Lucene search
K
VeracodeRecent

38326 matches found

Veracode
Veracode
added 2024/12/27 4:41 a.m.7 views

Unauthorized Source Code Disclosure

astro is vulnerable to unauthorized source code disclosure. The vulnerability is due to the inclusion of sourcemap files in publicly accessible folders during the build process, allowing unauthenticated users to access server source code via HTTP GET requests...

7.8CVSS6.9AI score0.01465EPSS
Exploits1References8Affected Software1
Veracode
Veracode
added 2024/12/27 4:40 a.m.8 views

Stored Cross-site Scripting (XSS)

Piranha is vulnerable to stored cross-site scripting XSS. The vulnerability is due to improper sanitization of user-provided input in markdown content, allowing malicious JavaScript to be stored and executed in a user's web browser...

4.7CVSS5.8AI score0.00435EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2024/12/27 4:40 a.m.7 views

Cross-Site Scripting (XSS)

Piranha is vulnerable to a Cross-site scripting XSS. The vulnerability is due to insufficient validation of uploaded PDF files, allowing authenticated remote attackers to upload crafted files containing malicious JavaScript code that executes when a victim interacts with the file in their web...

4.7CVSS6.4AI score0.00484EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2024/12/26 9:31 a.m.9 views

XML External Entity (XXE) Injection

org.fhir, ucum is vulnerable to XML External Entity XXE Injection. The vulnerability is due to XML parsing performed by the UcumEssenceService, which allows a malicious DTD tag in the XML to inject data from the host system...

8.6CVSS6.5AI score0.00539EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2024/12/26 8:12 a.m.8 views

Incorrect Comparison

PyJWT is vulnerable to Incorrect Comparison. The vulnerability is due to improper handling of the iss claim check caused by the use of in for string comparison instead of strict equality, potentially allowing incorrect issuer values to pass validation...

7.5CVSS3.5AI score0.0081EPSS
Exploits1References5Affected Software1
Veracode
Veracode
added 2024/12/26 6:36 a.m.5 views

Denial Of Service (DoS)

github.com/mattermost/mattermost-server is vulnerable to Denial Of Service DoS. The vulnerability is due to improper validation of the type of callProps, allowing a user to send a specially crafted post that disrupts users on particular channels in the webapp and mobile versions...

6.5CVSS6.6AI score0.00592EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2024/12/26 6:35 a.m.6 views

Denial Of Service (DoS)

Mattermost is vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient file size restrictions on Slack import file uploads, allowing a user to exploit this by uploading a zip bomb...

6.5CVSS6.5AI score0.00416EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2024/12/26 5:44 a.m.8 views

Server Side Request Forgery (SSRF)

@backstage/plugin-scaffolder-node is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to improper handling of template functionality in the Backstage Scaffolder plugin, which allows Server-Side Template Injection SSTI to be exploited for Git config injection...

5.4CVSS7.4AI score0.00368EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2024/12/26 4:56 a.m.6 views

Script Injection

Debezium is vulnerable to script injection. The vulnerability is due to improper sanitization of parameters, allowing attackers to perform a script injection attack that may result in unauthorized data exposure...

5.9CVSS7.1AI score0.0038EPSS
Exploits0References5Affected Software3
Veracode
Veracode
added 2024/12/24 4:55 a.m.17 views

Privilege Escalation

Drupal Core is vulnerable to Privilege Escalation. The vulnerability is due to improper validation of user roles and permissions, which allows unauthorized users to bypass access restrictions and gain elevated privileges...

8.1CVSS7.3AI score0.004EPSS
Exploits0References4Affected Software3
Veracode
Veracode
added 2024/12/24 4:55 a.m.7 views

Cross-Site Scripting (XSS)

Drupal Core is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper neutralization of input during web page generation, allowing malicious scripts to be executed on the client-side...

5.4CVSS6.1AI score0.00321EPSS
Exploits0References4Affected Software3
Veracode
Veracode
added 2024/12/24 4:54 a.m.16 views

Deserialization Of Untrusted Data

Drupal Core is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to insecure deserialization of untrusted data, allows an attacker to inject malicious objects, which can be exploited through the gadget chain to achieve remote code execution...

9.8CVSS7.9AI score0.00904EPSS
Exploits0References4Affected Software3
Veracode
Veracode
added 2024/12/24 4:53 a.m.14 views

Deserialization Of Untrusted Data

Drupal Core is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to insecure deserialization, allowing an attacker to exploit a chain of methods to achieve remote code execution when untrusted data is deserialized...

