Lucene search
K
VeracodeRecent

38326 matches found

Veracode
Veracode
•added 2024/12/03 10:18 a.m.•6 views

Improper Authorization

Moodle is vulnerable to improper authorization. The vulnerability is due to incorrect handling of Matrix room membership and power levels due to suspended Moodle users not being properly revoked, and attackers can use this to retain unauthorized access and elevated privileges in Matrix rooms even...

5.3CVSS7AI score0.00318EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2024/12/03 9:54 a.m.•10 views

Sensitive Information Exposure

Moodle is vulnerable to Sensitive Information Exposure. The vulnerability is due to sensitive secrets and keys not being excluded from site administration preset exports, potentially leading to unintentional data leaks when presets are shared with third parties...

3.7CVSS6.4AI score0.00328EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/12/03 9:41 a.m.•11 views

Regular Expression Denial Of Service (ReDoS)

cross-spawn is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to improper input sanitization, which allows an attacker to craft a large string that increases CPU usage and crashes the program...

8.7CVSS6.5AI score0.00873EPSS
Exploits0References6Affected Software2
Veracode
Veracode
•added 2024/12/03 9:37 a.m.•8 views

Information Disclosure

github.com/mattermost/mattermost-server is vulnerable to Information Disclosure. The vulnerability is due to improper querying of Elasticsearch, which allows attackers to obtain the names of private channels they are not members of when Elasticsearch v8 is enabled...

4.3CVSS6.5AI score0.00288EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/12/03 9:36 a.m.•8 views

Unauthorized Access

Mattermost is vulnerable to unauthorized access. The vulnerability is due to improper authorization, which allows users or system managers with "Read Groups" permission to retrieve details about private channels they are not members of by sending requests to /api/v4/channels...

4.3CVSS6.6AI score0.00279EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/12/03 9:35 a.m.•8 views

MFA Code Replay Attacks

github.com/mattermost/mattermost-server is vulnerable to MFA code replay attacks. The vulnerability is due to insufficient validation of MFA codes, which allows attackers to reuse the same codes within approximately 30 seconds...

4.8CVSS6.8AI score0.00208EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/12/03 9:34 a.m.•22 views

Argument Injection

Laravel is vulnerable to Argument Injection. The vulnerability is due to the misuse of the registerargcargv PHP directive, allowing attackers to modify the environment used by the framework via specially crafted query strings...

8.7CVSS6.6AI score0.37981EPSS
Exploits1References5Affected Software2
Veracode
Veracode
•added 2024/12/03 9:0 a.m.•7 views

Regular Expression Denial Of Service (ReDoS)

Giskard is vulnerable to Remote Code Execution ReDoS. The vulnerability is due to inefficient regex handling when processing specific text patterns, allowing an attacker to cause a denial of service DoS by triggering prolonged regex evaluation times...

6.9CVSS7.3AI score0.00784EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/12/03 6:15 a.m.•7 views

Denial Of Service (DoS)

System.Formats.Nrbf is vulnerable to Denial of Service DoS. The vulnerability is due to incorrect input validation in the NrbfDecoder component, which could allow an attacker to disrupt application availability...

7.5CVSS6.5AI score0.02559EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/12/03 6:4 a.m.•10 views

Remote Code Execution (RCE)

System.Formats.Nrbf is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient input validation, allowing an attacker to exploit it by sending specially crafted requests or loading malicious files into a vulnerable application...

9.8CVSS7.2AI score0.03512EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/12/03 5:43 a.m.•6 views

Account Takeover

zenml is vulnerable to Account Takeover. The vulnerability is due to a lack of rate-limiting on the '/api/v1/current-user' endpoint, which allows attackers to brute-force the current password in the 'Update Password' function...

5.4CVSS6.7AI score0.00456EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2024/12/03 5:28 a.m.•10 views

Remote Code Execution (RCE)

backpack/filemanager is vulnerable to Remote Code Execution. The vulnerability is due to improper handling of untrusted data during deserialization from the mimes parameter, allows an attacker to execute remote code on the affected system...

