38111 matches found
Stored Cross-site Scripting (XSS)
Mobile Security Framework MobSF is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of the bundle ID value in dynamicanalysis.html, which allows an attacker to inject special characters and break the HTML context, leading to Stored XSS...
Improper Access Control
mobsf is vulnerable to Improper Access Control. The vulnerability is due to improper validation of access tokens, allowing a local user with minimal privileges to use an access token for unauthorized scopes...
Reflected Cross-Site Scripting (Reflected XSS)
Better-auth is vulnerable to Reflected cross-site scripting XSS. The vulnerability is due to HTML injection due to improper handling of user input on the /api/auth/error page, allowing an attacker to execute arbitrary JavaScript in a victim’s browser...
Improper Input Validation
mobsf is vulnerable to Improper Input Validation. The vulnerability is due to the application's failure to enforce strict validation on the CFBundleIdentifier value, allowing attackers to insert special characters that trigger parsing errors and result in a Denial of Service DoS condition...
Improper Authorization
github.com/edgelesssys/contrast is vulnerable to Improper Authorization. The vulnerability is due to a lack of authentication in the recovery mechanism, which allows an attacker to impersonate the Coordinator without proper verification...
Improper Input Validation
Browsershot is vulnerable to Improper Input Validation. The vulnerability is due to improper URL validation due to the setUrl method failing to restrict local file access, allowing an attacker to perform local file inclusion and read sensitive files...
Improper Input Validation
Browsershot is vulnerable to Improper Input Validation. The vulnerability is due to missing validation checks due to the setHtml function failing to block file URI schemes, allowing an attacker to bypass restrictions by omitting slashes in the file path...
Arbitrary File Upload
Cockpit is vulnerable to Arbitrary File Upload. The vulnerability is due to insufficient file extension filtering due to an attacker being able to bypass the upload filter by using different file extensions...
Denial Of Service (DoS)
github.com/CosmWasm/wasmvm is vulnerable to a Denial-of-Service DoS. The vulnerability is due to a bug affecting both permissioned and permissionless chains due to its ability to be reliably triggered using a malicious contract, potentially causing a chain crash...
Incorrect Authorization
org.apache.cassandra, cassandra-all is vulnerable to Incorrect Authorization. The vulnerability is due to improper enforcement of authorization rules in CassandraNetworkAuthorizer and CassandraCIDRAuthorizer, allowing users to modify their own permissions via data control language DCL statements...
Privilege Defined With Unsafe Actions
org.apache.cassandra, cassandra-all is vulnerable to Privilege Defined With Unsafe Actions. The vulnerability is due to unsafe actions on a system resource, which allow a user with MODIFY permission on all keyspaces to escalate privileges to superuser within an Apache Cassandra cluster...
Authentication Bypass
github.com/edgelesssys/marblerun is vulnerable to Authentication Bypass. The vulnerability is due to the lack of verification that the recovery key was provided by an authorized party, combined with the failure to compare the Coordinator's root certificate against a trusted reference when...
Class Pollution
Django-Unicorn is vulnerable to Class Pollution. The vulnerability is due to improper handling of component requests due to the setpropertyvalue function allowing remote users to manipulate its parameters, leading to arbitrary changes in the Python runtime, enabling XSS, DoS, and authentication...
Improper Authorization
TShock is vulnerable to Improper Authorization. The vulnerability is due to incomplete connection handling due to clients being able to exist on the server, occupy player slots, chat, and receive data without fully completing the connection handshake, allowing banned users to exploit server...
Insufficient Verification Of Data Authenticity
CometBFT is vulnerable to Insufficient Verification of Data Authenticity. The vulnerability is due to improper validation due to incorrect processing and dissemination of invalid block part indices and proof part indices, which could lead to a network halt...
Directory Traversal
org.gaul:s3proxy is vulnerable to Directory Traversal. The vulnerability is due to improper access control due to the filesystem and filesystem-nio2 storage backends potentially exposing local files to users unintentionally...
