Lucene search
K
VeracodeRecent

38326 matches found

Veracode
Veracode
•added 2025/02/10 10:48 a.m.•4 views

Buffer Overflow

libcurl.so is vulnerable to a Buffer Overflow. The vulnerability is due to an attacker-controlled integer overflow due to the use of zlib when performing automatic gzip decompression with the CURLOPTACCEPTENCODING option, leading to a potential buffer overflow...

7.3CVSS7.2AI score0.01168EPSS
Exploits1References10Affected Software2
Veracode
Veracode
•added 2025/02/10 10:37 a.m.•10 views

Duplicate Operations On Resource

libcurl is vulnerable to Duplicate Operations on Resource. The vulnerability is due to improper handling of eventfd file descriptors due to closing the same descriptor twice after completing a threaded name resolution, which may lead to unexpected behavior or resource leaks...

9.8CVSS9.3AI score0.01166EPSS
Exploits1References9Affected Software2
Veracode
Veracode
•added 2025/02/10 5:33 a.m.•7 views

Credential Exposure

Curl is vulnerable to Credential Exposure. The vulnerability is due to improper handling of .netrc credentials due to the presence of a default entry without login and password, which can lead to the unintended leakage of credentials to redirected hosts...

3.4CVSS3.7AI score0.00635EPSS
Exploits1References7Affected Software2
Veracode
Veracode
•added 2025/02/10 2:43 a.m.•9 views

Prototype Pollution

@ndhoule/defaults is vulnerable to Prototype pollution. The vulnerability is due to improper handling of object properties in the lib.deep function, allowing attackers to supply a crafted payload, leading to a Denial of Service DoS...

7.5CVSS7.4AI score0.00448EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2025/02/10 2:43 a.m.•7 views

Prototype Pollution

utils-extend is vulnerable to Prototype Pollution. The vulnerability is due to the lib.extend function, which allows an attacker to modify the global prototype chain and potentially cause a denial of service DoS...

9.1CVSS9AI score0.00453EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2025/02/10 2:42 a.m.•7 views

Prototype Pollution

Vxe-table is vulnerable to Prototype pollution. The vulnerability is due to prototype pollution in the lib.install function, which allows attackers to supply a crafted payload, leading to a Denial of Service DoS...

7.5CVSS7.4AI score0.00409EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2025/02/10 2:39 a.m.•6 views

Prototype Pollution

eazy-logger is vulnerable to prototype pollution. The vulnerability is due to prototype pollution caused by the lib.Logger function allowing attackers to supply a crafted payload, leading to a Denial of Service DoS...

7.5CVSS7.4AI score0.0053EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2025/02/10 2:36 a.m.•11 views

Prototype Pollution

@zag-js/core is vulnerable to prototype pollution. The vulnerability is due to improper handling of crafted payloads in the lib.deepMerge function, allowing attackers to cause a Denial of Service DoS...

7.5CVSS7.4AI score0.00405EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2025/02/10 2:31 a.m.•7 views

Prototype Pollution

module-from-string is vulnerable to Prototype pollution. The vulnerability is due to improper handling of user-supplied input in the lib.requireFromString function, allowing attackers to supply a crafted payload, leading to a Denial of Service DoS...

7.5CVSS7.4AI score0.00505EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2025/02/10 2:24 a.m.•7 views

Prototype Pollution

@rpldy/uploader is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of user-supplied input in the lib.createUploader function, allowing attackers to manipulate object properties and cause a Denial of Service DoS attack via a crafted payload...

6.5CVSS7.3AI score0.00282EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2025/02/10 2:1 a.m.•9 views

Prototype Pollution

@tanstack/form-core is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of object properties in the lib.mutateMergeDeep function, allowing attackers to inject properties into JavaScript prototypes by supplying a crafted payload...

7.5CVSS7.4AI score0.00375EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2025/02/09 6:0 p.m.•6 views

Authentication Bypass

NGINX is vulnerable to Authentication Bypass. The vulnerability is due to shared TLS session states due to the use of TLS Session Tickets and/or the SSL session cache in the default server, which performs client certificate authentication. Attackers can use session resumption to bypass...

5.3CVSS6.9AI score0.02557EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/02/09 2:34 p.m.•4 views

Denial Of Service

GitLab is vulnerable to Denial of Service DoS. The vulnerability is due to the server's failure to safely process crafted OpenAPI files, and attackers can exploit this to consume excessive resources or crash the service, leading to a denial of service...

