38326 matches found
Cross-site Scripting
Mavo is vulnerable to Cross-site Scripting. The vulnerability is due to improper handling of HTML elements, allowing attackers to inject a crafted element and execute arbitrary code...
Cross-site Scripting
Tsup is vulnerable to DOM Clobbering. The vulnerability is due to DOM Clobbering caused by a crafted script in the import.meta.url to document.currentScript in cjsshims.js components...
Improper Input Validation
picklescan is vulnerable to Improper Input Validation. The vulnerability is due to improper validation of file extensions, allowing an attacker to include a malicious pickle file with a non-standard extension that bypasses security checks...
Server Side Request Forgery (SSRF)
github.com/usememos/memos is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of user-supplied URLs, which allows an attacker to perform SSRF attacks...
Arbitrary File Upload
mautic/core is vulnerable to Arbitrary File Upload. The vulnerability is due to improper input validation and insufficient path restrictions, allowing users to upload files to unintended directories outside the designated temporary directory...
Improper File Permissions
spotipy is vulnerable to Improper File Permissions. The vulnerability is due to insecure default file permissions that allow unauthorized users to read the Spotify auth token...
Local Privilege Escalation
Mongosh is vulnerable to local privilege escalation. The vulnerability is due to improper handling of library loading paths, where mongosh searches for and executes files from C:\nodemodules\ without proper validation, allowing an attacker to place a malicious file and gain elevated privileges...
Improper Neutralization
Mongosh is vulnerable to Improper Neutralization. The vulnerability is due to improper input sanitization due to an attacker being able to manipulate a user's clipboard, leading to the pasting of obfuscated malicious code that is executed in mongosh...
Improper Neutralization
Mongosh is vulnerable to Improper Neutralization. The vulnerability is due to improper output sanitization due to an attacker being able to inject control characters into shell output, potentially displaying falsified messages that mislead users into executing unsafe actions...
Stack Overflow
github.com/rancher/rancher is vulnerable to Stack Overflow. The vulnerability is due to improper input handling in Rancher’s /v3-public/authproviders API endpoint, which allows a malicious user to trigger a stack overflow, leading to a crash and denial of service DoS...
Improper Access Control
Rancher is vulnerable to Improper Access Control. The vulnerability is due to improper access due to unauthenticated users being able to list and delete CLI authentication tokens before they can be retrieved, preventing CLI-based login for SAML-authenticated users...
Improper Authentication
Rancher is vulnerable to Improper Authentication. The vulnerability is due to improper validation of SAML assertion data due to Rancher trusting and using unvalidated values in authentication cookies, allowing attackers to manipulate session data and escalate privileges...
Improper Authorization
mautic/core is vulnerable to Improper Authorization. The vulnerability is due to improper enforcement of access controls, allowing any authenticated user to bypass reporting permissions and access all reports via the API...
DOM-based Cross-site Scripting (XSS)
copyparty is vulnerable to DOM-based cross-site scripting. The vulnerability is due to improper handling of maliciously named files during drag-and-drop actions in the Web UI, allowing arbitrary JavaScript execution...
Denial Of Service (DoS)
io.quarkus, quarkus-resteasy is vulnerable to Denial Of Service DoS. The vulnerability is due to improper resource management, where a buffer is not correctly released when a client request times out. It allows an attacker to trigger memory leaks by sending multiple client requests with low...
Cross Site Scripting
solid-js is vulnerable to Cross Site Scripting. The vulnerability is due to improper escaping of user input inside illegal inlined JSX fragments, allowing unescaped input to be rendered as HTML...
Open Redirect
better-auth is vulnerable to an Open Redirect. The vulnerability is due to improper validation of the callbackURL parameter, allowing scheme-less URLs that the browser interprets as fully qualified URLs, leading to unintended redirection...
Unauthorized Channel Content Export
github.com/mattermost/mattermost-server is vulnerable to unauthorized channel content export. The vulnerability is due to improper access control due to failing to restrict channel export of archived channels when the "Allow users to view archived channels" setting is disabled...
Cross-Site Scripting (XSS)
tarteaucitronjs is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient input sanitization and improper handling of dynamic content in the getElemWidth and getElemHeight functions, allowing malicious scripts to be injected and executed...
Arbitrary File Read
github.com/mattermost/mattermost-server is vulnerable to Arbitrary File Read. The vulnerability is due to improper validation of board blocks when importing boards, which allows an attacker to perform a path traversal attack by importing and exporting a specially crafted import archive in Boards...
Authentication Bypass
github.com/navidrome/navidrome is vulnerable to Authentication Bypass. The vulnerability is due to flawed authentication logic, which allows an attacker to authenticate using any non-existent username and a salted hash of an empty password...
Cross-Site Scripting (XSS)
dom-expressions is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the use of .replace with special replacement patterns $' or $\ in user-defined attributes of the Meta tag, allows an attackers can exploit this by injecting malicious payloads into meta tags, potentially...
Improper JWT Signature Validation
jupyterhub-ltiauthenticator is vulnerable to improper JWT signature validation. The vulnerability is due to missing JWT signature validation in LTI13Authenticator, allowing forged authentication requests to be accepted...
Arbitrary IRC Command Execution
matrix-appservice-irc is vulnerable to arbitrary IRC command execution. The vulnerability is due to improper command handling, which allows an attacker to inject and execute arbitrary IRC commands as their own puppeted user...
Denial Of Service (DoS)
Passenger is vulnerable to Denial Of Service DoS. The vulnerability is due to an issue in the HTTP parser during the parsing of a request with an invalid HTTP method, allowing an attacker to exploit this issue...
