38326 matches found
Cross-Site Scripting (XSS)
decidim-meetings is vulnerable to a cross-site scripting XSS. The vulnerability is due to the meeting embeds feature being susceptible to a malformed URL, allowing an attacker to exploit it...
XML External Entity
simplesamlphp/xml-common is vulnerable to XML External Entity XXE. The vulnerability is due to improper handling of untrusted XML input during document parsing, which allows an attacker to exploit external entity references to access sensitive data or perform denial-of-service attacks...
Unauthorized Data Access
moodle/moodle is vulnerable to Unauthorized Data Access. The vulnerability is due to insufficient validation checks, which allow an attacker to fetch the list of course badges for courses they are not authorized to access...
Improper Authorization
moodle/moodle is vulnerable to Improper Authorization. The vulnerability is due to insufficient validation of permissions, allowing users to bypass restrictions and delete OAuth2-linked accounts...
Password Bypass
moodle/moodle is vulnerable to Password Bypass. The vulnerability is due to loose comparison in the password-checking logic, allowing certain "magic hash" values to bypass password restrictions...
Insecure Configuration Injection
flowise is vulnerable to insecure configuration injection. The vulnerability is due to insufficient protection and lack of secure default settings for the overrideConfig option, which allows developers to inject configuration into the Chainflow during execution...
Unrestricted Script Execution
github.com/drakkan/sftpgo is vulnerable to unrestricted script execution. The vulnerability is due to lack of proper access control over script execution, which allows administrators to execute system commands without restrictions, which can lead to unintended access to the underlying OS/containe...
Cross-Site Scripting (XSS)
djangocmsattributesfield is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper neutralization of input during web page generation in django CMS Attributes Fields, which allows stored XSS."...
Unauthorized Resource Access
github.com/rancher/steve is vulnerable to Unauthorized Resource Access. The vulnerability is due to improper authorization checks, allowing users with minimal generic permissions to access and watch restricted resources...
Improper Input Validation
Synapse is vulnerable to Improper Input Validation. The vulnerability is due to improper validation of invites received over federation, allowing a malicious server to send crafted invites that disrupt the affected user's ability to perform /sync operations...
Unauthorized Information Disclosure
moodle/moodle is vulnerable to Unauthorized Information Disclosure. The vulnerability is due to dynamic tables not enforcing capability checks, which allows users to retrieve information without proper permissions...
Missing Authentication For Critical Function
Synapse is vulnerable to Missing Authentication For Critical Function. The vulnerability is due to improper access control, allowing unauthenticated remote participants to trigger downloads and caching of remote media, making it accessible from the local media repository without authentication...
Script Injection
Tuned is vulnerable to a script injection vulnerability. The vulnerability is due to improper authentication in the instancecreate D-Bus function, which allows locally logged-in users to execute arbitrary scripts with absolute paths. Attackers can use this to escalate privileges by executing...
Improper Authorization
github.com/cri-o/cri-o is vulnerable to Improper Authorization. The vulnerability is due to insufficient validation during container restoration, allowing a malicious user to restore a pod without proper access to host mounts by exploiting the checkpoint restore process...
Improper Certificate Validation
Keycloak is vulnerable to Improper Certificate Validation. The vulnerability is due to improper handling of reverse proxy configurations with mTLS enabled, allowing an attacker on the local network to impersonate any user or client using mTLS for authentication...
Local File Inclusion (LFI)
tecnickcom/tcpdf is vulnerable to Local File Inclusion LFI. The vulnerability is due to inadequate validation of user-supplied input in the src tag, allowing a user to read arbitrary files from the server's file system and potentially expose sensitive information...
Local Privilege Escalation
MLflow is vulnerable to Local Privilege Escalation. The vulnerability is due to excessive directory permissions, allowing a Time-of-Check to Time-of-Use ToCToU attack when the sparkudf MLflow API is called...
Improper Handling Of Exceptional Conditions
github.com/cilium/cilium is vulnerable to Improper Handling of Exceptional Conditions. The vulnerability is due to a misconfiguration in handling Layer 3 and Layer 7 allow policies when port ranges are used, allows an attacker to bypass Layer 7 security policies by exploiting the failure to enfor...
Path Traversal
Libre-chat is vulnerable to Path Traversal. The vulnerability is insufficient sanitization or validation of the filename input in the uploaddocuments method, allowing attackers to exploit the file path and perform a path traversal attack...
HTTP Request Smuggling
Keycloak Server is vulnerable to HTTP Request Smuggling. The vulnerability is due to improper handling of proxy headers, allowing attackers to exploit non-IP values, leading to costly DNS resolution operations that can overload IO threads...
Log Injection
org.apache.nifi, nifi is vulnerable to Log Injection. The vulnerability is due to the optional debug logging feature, which allows an authorized administrator to enable detailed logging of Parameter Context values during flow synchronization...
Arbitrary Command Execution
k8s.io/kubernetes is vulnerable to Arbitrary Command Execution. The vulnerability is due to improper validation and handling of gitRepo volumes in the Kubernetes kubelet component, which allows malicious actors to execute arbitrary commands by exploiting the way these volumes are processed...
Unauthorized Access
org.keycloak, keycloak-quarkus-server is vulnerable to Unauthorized Access. The vulnerability is due to improper access controls, allowing a high-privileged user to read sensitive information from a Vault file outside the expected context...
Denial Of Service (DoS)
org.keycloak, keycloak-services is vulnerable to Denial Of Service DoS. The vulnerability is due to untrusted data passed to the SearchQueryUtils method, which allows an attacker to exploit Regex complexity and exhaust system resources...
Sensitive Data Exposure
org.keycloak, keycloak-quarkus-server is vulnerable to Sensitive Data Exposure. The vulnerability is due to the capture of sensitive runtime values, such as passwords, during the build process and their embedding as default values in bytecode, which allows an attacker to access sensitive data...
