Remote Code Execution (RCE)

system.linq.dynamic.core is vulnerable to Remote code execution RCE. The vulnerability is due to insufficient input validation and improper access control when handling reflection types and static properties/fields in the System.Linq.Dynamic.Core library, allows remote access without proper...

Insecure TLS Configuration

aws-cdk-lib is vulnerable to Insecure TLS configuration. The vulnerability is due to the tls.connect method setting rejectUnauthorized: false by default, which allows connections to unauthorized OIDC providers without verification. This could potentially allow attackers to exploit insecure...

Unbounded Disk Consumption

github.com/t2bot/matrix-media-repo is vulnerable to Unbounded Disk Consumption. The vulnerability is MMR's lack of proper rate limiting and controls on the amount of data that can be requested and cached, allowing unauthenticated users to request excessive amounts of remote media files...

Stored Cross-site Scripting (XSS)

librenms/librenms is vulnerable to Stored Cross-site Scripting XSS. The vulnerability is due to insufficient input sanitization of the descr parameter in /ajaxform.php, allows malicious scripts to be injected and stored in the system...

Access Control Bypass

zotregistry.dev/zot is vulnerable to Access Control Bypass. The vulnerability is due to group data being stored as an append-list in the boltdb database meta.db, where group memberships are appended instead of replaced. It allows unauthorized access to persist, enabling attackers to retain...

Cross-Site Scripting (XSS)

KateX is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization of input. When users render untrusted mathematical expressions using renderToString, malicious input containing \htmlData can bypass validation, allowing for the execution of arbitrary JavaScrip...

Reflected Cross-Site Scripting (XSS)

librenms/librenms is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of the community parameter on the /addhost page, allowing remote attackers to inject malicious scripts, which execute when the page is viewed or interacted with...

Stored Cross-site Scripting (XSS)

librenms/librenms is vulnerable to stored cross-site scripting XSS. The vulnerability is due to improper sanitization of the display parameter in the /device/$DEVICEID/edit endpoint, allowing remote attackers to inject malicious scripts...

Stored Cross-site Scripting (XSS)

librenms/librenms is vulnerable to Stored cross-site scripting XSS. The vulnerability is due to insufficient input sanitization of the display parameter in the /device/$DEVICEID/edit endpoint, allowing attackers to inject and store malicious scripts on the server...

Stored Cross-site Scripting (XSS)

librenms/librenms is vulnerable to stored cross-site scripting XSS. The vulnerability is due to improper input sanitization of the state parameter in ajaxform.php, which allows an attacker to inject malicious scripts that execute when a user views or interacts with the affected page...

Broken Object Level Authorization

Indico is vulnerable to a Broken Object Level Authorization BOLA vulnerability. The vulnerability is due to insufficient access control in the /api/principals component, which allows attackers to retrieve information about other user accounts by sending crafted POST requests...

Improper Input Validation

Mattermost is vulnerable to Improper Input Validation. The vulnerability is due to the failure to properly handle attachment fields that cannot be cast to a String, leading to a crash in the web application. Attackers can exploit this by creating and sending specially crafted posts with such...

Arbitrary Code Execution

github.com/t2bot/matrix-media-repo is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to improper validation of file types during the thumbnail generation process, where MMR relies on user-supplied file type values to select decoders e.g., ImageMagick or ffmpeg, which can...

Server Side Request Forgery (SSRF)

github.com/t2bot/matrix-media-repo is vulnerable to Server Side Request Forgery SSRF. The vulnerability is due to MMR serving content from a private network it can access, under certain conditions, allows attackers to potentially access internal resources that would otherwise be protected...

Excessive Memory Consumption

github.com/t2bot/matrix-media-repo is vulnerable to Excessive Memory Consumption. The vulnerability is due to inadequate handling of large JSON responses, allowing an attacker to exhaust system memory and potentially crash the application...

Improper Authentication

Matrix Media Repo MMR is vulnerable to Improper Authentication. The vulnerability is due to MMR's design, which allows unauthenticated remote participants to trigger the download and caching of remote media from a remote homeserver to the local repository, enabling adversaries to plant problemati...