9.8CVSS7.9AI score0.00573EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/12/03 5:9 a.m.•17 views

Authentication Bypass

Symfony is vulnerable to Authentication Bypass. The vulnerability is due to improper username validation, as the framework fails to check if the database username matches the one linked to the remember-me cookie, allowing an attacker to gain unauthorized access...

7.5CVSS7.3AI score0.00633EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2024/12/03 4:32 a.m.•7 views

Cross-Site Scripting (XSS)

unopim/unopim is vulnerable to cross-site scripting XSS. The vulnerability is due to the improper validation of uploaded SVG files, allowing embedded scripts to execute and potentially steal session cookies...

6.5CVSS6.3AI score0.0018EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2024/12/02 10:37 a.m.•11 views

Incorrect ID During Policy Enforcement

neutron is vulnerable to an incorrect ID during policy enforcement. The vulnerability is due to an issue in neutron/extensions/tagging.py, where an incorrect ID is used, allowing attackers to manipulate network resources and leading to unauthorized access or bypassing security policies...

7.5CVSS7.1AI score0.00695EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2024/12/02 10:36 a.m.•13 views

Cross-Site Scripting (XSS)

@sveltejs/kit is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of user-controlled input in the error message. Specifically, the placeholders in error.html are replaced with content without escaping, which can allow malicious content to be injected and...

5.4CVSS6.2AI score0.0047EPSS
Exploits1References5Affected Software1
Veracode
Veracode
•added 2024/12/02 10:34 a.m.•10 views

Cross-Site Scripting (XSS)

@sveltejs/kit is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to unsanitized input from the request URL being used to render an HTML page, which affects the files packages/kit/src/exports/vite/dev/index.js and packages/kit/src/exports/vite/utils.js. It allows an attacker to...

5.4CVSS6.3AI score0.00321EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2024/12/02 10:32 a.m.•8 views

OT-based ECDSA Protocol Implementation Flaws

github.com/taurusgroup/multi-party-sig is vulnerable to OT-based ECDSA protocol implementation flaws. The vulnerability is due to improper handling of Oblivious Transfer OT operations, allowing an attacker to exploit weaknesses in the OT implementation to compromise private keys or forge digital...

7AI score
Exploits0
Veracode
Veracode
•added 2024/12/02 6:46 a.m.•21 views

Cross-site Scripting (XSS)

github.com/usememos/memos is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization, allowing an attacker to upload a JavaScript file with a malicious script, which executes when referenced in an HTML file, potentially leading to the theft of...

9.8CVSS6AI score0.00438EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2024/12/02 6:25 a.m.•5 views

Cross-site Scripting (XSS)

calibreweb to Cross-site Scripting XSS. The vulnerability is due to insufficient sanitization of user input in the editbooks.js file when editing book properties, such as uploading a cover or format. This allows attackers to execute arbitrary JavaScript code...

6.1CVSS6.8AI score0.00356EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2024/12/02 6:22 a.m.•3 views

Server Side Request Forgery (SSRF)

github.com/openshift/console is vulnerable to Server Side Request Forgery SSRF. The vulnerability is due to the lack of proper checks on the /api/dev-console/proxy/internet endpoint, which allows authenticated users to make arbitrary HTTP requests from the console's pod to services inside the...

5.3CVSS6.6AI score0.00569EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2024/12/02 5:51 a.m.•4 views

Stack Overflow

TOML parser is vulnerable to stack overflow. The vulnerability is due to improper handling of deeply nested structures in the TOML parser, which can lead to a stack overflow when encountering deeply nested inline structures or stringifying deeply nested objects. It allows an attacker to craft a...

7.4AI score
Exploits0
Veracode
Veracode
•added 2024/12/02 5:36 a.m.•7 views

Sensitive Information Exposure

calibreweb is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper error handling, exposing the names of private shelves in error messages when unauthorized users attempt to remove a book from a shelf they do not own...

4.3CVSS6.5AI score0.00358EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2024/12/02 5:26 a.m.•12 views

Inadequate Encryption Strength

github.com/apache/incubator-answer is vulnerable to Inadequate Encryption Strength. The vulnerability is due to the use of UUID v1 for token generation, which incorporates predictable elements like timestamps and node identifiers, allowing an attacker to predict or forge UUID tokens, potentially...

