Lucene search
K
VeracodeRecent

38326 matches found

Veracode
Veracode
•added 2025/01/21 4:16 a.m.•14 views

Cross-Site Request Forgery (CSRF)

typo3/cms-extensionmanager is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper handling of HTTP methods for state-changing actions and the backend user interface being susceptible to malicious URLs under specific misconfigurations, allows an attacker to retrieve...

8.8CVSS7.1AI score0.00352EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2025/01/21 4:13 a.m.•10 views

Cross-Site Request Forgery (CSRF)

typo3/cms-beuser is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper handling of state-changing actions in downstream components, where HTTP GET submissions are incorrectly accepted instead of enforcing the appropriate HTTP method. Misconfigurations, such as...

5.4CVSS7AI score0.00235EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2025/01/21 4:9 a.m.•25 views

Cross-Site Request Forgery (CSRF)

typo3/cms-scheduler is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper handling of HTTP methods and a failure to enforce appropriate security settings, which allows attackers to submit malicious requests through CSRF...

8CVSS7.2AI score0.00251EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/01/20 7:42 a.m.•10 views

Remote Code Execution (RCE)

Rasa is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of maliciously crafted models in Rasa, which allows an attacker to load a model remotely into a Rasa instance if certain security configurations are not in place...

9CVSS7.4AI score0.00895EPSS
Exploits0References4Affected Software2
Veracode
Veracode
•added 2025/01/20 5:59 a.m.•9 views

Access Control List (ACL) Bypass

gradio is vulnerable to an Access Control List ACL Bypass. The vulnerability is due to improper case normalization in the file path validation logic through the blockedpaths parameter of the isallowedfile function, allows an attacker can gain unauthorized access to sensitive files by altering the...

8.7CVSS6.7AI score0.00836EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2025/01/20 5:39 a.m.•4 views

Insufficient Input Validation

Umbraco.Forms is vulnerable to insufficient input validation. The vulnerability is due to lack of server-side validation for the character limits. While the client-side validation enforces these limits in the browser, it can be bypassed by manipulating the request before it reaches the server...

5.8CVSS6.7AI score0.00363EPSS
Exploits0References2Affected Software2
Veracode
Veracode
•added 2025/01/20 3:9 a.m.•15 views

Cross-Site Request Forgery (CSRF)

typo3/cms-indexed-search is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper validation of HTTP methods for state-changing actions and misconfigured security settings, allows attackers to exploit the "Indexed Search Module" to delete items by deceiving logged-in...

4.3CVSS6.9AI score0.00188EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2025/01/20 3:8 a.m.•7 views

Cross-Site Request Forgery (CSRF)

typo3/cms-form is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper handling of state-changing actions in downstream components, which incorrectly accept submissions via HTTP GET requests instead of enforcing the correct HTTP method. Misconfigured settings, such ...

5.4CVSS6.7AI score0.00183EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2025/01/20 3:4 a.m.•12 views

Gas Manipulation Attack

vyper is vulnerable to Gas Manipulation Attack. The vulnerability is due to insufficient error handling in the Vyper Compiler, which fails to check the success flag of precompile calls EcRecover and Identity, allowing attackers to manipulate the gas, causing precompile failures without halting...

7.5CVSS6.8AI score0.00643EPSS
Exploits1References6Affected Software1
Veracode
Veracode
•added 2025/01/19 12:15 a.m.•9 views

Improper Array Index Validation

OFFIS DCMTK is vulnerable to Improper Array Index Validation. The vulnerability is due to improper bounds checking in the nowindow functionality, leading to an out-of-bounds write. An attacker can provide a specially crafted DICOM file to trigger this vulnerability and potentially execute arbitra...

8.4CVSS7.1AI score0.0061EPSS
Exploits1References6Affected Software1
Veracode
Veracode
•added 2025/01/18 8:23 p.m.•10 views

Server-Side Request Forgery

Gomatrixserverlib is vulnerable to server-side request forgery SSRF. The vulnerability is due to improper validation of network requests, allowing the library to serve content from a private network it can access under certain conditions, which attackers can exploit to access internal network...

4.3CVSS6.6AI score0.00332EPSS
Exploits0References3Affected Software2
Veracode
Veracode
•added 2025/01/17 7:45 a.m.•9 views

Remote Code Execution (RCE)

.NET 8.0 and .NET 9.0 are vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation or handling of files loaded in Visual Studio, allowing specially crafted files to exploit the system...

8.8CVSS7.8AI score0.02262EPSS
Exploits0References5Affected Software14
Veracode
Veracode
•added 2025/01/17 7:25 a.m.•15 views

Remote Code Execution

Microsoft.NetCore.App.Runtime is vulnerable to Remote Code Execution. The vulnerability is due to improper handling of specially crafted files in Visual Studio, allowing attackers to exploit this weakness by loading malicious files to execute arbitrary code...

