Reflected Cross-Site Scripting

phpoffice/phpspreadsheet is vulnerable to Unauthorized Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to improper input handling in the Currency.php file, allows an attacker to inject and execute malicious scripts...

Cross-site Scripting (XSS)

phpMyFAQ is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of HTML content in the FAQ editor at http://localhost/admin/index.php?action=editentry . Attackers can inject malformed HTML elements styled to cover the entire screen, disrupting the user...

Cross-site Scripting (XSS)

dcat/laravel-admin is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization in the /admin/auth/menu and /admin/auth/extensions endpoints, allowing attackers to inject malicious scripts...

Open Redirection

better-auth is vulnerable to an Open Redirect. The vulnerability is due to insufficient validation of the callbackURL parameter in the verify email endpoint. Attackers can manipulate this parameter to redirect users to malicious websites because the origin checker only validates POST requests, an...

Cross-site Scripting (XSS)

dcat/laravel-admin is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization in the /admin/articles/create endpoint in version 2.2.0-beta, which allows attackers to inject malicious scripts...

Insecure Direct Object Reference (IDOR)

Khoj is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to the improper implementation of access controls in the updatesubscription endpoint, where the system fails to enforce authorization checks to ensure that only the owner of a subscription can modify it, allowin...

Unauthorized Access

Apache NiFi is vulnerable to Unauthorized Access. The vulnerability is due to missing fine-grained authorization checks during Process Group creation, allowing attackers to access Parameter Contexts, Controller Services, and Parameter Providers without proper permissions...

Improper Access Control

nilsteampassnet/teampass is vulnerable to Improper access control. The vulnerability is due to the application failing to properly validate whether a folder belongs to the user's allowed folders list defined by an admin, allowing an attacker to bypass access restrictions and access unauthorized...

Reflected Cross-Site Scripting (Reflected XSS)

tltneon/lgsl is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to improper sanitization of the Referer HTTP header, allowing an attacker to inject arbitrary JavaScript code into the application's HTML response...

Improper Access Control

TeamPass is vulnerable to improper access control. The vulnerability is due to improper access control, as the application fails to verify whether a "mailmeaka actionmail" operation is performed by an administrator or manager, allowing an attacker to perform unauthorized operations...

Privilege Escalation

nilsteampassnet/teampass is vulnerable to Privilege Escalation. The vulnerability is due to improper access control in TeamPass, which fails to properly validate and restrict a user's actions based on their own privileges, allowing them to act with the privileges of a different userid...

Local File Read (LFR)

changedetectionio is vulnerable to Local file read LFR. The vulnerability is due to improper input validation, which allows attackers to exploit user input to construct file paths without adequate sanitization...

SQL Injection

python-sql is vulnerable to SQL Injection. The vulnerability is due to insufficient input sanitization and improper handling of unary operators in the python-sql library. Specifically, non-Expression values are not properly escaped, allowing them to be inserted into SQL queries without proper...

SQL Injection

redshiftconnector is vulnerable to SQL injection. The vulnerability is due to SQL injection in the getschemas, gettables, or getcolumns Metadata APIs in version 2.1.4, which could allow an attacker to gain escalated privileges...

Cross-Site Scripting (XSS)

tecnickcom/tcpdf is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the Error function lacking an htmlspecialchars call for the error message, which allows an attacker to inject malicious scripts into the error message...

Timing Attack

tecnickcom/tcpdf is vulnerable to a Timing Attack. The vulnerability is due to the use of loose comparison != in the unserializeTCPDFtag function, which lacks a constant-time comparison, allowing an attacker to infer hash values through timing discrepancies...

Remote Code Execution (RCE)

Apache MINA is vulnerable to Remote code execution RCE. The vulnerability is due to lack of necessary security checks and defenses in the ObjectSerializationDecoder, which uses Java’s native deserialization protocol. It allows attackers to exploit the deserialization process by sending malicious...

Cross-site Scripting (XSS)

Koji is vulnerable to cross-site scripting XSS. The vulnerability is due to unsanitized input due to malicious JavaScript code from a crafted link being reflected in the resulting web page, although XSS protections prevent actions or changes in Koji...

