38119 matches found
Unauthorized User Registration Bypass
github.com/zitadel/zitadel is vulnerable to unauthorized user registration bypass. This vulnerability is due to a missing security check when the "User Registration allowed" option is disabled, which hides the registration button but does not block direct access to the registration URL...
URL Validation Bypass
Zitadel is vulnerable to URL Validation Bypass. The vulnerability is due to the flaw in the URL validation mechanism in Zitadel's actions. Specifically, the isHostBlocked check, which is intended to block requests to localhost 127.0.0.1, can be circumvented by creating a DNS record that resolves ...
Improper Access Control
Umbraco is vulnerable to Improper Access Control. The vulnerability is due to insufficient restrictions on API access and is caused by improper access control in the webhook API, allows low-privilege users to retrieve information that should be accessible only to users with settings section...
Cross-Site Scripting (XSS)
Umbraco is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization in the Dictionary section, which can allow attackers to inject and execute malicious scripts when accessed by a user with admin privileges...
Remote Code Execution (RCE)
Umbraco is vulnerable to remote code execution. The vulnerability is due to improper handling of SVG files, where script tags within these files are not properly validated or stripped, allowing potential code execution when previewed by Backoffice users in full-screen mode...
Session Fixation
Umbraco is vulnerable to Session Fixation. The vulnerability is due to a session timeout discrepancy where the Backoffice logout page displays a session timeout message before the server session expires, leading users to believe they are logged out about 30 seconds early. It allows an attacker to...
Path Traversal
helm.sh/helm is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths in chart archives, which allows files to be extracted outside the target directory when unpacking...
Cross-Site Scripting (XSS)
org.apache.nifi,nifi-web-ui is vulnerable to cross-site scripting XSS. The vulnerability is due to insufficient input validation on the description field for Parameters in the Parameter Context configuration, allowing an authenticated user to insert arbitrary JavaScript code, which the client...
Information Disclosure
github.com/graph-gophers/graphql-go is vulnerable to Information Disclosure. The vulnerability is due to improper access controls on the GraphQL introspection query, allowing unauthorized users to access a complete list of available queries and mutations...
Cross-Site Scripting (XSS)
Apache Syncope is vulnerable to Cross-site scripting XSS. The vulnerability is due to improper handling of HTML sanitization in the Syncope Console, which allows incomplete HTML tags to go unchecked and permits the injection of stored XSS payloads that can affect other users within the applicatio...
Access Control Bypass
sigs.k8s.io/aws-load-balancer-controller is vulnerable to Access control bypass. The vulnerability is due to the controller’s automatic disassociation of WebACLs from ALBs when specific annotations are missing, which unintentionally removes WebACL protections, even if they were configured by AWS...
Use After Free
MicroPython is vulnerable to a Use-After-Free. The vulnerability is due to improper memory handling in the objarray component, where resizing a bytes object and copying it into itself can result in references to freed memory, potentially allowing remote exploitation...
Heap-Based Buffer Overflow
MicroPython is vulnerable to a Heap-based buffer overflow. The vulnerability is due to improper string length comparison during the VFS unmount process in the mpvfsumount function, which allows a remote attacker to trigger a heap buffer overflow read by supplying a crafted unmount path...
Heap-Based Buffer Overflow
MicroPython is vulnerable to a heap-based buffer overflow. The vulnerability is due to improper handling in the mpzasbytes function of the objint component when converting a zero integer to bytes, which allows an attacker to trigger a heap buffer overflow write and potentially execute malicious...
Cross-site Scripting (XSS)
baserCMS is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input handling in HTTP 400 Bad Request responses, allowing for potential XSS attacks...
Cross-site Scripting (XSS)
baserCMS is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input handling in the Edit Email Form Settings feature, allowing for potential XSS attacks...
Authorization Bypass
org.springframework.security, spring-security-web is vulnerable to Authorization Bypass. The vulnerability is due to a flaw in Spring Security’s handling of authorization rules for static resources in WebFlux applications, which allows these rules to be bypassed under specific conditions...
