38119 matches found
Remote Code Execution (RCE)
Unisharp/laravel-filemanager is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation of file extensions and mimetypes, which allows an attacker to bypass security mechanisms by inserting the . character after the php file extension...
Cleartext Transmission Of Sensitive Information
Keycloak is vulnerable to plain text replication. The vulnerability is due to the environment option KCCACHEEMBEDDEDMTLSENABLED not functioning as intended, resulting in JGroups replication configuration always using plain text, which allows attackers on adjacent networks to intercept and read...
Authentication Bypass
Elasticsearch is vulnerable to Authentication Bypass. The vulnerability is due to improper implementation of authorization controls, allowing a malicious actor to circumvent Document Level Security and access restricted documents...
Privilege Escalation
github.com/minio/minio is vulnerable to Privilege Escalation. The vulnerability is due to improper validation and handling of imported IAM policies in the IAM import API, allows an attacker to escalate their privileges and potentially gain unauthorized access to resources or perform actions beyon...
Stack Overflow
github.com/cosmos/cosmos-sdk, cosmossdk.io/x/tx is vulnerable to Stack overflow. The vulnerability is due to improper handling of transaction decoding in Cosmos SDK, allows for excessive resource consumption or stack overflow when processing transactions, potentially leading to system instability...
Time-of-Check Time-of-Use (TOCTOU)
Apache Tomcat is vulnerable to a Time-of-Check Time-of-Use TOCTOU. The vulnerability is due to incomplete mitigation and improper handling of file path canonicalization on case-insensitive file systems when the default servlet write is enabled, which allows an attacker to exploit race conditions ...
BREACH Attack
Varnish VCL templates are vulnerable to the BREACH vulnerability. The vulnerability is due to improper handling of HTTP compression, allowing secrets to be extracted through carefully crafted requests...
Denial Of Service (DoS)
league/commonmark is vulnerable to Denial of service DoS. The vulnerability is due to unbounded resource exhaustion caused by inefficient code handling specially crafted Markdown inputs, which allows an attacker to tie up CPU resources or PHP-FPM processes and deny service to legitimate users...
Unrestricted Certificate Access
github.com/canonical/lxd is vulnerable to Unrestricted Certificate Access. The vulnerability is due to LXD not honoring the restrictions of certificates added to the trust store in PKI mode, allows clients to gain unrestricted access, even if the certificate was intended to have limitations...
BREACH Attack
ibexa/post-install is vulnerable to the BREACH attack. The vulnerability is due to improper handling of HTTP compression, allowing secrets to be extracted through carefully crafted requests...
BREACH Attack
ibexa/http-cache is vulnerable to the BREACH Attack. The vulnerability is due to improper handling of HTTP compression, allowing secrets to be extracted through carefully crafted requests...
Mishandling Non-integer Values
nanoid is vulnerable to Mishandling non-integer values. The vulnerability is due to insufficient input validation and inadequate type checking in earlier versions of Nano ID, which fails to properly handle non-integer values. It allows attackers to exploit the mishandling of input, leading to...
TLS Authentication Bypass
github.com/canonical/lxd is vulnerable to TLS Authentication Bypass. The vulnerability is due to improper certificate validation. LXD accepts non-CA signed certificates if they are present in the trust store, allowing unauthenticated clients to bypass the expected security checks...
SQL Injection
Django is vulnerable to SQL injection. The vulnerability exists due to the improper handling of untrusted data in the django.db.models.fields.json.HasKey lookup when used with an Oracle database, allowing attackers to execute arbitrary SQL commands...
Denial Of Service (DoS)
Django is vulnerable to a denial-of-service DoS attack. The vulnerability is due to the striptags method and striptags template filter failing to handle inputs with large sequences of nested incomplete HTML entities, allowing an attacker to perform a DoS attack with specially crafted inputs...
