38119 matches found
Regular Expression Denial Of Service (ReDoS)
Giskard is vulnerable to Remote Code Execution ReDoS. The vulnerability is due to inefficient regex handling when processing specific text patterns, allowing an attacker to cause a denial of service DoS by triggering prolonged regex evaluation times...
Denial Of Service (DoS)
System.Formats.Nrbf is vulnerable to Denial of Service DoS. The vulnerability is due to incorrect input validation in the NrbfDecoder component, which could allow an attacker to disrupt application availability...
Remote Code Execution (RCE)
System.Formats.Nrbf is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient input validation, allowing an attacker to exploit it by sending specially crafted requests or loading malicious files into a vulnerable application...
Account Takeover
zenml is vulnerable to Account Takeover. The vulnerability is due to a lack of rate-limiting on the '/api/v1/current-user' endpoint, which allows attackers to brute-force the current password in the 'Update Password' function...
Remote Code Execution (RCE)
backpack/filemanager is vulnerable to Remote Code Execution. The vulnerability is due to improper handling of untrusted data during deserialization from the mimes parameter, allows an attacker to execute remote code on the affected system...
Authentication Bypass
Symfony is vulnerable to Authentication Bypass. The vulnerability is due to improper username validation, as the framework fails to check if the database username matches the one linked to the remember-me cookie, allowing an attacker to gain unauthorized access...
Cross-Site Scripting (XSS)
unopim/unopim is vulnerable to cross-site scripting XSS. The vulnerability is due to the improper validation of uploaded SVG files, allowing embedded scripts to execute and potentially steal session cookies...
Incorrect ID During Policy Enforcement
neutron is vulnerable to an incorrect ID during policy enforcement. The vulnerability is due to an issue in neutron/extensions/tagging.py, where an incorrect ID is used, allowing attackers to manipulate network resources and leading to unauthorized access or bypassing security policies...
Cross-Site Scripting (XSS)
@sveltejs/kit is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of user-controlled input in the error message. Specifically, the placeholders in error.html are replaced with content without escaping, which can allow malicious content to be injected and...
Cross-Site Scripting (XSS)
@sveltejs/kit is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to unsanitized input from the request URL being used to render an HTML page, which affects the files packages/kit/src/exports/vite/dev/index.js and packages/kit/src/exports/vite/utils.js. It allows an attacker to...
OT-based ECDSA Protocol Implementation Flaws
github.com/taurusgroup/multi-party-sig is vulnerable to OT-based ECDSA protocol implementation flaws. The vulnerability is due to improper handling of Oblivious Transfer OT operations, allowing an attacker to exploit weaknesses in the OT implementation to compromise private keys or forge digital...
Cross-site Scripting (XSS)
github.com/usememos/memos is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization, allowing an attacker to upload a JavaScript file with a malicious script, which executes when referenced in an HTML file, potentially leading to the theft of...
Cross-site Scripting (XSS)
calibreweb to Cross-site Scripting XSS. The vulnerability is due to insufficient sanitization of user input in the editbooks.js file when editing book properties, such as uploading a cover or format. This allows attackers to execute arbitrary JavaScript code...
Server Side Request Forgery (SSRF)
github.com/openshift/console is vulnerable to Server Side Request Forgery SSRF. The vulnerability is due to the lack of proper checks on the /api/dev-console/proxy/internet endpoint, which allows authenticated users to make arbitrary HTTP requests from the console's pod to services inside the...
Stack Overflow
TOML parser is vulnerable to stack overflow. The vulnerability is due to improper handling of deeply nested structures in the TOML parser, which can lead to a stack overflow when encountering deeply nested inline structures or stringifying deeply nested objects. It allows an attacker to craft a...
Sensitive Information Exposure
calibreweb is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper error handling, exposing the names of private shelves in error messages when unauthorized users attempt to remove a book from a shelf they do not own...
Inadequate Encryption Strength
github.com/apache/incubator-answer is vulnerable to Inadequate Encryption Strength. The vulnerability is due to the use of UUID v1 for token generation, which incorporates predictable elements like timestamps and node identifiers, allowing an attacker to predict or forge UUID tokens, potentially...
Cross-site Scripting (XSS)
sylius/sylius is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation of uploaded SVG files, allowing attackers to inject malicious scripts that execute in the user's browser context...
OS Command Injection
llamafactory is vulnerable to remote OS command injection. The vulnerability is due to insecure usage of the Popen function with shell=True and unsanitized input, which allows an attacker to execute arbitrary OS commands on the host system...
Cross-Site Request Forgery (CSRF)
moodle/moodle is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to an incorrect CSRF token check in the bulk message sending feature of the Feedback module's non-respondents report, allowing an attacker to execute unauthorized actions...
Authorization Bypass
moodle/moodle is vulnerable to Authorization Bypass. The vulnerability is due to insufficient capability checks, which allowed users to delete badges they did not have permission to access...
Improper Access Control
calibreweb is vulnerable to Improper Access Control. The vulnerability is due to insufficient permission checks in the createshelf method of shelf.py, allowing users without public shelf permissions to create public shelves...
Cross-site Scripting (XSS)
LibreNMS is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input validation, allowing authenticated users to inject arbitrary JavaScript through the "descr" parameter when adding a service to a device in the "Services" tab of the Device page...
Regular Expression Denial Of Service (ReDoS)
@eslint/plugin-kit is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to improper input sanitization, allowing an attacker to increase CPU usage and crash the program...