OS Command Injection

github.com/mayuresh82/gocast is vulnerable to OS Command Injection. The vulnerability is due to improper validation of user input in the name parameter, which allows specially crafted HTTP requests to inject and execute arbitrary OS commands...

Path Traversal

Ray is vulnerable to Path Traversal. The vulnerability is due to improper validation or sanitization of user input in the log API endpoint, allowing attackers to specify arbitrary file paths and access unauthorized files on the server...

Local File Inclusion (LFI)

Ray is vulnerable to Local File Inclusion LFI. The vulnerability is due to improper validation and access control in Ray's /static/ directory, which allows attackers to specify and access arbitrary file paths without authentication...

OS Command Injection

Ray is vulnerable to Os command Injection. The vulnerability is due to improper input sanitization in the cpuprofile URL parameter, allowing attackers to execute OS commands remotely on the system running the Ray dashboard without authentication...

Improper Input Validation

Mattermost is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of post properties, which allows a malicious authenticated user to craft and send a malicious post, potentially causing a crash...

Improper Input Validation

Mattermost is vulnerable to Improper Input Validation. The vulnerability is due to improper validation of the style of proto supplied to an action's style in post.props.attachments, which allows attackers to crash the frontend by providing crafted malicious input...

Improper Input Validation

Mattermost is vulnerable to Improper Input Validation. The vulnerability is due to a failure to properly validate post props, which can result in a crash when malicious posts are processed...

Remote Code Execution (RCE)

umbraco.headless.client.net is vulnerable to Remote Code Execution RCE. The vulnerability is due to the use of an insecure Refit package, allows an attacker to exploit the insecure Refit dependency...

Signature Bypass

github.com/dexidp/dex is vulnerable to Signature Bypass. The vulnerability is due to issues with XML encoding in the underlying Go library by using the xml-roundtrip-validator from Mattermost, which allows an attacker to bypass the signature verification process in SAML assertions...

Regular Expression Denial Of Service (ReDoS)

Parse-uri is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression processing, which allows attackers to exploit crafted URLs and cause a denial of service...

Remote Code Execution (RCE)

islandora/crayfish is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper configuration in certain web-accessible installations, which allows an attacker to execute arbitrary code remotely...

Account Takeover

Sentry is vulnerable to Account Takeover. The vulnerability is due to improper handling of SAML Identity Providers, which allows an attacker to craft a malicious SAML response and associate it with a different organization on the same Sentry instance...

Search Injection

Mongoose is vulnerable to Search Injection. The vulnerability is due to improper handling of a nested $where filter with a populate match, allows the improper handling of a nested $where filter with a populate match, which can be exploited for search injection attacks...

Authentication Bypass

github.com/tyktechnologies/tyk-identity-broker is vulnerable to Authentication Bypass. The vulnerability is due to the Go XML parser not guaranteeing integrity during the XML round-trip encoding/decoding XML data, which allows for the bypassing of SAML authentication...

Cross-Site Request Forgery (CSRF)

typo3/cms-lowlevel is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper handling of deep links in the backend user interface, caused by insufficient enforcement of HTTP methods and reliance on misconfigured security settings and allows an attacker to manipulate...

Denial Of Service (DoS)

io.netty, netty-common is vulnerable to Denial Of Service DoS. The vulnerability is due to unsafe reading of environment files, where Netty attempts to load a non-existent file, allows an attacker can exploit this by creating a large file, causing the application to crash and resulting in a denia...

Cross-Site Request Forgery (CSRF)

typo3/cms-dashboard is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper validation of HTTP methods in state-changing actions and misconfigurations in the backend settings, such as disabled security.backend.enforceReferrer or lax/none BE/cookieSameSite settings,...

Cross-Site Request Forgery (CSRF)

typo3/cms-belog is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to the backend user interface functionality involving deep links, which allows state-changing actions via HTTP GET without enforcing the appropriate HTTP method and allows an attacker to exploit the “Log...

