38468 matches found
Improper Enforcement Of Security Policy
github.com/forgekeep/nebula-mesh is vulnerable to Improper Enforcement of Security Policy. The vulnerability is due to the Web UI host-creation endpoint hardcoding a 24-hour enrollment token lifetime instead of enforcing the configured server-wide or per-network enrollment token TTL, which allows...
Uncontrolled Resource Consumption
github.com/forgekeep/nebula-mesh is vulnerable to Uncontrolled Resource Consumption. The vulnerability is due to the unauthenticated /ui/oidc/login endpoint creating and storing a new OIDC state for every request without rate limiting or a maximum state limit, which allows an attacker to repeated...
Improper Access Control
github.com/julien040/anyquery is vulnerable to Improper Access Control. The vulnerability is due to missing input sanitization and insufficient access control over the built-in SQLite virtual table modules, which allows an unauthenticated attacker to create virtual tables that reference arbitrary...
Improper Authorization
kimai/kimai is vulnerable to Improper Authorization. The vulnerability is due to insufficient permission checks on the ExportController web routes, which allows a low-privileged user with createexport permission to create or modify global export templates intended to be restricted to administrato...
SQL Injection
FacturaScripts is vulnerable to SQL Injection. The vulnerability is due to improper validation and escaping of user-controlled filter field names in sqlColumn, which allows an attacker to inject arbitrary SQL through API filter parameters and retrieve data from arbitrary database tables...
Cross Site Scripting
Snipe-IT is vulnerable to Cross Site Scripting. The vulnerability is due to insufficient sanitization of branding color settings rendered inside a CSS style block, allowing a superadmin to inject arbitrary CSS that affects authenticated users when Content Security Policy is disabled...
Exposure Of Sensitive Information
github.com/forgekeep/nebula-mesh is vulnerable to Exposure of Sensitive Information. The vulnerability is due to operator session tokens being stored in plaintext in the database rather than in a protected or hashed form, which allows an attacker with access to the database e.g., through backups,...
Path Traversal
FacturaScripts is vulnerable to Path Traversal. The vulnerability is due to authorization checks being performed on the raw URL instead of the canonical filesystem path, which allows an attacker to use ../ sequences to bypass access controls and read arbitrary files within the FacturaScripts...
Improper Authorization
Snipe-IT is vulnerable to Improper Authorization. The vulnerability is due to insufficient authorization checks on the asset request cancellation endpoint, where user-controlled URL parameters can specify another user's pending request, allowing authenticated attackers to cancel asset requests...
Sensitive Information Exposure
github.com/forgekeep/nebula-mesh is vulnerable to Sensitive Information Exposure. The vulnerability is due to the web handler passing a decrypted CAManager containing the CA's private key to the mobile bundle builder without invoking CAManager.Wipe on any return path, leaving the plaintext privat...
Improper Authorization
Snipe-IT is vulnerable to Improper Authorization. The vulnerability is due to missing authorization checks when deleting pending checkout acceptance records, where the endpoint validates only report viewing permissions and does not verify access to the associated asset, allowing users to delete...
Cross Site Scripting (XSS)
Snipe-IT is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation of javascript: URIs in Markdown hyperlinks, where malicious links embedded in custom fields can execute arbitrary JavaScript when clicked by another user viewing the asset details page...
Improper Authorization
Snipe-IT is vulnerable to Improper Authorization. The vulnerability is due to missing authorization checks when adding licenses to predefined kits, where the API validates kit edit permissions but not access to the referenced license, allowing low-privilege users to associate licenses they are no...
Server-Side Request Forgery (SSRF)
github.com/julien040/anyquery, is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to the server mode not restricting outbound HTTP requests initiated by its built-in SQLite virtual table modules such as jsonreader and logreader, which allows an unauthenticated attacker to...
CSV Injection (Formula Injection)
FacturaScripts is vulnerable to CSV Injection Formula Injection. The vulnerability is due to insufficient sanitization of spreadsheet formula prefix characters during CSV export, which allows an attacker to inject malicious formulas that execute when an administrator opens the exported CSV file i...
Cross-site Scripting (XSS)
FacturaScripts is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper encoding of user-controlled referencia and codsubcuenta values in JavaScript within HTML onclick attributes, which allows an attacker to inject and execute arbitrary JavaScript when a user opens the...
Exposure Of Sensitive Information
auth0/symfony is vulnerable to Exposure of Sensitive Information. The vulnerability is due to accepting OAuth 2.0 bearer access tokens through URL query parameters in addition to the Authorization header, which allows an attacker to capture and replay exposed access tokens against protected API...