Cross-Site Scripting (XSS)

@marp-team/marp-core is vulnerable to Cross-site scripting XSS. The vulnerability is due to improper neutralization of HTML during sanitization, allowing malicious scripts to bypass defenses and execute...

Sensitive Information Exposure

Apache Hive is vulnerable to Sensitive Information Exposure. The vulnerability is due to inadequate handling of signature mismatches due to exposing the correct cookie signature to end users when there is a mismatch between the current and expected signature, potentially enabling further...

Unsafe SSL Verification

tecnickcom/tcpdf is vulnerable to Unsafe SSL verification. The vulnerability is due to improper handling of SSL verification settings in TCPDF when using libcurl, where CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER are set unsafely. It allows an attacker to perform a Man-in-the-Middle MitM attack...

Denial Of Service (DoS)

tc-lib-pdf-font is vulnerable to Denial Of Service DoS. The vulnerability is due to inadequate validation and handling of font metadata, specifically the FontBBox for Type 1 and TrueType fonts, in tc-lib-pdf-font, allows the font data to be misparsed, leading to potential security issues...

Server-side Template Injection (SSTI)

opencart/opencart is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to improper validation and sanitization of user inputs within the Theme Editor Function, allows attackers to inject malicious template code that can be executed on the server...

Denial Of Service (DoS)

golang.org/x/net is vulnerable to Denial Of Service DoS. The vulnerability is due to non-linear processing of input length, which causes excessive parsing delays and allows an attacker to craft input that results in a denial of service...

Denial Of Service (DoS)

github.com/clidey/whodb is vulnerable to Denial of Service DoS. The vulnerability is due to the server reading the entire request body into memory without size limits, which allows an attacker to send large request bodies to the server, leading to memory exhaustion and potentially resulting in a...

Server-Side Request Forgery (SSRF)

ch.qos.logback, logback-core is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper handling of the DOCTYPE declaration in XML configuration files, allowing an attacker to forge requests...

Privilege Escalation

github.com/openshift/must-gather is vulnerable to Privilege Escalation. The vulnerability is due to improper access controls and lack of validation in the MustGather.managed.openshift.io Custom Defined Resource CRD, which allows a non-privileged user to craft objects that misuse the most privileg...

Insufficiently Protected Credentials

GoPhish is vulnerable to Insufficiently Protected Credentials. The vulnerability is due to improper handling of mail server credentials due to storing cleartext passwords for the configured IMAP and SMTP servers, exposing sensitive information to attackers...

Out-of-bounds Read

libpoppler.so is vulnerable to Out-of-bounds Read. The vulnerability is due to improper handling of bitmap combinations within the JBIG2Bitmap::combine function in JBIG2Stream.cc, leading to potential memory access errors...

Privilege Escalation

github.com/hashicorp/nomad is vulnerable to Privilege Escalation. The vulnerability is due to unredacted workload identity tokens that allow unauthorized privilege escalation within a namespace...

Directory Traversal

Uptime Kuma is vulnerable to Directory Traversal. The vulnerability is due to inadequate validation of user-supplied URLs that allows attackers to exploit the file:/// protocol, enabling access to sensitive local files via the "real-browser" request type...

Account Takeover

Socialstream is vulnerable to Account Takeover. The vulnerability is due to the lack of a confirmation step when linking social accounts and the potential use of -stateless in the Socialite configuration, which allows an attacker to link a social account to an authenticated user’s account without...

Remote Code Execution (RCE)

com.databricks, databricks-jdbc is vulnerable to Remote code execution RCE. The vulnerability is due to insufficient validation or sanitization of the krbJAASFile parameter in the Databricks JDBC Driver, allows the attacker to manipulate the JDBC URL, enabling a JNDI injection that can lead to...

Remote Code Execution (RCE)

craftcms/cms is vulnerable to Remote Code Execution RCE. The vulnerability is due to the registerargcargv directive being enabled in the php.ini configuration, which allows an attacker to execute arbitrary code on the affected system remotely...

