Lucene search
K
VeracodeRecent

38326 matches found

Veracode
Veracode
•added 2025/03/06 5:59 a.m.•8 views

Cross-site Scripting

Mavo is vulnerable to Cross-site Scripting. The vulnerability is due to improper handling of HTML elements, allowing attackers to inject a crafted element and execute arbitrary code...

8.8CVSS7.4AI score0.00571EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2025/03/06 5:59 a.m.•7 views

Cross-site Scripting

Tsup is vulnerable to DOM Clobbering. The vulnerability is due to DOM Clobbering caused by a crafted script in the import.meta.url to document.currentScript in cjsshims.js components...

5.1CVSS6.9AI score0.00238EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2025/03/06 5:58 a.m.•9 views

Improper Input Validation

picklescan is vulnerable to Improper Input Validation. The vulnerability is due to improper validation of file extensions, allowing an attacker to include a malicious pickle file with a non-standard extension that bypasses security checks...

9.8CVSS7.1AI score0.00365EPSS
Exploits2References6Affected Software1
Veracode
Veracode
•added 2025/03/06 5:35 a.m.•4 views

Server Side Request Forgery (SSRF)

github.com/usememos/memos is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of user-supplied URLs, which allows an attacker to perform SSRF attacks...

9.8CVSS7.1AI score0.02818EPSS
Exploits1References7Affected Software1
Veracode
Veracode
•added 2025/03/05 10:36 a.m.•7 views

Arbitrary File Upload

mautic/core is vulnerable to Arbitrary File Upload. The vulnerability is due to improper input validation and insufficient path restrictions, allowing users to upload files to unintended directories outside the designated temporary directory...

5.4CVSS7.1AI score0.00536EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/03/05 10:4 a.m.•4 views

Improper File Permissions

spotipy is vulnerable to Improper File Permissions. The vulnerability is due to insecure default file permissions that allow unauthorized users to read the Spotify auth token...

9.8CVSS6.9AI score0.00589EPSS
Exploits1References6Affected Software1
Veracode
Veracode
•added 2025/03/05 8:33 a.m.•8 views

Local Privilege Escalation

Mongosh is vulnerable to local privilege escalation. The vulnerability is due to improper handling of library loading paths, where mongosh searches for and executes files from C:\nodemodules\ without proper validation, allowing an attacker to place a malicious file and gain elevated privileges...

7.8CVSS7.1AI score0.00135EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/03/05 8:18 a.m.•10 views

Improper Neutralization

Mongosh is vulnerable to Improper Neutralization. The vulnerability is due to improper input sanitization due to an attacker being able to manipulate a user's clipboard, leading to the pasting of obfuscated malicious code that is executed in mongosh...

8.8CVSS7.1AI score0.00224EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2025/03/05 8:11 a.m.•8 views

Improper Neutralization

Mongosh is vulnerable to Improper Neutralization. The vulnerability is due to improper output sanitization due to an attacker being able to inject control characters into shell output, potentially displaying falsified messages that mislead users into executing unsafe actions...

6.8CVSS7AI score0.00194EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2025/03/05 7:57 a.m.•6 views

Stack Overflow

github.com/rancher/rancher is vulnerable to Stack Overflow. The vulnerability is due to improper input handling in Rancher’s /v3-public/authproviders API endpoint, which allows a malicious user to trigger a stack overflow, leading to a crash and denial of service DoS...

8.2CVSS7AI score0.0053EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2025/03/05 7:55 a.m.•6 views

Improper Access Control

Rancher is vulnerable to Improper Access Control. The vulnerability is due to improper access due to unauthenticated users being able to list and delete CLI authentication tokens before they can be retrieved, preventing CLI-based login for SAML-authenticated users...

5.3CVSS7.4AI score0.00479EPSS
Exploits0
Veracode
Veracode
•added 2025/03/05 7:26 a.m.•8 views

Improper Authentication

Rancher is vulnerable to Improper Authentication. The vulnerability is due to improper validation of SAML assertion data due to Rancher trusting and using unvalidated values in authentication cookies, allowing attackers to manipulate session data and escalate privileges...

8.4CVSS7.5AI score0.00418EPSS
Exploits0
Veracode
Veracode
•added 2025/03/05 4:12 a.m.•8 views

Improper Authorization

mautic/core is vulnerable to Improper Authorization. The vulnerability is due to improper enforcement of access controls, allowing any authenticated user to bypass reporting permissions and access all reports via the API...