Information Disclosure

typo3/cms-install is vulnerable to Information Disclosure. The vulnerability is due to an incorrect password hashing mechanism, which causes the install tool password to be logged in plaintext, allowing an attacker to potentially gain access to the password if they can access the logs or system...

Cross-Site Request Forgery (CSRF)

typo3/cms-extensionmanager is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper handling of HTTP methods for state-changing actions and the backend user interface being susceptible to malicious URLs under specific misconfigurations, allows an attacker to retrieve...

Cross-Site Request Forgery (CSRF)

typo3/cms-beuser is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper handling of state-changing actions in downstream components, where HTTP GET submissions are incorrectly accepted instead of enforcing the appropriate HTTP method. Misconfigurations, such as...

Cross-Site Request Forgery (CSRF)

typo3/cms-scheduler is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper handling of HTTP methods and a failure to enforce appropriate security settings, which allows attackers to submit malicious requests through CSRF...

Remote Code Execution (RCE)

Rasa is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of maliciously crafted models in Rasa, which allows an attacker to load a model remotely into a Rasa instance if certain security configurations are not in place...

Access Control List (ACL) Bypass

gradio is vulnerable to an Access Control List ACL Bypass. The vulnerability is due to improper case normalization in the file path validation logic through the blockedpaths parameter of the isallowedfile function, allows an attacker can gain unauthorized access to sensitive files by altering the...

Insufficient Input Validation

Umbraco.Forms is vulnerable to insufficient input validation. The vulnerability is due to lack of server-side validation for the character limits. While the client-side validation enforces these limits in the browser, it can be bypassed by manipulating the request before it reaches the server...

Cross-Site Request Forgery (CSRF)

typo3/cms-indexed-search is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper validation of HTTP methods for state-changing actions and misconfigured security settings, allows attackers to exploit the "Indexed Search Module" to delete items by deceiving logged-in...

Cross-Site Request Forgery (CSRF)

typo3/cms-form is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper handling of state-changing actions in downstream components, which incorrectly accept submissions via HTTP GET requests instead of enforcing the correct HTTP method. Misconfigured settings, such ...

Gas Manipulation Attack

vyper is vulnerable to Gas Manipulation Attack. The vulnerability is due to insufficient error handling in the Vyper Compiler, which fails to check the success flag of precompile calls EcRecover and Identity, allowing attackers to manipulate the gas, causing precompile failures without halting...

Improper Array Index Validation

OFFIS DCMTK is vulnerable to Improper Array Index Validation. The vulnerability is due to improper bounds checking in the nowindow functionality, leading to an out-of-bounds write. An attacker can provide a specially crafted DICOM file to trigger this vulnerability and potentially execute arbitra...

Server-Side Request Forgery

Gomatrixserverlib is vulnerable to server-side request forgery SSRF. The vulnerability is due to improper validation of network requests, allowing the library to serve content from a private network it can access under certain conditions, which attackers can exploit to access internal network...

Remote Code Execution (RCE)

.NET 8.0 and .NET 9.0 are vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation or handling of files loaded in Visual Studio, allowing specially crafted files to exploit the system...

Remote Code Execution

Microsoft.NetCore.App.Runtime is vulnerable to Remote Code Execution. The vulnerability is due to improper handling of specially crafted files in Visual Studio, allowing attackers to exploit this weakness by loading malicious files to execute arbitrary code...

Remote Code Execution

Microsoft.NetCore.App.Runtime is vulnerable to Remote Code Execution. The vulnerability is due to improper handling of specially crafted requests by the web server. Attackers can exploit this vulnerability by sending maliciously crafted requests to a vulnerable application, potentially executing...

Cross-site Scripting (XSS)

silverstripe/framework is vulnerable to a Cross-Site Scripting XSS. The vulnerability is due to the failure to sanitize HTML before replacing the embed shortcode with oEmbed JSON data in the "insert media" functionality, allowing a script payload to be executed on both the CMS and front-end of th...