9.8CVSS8AI score0.00956EPSS
Exploits0References3Affected Software3
Veracode
Veracode
added 2024/12/24 4:53 a.m.11 views

Deserialization Of Untrusted Data

Drupal Core is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to insecure deserialization, allowing an attacker to achieve Remote Code Execution RCE via a gadget chain...

9.8CVSS7.7AI score0.00803EPSS
Exploits0References4Affected Software3
Veracode
Veracode
added 2024/12/23 3:8 p.m.11 views

Authentication Token Leakage

github.com/cli/go-gh is vulnerable to authentication token leakage. The vulnerability is due to improper handling of authentication tokens, where auth.TokenForHost could source a token from the GITHUBTOKEN environment variable for non-GitHub hosts within a codespace...

7.5CVSS6.8AI score0.00534EPSS
Exploits0References8Affected Software1
Veracode
Veracode
added 2024/12/23 12:22 p.m.15 views

Authentication Token Leakage

github.com/cli/cli is vulnerable to authentication token leakage. The vulnerability is due to improper handling of the credential.helper configuration when cloning repositories with git submodules hosted outside of GitHub.com and ghe.com, causing authentication tokens to be exposed...

6.5CVSS6.9AI score0.00281EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2024/12/23 10:2 a.m.8 views

Brute-force Attack

github.com/mattermost/mattermost-server is vulnerable to Brute-force Attack. The vulnerability is due to improper synchronization when checking and updating failed login attempts, allowing attackers to bypass the "Max failed attempts" restriction by sending multiple login requests simultaneously...

4.8CVSS6.7AI score0.00247EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2024/12/23 9:32 a.m.16 views

Reflected Cross-Site Scripting (Reflected XSS)

Liferay Portal is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper handling of user input in the Dispatch name field, allowing remote attackers to execute arbitrary web script or HTML...

6.1CVSS6.6AI score0.00319EPSS
Exploits0References3Affected Software2
Veracode
Veracode
added 2024/12/23 5:45 a.m.20 views

Arbitrary Code Execution (ACE)

angular-expressions is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to ability to escape the sandbox through a malicious expression, allowing an attacker to execute arbitrary code on the system...

9.3CVSS7.9AI score0.02257EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2024/12/23 5:33 a.m.8 views

Arbitrary File Write

Luigi is vulnerable to Arbitrary File Write. The vulnerability is due to improper destination file path validation in the extractpackagesarchive function, which allows attackers to craft malicious archive files with paths that traverse outside the intended extraction directory...

8.6CVSS6.7AI score0.01074EPSS
Exploits0References7Affected Software1
Veracode
Veracode
added 2024/12/23 5:6 a.m.9 views

Path Traversal

pghoard is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths, which allows an attacker to traverse directories and access unauthorized files with the same privileges as the pghoard process...

6.5CVSS6.7AI score0.00406EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2024/12/20 8:45 a.m.33 views

Path Traversal

WebMvc.fn and WebFlux.fn are vulnerable to Path Traversal. The vulnerability is due to improper sanitization of user input in handling file paths, allows attackers to craft requests that bypass security restrictions and access unauthorized files on the server...

7.5CVSS7.1AI score0.54862EPSS
Exploits6References7Affected Software2
Veracode
Veracode
added 2024/12/20 8:10 a.m.17 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Apache Tomcat is vulnerable to a Time-of-check Time-of-use TOCTOU Race Condition. The vulnerability is lack of proper synchronization between the time the system checks a file's state and when it actually uses the file, allowing an attacker to manipulate the file system state during the brief...

9.8CVSS7AI score0.43663EPSS
Exploits13References16Affected Software3
Veracode
Veracode
added 2024/12/20 7:12 a.m.4 views

Denial Of Service (DoS)

org.apache.tomcat, tomcat-catalina is vulnerable to Denial Of Service DoS. The vulnerability is due to excessive resource consumption in the examples web application, which allows an attacker to cause a denial of service...

5.3CVSS6.4AI score0.01914EPSS
Exploits0References33Affected Software2
Veracode
Veracode
added 2024/12/20 6:30 a.m.11 views

Cross-Site Scripting (XSS)

Action Pack is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the contentsecuritypolicy helper, allowing carefully crafted inputs to inject new directives into the Content-Security-Policy CSP headers...