Cross-Site Scripting (XSS)
org.openrefine, extensions is vulnerable to cross-site scripting XSS. The vulnerability is due to the /extension/gdata/authorized endpoint including the state GET parameter verbatim in a...
Path Traversal
org.openrefine.dependencies Butterfly is vulnerable to path traversal. The vulnerability is due to improper handling of file:/ URLs, which are accepted in place of relative paths. It allows unauthorized access to local and remote files and enables multiple attacks, including path traversal, SSRF,...
Code Injection
flairNLP is vulnerable to code injection. The vulnerability is inadequate input validation in the ClusteringModel function of flair\models\clustering.py, allowing malicious code to be injected and executed remotely...
Cross-site Scripting (XSS)
baserCMS is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input validation and output encoding in the Blog posts and Contents list feature, allows attackers to inject and execute malicious scripts within the web application...
Path Traversal
org.openrefine, openrefine is vulnerable to path traversal. The vulnerability is due to the load-language command not verifying the resulting path for localization files, allowing exploitation to read arbitrary JSON files on the file system...
HTML Injection
org.openrefine, openrefine is vulnerable to HTML injection. The vulnerability is due to improper handling of error messages, which fails to escape HTML tags in exception messages and tracebacks, allowing an attacker to inject malicious HTML when a specific error is triggered...
Denial Of Service (DoS)
Aimeos is vulnerable to Denial-of-Service. The vulnerability is due to insufficient handling in the Aimeos GraphQL API admin interface, specifically affecting all SaaS and marketplace setups...
Arbitrary Code Execution
org.openrefine, database is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper configuration in the database extension of OpenRefine, specifically the enableloadextension property that permits loading local or remote extension DLLs...
Cross-Site Scripting (XSS)
org.openrefine, openrefine is vulnerable to a reflected Cross-Site Scripting XSS vulnerability. The vulnerability is due to the export-rows command reflecting parts of the user request verbatim, including the Content-Type header. It allows an attacker to manipulate the response and inject malicio...
Arbitrary Code Execution
org.openrefine.dependencies, butterfly is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper input handling in the Butterfly.prototype.parseJSON or getJSON functions, allowing crafted input to execute arbitrary JavaScript code on the server...
Sensitive Information Exposure
pterodactyl/panel is vulnerable to Sensitive Information Exposure. The vulnerability is due to the insecure handling of passwords in HTTP query parameters, which are logged in plain text when two-factor authentication is disabled. It can allow unauthorized access if an attacker gains access to...
Sensitive Information Disclosure
snowflakeconnectorpython is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the Connector logging Duo passcodes and Azure SAS tokens when the logging level is set to DEBUG, and bugs in the SecretDetector logging formatter that failed to fully redact JWT tokens and...
Cross-Site Scripting (XSS)
camaleoncms is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper handling of the content group name field, allowing a remote attacker to execute arbitrary code...
OS Command Injection
snyk-gradle-plugin is vulnerable to OS Command Injection. The vulnerability is due to the Snyk CLI's failure to correctly sanitize or validate the current working directory name, allowing for potential code injection when running scans on untrusted projects...
OS Command Injection
snyk-php-plugin is vulnerable to OS Command Injection. The vulnerability is due to improper handling of the current working directory name, allowing code injection if Snyk test is run inside an untrusted PHP project...
Denial Of Service (DoS)
http-proxy-middleware is vulnerable to Denial of Service DoS. The vulnerability is due to an unhandled promise rejection error caused by micromatch, which can allow an attacker to crash the server by making requests to certain paths...
Public Key Validation
secp256k1 is vulnerable to public key validation issues. The vulnerability is due to an implementation oversight in the secp256k1-node library, where the loadCompressedPublicKey function fails to verify if the public key is on the secp256k1 curve, allowing the use of invalid public keys from...
