38326 matches found
Improper Access Control
snowflake-connector-nodejs is vulnerable to Improper Access Control. The vulnerability is due to insufficient file permission checks due to an attacker with write access to the local cache directory being able to bypass temporary credential cache restrictions...
Denial-of-Service (DoS)
github.com/hashicorp/yamux is vulnerable to a Denial-of-Service DoS. The vulnerability is due to improper handling of connection timeouts due to Stream.Read calls hanging indefinitely if a corresponding Stream.Write call times out under network congestion, leading to stalled sessions and requirin...
Improper Access Control
org.apache.hive:hive-exec is vulnerable to Improper Access Control. The vulnerability is due to insecure file permissions due to the credentials file being created with default permissions of 644 in a temporary directory, allowing unauthorized users to read sensitive information...
Denial Of Service (DoS)
github.com/ethereum/go-ethereum is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of incoming messages, which allows a specially crafted message to trigger a crash or shutdown of the node...
Credentials Exposure
net.snowflake, snowflake-jdbc is vulnerable to credentials exposure. The vulnerability is due to insecure file permissions, where the Snowflake JDBC Driver caches temporary credentials in a world-readable file, allowing unauthorized users or attackers to access sensitive information...
Cross-Site Scripting (XSS)
twig/twig is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of output escaping for the expression on the left side of the ?? operator in Twig, which allowed unsanitized data to be rendered in the output...
Unauthorized File Access
snowflake.data is vulnerable to Unauthorized File Access. The vulnerability is due to improper file handling, where downloaded files are temporarily stored in a world-readable local directory, allows unauthorized users on the same machine to access the files...
Credential Caching
snowflakeconnectorpython is vulnerable to Credential Caching. The vulnerability is due to improper handling of temporary credential caching on Linux systems, When caching is enabled, the credentials are stored in a file that is readable by all users, allowing unauthorized access...
Local Privilege Escalation
snowflakeconnectorpython is vulnerable to Local Privilege Escalation. The vulnerability is due to the use of the pickle module for serializing OCSP Online Certificate Status Protocol responses, which allows an attacker to craft malicious data that, when deserialized...
Information Disclosure
github.com/richardoc/kube-audit-rest is vulnerable to Information Disclosure. The vulnerability is due to improper handling of Kubernetes secrets in audit logs when using the "full-elastic-stack" example vector configuration, allowing an attacker to retrieve previous secret values, potentially...
SQL Injection
snowflakeconnectorpython is vulnerable to SQL Injection. The vulnerability is due to improper input sanitization in a function from the snowflake.connector.pandastools module, allowing malicious SQL code to be injected and executed...
Unauthorized Rule Injection
ArgoCD is vulnerable to unauthorized rule injection. The vulnerability is due to improper namespace isolation, as the openshift.io/cluster-monitoring label is automatically applied to all namespaces deploying an ArgoCD CR instance, allowing them to create unauthorized PrometheusRule objects...
Path Traversal
github.com/cri-o/cri-o is vulnerable to Path Traversal. The vulnerability is due to improper handling of file paths in the log management functions UnMountPodLogs and LinkContainerLogs, it allows an attacker to manipulate the paths, potentially unmounting arbitrary host paths...
Sensitive Information Exposure
Infinispan is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper logging due to the exposure of sensitive information, such as configuration details or credentials, through logging mechanisms when using JGroups with JDBCPING...
Account Takeover
causal/oidc is vulnerable to Account Takeover. The vulnerability is due to flaws in the account linking logic, where an attacker can register a public frontend user account with a user's email before the user's first OIDC login, allowing them to hijack the account...
Denial Of Service (DoS)
@sentry/astro, @sentry/aws-serverless, @sentry/bun, @sentry/google-cloud-serverless, @sentry/nestjs, @sentry/nextjs, @sentry/node, @sentry/nuxt, @sentry/remix, @sentry/solidstart and @sentry/sveltekit are vulnerable to Denial of Service DoS. The vulnerability is due to resource exhaustion due to...
