38326 matches found
Server-Side Request Forgery (SSRF)
Fedify is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of the Webfinger mechanism, allowing attackers to perform GET requests to internal resources, cause denial of service via infinite loops, or execute blind SSRF attacks...
Denial Of Service (DoS)
org.apache.cxf, cxf-core is vulnerable to Denial of Service DoS. The vulnerability is due to CachedOutputStream instances not being closed in certain edge cases, potentially filling up the file system when backed by temporary files, allows an attacker to exhaust the file system...
Out Of Memory Error
org.elasticsearch, elasticsearch is vulnerable to Out of Memory Error. The vulnerability is due to unrestricted resource allocation in Elasticsearch, where there are no limits or throttling mechanisms in place to manage resource usage effectively. It allows malicious queries, such as those using...
Credential Disclosure
github.com/writefreely/writefreely is vulnerable to Credential Disclosure. The vulnerability is due to improper configuration management. Specifically, the sensitive information in the config.ini file is not adequately protected, allowing local users to access it and discover credentials when MyS...
Cross-Site Request Forgery (CSRF)
codechecker is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper authentication handling in CodeChecker, which allows an attacker to hijack the authentication of a logged-in user and perform actions with the same permissions...
Cross-site Scripting (XSS)
YesWiki is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation in the attach component, where a non-existing resource in the file attribute generates a file upload button, allowing authenticated users with edit or comment permissions to inject malicious scripts...
Relative Path Traversal
github.com/hashicorp/go-slug is vulnerable to Relative Path Traversal. The vulnerability is due to improper path validation when extracting user-provided paths from tar entries, allowing for directory traversal and potential overwriting of arbitrary files...
Cross-site Scripting (XSS)
YesWiki is vulnerable to a Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user input in the search by tag feature, allowing a malicious user to craft a link that triggers an XSS when clicked. This results in potential account takeover, stealing other accounts,...
Denial Of Service (DoS)
The compose-go library is vulnerable to a Denial of Service DoS. The vulnerability is due to excessive memory and CPU consumption when parsing malicious YAML payloads, which can be sent by an authorized user...
Predictable Boundary Selection
Undici is vulnerable to predictable boundary selection. The vulnerability is due to the use of Math.random to choose the boundary, which can be predicted if several of its values are known, potentially allowing an attacker to tamper with requests to backend APIs...
Cross-Site Scripting (XSS)
PhpSpreadsheet is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization or escaping of user input when converting XLSX files into HTML, allows malicious scripts to be embedded in the file content and executed in the context of the user's browser...
Arbitrary File Deletion
yeswiki/yeswiki is vulnerable to Arbitrary File Deletion. The vulnerability is due to improper file permission handling, where authenticated users can delete files owned by the FastCGI Process Manager FPM user, allowing them to arbitrarily remove critical files without any scope limitation...
Account Enumeration
umbraco.cms is vulnerable to Account Enumeration. The vulnerability is due to discrepancies in response codes and the timing of Umbraco management API responses, which allow attackers to infer the existence of specific accounts...
Cross-Site Scripting (XSS)
mathlive is vulnerable to Cross-site scripting XSS. The vulnerability is due to the lack of proper escaping of HTML content when using commands like \htmlData, which allows the injection and execution of malicious scripts...
Privilege Escalation
github.com/containers/buildah is vulnerable to Privilege Escalation. The vulnerability is due to improper use of the --mount flag in multi-stage builds, which exposes content from the build host to the command run in the RUN instruction. When the build process is performed with root privileges, i...
Remote Code Execution (RCE)
system.linq.dynamic.core is vulnerable to Remote code execution RCE. The vulnerability is due to insufficient input validation and improper access control when handling reflection types and static properties/fields in the System.Linq.Dynamic.Core library, allows remote access without proper...
Insecure TLS Configuration
aws-cdk-lib is vulnerable to Insecure TLS configuration. The vulnerability is due to the tls.connect method setting rejectUnauthorized: false by default, which allows connections to unauthorized OIDC providers without verification. This could potentially allow attackers to exploit insecure...
