Lucene search
K
VeracodeRecent

38326 matches found

Veracode
Veracode
added 2025/03/12 8:14 a.m.5 views

Double-signing Attack

github.com/strangelove-ventures/horcrux is vulnerable to a double-signing attack. The vulnerability is due to a race condition in signature state handling when two independent events occurring within the same microsecond, allowing unintended duplicate signatures and leads to unintended...

6.9AI score
Exploits0
Veracode
Veracode
added 2025/03/12 5:43 a.m.12 views

Reflected Cross-Site Scripting (Reflected XSS)

laravel/framework is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to improper encoding of route parameters in the debug-mode error page, allows an attacker to inject and execute malicious scripts in a victim’s browser by tricking them into visiting a...

8CVSS6.2AI score0.00509EPSS
Exploits1References8Affected Software1
Veracode
Veracode
added 2025/03/12 5:42 a.m.5 views

Denial Of Service (DoS)

pocketmine/pocketmine-mp is vulnerable to a Denial of Service DoS. The vulnerability exists due to the lack of default limits in the explode function, allowing malicious clients to abuse packets and exhaust server resources...

7AI score
Exploits0
Veracode
Veracode
added 2025/03/12 5:41 a.m.16 views

Header Injection

org.apache.camel, camel-support is vulnerable to a Header Injection. The vulnerability is due to insufficient header filtering, where only headers starting with "Camel", "camel", or "org.apache.camel." are blocked, allows attackers to forge header names and manipulate method invocation in the...

5.6CVSS6.5AI score0.79817EPSS
Exploits3References10Affected Software1
Veracode
Veracode
added 2025/03/12 5:40 a.m.17 views

Reflected Cross-Site Scripting (Reflected XSS)

laravel/framework is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to improper encoding of request parameters in the debug-mode error page, allowing user input to be reflected without proper sanitization...

8CVSS6.1AI score0.00575EPSS
Exploits1References8Affected Software1
Veracode
Veracode
added 2025/03/11 9:49 a.m.9 views

Insertion Of Sensitive Information Into Log Files

Ray is vulnerable to the insertion of sensitive information into log files. The vulnerability is due to inadequate log sanitization, allowing sensitive credentials like the Redis password to be recorded in standard logs...

6.4CVSS6.4AI score0.00179EPSS
Exploits0References7Affected Software1
Veracode
Veracode
added 2025/03/11 9:49 a.m.19 views

Information Disclosure

Jenkins is vulnerable to information disclosure. The vulnerability is due to improper redaction of encrypted secret values in config.xml when accessed via REST API or CLI, allowing attackers with View/Read permission to retrieve sensitive information...

4.3CVSS6.1AI score0.00298EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2025/03/11 7:35 a.m.10 views

Reflected Cross-Site Scripting (Reflected XSS)

NocoDB is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to the insecure usage of the EJS template engine, specifically the %- function in resetPassword.ts, which can directly renders unescaped user input, allowing malicious scripts to execute when processed ...

6.1CVSS6.4AI score0.00683EPSS
Exploits1References5Affected Software1
Veracode
Veracode
added 2025/03/11 7:30 a.m.5 views

Log Injection

Envoy Gateway is vulnerable to Log Injection. The vulnerability is due to improper log handling due to the use of a default Envoy Proxy access log configuration, allowing attackers to craft user-agent strings that inject and overwrite fields in the access log...

5.3CVSS6.6AI score0.00264EPSS
Exploits0References7Affected Software1
Veracode
Veracode
added 2025/03/11 7:22 a.m.11 views

Out-of-bounds Write

ImageSharp is vulnerable to an Out-of-Bounds Write. The vulnerability is due to improper memory handling due to an issue in the GIF decoder, allowing attackers to craft a malicious GIF that causes a crash, potentially leading to a denial of service...

7.5CVSS6.6AI score0.00526EPSS
Exploits1References5Affected Software1
Veracode
Veracode
added 2025/03/11 7:8 a.m.13 views

Cleartext Storage Of Sensitive Information

Jenkins is vulnerable to Cleartext Storage of Sensitive Information. The vulnerability is due to improper secret redaction due to config.xml of agents being accessible via the REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted secret values...

4.3CVSS6.6AI score0.00684EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2025/03/11 6:55 a.m.4 views

Arbitrary File Upload

flowise is vulnerable to an Arbitrary file upload vulnerability. The vulnerability is due to insufficient validation of uploaded files, allowing attackers to upload arbitrary files, which may lead to remote code execution or unauthorized access...

