38119 matches found
Cross-Site Scripting (XSS)
librenms/librenms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation of the "hostname" parameter on the "Capture Debug Information" page, allowing authenticated users to inject arbitrary JavaScript...
Reflected Cross-site Scripting (XSS)
librenms/librenms is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization in the "reportthis" function, allowing attackers to inject and execute arbitrary JavaScript code via the "section" parameter of the "logs" tab...
Cross-site Scripting (XSS)
redaxo/source is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of data in the mediapool feature, allowing a remote attacker to escalate privileges...
SQL Injection
github.com/devtron-labs/devtron is vulnerable to SQL Injection. The vulnerability is due to insufficient sanitization of user inputs in the CreateUser API /orchestrator/user, allowing authenticated users with minimal permissions to execute malicious SQL queries...
Cross-site Scripting (XSS)
lxmlhtmlclean is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of context-switching for special HTML tags such as , , and by the HTML parser in versions prior to 0.4.0, allowing malicious scripts to bypass the cleaning process...
Out-of-bounds Read
libsndfile.so is vulnerable to Out-of-bounds Read. The vulnerability is due to improper handling of the vorbisanalysiswrote function in the oggvorbis.c file, which fails to validate input data, allowing an attacker to craft a malicious Vorbis file that triggers the out-of-bounds read when process...
Improper Privilege Management
Apache Kafka Clients is vulnerable to Improper Privilege Management. The vulnerability is due to ConfigProvider plugins, including FileConfigProvider, DirectoryConfigProvider, and EnvVarConfigProvider, allowing untrusted users to read arbitrary files or environment variables, potentially leading ...
Reachable Assertion
libsndfile.so is vulnerable to Reachable Assertion. The vulnerability is due to improper handling of certain inputs or conditions in the mpegl3encoderclose function, which allows an attacker to craft specific inputs that trigger the assertion failure, potentially causing the application to crash...
Path Traversal
net.sf.mpxj, mpxj is vulnerable to Path Traversal. The vulnerability is due to an incomplete patch for CVE-2020-35460, which still allows the construction of malicious paths to write files to arbitrary locations...
Remote Code Execution (RCE)
7-Zip is vulnerable to remote code execution RCE. The vulnerability is due to improper validation of user-supplied data in the Zstandard decompression implementation, causing an integer underflow that allows attackers to execute arbitrary code in the context of the current process...
Cross-Site Scripting
Deluge Web-UI is vulnerable to a Cross-Site Scripting. The vulnerability is due to improper sanitization of data from torrent files, where crafted torrent metadata is rendered directly as HTML, allowing attackers to execute arbitrary JavaScript in the user’s browser when a malicious torrent file ...
HTML Injection
org.hibernate.validator, hibernate-validator is vulnerable to HTML Injection. The vulnerability is due to improper validation in the 'isValid' method of the SafeHtmlValidator class, where the tag ending can be omitted by using a less-than character, allowing invalid HTML to be rendered...
Cross-Site Scripting (XSS)
unopim/unopim is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input validation in the Create User function, allowing attackers to exploit an SVG document to steal cookies...
Unauthorized Method Execution
twig/twig is vulnerable to unauthorized method execution. The vulnerability is due to improper enforcement of security policies in Twig's sandbox environment, which allows the toString method to be called on objects when they are part of arrays or argument lists, even if the method is disallowed ...
Improper Attribute Access
twig/twig is vulnerable to improper attribute access. The vulnerability is due to insufficient security checks via the property policy and the isset method on Array-like objects, allowing attackers to bypass the sandbox's security policy and access restricted attributes...
Improper Authentication
Cobbler is vulnerable to Improper Authentication. The vulnerability is due to the utils.getsharedsecret function always returning -1, allowing unauthorized users with network access to authenticate as a user with full control of the server...
Sensitive Information Exposure
org.graylog:graylog-parent is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper handling of concurrent report rendering requests, where a shared headless browser instance may return the report of one user to another, potentially exposing sensitive data...
