Lucene search
K
VeracodeRecent

38326 matches found

Veracode
Veracode
•added 2025/02/03 6:27 a.m.•7 views

Improper Access Control

snowflake-connector-nodejs is vulnerable to Improper Access Control. The vulnerability is due to insufficient file permission checks due to an attacker with write access to the local cache directory being able to bypass temporary credential cache restrictions...

5.5CVSS6.5AI score0.00143EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2025/02/03 5:55 a.m.•3 views

Denial-of-Service (DoS)

github.com/hashicorp/yamux is vulnerable to a Denial-of-Service DoS. The vulnerability is due to improper handling of connection timeouts due to Stream.Read calls hanging indefinitely if a corresponding Stream.Write call times out under network congestion, leading to stalled sessions and requirin...

7AI score
Exploits0
Veracode
Veracode
•added 2025/02/03 5:29 a.m.•8 views

Improper Access Control

org.apache.hive:hive-exec is vulnerable to Improper Access Control. The vulnerability is due to insecure file permissions due to the credentials file being created with default permissions of 644 in a temporary directory, allowing unauthorized users to read sensitive information...

5.5CVSS6.4AI score0.00274EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2025/02/03 5:20 a.m.•7 views

Denial Of Service (DoS)

github.com/ethereum/go-ethereum is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of incoming messages, which allows a specially crafted message to trigger a crash or shutdown of the node...

8.7CVSS7AI score0.00681EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2025/02/03 5:18 a.m.•13 views

Credentials Exposure

net.snowflake, snowflake-jdbc is vulnerable to credentials exposure. The vulnerability is due to insecure file permissions, where the Snowflake JDBC Driver caches temporary credentials in a world-readable file, allowing unauthorized users or attackers to access sensitive information...

5.5CVSS4.5AI score0.00188EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/02/03 5:17 a.m.•6 views

Cross-Site Scripting (XSS)

twig/twig is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of output escaping for the expression on the left side of the ?? operator in Twig, which allowed unsanitized data to be rendered in the output...

4.3CVSS6.1AI score0.00282EPSS
Exploits0References6Affected Software2
Veracode
Veracode
•added 2025/02/03 5:16 a.m.•5 views

Unauthorized File Access

snowflake.data is vulnerable to Unauthorized File Access. The vulnerability is due to improper file handling, where downloaded files are temporarily stored in a world-readable local directory, allows unauthorized users on the same machine to access the files...

5.5CVSS6.2AI score0.00141EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/02/03 4:7 a.m.•7 views

Credential Caching

snowflakeconnectorpython is vulnerable to Credential Caching. The vulnerability is due to improper handling of temporary credential caching on Linux systems, When caching is enabled, the credentials are stored in a file that is readable by all users, allowing unauthorized access...

5.5CVSS4.5AI score0.00137EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2025/02/03 4:6 a.m.•6 views

Local Privilege Escalation

snowflakeconnectorpython is vulnerable to Local Privilege Escalation. The vulnerability is due to the use of the pickle module for serializing OCSP Online Certificate Status Protocol responses, which allows an attacker to craft malicious data that, when deserialized...

7.8CVSS7.1AI score0.00246EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2025/02/03 4:3 a.m.•6 views

Information Disclosure

github.com/richardoc/kube-audit-rest is vulnerable to Information Disclosure. The vulnerability is due to improper handling of Kubernetes secrets in audit logs when using the "full-elastic-stack" example vector configuration, allowing an attacker to retrieve previous secret values, potentially...

5.1CVSS7.1AI score0.00191EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2025/02/03 3:57 a.m.•7 views

SQL Injection

snowflakeconnectorpython is vulnerable to SQL Injection. The vulnerability is due to improper input sanitization in a function from the snowflake.connector.pandastools module, allowing malicious SQL code to be injected and executed...

7CVSS7.8AI score0.003EPSS
Exploits1References6Affected Software1
Veracode
Veracode
•added 2025/01/31 10:30 a.m.•8 views

Unauthorized Rule Injection

ArgoCD is vulnerable to unauthorized rule injection. The vulnerability is due to improper namespace isolation, as the openshift.io/cluster-monitoring label is automatically applied to all namespaces deploying an ArgoCD CR instance, allowing them to create unauthorized PrometheusRule objects...

8.2CVSS7AI score0.00218EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2025/01/31 9:32 a.m.•6 views

Path Traversal

github.com/cri-o/cri-o is vulnerable to Path Traversal. The vulnerability is due to improper handling of file paths in the log management functions UnMountPodLogs and LinkContainerLogs, it allows an attacker to manipulate the paths, potentially unmounting arbitrary host paths...