9.8CVSS8.2AI score0.50789EPSS
Exploits1References4Affected Software2
Veracode
Veracode
added 2025/03/11 6:29 a.m.8 views

Denial Of Service (DoS)

Django is vulnerable to Denial of Service DoS. The vulnerability is due to inefficient processing due to the django.utils.text.wrap method and wordwrap template filter, which can be exploited using very long strings to cause excessive resource consumption...

7.5CVSS6.5AI score0.00748EPSS
Exploits0References8Affected Software2
Veracode
Veracode
added 2025/03/11 1:39 a.m.5 views

Denial Of Service (DoS)

OpenTelemetry.Api is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of tracestate and traceparent headers, allowing an attacker to trigger high CPU usage and degrade application performance...

7.5CVSS6.6AI score0.00468EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2025/03/11 1:38 a.m.9 views

Denial Of Service (DoS)

org.openidentityplatform.opendj, opendj-server-legacy is vulnerable to a Denial Of Service DoS. The vulnerability is due to an alias loop in the LDAP database, which allows an attacker to make the server unresponsive to all LDAP requests due to infinite alias dereferencing...

8.7CVSS6.5AI score0.0036EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2025/03/11 1:36 a.m.8 views

Remote Code Execution (RCE)

org.lucee, lucee is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper XML entity processing in the Lucee REST endpoint, allows an attacker to execute arbitrary code by exploiting improper XML entity processing in the Lucee REST endpoint...

9.8CVSS8.5AI score0.0076EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2025/03/11 1:35 a.m.9 views

Arbitrary File Upload

redaxo/source is vulnerable to Arbitrary File Upload. The vulnerability is due to insufficient validation of uploaded files in the mediapool/media page, allowing attackers to upload and potentially execute malicious files...

5.4CVSS6.8AI score0.00253EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2025/03/10 4:36 p.m.10 views

Remote Code Execution (RCE)

DGL is vulnerable to Remote Code Execution RCE.The vulnerability is due to unsafe deserialization due to the use of Python's pickle module for serializing and deserializing network messages, which can allow attackers to execute arbitrary code remotely...

8.7AI score
Exploits0
Veracode
Veracode
added 2025/03/10 4:23 p.m.16 views

Improper Neutralization

laravel/framework is vulnerable to Improper Neutralization. The vulnerability is due to improper validation enforcement due to the incorrect handling of wildcard validation files., allowing user-crafted malicious requests to bypass file or image validation rules...

9.8CVSS6.7AI score0.00685EPSS
Exploits1References5Affected Software1
Veracode
Veracode
added 2025/03/10 3:56 p.m.10 views

Cross-site Scripting (XSS)

redaxo/source is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of the rex-api-result parameter due to insufficient input validation, allowing attackers to inject malicious scripts on the AddOns page...

6.1CVSS6.4AI score0.00266EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2025/03/10 3:38 p.m.8 views

Remote Code Execution (RCE)

livewire/volt is vulnerable to Remote Code Execution RCE.The vulnerability is due to improper handling of user-crafted request payloads due to inadequate input validation, allowing attackers to execute arbitrary code within Volt components...

9.3CVSS8.6AI score0.00567EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2025/03/10 12:18 p.m.7 views

Log Injection

Rack is vulnerable to log injection. The vulnerability is due to the Rack::Sendfile middleware logging unsanitized header values from the X-Sendfile-Type header, allowing an attacker to inject escape sequences into logs...

7.5CVSS7.4AI score0.00699EPSS
Exploits0References8Affected Software1
Veracode
Veracode
added 2025/03/10 12:2 p.m.7 views

Weak Cryptographic Algorithms

gov.nsa.emissary, emissary is vulnerable to weak cryptographic algorithms. The vulnerability is due to the use of weak cryptographic algorithms e.g., SHA-1, CRC32, and SSDEEP in the ChecksumCalculator class, which can be exploited to generate hash collisions or compromise data integrity...

7.5CVSS7AI score0.00194EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2025/03/10 8:38 a.m.3 views

Server-side Template Injection (SSTI)

spacyllm is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to improper input validation in the template field, allowing attackers to execute Remote Code Execution RCE by injecting a crafted payload...

9.8CVSS8.2AI score0.00728EPSS
Exploits0References6Affected Software1
Veracode
Veracode
added 2025/03/10 8:21 a.m.10 views

Insecure Direct Object Reference (IDOR)

github.com/zitadel/zitadel is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient access control in the Admin API, allowing authenticated users without specific IAM roles to modify sensitive settings...

