Lucene search
K
VeracodeRecent

38326 matches found

Veracode
Veracode
•added 2024/12/11 5:54 a.m.•10 views

Cross-Site Scripting (XSS)

decidim-meetings is vulnerable to a cross-site scripting XSS. The vulnerability is due to the meeting embeds feature being susceptible to a malformed URL, allowing an attacker to exploit it...

7.7CVSS6.4AI score0.00243EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/12/11 12:29 a.m.•4 views

XML External Entity

simplesamlphp/xml-common is vulnerable to XML External Entity XXE. The vulnerability is due to improper handling of untrusted XML input during document parsing, which allows an attacker to exploit external entity references to access sensitive data or perform denial-of-service attacks...

8.8CVSS5.6AI score0.00985EPSS
Exploits0References5Affected Software2
Veracode
Veracode
•added 2024/12/10 10:38 a.m.•8 views

Unauthorized Data Access

moodle/moodle is vulnerable to Unauthorized Data Access. The vulnerability is due to insufficient validation checks, which allow an attacker to fetch the list of course badges for courses they are not authorized to access...

4.3CVSS6.6AI score0.00298EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/12/10 10:38 a.m.•10 views

Improper Authorization

moodle/moodle is vulnerable to Improper Authorization. The vulnerability is due to insufficient validation of permissions, allowing users to bypass restrictions and delete OAuth2-linked accounts...

7.5CVSS6.6AI score0.00353EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2024/12/10 10:36 a.m.•6 views

Password Bypass

moodle/moodle is vulnerable to Password Bypass. The vulnerability is due to loose comparison in the password-checking logic, allowing certain "magic hash" values to bypass password restrictions...

5.4CVSS6.8AI score0.00403EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2024/12/10 8:22 a.m.•6 views

Insecure Configuration Injection

flowise is vulnerable to insecure configuration injection. The vulnerability is due to insufficient protection and lack of secure default settings for the overrideConfig option, which allows developers to inject configuration into the Chainflow during execution...

7.5AI score
Exploits0
Veracode
Veracode
•added 2024/12/10 7:27 a.m.•10 views

Unrestricted Script Execution

github.com/drakkan/sftpgo is vulnerable to unrestricted script execution. The vulnerability is due to lack of proper access control over script execution, which allows administrators to execute system commands without restrictions, which can lead to unintended access to the underlying OS/containe...

5.1CVSS7.2AI score0.00598EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/12/10 7:16 a.m.•14 views

Cross-Site Scripting (XSS)

djangocmsattributesfield is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper neutralization of input during web page generation in django CMS Attributes Fields, which allows stored XSS."...

6.9CVSS6.4AI score0.00458EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2024/12/10 7:1 a.m.•9 views

Unauthorized Resource Access

github.com/rancher/steve is vulnerable to Unauthorized Resource Access. The vulnerability is due to improper authorization checks, allowing users with minimal generic permissions to access and watch restricted resources...

7.7CVSS6.7AI score0.0039EPSS
Exploits0
Veracode
Veracode
•added 2024/12/10 6:45 a.m.•13 views

Improper Input Validation

Synapse is vulnerable to Improper Input Validation. The vulnerability is due to improper validation of invites received over federation, allowing a malicious server to send crafted invites that disrupt the affected user's ability to perform /sync operations...

8.7CVSS6.5AI score0.00547EPSS
Exploits0References2Affected Software2
Veracode
Veracode
•added 2024/12/10 6:16 a.m.•7 views

Unauthorized Information Disclosure

moodle/moodle is vulnerable to Unauthorized Information Disclosure. The vulnerability is due to dynamic tables not enforcing capability checks, which allows users to retrieve information without proper permissions...

6.5CVSS6.2AI score0.00346EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/12/10 6:0 a.m.•7 views

Missing Authentication For Critical Function

Synapse is vulnerable to Missing Authentication For Critical Function. The vulnerability is due to improper access control, allowing unauthenticated remote participants to trigger downloads and caching of remote media, making it accessible from the local media repository without authentication...

5.3CVSS6.7AI score0.00419EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/12/09 7:14 p.m.•7 views

Script Injection

Tuned is vulnerable to a script injection vulnerability. The vulnerability is due to improper authentication in the instancecreate D-Bus function, which allows locally logged-in users to execute arbitrary scripts with absolute paths. Attackers can use this to escalate privileges by executing...

