Command Injection

willitmerge is vulnerable to Command Injection. The vulnerability is due to improper neutralization of user-controlled input in command execution, which allows an attacker to inject and execute arbitrary system commands through crafted input parameters...

Unsafe Deserialization

Apache MINA is vulnerable to Unsafe Deserialization. The vulnerability is due to incomplete enforcement of a classname allowlist in AbstractIoBuffer.resolveClass, where certain branches e.g., for primitive or static classes bypass validation and call Class.forName without checks, allowing attacke...

Privilege Escalation

@oneuptime/common is vulnerable to privilege escalation. The vulnerability is due to improper validation of the isMasterAdmin parameter in the login response, which allows an attacker to manipulate its value and gain unauthorized access to the admin dashboard...

Denial Of Service(DoS)

github.com/free5gc/openapi is vulnerable to a denial of service. The vulnerability is due to improper handling in the NudmSubscriberDataManagement API, which allows an attacker to exploit it and cause a denial of service...

Privilege Escalation

github.com/grafana/grafana is vulnerable to privilege escalation. The vulnerability is due to inadequate validation of the SCIM externalId field, which allows a malicious or compromised SCIM client to assign numeric values that override internal user IDs, enabling attackers to impersonate users o...

Improper Access Control

@anthropic-ai/claude-code is vulnerable to improper access control. The vulnerability is due to an error in sed command parsing that bypasses read-only validation, which allows an attacker to write to arbitrary files on the host system...

Path Traversal

OpenClaw is vulnerable to Path Traversal. The vulnerability is due to mis-scoped mirror mode paths, where attackers can manipulate OpenShell config paths to cause mirror sync operations to delete unintended remote directory contents and replace them with uploaded workspace data...

Improperly Controlled Modification Of Dynamically-Determined Object Attributes

Apache Camel is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes. The vulnerability is due to lack of header filtering when mapping CoAP query parameters to message headers, which allows an attacker to inject malicious headers and execute arbitrary...

Insecure File Permissions

Claude SDK for TypeScript is vulnerable to insecure file permissions. The vulnerability is due to the BetaLocalFilesystemMemoryTool creating memory files and directories with world-readable and world-writable permissions, where a local attacker on a shared host could read persisted agent state, a...

Denial Of Service

Marked is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of specific input sequences during parsing, where a crafted sequence \x09\x0b\n triggers infinite recursion, leading to unbounded memory allocation and application crash due to out-of-memory conditions...

Conversation Isolation Bypass

Spring AI is vulnerable to conversation isolation bypass. The vulnerability is due to insufficient validation of user-supplied input as a conversationId, where an attacker can inject filter logic through conversationId and exfiltrate sensitive memory from other users’ chat histories, including...

Prototype Pollution

Axios is vulnerable to Prototype Pollution. The vulnerability is due to direct property access of configuration fields in the HTTP adapter e.g., config.auth, config.baseURL, config.socketPath, config.beforeRedirect, config.insecureHTTPParser without hasOwnProperty checks, allowing polluted...

Insecure Deserialization

org.apache.camel, camel-mina is vulnerable to insecure deserialization. The vulnerability is due to the MinaConverter.toObjectInputIoBuffer method wrapping untrusted data in a java.io.ObjectInputStream without applying filtering or class restrictions, which allows an attacker to send crafted...

Deserialization Of Untrusted Data

Apache MINA is vulnerable to deserialization of untrusted data. The vulnerability is due to missing class validation in the AbstractIoBuffer.resolveClass method, which bypasses the classname allowlist and allows an attacker to execute arbitrary code via crafted serialized input...

Header Injection

Apache Camel is vulnerable to Header Injection. The vulnerability is due to missing inbound header filtering in the MailHeaderFilterStrategy, which allows an attacker to inject malicious Camel-specific headers via email and manipulate downstream component behavior...

Improper Validation Of Certificate

Apache Thrift is vulnerable to Improper Validation of Certificate. The vulnerability is due to improper validation of certificates against the host name, which allows an attacker to perform man-in-the-middle attacks by presenting a mismatched or malicious certificate...

Remote Code Execution (RCE)

simple-git is vulnerable to Remote Code Execution RCE. The vulnerability is due to incomplete validation of command options allowing the --config form to bypass restrictions, which allows an attacker to inject malicious options and execute arbitrary code...