Path Traversal
org.noear:solon-web-staticfiles is vulnerable to Path Traversal. The vulnerability is due to improper validation of user-supplied file paths in StaticMappings.java, allowing an attacker to access arbitrary files using "../filedir"...
Arbitrary File Read
Mattermost is vulnerable to Arbitrary File Read. The vulnerability is due to improper input validation when handling board patching and duplication. Specifically, the system fails to properly validate user input when duplicating a specially crafted block in Boards, allowing unauthorized access to...
Session Fixation
github.com/mattermost/mattermost-server is vulnerable to Session Fixation. The vulnerability is due to improper session invalidation when converting a user to a bot, allows the user to retain their previous session and potentially escalate privileges based on the bot’s assigned permissions...
Open Redirect
better-auth is vulnerable to an Open Redirect vulnerability. The vulnerability is due to improper validation of the trustedOrigins configuration, which allows attackers to manipulate the callbackURL parameter, leading to an open redirect that can be exploited for token theft...
Arbitrary File Read
moodle/moodle is vulnerable to Arbitrary File Read. The vulnerability is due to insufficient input sanitization in the TeX notation filter, which allows an attacker to exploit pdfTeX to read arbitrary files on the server...
Reflected Cross-Site Scripting
moodle/moodle is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to insufficient sanitization of user input in the question bank filter, allowing malicious scripts to be executed in a victim's browser...
Information Disclosure
moodle/moodle is vulnerable to Information Disclosure. The vulnerability is due to inadequate restrictions on tag visibility, which allows users to access and discover hidden tags through the tag search page or tags block...
Cross-Site Scripting (XSS)
NagVis is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to user-supplied input being reflected in responses without adequate sanitization, and attackers can exploit this by crafting malicious links that execute arbitrary JavaScript in the victim's browser when clicked, affectin...
Remote Code Execution
NagVis is vulnerable to Remote Code Execution RCE. The vulnerability is due to the ability of an authenticated administrator to upload a malicious PHP file and modify configuration settings, and attackers can exploit this to execute arbitrary PHP code on the server...
Use Of A Broken Or Risky Cryptographic Algorithm
Easy-RSA is vulnerable to weak encryption algorithm usage. The vulnerability is due to insecure key generation due to the use of a weak default encryption algorithm when creating the private CA key with OpenSSL 3, and attackers can exploit this to more easily brute-force the CA private key and...
SQL Injection
ZoneMinder is vulnerable to SQL Injection. The vulnerability is due to unsanitized parameters being directly passed to an SQL query in WWW/AJAX/watch.php, and attackers can exploit this to execute arbitrary SQL commands on the database...
Host Header Injection
leantime/leantime is vulnerable to Host Header Injection. The vulnerability is due to improper validation of the host header due to the system allowing attackers to manipulate HTTP request headers, leading to unauthorized access to user details...
Cross-site Scripting (XSS)
Leantime is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization due to the API key name allowing malicious script injection during API key generation...
Cross-Site Request Forgery (CSRF)
leantime/leantime is vulnerable to cross-site request forgery CSRF. The vulnerability is due to CSRF allowing a remote attacker to create an account with elevated privileges by tricking an Owner or Administrator into clicking a malicious link...
Stored Cross-site Scripting (XSS)
leantime/leantime is vulnerable to Stored Cross-site Scripting XSS. The vulnerability is due to improper input sanitization and output encoding, allowing attackers to inject malicious scripts that get stored and executed when retrieved by users...
SQL Injection
moodle/moodle is vulnerable to SQL injection. The vulnerability is due to insufficient input sanitization in the module list filter, allowing attackers to manipulate database queries...
Improper Access Control
moodle/moodle is vulnerable to Improper access control. The vulnerability is due to missing Separate Groups mode restrictions in permission checks, allowing unauthorized viewing or deletion of responses in Feedback activities...
Incorrect Calculation
Vyper is vulnerable to Incorrect Calculation. The vulnerability is due to improper handling of oscillating final states due to the sqrt builtin incorrectly rounding up results when using the Babylonian method for square root calculation...
Out-of-bounds Write
Vyper is vulnerable to Out-of-bounds Write. The vulnerability is due to improper bounds validation due to the caching of the target location in an AugAssign statement, which prevents re-evaluating the bounds check when modifying a DynArray...
Denial Of Service (DoS)
github.com/go-jose/go-jose is vulnerable to Denial Of Service DoS. The vulnerability is due to improper token parsing using strings.Splittoken, ".", which fails to limit the number of splits, allowing attackers to create excessively large token segments that consume excessive memory...
Improper Access Control
moodle/moodle is vulnerable to Improper access control. The vulnerability is due to insufficient enforcement of security policies, allowing a privilege escalation attack due to inadequate checks ensuring trusttext is applied to restored glossary entries...
Insufficient Capability Checks
moodle/moodle is vulnerable to Insufficient capability checks. The vulnerability is due to missing or improper authorization checks before allowing badge modifications, allows users to perform actions beyond their intended permissions...
Stored Cross-site Scripting (XSS)
moodle/moodle is vulnerable to Stored Cross-site Scripting XSS. The vulnerability is due to insufficient sanitization of user input when handling drag-and-drop image or text elements, allowing malicious scripts to be stored and executed...
Insufficiently Protected Credentials
leantime/leantime is vulnerable to Insufficiently Protected Credentials. The vulnerability is due to improper cache control where an attacker can view sensitive information even if they are not logged into the account anymore...
Cross-site Scripting (XSS)
leantime/leantime is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper handling of SVG uploads which allows an attacker to inject malicious scripts and potentially redirect users to malicious websites by uploading specially crafted SVG files...