Session Fixation
github.com/drakkan/sftpgo is vulnerable to a session Cookie Prediction vulnerability. The vulnerability is due to the predictable generation of session cookies using the xid library, which results in cookies that are unique but not cryptographically secure, allows an attacker to brute force sessi...
Race Condition Vulnerability
github.com/moby/moby is vulnerable to a Race Condition. The vulnerability is due to the lack of synchronization mechanisms to manage concurrent write operations in the streamformatter package, allowing multiple operations to occur simultaneously and potentially result in data corruption or...
Race Condition Vulnerability
github.com/moby/moby is vulnerable to a Race Condition. The vulnerability is due to improper synchronization in builder/builder-next/adapters/snapshot/layer.go within the EnsureLayer function, allowing concurrent builds to access shared resources without adequate safeguards, leading to resource...
Header Injection
Traefik is vulnerable to Header Injection. The vulnerability is due to improper validation of the X-Forwarded-Prefix header, allowing it to be provided from an untrusted source...
Remote Code Execution (RCE)
systeminformation is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper sanitization of SSIDs before they are passed to cmd.exe in the getWindowsIEEE8021x function, allows potentially malicious SSID content to be executed as OS commands, leading to remote code execution...
Incorrect Access Control
oqtane.framework is vulnerable to Incorrect Access Control. The vulnerability is due to relying on client-side information for authentication and the absence of server-side validation, which allows attackers to manipulate parameters like entityid and bypass security controls...
Insecure Direct Object Reference (IDOR)
Oqtane Framework is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient access control. Specifically, the application does not properly validate or restrict a user's access to resources based on their identity, allowing them to manipulate parameters like...
Prototype Pollution
jsii is vulnerable to prototype pollution. The vulnerability is due to insufficient validation of user input. When untrusted input is allowed to modify the prototype of objects, an attacker can inject malicious properties into the object's prototype, potentially altering the behavior of the entir...
Cross-Site Request Forgery (CSRF)
Astro is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper validation of the Content-Type header in Astro's CSRF-protection middleware, which allows semicolon-delimited parameters to bypass CSRF checks...
Prototype Pollution
Bun is vulnerable to Prototype Pollution. The vulnerability is due to improper input sanitization, which allows attackers to manipulate an object's prototype through Bun's APIs that accept objects...
Arbitrary Code Execution (ACE)
filippo.io/age is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to improper validation or sanitization of plugin names, identities, or recipients, allows malicious input to be introduced and will execute arbitrary code or binaries...
Authorization Bypass
Next is vulnerable to Authorization Bypass. The vulnerability is due to improper authorization in middleware based on pathname, allowing it to be bypassed for pages directly under the root directory of a Next.js application...
Authentication Bypass
org.apache.hugegraph:hugegraph-server is vulnerable to Authentication Bypass. The vulnerability is due to assumed-immutable data being improperly handled, allowing attackers to bypass authentication mechanisms...
SQL Injection
com.amazon.redshift:redshift-jdbc42 is vulnerable to SQL Injection. The vulnerability is due to insufficient input validation in the getSchemas, getTables, or getColumns Metadata APIs, allowing an attacker to gain escalated privileges...
Remote Command Execution
Gogs is vulnerable to Remote Command Execution. The vulnerability is due to improper validation of symlink files, allowing a malicious user to commit and edit crafted symlink files in a repository to gain SSH access to the server...
Insecure Direct Object Reference (IDOR)
oqtane.framework is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient authorization checks in the Oqtane.Controllers.UserController, allows attackers to manipulate the id parameter to access sensitive information belonging to other users...
Directory Traversal
Gogs is vulnerable to Directory Traversal. The vulnerability is due to improper input handling that allows a malicious user to write a file to an arbitrary path on the server, potentially gaining SSH access...
Account Hijacking
joelbutcher/socialstream is vulnerable to insufficient confirmation during account linking. The vulnerability is due to the lack of a confirmation step during account linking and the use of -stateless in the Socialite configuration, which bypasses state verification, allowing an attacker to link...