2.3CVSS6.1AI score0.00989EPSS
Exploits0References9Affected Software1
Veracode
Veracode
added 2024/12/20 6:7 a.m.9 views

Cross-Site Request Forgery (CSRF)

Avenwu Whistle is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to insufficient validation of API requests, allowing attackers to perform malicious API calls that result in arbitrary code execution on the victim's machine...

8.8CVSS7.6AI score0.0041EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2024/12/19 2:54 p.m.10 views

HTML Attribute Injection

github.com/gohugoio/hugo is vulnerable to HTML Attribute Injection. The vulnerability is due to insufficient sanitization and escaping of HTML attributes in the internal templates, allows untrusted user input, such as Markdown content, to be processed and rendered without proper handling of...

5.3CVSS6.7AI score0.00563EPSS
Exploits0References2Affected Software2
Veracode
Veracode
added 2024/12/19 2:46 p.m.11 views

Sandbox Bypass

winter/wn-cms-module is vulnerable to Sandbox Bypass. The vulnerability is due to inadequate enforcement of the sandbox in Twig, allowing users with specific permissions to modify theme customization values, templates, or model data through Twig templates...

8.4CVSS7AI score0.00397EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2024/12/19 2:43 p.m.10 views

XML External Entity (XXE)

Unstructured is vulnerable to XML External Entity XXE. The vulnerability is due to improper configuration while setting resolveentities=False for parsing XML with lxml in partitionxml, which allows external entities to be processed...

9.8CVSS6.7AI score0.00535EPSS
Exploits0References6Affected Software1
Veracode
Veracode
added 2024/12/19 10:40 a.m.6 views

Cache Poisoning

check-jsonschema is vulnerable to Cache Poisoning. The vulnerability is due to improper handling of schema caching, where the basename of a remote schema URL is used as the cache filename. This allows attackers to insert malicious schemas into the cache via schema URL conflicts, potentially causi...

7.1CVSS6.7AI score0.00142EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2024/12/19 10:29 a.m.10 views

Sensitive Information Exposure

zhmcclient is vulnerable to Sensitive Information Exposure. The vulnerability is due to the logging of password-like properties in clear text in both the zhmcclient API and HMC logs when specific functions for creating or updating configurations e.g., partitions, LPARs, image activation profiles,...

8.2CVSS7AI score0.00135EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2024/12/19 8:13 a.m.13 views

Arbitrary Code Execution (ACE)

pnpm is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to mishandling of overrides and global cache, where overrides from one workspace leak into npm metadata saved in global cache, affecting other workspaces, and installs fail to revalidate data, allows an attacker to execu...

9.8CVSS8.3AI score0.00942EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2024/12/19 7:39 a.m.10 views

Improper Authorization

apachesuperset is vulnerable to Improper Authorization. The vulnerability is due to the FABADDSECURITYAPI being enabled, allows lower-privileged users to access and use an API that should be restricted to higher-privileged users...

7.6CVSS7AI score0.00641EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2024/12/19 7:38 a.m.8 views

Information Disclosure

apachesuperset is vulnerable to Information Disclosure. The vulnerability is due to improper handling of error messages, exposing sensitive analytics metadata, which allows an attacker to gain access to this information, potentially aiding in further attacks or revealing system details...

5.3CVSS6.7AI score0.00771EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2024/12/19 7:17 a.m.10 views

Cross-Site Scripting (XSS)

trix is vulnerable to cross-site scripting XSS. The vulnerability is due to improper sanitization of pasted malicious code, allowing attackers to execute arbitrary JavaScript in the user's session...

5.1CVSS6.5AI score0.00435EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2024/12/19 6:58 a.m.15 views

Unauthorized Access

directus is vulnerable to Unauthorized Access. The vulnerability is due to improper authentication handling when WEBSOCKETSGRAPHQLAUTH or WEBSOCKETSRESTAUTH is set to "public," allowing unauthenticated users to perform CRUD operations and subscribe to changes with full admin privileges...

7.5CVSS7.4AI score0.00577EPSS
Exploits1References4Affected Software2
Veracode
Veracode
added 2024/12/19 6:54 a.m.9 views

Cross Site Scripting

@dapperduckling/keycloak-connector-server is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of URL parameters, allowing crafted malicious content to be injected and reflected into the HTML page...

8.1CVSS6.3AI score0.00501EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2024/12/18 7:42 a.m.8 views

Improper Authorization

apachesuperset is vulnerable to Improper Authorization. The vulnerability is due to improper authorization checks, where SQL DML statements are incorrectly identified as read-only queries, allowing attackers to bypass security restrictions and execute potentially malicious SQL queries...