5.5CVSS5.1AI score0.00287EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2025/02/09 5:58 a.m.•6 views

Authentication Bypass

GitLab CE/EE is vulnerable to Authentication bypass. The vulnerability is due to an issue where an LDAP user can reset their password using their verified secondary email address, bypassing LDAP authentication. Attackers can exploit this to gain direct access to affected GitLab instances without...

5.3CVSS6.9AI score0.00453EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2025/02/07 7:51 a.m.•6 views

Arbitrary Code Execution

ckan is vulnerable to Arbitrary Code Execution. The vulnerability is due to insufficient validation of uploaded files, allowing a specially crafted file to execute code when opened by an administrator, potentially leading to privilege escalation or other malicious actions...

7.3CVSS7.5AI score0.00424EPSS
Exploits0References9Affected Software1
Veracode
Veracode
•added 2025/02/07 7:39 a.m.•6 views

Stored Cross-site Scripting (XSS)

Mobile Security Framework MobSF is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of the bundle ID value in dynamicanalysis.html, which allows an attacker to inject special characters and break the HTML context, leading to Stored XSS...

8.4CVSS6AI score0.00358EPSS
Exploits1References6Affected Software1
Veracode
Veracode
•added 2025/02/07 7:19 a.m.•8 views

Improper Access Control

mobsf is vulnerable to Improper Access Control. The vulnerability is due to improper validation of access tokens, allowing a local user with minimal privileges to use an access token for unauthorized scopes...

8.5CVSS6.6AI score0.00333EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2025/02/07 2:34 a.m.•6 views

Reflected Cross-Site Scripting (Reflected XSS)

Better-auth is vulnerable to Reflected cross-site scripting XSS. The vulnerability is due to HTML injection due to improper handling of user input on the /api/auth/error page, allowing an attacker to execute arbitrary JavaScript in a victim’s browser...

6.8AI score
Exploits0
Veracode
Veracode
•added 2025/02/07 2:32 a.m.•8 views

Improper Input Validation

mobsf is vulnerable to Improper Input Validation. The vulnerability is due to the application's failure to enforce strict validation on the CFBundleIdentifier value, allowing attackers to insert special characters that trigger parsing errors and result in a Denial of Service DoS condition...

4.8CVSS6.7AI score0.0043EPSS
Exploits1References6Affected Software1
Veracode
Veracode
•added 2025/02/07 2:30 a.m.•2 views

Improper Authorization

github.com/edgelesssys/contrast is vulnerable to Improper Authorization. The vulnerability is due to a lack of authentication in the recovery mechanism, which allows an attacker to impersonate the Coordinator without proper verification...

7.2AI score
Exploits0
Veracode
Veracode
•added 2025/02/06 9:30 a.m.•11 views

Improper Input Validation

Browsershot is vulnerable to Improper Input Validation. The vulnerability is due to improper URL validation due to the setUrl method failing to restrict local file access, allowing an attacker to perform local file inclusion and read sensitive files...

8.6CVSS6.4AI score0.00506EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2025/02/06 7:51 a.m.•9 views

Improper Input Validation

Browsershot is vulnerable to Improper Input Validation. The vulnerability is due to missing validation checks due to the setHtml function failing to block file URI schemes, allowing an attacker to bypass restrictions by omitting slashes in the file path...

8.8CVSS6.7AI score0.00419EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2025/02/06 7:38 a.m.•5 views

Arbitrary File Upload

Cockpit is vulnerable to Arbitrary File Upload. The vulnerability is due to insufficient file extension filtering due to an attacker being able to bypass the upload filter by using different file extensions...

8.7CVSS6.8AI score0.17552EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2025/02/06 7:13 a.m.•4 views

Denial Of Service (DoS)

github.com/CosmWasm/wasmvm is vulnerable to a Denial-of-Service DoS. The vulnerability is due to a bug affecting both permissioned and permissionless chains due to its ability to be reliably triggered using a malicious contract, potentially causing a chain crash...

7AI score
Exploits0
Veracode
Veracode
•added 2025/02/06 3:40 a.m.•9 views

Incorrect Authorization

org.apache.cassandra, cassandra-all is vulnerable to Incorrect Authorization. The vulnerability is due to improper enforcement of authorization rules in CassandraNetworkAuthorizer and CassandraCIDRAuthorizer, allowing users to modify their own permissions via data control language DCL statements...

5.4CVSS6.7AI score0.0099EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2025/02/06 3:38 a.m.•14 views

Privilege Defined With Unsafe Actions

org.apache.cassandra, cassandra-all is vulnerable to Privilege Defined With Unsafe Actions. The vulnerability is due to unsafe actions on a system resource, which allow a user with MODIFY permission on all keyspaces to escalate privileges to superuser within an Apache Cassandra cluster...

