Lucene search
K
VeracodeRecent

38326 matches found

Veracode
Veracode
•added 2025/02/27 7:50 a.m.•4 views

Authorization Bypass

leantime/leantime is vulnerable to an Authorization Bypass. The vulnerability is due to missing authorization checks on the "Host" parameter, allowing an attacker to access another user's profile information by modifying the parameter...

6.7AI score
Exploits0
Veracode
Veracode
•added 2025/02/27 7:41 a.m.•2 views

Cross-site Scripting (XSS)

leantime/leantime is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input validation due to the lack of sanitization of the $GET"id" parameter, allowing an attacker to inject malicious scripts...

6.4AI score
Exploits0
Veracode
Veracode
•added 2025/02/27 7:27 a.m.•5 views

Cross-Site Scripting (XSS)

leantime/leantime is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization and output encoding of the title field in a To-Do, allows an attacker to inject and execute arbitrary JavaScript in a victim's browser...

6.7AI score
Exploits0
Veracode
Veracode
•added 2025/02/27 6:51 a.m.•10 views

Insufficient Control Flow Management

Vyper is vulnerable to Insufficient Control Flow Management. The vulnerability is due to improper handling of iterator expressions in for loops due to the ability of iterators to consume side effects produced in the loop body, potentially leading to unexpected program behavior...

7.5CVSS6.7AI score0.00412EPSS
Exploits1References5Affected Software1
Veracode
Veracode
•added 2025/02/27 6:40 a.m.•3 views

HTML Injection

leantime/leantime is vulnerable to HTML injection. The vulnerability is due to improper neutralization of HTML tags in users' first names, allowing arbitrary HTML to be injected into emails...

7.3AI score
Exploits0
Veracode
Veracode
•added 2025/02/27 6:7 a.m.•12 views

Heap Buffer Overflow

libexiv2.so is vulnerable to a Heap Buffer Overflow. The vulnerability is due to a heap buffer overflow triggered when writing metadata into a crafted image file, allows an attacker could exploit this to achieve code execution if a victim processes a malicious image with Exiv2...

9.8CVSS7.5AI score0.00816EPSS
Exploits1References4Affected Software2
Veracode
Veracode
•added 2025/02/27 4:6 a.m.•12 views

Stored Cross-site Scripting (XSS)

moodle/moodle is vulnerable to Stored Cross-site Scripting XSS. The vulnerability is due to insufficient sanitization of user-inputted data in the site administration live log, allowing malicious scripts to be stored and executed when viewed...

8.3CVSS5.8AI score0.00478EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2025/02/27 4:5 a.m.•12 views

Denial Of Service (DoS)

net.minidev, json-smart is vulnerable to Denial Of Service DoS. The vulnerability is due to loading a specially crafted JSON input with a large number of ‘’, which allows an attacker to trigger a Denial of Service DoS attack...

7.5CVSS6.5AI score0.01119EPSS
Exploits1References8Affected Software1
Veracode
Veracode
•added 2025/02/27 4:4 a.m.•4 views

Denial Of Service (DoS)

qiskit is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of malformed symengine serialization streams within QPY files, allowing an attacker to trigger a segmentation fault in the symengine library using a malicious QPY file...

8.6CVSS6.5AI score0.0066EPSS
Exploits0References5Affected Software2
Veracode
Veracode
•added 2025/02/27 4:2 a.m.•6 views

Cross-Site Scripting (Reflected XSS)

Leantime is vulnerable to cross-site scripting XSS. The vulnerability is due to improper input validation and output encoding in the "overdue" section, allowing attackers to upload malicious image files containing XSS payloads...

5.7AI score
Exploits0
Veracode
Veracode
•added 2025/02/26 9:18 a.m.•11 views

Arbitrary File Access

@graphql-mesh is vulnerable to Arbitrary File Access. The vulnerability is due to a missing validation check in the static file handler, which fails to restrict absolutePath to the designated staticFiles directory, allows attackers to access files outside the intended directory...

7.5CVSS6.6AI score0.00336EPSS
Exploits1References3Affected Software2
Veracode
Veracode
•added 2025/02/26 8:54 a.m.•4 views

Bit Flipping Attack

cookie-encrypter is vulnerable to Bit flipping Attack. The vulnerability is due to the lack of integrity verification, allowing attackers to modify encrypted cookies without detection...

9.1CVSS6.7AI score0.00274EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2025/02/26 8:44 a.m.•5 views

Denial Of Service (DoS)

Libming is vulnerable to Denial Of Service DoS. The vulnerability is due to improper memory management due to the parseABCCONSTANTPOOL and parseABCFILE functions in util/parser.c failing to release allocated memory, potentially leading to a denial of service via a crafted ABC file...

