Cross-Site Scripting (XSS)

djangocmsattributesfield is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper neutralization of input during web page generation in django CMS Attributes Fields, which allows stored XSS."...

Unauthorized Resource Access

github.com/rancher/steve is vulnerable to Unauthorized Resource Access. The vulnerability is due to improper authorization checks, allowing users with minimal generic permissions to access and watch restricted resources...

Improper Input Validation

Synapse is vulnerable to Improper Input Validation. The vulnerability is due to improper validation of invites received over federation, allowing a malicious server to send crafted invites that disrupt the affected user's ability to perform /sync operations...

Unauthorized Information Disclosure

moodle/moodle is vulnerable to Unauthorized Information Disclosure. The vulnerability is due to dynamic tables not enforcing capability checks, which allows users to retrieve information without proper permissions...

Missing Authentication For Critical Function

Synapse is vulnerable to Missing Authentication For Critical Function. The vulnerability is due to improper access control, allowing unauthenticated remote participants to trigger downloads and caching of remote media, making it accessible from the local media repository without authentication...

Script Injection

Tuned is vulnerable to a script injection vulnerability. The vulnerability is due to improper authentication in the instancecreate D-Bus function, which allows locally logged-in users to execute arbitrary scripts with absolute paths. Attackers can use this to escalate privileges by executing...

Improper Authorization

github.com/cri-o/cri-o is vulnerable to Improper Authorization. The vulnerability is due to insufficient validation during container restoration, allowing a malicious user to restore a pod without proper access to host mounts by exploiting the checkpoint restore process...

Improper Certificate Validation

Keycloak is vulnerable to Improper Certificate Validation. The vulnerability is due to improper handling of reverse proxy configurations with mTLS enabled, allowing an attacker on the local network to impersonate any user or client using mTLS for authentication...

Local File Inclusion (LFI)

tecnickcom/tcpdf is vulnerable to Local File Inclusion LFI. The vulnerability is due to inadequate validation of user-supplied input in the src tag, allowing a user to read arbitrary files from the server's file system and potentially expose sensitive information...

Local Privilege Escalation

MLflow is vulnerable to Local Privilege Escalation. The vulnerability is due to excessive directory permissions, allowing a Time-of-Check to Time-of-Use ToCToU attack when the sparkudf MLflow API is called...

Improper Handling Of Exceptional Conditions

github.com/cilium/cilium is vulnerable to Improper Handling of Exceptional Conditions. The vulnerability is due to a misconfiguration in handling Layer 3 and Layer 7 allow policies when port ranges are used, allows an attacker to bypass Layer 7 security policies by exploiting the failure to enfor...

Path Traversal

Libre-chat is vulnerable to Path Traversal. The vulnerability is insufficient sanitization or validation of the filename input in the uploaddocuments method, allowing attackers to exploit the file path and perform a path traversal attack...

HTTP Request Smuggling

Keycloak Server is vulnerable to HTTP Request Smuggling. The vulnerability is due to improper handling of proxy headers, allowing attackers to exploit non-IP values, leading to costly DNS resolution operations that can overload IO threads...

Log Injection

org.apache.nifi, nifi is vulnerable to Log Injection. The vulnerability is due to the optional debug logging feature, which allows an authorized administrator to enable detailed logging of Parameter Context values during flow synchronization...

Arbitrary Command Execution

k8s.io/kubernetes is vulnerable to Arbitrary Command Execution. The vulnerability is due to improper validation and handling of gitRepo volumes in the Kubernetes kubelet component, which allows malicious actors to execute arbitrary commands by exploiting the way these volumes are processed...

Unauthorized Access

org.keycloak, keycloak-quarkus-server is vulnerable to Unauthorized Access. The vulnerability is due to improper access controls, allowing a high-privileged user to read sensitive information from a Vault file outside the expected context...

Denial Of Service (DoS)

org.keycloak, keycloak-services is vulnerable to Denial Of Service DoS. The vulnerability is due to untrusted data passed to the SearchQueryUtils method, which allows an attacker to exploit Regex complexity and exhaust system resources...

Sensitive Data Exposure

org.keycloak, keycloak-quarkus-server is vulnerable to Sensitive Data Exposure. The vulnerability is due to the capture of sensitive runtime values, such as passwords, during the build process and their embedding as default values in bytecode, which allows an attacker to access sensitive data...

Allocation Of Resources Without Limits

Synapse is vulnerable to Allocation Of Resources Without Limits. The vulnerability is due to improper handling of multipart/form-data requests, which can transiently increase memory consumption, allowing attackers to amplify DoS attacks...

Arbitrary File Upload

Synapse is vulnerable to Arbitrary File Upload. The vulnerability is due to improper handling of uncommon image formats during thumbnail generation, which could invoke external tools like Ghostscript, increasing the risk of exploitation...

Incorrect Default Permissions

Kolide Agent is vulnerable to Incorrect Default Permissions. The vulnerability is due to improper permissions set on the ProgramData directory for upgraded binaries and the omission of the SystemDrive environmental variable, allowing a malicious actor to place and execute arbitrary DLLs within th...

Insufficient Verification Of Data Authenticity

quic-go is vulnerable to Insufficient Verification of Data Authenticity. The vulnerability is due to improper handling of ICMP "Packet Too Large" messages, allowing an off-path attacker to inject such packets and disrupt QUIC connections by setting the MTU to a value below the minimum threshold o...

Cache Poisoning

moodle/moodle is vulnerable to Cache Poisoning. The vulnerability is due to improper validation mechanisms in local storage, allowing attackers to manipulate cached data maliciously...

SQL Injection

moodle/moodle is vulnerable to SQL injection. The vulnerability is due to insufficient input validation or sanitization in the XMLDB editor tool, which allows attackers to inject and execute unauthorized SQL commands...

