38326 matches found
Arbitrary File Deletion
github.com/siyuan-note/siyuan is vulnerable to Arbitrary file deletion. The vulnerability is due to a lack of proper safeguards in the POST /api/history/getDocHistoryContent endpoint, which allows maliciously crafted payloads to trigger the deletion of arbitrary files on the server...
Path Traversal
github.com/karmada-io/karmada is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths within custom resource definition CRD archives, allowing attackers to exploit a TarSlip vulnerability and write arbitrary files to arbitrary locations in the filesystem...
Cross-Site Scripting (XSS)
Trix is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of the link field, allowing attackers to trick users into pasting a malicious javascript: URL, which could execute arbitrary JavaScript code within the user's session...
Privilege Escalation
github.com/karmada-io/karmada is vulnerable to Privilege Escalation. The vulnerability is due to pull mode clusters being registered with excessive access to control plane resources via the karmadactl register command, allowing them excessive privileges to control plane resources...
Directory Traversal
path-sanitizer is vulnerable to Path Traversal. The vulnerability is due to insufficient sanitization of input paths, allowing attackers to bypass filters using .= %5c, potentially enabling directory traversal attacks...
Privilege Escalation
github.com/openshift/hive is vulnerable to Privilege Escalation. The vulnerability is due to improper access control in the Hive ClusterDeployments resource, which, under certain conditions, allows a developer account on a Hive-enabled cluster to obtain cluster-admin privileges by executing...
Incorrect Access Control
letta is vulnerable to Incorrect Access Control. The vulnerability is due to improper enforcement of access controls in the /users endpoint, allowing attackers to access sensitive data...
Denial Of Service (DoS)
org.jboss.narayana.rts:lra-coordinator-jar is vulnerable to a denial of service DoS. The vulnerability is due to a race condition in the LRA Coordinator component. If Cancel is called on an LRA and Join is called with the same LRA ID within approximately 2 seconds, the application may crash or ha...
Cross-Site Scripting (XSS)
phpoffice/phpspreadsheet is vulnerable to cross-site scripting XSS. The vulnerability is due to improper handling of custom properties, as the library generates HTML pages without clearing them, allowing an attacker to inject and execute malicious scripts in another user's browser, potentially...
Cross-Site Scripting (XSS)
phpoffice/phpspreadsheet is vulnerable to cross-site scripting XSS. The vulnerability is due to improper handling of the javascript protocol and special characters, allowing an attacker to craft malicious links that bypass the sanitizer...
Reflected Cross-Site Scripting (Reflected XSS)
phpoffice/phpspreadsheet is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to insufficient sanitization in the constructor of the Downloader class, allowing an attacker to perform a cross-site scripting attack using the...
Denial Of Service (DoS)
Next.js is vulnerable to a Denial of Service DoS. The vulnerability is due to requests to Server Actions hanging indefinitely, causing the server to remain idle with the connection open, allows an attacker to keep the connection open until the hosting provider cancels the function, leading to...
Cross-Site Scripting (XSS)
phpoffice/phpspreadsheet is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of sanitization in the /vendor/phpoffice/phpspreadsheet/samples/Engineering/Convert-Online.php file, allowing an attacker to inject malicious scripts into web pages viewed by other...
Reflected Cross-Site Scripting (Reflected XSS)
phpoffice/phpspreadsheet is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to insufficient input sanitization in the Accounting.php file, which allows an attacker to inject malicious scripts...
Cross-Site Scripting (XSS)
phpoffice/phpspreadsheet is vulnerable to cross-site scripting XSS. The vulnerability is due to the lack of sanitization of the hyperlink base in the HTML page header within the file Html.php, allows an attacker to inject malicious scripts into the generated HTML pages...
Reflected Cross-Site Scripting
phpoffice/phpspreadsheet is vulnerable to Unauthorized Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to improper input handling in the Currency.php file, allows an attacker to inject and execute malicious scripts...
Cross-site Scripting (XSS)
phpMyFAQ is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of HTML content in the FAQ editor at http://localhost/admin/index.php?action=editentry . Attackers can inject malformed HTML elements styled to cover the entire screen, disrupting the user...