6.5CVSS6.5AI score0.00361EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2025/02/26 8:33 a.m.•8 views

Denial Of Service (DoS)

Libming is vulnerable to Denial Of Service DoS. The vulnerability is due to improper memory management due to the parseSWFIMPORTASSETS2 function in util/parser.c failing to release allocated memory, potentially leading to a denial of service via a crafted SWF file...

6.5CVSS6.5AI score0.00361EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2025/02/26 8:10 a.m.•10 views

Insecure Direct Object Reference (IDOR)

github.com/kubesphere/kubesphere is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to missing proper authorization checks, which allow low-privileged authenticated attackers to access sensitive resources directly...

4.3CVSS6.4AI score0.01618EPSS
Exploits2References6Affected Software1
Veracode
Veracode
•added 2025/02/26 6:20 a.m.•5 views

Denial Of Service (DoS)

Libming is vulnerable to Denial Of Service DoS. The vulnerability is due to improper memory management due to the parseSWFEXPORTASSETS function in util/parser.c failing to release allocated memory, potentially leading to a denial of service...

8.2CVSS6.6AI score0.0036EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2025/02/26 6:11 a.m.•8 views

Denial Of Service (DoS)

Libming is vulnerable to Denial Of Service DoS. The vulnerability is due to improper memory management due to the parseSWFDEFINESCENEANDFRAMEDATA function in util/parser.c failing to release allocated memory, allowing attackers to cause a denial of service via a crafted SWF file...

6.5CVSS6.2AI score0.00361EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2025/02/26 5:47 a.m.•12 views

Variable Reuse In Cached Queries

@graphql-mesh/runtime is vulnerable to variable reuse in cached queries. The vulnerability is due to the LRU-based cache retention of DocumentNode, which prevents updated variables, including authentication tokens, from being applied in subsequent requests. It allows an attacker to force a victim...

7.5CVSS6.8AI score0.00399EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2025/02/26 5:46 a.m.•3 views

Denial Of Service (DoS)

github.com/treeverse/lakefs is vulnerable to Denial Of Service DoS. The vulnerability is due to improper memory management in handling pre-signed multipart upload requests, allowing an attacker to crash the server and disrupt availability...

6.5CVSS6.6AI score0.00412EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2025/02/26 12:20 a.m.•9 views

Denial Of Service (DoS)

Libming is vulnerable to Denial Of Service DoS. The vulnerability is due to memory leaks in the clip actions parsing functions and by missing proper memory deallocation in parseSWFCLIPACTIONS and parseSWFCLIPACTIONRECORD when processing crafted SWF files, allowing an attacker to exhaust system...

6.5CVSS6.6AI score0.00361EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2025/02/26 12:19 a.m.•7 views

Denial Of Service (DoS)

libming.so is vulnerable to Denial Of Service DoS. The vulnerability is due to a memory leak in the parseSWFFILTERLIST function in util/parser.c and by improper memory management when processing crafted SWF files, allowing attackers to exhaust system memory and trigger a denial of service...

6.5CVSS6.6AI score0.00361EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2025/02/25 7:24 a.m.•6 views

Denial Of Service (DoS)

Libming is vulnerable to Denial Of Service DoS. The vulnerability is due to improper memory management due to the parseSWFSOUNDINFO function in util/parser.c failing to release allocated memory, allowing attackers to cause a denial of service via a crafted SWF file...

8.2CVSS6.5AI score0.0036EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2025/02/25 7:22 a.m.•6 views

Authentication Bypass

github.com/hashicorp-forge/hermes is vulnerable to Authentication Bypass. The vulnerability is due to improper validation of JWT when using the AWS ALB authentication mode, potentially allowing an authentication bypass attack...

8.2CVSS7.4AI score0.00321EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2025/02/25 7:15 a.m.•5 views

Denial Of Service (DoS)

Libming is vulnerable to Denial Of Service DoS. The vulnerability is due to improper memory management due to the readSizedString function in util/read.c failing to release allocated memory, allowing attackers to cause a denial of service via a crafted file...

6.5CVSS6.5AI score0.00361EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2025/02/25 7:7 a.m.•5 views

Cross-site Scripting (XSS)

Keycloak is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input validation due to a privileged attacker being able to inject a malicious payload as the permission while creating items Resource and Permissions from the admin console...