Information Exposure

org.springframework.ai, spring-ai-autoconfigure-model-transformers is vulnerable to information exposure. The vulnerability is due to improper isolation in a shared environment, which allows an attacker to access and retrieve the ONNX model used by the application...

Code Injection

Apache ActiveMQ is vulnerable to Code Injection. The vulnerability is due to improper input validation and improper control of generation of code, where an attacker can construct a malicious broker name that bypasses name validation to include an xbean binding, and then use the DestinationView...

SQL Injection

org.springframework.ai, spring-ai-azure-cosmos-db-store is vulnerable to SQL Injection. The vulnerability is due to improper handling of crafted document IDs in the CosmosDBVectorStore, which allows an attacker to execute arbitrary SQL queries...

Remote Code Execution (RCE)

Apache Camel is vulnerable to Remote Code Execution. The vulnerability is due to inconsistent case-sensitive header filtering in non-HTTP HeaderFilterStrategy implementations, which allows an attacker to inject malicious headers that are later interpreted by downstream components to execute...

Deserialization Of Untrusted Data

Apache Camel is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to unsafe deserialization of data using ObjectInputStream without proper filtering, which allows an attacker to inject malicious serialized objects and execute arbitrary code...

Arbitrary Command Injection

Claude Code is vulnerable to Arbitrary Command Injection. The vulnerability is due to lack of validation of the git worktree commondir file when determining folder trust, which allows an attacker to bypass trust checks and execute malicious hooks...

Cross-site Scripting (XSS)

org.apache.activemq, activemq-web is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper neutralization of script-related HTML content in the web console, which allows an attacker to inject and execute malicious HTML/JavaScript by manipulating content type and JMS selecto...

Authentication Bypass

Apache Camel is vulnerable to Authentication Bypass. The vulnerability is due to the authentication handler matching only the exact configured context path, not its subpaths, where unauthenticated requests to subpaths can reach protected business routes and management endpoints without being...

Improper Access Control

Apache Storm is vulnerable to Improper Access Control. The vulnerability is due to fail-open handling of TLS client authentication in TlsTransportPlugin, where SSLPeerUnverifiedException is suppressed and a fallback principal CN=ANONYMOUS is assigned, allowing unauthenticated clients to obtain a...

Information Exposure

org.springframework.grpc, spring-grpc-core is vulnerable to information exposure through error messages. The vulnerability is due to returning raw server-side AuthenticationException messages in the gRPC status description, which allows an attacker to gather authentication failure details and...

Improper Input Validation

org.apache.activemq, activemq-broker is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation in HTTP Discovery transport handling, which allows an authenticated attacker to bypass previous fixes and exploit broker configuration loading to execute arbitrary...

Deserialization Of Untrusted Data

Apache Camel is vulnerable to Unsafe Deserialization. The vulnerability is due to deserialization of untrusted data in ConsulRegistryUtils.deserialize using ObjectInputStream.readObject without applying an ObjectInputFilter, allowing attackers with write access to the Consul KV store to inject...

Authentication Bypass

Spring gRPC is vulnerable to Authentication Bypass. The vulnerability is due to improper clearing of the authenticated security context on gRPC worker threads, where a previously authenticated identity may persist after an access denial and be reused by a subsequent request, potentially leading t...

Deserialization Vulnerability

Aache MINA is vulnerable to Unsafe Deserialization. The vulnerability is due to incomplete enforcement of a classname allowlist in AbstractIoBuffer.getObject, where deserialization occurs before validation, allowing execution of static initializers in malicious classes and potentially leading to...

Information Disclosure

github.com/zitadel/zitadel is vulnerable to information disclosure. The vulnerability is due to exposure of the total number of instance users through the totalResult field, which allows an authenticated attacker to infer sensitive usage metrics regardless of their permissions...

HTML Injection

github.com/abhinavxd/libredesk is vulnerable to stored HTML injection. The vulnerability is due to improper sanitization of user input in the contact notes feature, which allows an attacker to inject arbitrary HTML by manipulating the request and exploit it to perform phishing, CSRF-style actions...

Path Confusion

Caddy is vulnerable to Path Confusion. The vulnerability is due to incorrect path splitting logic in FastCGI processing, where strings.ToLower is applied before computing byte offsets, causing incorrect SCRIPTNAME, SCRIPTFILENAME, and PATHINFO values for certain Unicode paths and potentially...