Memory Leakage
aiohttp is vulnerable to Memory Leakage. The vulnerability is due to improper handling of MatchInfoError, where each error creates a unique cache entry, allowing an attacker to exhaust server memory with numerous requests...
HTTP Request Smuggling
aiohttp is vulnerable to HTTP Request Smuggling. The vulnerability is due to incorrect parsing of newlines in chunk extensions via the feeddata function by which an attacker can bypass firewall or proxy protections by sending specially crafted requests...
Cross Site Scripting
org.apache.tomcat, tomcat-jasper is vulnerable to Cross Site Scripting. The vulnerability is due to improper management of the object lifecycle, where objects are not properly reset or disposed of after use...
Incorrect Object Recycling And Re-use
Apache Tomcat is vulnerable to Incorrect object recycling and re-use. The vulnerability is due to flawed object recycling logic in Apache Tomcat's HTTP/2 implementation. Specifically, the request and response objects are not properly cleared or segregated before being reused, allowing data from o...
Authentication Bypass
org.apache.tomcat, tomcat-catalina is vulnerable to Authentication Bypass. The vulnerability exists due to improper exception handling in custom Jakarta Authentication ServerAuthContext components, allowing attackers to bypass authentication and gain unauthorized access...
Denial Of Service (DoS)
org.springframework, spring-webmvc is vulnerable to Denial of Service DoS. The vulnerability is caused by inefficient handling of large request bodies in controller methods with an @RequestBody byte parameter, which allows an attacker to lead to resource exhaustion...
Denial Of Service (DoS)
github.com/cometbft/cometbft is vulnerable to Denial Of Service DoS. The vulnerability is due to improper validation of the ValidatorIndex field in Vote messages, where the usual verification is bypassed for Precommit Vote messages with a non-nil BlockID, allowing invalid messages to go unvalidat...
Cache Poisoning
libcurl.so is vulnerable to Cache Poisoning. The vulnerability is due to improper handling of HSTS cache entries in curl, where a subdomain’s HSTS expiry time can overwrite the parent domain's cache entry, causing incorrect HTTPS timeout handling. It allows an attacker to trigger insecure HTTP...
Case Insensitive Input Validation
org.springframework, spring-context is vulnerable to Case Insensitive Input Validation. The vulnerability is due to improper handling of case insensitivity in String.toLowerCase, where the fix for making disallowedFields patterns case insensitive inadvertently introduced a risk. This behavior...
Out-of-bounds Access
libarchive.so is vulnerable to Out-of-bounds Access. The vulnerability is due to insufficient bounds checking in the executefilteraudio function within archivereadsupportformatrar.c, which allows the src pointer to move beyond the dst pointer when processing crafted archive files...
Buffer Underrun
libmbedtls.so is vulnerable to Buffer Underrun. The vulnerability is due to improper memory handling in pkwrite when writing an opaque key pair, allows an attacker to potentially execute arbitrary code or cause a denial of service...
Improper Authorization
symfony/security-bundle is vulnerable to Improper Authorization. The vulnerability is due to the Security::login method not calling the configured userchecker, preventing proper user validation and allowing unauthorized logins...
Local File Inclusion (LFI)
symfony/runtime is vulnerable to Local File Inclusion LFI. The vulnerability is due to improper handling of the argv values in non-SAPI PHP runtimes, where the registerargvargc directive is set to on, allowing attackers to craft query strings that modify the environment or debug settings used by...
Access Token Leakage
Duende.AccessTokenManagement.OpenIdConnect is vulnerable to access token leakage. The vulnerability is due to improper token isolation within the HTTP client pool, where a refreshed access token is not properly isolated and may be captured by pooled HttpClient instances, allowing an attacker to...
Improper URI Parsing
symfony/http-foundation is vulnerable to Improper URI Parsing. The vulnerability is due to improper parsing of URIs with special characters by the Request class, which does not align with browser behavior, allowing attackers to exploit validators and redirect users to malicious domains...
Denial Of Service (DoS)
com.thoughtworks.xstream, xstream is vulnerable to a Denial of service DoS. The vulnerability is due to a stack overflow that allows an attacker to manipulate the processed input stream when XStream is configured to use the BinaryStreamDriver...