Incorrect Implementation Of The Authentication Algorithm

org.apache.kafka, kafka-clients is vulnerable to an incorrect implementation of the authentication algorithm. The vulnerability is due to the lack of nonce verification in Apache Kafka's SCRAM implementation, where the server does not verify that the nonce sent by the client in the second message...

Authorization Bypass

golang.org/x/crypto is vulnerable to Authorization Bypass. The vulnerability is due to improper handling of public key authentication callbacks where the order or reuse of keys in the callback can lead to incorrect authorization decisions, allowing attackers to exploit misused APIs or assumptions...

Denial Of Service (DoS)

github.com/CosmWasm/wasmd is vulnerable to Denial Of Service DoS. The vulnerability is due to an uncaught exception caused by simulation of Wasmd message...

Insufficient Verification Of Data Authenticity

org.wildfly:wildfly-elytron-oidc-client-subsystem is vulnerable to authorization code injection. The vulnerability is due to improper session handling that allows an attacker to inject a stolen authorization code into their own session with a victim's identity, typically through a Man-in-the-Midd...

XML External Entity (XXE) Injection

simplesamlphp is vulnerable to XML External Entity XXE injection. The vulnerability is due to improper handling of untrusted XML input, which allows attackers to exploit maliciously crafted XML documents, such as SAMLResponse, to access sensitive information or perform other malicious activities...

Directory Traversal

Spatie/browsershot is vulnerable to Directory Traversal. The vulnerability is due to URI normalization in the browser, where the check for file:// can be bypassed using file:\ instead, allows the attacker to manipulate the path and access files outside the intended directory...

Cross-Site Scripting (XSS)

Liferay Portal is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation of user input in the Service Class text field, allowing remote attackers to inject arbitrary web scripts or HTML...

Privilege Escalation

open-cluster-management.io/ocm is vulnerable to Privilege Escalation. The vulnerability is due to improper service account management, where the cluster-manager service account is bound to a ClusterRole with broad permissions, including the ability to create Pod resources. It allows attackers on...

Remote Code Execution (RCE)

Unisharp/laravel-filemanager is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation of file extensions and mimetypes, which allows an attacker to bypass security mechanisms by inserting the . character after the php file extension...

Cleartext Transmission Of Sensitive Information

Keycloak is vulnerable to plain text replication. The vulnerability is due to the environment option KCCACHEEMBEDDEDMTLSENABLED not functioning as intended, resulting in JGroups replication configuration always using plain text, which allows attackers on adjacent networks to intercept and read...

Authentication Bypass

Elasticsearch is vulnerable to Authentication Bypass. The vulnerability is due to improper implementation of authorization controls, allowing a malicious actor to circumvent Document Level Security and access restricted documents...

Privilege Escalation

github.com/minio/minio is vulnerable to Privilege Escalation. The vulnerability is due to improper validation and handling of imported IAM policies in the IAM import API, allows an attacker to escalate their privileges and potentially gain unauthorized access to resources or perform actions beyon...

Stack Overflow

github.com/cosmos/cosmos-sdk, cosmossdk.io/x/tx is vulnerable to Stack overflow. The vulnerability is due to improper handling of transaction decoding in Cosmos SDK, allows for excessive resource consumption or stack overflow when processing transactions, potentially leading to system instability...

Time-of-Check Time-of-Use (TOCTOU)

Apache Tomcat is vulnerable to a Time-of-Check Time-of-Use TOCTOU. The vulnerability is due to incomplete mitigation and improper handling of file path canonicalization on case-insensitive file systems when the default servlet write is enabled, which allows an attacker to exploit race conditions ...

BREACH Attack

Varnish VCL templates are vulnerable to the BREACH vulnerability. The vulnerability is due to improper handling of HTTP compression, allowing secrets to be extracted through carefully crafted requests...

Denial Of Service (DoS)

league/commonmark is vulnerable to Denial of service DoS. The vulnerability is due to unbounded resource exhaustion caused by inefficient code handling specially crafted Markdown inputs, which allows an attacker to tie up CPU resources or PHP-FPM processes and deny service to legitimate users...