Cross-Site Request Forgery (CSRF)

typo3/cms-form is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper handling of state-changing actions in downstream components, which incorrectly accept submissions via HTTP GET requests instead of enforcing the correct HTTP method. Misconfigured settings, such ...

Gas Manipulation Attack

vyper is vulnerable to Gas Manipulation Attack. The vulnerability is due to insufficient error handling in the Vyper Compiler, which fails to check the success flag of precompile calls EcRecover and Identity, allowing attackers to manipulate the gas, causing precompile failures without halting...

Improper Array Index Validation

OFFIS DCMTK is vulnerable to Improper Array Index Validation. The vulnerability is due to improper bounds checking in the nowindow functionality, leading to an out-of-bounds write. An attacker can provide a specially crafted DICOM file to trigger this vulnerability and potentially execute arbitra...

Server-Side Request Forgery

Gomatrixserverlib is vulnerable to server-side request forgery SSRF. The vulnerability is due to improper validation of network requests, allowing the library to serve content from a private network it can access under certain conditions, which attackers can exploit to access internal network...

Remote Code Execution (RCE)

.NET 8.0 and .NET 9.0 are vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation or handling of files loaded in Visual Studio, allowing specially crafted files to exploit the system...

Remote Code Execution

Microsoft.NetCore.App.Runtime is vulnerable to Remote Code Execution. The vulnerability is due to improper handling of specially crafted files in Visual Studio, allowing attackers to exploit this weakness by loading malicious files to execute arbitrary code...

Remote Code Execution

Microsoft.NetCore.App.Runtime is vulnerable to Remote Code Execution. The vulnerability is due to improper handling of specially crafted requests by the web server. Attackers can exploit this vulnerability by sending maliciously crafted requests to a vulnerable application, potentially executing...

Cross-site Scripting (XSS)

silverstripe/framework is vulnerable to a Cross-Site Scripting XSS. The vulnerability is due to the failure to sanitize HTML before replacing the embed shortcode with oEmbed JSON data in the "insert media" functionality, allowing a script payload to be executed on both the CMS and front-end of th...

Denial Of Service (DoS)

Django is vulnerable to a Denial Of Service DoS. The vulnerability is due to the lack of upper-bound limit enforcement in strings during IPv6 validation, which affects the cleanipv6address and isvalidipv6address functions, as well as the django.forms.GenericIPAddressField form field, allows an...

Reflected Cross-Site Scripting (Reflected XSS)

silverstripe/framework is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to the "dev" environment mode improperly rendering error messages, allowing an attacker to execute XSS payloads by providing a malicious URL...

Credentials Exposure

github.com/git-lfs/git-lfs is vulnerable to Credential Exposure. The vulnerability is due to improper handling of URL-encoded control characters in Git LFS, which passes portions of a host's URL containing embedded line-ending control characters e.g., LF or CR to the git-credential command withou...

Arbitrary File Read

org.apache.linkis, linkis-metadata-query-service-jdbc is vulnerable to Arbitrary File Read. The vulnerability is due to insufficient parameter filtering in the DataSource Manager Module, allowing an attacker to configure malicious MySQL JDBC parameters to read arbitrary files from the server...

Cross-site Scripting (XSS)

github.com/rancher/rancher is vulnerable to Cross-site Scripting XSS. The vulnerability is due to a Stored XSS attack, which occurs when a malicious actor can inject and store malicious scripts via the cluster description field, leading to potential execution of unauthorized code within the UI...

Inefficient Compression

@lodestar/reqresp is vulnerable to Inefficient Compression. The vulnerability is due to inefficient compression in the snappy framing over SSZ encoded messages, allows an attacker to send specially crafted messages that exploit these inefficiencies, potentially causing resource exhaustion, system...

Cross-Site Scripting (XSS)

silverstripe/framework is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitisation of user-provided content in form messages, allows HTML markup, including potentially harmful scripts, to be processed and displayed without proper filtering, leading to the...