3.8CVSS3.8AI score0.00278EPSS
Exploits0References4
Veracode
Veracode
•added 2025/02/25 6:59 a.m.•4 views

Improper Access Control

org.keycloak, keycloak-services is vulnerable to Improper Access Control. The vulnerability is due to improper user-organization mapping due to matching usernames or emails with an organization’s domain pattern at the mapper level, allows an attacker to bypass authorization and escalate privilege...

5.4CVSS6.9AI score0.00378EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2025/02/25 6:8 a.m.•7 views

Cross-Site Scripting (XSS)

@ckeditor/ckeditor5-real-time-collaboration is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of user markers in the real-time collaboration package, which can allow unauthorized JavaScript execution in certain editor and token endpoint configurations...

2.3CVSS6.2AI score0.00557EPSS
Exploits0References4Affected Software2
Veracode
Veracode
•added 2025/02/25 5:39 a.m.•7 views

Hash Collision Attack

tech.kwik, kwik is vulnerable to Hash collision attack. The vulnerability is due to a hash collision in the connection management hash table, allowing remote attackers to cause high CPU load via colliding Source Connection IDs SCIDs...

5.3CVSS6.7AI score0.00535EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2025/02/25 1:58 a.m.•5 views

Information Disclosure

autoqueryable is vulnerable to Information Disclosure. The vulnerability is due to insufficient restrictions on the Unselectable function, allowing a remote attacker to obtain sensitive information...

7.5CVSS6.8AI score0.00499EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2025/02/25 1:57 a.m.•11 views

Reflected Cross-site Scripting (XSS)

github.com/oxyno-zeta/s3-proxy is vulnerable to Reflected Cross-site Scripting XSS. The vulnerability is due to improper input sanitization in the folder-list template, allowing attackers to inject malicious scripts through the Request.URL.Path variable...

8.4CVSS6.3AI score0.00459EPSS
Exploits1References6Affected Software1
Veracode
Veracode
•added 2025/02/25 1:54 a.m.•9 views

Authorization Bypass

OpenFGA is vulnerable to Authorization Bypass. The vulnerability is due to improper handling of access control rules and is caused by a misconfiguration where a relation is assignable to both public access and a userset of the same type, allowing unintended access...

9.8CVSS7AI score0.00401EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2025/02/24 1:41 p.m.•4 views

Authentication Bypass

CIE.AspNetCore.Authentication is vulnerable to Authentication Bypass. The vulnerability is due to improper signature validation due to a flaw in the handling of SAML assertions, allowing an attacker to inject a signed element that bypasses verification and enables impersonation of any Spid or CIE...

9.1CVSS6.9AI score0.0056EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2025/02/24 1:8 p.m.•7 views

NULL Pointer Dereference

libxml2 is vulnerable to a NULL Pointer Dereference. The vulnerability is due to improper handling of pattern matching due to a flaw in xmlPatMatch in pattern.c, which can lead to a crash when processing certain XML data...

7.5CVSS6.5AI score0.01018EPSS
Exploits1References13Affected Software2
Veracode
Veracode
•added 2025/02/24 12:16 p.m.•9 views

Use After Free

libxml2 and nokogiri are vulnerable to a Use-After-Free. The vulnerability is due to improper memory handling due to a flaw in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c, which can be exploited when a crafted XML document is validated against an XML schema with...

9.8CVSS6.5AI score0.0113EPSS
Exploits0References14Affected Software3
Veracode
Veracode
•added 2025/02/24 12:2 p.m.•5 views

Stack-based Buffer Overflow

libxml2 and nokogiri are vulnerable to a Stack-based Buffer Overflow. The vulnerability is due to improper input validation due to a flaw in xmlSnprintfElements in valid.c, which can be exploited when DTD validation occurs for an untrusted document or untrusted DTD...

7.8CVSS7AI score0.00375EPSS
Exploits0References7Affected Software4
Veracode
Veracode
•added 2025/02/24 6:41 a.m.•5 views

Script Injection

smartbanner.jss is vulnerable to Script Injection. The vulnerability is due to window.opener being accessible to third-party pages when users click the View link, allowing attackers to manipulate the original page via redirection or script injection...

5.3CVSS6.6AI score0.00387EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/02/24 6:26 a.m.•7 views

Race Condition

Duende.AccessTokenManagement is vulnerable to a Race condition. The vulnerability is due to improper synchronization in access token retrieval, allowing an attacker to obtain a token with incorrect scopes or resource indicators, potentially leading to unauthorized access...

