38119 matches found
Reliance On Untrusted Inputs In A Security Decision
Sinatra is vulnerable to Reliance on Untrusted Inputs in a Security Decision. The vulnerability is due to improper handling of the X-Forwarded-Host header via the X-Forwarded-Host header, allowing attackers to exploit Open Redirect Attacks, Cache Poisoning, or Routing-based SSRF through untrusted...
Arbitrary Code Execution (ACE)
lilconfig is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to the insecure usage of eval in the dynamicImport function, which allows an attacker to inject malicious input through the defaultLoaders function and execute arbitrary code...
Unauthorized Invite Deletion
github.com/grafana/grafana is vulnerable to unauthorized invite deletion. The vulnerability is due to insufficient access control validation in the system, where organization admins are not properly restricted to actions only within the organization they belong to. It allows admins to delete...
Path Traversal
langchain is vulnerable to path traversal. The vulnerability is due to improper input sanitization in the getFullPath method, which allows attackers to exploit the setFileContent, getParsedFile, and mdelete methods, enabling them to save files anywhere in the filesystem, overwrite existing text...
Arbitrary File Creation
github.com/nvidia/nvidia-container-toolkit is vulnerable to arbitrary file creation. The vulnerability is due to the default mode of operation, which allows a specially crafted container image to interact with the host file system and create empty files...
SQL Injection
@langchain/community is vulnerable to SQL injection. The vulnerability is due to improper handling of user input in the GraphCypherQAChain class, which allows attackers to inject malicious prompts that can lead to SQL injection...
SQL Injection
langchain-ai/langchain is vulnerable to SQL injection. The vulnerability is due to insufficient input validation in the GraphCypherQAChain class, which allows user-controlled inputs to be embedded in SQL queries without proper sanitization...
Time-of-check Time-of-use (TOCTOU) Race Condition
NVIDIA Container Toolkit is vulnerable to Time-of-Check Time-of-Use TOCTOU Race Condition. The vulnerability is due to a TOCTOU flaw in the default configuration, where a specifically crafted container image may gain unauthorized access to the host file system. This can lead to code execution,...
SQL Injection
org.jeecgframework.boot, jeecg-boot-parent is vulnerable to SQL Injection. The vulnerability is due to a SQL injection in the /onlDragDatasetHead/getTotalData component, which allows attackers to execute arbitrary SQL commands...
Remote Code Execution (RCE)
Langflow is vulnerable to Remote Code Execution RCE. The vulnerability exists due to insufficient validation in the PythonCodeTool component, which allows attackers to execute arbitrary code remotely...
Cross-Site Scripting (XSS)
Glossarizer is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improperly converting encoded special characters into legitimate HTML, allowing attackers to inject a malicious XSS payload into a glossary entry...
Unauthorized File Access
@oakserver/oak is vulnerable to Unauthorized File Access. The vulnerability is due to inadequate sanitization of URL-encoded characters in the Context.send API, allows attackers to encode / as %2F, bypassing the restriction on hidden files and potentially exposing sensitive data...
Local File Inclusion (LFI)
changedetectionio is vulnerable to local file inclusion LFI. The vulnerability is due to insufficient input validation and lack of proper security controls when handling file paths in WebDriver requests, allows the use of the source:file:///etc/passwd to bypass restrictions and access sensitive...
Cross-Site Request Forgery (CSRF)
Mattermost is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper sanitization of user inputs in the frontend used for redirection, allowing a one-click client-side path traversal that results in a cross-site request forgery CSRF in Playbooks...
Improper Access Control
Mattermost is vulnerable to Improper Access Control. The vulnerability is due to improper filtering of channel data when ElasticSearch is enabled, allowing users to access private channel names by using cmd+K/ctrl+K...
Denial Of Service (DoS)
Mattermost is vulnerable to Denial of Service DoS. The vulnerability is due to the failure to prevent detailed error messages from being displayed in Playbooks, which allows an attacker to generate a large GraphQL response. This can lead to application crashes when a specially crafted request is...
