38119 matches found
Server Side Request Forgery (SSRF)
@backstage/plugin-scaffolder-node is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to improper handling of template functionality in the Backstage Scaffolder plugin, which allows Server-Side Template Injection SSTI to be exploited for Git config injection...
Script Injection
Debezium is vulnerable to script injection. The vulnerability is due to improper sanitization of parameters, allowing attackers to perform a script injection attack that may result in unauthorized data exposure...
Privilege Escalation
Drupal Core is vulnerable to Privilege Escalation. The vulnerability is due to improper validation of user roles and permissions, which allows unauthorized users to bypass access restrictions and gain elevated privileges...
Cross-Site Scripting (XSS)
Drupal Core is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper neutralization of input during web page generation, allowing malicious scripts to be executed on the client-side...
Deserialization Of Untrusted Data
Drupal Core is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to insecure deserialization of untrusted data, allows an attacker to inject malicious objects, which can be exploited through the gadget chain to achieve remote code execution...
Deserialization Of Untrusted Data
Drupal Core is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to insecure deserialization, allowing an attacker to exploit a chain of methods to achieve remote code execution when untrusted data is deserialized...
Deserialization Of Untrusted Data
Drupal Core is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to insecure deserialization, allowing an attacker to achieve Remote Code Execution RCE via a gadget chain...
Authentication Token Leakage
github.com/cli/go-gh is vulnerable to authentication token leakage. The vulnerability is due to improper handling of authentication tokens, where auth.TokenForHost could source a token from the GITHUBTOKEN environment variable for non-GitHub hosts within a codespace...
Authentication Token Leakage
github.com/cli/cli is vulnerable to authentication token leakage. The vulnerability is due to improper handling of the credential.helper configuration when cloning repositories with git submodules hosted outside of GitHub.com and ghe.com, causing authentication tokens to be exposed...
Brute-force Attack
github.com/mattermost/mattermost-server is vulnerable to Brute-force Attack. The vulnerability is due to improper synchronization when checking and updating failed login attempts, allowing attackers to bypass the "Max failed attempts" restriction by sending multiple login requests simultaneously...
Reflected Cross-Site Scripting (Reflected XSS)
Liferay Portal is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper handling of user input in the Dispatch name field, allowing remote attackers to execute arbitrary web script or HTML...
Arbitrary Code Execution (ACE)
angular-expressions is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to ability to escape the sandbox through a malicious expression, allowing an attacker to execute arbitrary code on the system...
Arbitrary File Write
Luigi is vulnerable to Arbitrary File Write. The vulnerability is due to improper destination file path validation in the extractpackagesarchive function, which allows attackers to craft malicious archive files with paths that traverse outside the intended extraction directory...
Path Traversal
pghoard is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths, which allows an attacker to traverse directories and access unauthorized files with the same privileges as the pghoard process...
Path Traversal
WebMvc.fn and WebFlux.fn are vulnerable to Path Traversal. The vulnerability is due to improper sanitization of user input in handling file paths, allows attackers to craft requests that bypass security restrictions and access unauthorized files on the server...
Time-of-check Time-of-use (TOCTOU) Race Condition
Apache Tomcat is vulnerable to a Time-of-check Time-of-use TOCTOU Race Condition. The vulnerability is lack of proper synchronization between the time the system checks a file's state and when it actually uses the file, allowing an attacker to manipulate the file system state during the brief...
Denial Of Service (DoS)
org.apache.tomcat, tomcat-catalina is vulnerable to Denial Of Service DoS. The vulnerability is due to excessive resource consumption in the examples web application, which allows an attacker to cause a denial of service...
Cross-Site Scripting (XSS)
Action Pack is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the contentsecuritypolicy helper, allowing carefully crafted inputs to inject new directives into the Content-Security-Policy CSP headers...
Cross-Site Request Forgery (CSRF)
Avenwu Whistle is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to insufficient validation of API requests, allowing attackers to perform malicious API calls that result in arbitrary code execution on the victim's machine...