Unbounded Disk Consumption
github.com/t2bot/matrix-media-repo is vulnerable to Unbounded Disk Consumption. The vulnerability is MMR's lack of proper rate limiting and controls on the amount of data that can be requested and cached, allowing unauthenticated users to request excessive amounts of remote media files...
Stored Cross-site Scripting (XSS)
librenms/librenms is vulnerable to Stored Cross-site Scripting XSS. The vulnerability is due to insufficient input sanitization of the descr parameter in /ajaxform.php, allows malicious scripts to be injected and stored in the system...
Access Control Bypass
zotregistry.dev/zot is vulnerable to Access Control Bypass. The vulnerability is due to group data being stored as an append-list in the boltdb database meta.db, where group memberships are appended instead of replaced. It allows unauthorized access to persist, enabling attackers to retain...
Cross-Site Scripting (XSS)
KateX is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization of input. When users render untrusted mathematical expressions using renderToString, malicious input containing \htmlData can bypass validation, allowing for the execution of arbitrary JavaScrip...
Reflected Cross-Site Scripting (XSS)
librenms/librenms is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of the community parameter on the /addhost page, allowing remote attackers to inject malicious scripts, which execute when the page is viewed or interacted with...
Stored Cross-site Scripting (XSS)
librenms/librenms is vulnerable to stored cross-site scripting XSS. The vulnerability is due to improper sanitization of the display parameter in the /device/$DEVICEID/edit endpoint, allowing remote attackers to inject malicious scripts...
Stored Cross-site Scripting (XSS)
librenms/librenms is vulnerable to Stored cross-site scripting XSS. The vulnerability is due to insufficient input sanitization of the display parameter in the /device/$DEVICEID/edit endpoint, allowing attackers to inject and store malicious scripts on the server...
Stored Cross-site Scripting (XSS)
librenms/librenms is vulnerable to stored cross-site scripting XSS. The vulnerability is due to improper input sanitization of the state parameter in ajaxform.php, which allows an attacker to inject malicious scripts that execute when a user views or interacts with the affected page...
Broken Object Level Authorization
Indico is vulnerable to a Broken Object Level Authorization BOLA vulnerability. The vulnerability is due to insufficient access control in the /api/principals component, which allows attackers to retrieve information about other user accounts by sending crafted POST requests...
Improper Input Validation
Mattermost is vulnerable to Improper Input Validation. The vulnerability is due to the failure to properly handle attachment fields that cannot be cast to a String, leading to a crash in the web application. Attackers can exploit this by creating and sending specially crafted posts with such...
Arbitrary Code Execution
github.com/t2bot/matrix-media-repo is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to improper validation of file types during the thumbnail generation process, where MMR relies on user-supplied file type values to select decoders e.g., ImageMagick or ffmpeg, which can...
Server Side Request Forgery (SSRF)
github.com/t2bot/matrix-media-repo is vulnerable to Server Side Request Forgery SSRF. The vulnerability is due to MMR serving content from a private network it can access, under certain conditions, allows attackers to potentially access internal resources that would otherwise be protected...
Excessive Memory Consumption
github.com/t2bot/matrix-media-repo is vulnerable to Excessive Memory Consumption. The vulnerability is due to inadequate handling of large JSON responses, allowing an attacker to exhaust system memory and potentially crash the application...
Improper Authentication
Matrix Media Repo MMR is vulnerable to Improper Authentication. The vulnerability is due to MMR's design, which allows unauthenticated remote participants to trigger the download and caching of remote media from a remote homeserver to the local repository, enabling adversaries to plant problemati...
OS Command Injection
github.com/mayuresh82/gocast is vulnerable to OS Command Injection. The vulnerability is due to improper validation of user input in the name parameter, which allows specially crafted HTTP requests to inject and execute arbitrary OS commands...