DNS Cache Poisoning
gVisor is vulnerable to predictable TCP/UDP source ports. The vulnerability is due to a flawed randomization mechanism in gVisor's TCP/UDP source port and header value generation, allowing attackers to predict these values...
Buffer Under-read
libzephyr.so is vulnerable to Buffer Under-read. The vulnerability is due to a lack of proper length checking for user input, allowing an attacker to overflow a buffer and potentially execute arbitrary code or cause a crash...
Improper Check Or Handling Of Exceptional Conditions
github.com/cometbft/cometbft is vulnerable to Improper Check or Handling of Exceptional Conditions. The vulnerability is due to improper validation of reported latest heights, allowing a malicious node to first report a higher latest height and then a lower one, causing syncing nodes to get stuck...
Remote Code Execution (RCE)
Vitest is vulnerable to Remote Code Execution RCE. The vulnerability is due to the WebSocket server not validating the Origin header and lacking an authorization mechanism, allowing an attacker to inject and execute arbitrary code via the saveTestFile and rerun APIs...
Cross-Site Scripting (XSS)
Axios is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper origin determination and unsafe handling of the href attribute in the lib/helpers/isURLSameOrigin.js file, which does not use a proper URL object. It allows an attacker to manipulate the href attribute and injec...
Arbitrary File Exposure
@vitest/browser is vulnerable to Arbitrary File Exposure. The vulnerability is due to the screenshot-error handler on the browser mode HTTP server improperly responding with any file on the file system when browser.api.host: true is set, allowing remote attackers to access arbitrary files...
Information Disclosure
gvisor.dev/gvisor is vulnerable to Information Disclosure. The vulnerability is due to weak hashing algorithms and small seed/secret sizes, allowing remote attackers to calculate a local IP address and per-boot identifier that could aid in tracking a device in specific situations...
Sensitive Information Disclosure
github.com/argoproj/argo-cd is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper handling of invalid Kubernetes Secret resources, allowing secret values to be exposed in error messages and the diff view. An attacker with write access to the repository can commit...
Improper Access Control
github.com/kubewarden/kubewarden-controller is vulnerable to Improper Access Control. The vulnerability is due to insufficient restrictions on AdmissionPolicy and AdmissionPolicyGroup, allowing attackers to manipulate or block PolicyReport objects, leading to compliance data tampering or evasion...
Variable Injection
zx is vulnerable to Variable Injection. The vulnerability is due to improper handling of environment variables due to the ability of an attacker to inject unintended values into process.env, potentially leading to arbitrary command execution or unexpected behavior in security-sensitive applicatio...
Cross-site Scripting (XSS)
Backdrop CMS is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper validation of uploaded SVG images due to insufficient filtering of dangerous SVG tags, allowing an attacker to execute scripts in the browser when an SVG image is viewed directly via its URL...
Cross-site Scripting (XSS)
Backdrop CMS is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper content isolation due to insufficient sanitization of long text content when using the CKEditor 5 rich text editor, allowing an attacker to inject malicious HTML and JavaScript that executes when an...
Cleartext Storage Of Sensitive Information
PMD is vulnerable to Cleartext Storage of Sensitive Information. The vulnerability is due to exposed signing key passphrases due to their inclusion in a published JAR file on Maven Central, potentially compromising the associated private keys...
Improper Access Control
github.com/grafana/grafana is vulnerable to Improper Access Control. The vulnerability is due to improper access control in the Grafana Alerting VictorOps integration, allowing users with Viewer permission to access restricted functionality...
Secret Exposure
github.com/argoproj/gitops-engine is vulnerable to Secret Exposure. The vulnerability is due to improper handling of invalid Kubernetes Secret resources, which exposes secret values in error messages and the diff view during synchronization, allows an attacker with write access to the repository ...
Cross-Site Scripting (XSS)
PhpSpreadsheet is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user input, allowing the use of the JavaScript protocol and special characters to bypass the XSS filter...
Path Traversal
tcg/voyager is vulnerable to Path Traversal. The vulnerability is due to improper validation of user-supplied input, allowing attackers to traverse directories and access restricted files...
