Arbitrary File Write

github.com/siyuan-note/siyuan is vulnerable to Arbitrary File Write. The vulnerability is due to improper handling of the /api/asset/upload endpoint, which allows arbitrary file writing to the host and enables stored cross-site scripting via the file upload mechanism...

Server-side Template Injection (SSTI)

SiYuan is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to improper handling of templates in the /api/template/renderSprig endpoint, allowing attackers to access environment variables through the Sprig template engine...

Cross-site Scripting (XSS)

rails-html-sanitizer is vulnerable to a Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of HTML content when specific configurations are used. If HTML5 sanitization is enabled and the application developer overrides the sanitizer's allowed tags to include both "math" a...

Denial Of Service (DoS)

python-multipart is vulnerable to a Denial of Service DoS. The vulnerability is due to excessive logging and inefficient handling of data when parsing form data. Specifically, line breaks before the first boundary and trailing bytes after the last boundary are processed one byte at a time, emitti...

Server-Side Request Forgery (SSRF)

Mobile Security Framework MobSF is vulnerable to a Server-Side Request Forgery SSRF. The vulnerability is due to improper handling of HTTP redirects in the checkurl method, where the requests.get function is configured with allowredirects=True. This allows an SSRF when a request to...

Database Credentials Exposure

thorsten/phpmyfaq is vulnerable to Database Credentials Exposure. The vulnerability is due to improper error handling, which allows an attacker to obtain the database server's credentials when the connection to the database fails...

Insufficient Permission Checks

org.jenkins-ci.plugins, script-security is vulnerable to insufficient permission checks. The vulnerability is due to the lack of a permission check in a method that implements form validation, allows attackers with Overall/Read permission to access and check for the existence of files on the...

Session Fixation

org.jenkins-ci.plugins, oic-auth is vulnerable to Session Fixation. The vulnerability is due to the plugin failing to invalidate the previous session on login, allowing an attacker to reuse an old session...

Remote Code Execution (RCE)

org.apache.struts, struts2-core is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation and handling of file uploads, allowing attackers to potentially upload and execute malicious files on the server...

Sensitive Information Exposure

org.springframework.ldap:spring-ldap-core is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper handling of case conversions using String.toLowerCase and String.toUpperCase methods, which can have locale-dependent exceptions. This may lead to unintended columns bei...

Directory Traversal

The github.com/cli/cli is vulnerable to a Directory Traversal. The vulnerability is due to improper handling of artifact names during download when using the gh run download command. Specifically, if a malicious GitHub Actions workflow artifact is named .., the files within the artifact are...

Remote Code Execution (RCE)

D-Tale is vulnerable to Remote Code Execution RCE. The vulnerability is due to the ability for users to update the enablecustomfilters flag through the update-settings endpoint, allowing attackers to run malicious code on the server...

Remote Code Execution (RCE)

laravel/pulse is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient input validation in the remember method of the Laravel\Pulse\Livewire\Concerns\RemembersQueries trait, allows arbitrary callables to be executed without properly validating their parameters or...

Improper Input Validation

spatie/browsershot is vulnerable to Improper Input Validation. The vulnerability is due to improper URL validation through the setUrl method, allowing an attacker to exploit leading whitespace %20 before the file:// protocol, resulting in Local File Inclusion and potential access to sensitive fil...

Unauthorized File Download

thorsten/phpmyfaq is vulnerable to Unauthorized File Download. The vulnerability is due to improper validation in the FAQ Record component, allowing a privileged attacker to embed a file download in an element and exploit it without user interaction or explicit consent...

Authentication Bypass

Djoser is vulnerable to Authentication Bypass. The vulnerability is due to a fallback mechanism that queries the database directly when the authenticate function fails, allowing an attacker to gain unauthorized access by bypassing custom authentication checks such as two-factor authentication, LD...

Denial Of Service (DoS)

drupal/core is vulnerable to denial of service DOS. The vulnerability is due to insufficient validation or rate-limiting of comment reply requests, allowing an attacker to overload the system...