Path Traversal
Ray is vulnerable to Path Traversal. The vulnerability is due to improper validation or sanitization of user input in the log API endpoint, allowing attackers to specify arbitrary file paths and access unauthorized files on the server...
Local File Inclusion (LFI)
Ray is vulnerable to Local File Inclusion LFI. The vulnerability is due to improper validation and access control in Ray's /static/ directory, which allows attackers to specify and access arbitrary file paths without authentication...
OS Command Injection
Ray is vulnerable to Os command Injection. The vulnerability is due to improper input sanitization in the cpuprofile URL parameter, allowing attackers to execute OS commands remotely on the system running the Ray dashboard without authentication...
Improper Input Validation
Mattermost is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of post properties, which allows a malicious authenticated user to craft and send a malicious post, potentially causing a crash...
Improper Input Validation
Mattermost is vulnerable to Improper Input Validation. The vulnerability is due to improper validation of the style of proto supplied to an action's style in post.props.attachments, which allows attackers to crash the frontend by providing crafted malicious input...
Improper Input Validation
Mattermost is vulnerable to Improper Input Validation. The vulnerability is due to a failure to properly validate post props, which can result in a crash when malicious posts are processed...
Remote Code Execution (RCE)
umbraco.headless.client.net is vulnerable to Remote Code Execution RCE. The vulnerability is due to the use of an insecure Refit package, allows an attacker to exploit the insecure Refit dependency...
Signature Bypass
github.com/dexidp/dex is vulnerable to Signature Bypass. The vulnerability is due to issues with XML encoding in the underlying Go library by using the xml-roundtrip-validator from Mattermost, which allows an attacker to bypass the signature verification process in SAML assertions...
Regular Expression Denial Of Service (ReDoS)
Parse-uri is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression processing, which allows attackers to exploit crafted URLs and cause a denial of service...
Remote Code Execution (RCE)
islandora/crayfish is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper configuration in certain web-accessible installations, which allows an attacker to execute arbitrary code remotely...
Account Takeover
Sentry is vulnerable to Account Takeover. The vulnerability is due to improper handling of SAML Identity Providers, which allows an attacker to craft a malicious SAML response and associate it with a different organization on the same Sentry instance...
Search Injection
Mongoose is vulnerable to Search Injection. The vulnerability is due to improper handling of a nested $where filter with a populate match, allows the improper handling of a nested $where filter with a populate match, which can be exploited for search injection attacks...
Authentication Bypass
github.com/tyktechnologies/tyk-identity-broker is vulnerable to Authentication Bypass. The vulnerability is due to the Go XML parser not guaranteeing integrity during the XML round-trip encoding/decoding XML data, which allows for the bypassing of SAML authentication...
Cross-Site Request Forgery (CSRF)
typo3/cms-lowlevel is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper handling of deep links in the backend user interface, caused by insufficient enforcement of HTTP methods and reliance on misconfigured security settings and allows an attacker to manipulate...
Denial Of Service (DoS)
io.netty, netty-common is vulnerable to Denial Of Service DoS. The vulnerability is due to unsafe reading of environment files, where Netty attempts to load a non-existent file, allows an attacker can exploit this by creating a large file, causing the application to crash and resulting in a denia...
Cross-Site Request Forgery (CSRF)
typo3/cms-dashboard is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper validation of HTTP methods in state-changing actions and misconfigurations in the backend settings, such as disabled security.backend.enforceReferrer or lax/none BE/cookieSameSite settings,...
Cross-Site Request Forgery (CSRF)
typo3/cms-belog is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to the backend user interface functionality involving deep links, which allows state-changing actions via HTTP GET without enforcing the appropriate HTTP method and allows an attacker to exploit the “Log...
Information Disclosure
typo3/cms-install is vulnerable to Information Disclosure. The vulnerability is due to an incorrect password hashing mechanism, which causes the install tool password to be logged in plaintext, allowing an attacker to potentially gain access to the password if they can access the logs or system...