38326 matches found
Buffer Overflow
libcurl.so is vulnerable to a Buffer Overflow. The vulnerability is due to an attacker-controlled integer overflow due to the use of zlib when performing automatic gzip decompression with the CURLOPTACCEPTENCODING option, leading to a potential buffer overflow...
Duplicate Operations On Resource
libcurl is vulnerable to Duplicate Operations on Resource. The vulnerability is due to improper handling of eventfd file descriptors due to closing the same descriptor twice after completing a threaded name resolution, which may lead to unexpected behavior or resource leaks...
Credential Exposure
Curl is vulnerable to Credential Exposure. The vulnerability is due to improper handling of .netrc credentials due to the presence of a default entry without login and password, which can lead to the unintended leakage of credentials to redirected hosts...
Prototype Pollution
@ndhoule/defaults is vulnerable to Prototype pollution. The vulnerability is due to improper handling of object properties in the lib.deep function, allowing attackers to supply a crafted payload, leading to a Denial of Service DoS...
Prototype Pollution
utils-extend is vulnerable to Prototype Pollution. The vulnerability is due to the lib.extend function, which allows an attacker to modify the global prototype chain and potentially cause a denial of service DoS...
Prototype Pollution
Vxe-table is vulnerable to Prototype pollution. The vulnerability is due to prototype pollution in the lib.install function, which allows attackers to supply a crafted payload, leading to a Denial of Service DoS...
Prototype Pollution
eazy-logger is vulnerable to prototype pollution. The vulnerability is due to prototype pollution caused by the lib.Logger function allowing attackers to supply a crafted payload, leading to a Denial of Service DoS...
Prototype Pollution
@zag-js/core is vulnerable to prototype pollution. The vulnerability is due to improper handling of crafted payloads in the lib.deepMerge function, allowing attackers to cause a Denial of Service DoS...
Prototype Pollution
module-from-string is vulnerable to Prototype pollution. The vulnerability is due to improper handling of user-supplied input in the lib.requireFromString function, allowing attackers to supply a crafted payload, leading to a Denial of Service DoS...
Prototype Pollution
@rpldy/uploader is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of user-supplied input in the lib.createUploader function, allowing attackers to manipulate object properties and cause a Denial of Service DoS attack via a crafted payload...
Prototype Pollution
@tanstack/form-core is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of object properties in the lib.mutateMergeDeep function, allowing attackers to inject properties into JavaScript prototypes by supplying a crafted payload...
Authentication Bypass
NGINX is vulnerable to Authentication Bypass. The vulnerability is due to shared TLS session states due to the use of TLS Session Tickets and/or the SSL session cache in the default server, which performs client certificate authentication. Attackers can use session resumption to bypass...
Denial Of Service
GitLab is vulnerable to Denial of Service DoS. The vulnerability is due to the server's failure to safely process crafted OpenAPI files, and attackers can exploit this to consume excessive resources or crash the service, leading to a denial of service...
Authentication Bypass
GitLab CE/EE is vulnerable to Authentication bypass. The vulnerability is due to an issue where an LDAP user can reset their password using their verified secondary email address, bypassing LDAP authentication. Attackers can exploit this to gain direct access to affected GitLab instances without...
Arbitrary Code Execution
ckan is vulnerable to Arbitrary Code Execution. The vulnerability is due to insufficient validation of uploaded files, allowing a specially crafted file to execute code when opened by an administrator, potentially leading to privilege escalation or other malicious actions...
Stored Cross-site Scripting (XSS)
Mobile Security Framework MobSF is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of the bundle ID value in dynamicanalysis.html, which allows an attacker to inject special characters and break the HTML context, leading to Stored XSS...
Improper Access Control
mobsf is vulnerable to Improper Access Control. The vulnerability is due to improper validation of access tokens, allowing a local user with minimal privileges to use an access token for unauthorized scopes...