Remote Code Execution (RCE)

org.apache.hive, hive-exec is vulnerable to Remote Code Execution RCE. The vulnerability is due to the unsafe deserialization of arbitrary data using the SerializationUtilitiesdeserializeObjectWithTypeInformation method, which allows attackers to execute arbitrary code if they are authenticated a...

File Manipulation

drupal/core is vulnerable to File Manipulation. The vulnerability is due to insufficient validation and sanitization of user-provided file paths, which can lead to unauthorized file access or manipulation...

Build Replay Attack

org.jenkins-ci.plugins.workflow, workflow-cps is vulnerable to Build Replay Attack. The vulnerability is due to the plugin not verifying whether the main Jenkinsfile script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild a previous build with an unapprove...

Remote Code Execution (RCE)

Joplin is vulnerable to Remote code execution RCE. The vulnerability is due to insufficient sanitization of tag attributes introduced by the Mermaid feature, allowing execution of untrusted HTML content within the Electron window...

Remote Code Execution (RCE)

GitHub CLI is vulnerable to Remote Code Execution RCE. The vulnerability is due to unvalidated SSH connection details, allowing a malicious devcontainer to inject arguments that execute arbitrary commands when using gh codespace ssh or gh codespace logs...

Improper Permission Validation

github.com/goharbor/harbor is vulnerable to Improper Permission Validation. The vulnerability is due to insufficient permission validation when processing requests to update p2p preheat policies, allowing attackers to modify policies in projects they do not have access to...

Cross Site Scripting

rails-html-sanitizer, is vulnerable to Cross-Site Scripting. The vulnerability is due to improper handling of certain HTML5 elements when the sanitizer's allowed tags include "math", "mtext", "table", "style", and either "mglyph" or "malignmark." Attackers can exploit this by injecting malicious...

Denial Of Service (DoS)

cosmossdk.io/math is vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient bit-length validation in the sdk.Int and sdk.Dec types, which fails to properly enforce constraints, allowing unexpected conditions to cause a panic...

Sensitive Information Disclosure

Rancher Manager is vulnerable to sensitive information disclosure. The vulnerability is due to Helm values being stored directly in the Apps Custom Resource Definition and leaking into audit logs when the audit level is set to 2 or above, allowing users with GET access to read sensitive informati...

Arbitrary File Upload

djangofiler is vulnerable to Arbitrary file upload. The vulnerability is due to improper input validation and the lack of neutralization of script-related HTML tags in django Filer, allows attackers to upload files with dangerous types and manipulate input data, leading to stored XSS...

Denial Of Service (DoS)

github.com/cert-manager/cert-manager is vulnerable to Denial Of Service DoS. The vulnerability is due to the way cert-manager processes specially crafted invalid PEM data using the pem.Decode function in the standard library, allows an attacker who can modify PEM data read by cert-manager—such as...

Content Injection

sp-php-email-handler is vulnerable to Content Injection. The vulnerability is due to improper validation of email recipients and lack of sanitization of user-provided content in confirmation emails, allows attackers to specify arbitrary email addresses and inject malicious content...

Non-Constant Time Cryptographic Operation

devolutions.xts.net is vulnerable to Non-Constant Time Cryptographic Operation. The vulnerability is due to non-constant time cryptographic operations, which allow attackers to exploit variations in the time taken for different operations to reveal information about the encryption key...

Server Side Request Forgery (SSRF)

@lobehub/chat is vulnerable to Server Side Request Forgery SSRF. The vulnerability is due to insufficient input validation and improper handling of requests, allowing attackers to craft requests that can target internal services, even without authentication...

Cross Site Scripting

rails-html-sanitizer is vulnerable to Cross Site Scripting. The vulnerability is due to a flaw in the sanitization logic, allowing crafted malicious payloads to be treated as safe. Attackers can use this to include dangerous HTML or scripts in sanitized content, potentially resulting in Cross-Sit...