9CVSS6.7AI score0.00584EPSS
Exploits0References17Affected Software1
Veracode
Veracode
added 2025/03/10 8:20 a.m.8 views

Stored Cross-site Scripting (XSS)

github.com/matrix-org/pinecone is vulnerable to stored Stored Cross-site Scripting XSS. The vulnerability is due to improper sanitization of user input, allowing malicious scripts to be stored and later executed when accessed by users...

6.1CVSS6.2AI score0.00217EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2025/03/10 8:19 a.m.9 views

Sandbox Bypass

Jinja is vulnerable to sandbox bypass. The vulnerability is due to an oversight in how the Jinja sandboxed environment interacts with the |attr filter, allowing attackers to execute arbitrary code execution ACE by bypassing the sandbox's attribute lookup...

8.8CVSS8.3AI score0.00465EPSS
Exploits0References6Affected Software2
Veracode
Veracode
added 2025/03/10 8:19 a.m.9 views

Brute-force Attack

org.wildfly.core, wildfly-elytron-integration is vulnerable to Brute-force Attack. The vulnerability is due to the lack of rate limiting on failed authentication attempts via CLI, allows attackers to perform multiple failed authentication attempts within a short time frame due to the lack of rate...

8.1CVSS7.3AI score0.00817EPSS
Exploits1References5Affected Software1
Veracode
Veracode
added 2025/03/10 8:17 a.m.7 views

Username Enumeration

Flask-AppBuilder is vulnerable to Username Enumeration. The vulnerability is due to differences in server response time when brute forcing login requests, allowing unauthenticated users to enumerate existing usernames...

5.3CVSS6.7AI score0.00304EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2025/03/07 10:30 a.m.12 views

Unauthorized Account Takeover

oxidized-web is vulnerable to Unauthorized Account takeover. The vulnerability is due to missing authentication in the RANCID migration page, allowing an unauthenticated user to gain control over the Linux user account running oxidized-web...

9.8CVSS7.7AI score0.24349EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2025/03/07 8:18 a.m.10 views

Denial Of Service (DoS)

CGI is vulnerable to Denial of Service DoS. The vulnerability is due to the lack of a length limit on raw cookie values in the CGI::Cookie.parse method, allowing excessively large cookies to consume system resources...

7.5CVSS7AI score0.00784EPSS
Exploits0References9Affected Software3
Veracode
Veracode
added 2025/03/07 8:0 a.m.5 views

Cross-site Scripting

Stage.js is vulnerable to Cross-site Scripting. The vulnerability is due to improper handling of the global DOM namespace, allowing attacker-injected HTML elements to shadow the document.currentScript lookup and unintended element properties to override JavaScript variables...

6.1CVSS6.8AI score0.00226EPSS
Exploits1References3Affected Software2
Veracode
Veracode
added 2025/03/07 6:39 a.m.9 views

Authentication Bypass

github.com/minio/minio is vulnerable to Authentication bypass. The vulnerability is due to improper enforcement of SSH key validation when using LDAP as an external identity provider, allowing unauthorized access if the sshPublicKey attribute is missing...

8.2CVSS7.1AI score0.00512EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2025/03/07 6:10 a.m.6 views

Uncontrolled Resource Consumption

github.com/jasonlovesdoggo/abacus is vulnerable to a goroutine leak. The vulnerability is due to improper resource cleanup due to the server failing to terminate goroutines when clients disconnect from the /stream endpoint, leading to resource exhaustion and degraded service...

7.5CVSS7AI score0.00381EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2025/03/07 6:2 a.m.8 views

Cross-site Scripting (XSS)

openmage/magento-lts LTS is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input validation due to the ability to execute scripts in the admin panel, potentially leading to XSS attacks against authenticated admin users...

2.9CVSS5.7AI score0.00248EPSS
Exploits0References6Affected Software1
Veracode
Veracode
added 2025/03/07 5:46 a.m.9 views

Incorrect Authorization

WSO2 is vulnerable to Incorrect Authorization. The vulnerability is due to improper authorization checks due to the ability to access protected APIs using a refresh token instead of an access token, potentially allowing prolonged unauthorized access to API resources...

5.6CVSS7AI score0.00222EPSS
Exploits0References3Affected Software2
Veracode
Veracode
added 2025/03/07 5:38 a.m.5 views

Weak Password Hashing

Manifest is vulnerable to Weak Password Hashing. The vulnerability is due to improper password hashing due to the use of SHA3 without a salt, making user passwords more susceptible to cracking if an attacker gains access to the database...

4.8CVSS7.2AI score0.00146EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2025/03/07 5:30 a.m.2 views

Authentication Bypass

github.com/ryanbekhen/nanoproxy is vulnerable to Authentication Bypass. The vulnerability is due to the use of an outdated version of golang.org/x/crypto, which may contain unresolved security flaws, allows attackers could exploit weaknesses such as weak cryptographic algorithms...