Cross-site Scripting (XSS)
dcat/laravel-admin is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization in the /admin/auth/menu and /admin/auth/extensions endpoints, allowing attackers to inject malicious scripts...
Open Redirection
better-auth is vulnerable to an Open Redirect. The vulnerability is due to insufficient validation of the callbackURL parameter in the verify email endpoint. Attackers can manipulate this parameter to redirect users to malicious websites because the origin checker only validates POST requests, an...
Cross-site Scripting (XSS)
dcat/laravel-admin is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization in the /admin/articles/create endpoint in version 2.2.0-beta, which allows attackers to inject malicious scripts...
Insecure Direct Object Reference (IDOR)
Khoj is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to the improper implementation of access controls in the updatesubscription endpoint, where the system fails to enforce authorization checks to ensure that only the owner of a subscription can modify it, allowin...
Unauthorized Access
Apache NiFi is vulnerable to Unauthorized Access. The vulnerability is due to missing fine-grained authorization checks during Process Group creation, allowing attackers to access Parameter Contexts, Controller Services, and Parameter Providers without proper permissions...
Improper Access Control
nilsteampassnet/teampass is vulnerable to Improper access control. The vulnerability is due to the application failing to properly validate whether a folder belongs to the user's allowed folders list defined by an admin, allowing an attacker to bypass access restrictions and access unauthorized...
Reflected Cross-Site Scripting (Reflected XSS)
tltneon/lgsl is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to improper sanitization of the Referer HTTP header, allowing an attacker to inject arbitrary JavaScript code into the application's HTML response...
Improper Access Control
TeamPass is vulnerable to improper access control. The vulnerability is due to improper access control, as the application fails to verify whether a "mailmeaka actionmail" operation is performed by an administrator or manager, allowing an attacker to perform unauthorized operations...
Privilege Escalation
nilsteampassnet/teampass is vulnerable to Privilege Escalation. The vulnerability is due to improper access control in TeamPass, which fails to properly validate and restrict a user's actions based on their own privileges, allowing them to act with the privileges of a different userid...
Local File Read (LFR)
changedetectionio is vulnerable to Local file read LFR. The vulnerability is due to improper input validation, which allows attackers to exploit user input to construct file paths without adequate sanitization...
SQL Injection
python-sql is vulnerable to SQL Injection. The vulnerability is due to insufficient input sanitization and improper handling of unary operators in the python-sql library. Specifically, non-Expression values are not properly escaped, allowing them to be inserted into SQL queries without proper...
SQL Injection
redshiftconnector is vulnerable to SQL injection. The vulnerability is due to SQL injection in the getschemas, gettables, or getcolumns Metadata APIs in version 2.1.4, which could allow an attacker to gain escalated privileges...
Cross-Site Scripting (XSS)
tecnickcom/tcpdf is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the Error function lacking an htmlspecialchars call for the error message, which allows an attacker to inject malicious scripts into the error message...
Timing Attack
tecnickcom/tcpdf is vulnerable to a Timing Attack. The vulnerability is due to the use of loose comparison != in the unserializeTCPDFtag function, which lacks a constant-time comparison, allowing an attacker to infer hash values through timing discrepancies...
Remote Code Execution (RCE)
Apache MINA is vulnerable to Remote code execution RCE. The vulnerability is due to lack of necessary security checks and defenses in the ObjectSerializationDecoder, which uses Java’s native deserialization protocol. It allows attackers to exploit the deserialization process by sending malicious...
Cross-site Scripting (XSS)
Koji is vulnerable to cross-site scripting XSS. The vulnerability is due to unsanitized input due to malicious JavaScript code from a crafted link being reflected in the resulting web page, although XSS protections prevent actions or changes in Koji...
Cross-Site Scripting (XSS)
@marp-team/marp-core is vulnerable to Cross-site scripting XSS. The vulnerability is due to improper neutralization of HTML during sanitization, allowing malicious scripts to bypass defenses and execute...