7.7CVSS6.9AI score0.00681EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2025/03/05 4:1 a.m.•7 views

DOM-based Cross-site Scripting (XSS)

copyparty is vulnerable to DOM-based cross-site scripting. The vulnerability is due to improper handling of maliciously named files during drag-and-drop actions in the Web UI, allowing arbitrary JavaScript execution...

6.1CVSS6.7AI score0.00426EPSS
Exploits1References5Affected Software1
Veracode
Veracode
•added 2025/03/05 4:0 a.m.•9 views

Denial Of Service (DoS)

io.quarkus, quarkus-resteasy is vulnerable to Denial Of Service DoS. The vulnerability is due to improper resource management, where a buffer is not correctly released when a client request times out. It allows an attacker to trigger memory leaks by sending multiple client requests with low...

7.5CVSS7.2AI score0.00759EPSS
Exploits0References17Affected Software1
Veracode
Veracode
•added 2025/03/05 3:55 a.m.•7 views

Cross Site Scripting

solid-js is vulnerable to Cross Site Scripting. The vulnerability is due to improper escaping of user input inside illegal inlined JSX fragments, allowing unescaped input to be rendered as HTML...

7.3CVSS7AI score0.00303EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2025/03/04 6:34 a.m.•8 views

Open Redirect

better-auth is vulnerable to an Open Redirect. The vulnerability is due to improper validation of the callbackURL parameter, allowing scheme-less URLs that the browser interprets as fully qualified URLs, leading to unintended redirection...

6.9CVSS6.6AI score0.00324EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2025/03/04 6:33 a.m.•5 views

Unauthorized Channel Content Export

github.com/mattermost/mattermost-server is vulnerable to unauthorized channel content export. The vulnerability is due to improper access control due to failing to restrict channel export of archived channels when the "Allow users to view archived channels" setting is disabled...

4.3CVSS6.5AI score0.00271EPSS
Exploits0References5Affected Software2
Veracode
Veracode
•added 2025/03/04 6:15 a.m.•6 views

Cross-Site Scripting (XSS)

tarteaucitronjs is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient input sanitization and improper handling of dynamic content in the getElemWidth and getElemHeight functions, allowing malicious scripts to be injected and executed...

6.1CVSS6.3AI score0.00296EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/03/04 5:52 a.m.•9 views

Arbitrary File Read

github.com/mattermost/mattermost-server is vulnerable to Arbitrary File Read. The vulnerability is due to improper validation of board blocks when importing boards, which allows an attacker to perform a path traversal attack by importing and exporting a specially crafted import archive in Boards...

9.9CVSS6.6AI score0.2251EPSS
Exploits1References4Affected Software2
Veracode
Veracode
•added 2025/03/04 2:29 a.m.•10 views

Authentication Bypass

github.com/navidrome/navidrome is vulnerable to Authentication Bypass. The vulnerability is due to flawed authentication logic, which allows an attacker to authenticate using any non-existent username and a salted hash of an empty password...

6.9CVSS6.8AI score0.00936EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2025/03/04 2:28 a.m.•10 views

Cross-Site Scripting (XSS)

dom-expressions is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the use of .replace with special replacement patterns $' or $\ in user-defined attributes of the Meta tag, allows an attackers can exploit this by injecting malicious payloads into meta tags, potentially...

7.3CVSS6.3AI score0.00256EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2025/03/04 2:27 a.m.•10 views

Improper JWT Signature Validation

jupyterhub-ltiauthenticator is vulnerable to improper JWT signature validation. The vulnerability is due to missing JWT signature validation in LTI13Authenticator, allowing forged authentication requests to be accepted...

10CVSS6.8AI score0.00328EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2025/03/04 2:26 a.m.•9 views

Arbitrary IRC Command Execution

matrix-appservice-irc is vulnerable to arbitrary IRC command execution. The vulnerability is due to improper command handling, which allows an attacker to inject and execute arbitrary IRC commands as their own puppeted user...

4.3CVSS8AI score0.00346EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2025/03/03 8:55 a.m.•7 views

Denial Of Service (DoS)

Passenger is vulnerable to Denial Of Service DoS. The vulnerability is due to an issue in the HTTP parser during the parsing of a request with an invalid HTTP method, allowing an attacker to exploit this issue...