7.1AI score
Exploits0
Veracode
Veracode
added 2025/03/07 5:29 a.m.6 views

Improper Privilege Management

org.apache.streampipes, streampipes-parent is vulnerable to improper privilege management. The vulnerability is due to missing or improper access control checks in the REST interface, allowing unauthorized access to resources when the resource ID is known...

6.5CVSS7.1AI score0.00615EPSS
Exploits0References5Affected Software2
Veracode
Veracode
added 2025/03/07 5:27 a.m.10 views

Remote Code Execution

Picklescan is vulnerable to Remote Code Execution. The vulnerability is due to improper restriction of dangerous globals, allowing an attacker to craft a malicious model that executes pip.main to install and execute malicious packages...

9.8CVSS7.6AI score0.01498EPSS
Exploits4References8Affected Software1
Veracode
Veracode
added 2025/03/07 5:26 a.m.10 views

DOM Clobbering

PrismJS is vulnerable to DOM Clobbering. The vulnerability is due to attacker-injected HTML elements shadowing the document.currentScript lookup, allowing an attacker to potentially leads to Cross-Site Scripting XSS...

5.4CVSS6.3AI score0.00293EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2025/03/07 5:24 a.m.4 views

Authentication Credential Leakage

URI is vulnerable to authentication credential leakage. The vulnerability is due to improper sanitization of userinfo in URI handling methods, allowing an attacker to extract credentials and potentially gain unauthorized access...

5.3CVSS7.4AI score0.00472EPSS
Exploits0References12Affected Software1
Veracode
Veracode
added 2025/03/06 7:2 p.m.6 views

Local File Inclusion (LFI)

io.pebbletemplates:pebble is vulnerable to Local File Inclusion LFI. The vulnerability is due to improper access control due to the include tag allowing high-privileged attackers to access sensitive local files by crafting malicious notification templates...

6.8CVSS6.8AI score0.00782EPSS
Exploits1References8Affected Software1
Veracode
Veracode
added 2025/03/06 6:48 p.m.3 views

Denial Of Service (DoS)

getformwork/formwork is vulnerable to a Denial of Service DoS. The vulnerability is due to improper input validation due to select fields allowing crafted inputs that crash the system, resulting in a 500 status and making the site and administration panel unavailable...

6.9AI score
Exploits0
Veracode
Veracode
added 2025/03/06 6:12 p.m.5 views

Cross-site Scripting (XSS)

getformwork/formwork is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization due to the site title field allowing JavaScript tags, which can be used to attack all system members...

6.3AI score
Exploits0
Veracode
Veracode
added 2025/03/06 9:46 a.m.11 views

Regular Expression Denial Of Service (ReDoS)

CGI is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression processing in the UtilescapeElement method, allowing an attacker to cause denial of service through excessive backtracking with crafted input...

7.5CVSS6.9AI score0.00702EPSS
Exploits0References10Affected Software1
Veracode
Veracode
added 2025/03/06 9:20 a.m.6 views

Denial Of Service (DoS)

github.com/cosmos/ibc-go is vulnerable to Denial Of Service DoS. The vulnerability is due to improper deserialization of IBC acknowledgements, allowing an attacker to halt the chain by introducing a non-deterministic state...

7AI score
Exploits0
Veracode
Veracode
added 2025/03/06 7:18 a.m.17 views

Control Character Injection

Mongosh is vulnerable to Control Character Injection. The vulnerability is due to improper input handling due to an attacker controlling the autocompletion feature, allowing the execution of obfuscated malicious text when a user presses ‘tab’ to autocomplete input...

7.6CVSS5.9AI score0.00287EPSS
Exploits0References3Affected Software3
Veracode
Veracode
added 2025/03/06 6:36 a.m.11 views

Cross-Site Scripting (XSS)

Seajs is vulnerable to Cross-Site Scripting. The vulnerability is due to improper input sanitization in the seajs package, allowing users to inject scriptless HTML tags with unsanitized name attributes...

5.4CVSS6.7AI score0.00377EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2025/03/06 6:0 a.m.6 views

CSV Injection

org.apache.ranger, security-admin-web is vulnerable to CSV Injection. The vulnerability is due to improper neutralization of formula elements due to insufficient sanitization of exported CSV data, allowing malicious formulas to execute when opened in a spreadsheet application...

9.8CVSS7.2AI score0.00723EPSS
Exploits0References7Affected Software1
Total number of security vulnerabilities38326