2.6CVSS6.7AI score0.00229EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2024/12/02 5:11 a.m.•10 views

Cross-site Scripting (XSS)

sylius/sylius is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation of uploaded SVG files, allowing attackers to inject malicious scripts that execute in the user's browser context...

5.4CVSS6.2AI score0.00239EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/12/02 4:35 a.m.•6 views

OS Command Injection

llamafactory is vulnerable to remote OS command injection. The vulnerability is due to insecure usage of the Popen function with shell=True and unsanitized input, which allows an attacker to execute arbitrary OS commands on the host system...

9.8CVSS8.5AI score0.02273EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2024/11/29 7:37 a.m.•16 views

Cross-Site Request Forgery (CSRF)

moodle/moodle is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to an incorrect CSRF token check in the bulk message sending feature of the Feedback module's non-respondents report, allowing an attacker to execute unauthorized actions...

8.1CVSS6.9AI score0.00622EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/11/29 7:9 a.m.•11 views

Authorization Bypass

moodle/moodle is vulnerable to Authorization Bypass. The vulnerability is due to insufficient capability checks, which allowed users to delete badges they did not have permission to access...

7.5CVSS6.9AI score0.00457EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/11/29 6:39 a.m.•9 views

Improper Access Control

calibreweb is vulnerable to Improper Access Control. The vulnerability is due to insufficient permission checks in the createshelf method of shelf.py, allowing users without public shelf permissions to create public shelves...

5.4CVSS6.6AI score0.00334EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2024/11/29 6:22 a.m.•9 views

Cross-site Scripting (XSS)

LibreNMS is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input validation, allowing authenticated users to inject arbitrary JavaScript through the "descr" parameter when adding a service to a device in the "Services" tab of the Device page...

5.4CVSS5.9AI score0.00449EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2024/11/29 6:16 a.m.•13 views

Regular Expression Denial Of Service (ReDoS)

@eslint/plugin-kit is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to improper input sanitization, allowing an attacker to increase CPU usage and crash the program...

7.5CVSS7AI score0.00482EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/11/29 5:46 a.m.•14 views

Sensitive Information Disclosure

Apache Airflow is vulnerable to Sensitive Information Disclosure. The vulnerability is due to insufficient masking of sensitive configuration variables in task logs, allowing DAG authors to log such variables unintentionally or intentionally, potentially exposing them to unauthorized users...

7.5CVSS6.5AI score0.01295EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2024/11/29 5:38 a.m.•7 views

Reflected Cross-Site Scripting (XSS)

librenms/librenms is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization of the "metric" parameter in the "/wireless" and "/health" endpoints, allowing attackers to inject arbitrary JavaScript...

5.4CVSS6.2AI score0.00403EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2024/11/29 5:34 a.m.•11 views

Cross Site Scripting (XSS)

librenms/librenms is vulnerable to cross-site scripting XSS. The vulnerability is due to improper input sanitization in the device Display Name field, allowing JavaScript code to execute from various sources...

4.8CVSS6.3AI score0.00314EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2024/11/29 5:21 a.m.•15 views

Cross Site Scripting (XSS)

librenms/librenms is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization in the "descr" parameter on the "Port Settings" page, allowing authenticated users to inject arbitrary JavaScript...

5.4CVSS5.7AI score0.00396EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2024/11/29 5:13 a.m.•9 views

Cross-Site Scripting (XSS)

librenms/librenms is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of the "billname" parameter, allowing authenticated users to inject arbitrary JavaScript when creating a new bill...

5.4CVSS5.7AI score0.00402EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2024/11/29 4:30 a.m.•13 views

Arbitrary File Read

moodle/moodle is vulnerable to Arbitrary file read. The vulnerability is due to insufficient sanitizing in the TeX notation filter, which allows file reading on sites where pdfTeX is available, such as those with TeX Live installed...

7.5CVSS7AI score0.00597EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2024/11/29 3:50 a.m.•9 views

Command Injection

github.com/grafana/grafana is vulnerable to command injection and local file inclusion. The vulnerability is due to insufficient sanitization of duckdb queries containing user input, allowing attackers to exploit this flaw by injecting malicious input...

