38467 matches found
Exposure Of Sensitive Information
io.github.davidalmeidac, sealed-env-core is vulnerable to Exposure of Sensitive Information. The vulnerability is due to embedding the operator’s plaintext TOTP secret in the base64-encoded JWS payload of minted unseal tokens, which allows an attacker to decode observed tokens from logs,...
Improper Authorization
Fleet is vulnerable to Improper Authorization. The vulnerability is due to incomplete application of ServiceAccount impersonation in certain Helm deployer code paths, which allows an attacker with git push access to read secrets from arbitrary namespaces on downstream clusters...
Missing Authorization
github.com/portainer/portainer is vulnerable to Missing Authorization. The vulnerability is due to missing authorization handlers for the Docker plugin management endpoints, which allows a non-admin user with endpoint-level access to perform privileged plugin operations directly against the...
Improper Access Control
github.com/free5gc/udr is vulnerable to Improper Access Control. The vulnerability is due to improper request handling in the Traffic Influence Subscription deletion endpoint, which allows an attacker to bypass validation and delete arbitrary subscriptions despite receiving a misleading 404...
Missing Authentication For Critical Function
Sliver is vulnerable to Missing Authentication For Critical Function. The vulnerability is due to the DNS C2 listener allocating server-side sessions without validating TOTP values and lacking session cleanup, which allows an attacker to create excessive sessions and exhaust server memory...
SQL Injection
Focalboard is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of category IDs before they are incorporated into dynamic SQL statements, which allows an attacker to inject malicious SQL that is later executed and used to extract sensitive data from the database...
Command Injection
uniget is vulnerable to Command Injection. The vulnerability is due to unsafe execution of the untrusted check field from metadata files through /bin/bash -c without proper validation or sanitization, which allows an attacker to execute arbitrary shell commands on the victim's system...
SQL Injection
github.com/jackc/pgx is vulnerable to SQL Injection. The vulnerability is due to improper handling of dollar-quoted string literals when using the non-default simple protocol, which allows an attacker to inject malicious SQL queries by controlling placeholder values interpreted outside the string...
Origin Validation Error
Dozzle is vulnerable to Origin Validation Error. The vulnerability is due to improper origin validation in the WebSocket upgrader, where connections from any origin are accepted and authenticated with the victim's JWT cookie, allowing attackers to hijack authenticated sessions and gain unauthoriz...
Sensitive Information Exposure
com.ritense.valtimo, web is vulnerable to sensitive information exposure. The vulnerability is due to the LoggingRestClientCustomizer automatically logging full HTTP request and response details, including headers and bodies, in error messages, which allows an attacker to access sensitive...
OS Command Injection
File Browser is vulnerable to OS command injection. The vulnerability is due to unsanitized variable substitution in the hook system, where attacker-controlled filenames containing shell metacharacters are expanded into administrator-defined shell commands, allowing attackers to execute arbitrary...
Denial Of Service (DoS)
volcano.sh/volcano is vulnerable to Denial of Service DoS. The vulnerability is due to the webhook server not enforcing a size limit on incoming HTTP request bodies, which allows an attacker with access to the in-cluster webhook endpoint to send arbitrarily large requests and cause the webhook...
Authorization Bypass
Netmaker is vulnerable to Authorization Bypass. The vulnerability is due to improper authorization logic in the Authorize middleware, where a valid host JWT token is accepted when hostAllowed=true without verifying that the host is authorized to access the specific target resource, allowing acces...
Sensitive Information Exposure
Harvester is vulnerable to Sensitive Information Exposure. The vulnerability is due to the interactive installer exposing the operating system’s default SSH login password during cluster creation or host addition, potentially allowing unauthorized access to affected systems...
Improper Access Control
Rancher is vulnerable to Improper Access Control. The vulnerability is due to missing authorization checks when handling cloud-credential IDs, which allows an attacker to make unauthorized requests to cloud providers using attached credentials...
Path Traversal
lakeFS is vulnerable to Path Traversal. The vulnerability is due to insufficient path validation in verifyRelPath within pkg/block/local/adapter.go, where strings.HasPrefix is used to validate storage paths without enforcing path boundaries. This allows authenticated users to use path traversal...
Cross-site Scripting (XSS)
FileBrowser Quantum is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper escaping of user-controlled share metadata fields when rendered in HTML using text/template, which allows an attacker to inject and execute malicious scripts when users visit a shared URL...