8.8CVSS6.9AI score0.00877EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2025/02/06 3:29 a.m.•4 views

Authentication Bypass

github.com/edgelesssys/marblerun is vulnerable to Authentication Bypass. The vulnerability is due to the lack of verification that the recovery key was provided by an authorized party, combined with the failure to compare the Coordinator's root certificate against a trusted reference when...

7.1AI score
Exploits0
Veracode
Veracode
•added 2025/02/05 3:54 p.m.•9 views

Class Pollution

Django-Unicorn is vulnerable to Class Pollution. The vulnerability is due to improper handling of component requests due to the setpropertyvalue function allowing remote users to manipulate its parameters, leading to arbitrary changes in the Python runtime, enabling XSS, DoS, and authentication...

9.3CVSS7.2AI score0.00451EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2025/02/05 8:59 a.m.•3 views

Improper Authorization

TShock is vulnerable to Improper Authorization. The vulnerability is due to incomplete connection handling due to clients being able to exist on the server, occupy player slots, chat, and receive data without fully completing the connection handshake, allowing banned users to exploit server...

7AI score
Exploits0
Veracode
Veracode
•added 2025/02/05 8:45 a.m.•6 views

Insufficient Verification Of Data Authenticity

CometBFT is vulnerable to Insufficient Verification of Data Authenticity. The vulnerability is due to improper validation due to incorrect processing and dissemination of invalid block part indices and proof part indices, which could lead to a network halt...

7AI score
Exploits0
Veracode
Veracode
•added 2025/02/05 8:28 a.m.•6 views

Directory Traversal

org.gaul:s3proxy is vulnerable to Directory Traversal. The vulnerability is due to improper access control due to the filesystem and filesystem-nio2 storage backends potentially exposing local files to users unintentionally...

6CVSS6.6AI score0.00506EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2025/02/05 7:4 a.m.•8 views

DNS Cache Poisoning

gVisor is vulnerable to predictable TCP/UDP source ports. The vulnerability is due to a flawed randomization mechanism in gVisor's TCP/UDP source port and header value generation, allowing attackers to predict these values...

6.3CVSS6.6AI score0.00258EPSS
Exploits1References5Affected Software1
Veracode
Veracode
•added 2025/02/05 6:35 a.m.•6 views

Buffer Under-read

libzephyr.so is vulnerable to Buffer Under-read. The vulnerability is due to a lack of proper length checking for user input, allowing an attacker to overflow a buffer and potentially execute arbitrary code or cause a crash...

8.6CVSS8.4AI score0.00287EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2025/02/05 4:12 a.m.•11 views

Improper Check Or Handling Of Exceptional Conditions

github.com/cometbft/cometbft is vulnerable to Improper Check or Handling of Exceptional Conditions. The vulnerability is due to improper validation of reported latest heights, allowing a malicious node to first report a higher latest height and then a lower one, causing syncing nodes to get stuck...

7.1CVSS6.7AI score0.00429EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2025/02/05 1:30 a.m.•15 views

Remote Code Execution (RCE)

Vitest is vulnerable to Remote Code Execution RCE. The vulnerability is due to the WebSocket server not validating the Origin header and lacking an authorization mechanism, allowing an attacker to inject and execute arbitrary code via the saveTestFile and rerun APIs...

9.6CVSS8.1AI score0.00629EPSS
Exploits1References8Affected Software1
Veracode
Veracode
•added 2025/02/05 1:29 a.m.•14 views

Cross-Site Scripting (XSS)

Axios is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper origin determination and unsafe handling of the href attribute in the lib/helpers/isURLSameOrigin.js file, which does not use a proper URL object. It allows an attacker to manipulate the href attribute and injec...

9.8CVSS6.1AI score0.00356EPSS
Exploits0References5Affected Software2
Veracode
Veracode
•added 2025/02/05 1:27 a.m.•8 views

Arbitrary File Exposure

@vitest/browser is vulnerable to Arbitrary File Exposure. The vulnerability is due to the screenshot-error handler on the browser mode HTTP server improperly responding with any file on the file system when browser.api.host: true is set, allowing remote attackers to access arbitrary files...

7.5CVSS7.3AI score0.02291EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2025/02/05 1:21 a.m.•5 views

Information Disclosure

gvisor.dev/gvisor is vulnerable to Information Disclosure. The vulnerability is due to weak hashing algorithms and small seed/secret sizes, allowing remote attackers to calculate a local IP address and per-boot identifier that could aid in tracking a device in specific situations...

