Cross-site Scripting (XSS)

Lollms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to incomplete filtering in the sanitizesvg function, which fails to account for all potential XSS vectors in uploaded SVG files...

Arbitrary File Read

Gradio is vulnerable to Arbitrary File Read. The vulnerability is due to improper handling of File or UploadButton components, allowing attackers to read arbitrary files from the application server...

Deserialization Of Untrusted Data

Chainer is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to improper handling of deserialization, allowing the execution of arbitrary code...

Server-Side Request Forgery (SSRF)

Gradio is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to the lack of restrictions on URLs in the saveurltocache function, allowing access to local resources and sensitive information...

XML External Entity (XXE)

hapi fhir is vulnerable to XML External Entity XXE. The vulnerability is due to improper handling of XML input. Specifically, the system fails to properly disable or validate external entities within XML documents, allowing attackers to inject malicious XML that can lead to unauthorized data acce...

Information Leakage

symfony/http-client is vulnerable to IP/port enumeration. The vulnerability is due to improper handling of IP filtering in the NoPrivateNetworkHttpClient, which fails to block certain IPs early enough during host resolution, allowing an attacker to enumerate IP addresses and ports, potentially...

XML External Entity (XXE) Injection

org.openimaj, openimaj is vulnerable to XML External Entity XXE injection. The vulnerability is due to improper handling of external entities in XML files. Specifically, the system fails to properly validate or sanitize XML input, allowing attackers to craft malicious XML that can trigger...

Cross-Site Scripting (XSS)

studio-42/elfinder is vulnerable to persistent Cross-site Scripting XSS. The vulnerability is due to a filename restriction bypass, allowing attackers to inject malicious scripts...

Remote Code Execution (RCE)

studio-42/elfinder is vulnerable to Remote Code Execution RCE. The vulnerability is due to the lack of restrictions on uploading files with the .php8 extension, allows an attacker to upload a malicious .php8 file, which can then be executed on the server to gain unauthorized access or execute...

Privilege Escalation

github.com/rclone/rclone is vulnerable to Privilege Escalation. The vulnerability is due to insecure handling of symlinks with the --links and --metadata flags, allows unprivileged users to exploit symlinks to modify the ownership and permissions of target files when copied by a privileged proces...

Unauthorized File Manipulation

ansiblecore is vulnerable to Unauthorized File Manipulation. The vulnerability is due to the user module allowing an unprivileged user with directory traversal permissions to create or replace files on any system path and gain ownership when a privileged user executes the module against the...

Cross-Site Scripting (XSS)

Happy-dom is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation and execution of script tags, which allows arbitrary code to run in the user context of happy-dom...

Authentication Bypass

codechecker is vulnerable to Authentication Bypass. The vulnerability is due to improper URL handling in the API, where the endpoint ending with "/Authentication" fails to properly enforce access controls, allowing unauthorized superuser access to other API endpoints...

Remote Code Execution (RCE)

Langflow is vulnerable to Remote Code Execution RCE. The vulnerability is due to the lack of sandboxing, allowing an attacker to execute arbitrary code on the local machine...

Refresh Token Exposure

@workos-inc/authkit-nextjs is vulnerable to Refresh Token Exposure. The vulnerability is due to improper handling of sensitive data, where refresh tokens are logged to the console if the debug flag, which is disabled by default, is enabled. This allows an attacker with access to the logs to steal...

Code Injection

AgentScope is vulnerable to Code Injection. The vulnerability is due to the eval function in the iscallableexpression function, which executes user-provided commands, allowing potential code injection...

Information Exposure

@workos-inc/authkit-remix is vulnerable to Information Exposure. The vulnerability is due to the debug flag being enabled, which allows an attacker to view refresh tokens logged to the console...

Directory Traversal

github.com/ollama/ollama is vulnerable to Directory Traversal. The vulnerability is due to path traversal in the api/push route, allowing attackers to confirm which files exist on the server...