Improper Access Control
kcp is vulnerable to Improper Access Control. The vulnerability is due to the cache server being exposed without authentication or authorization controls, which allows an attacker to read from and write to the cache server if they can access the root shard...
Use Of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Cloudreve is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG. The vulnerability is due to the generation of security-sensitive secrets using math/rand seeded with predictable timestamps, which allows an attacker to recover the secret key, forge JWTs, and gain...
Command Injection
Arcane is vulnerable to Command Injection. The vulnerability is due to lifecycle label values such as com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-update being passed directly to /bin/sh -c without sanitization, allowing authenticated users to inject...
Privilege Escalation
CloudNativePG is vulnerable to Privilege Escalation. The vulnerability is due to the metrics exporter establishing PostgreSQL sessions as the postgres superuser and relying on SET ROLE for privilege reduction, which allows an attacker to restore superuser privileges using RESET ROLE and execute...
Server-Side Request Forgery (SSRF)
github.com/centrifugal/centrifug is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper handling of dynamic JWKS endpoint template variables, which allows an unauthenticated attacker to craft a malicious JWT with manipulated iss or aud claims to force Centrifugo t...
Authorization Bypass
Moby is vulnerable to Authorization Bypass. The vulnerability is due to a flaw in the authorization plugin AuthZ enforcement mechanism, allowing attackers to bypass configured authorization controls and perform actions that should have been restricted by authorization policies...
Denial Of Service (DoS)
GoBGP is vulnerable to Denial of Service DoS. The vulnerability is due to improper validation of malformed BGP UPDATE messages during processing of 4-byte AS attributes, where an internal slice index shift can trigger an index out of range panic, causing the GoBGP process to crash...
Server-Side Request Forgery
Arcane is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to the /api/templates/fetch endpoint accepting a user-controlled url parameter and performing server-side HTTP requests without authentication or validation of the URL scheme and destination host, allowing...
OS Command Injection
Fleet is vulnerable to Command Injection. The vulnerability is due to improper sanitization of software package metadata used in auto-generated uninstall scripts, allowing specially crafted package metadata to inject and execute arbitrary commands with elevated privileges root on macOS/Linux or...
Path Traversal
github.com/ctfer-io/monitoring is vulnerable to a Path Traversal. The vulnerability is due to a missing trailing path separator in the strings.HasPrefix check within the sanitizeArchivePath function, which allows an attacker to perform arbitrary file writes via a crafted archive, potentially...
Denial Of Service (DoS)
Mattermost is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of excessively long passwords during authentication, which allows an attacker to consume excessive CPU and memory resources by submitting login attempts with multi-megabyte passwords...
Missing Authorization
github.com/argoproj/argo-workflows is vulnerable to Missing Authorization. The vulnerability is due to missing authorization checks in the Sync Service's ConfigMap-backed provider, which allows an attacker to create, read, update, and delete synchronization-related Kubernetes ConfigMaps without...
Authentication Bypass
MinIO is vulnerable to Authentication Bypass. The vulnerability is due to missing signature verification for authTypeStreamingUnsignedTrailer requests in the Snowball auto-extract handler, which allows an attacker with knowledge of a valid access key to upload arbitrary objects without providing ...
Improper Access Control
Traefik is vulnerable to Improper Access Control. The vulnerability is due to insufficient validation of TraefikService backend references ending with @internal, which allows an attacker with HTTPRoute creation permissions to access the internal REST provider and perform unauthorized configuratio...
Out-of-bounds Read
github.com/gomarkdown/markdown is vulnerable to an Out-of-Bounds Read. The vulnerability is due to improper handling of malformed Markdown input containing a character when processed by the SmartypantsRenderer, which allows an attacker to trigger an out-of-bounds read or cause the application to...
Improper Authorization
Kyverno is vulnerable to Improper Authorization. The vulnerability is due to missing validation of the configMap.namespace field in the ConfigMap context loader, which allows a namespace administrator to bypass RBAC restrictions and read ConfigMaps from arbitrary namespaces using Kyverno's...
Insufficient Verification Of Data Authenticity
go-git is vulnerable to Insufficient Verification of Data Authenticity. The vulnerability is due to improper handling of malformed or ambiguous Git object headers and reconstructing commit data for signing and verification instead of using the original raw object bytes, which allows an attacker t...