7.8CVSS7.7AI score0.00287EPSS
Exploits0References10Affected Software1
Veracode
Veracode
•added 2024/12/09 10:27 a.m.•11 views

Improper Authorization

github.com/cri-o/cri-o is vulnerable to Improper Authorization. The vulnerability is due to insufficient validation during container restoration, allowing a malicious user to restore a pod without proper access to host mounts by exploiting the checkpoint restore process...

7.4CVSS6.6AI score0.00773EPSS
Exploits0References10Affected Software1
Veracode
Veracode
•added 2024/12/09 9:59 a.m.•10 views

Improper Certificate Validation

Keycloak is vulnerable to Improper Certificate Validation. The vulnerability is due to improper handling of reverse proxy configurations with mTLS enabled, allowing an attacker on the local network to impersonate any user or client using mTLS for authentication...

6.5AI score0.00101EPSS
Exploits0
Veracode
Veracode
•added 2024/12/09 7:56 a.m.•7 views

Local File Inclusion (LFI)

tecnickcom/tcpdf is vulnerable to Local File Inclusion LFI. The vulnerability is due to inadequate validation of user-supplied input in the src tag, allowing a user to read arbitrary files from the server's file system and potentially expose sensitive information...

6.2CVSS6.5AI score0.00816EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2024/12/09 7:55 a.m.•12 views

Local Privilege Escalation

MLflow is vulnerable to Local Privilege Escalation. The vulnerability is due to excessive directory permissions, allowing a Time-of-Check to Time-of-Use ToCToU attack when the sparkudf MLflow API is called...

7CVSS6.6AI score0.0012EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/12/09 7:53 a.m.•8 views

Improper Handling Of Exceptional Conditions

github.com/cilium/cilium is vulnerable to Improper Handling of Exceptional Conditions. The vulnerability is due to a misconfiguration in handling Layer 3 and Layer 7 allow policies when port ranges are used, allows an attacker to bypass Layer 7 security policies by exploiting the failure to enfor...

5.8CVSS5.5AI score0.00507EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/12/09 7:48 a.m.•11 views

Path Traversal

Libre-chat is vulnerable to Path Traversal. The vulnerability is insufficient sanitization or validation of the filename input in the uploaddocuments method, allowing attackers to exploit the file path and perform a path traversal attack...

9.1CVSS6.7AI score0.00762EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/12/09 7:18 a.m.•5 views

HTTP Request Smuggling

Keycloak Server is vulnerable to HTTP Request Smuggling. The vulnerability is due to improper handling of proxy headers, allowing attackers to exploit non-IP values, leading to costly DNS resolution operations that can overload IO threads...

4.7CVSS7.1AI score0.00399EPSS
Exploits0References9Affected Software3
Veracode
Veracode
•added 2024/12/09 4:32 a.m.•7 views

Log Injection

org.apache.nifi, nifi is vulnerable to Log Injection. The vulnerability is due to the optional debug logging feature, which allows an authorized administrator to enable detailed logging of Parameter Context values during flow synchronization...

6.9CVSS6.6AI score0.00737EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/12/09 4:7 a.m.•14 views

Arbitrary Command Execution

k8s.io/kubernetes is vulnerable to Arbitrary Command Execution. The vulnerability is due to improper validation and handling of gitRepo volumes in the Kubernetes kubelet component, which allows malicious actors to execute arbitrary commands by exploiting the way these volumes are processed...

8.1CVSS7.5AI score0.03001EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2024/12/09 3:34 a.m.•8 views

Unauthorized Access

org.keycloak, keycloak-quarkus-server is vulnerable to Unauthorized Access. The vulnerability is due to improper access controls, allowing a high-privileged user to read sensitive information from a Vault file outside the expected context...

2.7CVSS3.2AI score0.00727EPSS
Exploits0References9Affected Software1
Veracode
Veracode
•added 2024/12/09 3:23 a.m.•12 views

Denial Of Service (DoS)

org.keycloak, keycloak-services is vulnerable to Denial Of Service DoS. The vulnerability is due to untrusted data passed to the SearchQueryUtils method, which allows an attacker to exploit Regex complexity and exhaust system resources...

6.5CVSS6.5AI score0.01264EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2024/12/09 3:16 a.m.•8 views

Sensitive Data Exposure

org.keycloak, keycloak-quarkus-server is vulnerable to Sensitive Data Exposure. The vulnerability is due to the capture of sensitive runtime values, such as passwords, during the build process and their embedding as default values in bytecode, which allows an attacker to access sensitive data...