Missing Authorization
Mattermost is vulnerable to Missing Authorization. The vulnerability is due to a failure to check that the origin of the message in an integration action matches the original post metadata, which allows an authenticated user to delete an arbitrary post...
Improper Authentication
Kyverno is vulnerable to Improper Authentication. The vulnerability is due to the ability to override a ClusterPolicy such as "disallow-privileged-containers" by creating a PolicyException in any namespace. This design flaw allows users with privileges in non-Kyverno namespaces to create...
HTTP Request Smuggling (HRS)
Waitress is vulnerable to HTTP Request Smuggling HRS. The vulnerability is due to improper handling of request lookahead and parsing in HTTP pipelining. When request lookahead is enabled, the server processes the first request, but due to a race condition, it may start handling the second request...
Denial Of Service (DoS)
Waitress is vulnerable to Denial Of Service DoS. The vulnerability is due to a race condition where, if a remote client closes the connection before Waitress calls getpeername, allows an attacker to trigger a busy-loop in the server, causing it to repeatedly attempt writing to a non-existent sock...
Denial Of Service (DoS)
github.com/argoproj/argo-workflows is vulnerable to Denial Of Service DoS. The vulnerability is due to a race condition in a global variable within the file metricsk8srequest.go, allows an attacker with permission to execute workflows to trigger a crash in the Argo Workflows controller...
Incorrect Session Handling
github.com/mattermost/mattermost is vulnerable to Incorrect Session Handling. The vulnerability is due to improper session management during the use of Single Sign-On SSO, where two sessions—one in the browser and one on the desktop—are created without proper synchronization or settings, allowing...
Open Redirect
github.com/coder/coder is vulnerable to Open Redirect. The vulnerability is due to lack of proper input validation on the Coder login page, allows attackers to manipulate the URL and redirect users to malicious websites...
Leaked Token Reuse Attack
Duende IdentityServer is vulnerable to Leaked Token Reuse Attack. The vulnerability is due to insufficient validation of the cnf claim in DPoP access tokens by the LocalApiAuthenticationHandler. It allows attackers to misuse leaked tokens without requiring the private key needed for signing proof...
Remote Code Execution (RCE)
pyload-ng is vulnerable to Remote Code Execution RCE. The vulnerability exists due to improper input validation of HTTP requests, allowing attackers to execute arbitrary code...
Regular Expression Denial Of Service (ReDoS)
nope-validator is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expressions, which allow for ReDoS attacks...
Cross-Site Scripting (XSS)
funadmin/funadmin is vulnerable to Cross Site Scripting XSS. The vulnerability is due to the lack of input validation and filtering of parameters passed to the param variable in the selectfiles method of \backend\controller\sys\Attachh.php, allowing an attacker to inject malicious scripts into th...
Path Traversal
werkzeug is vulnerable to Path Traversal. The vulnerability is due to inadequate handling of UNC paths in the os.path.isabs function, which results in safejoin not properly validating the path, allowing an attacker to manipulate the path and gain unauthorized access to files or directories...
Regular Expression Denial Of Service (ReDoS)
Knwl.js is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to the presence of inefficient regular expressions, which allow attackers to craft input that causes excessive backtracking, leading to high CPU usage and potential service disruption...
Privilege Escalation
github.com/rancher/rancher is vulnerable to Privilege Escalation. The vulnerability is due to the use of untrusted cluster or node drivers that run at a privileged level, allowing them to escape the chroot jail and gain unauthorized access to the Rancher container or, in the case of privileged...
Sybil Attacks
github.com/libp2p/go-libp2p-kad-dht is vulnerable to Sybil attacks. The vulnerability is due to the method of assigning routing information based on the DHT distance between peer IDs and content IDs, allows attackers to generate many Sybil peers with small DHT distances, enabling them to disrupt ...
Regular Expression Denial Of Service (ReDoS)
Foundation is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to the use of inefficient or poorly optimized regular expressions, allows an attacker for excessive backtracking, which can be exploited in a ReDoS attack to overwhelm the system with resource-intensi...