6.6CVSS6.7AI score0.00234EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/01/31 9:27 a.m.•5 views

Sensitive Information Exposure

Infinispan is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper logging due to the exposure of sensitive information, such as configuration details or credentials, through logging mechanisms when using JGroups with JDBCPING...

5.5CVSS6.6AI score0.00211EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2025/01/31 9:15 a.m.•8 views

Account Takeover

causal/oidc is vulnerable to Account Takeover. The vulnerability is due to flaws in the account linking logic, where an attacker can register a public frontend user account with a user's email before the user's first OIDC login, allowing them to hijack the account...

4.2CVSS6.7AI score0.00168EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/01/31 6:34 a.m.•7 views

Denial Of Service (DoS)

@sentry/astro, @sentry/aws-serverless, @sentry/bun, @sentry/google-cloud-serverless, @sentry/nestjs, @sentry/nextjs, @sentry/node, @sentry/nuxt, @sentry/remix, @sentry/solidstart and @sentry/sveltekit are vulnerable to Denial of Service DoS. The vulnerability is due to resource exhaustion due to...

7AI score
Exploits0
Veracode
Veracode
•added 2025/01/31 6:21 a.m.•6 views

Path Traversal

Deep Java Library DJL is vulnerable to a Path Traversal. The vulnerability is due to insufficient validation of file paths in the ZipUtils.unzip and TarUtils.untar methods, allows an attacker to manipulate file paths, enabling them to write files to arbitrary locations on the system...

9.8CVSS9.2AI score0.23076EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2025/01/31 5:27 a.m.•324 views

Bot Protection Bypass

Anubis is vulnerable to Bot Protection Bypass. The vulnerability is due to insufficient validation due to allowing attackers to specify a nonce and set the challenge difficulty to zero, effectively bypassing the bot protection mechanism...

2.3CVSS6.5AI score0.004EPSS
Exploits0References4Affected Software2
Veracode
Veracode
•added 2025/01/31 5:14 a.m.•5 views

Symbolic Link Attack

github.com/golang/glog is vulnerable to symbolic link attack. The vulnerability is due to improper log file handling, which allows logs to be written to a widely-writable directory and also allows an attacker to pre-create a symlink to a sensitive file, which a privileged process may then overwri...

7.1CVSS7.1AI score0.00281EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2025/01/31 5:13 a.m.•13 views

Signature Forgery Attack

org.apache.hive, hive-llap-common is vulnerable to signature forgery attack. The vulnerability is due to the use of Arrays.equals for signature validation, which allows an attacker to forge a valid signature byte by byte due to its non-constant-time comparison...

6.5CVSS6.4AI score0.01131EPSS
Exploits1References8Affected Software1
Veracode
Veracode
•added 2025/01/31 5:12 a.m.•10 views

SQL Injection

pimcore/customer-management-framework-bundle is vulnerable to SQL injection. The vulnerability is due to improper handling of the filterDefinition/filter argument in the file /admin/customermanagementframework/customers/list, which allows execution of SQL commands...

7.2CVSS7.7AI score0.00824EPSS
Exploits2References7Affected Software1
Veracode
Veracode
•added 2025/01/31 5:10 a.m.•10 views

Cross-Site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of the Search Document component, allowing remote attackers to manipulate it and execute cross-site scripting attacks...

5.1CVSS6AI score0.01039EPSS
Exploits2References4Affected Software1
Veracode
Veracode
•added 2025/01/30 2:2 p.m.•7 views

Deserialization Of Untrusted Data

vLLM is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to unsafe deserialization due to the torch.load function loading malicious pickle data with weightsonly set to False, allowing arbitrary code execution during unpickling...

8.8CVSS7.6AI score0.00694EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2025/01/30 1:33 p.m.•3 views

Cross-site Scripting (XSS)

Dolibarr is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization due to a crafted payload injected into the Title parameter in the Product module, allowing attackers to execute arbitrary web scripts or HTML...

9CVSS6.9AI score0.00553EPSS
Exploits1References7Affected Software1
Veracode
Veracode
•added 2025/01/30 10:39 a.m.•11 views

Privilege Escalation

org.apache.solr, solr-core is vulnerable to Privilege Escalation. The vulnerability is due to the use of the "FileSystemConfigSetService" component in "standalone" or "user-managed" mode without authentication or authorization, allowing attackers to replace trusted configset files with potentiall...