Path Traversal
Deep Java Library DJL is vulnerable to a Path Traversal. The vulnerability is due to insufficient validation of file paths in the ZipUtils.unzip and TarUtils.untar methods, allows an attacker to manipulate file paths, enabling them to write files to arbitrary locations on the system...
Bot Protection Bypass
Anubis is vulnerable to Bot Protection Bypass. The vulnerability is due to insufficient validation due to allowing attackers to specify a nonce and set the challenge difficulty to zero, effectively bypassing the bot protection mechanism...
Symbolic Link Attack
github.com/golang/glog is vulnerable to symbolic link attack. The vulnerability is due to improper log file handling, which allows logs to be written to a widely-writable directory and also allows an attacker to pre-create a symlink to a sensitive file, which a privileged process may then overwri...
Signature Forgery Attack
org.apache.hive, hive-llap-common is vulnerable to signature forgery attack. The vulnerability is due to the use of Arrays.equals for signature validation, which allows an attacker to forge a valid signature byte by byte due to its non-constant-time comparison...
SQL Injection
pimcore/customer-management-framework-bundle is vulnerable to SQL injection. The vulnerability is due to improper handling of the filterDefinition/filter argument in the file /admin/customermanagementframework/customers/list, which allows execution of SQL commands...
Cross-Site Scripting (XSS)
pimcore/pimcore is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of the Search Document component, allowing remote attackers to manipulate it and execute cross-site scripting attacks...
Deserialization Of Untrusted Data
vLLM is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to unsafe deserialization due to the torch.load function loading malicious pickle data with weightsonly set to False, allowing arbitrary code execution during unpickling...
Cross-site Scripting (XSS)
Dolibarr is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization due to a crafted payload injected into the Title parameter in the Product module, allowing attackers to execute arbitrary web scripts or HTML...
Privilege Escalation
org.apache.solr, solr-core is vulnerable to Privilege Escalation. The vulnerability is due to the use of the "FileSystemConfigSetService" component in "standalone" or "user-managed" mode without authentication or authorization, allowing attackers to replace trusted configset files with potentiall...
Relative Path Traversal
org.apache.solr, solr-core is vulnerable to Relative Path Traversal. The vulnerability is due to a lack of input sanitization in the "configset upload" API, which allows the arbitrary filepath write-access when processing ZIP files...
Cross-Site Scripting (XSS)
Dolibarr is vulnerable to cross-site scripting XSS. The vulnerability is due to improper input sanitization of user-supplied data in the Title parameter of the Events/Agenda module, allowing attackers to inject and execute arbitrary scripts...
Arbitrary Code Execution
ASTEVAL is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper handling of FormattedValue AST nodes due to the use of Python's str.format method, allowing attackers to bypass restrictions and execute arbitrary code...
Server-Side Request Forgery (SSRF)
github.com/imgproxy/imgproxy is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper restriction of loopback addresses, allowing access to local services by not blocking the 0.0.0.0 address even when IMGPROXYALLOWLOOPBACKSOURCEADDRESSES is set to false...
XML External Entity
org.hl7.fhir.publisher:org.hl7.fhir.publisher.cli and org.hl7.fhir.publisher:org.hl7.fhir.publisher.core are vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper XML parsing due to XSLT transforms allowing malicious XML with external entity references to access...
Cross-Origin Resource Sharing (CORS) Misconfiguration
Nuxt is vulnerable to Cross-Origin Resource Sharing CORS misconfiguration. The vulnerability is due to default CORS settings in Nuxt, which allowed any website to send requests to the development server and read the responses. It allows an attacker to send requests from a malicious website and...
Incorrect Usage Of Seeds
org.apache.cocoon, cocoon-forms-impl is vulnerable to Incorrect Usage of Seeds . The vulnerability is due to predictability in the random number generation process, as the PRNG was seeded with the startup time, allowing attackers to guess continuation identifiers and access unauthorized...