Regular Expression Denial Of Service (ReDoS)
commonregex is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to the use of inefficient regular expressions that can be exploited to consume excessive computational resources, leading to a denial of service. As of the time of publication, no known patches are...
Regular Expression Denial Of Service (ReDoS)
Validate.js is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to certain regular expressions in Validate.js that can enter catastrophic backtracking, when the regex engine takes an excessive amount of time to evaluate certain input patterns, allowing attackers ...
Regular Expression Denial Of Service (ReDoS)
rexml is vulnerable to a Regular Expression Denial of Service ReDoS vulnerability. The vulnerability is due to inefficient regular expression handling when parsing XML inputs that contain a large number of digits in hex numeric character references &x...;, allows an attacker to craft inputs that...
Regular Expression Denial Of Service (ReDoS)
Useragent is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to ReDoS caused by the presence of regular expressions that can be exploited to cause high CPU usage, leading to denial of service...
SQL Injection
Funadmin is vulnerable to SQL Injection. The vulnerability is due to an arbitrary file read in the /curd/index/editfile endpoint...
SQL Injection
Funadmin is vulnerable to SQL injection. The vulnerability is due to improper input validation in curd/table/savefield, allowing malicious SQL code to be executed. Attackers can exploit this vulnerability to manipulate database queries, potentially gaining unauthorized access to or tampering with...
SQL Injection
Funadmin is vulnerable to SQL injection. The vulnerability is due to improper input validation in the Curd one-click command mode plugin, allowing user-supplied data to be directly included in SQL queries without sanitization. Attackers can exploit this to execute arbitrary SQL commands...
SQL Injection
Funadmin is vulnerable to SQL injection. The vulnerability is due to improper input sanitization in the /curd/table/list endpoint, which allows attackers to inject arbitrary SQL queries into the database...
Denial Of Service (DoS)
funadmin/funadmin is vulnerable to a Denial of Service DOS. The vulnerability is due to a logical flaw in the Curd one-click command deletion function, which can lead to a DOS condition...
Cross-site Scripting (XSS)
baserCMS is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input validation in the blog post feature, allowing user-generated content to include malicious scripts...
Improper Session Termination
umbraco.cms is vulnerable to Improper Session Termination. The vulnerability is due to the server session not being fully terminated during an explicit sign-out, which could allow unauthorized access...
Credential Exposure
github.com/rancher/rancher is vulnerable to Credential Exposure. The vulnerability is due to insecure storage of vSphere CPI and CSI credentials in plaintext within Rancher, which allows unauthorized access to sensitive information...
SQL Injection
funadmin/funadmin is vulnerable to SQL Injection. The vulnerability is due to improper validation of the parentField parameter in the index method of \backend\controller\auth\Auth.php...
SQL Injection
funadmin/funadmin is vulnerable to SQL injection. The vulnerability is due to insufficient input validation in the /curd/table/edit endpoint, which allows untrusted data to be directly used in SQL queries without proper sanitization or escaping...
Path Traversal
golang.org/x/crypto is vulnerable to Path Traversal. The vulnerability is due to the use of path.Base instead of filepath.Base on Windows, allowing attackers to supply crafted relative paths that could lead to unauthorized access to unintended directories or files...
SQL Injection
funadmin/funadmin is vulnerable to SQL injection. The vulnerability is due to improper input handling in the /curd/table/fieldlist endpoint, allowing attackers to inject malicious SQL queries...
Arbitrary File Deletion
funadmin/funadmin is vulnerable to Arbitrary File Deletion. The vulnerability is due to a lack of proper access control in the /curd/index/delfile endpoint, which allows unauthorized users to delete files...
Remote Code Execution (RCE)
pyloadng is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient restrictions on the /.pyload/scripts folder, allowing executable files to run automatically when certain actions, like completing a download, are triggered. Attackers can exploit this by downloading an...