7.5CVSS7.6AI score0.01764EPSS
Exploits0References5Affected Software14
Veracode
Veracode
•added 2025/01/17 7:24 a.m.•9 views

Remote Code Execution

Microsoft.NetCore.App.Runtime is vulnerable to Remote Code Execution. The vulnerability is due to improper handling of specially crafted requests by the web server. Attackers can exploit this vulnerability by sending maliciously crafted requests to a vulnerable application, potentially executing...

7.5CVSS8AI score0.01637EPSS
Exploits0References4Affected Software13
Veracode
Veracode
•added 2025/01/17 6:51 a.m.•8 views

Cross-site Scripting (XSS)

silverstripe/framework is vulnerable to a Cross-Site Scripting XSS. The vulnerability is due to the failure to sanitize HTML before replacing the embed shortcode with oEmbed JSON data in the "insert media" functionality, allowing a script payload to be executed on both the CMS and front-end of th...

5.4CVSS6AI score0.01108EPSS
Exploits2References6Affected Software1
Veracode
Veracode
•added 2025/01/17 6:38 a.m.•3 views

Denial Of Service (DoS)

Django is vulnerable to a Denial Of Service DoS. The vulnerability is due to the lack of upper-bound limit enforcement in strings during IPv6 validation, which affects the cleanipv6address and isvalidipv6address functions, as well as the django.forms.GenericIPAddressField form field, allows an...

7.5CVSS5.5AI score0.01854EPSS
Exploits0References12Affected Software2
Veracode
Veracode
•added 2025/01/17 6:37 a.m.•5 views

Reflected Cross-Site Scripting (Reflected XSS)

silverstripe/framework is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to the "dev" environment mode improperly rendering error messages, allowing an attacker to execute XSS payloads by providing a malicious URL...

5.8AI score
Exploits0
Veracode
Veracode
•added 2025/01/17 6:37 a.m.•8 views

Credentials Exposure

github.com/git-lfs/git-lfs is vulnerable to Credential Exposure. The vulnerability is due to improper handling of URL-encoded control characters in Git LFS, which passes portions of a host's URL containing embedded line-ending control characters e.g., LF or CR to the git-credential command withou...

8.5CVSS6.7AI score0.0104EPSS
Exploits0References6Affected Software2
Veracode
Veracode
•added 2025/01/17 6:36 a.m.•6 views

Arbitrary File Read

org.apache.linkis, linkis-metadata-query-service-jdbc is vulnerable to Arbitrary File Read. The vulnerability is due to insufficient parameter filtering in the DataSource Manager Module, allowing an attacker to configure malicious MySQL JDBC parameters to read arbitrary files from the server...

5.9CVSS6.5AI score0.00318EPSS
Exploits0References4Affected Software2
Veracode
Veracode
•added 2025/01/17 5:53 a.m.•12 views

Cross-site Scripting (XSS)

github.com/rancher/rancher is vulnerable to Cross-site Scripting XSS. The vulnerability is due to a Stored XSS attack, which occurs when a malicious actor can inject and store malicious scripts via the cluster description field, leading to potential execution of unauthorized code within the UI...

8.9CVSS5.8AI score0.00476EPSS
Exploits0
Veracode
Veracode
•added 2025/01/17 2:50 a.m.•4 views

Inefficient Compression

@lodestar/reqresp is vulnerable to Inefficient Compression. The vulnerability is due to inefficient compression in the snappy framing over SSZ encoded messages, allows an attacker to send specially crafted messages that exploit these inefficiencies, potentially causing resource exhaustion, system...

7AI score
Exploits0
Veracode
Veracode
•added 2025/01/17 2:48 a.m.•9 views

Cross-Site Scripting (XSS)

silverstripe/framework is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitisation of user-provided content in form messages, allows HTML markup, including potentially harmful scripts, to be processed and displayed without proper filtering, leading to the...

5.4CVSS5.4AI score0.00305EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2025/01/17 2:46 a.m.•6 views

Cross-Site Scripting (XSS)

microweber/microweber is vulnerable to Cross Site Scripting. The vulnerability is due to insufficient input sanitization in the First Name and Last Name parameters, allows untrusted data to be executed as code, enabling the attacker to inject malicious scripts into the application...

4.7CVSS6.5AI score0.0109EPSS
Exploits2References2Affected Software1
Veracode
Veracode
•added 2025/01/17 2:45 a.m.•4 views

Cross-Site Scripting (XSS)

microweber/microweber is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input validation in the campaign Name Internal Name field in the Add new campaign function, allowing a remote attacker to execute arbitrary code...