Denial Of Service (DoS)

io.undertow, undertow-core is vulnerable to Denial of Service DoS. The vulnerability is due to an OutOfMemory error caused by a malicious user sending crafted requests through the FormAuthenticationMechanism, allowing an attacker to trigger the error...

SQL Injection

decidimawesome-module is vulnerable to SQL Injection. The vulnerability is due to improper neutralization of special elements in SQL commands within the papertrail/version model, allowing an authenticated admin user to manipulate SQL queries to disclose information, read/write files, or execute...

Directory Traversal

matrix-js-sdk is vulnerable to Directory Traversal. The vulnerability is due to insufficient validation of crafted MXC URIs, allowing a malicious room member to trigger arbitrary authenticated GET requests to the client's homeserver...

Denial Of Service (DoS)

pywasm3 is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling in the Readutf8 function...

Improper Privilege Management

Moodle is vulnerable to Improper Privilege Management. The vulnerability is due to insufficient capability checks, allowing users with access to restore glossaries in courses to restore them into the global site glossary without proper permissions...

Cross-site Scripting (XSS)

Moodle is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization of data during the restore process, allowing malicious backup files to introduce XSS risks...

Arbitrary File Read

craftcms/cms is vulnerable to arbitrary file read. The vulnerability is due to the exploitation of the dataUrl function, which allows attackers with write permissions on system notification templates to embed and exfiltrate Base64-encoded file content via triggered email notifications...

Local File System Validation Bypass

craftcms/cms is vulnerable to local file system validation bypass. The vulnerability is due to improper validation of file paths, allowing attackers to exploit a double file:// scheme to bypass restrictions and access or overwrite sensitive files...

Unauthorized Data Access

moodle/moodle is vulnerable to Unauthorized Data Access. The vulnerability is due to insufficient access control checks, allowing users with permission to view badge recipients to access unintended lists...

Open Redirection

Moodle is vulnerable to Open Redirection. The vulnerability is due to the cURL wrapper in Moodle retaining original request headers during emulated redirects, potentially causing HTTP authorization header information to be unintentionally sent to redirect URLs...

Arbitrary Code Execution

Ansible-Core is vulnerable to Arbitrary Code Execution. The vulnerability is due to attackers bypassing unsafe content protections by using the hostvars object to reference and execute templated content, potentially leading to code execution if remote data or module outputs are improperly templat...

Sensitive Information Exposure

Moodle is vulnerable to Sensitive Information Disclosure. The vulnerability is due to hidden user profile fields being visible in gradebook reports, allowing users without the "view hidden user fields" capability to access restricted information...

Local File Inclusion (LFI)

moodle/moodle is vulnerable to Local File Inclusion LFI. The vulnerability is due to inadequate input validation when restoring block backups, which allows an attacker to manipulate the process and potentially include local files, which can lead to exploitation of the system...

Insufficient Access Control

Moodle is vulnerable to Insufficient Access Control. The vulnerability is due to improper validation in the external API for the Quiz module, allowing unauthorized users to override access controls...

Improper Message Recipient Validation

moodle/moodle is vulnerable to Improper Message Recipient Validation. The vulnerability is due to insufficient input validation. Specifically, the system does not properly verify that the message recipients belong to the set of users returned by the non-respondents report, allowing messages to be...

Remote Code Execution (RCE)

moodle/moodle is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient input validation and sanitization in the calculated question types, which allows an attacker to inject malicious code that could be executed remotely, especially when the user has the capability to...

Cross-Site Scripting (XSS)

librenms/librenms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization of the "name" parameter on the "Port Settings" page, allowing an attacker to inject arbitrary JavaScript, which executes when the page is accessed, potentially compromising user...

Arbitrary Code Execution

librenms/librenms is vulnerable to Arbitrary Code Execution. The vulnerability is due to a lack of proper input validation and sanitization on directory names and configuration parameters entered through the web portal. It allows an attacker to inject arbitrary commands into shellexec calls...

XML External Entity (XXE) Injection

org.powertac:server-interface is vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper input validation in the DocumentBuilderFactory component, allowing attackers to access sensitive information or execute arbitrary code via crafted XML entities...

Improper Authorization

Moodle is vulnerable to improper authorization. The vulnerability is due to incorrect handling of Matrix room membership and power levels due to suspended Moodle users not being properly revoked, and attackers can use this to retain unauthorized access and elevated privileges in Matrix rooms even...

Sensitive Information Exposure

Moodle is vulnerable to Sensitive Information Exposure. The vulnerability is due to sensitive secrets and keys not being excluded from site administration preset exports, potentially leading to unintentional data leaks when presets are shared with third parties...

Regular Expression Denial Of Service (ReDoS)

cross-spawn is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to improper input sanitization, which allows an attacker to craft a large string that increases CPU usage and crashes the program...

Information Disclosure

github.com/mattermost/mattermost-server is vulnerable to Information Disclosure. The vulnerability is due to improper querying of Elasticsearch, which allows attackers to obtain the names of private channels they are not members of when Elasticsearch v8 is enabled...

Unauthorized Access

Mattermost is vulnerable to unauthorized access. The vulnerability is due to improper authorization, which allows users or system managers with "Read Groups" permission to retrieve details about private channels they are not members of by sending requests to /api/v4/channels...

MFA Code Replay Attacks

github.com/mattermost/mattermost-server is vulnerable to MFA code replay attacks. The vulnerability is due to insufficient validation of MFA codes, which allows attackers to reuse the same codes within approximately 30 seconds...

Argument Injection

Laravel is vulnerable to Argument Injection. The vulnerability is due to the misuse of the registerargcargv PHP directive, allowing attackers to modify the environment used by the framework via specially crafted query strings...