38286 matches found
Session Hijacking
Chainlit is vulnerable to Session Hijacking. The vulnerability is due to missing ownership verification during WebSocket session restoration, where a valid sessionId can be used to restore another user's authenticated session, allowing attackers to gain unauthorized access with the victim's...
Server-Side Request Forgery
jackson-databind is vulnerable to server-side request forgery SSRF. The vulnerability is due to eager DNS resolution during InetSocketAddress deserialization, where untrusted hostnames are resolved before application-level validation, allowing attackers to trigger arbitrary DNS requests by...
Open Redirect
Nuxt is vulnerable to Open Redirect. The vulnerability is due to improper validation of protocol-relative URLs in the reloadNuxtApp function, where paths such as //evil.com bypass URL validation and resolve to attacker-controlled domains, allowing attackers to redirect users to malicious websites...
Cross Site Scripting
Nuxt is vulnerable to cross-site scripting XSS. The vulnerability is due to improper validation of script-capable URLs in the navigateTo open option, where javascript: URLs supplied through user-controlled input are not blocked, allowing attackers to execute arbitrary scripts in the application's...
Cache Bypass
Undici is vulnerable to Cache Bypass. The vulnerability is due to Undici's cache interceptor incorrectly classifying some responses as cacheable, where the upstream Cache-Control header uses whitespace-padded qualified private or no-cache field names, and attackers can exploit this by serving a...
Improper Authorization
Apache DolphinScheduler is vulnerable to Improper Authorization. The vulnerability is due to incorrect authorization checks when accessing workflow instance information, where users can retrieve workflow details from projects they are not authorized to access...
Improper Authorization
Apache DolphinScheduler is vulnerable to Improper Authorization. The vulnerability is due to a missing authorization check in the DataSource API, where requests are not properly validated before returning data source metadata, allowing unauthorized users to disclose sensitive data source...
Improper Authorization
Apache DolphinScheduler is vulnerable to Improper Authorization. The vulnerability is due to incorrect authorization checks when deleting task definitions, where users with valid system login privileges can delete task definitions in projects they are not authorized to manage...
Improper Authorization
Apache DolphinScheduler is vulnerable to Improper Authorization. The vulnerability is due to incorrect authorization checks in the experimental /v2 interface, where insufficient access control allows attackers to perform unauthorized actions or access protected resources...
Open Redirect
Nuxt is vulnerable to open redirect. The vulnerability is due to improper validation of path-normalized URLs in navigateTo, where specially crafted paths can bypass external-host checks after normalization, allowing attackers to redirect users to malicious websites and facilitate phishing attacks...
Out Of Band Data Exfiltration
Claude Code is vulnerable to Out-of-Band Data Exfiltration. The vulnerability is due to the pre-approval of the hostname huggingface.co as a bare hostname for the WebFetch tool, where any path on that domain—including attacker-controlled model repositories—was auto-approved without a permission...
Cross Site Scripting
Nuxt is vulnerable to cross-site scripting XSS. The vulnerability is due to improper input sanitization in the NoScript component, where untrusted slot content is written to innerHTML without escaping, allowing attackers to inject malicious scripts through user-controlled data that execute in the...
Uncontrolled Resource Consumption
pypdf is vulnerable to Uncontrolled Resource Consumption. The vulnerability is due to inefficient processing of PDF streams using the /FlateDecode filter with a PNG predictor, where specially crafted PDF content can trigger excessive computation during stream decoding, allowing attackers to cause...
Improper Access Control
LangGraph Python SDK is vulnerable to Improper Access Control. The vulnerability is due to unsafe URL path construction using unsanitized user-supplied identifiers, where special characters in identifier values can alter the intended request path and target unintended resources, allowing attacker...
Resource Exhaustion
joserfc is vulnerable to Resource Exhaustion. The vulnerability is due to missing payload size validation for RFC7797 b64=false JWS payloads, where oversized payloads bypass the configured maximum payload length check, and attackers can exploit it by submitting large JWS tokens that consume...
Authentication Bypass
LiteLLM is vulnerable to Authentication Bypass. The vulnerability is due to improper Host header parsing during route validation, where the authentication layer derives the effective route from Host-influenced request metadata and may evaluate a different route than the one processed by FastAPI,...
LDAP Injection
Apache Shiro is vulnerable to LDAP Injection. The vulnerability is due to improper neutralization of user-supplied input in the DefaultLdapRealm class, where usernames are concatenated directly into LDAP Distinguished Name DN templates without escaping RFC 2253 special characters. This allows...