9.9CVSS6.8AI score0.97781EPSS
Exploits10References5Affected Software1
Veracode
Veracode
•added 2024/11/29 3:25 a.m.•4 views

Denial Of Service (DoS)

libexpat.so is vulnerable to Denial Of Service DoS. The vulnerability is due to the improper implementation of the XMLResumeParser function, allowing XMLStopParser to stop or suspend an unstarted parser...

5.9CVSS5.8AI score0.0104EPSS
Exploits0References6Affected Software3
Veracode
Veracode
•added 2024/11/28 10:19 a.m.•10 views

Cross-site Request Forgery (CSRF)

wallabag is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to insufficient request validation, allowing attackers to arbitrarily delete user accounts via the /account/delete endpoint...

6.5CVSS7AI score0.00304EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2024/11/28 10:11 a.m.•16 views

Directory Traversal

gogs.io/gogs is vulnerable to Directory Traversal. The vulnerability is due to improper input validation in the editFilePost function of internal/route/repo/editor.go, allowing attackers to access unintended directories...

8.8CVSS6.6AI score0.14949EPSS
Exploits1References6Affected Software1
Veracode
Veracode
•added 2024/11/28 10:6 a.m.•9 views

XML External Entity (XXE) Injection

HAPI FHIR is vulnerable to XML External Entity XXE Injection. The vulnerability is due to insecure XML parsing by HAPI FHIR, specifically within the XSLT parsing components, which improperly handle external entity references in XML files. It allows attackers to inject malicious XML content, such ...

8.6CVSS6.5AI score0.00918EPSS
Exploits0References6Affected Software6
Veracode
Veracode
•added 2024/11/28 10:5 a.m.•8 views

Cross-Site Scripting (XSS)

librenms/librenms is vulnerable to stored cross-site scripting XSS. The vulnerability is due to improper input sanitization when adding notes to a device, allowing JavaScript code in the notes to be triggered when the ExamplePlugin is enabled...

4.8CVSS5.8AI score0.00332EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2024/11/28 10:2 a.m.•6 views

Cross-Site Scripting (XSS)

librenms/librenms is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of the "token" parameter, which allows authenticated users to inject arbitrary JavaScript when creating a new API token...

7.5CVSS5.6AI score0.69818EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2024/11/28 10:2 a.m.•10 views

Cross-Site Scripting (XSS)

librenms/librenms is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of the "unit" parameter in the "Custom OID" tab, allowing authenticated users to inject arbitrary JavaScript when creating a new OID...

5.4CVSS5.7AI score0.00396EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2024/11/28 10:1 a.m.•9 views

Cross-Site Scripting (XSS)

librenms/librenms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of user input in the "overwriteip" parameter, allowing untrusted data JavaScript code to be stored and executed in the application without proper validation or escaping...

5.4CVSS5.9AI score0.00396EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2024/11/28 9:57 a.m.•11 views

Improper Authorization

Moodle is vulnerable to Improper Authorization. The vulnerability is due to insufficient access control, allowing users to view the schedule of a report even if they lack permission to edit that report...

4.3CVSS6.4AI score0.00281EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/11/28 9:47 a.m.•6 views

Sensitive Data Exposure

apacheairflow is vulnerable to Sensitive Data Exposure. The vulnerability is due to sensitive variable values being logged unencrypted in audit logs when set via the CLI, which allows an attacker with audit log access to view those sensitive values...

4.9CVSS4.9AI score0.01201EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2024/11/28 9:43 a.m.•8 views

Sensitive Information Exposure

Moodle is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper error handling, allowing users with the "send message" capability to view the names of other users they should not have access to via an error message in the Messaging system...

4.3CVSS6.4AI score0.00366EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/11/28 9:29 a.m.•10 views

Sensitive Information Exposure

filament/actions is vulnerable to Sensitive Information Exposure. The vulnerability is due to insecure default configuration, specifically setting the public disk as the default storage disk, which allows sensitive files, such as exports, to be stored in a location that is publicly accessible,...

2.3CVSS6.3AI score0.00537EPSS
Exploits0References5Affected Software1
Total number of security vulnerabilities38326