Cross-Site Scripting (XSS)
NagVis is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization of input fields before rendering, and attackers can exploit this to inject and execute arbitrary JavaScript code in the context of the victim’s browser...
Buffer Overflow
Radare2 is vulnerable to Buffer Overflow. The vulnerability is due to improper input validation due to the lack of bounds checking in the name, type, or group fields, allowing an attacker to execute arbitrary code...
Authorization Bypass
org.springframework.security is vulnerable to Authorization Bypass. The vulnerability is due to improper handling of locale-dependent exceptions in String.toLowerCase and String.toUpperCase, which could lead to authorization rules not functioning as intended...
Improper Authentication
AsyncHttpClient AHC is vulnerable to Improper Authentication. The vulnerability is due to improper management of the CookieStore, which silently replaces explicitly defined cookies with those from the cookie jar if they share the same name, potentially leading to user session confusion in...
Arbitrary Code Execution
Jinja2 is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper detection in the sandboxed environment caused by an oversight in how calls to str.format are handled, allowing attackers to execute arbitrary Python code if they control the content of a template and exploit...
Arbitrary Code Execution
Jinja is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper handling in the compiler caused by a bug that allows an attacker controlling both the content and filename of a template to execute arbitrary Python code, regardless of whether Jinja's sandbox is used...
Cross-site Scripting (XSS)
shuchkin/simplexlsx is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input handling because the toHTMLEx method allows the execution of arbitrary JavaScript code...
NULL Pointer Dereference
PrestaShop is vulnerable to a NULL pointer dereference. The vulnerability is due to improper handling of NULL values in the mathround function within Tools.php, leading to a NULL pointer dereference. Attackers can exploit this to crash the application or potentially cause a denial of service...
Sensitive Information Disclosure
Navidrome is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper handling of sensitive information because the JWT secret is stored in plaintext in the navidrome.db database file, making it retrievable by anyone with access to the database...
SQL Injection
github.com/apache/trafficcontrol is vulnerable to SQL Injection. The vulnerability is due to improper input validation in Traffic Ops, allowing a privileged user with roles such as "admin," "federation," "operations," "portal," or "steering" to execute arbitrary SQL queries through...
Unauthorized Source Code Disclosure
astro is vulnerable to unauthorized source code disclosure. The vulnerability is due to the inclusion of sourcemap files in publicly accessible folders during the build process, allowing unauthenticated users to access server source code via HTTP GET requests...
Stored Cross-site Scripting (XSS)
Piranha is vulnerable to stored cross-site scripting XSS. The vulnerability is due to improper sanitization of user-provided input in markdown content, allowing malicious JavaScript to be stored and executed in a user's web browser...
Cross-Site Scripting (XSS)
Piranha is vulnerable to a Cross-site scripting XSS. The vulnerability is due to insufficient validation of uploaded PDF files, allowing authenticated remote attackers to upload crafted files containing malicious JavaScript code that executes when a victim interacts with the file in their web...
XML External Entity (XXE) Injection
org.fhir, ucum is vulnerable to XML External Entity XXE Injection. The vulnerability is due to XML parsing performed by the UcumEssenceService, which allows a malicious DTD tag in the XML to inject data from the host system...
Incorrect Comparison
PyJWT is vulnerable to Incorrect Comparison. The vulnerability is due to improper handling of the iss claim check caused by the use of in for string comparison instead of strict equality, potentially allowing incorrect issuer values to pass validation...
Denial Of Service (DoS)
github.com/mattermost/mattermost-server is vulnerable to Denial Of Service DoS. The vulnerability is due to improper validation of the type of callProps, allowing a user to send a specially crafted post that disrupts users on particular channels in the webapp and mobile versions...
Denial Of Service (DoS)
Mattermost is vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient file size restrictions on Slack import file uploads, allowing a user to exploit this by uploading a zip bomb...