Reflected Cross-Site Scripting (Reflected XSS)
Better-auth is vulnerable to Reflected cross-site scripting XSS. The vulnerability is due to HTML injection due to improper handling of user input on the /api/auth/error page, allowing an attacker to execute arbitrary JavaScript in a victim’s browser...
Improper Input Validation
mobsf is vulnerable to Improper Input Validation. The vulnerability is due to the application's failure to enforce strict validation on the CFBundleIdentifier value, allowing attackers to insert special characters that trigger parsing errors and result in a Denial of Service DoS condition...
Improper Authorization
github.com/edgelesssys/contrast is vulnerable to Improper Authorization. The vulnerability is due to a lack of authentication in the recovery mechanism, which allows an attacker to impersonate the Coordinator without proper verification...
Improper Input Validation
Browsershot is vulnerable to Improper Input Validation. The vulnerability is due to improper URL validation due to the setUrl method failing to restrict local file access, allowing an attacker to perform local file inclusion and read sensitive files...
Improper Input Validation
Browsershot is vulnerable to Improper Input Validation. The vulnerability is due to missing validation checks due to the setHtml function failing to block file URI schemes, allowing an attacker to bypass restrictions by omitting slashes in the file path...
Arbitrary File Upload
Cockpit is vulnerable to Arbitrary File Upload. The vulnerability is due to insufficient file extension filtering due to an attacker being able to bypass the upload filter by using different file extensions...
Denial Of Service (DoS)
github.com/CosmWasm/wasmvm is vulnerable to a Denial-of-Service DoS. The vulnerability is due to a bug affecting both permissioned and permissionless chains due to its ability to be reliably triggered using a malicious contract, potentially causing a chain crash...
Incorrect Authorization
org.apache.cassandra, cassandra-all is vulnerable to Incorrect Authorization. The vulnerability is due to improper enforcement of authorization rules in CassandraNetworkAuthorizer and CassandraCIDRAuthorizer, allowing users to modify their own permissions via data control language DCL statements...
Privilege Defined With Unsafe Actions
org.apache.cassandra, cassandra-all is vulnerable to Privilege Defined With Unsafe Actions. The vulnerability is due to unsafe actions on a system resource, which allow a user with MODIFY permission on all keyspaces to escalate privileges to superuser within an Apache Cassandra cluster...
Authentication Bypass
github.com/edgelesssys/marblerun is vulnerable to Authentication Bypass. The vulnerability is due to the lack of verification that the recovery key was provided by an authorized party, combined with the failure to compare the Coordinator's root certificate against a trusted reference when...
Class Pollution
Django-Unicorn is vulnerable to Class Pollution. The vulnerability is due to improper handling of component requests due to the setpropertyvalue function allowing remote users to manipulate its parameters, leading to arbitrary changes in the Python runtime, enabling XSS, DoS, and authentication...
Improper Authorization
TShock is vulnerable to Improper Authorization. The vulnerability is due to incomplete connection handling due to clients being able to exist on the server, occupy player slots, chat, and receive data without fully completing the connection handshake, allowing banned users to exploit server...
Insufficient Verification Of Data Authenticity
CometBFT is vulnerable to Insufficient Verification of Data Authenticity. The vulnerability is due to improper validation due to incorrect processing and dissemination of invalid block part indices and proof part indices, which could lead to a network halt...
Directory Traversal
org.gaul:s3proxy is vulnerable to Directory Traversal. The vulnerability is due to improper access control due to the filesystem and filesystem-nio2 storage backends potentially exposing local files to users unintentionally...
DNS Cache Poisoning
gVisor is vulnerable to predictable TCP/UDP source ports. The vulnerability is due to a flawed randomization mechanism in gVisor's TCP/UDP source port and header value generation, allowing attackers to predict these values...
Buffer Under-read
libzephyr.so is vulnerable to Buffer Under-read. The vulnerability is due to a lack of proper length checking for user input, allowing an attacker to overflow a buffer and potentially execute arbitrary code or cause a crash...