Improper Certificate Validation

Caddy is vulnerable to Improper Certificate Validation. The vulnerability is due to swallowed errors in ClientAuthentication.provision, where failures loading trustedcacertfile or trustedcacertspemfiles are ignored, causing mTLS authentication to fail open and accept any client certificate signed...

Improper Access Control

Caddy is vulnerable to Improper Access Control. The vulnerability is due to incorrect case-insensitive matching in the HTTP path request matcher when percent-encoded sequences are present, allowing attackers to alter request path casing and bypass path-based routing or attached access controls...

Authorization Bypass

google.golang.org/grpc is vulnerable to authorization bypass. The vulnerability is due to improper validation of the HTTP/2 :path pseudo-header, which allows an attacker to send malformed requests without a leading slash and bypass path-based authorization policies when fallback "allow" rules are...

CRLF Injection

Axios is vulnerable to CRLF Injection. The vulnerability is due to improper sanitization of the Content-Type value in multipart form-data construction, which allows an attacker to inject arbitrary headers into the request body via crafted input...

Insertion Of Sensitive Information Into Sent Data

Axios is vulnerable to Insertion of Sensitive Information Into Sent Data. The vulnerability is due to improper use of truthy/falsy evaluation for the withXSRFToken configuration instead of strict boolean checks, which allows an attacker to force XSRF tokens to be sent to malicious cross-origin...

Improper Resource Consumption

Axios is vulnerable to Improper Resource Consumption. The vulnerability is due to lack of enforcement of maxContentLength when using responseType 'stream', which allows an attacker to send large responses leading to unbounded resource consumption...

Server-Side Request Forgery (SSRF)

Axios is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to inadequate hostname normalization and reliance on string matching in proxy bypass logic, which allows an attacker to route local requests through a proxy instead of bypassing it...

Uncontrolled Recursion

Axios is vulnerable to uncontrolled recursion. The vulnerability is due to the toFormData function recursively processing deeply nested objects without a depth limit, which allows an attacker to supply specially crafted input that triggers a stack overflow and crashes the Node.js process...

Cross-site Scripting (XSS)

DOMPurify is vulnerable to cross-site scripting XSS. The vulnerability is due to SAFEFORTEMPLATES not stripping ... expressions in RETURNDOM or RETURNDOMFRAGMENT modes, which allows an attacker to exploit template-evaluating frameworks like Vue 2 to execute malicious scripts...

Sensitive Information Disclosure

Apache Kafka is vulnerable to Sensitive Information Disclosure. The vulnerability is due to logging of sensitive request and response data at DEBUG level in the NetworkClient component, which allows an attacker with log access to obtain sensitive information...

Prototype Pollution

Axios is vulnerable to a Prototype Pollution. The vulnerability is due to improper validation of the parseReviver property in the transformResponse function, which allows an attacker to exploit a polluted Object.prototype and manipulate JSON response data, leading to privilege escalation and...

Cross-site Scripting

DOMPurify is vulnerable to a Cross-site Scripting. The vulnerability is due to reliance on prototype-inherited properties during sanitization, where a prior prototype pollution can inject permissive tagNameCheck and attributeNameCheck logic, allowing malicious elements and attributes including...

Prototype Pollution

Axios is vulnerable to Prototype Pollution. The vulnerability is due to missing hasOwnProperty checks when reading object properties, which allows an attacker to exploit polluted prototypes to intercept and modify JSON responses or hijack HTTP transport, gaining access to sensitive request data...

Sensitive Information Disclosure

Spring Security is vulnerable to Sensitive Information Disclosure. The vulnerability is due to bypass of timing attack protections in DaoAuthenticationProvider when handling disabled, expired, or locked user states, which allows an attacker to infer user account status through response timing...

Improper Authentication

org.springframework.security:spring-security-oauth2-jose is vulnerable to Improper Authentication. The vulnerability is due to missing configuration of a JWT validator when using NimbusJwtDecoder or NimbusReactiveJwtDecoder, which allows an attacker to bypass token validation with crafted JWTs...

Prototype Pollution

Axios is vulnerable to Prototype Pollution. The vulnerability is due to use of the in operator in the mergeDirectKeys strategy for validateStatus, which traverses the prototype chain, allowing a polluted Object.prototype.validateStatus to override behavior and treat all HTTP responses as...