Incorrect Authorization
github.com/hashicorp/nomad is vulnerable to Incorrect Authorization . The vulnerability is due to insufficient validation of CSI volume writes, which allows unauthorized access to create volumes across namespaces...
Improper File URI Scheme Validation
changedetection.io is vulnerable to improper file URI scheme validation. The vulnerability is due to a logic flaw in the issafeurl function, which improperly allows the file: scheme and insufficiently restricts access to local file paths when ALLOWFILEURI is set to false or undefined...
Input Validation Bypass
symfony is vulnerable to input Validation Bypass. The vulnerability is caused by improper handling of the $ metacharacter in regular expressions, allowing an attacker to bypass validation with inputs ending in \n...
Command Hijacking
symfony is vulnerable to Command Hijacking. The vulnerability is due to insecure handling of executable files in the current working directory by the Process class, allowing an attacker to execute arbitrary code by placing a malicious cmd.exe file in the directory...
Cross-site Scripting (XSS)
django-cms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper neutralization of input during web page generation, allowing malicious scripts to be injected and executed...
Out-of-bounds Read And Write
libheif.so is vulnerable to Out-of-bounds Read and Write. The vulnerability is due to insufficient validation of image overlay offsets in the ImageOverlay::parse function, allows the decoding process to access memory outside the allocated bounds, leading to out-of-bounds read and write operations...
Cross-site Scripting (XSS)
firebase is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper handling of the "FIREBASEDEFAULTS" cookie, which allows attackers to manipulate the "authTokenSyncURL" field and redirect user session data to a malicious server...
HTTP Request Smuggling
io.undertow:undertow-core is vulnerable to HTTP Request Smuggling. The vulnerability is due to incorrect parsing of cookies with specific value-delimiting characters, enabling attackers to exfiltrate HttpOnly cookies or spoof additional cookie values...
Race Condition
OpenStack is vulnerable to Race Condition. The vulnerability is due to inadequate validation when deleting non-existent access rules, leading to the removal of unrelated existing access rules that lack application credential associations...
Remote Code Execution (RCE)
LibVNCserver.so is vulnerable to Remote Code Execution RCE. The vulnerability is due to a heap out-of-bounds write in libvncserver/rfbserver.c, allowing a remote attacker to execute arbitrary code on the system...
Timing Attack
mudler/LocalAI is vulnerable to Timing Attack. The vulnerability is due to a side-channel attack that exploits variations in response time during cryptographic operations, potentially exposing valid login credentials...
Man-in-the-middle(MitM) Attack
libnbd is vulnerable to a Man-in-the-middleMitM Attack. The vulnerability is due to the client failing to consistently verify the NBD server's certificate when using TLS to connect, which allows an attacker to intercept and manipulate the NBD traffic...
Insecure File Upload
agnai is vulnerable to an Insecure File Upload. The vulnerability is due to insufficient validation of user-uploaded files, allows attackers to choose the location where the files are stored on the server. potentially leading to overwriting existing files or uploading files to unintended...
Arbitrary File Upload
agnai is vulnerable to Arbitrary File Upload. The vulnerability is due to insufficient validation of uploaded files, allowing attackers to place files in attacker-controlled locations on the server, including executable JavaScript files...
Denial Of Service (DoS)
Werkzeug is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of specifically crafted multipart/form-data requests by werkzeug.formparser.MultiPartParser, allowing resource exhaustion and excessive memory allocation...
Privilege Escalation
Rancher Manager is vulnerable to Privilege Escalation. The vulnerability is due to weak Access Control Lists ACL in Rancher Manager deployments containing Windows nodes, allow overly permissive access to sensitive files by BUILTIN\Users or NT AUTHORITY\Authenticated Users...
Improper Input Validation
mudler/LocalAI is vulnerable to Improper Input Validation. The vulnerability is due to improper handling of automatic archive extraction, allowing a 'tarslip' attack to bypass file location restrictions and write files to arbitrary locations on the server...