Weak Password Enforcement

ethycafides is vulnerable to Weak Password Enforcement. The vulnerability is due to a lack of server-side password policy enforcement in the /api/v1/user/accept-invite endpoint, allowing users to bypass client-side password complexity checks...

Cross Site Scripting

rails-html-sanitizer is vulnerable to Cross Site Scripting. The vulnerability is due to improper handling of namespaced elements in math or svg contexts due to a lack of checks for namespace-specific tags, which can lead to namespace confusion andallows attackers to exploit this by injecting...

Denial Of Service (DoS)

Kube-controller-manager is vulnerable to denial of service. The vulnerability is due to a missing .spec.behavior.scaleUp block in the HPA YAML file, causing kube-controller-manager pods to enter a restart loop and disrupt service availability. It allows an attacker to trigger a DoS by deploying t...

Malicious Package

@solana/web3.js is a Malicious Package allowing an attacker to steal private key material and drain funds from applications directly handling private keys...

Sensitive Information Exposure

Firepad is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper access controls, allowing attackers with knowledge of a pad ID to retrieve the current document text and all previously pasted content...

Denial Of Service (DoS)

Matrix-synapse is vulnerable to Denial Of Service. The vulnerability is due to insufficient rate limiting, allowing unauthenticated adversaries to trigger excessive remote media downloads and caching, potentially causing disk exhaustion and service unavailability...

Sensitive Information Exposure

Matrix-synapse is vulnerable to information disclosure. The vulnerability is due to improper handling of Sliding Sync, which can leak partial room state changes to users who are no longer in a room, while non-state events remain unaffected...

SQL Injection

tech.powerjob, powerjob is vulnerable to SQL injection. The vulnerability is due to improper handling of the version parameter, which allows attackers to manipulate SQL queries...

Method Exposure

orchid/platform is vulnerable to Method Exposure. The vulnerability is due to inadequate access control in the asynchronous modal functionality of the Orchid Platform, allows arbitrary methods within the Screen class to be called without proper validation, enabling attackers to exploit the expose...

Cross-site Scripting (XSS)

Mobile Security Framework MobSF is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation of filenames, allowing malicious users to upload script files that can execute when the "Diff or Compare" functionality is used...

Directory Traversal

dotnetzip is vulnerable to Directory Traversal. The vulnerability is due to improper validation of file paths during extraction in the src/Zip.Shared/ZipEntry.Extract.cs component, allowing remote attackers to execute arbitrary code...

Cross-Site Scripting (XSS)

decidim-meetings is vulnerable to a cross-site scripting XSS. The vulnerability is due to the meeting embeds feature being susceptible to a malformed URL, allowing an attacker to exploit it...

XML External Entity

simplesamlphp/xml-common is vulnerable to XML External Entity XXE. The vulnerability is due to improper handling of untrusted XML input during document parsing, which allows an attacker to exploit external entity references to access sensitive data or perform denial-of-service attacks...

Unauthorized Data Access

moodle/moodle is vulnerable to Unauthorized Data Access. The vulnerability is due to insufficient validation checks, which allow an attacker to fetch the list of course badges for courses they are not authorized to access...

Improper Authorization

moodle/moodle is vulnerable to Improper Authorization. The vulnerability is due to insufficient validation of permissions, allowing users to bypass restrictions and delete OAuth2-linked accounts...

Password Bypass

moodle/moodle is vulnerable to Password Bypass. The vulnerability is due to loose comparison in the password-checking logic, allowing certain "magic hash" values to bypass password restrictions...

Insecure Configuration Injection

flowise is vulnerable to insecure configuration injection. The vulnerability is due to insufficient protection and lack of secure default settings for the overrideConfig option, which allows developers to inject configuration into the Chainflow during execution...

Unrestricted Script Execution

github.com/drakkan/sftpgo is vulnerable to unrestricted script execution. The vulnerability is due to lack of proper access control over script execution, which allows administrators to execute system commands without restrictions, which can lead to unintended access to the underlying OS/containe...