7.5CVSS6.5AI score0.0057EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2025/03/03 8:54 a.m.•5 views

Path Traversal

org.noear:solon-web-staticfiles is vulnerable to Path Traversal. The vulnerability is due to improper validation of user-supplied file paths in StaticMappings.java, allowing an attacker to access arbitrary files using "../filedir"...

5.3CVSS6.7AI score0.00526EPSS
Exploits0References9Affected Software1
Veracode
Veracode
•added 2025/03/03 8:40 a.m.•10 views

Arbitrary File Read

Mattermost is vulnerable to Arbitrary File Read. The vulnerability is due to improper input validation when handling board patching and duplication. Specifically, the system fails to properly validate user input when duplicating a specially crafted block in Boards, allowing unauthorized access to...

9.9CVSS6.7AI score0.00586EPSS
Exploits0References5Affected Software2
Veracode
Veracode
•added 2025/03/03 7:50 a.m.•13 views

Session Fixation

github.com/mattermost/mattermost-server is vulnerable to Session Fixation. The vulnerability is due to improper session invalidation when converting a user to a bot, allows the user to retain their previous session and potentially escalate privileges based on the bot’s assigned permissions...

8.8CVSS6.8AI score0.00237EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2025/03/03 4:54 a.m.•5 views

Open Redirect

better-auth is vulnerable to an Open Redirect vulnerability. The vulnerability is due to improper validation of the trustedOrigins configuration, which allows attackers to manipulate the callbackURL parameter, leading to an open redirect that can be exploited for token theft...

7AI score
Exploits0
Veracode
Veracode
•added 2025/03/03 4:53 a.m.•9 views

Arbitrary File Read

moodle/moodle is vulnerable to Arbitrary File Read. The vulnerability is due to insufficient input sanitization in the TeX notation filter, which allows an attacker to exploit pdfTeX to read arbitrary files on the server...

8.6CVSS6.5AI score0.00409EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/03/03 4:53 a.m.•10 views

Reflected Cross-Site Scripting

moodle/moodle is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to insufficient sanitization of user input in the question bank filter, allowing malicious scripts to be executed in a victim's browser...

8.3CVSS6.1AI score0.00333EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/03/03 4:51 a.m.•9 views

Information Disclosure

moodle/moodle is vulnerable to Information Disclosure. The vulnerability is due to inadequate restrictions on tag visibility, which allows users to access and discover hidden tags through the tag search page or tags block...

5.3CVSS5.2AI score0.00335EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/03/02 10:57 p.m.•3 views

Cross-Site Scripting (XSS)

NagVis is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to user-supplied input being reflected in responses without adequate sanitization, and attackers can exploit this by crafting malicious links that execute arbitrary JavaScript in the victim's browser when clicked, affectin...

5.4CVSS5.6AI score0.00534EPSS
Exploits2References8Affected Software1
Veracode
Veracode
•added 2025/03/02 10:53 p.m.•3 views

Remote Code Execution

NagVis is vulnerable to Remote Code Execution RCE. The vulnerability is due to the ability of an authenticated administrator to upload a malicious PHP file and modify configuration settings, and attackers can exploit this to execute arbitrary PHP code on the server...

7.2CVSS6.5AI score0.01173EPSS
Exploits2References8Affected Software1
Veracode
Veracode
•added 2025/03/02 2:33 p.m.•5 views

Use Of A Broken Or Risky Cryptographic Algorithm

Easy-RSA is vulnerable to weak encryption algorithm usage. The vulnerability is due to insecure key generation due to the use of a weak default encryption algorithm when creating the private CA key with OpenSSL 3, and attackers can exploit this to more easily brute-force the CA private key and...

5.3CVSS5.1AI score0.00081EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2025/03/02 11:31 a.m.•4 views

SQL Injection

ZoneMinder is vulnerable to SQL Injection. The vulnerability is due to unsanitized parameters being directly passed to an SQL query in WWW/AJAX/watch.php, and attackers can exploit this to execute arbitrary SQL commands on the database...

7.1CVSS7.2AI score0.00503EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2025/02/28 9:19 a.m.•5 views

Host Header Injection

leantime/leantime is vulnerable to Host Header Injection. The vulnerability is due to improper validation of the host header due to the system allowing attackers to manipulate HTTP request headers, leading to unauthorized access to user details...