6.3CVSS6.5AI score0.00362EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/02/24 4:53 a.m.•10 views

Improper Access Control

Directus is vulnerable to Improper Access Control. The vulnerability is due to improper evaluation of field-level access permissions when multiple overlapping update policies apply, allowing users to update a superset of fields rather than only those permitted for a specific item...

5.4CVSS7AI score0.0022EPSS
Exploits0References4Affected Software2
Veracode
Veracode
•added 2025/02/24 4:0 a.m.•5 views

Server-side Request Forgery

github.com/bishopfox/sliver is vulnerable to Server-side Request Forgery. The vulnerability is due to improper authorization and lack of validation in the Sliver teamserver's reverse port forwarding mechanism, which allows the implant to open a reverse tunnel without operator instruction...

6.9CVSS6.7AI score0.00578EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2025/02/24 3:58 a.m.•5 views

Man-in-the-middle(MitM) Attack

homeassistant is vulnerable to Man-in-the-middleMitM Attack. The vulnerability is due to missing SSL certificate verification and improper migration of the verifyssl parameter to the ssl parameter in aiohttp, which unintentionally disabled SSL verification, allows an attacker to intercept and...

7CVSS6.7AI score0.00229EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/02/24 3:57 a.m.•6 views

SAML Signature Validation Bypass

SPID.AspNetCore.Authentication is vulnerable to SAML signature validation bypass. The vulnerability is due to the lack of strict validation of the relationship between the signature and the signed object, allowing an attacker to inject a signed XML element and impersonate any SPID or CIE user...

9.1CVSS7AI score0.0056EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2025/02/24 3:39 a.m.•8 views

Brute-force Attack

github.com/authelia/authelia is vulnerable to Brute-force attacks. The vulnerability is due to the regulation system counting username and email logins separately, which increases the number of allowed attempts for an attacker...

2.3CVSS6.6AI score0.0035EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2025/02/23 11:25 p.m.•2 views

Denial Of Service

GitLab is vulnerable to Denial of Service DoS. The vulnerability is due to the server failing to safely process maliciously crafted files, and attackers can exploit this to consume excessive resources and disrupt the availability of the service...

6.5CVSS6.1AI score0.00575EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2025/02/23 11:24 p.m.•4 views

Regular Expression Denial Of Service

GitLab is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient input validation due to the processing logic for generating links in dependency files using vulnerable regular expressions, and attackers can exploit this by submitting specially crafted...

6.5CVSS6.1AI score0.0049EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2025/02/19 5:14 a.m.•6 views

Information Disclosure

github.com/mattermost/mattermost-server is vulnerable to Information Disclosure. The vulnerability is due to failing to filter out DMs from the deleted channels endpoint, allowing an attacker to infer user IDs and other metadata from deleted DMs if they were manually marked as deleted in the...

5.3CVSS6.7AI score0.00234EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/02/19 5:12 a.m.•19 views

Remote Code Execution (RCE)

jsonpath-plus is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper input sanitization, specifically because of the unsafe default usage of eval='safe' mode, which allows an attacker to execute arbitrary code on the system...

9.8CVSS8.1AI score0.10701EPSS
Exploits5References5Affected Software1
Veracode
Veracode
•added 2025/02/19 5:11 a.m.•5 views

Heap-based Buffer Over-read

libarchive.so is vulnerable to a Heap-based buffer over-read. The vulnerability is due to improper handling of truncated GNU long linknames in headergnulonglink, allowing an attacker to read out-of-bounds memory, potentially causing information disclosure or application crashes...

4CVSS6.3AI score0.00233EPSS
Exploits0References4Affected Software2
Veracode
Veracode
•added 2025/02/19 5:9 a.m.•6 views

Regular Expression Denial Of Service (ReDoS)

@octokit/request is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to an unbounded regular expression match, allowing an attacker to send a malicious link header, leading to excessive CPU usage and potential server unresponsiveness...

5.3CVSS5.1AI score0.00729EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2025/02/18 5:42 p.m.•11 views

Remote Code Execution (RCE)

Apache Ignite is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper deserialization due to the configured Class Serialization Filters being ignored for some Ignite endpoints, allowing an attacker to send a maliciously crafted message that executes arbitrary code on the...

9.5CVSS7.9AI score0.02427EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2025/02/18 9:5 a.m.•5 views

Denial Of Service (DoS)

Keylime is vulnerable to Denial-of-Service DoS. The vulnerability is due to improper handling of database entries due to stricter type checking, which prevents previously stored data from being processed, leading to application failure when querying attacker-populated entries...

4.3CVSS6.5AI score0.00365EPSS
Exploits0References6Affected Software1
Total number of security vulnerabilities38326