Sensitive Information Exposure
Apache Hive is vulnerable to Sensitive Information Exposure. The vulnerability is due to inadequate handling of signature mismatches due to exposing the correct cookie signature to end users when there is a mismatch between the current and expected signature, potentially enabling further...
Unsafe SSL Verification
tecnickcom/tcpdf is vulnerable to Unsafe SSL verification. The vulnerability is due to improper handling of SSL verification settings in TCPDF when using libcurl, where CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER are set unsafely. It allows an attacker to perform a Man-in-the-Middle MitM attack...
Denial Of Service (DoS)
tc-lib-pdf-font is vulnerable to Denial Of Service DoS. The vulnerability is due to inadequate validation and handling of font metadata, specifically the FontBBox for Type 1 and TrueType fonts, in tc-lib-pdf-font, allows the font data to be misparsed, leading to potential security issues...
Server-side Template Injection (SSTI)
opencart/opencart is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to improper validation and sanitization of user inputs within the Theme Editor Function, allows attackers to inject malicious template code that can be executed on the server...
Denial Of Service (DoS)
golang.org/x/net is vulnerable to Denial Of Service DoS. The vulnerability is due to non-linear processing of input length, which causes excessive parsing delays and allows an attacker to craft input that results in a denial of service...
Denial Of Service (DoS)
github.com/clidey/whodb is vulnerable to Denial of Service DoS. The vulnerability is due to the server reading the entire request body into memory without size limits, which allows an attacker to send large request bodies to the server, leading to memory exhaustion and potentially resulting in a...
Server-Side Request Forgery (SSRF)
ch.qos.logback, logback-core is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper handling of the DOCTYPE declaration in XML configuration files, allowing an attacker to forge requests...
Privilege Escalation
github.com/openshift/must-gather is vulnerable to Privilege Escalation. The vulnerability is due to improper access controls and lack of validation in the MustGather.managed.openshift.io Custom Defined Resource CRD, which allows a non-privileged user to craft objects that misuse the most privileg...
Insufficiently Protected Credentials
GoPhish is vulnerable to Insufficiently Protected Credentials. The vulnerability is due to improper handling of mail server credentials due to storing cleartext passwords for the configured IMAP and SMTP servers, exposing sensitive information to attackers...
Out-of-bounds Read
libpoppler.so is vulnerable to Out-of-bounds Read. The vulnerability is due to improper handling of bitmap combinations within the JBIG2Bitmap::combine function in JBIG2Stream.cc, leading to potential memory access errors...
Privilege Escalation
github.com/hashicorp/nomad is vulnerable to Privilege Escalation. The vulnerability is due to unredacted workload identity tokens that allow unauthorized privilege escalation within a namespace...
Directory Traversal
Uptime Kuma is vulnerable to Directory Traversal. The vulnerability is due to inadequate validation of user-supplied URLs that allows attackers to exploit the file:/// protocol, enabling access to sensitive local files via the "real-browser" request type...
Account Takeover
Socialstream is vulnerable to Account Takeover. The vulnerability is due to the lack of a confirmation step when linking social accounts and the potential use of -stateless in the Socialite configuration, which allows an attacker to link a social account to an authenticated user’s account without...
Remote Code Execution (RCE)
com.databricks, databricks-jdbc is vulnerable to Remote code execution RCE. The vulnerability is due to insufficient validation or sanitization of the krbJAASFile parameter in the Databricks JDBC Driver, allows the attacker to manipulate the JDBC URL, enabling a JNDI injection that can lead to...
Remote Code Execution (RCE)
craftcms/cms is vulnerable to Remote Code Execution RCE. The vulnerability is due to the registerargcargv directive being enabled in the php.ini configuration, which allows an attacker to execute arbitrary code on the affected system remotely...
Incorrect Implementation Of The Authentication Algorithm
org.apache.kafka, kafka-clients is vulnerable to an incorrect implementation of the authentication algorithm. The vulnerability is due to the lack of nonce verification in Apache Kafka's SCRAM implementation, where the server does not verify that the nonce sent by the client in the second message...