Sensitive Information Disclosure

github.com/ollama/ollama is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the CreateModel route reflecting "File does not exist" error messages when given a non-existent file path, allowing attackers to confirm file presence on the server...

Denial Of Service (DoS)

github.com/ollama/ollama is vulnerable to Denial-of-Service DoS. The vulnerability is due to the CreateModelHandler function improperly handling the req.Path parameter, which can be set to /dev/random to cause infinite blocking and resource exhaustion...

Improper Authentication

com.baidu.disconf:disconf-core is vulnerable to Improper Authentication. The vulnerability is due to a flaw in the Configuration Center component’s /api/config/list endpoint, which allows remote attackers to bypass authentication...

Incorrect Rekor Entry Selection

github.com/sigstore/gitsign is vulnerable to Incorrect Rekor entry selection. The vulnerability is due to gitsign not correctly handling situations where multiple Rekor entries are returned during online verification, leading it to potentially select the wrong one. It allows an attacker to...

Cross-Site Scripting (XSS)

github.com/j3ssie/osmedeus is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper filtering of file contents when generating reports. The contents of the report files HTML and Markdown are read and used to generate the report, but they are not adequately sanitized, allowi...

Cross-Site Scripting (XSS)

github.com/mudler/localai is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper input validation and inadequate sanitization of user inputs when passing parameters to the delete model API, allows malicious scripts to be stored and executed in the application...

Authentication Bypass

OctoPrint is vulnerable to an Authentication Bypass. The vulnerability is due to inadequate session handling in OctoPrint, which allows an attacker with temporary control over an authenticated session to access or delete the API key without requiring reauthentication...

Reflected Cross-Site Scripting (Reflected XSS)

OctoPrint is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to unescaped user inputs in OctoPrint’s login dialog and standalone application key confirmation dialog, allows attackers to inject malicious scripts that get reflected back to the user's browser...

Arbitrary Code Execution (ACE)

@cyclonedx/cdxgen is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to a lack of safeguards against executing code in build-related files, allowing attackers to inject and execute malicious code within these files during analysis...

Authentication Method Confusion

CodeChecker is vulnerable to Authentication Method Confusion. The vulnerability is due to insufficient account security, where the weakly generated root user account cannot be disabled, allowing attackers to exploit it through an external authentication service...

Authentication Bypass

github.com/golang-jwt/jwt is vulnerable to Authentication Bypass. The vulnerability is due to ambiguous error handling in the ParseWithClaims function, where a token that is both expired and invalid may lead users to check only for jwt.ErrTokenExpired, potentially ignoring...

Carriage Return Line Feed(CRLF) Injection

Refit is vulnerable to Carriage Return Line FeedCRLF Injection. The vulnerability is due to lack of validation for CRLF characters in HTTP header values in the Refit library. Specifically, the HttpHeaders.TryAddWithoutValidation method used by Refit does not sanitize or check for CRLF sequences,...

Cross-Site Scripting (XSS)

umbraco.cms.core is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of the argument culture in the file /Umbraco/preview/frame?id of the Dashboard component, which allows remote attackers to manipulate the argument and execute malicious scripts...

Session Fixation

Apache Kylin is vulnerable to Session Fixation. The vulnerability is due to improper handling of session identifiers, allowing an attacker to hijack a user's session...

Out-of-bounds Read

Ollama is vulnerable to Out-of-bounds Read. The vulnerability is due to the ability to upload a malformed GGUF file containing only 4 bytes with a custom magic header. By using a custom Modelfile with a FROM statement pointing to an attacker-controlled blob, the attacker can cause a segmentation...

Improper Privilege Management

Zope and AccessControl is vulnerable to Improper Privilege Management. The vulnerability is due to anonymous users being able to delete user data in AccessControl.userfolder.UserFolder, potentially preventing privileged access. Users unable to upgrade can mitigate by adding dataroles = to...