4.7CVSS4.9AI score0.0109EPSS
Exploits4References3Affected Software1
Veracode
Veracode
•added 2025/01/16 2:34 a.m.•6 views

Cross-Site Scripting (XSS)

microweber/microweber is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper input validation in the "create new backup" function, allowing a remote attacker to execute arbitrary code via the endpoint /admin/module/view?type=adminbackup...

6.1CVSS7.5AI score0.00846EPSS
Exploits4References3Affected Software1
Veracode
Veracode
•added 2025/01/16 2:32 a.m.•4 views

Man-in-the-middle(MitM) Attack

github.com/notaryproject/notation-go is vulnerable to Man-in-The-Middle attack. The vulnerability is due to the failure to verify the revocation status of the certificate chain during timestamp signature generation, allowing attackers to exploit compromised or revoked certificates to generate...

4CVSS4.1AI score0.0013EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2025/01/16 2:29 a.m.•7 views

Information Disclosure

org.keycloak, keycloak-quarkus-server is vulnerable to Information Disclosure. The vulnerability is due to the ability of admin users to inject placeholders like $env.VARNAME or $PROPNAME into configurable URLs, allowing access to sensitive server environment variables and system properties...

4.9CVSS6.5AI score0.00752EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2025/01/16 2:27 a.m.•6 views

Denial Of Service (DoS)

github.com/notaryproject/notation-go is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of temporary file operations during CRL cache updates, specifically the use of the os.Rename method, which fails when moving files across different mount points, allows an...

3.3CVSS6.6AI score0.00192EPSS
Exploits1References6Affected Software1
Veracode
Veracode
•added 2025/01/15 3:51 a.m.•11 views

Cross-Site Scripting (XSS)

gg.jte, jte is vulnerable to cross-site scripting XSS. The vulnerability is due to improper escaping of backticks and dollar signs in JavaScript template strings, which allows an attacker to inject malicious JavaScript code into HTML templates...

6.1CVSS6.3AI score0.00285EPSS
Exploits0References6Affected Software2
Veracode
Veracode
•added 2025/01/15 3:50 a.m.•14 views

Denial Of Service (DoS)

org.keycloak, keycloak-quarkus-server is vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient input validation in the processing of security headers, allowing improperly formatted input such as newlines to disrupt server operations...

6.5CVSS6.7AI score0.00927EPSS
Exploits0References8Affected Software2
Veracode
Veracode
•added 2025/01/15 3:46 a.m.•16 views

Authentication Bypass

github.com/openfga/openfga is vulnerable to Authorization Bypass. The vulnerability is due to improper validation of conditions and contextual tuples when using the Check API or ListObjects API, particularly when caching is enabled OPENFGACHECKQUERYCACHEENABLED, allows attackers to potentially...

9.8CVSS6.7AI score0.00428EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/01/14 11:20 a.m.•25 views

Denial Of Service (DoS)

Tornado is vulnerable to a Denial of Service DoS. The vulnerability is due to the HTTP cookie parsing algorithm having quadratic complexity, allowing maliciously crafted cookie headers to cause excessive CPU consumption and block the processing of other requests...

7.5CVSS6.5AI score0.01051EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2025/01/14 11:3 a.m.•7 views

Improper Cache Management

github.com/MicahParks/jwkset is vulnerable to Improper Cache Management. The vulnerability is due to the provided HTTP client's local JWK Set cache failing to perform a full replacement during refresh operations. This allows outdated or revoked keys to remain in the cache, posing a security risk...

2.1CVSS6.5AI score0.00518EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2025/01/14 7:36 a.m.•7 views

Race Condition

pgAdmin is vulnerable to Race Condition. The vulnerability is due to improper session handling in server mode with LDAP authentication, where simultaneous login attempts can result in users being attached to another user's session...

8CVSS6.6AI score0.0044EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2025/01/14 6:54 a.m.•10 views

Open Redirection

github.com/h44z/wg-portal is vulnerable to Open Redirection. The vulnerability is due to improper handling of OAuth or OIDC authentication backends, which can be exploited when a user visits a malicious website in WireGuard Portal v2...

7.2AI score
Exploits0References2Affected Software1
Veracode
Veracode
•added 2025/01/14 6:25 a.m.•6 views

Denial Of Service (DoS)

github.com/mattermost/mattermost-server is vulnerable to Denial-of-service DoS vulnerability. The vulnerability is due to improper validation of post types, allowing attackers to exploit a specific post type customplnotification and its props to deny service to users with the sysconsolereadplugin...

6.5CVSS6.6AI score0.00593EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2025/01/14 6:24 a.m.•14 views

Type Confusion

strawberrygraphql is vulnerable to Type Confusion. The vulnerability is due to improper handling of GraphQL types when multiple types are mapped to the same underlying model while using the relay node interface, allows an attacker to exploit type confusion to access or manipulate data from...