Allocation Of Resources Without Limits
Synapse is vulnerable to Allocation Of Resources Without Limits. The vulnerability is due to improper handling of multipart/form-data requests, which can transiently increase memory consumption, allowing attackers to amplify DoS attacks...
Arbitrary File Upload
Synapse is vulnerable to Arbitrary File Upload. The vulnerability is due to improper handling of uncommon image formats during thumbnail generation, which could invoke external tools like Ghostscript, increasing the risk of exploitation...
Incorrect Default Permissions
Kolide Agent is vulnerable to Incorrect Default Permissions. The vulnerability is due to improper permissions set on the ProgramData directory for upgraded binaries and the omission of the SystemDrive environmental variable, allowing a malicious actor to place and execute arbitrary DLLs within th...
Insufficient Verification Of Data Authenticity
quic-go is vulnerable to Insufficient Verification of Data Authenticity. The vulnerability is due to improper handling of ICMP "Packet Too Large" messages, allowing an off-path attacker to inject such packets and disrupt QUIC connections by setting the MTU to a value below the minimum threshold o...
Cache Poisoning
moodle/moodle is vulnerable to Cache Poisoning. The vulnerability is due to improper validation mechanisms in local storage, allowing attackers to manipulate cached data maliciously...
SQL Injection
moodle/moodle is vulnerable to SQL injection. The vulnerability is due to insufficient input validation or sanitization in the XMLDB editor tool, which allows attackers to inject and execute unauthorized SQL commands...
Denial Of Service (DoS)
io.undertow, undertow-core is vulnerable to Denial of Service DoS. The vulnerability is due to an OutOfMemory error caused by a malicious user sending crafted requests through the FormAuthenticationMechanism, allowing an attacker to trigger the error...
SQL Injection
decidimawesome-module is vulnerable to SQL Injection. The vulnerability is due to improper neutralization of special elements in SQL commands within the papertrail/version model, allowing an authenticated admin user to manipulate SQL queries to disclose information, read/write files, or execute...
Directory Traversal
matrix-js-sdk is vulnerable to Directory Traversal. The vulnerability is due to insufficient validation of crafted MXC URIs, allowing a malicious room member to trigger arbitrary authenticated GET requests to the client's homeserver...
Denial Of Service (DoS)
pywasm3 is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling in the Readutf8 function...
Improper Privilege Management
Moodle is vulnerable to Improper Privilege Management. The vulnerability is due to insufficient capability checks, allowing users with access to restore glossaries in courses to restore them into the global site glossary without proper permissions...
Cross-site Scripting (XSS)
Moodle is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization of data during the restore process, allowing malicious backup files to introduce XSS risks...
Arbitrary File Read
craftcms/cms is vulnerable to arbitrary file read. The vulnerability is due to the exploitation of the dataUrl function, which allows attackers with write permissions on system notification templates to embed and exfiltrate Base64-encoded file content via triggered email notifications...
Local File System Validation Bypass
craftcms/cms is vulnerable to local file system validation bypass. The vulnerability is due to improper validation of file paths, allowing attackers to exploit a double file:// scheme to bypass restrictions and access or overwrite sensitive files...
Unauthorized Data Access
moodle/moodle is vulnerable to Unauthorized Data Access. The vulnerability is due to insufficient access control checks, allowing users with permission to view badge recipients to access unintended lists...
Open Redirection
Moodle is vulnerable to Open Redirection. The vulnerability is due to the cURL wrapper in Moodle retaining original request headers during emulated redirects, potentially causing HTTP authorization header information to be unintentionally sent to redirect URLs...
Arbitrary Code Execution
Ansible-Core is vulnerable to Arbitrary Code Execution. The vulnerability is due to attackers bypassing unsafe content protections by using the hostvars object to reference and execute templated content, potentially leading to code execution if remote data or module outputs are improperly templat...
Sensitive Information Exposure
Moodle is vulnerable to Sensitive Information Disclosure. The vulnerability is due to hidden user profile fields being visible in gradebook reports, allowing users without the "view hidden user fields" capability to access restricted information...
Local File Inclusion (LFI)
moodle/moodle is vulnerable to Local File Inclusion LFI. The vulnerability is due to inadequate input validation when restoring block backups, which allows an attacker to manipulate the process and potentially include local files, which can lead to exploitation of the system...
Insufficient Access Control
Moodle is vulnerable to Insufficient Access Control. The vulnerability is due to improper validation in the external API for the Quiz module, allowing unauthorized users to override access controls...
Improper Message Recipient Validation
moodle/moodle is vulnerable to Improper Message Recipient Validation. The vulnerability is due to insufficient input validation. Specifically, the system does not properly verify that the message recipients belong to the set of users returned by the non-respondents report, allowing messages to be...
Remote Code Execution (RCE)
moodle/moodle is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient input validation and sanitization in the calculated question types, which allows an attacker to inject malicious code that could be executed remotely, especially when the user has the capability to...
Cross-Site Scripting (XSS)
librenms/librenms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization of the "name" parameter on the "Port Settings" page, allowing an attacker to inject arbitrary JavaScript, which executes when the page is accessed, potentially compromising user...
Arbitrary Code Execution
librenms/librenms is vulnerable to Arbitrary Code Execution. The vulnerability is due to a lack of proper input validation and sanitization on directory names and configuration parameters entered through the web portal. It allows an attacker to inject arbitrary commands into shellexec calls...
XML External Entity (XXE) Injection
org.powertac:server-interface is vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper input validation in the DocumentBuilderFactory component, allowing attackers to access sensitive information or execute arbitrary code via crafted XML entities...