7AI score
Exploits0
Veracode
Veracode
•added 2025/02/28 9:12 a.m.•4 views

Cross-site Scripting (XSS)

Leantime is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization due to the API key name allowing malicious script injection during API key generation...

6.9AI score
Exploits0
Veracode
Veracode
•added 2025/02/28 8:18 a.m.•2 views

Cross-Site Request Forgery (CSRF)

leantime/leantime is vulnerable to cross-site request forgery CSRF. The vulnerability is due to CSRF allowing a remote attacker to create an account with elevated privileges by tricking an Owner or Administrator into clicking a malicious link...

7.2AI score
Exploits0
Veracode
Veracode
•added 2025/02/28 8:5 a.m.•3 views

Stored Cross-site Scripting (XSS)

leantime/leantime is vulnerable to Stored Cross-site Scripting XSS. The vulnerability is due to improper input sanitization and output encoding, allowing attackers to inject malicious scripts that get stored and executed when retrieved by users...

6.2AI score
Exploits0
Veracode
Veracode
•added 2025/02/28 7:55 a.m.•9 views

SQL Injection

moodle/moodle is vulnerable to SQL injection. The vulnerability is due to insufficient input sanitization in the module list filter, allowing attackers to manipulate database queries...

9.8CVSS8AI score0.00435EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2025/02/28 7:44 a.m.•12 views

Improper Access Control

moodle/moodle is vulnerable to Improper access control. The vulnerability is due to missing Separate Groups mode restrictions in permission checks, allowing unauthorized viewing or deletion of responses in Feedback activities...

6.5CVSS6.6AI score0.00301EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/02/28 5:35 a.m.•11 views

Incorrect Calculation

Vyper is vulnerable to Incorrect Calculation. The vulnerability is due to improper handling of oscillating final states due to the sqrt builtin incorrectly rounding up results when using the Babylonian method for square root calculation...

7.5CVSS6.8AI score0.00302EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2025/02/28 5:23 a.m.•10 views

Out-of-bounds Write

Vyper is vulnerable to Out-of-bounds Write. The vulnerability is due to improper bounds validation due to the caching of the target location in an AugAssign statement, which prevents re-evaluating the bounds check when modifying a DynArray...

9.1CVSS6.6AI score0.00527EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2025/02/28 2:37 a.m.•5 views

Denial Of Service (DoS)

github.com/go-jose/go-jose is vulnerable to Denial Of Service DoS. The vulnerability is due to improper token parsing using strings.Splittoken, ".", which fails to limit the number of splits, allowing attackers to create excessively large token segments that consume excessive memory...

8.7CVSS6.7AI score0.00369EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2025/02/28 2:37 a.m.•8 views

Improper Access Control

moodle/moodle is vulnerable to Improper access control. The vulnerability is due to insufficient enforcement of security policies, allowing a privilege escalation attack due to inadequate checks ensuring trusttext is applied to restored glossary entries...

4.3CVSS7AI score0.00243EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/02/28 2:36 a.m.•5 views

Insufficient Capability Checks

moodle/moodle is vulnerable to Insufficient capability checks. The vulnerability is due to missing or improper authorization checks before allowing badge modifications, allows users to perform actions beyond their intended permissions...

5.3CVSS6.6AI score0.00275EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/02/28 2:35 a.m.•12 views

Stored Cross-site Scripting (XSS)

moodle/moodle is vulnerable to Stored Cross-site Scripting XSS. The vulnerability is due to insufficient sanitization of user input when handling drag-and-drop image or text elements, allowing malicious scripts to be stored and executed...

6.1CVSS3.6AI score0.00267EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/02/27 8:2 a.m.•5 views

Insufficiently Protected Credentials

leantime/leantime is vulnerable to Insufficiently Protected Credentials. The vulnerability is due to improper cache control where an attacker can view sensitive information even if they are not logged into the account anymore...

6.6AI score
Exploits0
Veracode
Veracode
•added 2025/02/27 7:53 a.m.•2 views

Cross-site Scripting (XSS)

leantime/leantime is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper handling of SVG uploads which allows an attacker to inject malicious scripts and potentially redirect users to malicious websites by uploading specially crafted SVG files...

6.6AI score
Exploits0
Total number of security vulnerabilities38326