HTML Attribute Injection
github.com/gohugoio/hugo is vulnerable to HTML Attribute Injection. The vulnerability is due to insufficient sanitization and escaping of HTML attributes in the internal templates, allows untrusted user input, such as Markdown content, to be processed and rendered without proper handling of...
Sandbox Bypass
winter/wn-cms-module is vulnerable to Sandbox Bypass. The vulnerability is due to inadequate enforcement of the sandbox in Twig, allowing users with specific permissions to modify theme customization values, templates, or model data through Twig templates...
XML External Entity (XXE)
Unstructured is vulnerable to XML External Entity XXE. The vulnerability is due to improper configuration while setting resolveentities=False for parsing XML with lxml in partitionxml, which allows external entities to be processed...
Cache Poisoning
check-jsonschema is vulnerable to Cache Poisoning. The vulnerability is due to improper handling of schema caching, where the basename of a remote schema URL is used as the cache filename. This allows attackers to insert malicious schemas into the cache via schema URL conflicts, potentially causi...
Sensitive Information Exposure
zhmcclient is vulnerable to Sensitive Information Exposure. The vulnerability is due to the logging of password-like properties in clear text in both the zhmcclient API and HMC logs when specific functions for creating or updating configurations e.g., partitions, LPARs, image activation profiles,...
Arbitrary Code Execution (ACE)
pnpm is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to mishandling of overrides and global cache, where overrides from one workspace leak into npm metadata saved in global cache, affecting other workspaces, and installs fail to revalidate data, allows an attacker to execu...
Improper Authorization
apachesuperset is vulnerable to Improper Authorization. The vulnerability is due to the FABADDSECURITYAPI being enabled, allows lower-privileged users to access and use an API that should be restricted to higher-privileged users...
Information Disclosure
apachesuperset is vulnerable to Information Disclosure. The vulnerability is due to improper handling of error messages, exposing sensitive analytics metadata, which allows an attacker to gain access to this information, potentially aiding in further attacks or revealing system details...
Cross-Site Scripting (XSS)
trix is vulnerable to cross-site scripting XSS. The vulnerability is due to improper sanitization of pasted malicious code, allowing attackers to execute arbitrary JavaScript in the user's session...
Unauthorized Access
directus is vulnerable to Unauthorized Access. The vulnerability is due to improper authentication handling when WEBSOCKETSGRAPHQLAUTH or WEBSOCKETSRESTAUTH is set to "public," allowing unauthenticated users to perform CRUD operations and subscribe to changes with full admin privileges...
Cross Site Scripting
@dapperduckling/keycloak-connector-server is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of URL parameters, allowing crafted malicious content to be injected and reflected into the HTML page...
Improper Authorization
apachesuperset is vulnerable to Improper Authorization. The vulnerability is due to improper authorization checks, where SQL DML statements are incorrectly identified as read-only queries, allowing attackers to bypass security restrictions and execute potentially malicious SQL queries...
Denial Of Service (DoS)
github.com/hashicorp/boundary is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of HTTP requests during the initialization of the Boundary controller, which allows an attacker to terminate the Boundary server prematurely...
Out-of-bounds Read
Ant-Media-Server is vulnerable to Out-of-bounds Read. The vulnerability is due to insufficient input sanitization in the logging mechanism, allowing user-controllable data, such as identifiers or sensitive information, to be included in log entries without proper filtering or validation. This cou...
Information Leakage
io.undertow, undertow-core is vulnerable to Information Leakage. The vulnerability is due to the incorrect reuse of an HTTP request header value from a previous stream for a subsequent stream on the same HTTP/2 connection, allowing an attacker to potentially leak information between requests...
NULL Pointer Dereference
github.com/moby/moby is vulnerable to a NULL Pointer Dereference. The vulnerability is due to improper handling of null pointers in the daemon/images/imagehistory.go file, which can lead to a crash or denial of service...