Cross Site Scripting (XSS)
DevDojo Voyager is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper input sanitization in the /admin/compass endpoint, which allows user-supplied input to be reflected in the response without proper encoding or filtering...
Privilege Escalation
net.snowflake:snowflake-jdbc is vulnerable to Privilege Escalation. The vulnerability is due to improper path handling due to an attacker with write access to a directory in %PATH% being able to escalate privileges when the EXTERNALBROWSER authentication method is used on Windows...
Improper Access Control
snowflake-connector-nodejs is vulnerable to Improper Access Control. The vulnerability is due to insufficient file permission checks due to an attacker with write access to the local cache directory being able to bypass temporary credential cache restrictions...
Denial-of-Service (DoS)
github.com/hashicorp/yamux is vulnerable to a Denial-of-Service DoS. The vulnerability is due to improper handling of connection timeouts due to Stream.Read calls hanging indefinitely if a corresponding Stream.Write call times out under network congestion, leading to stalled sessions and requirin...
Improper Access Control
org.apache.hive:hive-exec is vulnerable to Improper Access Control. The vulnerability is due to insecure file permissions due to the credentials file being created with default permissions of 644 in a temporary directory, allowing unauthorized users to read sensitive information...
Denial Of Service (DoS)
github.com/ethereum/go-ethereum is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of incoming messages, which allows a specially crafted message to trigger a crash or shutdown of the node...
Credentials Exposure
net.snowflake, snowflake-jdbc is vulnerable to credentials exposure. The vulnerability is due to insecure file permissions, where the Snowflake JDBC Driver caches temporary credentials in a world-readable file, allowing unauthorized users or attackers to access sensitive information...
Cross-Site Scripting (XSS)
twig/twig is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of output escaping for the expression on the left side of the ?? operator in Twig, which allowed unsanitized data to be rendered in the output...
Unauthorized File Access
snowflake.data is vulnerable to Unauthorized File Access. The vulnerability is due to improper file handling, where downloaded files are temporarily stored in a world-readable local directory, allows unauthorized users on the same machine to access the files...
Credential Caching
snowflakeconnectorpython is vulnerable to Credential Caching. The vulnerability is due to improper handling of temporary credential caching on Linux systems, When caching is enabled, the credentials are stored in a file that is readable by all users, allowing unauthorized access...
Local Privilege Escalation
snowflakeconnectorpython is vulnerable to Local Privilege Escalation. The vulnerability is due to the use of the pickle module for serializing OCSP Online Certificate Status Protocol responses, which allows an attacker to craft malicious data that, when deserialized...
Information Disclosure
github.com/richardoc/kube-audit-rest is vulnerable to Information Disclosure. The vulnerability is due to improper handling of Kubernetes secrets in audit logs when using the "full-elastic-stack" example vector configuration, allowing an attacker to retrieve previous secret values, potentially...
SQL Injection
snowflakeconnectorpython is vulnerable to SQL Injection. The vulnerability is due to improper input sanitization in a function from the snowflake.connector.pandastools module, allowing malicious SQL code to be injected and executed...
Unauthorized Rule Injection
ArgoCD is vulnerable to unauthorized rule injection. The vulnerability is due to improper namespace isolation, as the openshift.io/cluster-monitoring label is automatically applied to all namespaces deploying an ArgoCD CR instance, allowing them to create unauthorized PrometheusRule objects...
Path Traversal
github.com/cri-o/cri-o is vulnerable to Path Traversal. The vulnerability is due to improper handling of file paths in the log management functions UnMountPodLogs and LinkContainerLogs, it allows an attacker to manipulate the paths, potentially unmounting arbitrary host paths...
Sensitive Information Exposure
Infinispan is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper logging due to the exposure of sensitive information, such as configuration details or credentials, through logging mechanisms when using JGroups with JDBCPING...
Account Takeover
causal/oidc is vulnerable to Account Takeover. The vulnerability is due to flaws in the account linking logic, where an attacker can register a public frontend user account with a user's email before the user's first OIDC login, allowing them to hijack the account...