Cross-Site Scripting (XSS)

microweber/microweber is vulnerable to Cross Site Scripting. The vulnerability is due to insufficient input sanitization in the First Name and Last Name parameters, allows untrusted data to be executed as code, enabling the attacker to inject malicious scripts into the application...

Cross-Site Scripting (XSS)

microweber/microweber is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input validation in the campaign Name Internal Name field in the Add new campaign function, allowing a remote attacker to execute arbitrary code...

Cross-Site Scripting (XSS)

microweber/microweber is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper input validation in the "create new backup" function, allowing a remote attacker to execute arbitrary code via the endpoint /admin/module/view?type=adminbackup...

Man-in-the-middle(MitM) Attack

github.com/notaryproject/notation-go is vulnerable to Man-in-The-Middle attack. The vulnerability is due to the failure to verify the revocation status of the certificate chain during timestamp signature generation, allowing attackers to exploit compromised or revoked certificates to generate...

Information Disclosure

org.keycloak, keycloak-quarkus-server is vulnerable to Information Disclosure. The vulnerability is due to the ability of admin users to inject placeholders like $env.VARNAME or $PROPNAME into configurable URLs, allowing access to sensitive server environment variables and system properties...

Denial Of Service (DoS)

github.com/notaryproject/notation-go is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of temporary file operations during CRL cache updates, specifically the use of the os.Rename method, which fails when moving files across different mount points, allows an...

Cross-Site Scripting (XSS)

gg.jte, jte is vulnerable to cross-site scripting XSS. The vulnerability is due to improper escaping of backticks and dollar signs in JavaScript template strings, which allows an attacker to inject malicious JavaScript code into HTML templates...

Denial Of Service (DoS)

org.keycloak, keycloak-quarkus-server is vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient input validation in the processing of security headers, allowing improperly formatted input such as newlines to disrupt server operations...

Authentication Bypass

github.com/openfga/openfga is vulnerable to Authorization Bypass. The vulnerability is due to improper validation of conditions and contextual tuples when using the Check API or ListObjects API, particularly when caching is enabled OPENFGACHECKQUERYCACHEENABLED, allows attackers to potentially...

Denial Of Service (DoS)

Tornado is vulnerable to a Denial of Service DoS. The vulnerability is due to the HTTP cookie parsing algorithm having quadratic complexity, allowing maliciously crafted cookie headers to cause excessive CPU consumption and block the processing of other requests...

Improper Cache Management

github.com/MicahParks/jwkset is vulnerable to Improper Cache Management. The vulnerability is due to the provided HTTP client's local JWK Set cache failing to perform a full replacement during refresh operations. This allows outdated or revoked keys to remain in the cache, posing a security risk...

Race Condition

pgAdmin is vulnerable to Race Condition. The vulnerability is due to improper session handling in server mode with LDAP authentication, where simultaneous login attempts can result in users being attached to another user's session...

Open Redirection

github.com/h44z/wg-portal is vulnerable to Open Redirection. The vulnerability is due to improper handling of OAuth or OIDC authentication backends, which can be exploited when a user visits a malicious website in WireGuard Portal v2...

Denial Of Service (DoS)

github.com/mattermost/mattermost-server is vulnerable to Denial-of-service DoS vulnerability. The vulnerability is due to improper validation of post types, allowing attackers to exploit a specific post type customplnotification and its props to deny service to users with the sysconsolereadplugin...

Type Confusion

strawberrygraphql is vulnerable to Type Confusion. The vulnerability is due to improper handling of GraphQL types when multiple types are mapped to the same underlying model while using the relay node interface, allows an attacker to exploit type confusion to access or manipulate data from...

Incorrect UI Reporting

github.com/mattermost/mattermost-server is vulnerable to Incorrect UI reporting. The vulnerability is due to inaccurate reporting of missing settings, which allows an attacker to exploit misconfigurations. This could lead to manipulation of the Calls feature or unauthorized access to sensitive da...

Open Redirect

sickchill is vulnerable to an Open Redirect. The vulnerability is due to improper validation of the next parameter in the user-controlled login endpoint, allows an attacker to redirect authenticated users to arbitrary destinations, potentially facilitating phishing attacks or other malicious...