Directory Traversal
pythonlibarchive is vulnerable to Directory Traversal. The vulnerability is due to insufficient sanitization of file paths during the extraction process, which fails to properly handle or restrict the traversal of directory paths, allowing attackers to use special characters such as ../ to escape...
Arbitrary File Read
github.com/siyuan-note/siyuan is vulnerable to Arbitrary File Read. The vulnerability is due to insufficient input validation of the paths parameter in the /api/export/exportResources endpoint, allowing attackers to manipulate the file paths and traverse the directory structure...
Cross-site Scripting (XSS)
ibexa/admin-ui is vulnerable to a Cross-Site Scripting XSS. The vulnerability is due to improper sanitization in the Content name pattern mechanism, which is used to build Content names from one or more fields. Exploitation requires Content edit permissions, allowing an attacker to inject malicio...
Cross-site Scripting (XSS)
rails-html-sanitizer is vulnerable to a Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of HTML content when specific configurations are used. If HTML5 sanitization is enabled and the application developer overrides the sanitizer's allowed tags to include the "noscript...
Cross Site Scripting
SimpleXLSX is vulnerable to Cross Site Scripting. The vulnerability is due to insufficient input validation and sanitization in the toHTMLEx method, allowing the execution of arbitrary JavaScript code when processing Excel XLSx files...
Cookie Poisoning
Quarkus-HTTP is vulnerable to Cookie Poisoning. The vulnerability is due to improper parsing of cookies with specific value-delimiting characters, allowing attackers to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values...
Use Of A Broken Or Risky Cryptographic Algorithm
github.com/beego/beego is vulnerable to Use of a Broken or Risky Cryptographic Algorithm. The vulnerability is due to the use of MD5 as a hashing algorithm, which allows two different inputs to produce the same hash value...
XML External Entity
org.http4k, http4k-format-xml is vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper handling of malicious XML content in requests, which could allow attackers to access sensitive local information, perform Server-side Request Forgery SSRF, or potentially execute...
HTML Injection
Directus is vulnerable to HTML Injection. The vulnerability is due to the filtering of restricted characters, such as HTML tags, being implemented on the client-side, which can be bypassed. It allowing an attacker to inject malicious HTML content...
Improper Input Validation
dev.sigstore, sigstore-java is vulnerable to Improper Input Validation. The vulnerability is due to insufficient verification in the KeylessVerifier.verify method, which fails to properly validate whether the inclusion proof provided by a bundle corresponds to the correct log, allows an attacker ...
Sensitive Information Exposure
github.com/argoproj/argo-workflows/v3 is vulnerable to a Sensitive Information Exposure. The vulnerability is due to the absence of proper authentication checks in the GET Workflow endpoint when retrieving Archived Workflows. Specifically, when using --auth-mode=client, fake or spoofed tokens can...
Arbitrary File Read
github.com/siyuan-note/siyuan is vulnerable to Arbitrary File Read. The vulnerability is due to lack of proper validation on the path parameter in the /api/template/render endpoint, allows attackers to manipulate the path and access sensitive files on the host system...
Code Injection
Mongoose is vulnerable to a Code Injection. The vulnerability is due to improper use of the $where operator, which allows the execution of arbitrary JavaScript code in MongoDB queries. This could lead to code injection attacks, enabling unauthorized access to or manipulation of database data...
Open Redirection
github.com/bunkerity/bunkerweb is vulnerable to an Open Redirection. The vulnerability is due to improper validation of the "next" parameter in the loading endpoint, which allows attackers to redirect authenticated users to arbitrary external URLs. For example, visiting...
Insufficient Validation Of Integration Time
sigstore is vulnerable to insufficient validation of integration time. The vulnerability is due to insufficient validation of the integration time in "v2" and "v3" bundles, which allows an attacker to modify the timestamp and cause the signature verification to fail. However, the attack does not...