Prototype Pollution
Jodit is vulnerable to Prototype Pollution. The vulnerability is due to improper validation of object path segments in Jodit.modules.Helpers.set, where dot-separated property chains are traversed and created without filtering prototype-mutating keys such as proto, constructor, or prototype. This...
Improper Request Routing
http-proxy-middleware is vulnerable to improper request routing. The vulnerability is due to unanchored substring matching in the host+path router selector logic, where configured host+path entries are matched against attacker-controlled request metadata using partial string comparisons instead o...
Information Disclosure
H2O-3 is vulnerable to Information Disclosure. The vulnerability is due to improper access control in the ImportFile API PersistNFS.importFiles, allowing remote attackers to access or enumerate file system information that should not be exposed, resulting in unauthorized disclosure of sensitive...
Information Disclosure
Keycloak is vulnerable to Information Disclosure. The vulnerability is due to insufficient enforcement of user profile permissions in the group members endpoint, allowing an administrator with delegated access to read group memberships and users to view user attributes that are explicitly...
NoSQL Injection
Spring Data MongoDB is vulnerable to NoSQL Injection. The vulnerability is due to insufficient validation of parameters bound to regular expressions in @Query-annotated repository methods, where attacker-controlled input can break out of the intended regex quoting e.g., ^\Q?0\E$ and manipulate...
Authorization Bypass
Spring Data REST is vulnerable to Authorization Bypass. The vulnerability is due to improper enforcement of write-access restrictions in the JSON Patch application/json-patch+json implementation, where intermediate path segments in multi-segment JSON Pointer expressions are not subjected to...
Replay Attack
Spring Web Services is vulnerable to Replay Attack. The vulnerability is due to Wss4jSecurityInterceptor not consistently applying Apache WSS4J ReplayCache instances during inbound WS-Security validation. As a result, replay protection for UsernameToken nonces, creation timestamps, Timestamp...
Authorization Bypass
Apache ActiveMQ is vulnerable to Authorization Bypass. The vulnerability is due to incomplete authorization checks when handling destination removal operations, allowing authenticated users with otherwise valid permissions to delete existing destinations without proper authorization validation...
Cross-Origin Resource Sharing (CORS) Misconfiguration
hono is vulnerable to Cross-Origin Resource Sharing CORS Misconfiguration. The vulnerability is due to reflecting arbitrary Origin headers while allowing credentials when no explicit origin is configured, which allows an attacker-controlled website to make authenticated cross-origin requests and...
Improper Handling Of HTTP Headers
hono is vulnerable to Improper Handling of HTTP Headers. The vulnerability is due to using Headers.set instead of Headers.append when processing repeated request headers, which allows multiple header values to be overwritten and truncated, potentially enabling attackers to bypass security control...
Improper Input Validation
hono is vulnerable to Improper Input Validation. The vulnerability is due to trusting the client-supplied Content-Length header instead of validating the actual request body size, which allows an attacker to bypass configured body size limits by declaring a smaller content length while sending a...
Improper Access Control
@astrojs/netlify is vulnerable to Improper Access Control. The vulnerability is due to overly permissive conversion of Astro image.remotePatterns into Netlify Image CDN regular expressions, which allows an attacker to bypass intended hostname and pathname restrictions and access unintended remote...
Server-Side Request Forgery (SSRF)
Astro is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to deriving the error-page fetch URL from the unvalidated Host header during runtime error handling, which allows an attacker to redirect server-side requests to arbitrary hosts and read the resulting responses...
Cross-site Scripting (XSS)
Astro is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper escaping of user-controlled attribute names in the spreadAttributes function during server-side rendering, which allows an attacker to inject arbitrary HTML attributes, event handlers, or malicious HTML content...
Information Exposure
Gitea is vulnerable to Information Exposure. The vulnerability is due to missing reqRepoReaderunit.TypeCode authorization checks on the issuetemplates, issueconfig, and issueconfig/validate API endpoints, which allows an attacker to access and retrieve repository issue template and configuration...
Improper Authorization
code.gitea.io/gitea is vulnerable to improper authorization. The vulnerability is due to the /archive/ endpoint not enforcing OAuth2 download token scope validation checkDownloadTokenScope or CheckRepoScopedToken, which allows an attacker with an OAuth2 token to download repository archives witho...