6.3CVSS6.6AI score0.00218EPSS
Exploits1References5Affected Software1
Veracode
Veracode
•added 2025/02/04 3:26 p.m.•9 views

Sensitive Information Disclosure

github.com/argoproj/argo-cd is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper handling of invalid Kubernetes Secret resources, allowing secret values to be exposed in error messages and the diff view. An attacker with write access to the repository can commit...

6.8CVSS6.3AI score0.00458EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/02/04 7:32 a.m.•6 views

Improper Access Control

github.com/kubewarden/kubewarden-controller is vulnerable to Improper Access Control. The vulnerability is due to insufficient restrictions on AdmissionPolicy and AdmissionPolicyGroup, allowing attackers to manipulate or block PolicyReport objects, leading to compliance data tampering or evasion...

6.5CVSS7.1AI score0.00335EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2025/02/04 7:4 a.m.•5 views

Variable Injection

zx is vulnerable to Variable Injection. The vulnerability is due to improper handling of environment variables due to the ability of an attacker to inject unintended values into process.env, potentially leading to arbitrary command execution or unexpected behavior in security-sensitive applicatio...

1CVSS7AI score0.00178EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2025/02/04 6:39 a.m.•8 views

Cross-site Scripting (XSS)

Backdrop CMS is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper validation of uploaded SVG images due to insufficient filtering of dangerous SVG tags, allowing an attacker to execute scripts in the browser when an SVG image is viewed directly via its URL...

4.4CVSS6.6AI score0.00185EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/02/04 6:24 a.m.•7 views

Cross-site Scripting (XSS)

Backdrop CMS is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper content isolation due to insufficient sanitization of long text content when using the CKEditor 5 rich text editor, allowing an attacker to inject malicious HTML and JavaScript that executes when an...

4.4CVSS4.5AI score0.0164EPSS
Exploits3References5Affected Software1
Veracode
Veracode
•added 2025/02/04 6:9 a.m.•8 views

Cleartext Storage Of Sensitive Information

PMD is vulnerable to Cleartext Storage of Sensitive Information. The vulnerability is due to exposed signing key passphrases due to their inclusion in a published JAR file on Maven Central, potentially compromising the associated private keys...

9.3CVSS6.6AI score0.00315EPSS
Exploits0References8Affected Software3
Veracode
Veracode
•added 2025/02/04 5:22 a.m.•4 views

Improper Access Control

github.com/grafana/grafana is vulnerable to Improper Access Control. The vulnerability is due to improper access control in the Grafana Alerting VictorOps integration, allowing users with Viewer permission to access restricted functionality...

4.3CVSS4.4AI score0.00368EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2025/02/04 4:27 a.m.•2 views

Secret Exposure

github.com/argoproj/gitops-engine is vulnerable to Secret Exposure. The vulnerability is due to improper handling of invalid Kubernetes Secret resources, which exposes secret values in error messages and the diff view during synchronization, allows an attacker with write access to the repository ...

6.8AI score
Exploits0
Veracode
Veracode
•added 2025/02/04 4:26 a.m.•11 views

Cross-Site Scripting (XSS)

PhpSpreadsheet is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user input, allowing the use of the JavaScript protocol and special characters to bypass the XSS filter...

4.8CVSS5.7AI score0.00387EPSS
Exploits0References4Affected Software2
Veracode
Veracode
•added 2025/02/04 4:20 a.m.•10 views

Path Traversal

tcg/voyager is vulnerable to Path Traversal. The vulnerability is due to improper validation of user-supplied input, allowing attackers to traverse directories and access restricted files...

5.7CVSS7AI score0.14586EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2025/02/04 4:19 a.m.•9 views

Cross Site Scripting (XSS)

DevDojo Voyager is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper input sanitization in the /admin/compass endpoint, which allows user-supplied input to be reflected in the response without proper encoding or filtering...

3.5CVSS6.4AI score0.24095EPSS
Exploits1References5Affected Software1
Veracode
Veracode
•added 2025/02/03 8:8 a.m.•10 views

Privilege Escalation

net.snowflake:snowflake-jdbc is vulnerable to Privilege Escalation. The vulnerability is due to improper path handling due to an attacker with write access to a directory in %PATH% being able to escalate privileges when the EXTERNALBROWSER authentication method is used on Windows...

7.8CVSS7.5AI score0.00252EPSS
Exploits0References4Affected Software1
Total number of security vulnerabilities38326