Script Injection
Nuxt is vulnerable to Script injection. The vulnerability is due to the lack of same-origin policy enforcement for script requests, allows attackers to inject malicious scripts into a victim's site via a script tag, bypassing security measures intended to prevent such cross-origin interactions...
Incorrect Default Permissions
org.jenkins-ci.plugins, oic-auth is vulnerable to Incorrect Default Permissions. The vulnerability is due to the Jenkins OpenId Connect Authentication Plugin improperly handling username case sensitivity, which allows attackers to bypass authentication mechanisms by submitting usernames that diff...
Authentication Bypass
Keycloak is vulnerable to Authentication Bypass. The vulnerability is due to the system updating passwords without performing an LDAP bind to validate the new credentials against Active Directory, allowing users with expired or disabled AD accounts to regain access and bypass AD restrictions...
Sensitive Data Exposure
github.com/cilium/cilium is vulnerable to Sensitive Data Exposure. The vulnerability is due to improper default configuration of the Access-Control-Allow-Origin header, which allows cross-origin requests from untrusted sources, potentially exposing sensitive information when accessing the Hubble ...
Sensitive Information Exposure
github.com/updatecli/updatecli is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper log sanitization due to private Maven repository credentials being exposed in logs when a retrieval operation fails...
Cross-site Scripting (XSS)
store2 is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization in the store.deep.js component, allowing a remote attacker to execute arbitrary code...
Denial Of Service (DoS)
github.com/cilium/cilium is vulnerable to Denial Of Service DoS. The vulnerability is due to a flaw in Cilium's handling of DNS traffic when configured to proxy it in a Kubernetes cluster, allowing an attacker to send a crafted DNS response to workloads outside the cluster, causing Cilium agents ...
Cross-site Scripting (XSS)
pscontactinfo is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of formatted addresses, which allows stored script execution when combined with third-party modules...
Cross-Site Scripting (XSS)
phpmyadmin/phpmyadmin is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user-supplied input in table or database names within the check tables feature, allowing an attacker to execute arbitrary JavaScript in the victim's browser...
Sandbox Escape
restrictedpython is vulnerable to Sandbox Escape. The vulnerability is due to a type confusion bug in CPython when using try/except, which allows an attacker to bypass the security restrictions in RestrictedPython...
Path Traversal
github.com/envoyproxy/gateway is vulnerable to a Path Traversal. The vulnerability is due to improper access control, allowing a user with access to the Kubernetes cluster to execute Envoy Admin interface commands on proxies managed by any version of Envoy Gateway...
Temporary File Retention
@fastify/multipart is vulnerable to Temporary File Retention. The vulnerability is due to the saveRequestFiles function failing to delete temporary uploaded files when a user cancels the request, allows an attacker to repeatedly initiate and cancel file uploads, leading to excessive disk space...
Remote Code Execution (RCE)
craftcms/cms is vulnerable to Remote Code Execution RCE. The vulnerability is due to compromised security keys, which allow attackers to execute arbitrary code on affected installations...
Privilege Escalation
Directus is vulnerable to Privilege Escalation. The vulnerability is due to improper access control in the sharing feature, which allows users to specify arbitrary roles, bypassing role-based restrictions and gaining access to fields that are normally restricted for certain roles...
Denial Of Service (DoS)
org.apache.wicket,wicket-core is vulnerable to Denial of Service DOS. The vulnerability is due to improper request handling in the core, which allows an attacker to flood the server with multiple requests to server resources, leading to a Denial of Service...
Reflected Cross Site Scripting (XSS)
silverstripe/framework is vulnerable to cross-site scripting XSS. The vulnerability is due to improper handling of error messages, which allows execution of a malicious payload included in a URL when the website is set to the "dev" environment mode...
Arbitrary Code Execution (ACE)
asteval is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to insufficient input validation, which allows attackers to bypass safety restrictions and execute arbitrary Python code within the application's context...
Cross-site Scripting (XSS)
Umbraco is vulnerable to cross-site scripting XSS. The vulnerability is due to improper sanitization in certain localized backoffice components, allowing authenticated users to inject malicious scripts when viewing these components...