Authentication Bypass
Spring Web Services is vulnerable to Authentication Bypass. The vulnerability is due to X509AuthenticationProvider issuing a fully authenticated X509AuthenticationToken based solely on certificate-to-user mapping, without enforcing standard account status checks such as disabled, locked, expired,...
Cross-Site Scripting (XSS)
Vitest is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the otelCarrier query parameter being inserted directly into an inline module script and treated as JavaScript source rather than data, which allows an attacker to craft a malicious browser-runner URL and execute...
Path Traversal
DbGate is vulnerable to Path Traversal. The vulnerability is due to the unzipDirectory function failing to validate that extracted file paths remain within the intended output directory, which allows an attacker to upload a malicious ZIP archive containing ../ path entries and write files to...
IP Address Spoofing
Spring Cloud Gateway is vulnerable to IP Address Spoofing. The vulnerability is due to improper trust of X-Forwarded-For and Forwarded headers from untrusted proxies, allowing attackers to supply forged client IP information that may be used by downstream applications for security decisions,...
Server-Side Request Forgery (SSRF)
Spring Web Services is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of WS-Addressing ReplyTo and FaultTo headers, where destinations supplied in incoming requests are used directly by configured WebServiceMessageSender instances to initiate...
Open Redirect
Spring Authorization Server is vulnerable to Open Redirect. The vulnerability is due to insufficient validation of the requesturi parameter at the authorization endpoint, where a malicious authorization request can include an invalid requesturi and an attacker-controlled redirecturi, resulting in...
Authenticated Remote Code Execution (RCE)
DbGate is vulnerable to authenticated Remote Code Execution RCE. The vulnerability is due to improper sanitization of the functionName parameter in the /runners/load-reader endpoint, which allows an authenticated attacker to bypass the require = null mitigation using dynamic import and execute...
Denial Of Service (DoS)
markdown-it is vulnerable to Denial of Service DoS. The vulnerability is due to quadratic-time processing in the smartquotes rule when typographer: true is enabled, which allows an attacker to supply specially crafted markdown containing consecutive quotation marks and consume excessive CPU...
Denial Of Service (DoS)
Netty is vulnerable to Denial of Service DoS. The vulnerability is due to improper management of blocked streams in the HTTP/3 codec, which allows an attacker to create an unlimited number of blocked streams and exhaust memory, leading to an out-of-memory condition and service disruption...
Denial Of Service (DoS)
Netty is vulnerable to Denial of Service DoS. The vulnerability is due to exposure of QUIC stateless reset tokens through connection ID generation, which allows an on-path attacker to derive the token and send spoofed Stateless Reset packets to terminate active connections...
Improper Certificate Validation
Netty is vulnerable to Improper Certificate Validation. The vulnerability is due to improper wrapping of user-supplied X509TrustManager instances that bypasses hostname verification during TLS certificate validation, which allows an attacker to perform man-in-the-middle attacks using certificates...
Denial Of Service (DoS)
Netty is vulnerable to Denial of Service DoS. The vulnerability is due to RedisArrayAggregator pre-allocating an ArrayList based on an untrusted RESP array element count from the network, which allows an attacker to trigger excessive memory allocation and exhaust system resources by sending a...
HTTP Request Smuggling
Netty is vulnerable to HTTP Request Smuggling. The vulnerability is due to HttpObjectDecoder improperly ignoring non-CRLF control characters before the request line, which allows an attacker to create request-boundary confusion between front-end and back-end components and potentially smuggle...
Heap Buffer Overflow
Electron is vulnerable to Heap Buffer Overflow. The vulnerability is due to incorrect byte length calculations in Buffer operations, which allows an attacker to trigger out-of-bounds memory access resulting in heap buffer overflows or underflows...
Authentication Bypass
@nestjs/platform-fastify is vulnerable to Authentication Bypass. The vulnerability is due to improper route matching between Fastify and NestJS middleware registered through MiddlewareConsumer.forRoutes, which allows an attacker to bypass authentication middleware by appending a trailing slash / ...
Cross-site Scripting (XSS)
Astro is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper HTML escaping of named slot content inserted into the data-astro-template attribute when using client: directives, which allows an attacker to break out of the attribute context and inject arbitrary HTML or...
Information Disclosure
Vaadin Maven Plugin and Vaadin Gradle Plugin are vulnerable to information disclosure. The vulnerability is due to the plugins logging the complete set of environment variables when the frontend build process fails with a non-zero exit status, which allows an attacker to obtain sensitive...