5.9CVSS5.6AI score0.00937EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2024/12/06 11:45 a.m.•7 views

Allocation Of Resources Without Limits

Synapse is vulnerable to Allocation Of Resources Without Limits. The vulnerability is due to improper handling of multipart/form-data requests, which can transiently increase memory consumption, allowing attackers to amplify DoS attacks...

8.2CVSS6.6AI score0.00715EPSS
Exploits0References5Affected Software3
Veracode
Veracode
•added 2024/12/06 6:41 a.m.•7 views

Arbitrary File Upload

Synapse is vulnerable to Arbitrary File Upload. The vulnerability is due to improper handling of uncommon image formats during thumbnail generation, which could invoke external tools like Ghostscript, increasing the risk of exploitation...

9.1CVSS6.5AI score0.00625EPSS
Exploits0References2Affected Software3
Veracode
Veracode
•added 2024/12/06 6:18 a.m.•5 views

Incorrect Default Permissions

Kolide Agent is vulnerable to Incorrect Default Permissions. The vulnerability is due to improper permissions set on the ProgramData directory for upgraded binaries and the omission of the SystemDrive environmental variable, allowing a malicious actor to place and execute arbitrary DLLs within th...

7.3CVSS7.3AI score0.00177EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/12/06 6:7 a.m.•6 views

Insufficient Verification Of Data Authenticity

quic-go is vulnerable to Insufficient Verification of Data Authenticity. The vulnerability is due to improper handling of ICMP "Packet Too Large" messages, allowing an off-path attacker to inject such packets and disrupt QUIC connections by setting the MTU to a value below the minimum threshold o...

6.5CVSS6.3AI score0.00608EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2024/12/05 10:21 a.m.•16 views

Cache Poisoning

moodle/moodle is vulnerable to Cache Poisoning. The vulnerability is due to improper validation mechanisms in local storage, allowing attackers to manipulate cached data maliciously...

7.7CVSS6.4AI score0.0016EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2024/12/05 10:14 a.m.•9 views

SQL Injection

moodle/moodle is vulnerable to SQL injection. The vulnerability is due to insufficient input validation or sanitization in the XMLDB editor tool, which allows attackers to inject and execute unauthorized SQL commands...

7.2CVSS8.1AI score0.00646EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/12/05 10:10 a.m.•9 views

Denial Of Service (DoS)

io.undertow, undertow-core is vulnerable to Denial of Service DoS. The vulnerability is due to an OutOfMemory error caused by a malicious user sending crafted requests through the FormAuthenticationMechanism, allowing an attacker to trigger the error...

7.5CVSS6.9AI score0.01292EPSS
Exploits0References10Affected Software1
Veracode
Veracode
•added 2024/12/04 7:6 p.m.•13 views

SQL Injection

decidimawesome-module is vulnerable to SQL Injection. The vulnerability is due to improper neutralization of special elements in SQL commands within the papertrail/version model, allowing an authenticated admin user to manipulate SQL queries to disclose information, read/write files, or execute...

9CVSS7.3AI score0.0066EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/12/04 6:37 p.m.•6 views

Directory Traversal

matrix-js-sdk is vulnerable to Directory Traversal. The vulnerability is due to insufficient validation of crafted MXC URIs, allowing a malicious room member to trigger arbitrary authenticated GET requests to the client's homeserver...

5.3CVSS6.1AI score0.00842EPSS
Exploits0References6Affected Software2
Veracode
Veracode
•added 2024/12/04 6:24 p.m.•9 views

Denial Of Service (DoS)

pywasm3 is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling in the Readutf8 function...

8.4CVSS6.6AI score0.00266EPSS
Exploits1References5Affected Software1
Veracode
Veracode
•added 2024/12/04 5:42 p.m.•8 views

Improper Privilege Management

Moodle is vulnerable to Improper Privilege Management. The vulnerability is due to insufficient capability checks, allowing users with access to restore glossaries in courses to restore them into the global site glossary without proper permissions...

5.3CVSS6.5AI score0.00336EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/12/04 1:36 p.m.•6 views

Cross-site Scripting (XSS)

Moodle is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization of data during the restore process, allowing malicious backup files to introduce XSS risks...