7.1CVSS8AI score0.02562EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2024/12/18 7:15 a.m.9 views

Denial Of Service (DoS)

github.com/hashicorp/boundary is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of HTTP requests during the initialization of the Boundary controller, which allows an attacker to terminate the Boundary server prematurely...

5.9CVSS6.6AI score0.00371EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2024/12/18 7:15 a.m.9 views

Out-of-bounds Read

Ant-Media-Server is vulnerable to Out-of-bounds Read. The vulnerability is due to insufficient input sanitization in the logging mechanism, allowing user-controllable data, such as identifiers or sensitive information, to be included in log entries without proper filtering or validation. This cou...

7.5CVSS6.3AI score0.00536EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2024/12/18 7:12 a.m.13 views

Information Leakage

io.undertow, undertow-core is vulnerable to Information Leakage. The vulnerability is due to the incorrect reuse of an HTTP request header value from a previous stream for a subsequent stream on the same HTTP/2 connection, allowing an attacker to potentially leak information between requests...

6.3AI score
Exploits0References11Affected Software1
Veracode
Veracode
added 2024/12/18 7:5 a.m.14 views

NULL Pointer Dereference

github.com/moby/moby is vulnerable to a NULL Pointer Dereference. The vulnerability is due to improper handling of null pointers in the daemon/images/imagehistory.go file, which can lead to a crash or denial of service...

6.5CVSS6.5AI score0.00779EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2024/12/18 6:59 a.m.9 views

Directory Traversal

pythonlibarchive is vulnerable to Directory Traversal. The vulnerability is due to insufficient sanitization of file paths during the extraction process, which fails to properly handle or restrict the traversal of directory paths, allowing attackers to use special characters such as ../ to escape...

8.8CVSS6.7AI score0.02001EPSS
Exploits1References5Affected Software1
Veracode
Veracode
added 2024/12/18 6:45 a.m.11 views

Arbitrary File Read

github.com/siyuan-note/siyuan is vulnerable to Arbitrary File Read. The vulnerability is due to insufficient input validation of the paths parameter in the /api/export/exportResources endpoint, allowing attackers to manipulate the file paths and traverse the directory structure...

8.7CVSS6.6AI score0.00585EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2024/12/18 6:32 a.m.8 views

Cross-site Scripting (XSS)

ibexa/admin-ui is vulnerable to a Cross-Site Scripting XSS. The vulnerability is due to improper sanitization in the Content name pattern mechanism, which is used to build Content names from one or more fields. Exploitation requires Content edit permissions, allowing an attacker to inject malicio...

5.3CVSS6AI score0.00511EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2024/12/18 6:15 a.m.9 views

Cross-site Scripting (XSS)

rails-html-sanitizer is vulnerable to a Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of HTML content when specific configurations are used. If HTML5 sanitization is enabled and the application developer overrides the sanitizer's allowed tags to include the "noscript...

6.1CVSS5.9AI score0.00463EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2024/12/18 5:40 a.m.11 views

Cross Site Scripting

SimpleXLSX is vulnerable to Cross Site Scripting. The vulnerability is due to insufficient input validation and sanitization in the toHTMLEx method, allowing the execution of arbitrary JavaScript code when processing Excel XLSx files...

6.8CVSS7AI score0.00444EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2024/12/18 5:28 a.m.20 views

Cookie Poisoning

Quarkus-HTTP is vulnerable to Cookie Poisoning. The vulnerability is due to improper parsing of cookies with specific value-delimiting characters, allowing attackers to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values...

7.4CVSS6.8AI score0.00753EPSS
Exploits0References10Affected Software1
Veracode
Veracode
added 2024/12/18 4:23 a.m.8 views

Use Of A Broken Or Risky Cryptographic Algorithm

github.com/beego/beego is vulnerable to Use of a Broken or Risky Cryptographic Algorithm. The vulnerability is due to the use of MD5 as a hashing algorithm, which allows two different inputs to produce the same hash value...

7.5CVSS6.7AI score0.00335EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2024/12/18 4:1 a.m.8 views

XML External Entity

org.http4k, http4k-format-xml is vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper handling of malicious XML content in requests, which could allow attackers to access sensitive local information, perform Server-side Request Forgery SSRF, or potentially execute...

9.8CVSS7.2AI score0.01902EPSS
Exploits0References5Affected Software1
Total number of security vulnerabilities38326