected XSS)
NocoDB is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to the insecure usage of the EJS template engine, specifically the %- function in resetPassword.ts, which can directly renders unescaped user input, allowing malicious scripts to execute when processed ...
Log Injection
Envoy Gateway is vulnerable to Log Injection. The vulnerability is due to improper log handling due to the use of a default Envoy Proxy access log configuration, allowing attackers to craft user-agent strings that inject and overwrite fields in the access log...
Out-of-bounds Write
ImageSharp is vulnerable to an Out-of-Bounds Write. The vulnerability is due to improper memory handling due to an issue in the GIF decoder, allowing attackers to craft a malicious GIF that causes a crash, potentially leading to a denial of service...
Cleartext Storage Of Sensitive Information
Jenkins is vulnerable to Cleartext Storage of Sensitive Information. The vulnerability is due to improper secret redaction due to config.xml of agents being accessible via the REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted secret values...
Arbitrary File Upload
flowise is vulnerable to an Arbitrary file upload vulnerability. The vulnerability is due to insufficient validation of uploaded files, allowing attackers to upload arbitrary files, which may lead to remote code execution or unauthorized access...
Denial Of Service (DoS)
Django is vulnerable to Denial of Service DoS. The vulnerability is due to inefficient processing due to the django.utils.text.wrap method and wordwrap template filter, which can be exploited using very long strings to cause excessive resource consumption...
Denial Of Service (DoS)
OpenTelemetry.Api is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of tracestate and traceparent headers, allowing an attacker to trigger high CPU usage and degrade application performance...
Denial Of Service (DoS)
org.openidentityplatform.opendj, opendj-server-legacy is vulnerable to a Denial Of Service DoS. The vulnerability is due to an alias loop in the LDAP database, which allows an attacker to make the server unresponsive to all LDAP requests due to infinite alias dereferencing...
Remote Code Execution (RCE)
org.lucee, lucee is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper XML entity processing in the Lucee REST endpoint, allows an attacker to execute arbitrary code by exploiting improper XML entity processing in the Lucee REST endpoint...
Arbitrary File Upload
redaxo/source is vulnerable to Arbitrary File Upload. The vulnerability is due to insufficient validation of uploaded files in the mediapool/media page, allowing attackers to upload and potentially execute malicious files...
Remote Code Execution (RCE)
DGL is vulnerable to Remote Code Execution RCE.The vulnerability is due to unsafe deserialization due to the use of Python's pickle module for serializing and deserializing network messages, which can allow attackers to execute arbitrary code remotely...
Improper Neutralization
laravel/framework is vulnerable to Improper Neutralization. The vulnerability is due to improper validation enforcement due to the incorrect handling of wildcard validation files., allowing user-crafted malicious requests to bypass file or image validation rules...
Cross-site Scripting (XSS)
redaxo/source is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of the rex-api-result parameter due to insufficient input validation, allowing attackers to inject malicious scripts on the AddOns page...
Remote Code Execution (RCE)
livewire/volt is vulnerable to Remote Code Execution RCE.The vulnerability is due to improper handling of user-crafted request payloads due to inadequate input validation, allowing attackers to execute arbitrary code within Volt components...
Log Injection
Rack is vulnerable to log injection. The vulnerability is due to the Rack::Sendfile middleware logging unsanitized header values from the X-Sendfile-Type header, allowing an attacker to inject escape sequences into logs...
Weak Cryptographic Algorithms
gov.nsa.emissary, emissary is vulnerable to weak cryptographic algorithms. The vulnerability is due to the use of weak cryptographic algorithms e.g., SHA-1, CRC32, and SSDEEP in the ChecksumCalculator class, which can be exploited to generate hash collisions or compromise data integrity...
Server-side Template Injection (SSTI)
spacyllm is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to improper input validation in the template field, allowing attackers to execute Remote Code Execution RCE by injecting a crafted payload...
Insecure Direct Object Reference (IDOR)
github.com/zitadel/zitadel is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient access control in the Admin API, allowing authenticated users without specific IAM roles to modify sensitive settings...
Stored Cross-site Scripting (XSS)
github.com/matrix-org/pinecone is vulnerable to stored Stored Cross-site Scripting XSS. The vulnerability is due to improper sanitization of user input, allowing malicious scripts to be stored and later executed when accessed by users...
Sandbox Bypass
Jinja is vulnerable to sandbox bypass. The vulnerability is due to an oversight in how the Jinja sandboxed environment interacts with the |attr filter, allowing attackers to execute arbitrary code execution ACE by bypassing the sandbox's attribute lookup...
Brute-force Attack
org.wildfly.core, wildfly-elytron-integration is vulnerable to Brute-force Attack. The vulnerability is due to the lack of rate limiting on failed authentication attempts via CLI, allows attackers to perform multiple failed authentication attempts within a short time frame due to the lack of rate...