Server-Side Request Forgery (SSRF)
github.com/kyverno/kyvern is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to the apiCall feature in ClusterPolicy automatically attaching the admission controller's ServiceAccount token to outbound HTTP requests without validating the destination URL, which allows an...
Improper Input Validation
github.com/filebrowser/filebrowser/v2 is vulnerable to an improper input validation. The vulnerability is due to the Upload-Length header being parsed as a signed 64-bit integer without validating that the value is non-negative, which allows an authenticated attacker with upload permissions to...
Server-Side Request Forgery (SSRF)
github.com/apache/skywalking-mcp is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of the SW-URL header, which allows an attacker to supply arbitrary URLs and force the server to send requests to unintended internal or external resources...
Improper Input Validation
ingress-nginx is vulnerable to Improper Input Validation. The vulnerability is due to improper validation of the nginx.ingress.kubernetes.io/auth-method Ingress annotation, which allows an attacker to inject malicious NGINX configuration, achieve arbitrary code execution in the ingress-nginx...
Exposure Of Sensitive Information
Portainer Community Edition is vulnerable to Exposure of Sensitive Information. The vulnerability is due to the authentication middleware accepting JWT bearer tokens through the ?token= URL query parameter, which allows an attacker to obtain authentication tokens from browser history, proxy logs,...
Arbitrary File Read
go-getter is vulnerable to Arbitrary File Read. The vulnerability is due to improper validation of maliciously crafted Git URLs during certain Git operations, where specially crafted URLs can access unintended file system paths, allowing attackers to read arbitrary files on the host system...
Denial Of Service
github.com/hashicorp/boundary is vulnerable to denial of service. The vulnerability is due to improper handling of TLS handshakes during worker node enrollment, where an attacker can delay or withhold the client certificate to block connection handling, allowing legitimate worker connections to b...
OS Command Injection
PicoClaw is vulnerable to OS Command Injection. The vulnerability is due to insufficient validation and sanitization of input in the /api/gateway/restart endpoint of the Web Launcher Management Plane, which allows a remote attacker to inject and execute arbitrary system commands on the underlying...
Local File Inclusion (LFI)
github.com/esm-dev/esm.sh is vulnerable to Local File Inclusion. The vulnerability is due to improper handling of the browser field in package.json by the esbuild plugin, which allows an attacker to publish a malicious npm package that causes the server to read and return arbitrary files from the...
Improper Access Control
Kata Containers is vulnerable to Improper Access Control. The vulnerability is due to an oversight in the CopyFile policy and/or handler, which allows an untrusted host to write files to arbitrary locations within the guest workload image, enabling an attacker to overwrite binaries, compromise...
Server-Side Request Forgery (SSRF)
github.com/zalando/skipper is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient restrictions on Kubernetes ExternalName services when Skipper is used as an Ingress controller, which allows an attacker with permissions to create an Ingress and an ExternalName...
Denial Of Service (DoS)
github.com/hashicorp/vault is vulnerable to Denial of ServiceDoS. The vulnerability is due to insufficient access controls on root token generation and rekey operations, which allows an unauthenticated attacker to repeatedly initiate or cancel these operations, occupying the single available...
Improper Enforcement Of Security Restrictions
github.com/portainer/portainer is vulnerable to improper enforcement of security restrictions. The vulnerability is due to inconsistent enforcement of configured EndpointSecuritySettings on the Docker Swarm service API, which allows an attacker to bypass administrator-defined container security...
Sensitive Information Exposure
Portainer Community Edition is vulnerable to Exposure of Sensitive Information. The vulnerability is due to the authentication middleware accepting JWT bearer tokens through the ?token= URL query parameter, which allows an attacker to obtain authentication tokens from browser history, proxy logs,...
Improper Privilege Management
OpenClaude is vulnerable to improper privilege management. The vulnerability is due to the dangerouslyDisableSandbox parameter being exposed in the BashTool input schema, which allows an attacker to use a prompt-injected LLM to disable the sandbox and execute arbitrary commands on the host system...
Improper Input Validation
github.com/free5gc/udm is vulnerable to improper input validation. The vulnerability is due to the UDM component failing to validate the SUPI path parameter in multiple nudm-sdm GET handlers, which allows an unauthenticated attacker to inject control characters, forward malformed requests to the...