5.5CVSS7.1AI score0.01136EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2025/01/30 10:3 a.m.•16 views

Relative Path Traversal

org.apache.solr, solr-core is vulnerable to Relative Path Traversal. The vulnerability is due to a lack of input sanitization in the "configset upload" API, which allows the arbitrary filepath write-access when processing ZIP files...

5.4CVSS6.7AI score0.43312EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2025/01/30 9:26 a.m.•3 views

Cross-Site Scripting (XSS)

Dolibarr is vulnerable to cross-site scripting XSS. The vulnerability is due to improper input sanitization of user-supplied data in the Title parameter of the Events/Agenda module, allowing attackers to inject and execute arbitrary scripts...

9CVSS6.5AI score0.00585EPSS
Exploits1References7Affected Software1
Veracode
Veracode
•added 2025/01/30 9:16 a.m.•6 views

Arbitrary Code Execution

ASTEVAL is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper handling of FormattedValue AST nodes due to the use of Python's str.format method, allowing attackers to bypass restrictions and execute arbitrary code...

8.4CVSS7.5AI score0.00229EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2025/01/30 8:45 a.m.•7 views

Server-Side Request Forgery (SSRF)

github.com/imgproxy/imgproxy is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper restriction of loopback addresses, allowing access to local services by not blocking the 0.0.0.0 address even when IMGPROXYALLOWLOOPBACKSOURCEADDRESSES is set to false...

5.3CVSS6.5AI score0.00844EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2025/01/30 6:26 a.m.•4 views

XML External Entity

org.hl7.fhir.publisher:org.hl7.fhir.publisher.cli and org.hl7.fhir.publisher:org.hl7.fhir.publisher.core are vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper XML parsing due to XSLT transforms allowing malicious XML with external entity references to access...

8.6CVSS6.8AI score0.00547EPSS
Exploits0References6Affected Software2
Veracode
Veracode
•added 2025/01/30 4:3 a.m.•9 views

Cross-Origin Resource Sharing (CORS) Misconfiguration

Nuxt is vulnerable to Cross-Origin Resource Sharing CORS misconfiguration. The vulnerability is due to default CORS settings in Nuxt, which allowed any website to send requests to the development server and read the responses. It allows an attacker to send requests from a malicious website and...

5.3CVSS6.4AI score0.00529EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2025/01/30 4:2 a.m.•5 views

Incorrect Usage Of Seeds

org.apache.cocoon, cocoon-forms-impl is vulnerable to Incorrect Usage of Seeds . The vulnerability is due to predictability in the random number generation process, as the PRNG was seeded with the startup time, allowing attackers to guess continuation identifiers and access unauthorized...

7.5CVSS6.7AI score0.0076EPSS
Exploits0References6Affected Software2
Veracode
Veracode
•added 2025/01/30 3:49 a.m.•8 views

Script Injection

Nuxt is vulnerable to Script injection. The vulnerability is due to the lack of same-origin policy enforcement for script requests, allows attackers to inject malicious scripts into a victim's site via a script tag, bypassing security measures intended to prevent such cross-origin interactions...

5.3CVSS6.9AI score0.00325EPSS
Exploits0References2Affected Software3
Veracode
Veracode
•added 2025/01/29 7:33 a.m.•9 views

Incorrect Default Permissions

org.jenkins-ci.plugins, oic-auth is vulnerable to Incorrect Default Permissions. The vulnerability is due to the Jenkins OpenId Connect Authentication Plugin improperly handling username case sensitivity, which allows attackers to bypass authentication mechanisms by submitting usernames that diff...

8.8CVSS6.9AI score0.0053EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/01/29 7:32 a.m.•7 views

Authentication Bypass

Keycloak is vulnerable to Authentication Bypass. The vulnerability is due to the system updating passwords without performing an LDAP bind to validate the new credentials against Active Directory, allowing users with expired or disabled AD accounts to regain access and bypass AD restrictions...

5.4CVSS5.6AI score0.00563EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2025/01/29 7:19 a.m.•9 views

Sensitive Data Exposure

github.com/cilium/cilium is vulnerable to Sensitive Data Exposure. The vulnerability is due to improper default configuration of the Access-Control-Allow-Origin header, which allows cross-origin requests from untrusted sources, potentially exposing sensitive information when accessing the Hubble ...

6.5CVSS6.3AI score0.00481EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/01/29 7:9 a.m.•10 views

Sensitive Information Exposure

github.com/updatecli/updatecli is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper log sanitization due to private Maven repository credentials being exposed in logs when a retrieval operation fails...