Username Enumeration
Flask-AppBuilder is vulnerable to Username Enumeration. The vulnerability is due to differences in server response time when brute forcing login requests, allowing unauthenticated users to enumerate existing usernames...
Unauthorized Account Takeover
oxidized-web is vulnerable to Unauthorized Account takeover. The vulnerability is due to missing authentication in the RANCID migration page, allowing an unauthenticated user to gain control over the Linux user account running oxidized-web...
Denial Of Service (DoS)
CGI is vulnerable to Denial of Service DoS. The vulnerability is due to the lack of a length limit on raw cookie values in the CGI::Cookie.parse method, allowing excessively large cookies to consume system resources...
Cross-site Scripting
Stage.js is vulnerable to Cross-site Scripting. The vulnerability is due to improper handling of the global DOM namespace, allowing attacker-injected HTML elements to shadow the document.currentScript lookup and unintended element properties to override JavaScript variables...
Authentication Bypass
github.com/minio/minio is vulnerable to Authentication bypass. The vulnerability is due to improper enforcement of SSH key validation when using LDAP as an external identity provider, allowing unauthorized access if the sshPublicKey attribute is missing...
Uncontrolled Resource Consumption
github.com/jasonlovesdoggo/abacus is vulnerable to a goroutine leak. The vulnerability is due to improper resource cleanup due to the server failing to terminate goroutines when clients disconnect from the /stream endpoint, leading to resource exhaustion and degraded service...
Cross-site Scripting (XSS)
openmage/magento-lts LTS is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input validation due to the ability to execute scripts in the admin panel, potentially leading to XSS attacks against authenticated admin users...
Incorrect Authorization
WSO2 is vulnerable to Incorrect Authorization. The vulnerability is due to improper authorization checks due to the ability to access protected APIs using a refresh token instead of an access token, potentially allowing prolonged unauthorized access to API resources...
Weak Password Hashing
Manifest is vulnerable to Weak Password Hashing. The vulnerability is due to improper password hashing due to the use of SHA3 without a salt, making user passwords more susceptible to cracking if an attacker gains access to the database...
Authentication Bypass
github.com/ryanbekhen/nanoproxy is vulnerable to Authentication Bypass. The vulnerability is due to the use of an outdated version of golang.org/x/crypto, which may contain unresolved security flaws, allows attackers could exploit weaknesses such as weak cryptographic algorithms...
Improper Privilege Management
org.apache.streampipes, streampipes-parent is vulnerable to improper privilege management. The vulnerability is due to missing or improper access control checks in the REST interface, allowing unauthorized access to resources when the resource ID is known...
Remote Code Execution
Picklescan is vulnerable to Remote Code Execution. The vulnerability is due to improper restriction of dangerous globals, allowing an attacker to craft a malicious model that executes pip.main to install and execute malicious packages...
DOM Clobbering
PrismJS is vulnerable to DOM Clobbering. The vulnerability is due to attacker-injected HTML elements shadowing the document.currentScript lookup, allowing an attacker to potentially leads to Cross-Site Scripting XSS...
Authentication Credential Leakage
URI is vulnerable to authentication credential leakage. The vulnerability is due to improper sanitization of userinfo in URI handling methods, allowing an attacker to extract credentials and potentially gain unauthorized access...
Local File Inclusion (LFI)
io.pebbletemplates:pebble is vulnerable to Local File Inclusion LFI. The vulnerability is due to improper access control due to the include tag allowing high-privileged attackers to access sensitive local files by crafting malicious notification templates...
Denial Of Service (DoS)
getformwork/formwork is vulnerable to a Denial of Service DoS. The vulnerability is due to improper input validation due to select fields allowing crafted inputs that crash the system, resulting in a 500 status and making the site and administration panel unavailable...
Cross-site Scripting (XSS)
getformwork/formwork is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization due to the site title field allowing JavaScript tags, which can be used to attack all system members...
Regular Expression Denial Of Service (ReDoS)
CGI is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression processing in the UtilescapeElement method, allowing an attacker to cause denial of service through excessive backtracking with crafted input...
Denial Of Service (DoS)
github.com/cosmos/ibc-go is vulnerable to Denial Of Service DoS. The vulnerability is due to improper deserialization of IBC acknowledgements, allowing an attacker to halt the chain by introducing a non-deterministic state...
Control Character Injection
Mongosh is vulnerable to Control Character Injection. The vulnerability is due to improper input handling due to an attacker controlling the autocompletion feature, allowing the execution of obfuscated malicious text when a user presses ‘tab’ to autocomplete input...
Cross-Site Scripting (XSS)
Seajs is vulnerable to Cross-Site Scripting. The vulnerability is due to improper input sanitization in the seajs package, allowing users to inject scriptless HTML tags with unsanitized name attributes...
CSV Injection
org.apache.ranger, security-admin-web is vulnerable to CSV Injection. The vulnerability is due to improper neutralization of formula elements due to insufficient sanitization of exported CSV data, allowing malicious formulas to execute when opened in a spreadsheet application...