Uncontrolled Resource Consumption
github.com/aquasecurity/trivy is vulnerable to Uncontrolled Resource Consumption. The vulnerability is due to the custom tar unpacker reading Helm chart archive .tgz entries using io.ReadAll without enforcing a size limit, which allows an attacker to supply a malicious compressed archive that...
Path Traversal
github.com/eat-pray-ai/yutu is vulnerable to Path Traversal. The vulnerability is due to the caption-download MCP tool passing a caller-controlled file path directly to os.Create without path validation, canonicalization, or restriction to the YUTUROOT directory, which allows an attacker to write...
Improper Authentication
go.woodpecker-ci.org/woodpecker/v3 is vulnerable to Improper Authentication. The vulnerability is due to the gRPC layer trusting a client-supplied agentid value instead of the authenticated agent identity after JWT verification, which allows an authenticated attacker to impersonate any other agen...
Remote Code Execution (RCE)
github.com/julien040/anyquery, is vulnerable to Remote Code Execution RCE. The vulnerability is due to the server mode allowing unrestricted use of native SQLite ATTACH DATABASE commands, which allows an unauthenticated attacker to write arbitrary files to writable locations on the filesystem and...
Open Redirect
Snipe-IT is vulnerable to Open Redirect. The vulnerability is due to improper trust of the attacker-controlled Referer header, where the previous URL is stored in the session and later used for redirection without validation, allowing attackers to redirect users to malicious websites after a...
Remote Code Execution (RCE)
Apache Gravitino is vulnerable to Remote Code Execution RCE . The vulnerability is due to insufficient validation of H2 JDBC URLs in the testConnection API, where attacker-controlled URLs can abuse the H2 INIT parameter to execute arbitrary Java code on the server...
Cross-site Scripting (XSS)
EasyAdmin is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient restrictions on uploaded file types and serving uploaded files inline from the public web root, which allows an attacker to upload malicious HTML or SVG files that execute JavaScript in an administrator'...
Improper Authorization
tarteaucitron is vulnerable to Improper Authorization. The vulnerability is due to insufficient validation of HTML data attributes used for cookie deletion, which allows an attacker to craft malicious elements that trick users into unintentionally deleting cookies when clicked...
Improper Authorization
n8n-mcp is vulnerable to Improper Authorization. The vulnerability is due to insufficient tenant isolation in multi-tenant HTTP mode, which allows an authenticated tenant to access locally stored workflow version backups outside of its assigned tenant scope...
Improper Authorization
n8n-mcp is vulnerable to Improper Authorization. The vulnerability is due to insufficient tenant isolation of locally stored workflow version history, which allows an authenticated tenant to read or delete workflow backups belonging to other tenants, exposing sensitive configuration data and...
Prototype Pollution
@feathersjs/commons is vulnerable to Prototype Pollution. The vulnerability is due to unsafe recursive merging of attacker-controlled objects containing proto, constructor, or prototype properties, which allows an attacker to pollute the global object prototype when untrusted JSON input is passed...
Improper Authentication
Apollo ConfigService is vulnerable to Improper Authentication. The vulnerability is due to incorrect parsing of the appId during authentication for the raw configuration file endpoint, which allows an attacker to bypass AccessKey or management key authentication and access protected configuration...
Improper Authentication
Apollo ConfigService is vulnerable to Improper Authentication. The vulnerability is due to improper validation of non-canonical appId values during authentication, which allows an attacker to bypass AccessKey or management key protections and gain unauthorized access to protected configuration da...
Improper Authorization
Apollo Portal is vulnerable to Improper Authorization. The vulnerability is due to missing application and namespace permission checks when retrieving releases by ID, which allows an authenticated low-privileged user to access unauthorized release data by supplying a valid release ID...
Server-Side Request Forgery (SSRF)
kLOsk adloop is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of the finalurl parameter in the validateurls function, where attacker-controlled URLs are processed without adequate restrictions, allowing attackers to make server-side requests t...
Uncontrolled Resource Consumption
github.com/stackloklabs/mkp is vulnerable to Uncontrolled Resource Consumption Denial of Service. The vulnerability is due to the server accepting unbounded limitBytes and tailLines values and reading the entire Kubernetes pod log stream into memory without enforcing a size limit, which allows an...