Insecure Deserialization

Apache Lucene.Net.Replicator is vulnerable to Insecure Deserialization. The vulnerability exists due to the deserialization of untrusted data without adequate validation, allowing an attacker who intercepts traffic or controls the replication node URL to send a malicious JSON response...

Password Reset Attack

yeswiki/yeswiki is vulnerable to weak cryptographic algorithm. The vulnerability is due to poor cryptographic practices, specifically the use of a weak cryptographic algorithm and a hard-coded salt for hashing the password reset key, allowing attackers to recover the reset key and gain unauthoriz...

Signature Verification Bypass

laravel/reverb is vulnerable to a verification signature bypass. The vulnerability is due to missing verification of request signatures for the Pusher-compatible API endpoints, allows unauthorized requests to bypass security checks and potentially access sensitive functionality...

Denial Of Service (DoS)

github.com/consensys/gnark is vulnerable to a Denial of Service DoS. The vulnerability is due to improper memory allocation handling during the deserialization of Groth16 verification keys, allowing attackers to trigger excessive memory allocation, leading to high memory consumption and potential...

Denial Of Service (DoS)

github.com/hashicorp/vault is vulnerable to Denial Of Service DoS. The vulnerability is due to the Raft cluster join API endpoint, which allows an attacker to send a large volume of requests, leading to excessive memory consumption...

Remote Code Execution (RCE)

github.com/plentico/plenti is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of the /postLocal endpoint, which allows an attacker to write arbitrary files to the server when a Plenti user serves their website...

Path Traversal

Safearchive is vulnerable to a Path Traversal. The vulnerability is due to the handling of archive extractions on case-insensitive filesystems e.g., NTFS, which allows attackers to write arbitrary files by using symbolic links in the archive...

Arbitrary File Overwrite

HornetQ is vulnerable to Arbitrary File Overwrite. The vulnerability is due to an issue in the createTempFile method, which allows attackers to arbitrarily overwrite files or access sensitive information...

Arbitrary File Deletion

github.com/plentico/plenti is vulnerable to Arbitrary File Deletion. The vulnerability is due to insufficient input validation and lack of proper access controls on the /postLocal endpoint, allowing an attacker to manipulate file paths and trigger arbitrary file deletion when the Plenti user serv...

Prototype Pollution

DOMPurify is vulnerable to Prototype Pollution. The vulnerability is due to insufficient sanitization, allowing attackers to manipulate the prototype of JavaScript objects, potentially leading to unexpected behavior or security issues...

Improper Access Control

ICG.AspNetCore.Utilities.CloudStorage is vulnerable to Improper Access Control. The vulnerability is due to incorrect handling of the SAS Uri duration, which may result in a URL with an incorrect expiration time. It can allow an attacker to gain unauthorized access if the duration is too long, or...

Incorrect Security Setting

net.snowflake, snowflake-jdbc is vulnerable to an Incorrect Security Setting. The vulnerability is due to data being uploaded to an encrypted stage without client-side encryption, allowing unauthorized parties to access or modify sensitive information...

Understanding Deserialization

Thinkphp is vulnerable to Understanding Deserialization. The vulnerability is due to improper validation and handling of serialized user input in the \controller\Index.php component, allowing attackers to execute arbitrary code...

Improper Access Control

github.com/hashicorp/consul is vulnerable to Improper Access Control. The vulnerability is due to the ability to bypass HTTP header-based access rules when using headers in L7 traffic intentions, allowing unauthorized access in certain cases...

Cross-site Scripting (XSS)

github.com/hashicorp/consul is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the server's failure to explicitly set a Content-Type HTTP header in the response, allowing user-provided inputs to be misinterpreted, which can lead to reflected XSS attacks...

Path Traversal

github.com/hashicorp/consul is vulnerable to Path Traversal. The vulnerability is due to the bypass of HTTP request path-based access rules when using URL paths in L7 traffic intentions, allowing unauthorized access in specific scenarios...