Arbitrary File Inclusion (AFI)

nesbot/carbon is vulnerable to Arbitrary File Inclusion AFI. The vulnerability is due to unsanitized user input passed to Carbon::setLocale, which allows attackers to upload files with a .php extension in a folder that can be included or required by the application, potentially executing arbitrar...

Arbitrary File Write

keras is vulnerable to Arbitrary File Write. The vulnerability is due to improper handling of downloaded tar files in the getfile function. When the function extracts the tar file, it does not properly validate or sanitize the file paths, allowing attackers to write files to arbitrary locations o...

Deserialization Of Untrusted Data

org.apache.openmeetings,openmeetings-parent is vulnerable to Deserialization of untrusted data. The vulnerability is due to the lack of proper configuration for the openjpa.serialization.class.blacklist and openjpa.serialization.class.whitelist settings in the clustering instructions, allowing an...

Path Traversal

github.com/charmbracelet/soft-serve is vulnerable to a Path Traversal. The vulnerability is due to improper handling of user-supplied input in the path traversal mechanism, allows non-admin users to access and modify repositories that should be restricted to others...

Cross-site Scripting (XSS)

TabberNeue is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper escaping of user-supplied page names in TabberTransclude.php, allowing an XSS payload to be injected as the page name...

Denial Of Service (DoS)

go-git is vulnerable to a Denial of Service DoS. The vulnerability is due to insufficient handling of specially crafted responses from a Git server, which can trigger resource exhaustion in go-git clients...

Session Fixation

NiceGUI is vulnerable to Session Fixation. The vulnerability is due to improper session handling, where authenticating with NiceGUI logged in the user across all browsers, including those in incognito mode...

Argument Injection

github.com/go-git/go-git is vulnerable to an Argument Injection. The vulnerability is due to improper validation of input arguments passed to the git-upload-pack flags, which allows arbitrary values to be injected when using the file transport protocol...

Stored Cross-site Scripting (XSS)

redaxo/source is vulnerable to Stored cross-site scripting XSS. The vulnerability is due to improper input validation in the /media/test.html component, allowing attackers to inject malicious scripts into the password parameter...

Cross-Site Scripting (XSS)

getgrav/grav is vulnerable to cross-site scripting XSS. The vulnerability is due to improper handling of user input, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

Cross-Site Scripting (XSS)

netcarver/textile is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user-controllable href input in image links when running the parser in restricted mode, allowing an attacker to inject malicious JavaScript code into image links, which is executed wh...

Arbitrary File Deletion

github.com/siyuan-note/siyuan is vulnerable to Arbitrary file deletion. The vulnerability is due to a lack of proper safeguards in the POST /api/history/getDocHistoryContent endpoint, which allows maliciously crafted payloads to trigger the deletion of arbitrary files on the server...

Path Traversal

github.com/karmada-io/karmada is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths within custom resource definition CRD archives, allowing attackers to exploit a TarSlip vulnerability and write arbitrary files to arbitrary locations in the filesystem...

Cross-Site Scripting (XSS)

Trix is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of the link field, allowing attackers to trick users into pasting a malicious javascript: URL, which could execute arbitrary JavaScript code within the user's session...

Privilege Escalation

github.com/karmada-io/karmada is vulnerable to Privilege Escalation. The vulnerability is due to pull mode clusters being registered with excessive access to control plane resources via the karmadactl register command, allowing them excessive privileges to control plane resources...

Directory Traversal

path-sanitizer is vulnerable to Path Traversal. The vulnerability is due to insufficient sanitization of input paths, allowing attackers to bypass filters using .= %5c, potentially enabling directory traversal attacks...

Privilege Escalation

github.com/openshift/hive is vulnerable to Privilege Escalation. The vulnerability is due to improper access control in the Hive ClusterDeployments resource, which, under certain conditions, allows a developer account on a Hive-enabled cluster to obtain cluster-admin privileges by executing...

Incorrect Access Control

letta is vulnerable to Incorrect Access Control. The vulnerability is due to improper enforcement of access controls in the /users endpoint, allowing attackers to access sensitive data...