Uncontrolled Resource Consumption
github.com/spectolabs/hoverfly is vulnerable to Uncontrolled Resource Consumption Denial of Service. The vulnerability is due to the use of http.DefaultClient without a configured timeout for remote post-serve actions, which allows an attacker to trigger requests to a non-responsive endpoint,...
Improper Authorization
FlaskBB is vulnerable to Improper Authorization. The vulnerability is due to a type mismatch in the bulk group deletion protection check, where integer group IDs are incorrectly compared against string values, allowing authenticated administrators to delete built-in authorization groups and...
Concurrent Execution Using Shared Resource
github.com/spectolabs/hoverfly is vulnerable to Concurrent Execution using Shared Resource. The vulnerability is due to the AddDiff function writing to the shared responsesDiff map without proper synchronization when running in Diff mode, which allows an attacker to send multiple simultaneous...
DNS Rebinding
9Router is vulnerable to DNS Rebinding. The vulnerability is due to inconsistent DNS validation during image fetching, where the image URL is validated and fetched using separate DNS resolutions, allowing attackers to exploit DNS rebinding to access internal HTTP services...
Authentication Bypass
9Router is vulnerable to Authentication Bypass. The vulnerability is due to improper trust of loopback requests, where requests forwarded through 127.0.0.1 are incorrectly treated as local and exempt from API key authentication, allowing unauthenticated attackers to access protected /v1 APIs and...
Path Traversal
github.com/k3s-io/k3s is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths in the etcd snapshot decompression functionality when restoring compressed ZIP-based snapshots, which allows an attacker to craft archive entries with malicious file names that wri...
Path Traversal
SiYuan is vulnerable to Path Traversal. The vulnerability is due to improper validation of double URL-encoded path traversal sequences in the /assets/path route, where attackers can bypass path restrictions to read arbitrary files within the workspace directory, exposing sensitive configuration...
Improper Access Control
OpenCost is vulnerable to Improper Access Control. The vulnerability is due to missing authentication in the /serviceKey endpoint, which allows an attacker to overwrite the GCP service account key file remotely, leading to service disruption, credential theft, and potential privilege escalation...
Remote Code Execution (RCE)
DIRAC RequestManager is vulnerable to remote code execution.The vulnerability is due to the use of eval on untrusted input, which allows an authenticated attacker to execute arbitrary code or system commands on the DIRAC server with the privileges of the user running the DIRAC services...
Path Traversal
py-rattler are vulnerable to Path Traversal. The vulnerability is due to improper validation of the package record build string used to construct cache file paths during package cache materialization, which allows an attacker controlling a malicious or untrusted conda channel to inject path...
Improper Authentication
PraisonAI AgentMail is vulnerable to Improper Authentication. The vulnerability is due to missing signature verification for webhook requests, where crafted message.received events are accepted without validating their authenticity, allowing unauthenticated attackers to inject spoofed messages an...
API Key Bypass
9Router is vulnerable to API key bypass. The vulnerability is due to the router determining whether a /v1 LLM proxy request is local by reading the client-controlled Host header, where a remote unauthenticated attacker can send Host: localhost and bypass API-key authentication, and this allows th...
Authentication Bypass
9Router is vulnerable to Authentication Bypass. The vulnerability is due to missing authentication checks for the /codex endpoint, where requests bypass the API key validation before being rewritten to protected API routes, allowing unauthenticated attackers to invoke upstream LLM provider APIs...
JWT Expiration Bypass
ZITADEL is vulnerable to JWT expiration bypass. The vulnerability is due to the external JWT Identity Provider validation skipping expiration handling when an incoming token omits the exp claim, where a token from a trusted issuer can be treated as valid without an automatic expiration window, an...
Improper Authorization
github.com/zitadel/zitadel is vulnerable to Improper Authorization. The vulnerability is due to insufficient validation during OAuth2 token exchange, where the endpoint does not verify token ownership or restrict requested scopes to those of the original token, allowing attackers to exchange...
Arbitrary Command Execution
GitHub CLI is vulnerable to Arbitrary Command Execution. The vulnerability is due to insufficient validation of JupyterLab URLs returned by a Codespace, where attacker-controlled non-loopback URLs such as vscode:// are passed to VS Code, allowing malicious Codespaces to execute arbitrary commands...
Path Traversal
decompress is vulnerable to Path Traversal. The vulnerability is due to an improper path containment check during archive extraction, where path validation fails to enforce directory boundaries, allowing attackers to bypass extraction restrictions and write arbitrary files outside the intended...