Sensitive Information Disclosure
Apache Airflow is vulnerable to Sensitive Information Disclosure. The vulnerability is due to insufficient masking of sensitive configuration variables in task logs, allowing DAG authors to log such variables unintentionally or intentionally, potentially exposing them to unauthorized users...
Reflected Cross-Site Scripting (XSS)
librenms/librenms is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization of the "metric" parameter in the "/wireless" and "/health" endpoints, allowing attackers to inject arbitrary JavaScript...
Cross Site Scripting (XSS)
librenms/librenms is vulnerable to cross-site scripting XSS. The vulnerability is due to improper input sanitization in the device Display Name field, allowing JavaScript code to execute from various sources...
Cross Site Scripting (XSS)
librenms/librenms is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization in the "descr" parameter on the "Port Settings" page, allowing authenticated users to inject arbitrary JavaScript...
Cross-Site Scripting (XSS)
librenms/librenms is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of the "billname" parameter, allowing authenticated users to inject arbitrary JavaScript when creating a new bill...
Arbitrary File Read
moodle/moodle is vulnerable to Arbitrary file read. The vulnerability is due to insufficient sanitizing in the TeX notation filter, which allows file reading on sites where pdfTeX is available, such as those with TeX Live installed...
Command Injection
github.com/grafana/grafana is vulnerable to command injection and local file inclusion. The vulnerability is due to insufficient sanitization of duckdb queries containing user input, allowing attackers to exploit this flaw by injecting malicious input...
Denial Of Service (DoS)
libexpat.so is vulnerable to Denial Of Service DoS. The vulnerability is due to the improper implementation of the XMLResumeParser function, allowing XMLStopParser to stop or suspend an unstarted parser...
Cross-site Request Forgery (CSRF)
wallabag is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to insufficient request validation, allowing attackers to arbitrarily delete user accounts via the /account/delete endpoint...
Directory Traversal
gogs.io/gogs is vulnerable to Directory Traversal. The vulnerability is due to improper input validation in the editFilePost function of internal/route/repo/editor.go, allowing attackers to access unintended directories...
XML External Entity (XXE) Injection
HAPI FHIR is vulnerable to XML External Entity XXE Injection. The vulnerability is due to insecure XML parsing by HAPI FHIR, specifically within the XSLT parsing components, which improperly handle external entity references in XML files. It allows attackers to inject malicious XML content, such ...
Cross-Site Scripting (XSS)
librenms/librenms is vulnerable to stored cross-site scripting XSS. The vulnerability is due to improper input sanitization when adding notes to a device, allowing JavaScript code in the notes to be triggered when the ExamplePlugin is enabled...
Cross-Site Scripting (XSS)
librenms/librenms is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of the "token" parameter, which allows authenticated users to inject arbitrary JavaScript when creating a new API token...
Cross-Site Scripting (XSS)
librenms/librenms is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of the "unit" parameter in the "Custom OID" tab, allowing authenticated users to inject arbitrary JavaScript when creating a new OID...
Cross-Site Scripting (XSS)
librenms/librenms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of user input in the "overwriteip" parameter, allowing untrusted data JavaScript code to be stored and executed in the application without proper validation or escaping...
Improper Authorization
Moodle is vulnerable to Improper Authorization. The vulnerability is due to insufficient access control, allowing users to view the schedule of a report even if they lack permission to edit that report...
Sensitive Data Exposure
apacheairflow is vulnerable to Sensitive Data Exposure. The vulnerability is due to sensitive variable values being logged unencrypted in audit logs when set via the CLI, which allows an attacker with audit log access to view those sensitive values...
Sensitive Information Exposure
Moodle is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper error handling, allowing users with the "send message" capability to view the names of other users they should not have access to via an error message in the Messaging system...
Sensitive Information Exposure
filament/actions is vulnerable to Sensitive Information Exposure. The vulnerability is due to insecure default configuration, specifically setting the public disk as the default storage disk, which allows sensitive files, such as exports, to be stored in a location that is publicly accessible,...
Insufficient Access Control
Moodle is vulnerable to Insufficient Access Control. The vulnerability is due to inadequate permission enforcement, allowing users to delete audiences from reports they are not authorized to modify...
XML External Entity (XXE)
phpoffice/phpexcel is vulnerable to an XXE XML External Entity. The vulnerability is due to improper parsing of XML data, which allows attackers to inject external entities and potentially access sensitive files or execute malicious code...
Improper Authorization
Moodle is vulnerable to Improper Authorization. The vulnerability is due to inadequate permission checks, allowing users to edit or delete RSS feeds they are not authorized to modify...
Authentication Bypass
Apache ZooKeeper is vulnerable to Authentication Bypass. The vulnerability is due to weak client IP address validation in IPAuthenticationProvider, where the Admin Server trusts the X-Forwarded-For HTTP header by default, allowing attackers to spoof their IP address and bypass IP-based...
Denial Of Service (DoS)
litestar is vulnerable to Denial of Service DoS. The vulnerability is due to the multipart form parser, which expects the entire request body as a single byte string without a default size limit, allowing attackers to cause excessive memory consumption by uploading arbitrarily large files...
Directory Traversal
statamic/cms is vulnerable to Directory Traversal. The vulnerability is due to improperly handled filenames in asset uploads, which could allow files to be placed in unintended locations on the server, potentially overriding existing files...
Cross-Site Scripting (XSS)
librenms/librenms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input validation and sanitization of the "name" parameter, allowing malicious JavaScript to be stored and executed in other users' sessions...