6.1CVSS5.5AI score0.00338EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2024/12/04 11:50 a.m.•14 views

Arbitrary File Read

craftcms/cms is vulnerable to arbitrary file read. The vulnerability is due to the exploitation of the dataUrl function, which allows attackers with write permissions on system notification templates to embed and exfiltrate Base64-encoded file content via triggered email notifications...

7.7CVSS6.8AI score0.00657EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2024/12/04 11:44 a.m.•18 views

Local File System Validation Bypass

craftcms/cms is vulnerable to local file system validation bypass. The vulnerability is due to improper validation of file paths, allowing attackers to exploit a double file:// scheme to bypass restrictions and access or overwrite sensitive files...

8.4CVSS6.5AI score0.01138EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2024/12/04 11:40 a.m.•8 views

Unauthorized Data Access

moodle/moodle is vulnerable to Unauthorized Data Access. The vulnerability is due to insufficient access control checks, allowing users with permission to view badge recipients to access unintended lists...

4.3CVSS6.5AI score0.00341EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2024/12/04 8:28 a.m.•9 views

Open Redirection

Moodle is vulnerable to Open Redirection. The vulnerability is due to the cURL wrapper in Moodle retaining original request headers during emulated redirects, potentially causing HTTP authorization header information to be unintentionally sent to redirect URLs...

5.3CVSS6.3AI score0.00323EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2024/12/04 8:5 a.m.•4 views

Arbitrary Code Execution

Ansible-Core is vulnerable to Arbitrary Code Execution. The vulnerability is due to attackers bypassing unsafe content protections by using the hostvars object to reference and execute templated content, potentially leading to code execution if remote data or module outputs are improperly templat...

5.5CVSS5.9AI score0.00502EPSS
Exploits0References11Affected Software1
Veracode
Veracode
•added 2024/12/04 7:16 a.m.•10 views

Sensitive Information Exposure

Moodle is vulnerable to Sensitive Information Disclosure. The vulnerability is due to hidden user profile fields being visible in gradebook reports, allowing users without the "view hidden user fields" capability to access restricted information...

5.3CVSS6.5AI score0.00323EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2024/12/04 6:32 a.m.•14 views

Local File Inclusion (LFI)

moodle/moodle is vulnerable to Local File Inclusion LFI. The vulnerability is due to inadequate input validation when restoring block backups, which allows an attacker to manipulate the process and potentially include local files, which can lead to exploitation of the system...

7.5CVSS6.4AI score0.00638EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/12/04 5:48 a.m.•7 views

Insufficient Access Control

Moodle is vulnerable to Insufficient Access Control. The vulnerability is due to improper validation in the external API for the Quiz module, allowing unauthorized users to override access controls...

5.3CVSS6.6AI score0.00318EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/12/04 5:40 a.m.•12 views

Improper Message Recipient Validation

moodle/moodle is vulnerable to Improper Message Recipient Validation. The vulnerability is due to insufficient input validation. Specifically, the system does not properly verify that the message recipients belong to the set of users returned by the non-respondents report, allowing messages to be...

7.5CVSS6.6AI score0.00519EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/12/04 5:12 a.m.•25 views

Remote Code Execution (RCE)

moodle/moodle is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient input validation and sanitization in the calculated question types, which allows an attacker to inject malicious code that could be executed remotely, especially when the user has the capability to...

8.1CVSS7.2AI score0.83343EPSS
Exploits8References5Affected Software1
Veracode
Veracode
•added 2024/12/04 4:18 a.m.•9 views

Cross-Site Scripting (XSS)

librenms/librenms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization of the "name" parameter on the "Port Settings" page, allowing an attacker to inject arbitrary JavaScript, which executes when the page is accessed, potentially compromising user...

5.4CVSS6.2AI score0.00381EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2024/12/04 3:50 a.m.•8 views

Arbitrary Code Execution

librenms/librenms is vulnerable to Arbitrary Code Execution. The vulnerability is due to a lack of proper input validation and sanitization on directory names and configuration parameters entered through the web portal. It allows an attacker to inject arbitrary commands into shellexec calls...

7.2AI score0.06933EPSS
Exploits4
Veracode
Veracode
•added 2024/12/03 10:26 a.m.•8 views

XML External Entity (XXE) Injection

org.powertac:server-interface is vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper input validation in the DocumentBuilderFactory component, allowing attackers to access sensitive information or execute arbitrary code via crafted XML entities...

9.8CVSS7.3AI score0.01014EPSS
Exploits0References4Affected Software1
Total number of security vulnerabilities38326