7.1CVSS6.6AI score0.00224EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2025/01/29 5:59 a.m.•7 views

Cross-site Scripting (XSS)

store2 is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization in the store.deep.js component, allowing a remote attacker to execute arbitrary code...

6.1CVSS7AI score0.00347EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2025/01/29 5:33 a.m.•3 views

Denial Of Service (DoS)

github.com/cilium/cilium is vulnerable to Denial Of Service DoS. The vulnerability is due to a flaw in Cilium's handling of DNS traffic when configured to proxy it in a Kubernetes cluster, allowing an attacker to send a crafted DNS response to workloads outside the cluster, causing Cilium agents ...

5.3CVSS5AI score0.00418EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2025/01/29 5:11 a.m.•10 views

Cross-site Scripting (XSS)

pscontactinfo is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of formatted addresses, which allows stored script execution when combined with third-party modules...

6.2CVSS6.2AI score0.00396EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/01/29 2:33 a.m.•8 views

Cross-Site Scripting (XSS)

phpmyadmin/phpmyadmin is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user-supplied input in table or database names within the check tables feature, allowing an attacker to execute arbitrary JavaScript in the victim's browser...

6.4CVSS6.1AI score0.00403EPSS
Exploits0References5Affected Software2
Veracode
Veracode
•added 2025/01/29 2:31 a.m.•12 views

Sandbox Escape

restrictedpython is vulnerable to Sandbox Escape. The vulnerability is due to a type confusion bug in CPython when using try/except, which allows an attacker to bypass the security restrictions in RestrictedPython...

7.9CVSS7.6AI score0.00388EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/01/29 2:29 a.m.•5 views

Path Traversal

github.com/envoyproxy/gateway is vulnerable to a Path Traversal. The vulnerability is due to improper access control, allowing a user with access to the Kubernetes cluster to execute Envoy Admin interface commands on proxies managed by any version of Envoy Gateway...

7.1CVSS7.1AI score0.00413EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2025/01/29 2:26 a.m.•9 views

Temporary File Retention

@fastify/multipart is vulnerable to Temporary File Retention. The vulnerability is due to the saveRequestFiles function failing to delete temporary uploaded files when a user cancels the request, allows an attacker to repeatedly initiate and cancel file uploads, leading to excessive disk space...

7.5CVSS6.7AI score0.00552EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2025/01/28 7:32 a.m.•20 views

Remote Code Execution (RCE)

craftcms/cms is vulnerable to Remote Code Execution RCE. The vulnerability is due to compromised security keys, which allow attackers to execute arbitrary code on affected installations...

8.1CVSS8.7AI score0.04714EPSS
Exploits1References6Affected Software1
Veracode
Veracode
•added 2025/01/28 7:13 a.m.•5 views

Privilege Escalation

Directus is vulnerable to Privilege Escalation. The vulnerability is due to improper access control in the sharing feature, which allows users to specify arbitrary roles, bypassing role-based restrictions and gaining access to fields that are normally restricted for certain roles...

5CVSS6.8AI score0.00372EPSS
Exploits1References6Affected Software3
Veracode
Veracode
•added 2025/01/28 6:56 a.m.•9 views

Denial Of Service (DoS)

org.apache.wicket,wicket-core is vulnerable to Denial of Service DOS. The vulnerability is due to improper request handling in the core, which allows an attacker to flood the server with multiple requests to server resources, leading to a Denial of Service...

6.5CVSS6.9AI score0.01458EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2025/01/28 6:2 a.m.•3 views

Reflected Cross Site Scripting (XSS)

silverstripe/framework is vulnerable to cross-site scripting XSS. The vulnerability is due to improper handling of error messages, which allows execution of a malicious payload included in a URL when the website is set to the "dev" environment mode...

6.5AI score
Exploits0
Veracode
Veracode
•added 2025/01/28 5:35 a.m.•7 views

Arbitrary Code Execution (ACE)

asteval is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to insufficient input validation, which allows attackers to bypass safety restrictions and execute arbitrary Python code within the application's context...

8.4AI score
Exploits0
Veracode
Veracode
•added 2025/01/28 5:33 a.m.•12 views

Cross-site Scripting (XSS)

Umbraco is vulnerable to cross-site scripting XSS. The vulnerability is due to improper sanitization in certain localized backoffice components, allowing authenticated users to inject malicious scripts when viewing these components...

5.4CVSS5.8AI score0.00258EPSS
Exploits0References4Affected Software2
Total number of security vulnerabilities38326