Improper Check Or Handling Of Exceptional Conditions
github.com/cometbft/cometbft is vulnerable to Improper Check or Handling of Exceptional Conditions. The vulnerability is due to improper validation of reported latest heights, allowing a malicious node to first report a higher latest height and then a lower one, causing syncing nodes to get stuck...
Remote Code Execution (RCE)
Vitest is vulnerable to Remote Code Execution RCE. The vulnerability is due to the WebSocket server not validating the Origin header and lacking an authorization mechanism, allowing an attacker to inject and execute arbitrary code via the saveTestFile and rerun APIs...
Cross-Site Scripting (XSS)
Axios is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper origin determination and unsafe handling of the href attribute in the lib/helpers/isURLSameOrigin.js file, which does not use a proper URL object. It allows an attacker to manipulate the href attribute and injec...
Arbitrary File Exposure
@vitest/browser is vulnerable to Arbitrary File Exposure. The vulnerability is due to the screenshot-error handler on the browser mode HTTP server improperly responding with any file on the file system when browser.api.host: true is set, allowing remote attackers to access arbitrary files...
Information Disclosure
gvisor.dev/gvisor is vulnerable to Information Disclosure. The vulnerability is due to weak hashing algorithms and small seed/secret sizes, allowing remote attackers to calculate a local IP address and per-boot identifier that could aid in tracking a device in specific situations...
Sensitive Information Disclosure
github.com/argoproj/argo-cd is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper handling of invalid Kubernetes Secret resources, allowing secret values to be exposed in error messages and the diff view. An attacker with write access to the repository can commit...
Improper Access Control
github.com/kubewarden/kubewarden-controller is vulnerable to Improper Access Control. The vulnerability is due to insufficient restrictions on AdmissionPolicy and AdmissionPolicyGroup, allowing attackers to manipulate or block PolicyReport objects, leading to compliance data tampering or evasion...
Variable Injection
zx is vulnerable to Variable Injection. The vulnerability is due to improper handling of environment variables due to the ability of an attacker to inject unintended values into process.env, potentially leading to arbitrary command execution or unexpected behavior in security-sensitive applicatio...
Cross-site Scripting (XSS)
Backdrop CMS is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper validation of uploaded SVG images due to insufficient filtering of dangerous SVG tags, allowing an attacker to execute scripts in the browser when an SVG image is viewed directly via its URL...
Cross-site Scripting (XSS)
Backdrop CMS is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper content isolation due to insufficient sanitization of long text content when using the CKEditor 5 rich text editor, allowing an attacker to inject malicious HTML and JavaScript that executes when an...
Cleartext Storage Of Sensitive Information
PMD is vulnerable to Cleartext Storage of Sensitive Information. The vulnerability is due to exposed signing key passphrases due to their inclusion in a published JAR file on Maven Central, potentially compromising the associated private keys...
Improper Access Control
github.com/grafana/grafana is vulnerable to Improper Access Control. The vulnerability is due to improper access control in the Grafana Alerting VictorOps integration, allowing users with Viewer permission to access restricted functionality...
Secret Exposure
github.com/argoproj/gitops-engine is vulnerable to Secret Exposure. The vulnerability is due to improper handling of invalid Kubernetes Secret resources, which exposes secret values in error messages and the diff view during synchronization, allows an attacker with write access to the repository ...
Cross-Site Scripting (XSS)
PhpSpreadsheet is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user input, allowing the use of the JavaScript protocol and special characters to bypass the XSS filter...
Path Traversal
tcg/voyager is vulnerable to Path Traversal. The vulnerability is due to improper validation of user-supplied input, allowing attackers to traverse directories and access restricted files...
Cross Site Scripting (XSS)
DevDojo Voyager is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper input sanitization in the /admin/compass endpoint, which allows user-supplied input to be reflected in the response without proper encoding or filtering...
Privilege Escalation
net.snowflake:snowflake-jdbc is vulnerable to Privilege Escalation. The vulnerability is due to improper path handling due to an attacker with write access to a directory in %PATH% being able to escalate privileges when the EXTERNALBROWSER authentication method is used on Windows...