Remote Code Execution
php-heic-to-jpg is vulnerable to Remote Code Execution. The vulnerability is due to improper handling of HEIC image uploads, allowing an attacker to execute code on the remote server via the image file name...
Prototype Pollution
Mermaid is vulnerable to prototype pollution.The vulnerability is due to prototype pollution in its bundled version of DOMPurify, which allows attackers to manipulate object properties in JavaScript, potentially causing unintended behavior in applications...
SQL Injection
funadmin/funadmin is vulnerable to SQL Injection. The vulnerability is due to improper handling of the selectFields parameter in the index method of \backend\controller\auth\Auth.php, which allows an attacker to manipulate database queries...
Access Control Bypass
github.com/cilium/cilium is vulnerable to Access Control Bypass. The vulnerability is due to conflicting policy rules that allow a broader prefix denial rule to be ignored in favor of a narrower prefix rule when configurations such as enableDefaultDeny: false or toEntities: all are set. This...
Cross-site Scripting (XSS)
Wildfly is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input handling in the Wildfly deployment system, allowing an attacker or insider to deploy a malicious payload that could trigger undesired behavior on the server...
Improper Input Validation
Nginx UI is vulnerable to Improper Input Validation. The vulnerability is due to improper input validation when configuring logrotate, where unverified input is directly passed to exec.Command, allowing arbitrary command execution...
Directory Traversal
Nginx UI is vulnerable to Directory Traversal. The vulnerability is due to a controllable log path which, when combined with directory traversal at /api/configs, allows reading of directories and file contents on the server...
Memory Consumption
opcfoundation.netstandard.opc.ua is vulnerable to a Memory Consumption. The vulnerability is due to insufficient safeguards in the OPC UA .NET Standard Stack that fail to limit memory consumption during certain operations, allowing an attacker to trigger a rapid increase in memory usage, which ma...
Server Performance Degradation
OPCFoundation/UA-.NETStandard is vulnerable to Server Performance Degradation. The vulnerability is due to improper handling of requests with invalid credentials, which allows a remote attacker to degrade server performance gradually...
Denial Of Service (DoS)
MessagePack is vulnerable to a Denial Of Service DoS. This vulnerability is due to hash collisions triggered by specially crafted data, which allows an attacker to cause excessive CPU consumption during deserialization of untrusted data. A workaround involves creating a custom hash function by...
Ununauthorized Root Access
github.com/kubernetes-sigs/image-builder is vulnerable to Unauthorized Root Access. The vulnerability is due to default credentials being enabled during the image build process with the Nutanix, OVA, QEMU, or raw providers, which could allow attackers to gain root access if they reach the VM wher...
Unauthorized Root Access
github.com/kubernetes-sigs/image-builder is vulnerable to Unauthorized Root Access. The vulnerability is due to default credentials being enabled during the image build process with the Nutanix, OVA, QEMU, or raw providers, which allows an attacker to gain root access if they reach the VM where t...
Denial Of Service (DoS)
org.eclipse.jetty, jetty-servlets is vulnerable to Denial Of Service DoS. The vulnerability is due to the exploitation of Jetty's DosFilter, which allows attackers to send crafted requests that trigger OutOfMemory errors...
Directory Traversal
github.com/0xJacky/Nginx-UI is vulnerable to Directory Traversal. The vulnerability is due to insufficient verification of values from the JSON field, allowing the construction of values in the form of ../../, which can lead to arbitrary file writing...
Permissive Regular Expression
github.com/facebookincubator/tacquito is vulnerable to Permissive Regular Expression. The vulnerability is due to permissive regex matching where the system matches sub-strings instead of the entire string for authorized commands and arguments. This could allow unauthorized commands to be execute...
Directory Traversal
@vendure/asset-server-plugin is vulnerable to Directory Traversal. The vulnerability is due to improper validation in Vendure's asset server plugin, which allows an attacker to craft requests that traverse the server file system, retrieving arbitrary files including sensitive data and crashing th...