3.7CVSS6.7AI score0.00361EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/01/14 6:24 a.m.•8 views

Incorrect UI Reporting

github.com/mattermost/mattermost-server is vulnerable to Incorrect UI reporting. The vulnerability is due to inaccurate reporting of missing settings, which allows an attacker to exploit misconfigurations. This could lead to manipulation of the Calls feature or unauthorized access to sensitive da...

5.3CVSS3.8AI score0.00312EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2025/01/14 6:24 a.m.•9 views

Open Redirect

sickchill is vulnerable to an Open Redirect. The vulnerability is due to improper validation of the next parameter in the user-controlled login endpoint, allows an attacker to redirect authenticated users to arbitrary destinations, potentially facilitating phishing attacks or other malicious...

4.8CVSS6.7AI score0.00935EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2025/01/14 3:48 a.m.•9 views

Arbitrary File Inclusion (AFI)

nesbot/carbon is vulnerable to Arbitrary File Inclusion AFI. The vulnerability is due to unsanitized user input passed to Carbon::setLocale, which allows attackers to upload files with a .php extension in a folder that can be included or required by the application, potentially executing arbitrar...

6.3CVSS7.1AI score0.00696EPSS
Exploits0References5Affected Software2
Veracode
Veracode
•added 2025/01/14 3:47 a.m.•18 views

Arbitrary File Write

keras is vulnerable to Arbitrary File Write. The vulnerability is due to improper handling of downloaded tar files in the getfile function. When the function extracts the tar file, it does not properly validate or sanitize the file paths, allowing attackers to write files to arbitrary locations o...

6.5CVSS6.8AI score0.00221EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2025/01/14 3:46 a.m.•13 views

Deserialization Of Untrusted Data

org.apache.openmeetings,openmeetings-parent is vulnerable to Deserialization of untrusted data. The vulnerability is due to the lack of proper configuration for the openjpa.serialization.class.blacklist and openjpa.serialization.class.whitelist settings in the clustering instructions, allowing an...

9.8CVSS7.7AI score0.65176EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2025/01/14 3:43 a.m.•5 views

Path Traversal

github.com/charmbracelet/soft-serve is vulnerable to a Path Traversal. The vulnerability is due to improper handling of user-supplied input in the path traversal mechanism, allows non-admin users to access and modify repositories that should be restricted to others...

8.8CVSS6.5AI score0.00654EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/01/13 10:4 a.m.•7 views

Cross-site Scripting (XSS)

TabberNeue is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper escaping of user-supplied page names in TabberTransclude.php, allowing an XSS payload to be injected as the page name...

8.6CVSS5.6AI score0.00489EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2025/01/13 9:28 a.m.•6 views

Denial Of Service (DoS)

go-git is vulnerable to a Denial of Service DoS. The vulnerability is due to insufficient handling of specially crafted responses from a Git server, which can trigger resource exhaustion in go-git clients...

7.5CVSS6.9AI score0.00696EPSS
Exploits0References2Affected Software2
Veracode
Veracode
•added 2025/01/13 9:0 a.m.•8 views

Session Fixation

NiceGUI is vulnerable to Session Fixation. The vulnerability is due to improper session handling, where authenticating with NiceGUI logged in the user across all browsers, including those in incognito mode...

7.5CVSS7AI score0.00368EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2025/01/13 7:48 a.m.•10 views

Argument Injection

github.com/go-git/go-git is vulnerable to an Argument Injection. The vulnerability is due to improper validation of input arguments passed to the git-upload-pack flags, which allows arbitrary values to be injected when using the file transport protocol...

9.8CVSS7.2AI score0.0124EPSS
Exploits0References3Affected Software2
Veracode
Veracode
•added 2025/01/13 7:34 a.m.•7 views

Stored Cross-site Scripting (XSS)

redaxo/source is vulnerable to Stored cross-site scripting XSS. The vulnerability is due to improper input validation in the /media/test.html component, allowing attackers to inject malicious scripts into the password parameter...

5.4CVSS6.1AI score0.00396EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2025/01/13 7:11 a.m.•10 views

Cross-Site Scripting (XSS)

getgrav/grav is vulnerable to cross-site scripting XSS. The vulnerability is due to improper handling of user input, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

6.1CVSS6.3AI score0.00364EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2025/01/13 6:56 a.m.•5 views

Cross-Site Scripting (XSS)

netcarver/textile is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user-controllable href input in image links when running the parser in restricted mode, allowing an attacker to inject malicious JavaScript code into image links, which is executed wh...

6.5AI score
Exploits0
Total number of security vulnerabilities38326