Lucene search
K
VeracodeRecent

38326 matches found

Veracode
Veracode
•added 2024/11/28 9:21 a.m.•7 views

Insufficient Access Control

Moodle is vulnerable to Insufficient Access Control. The vulnerability is due to inadequate permission enforcement, allowing users to delete audiences from reports they are not authorized to modify...

6.5CVSS6.5AI score0.00284EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/11/28 8:59 a.m.•8 views

XML External Entity (XXE)

phpoffice/phpexcel is vulnerable to an XXE XML External Entity. The vulnerability is due to improper parsing of XML data, which allows attackers to inject external entities and potentially access sensitive files or execute malicious code...

7.1AI score0.00471EPSS
Exploits0
Veracode
Veracode
•added 2024/11/28 8:55 a.m.•6 views

Improper Authorization

Moodle is vulnerable to Improper Authorization. The vulnerability is due to inadequate permission checks, allowing users to edit or delete RSS feeds they are not authorized to modify...

6.5CVSS6.5AI score0.00284EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/11/27 4:19 p.m.•5 views

Authentication Bypass

Apache ZooKeeper is vulnerable to Authentication Bypass. The vulnerability is due to weak client IP address validation in IPAuthenticationProvider, where the Admin Server trusts the X-Forwarded-For HTTP header by default, allowing attackers to spoof their IP address and bypass IP-based...

9.1CVSS7.5AI score0.00924EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/11/25 6:50 p.m.•12 views

Denial Of Service (DoS)

litestar is vulnerable to Denial of Service DoS. The vulnerability is due to the multipart form parser, which expects the entire request body as a single byte string without a default size limit, allowing attackers to cause excessive memory consumption by uploading arbitrarily large files...

8.2CVSS6.6AI score0.00756EPSS
Exploits1References6Affected Software2
Veracode
Veracode
•added 2024/11/25 5:8 p.m.•10 views

Directory Traversal

statamic/cms is vulnerable to Directory Traversal. The vulnerability is due to improperly handled filenames in asset uploads, which could allow files to be placed in unintended locations on the server, potentially overriding existing files...

5.3CVSS6.6AI score0.00561EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2024/11/25 11:2 a.m.•9 views

Cross-Site Scripting (XSS)

librenms/librenms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input validation and sanitization of the "name" parameter, allowing malicious JavaScript to be stored and executed in other users' sessions...

5.4CVSS5.9AI score0.36747EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2024/11/25 11:1 a.m.•11 views

Cross-Site Scripting (XSS)

librenms/librenms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation of the "hostname" parameter on the "Capture Debug Information" page, allowing authenticated users to inject arbitrary JavaScript...

5.4CVSS6AI score0.00381EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2024/11/25 10:57 a.m.•15 views

Reflected Cross-site Scripting (XSS)

librenms/librenms is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization in the "reportthis" function, allowing attackers to inject and execute arbitrary JavaScript code via the "section" parameter of the "logs" tab...

5.4CVSS6.6AI score0.00387EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2024/11/25 10:51 a.m.•7 views

Cross-site Scripting (XSS)

redaxo/source is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of data in the mediapool feature, allowing a remote attacker to escalate privileges...

5.4CVSS6.5AI score0.00633EPSS
Exploits1References7Affected Software1
Veracode
Veracode
•added 2024/11/25 9:58 a.m.•12 views

SQL Injection

github.com/devtron-labs/devtron is vulnerable to SQL Injection. The vulnerability is due to insufficient sanitization of user inputs in the CreateUser API /orchestrator/user, allowing authenticated users with minimal permissions to execute malicious SQL queries...

8.8CVSS7.2AI score0.00748EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2024/11/25 7:4 a.m.•16 views

Cross-site Scripting (XSS)

lxmlhtmlclean is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of context-switching for special HTML tags such as , , and by the HTML parser in versions prior to 0.4.0, allowing malicious scripts to bypass the cleaning process...

7.7CVSS6.4AI score0.00472EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2024/11/25 6:59 a.m.•8 views

Out-of-bounds Read

libsndfile.so is vulnerable to Out-of-bounds Read. The vulnerability is due to improper handling of the vorbisanalysiswrote function in the oggvorbis.c file, which fails to validate input data, allowing an attacker to craft a malicious Vorbis file that triggers the out-of-bounds read when process...

5.5CVSS6.4AI score0.00308EPSS
Exploits1References3Affected Software2
Veracode
Veracode
•added 2024/11/25 6:16 a.m.•12 views

Improper Privilege Management

Apache Kafka Clients is vulnerable to Improper Privilege Management. The vulnerability is due to ConfigProvider plugins, including FileConfigProvider, DirectoryConfigProvider, and EnvVarConfigProvider, allowing untrusted users to read arbitrary files or environment variables, potentially leading ...

6.5CVSS6.9AI score0.01129EPSS
Exploits0References7Affected Software1
Veracode
Veracode
•added 2024/11/25 6:9 a.m.•7 views

Reachable Assertion

libsndfile.so is vulnerable to Reachable Assertion. The vulnerability is due to improper handling of certain inputs or conditions in the mpegl3encoderclose function, which allows an attacker to craft specific inputs that trigger the assertion failure, potentially causing the application to crash...

6.5CVSS6.6AI score0.00513EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2024/11/25 5:28 a.m.•9 views

Path Traversal

net.sf.mpxj, mpxj is vulnerable to Path Traversal. The vulnerability is due to an incomplete patch for CVE-2020-35460, which still allows the construction of malicious paths to write files to arbitrary locations...

5.3CVSS6.8AI score0.01758EPSS
Exploits0References3Affected Software5
Veracode
Veracode
•added 2024/11/24 6:30 p.m.•19 views

Remote Code Execution (RCE)

7-Zip is vulnerable to remote code execution RCE. The vulnerability is due to improper validation of user-supplied data in the Zstandard decompression implementation, causing an integer underflow that allows attackers to execute arbitrary code in the context of the current process...

7.8CVSS8.5AI score0.21985EPSS
Exploits1References5Affected Software4
Veracode
Veracode
•added 2024/11/23 3:57 p.m.•5 views

Cross-Site Scripting

Deluge Web-UI is vulnerable to a Cross-Site Scripting. The vulnerability is due to improper sanitization of data from torrent files, where crafted torrent metadata is rendered directly as HTML, allowing attackers to execute arbitrary JavaScript in the user’s browser when a malicious torrent file ...

6.1CVSS6.5AI score0.00736EPSS
Exploits1References8Affected Software1
Veracode
Veracode
•added 2024/11/22 10:4 a.m.•8 views

HTML Injection

org.hibernate.validator, hibernate-validator is vulnerable to HTML Injection. The vulnerability is due to improper validation in the 'isValid' method of the SafeHtmlValidator class, where the tag ending can be omitted by using a less-than character, allowing invalid HTML to be rendered...

6.1CVSS6.3AI score0.00452EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/11/22 8:3 a.m.•13 views

Cross-Site Scripting (XSS)

unopim/unopim is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input validation in the Create User function, allowing attackers to exploit an SVG document to steal cookies...

5.4CVSS6.2AI score0.0037EPSS
Exploits1References5Affected Software1
Veracode
Veracode
•added 2024/11/22 7:51 a.m.•6 views

Unauthorized Method Execution

twig/twig is vulnerable to unauthorized method execution. The vulnerability is due to improper enforcement of security policies in Twig's sandbox environment, which allows the toString method to be called on objects when they are part of arrays or argument lists, even if the method is disallowed ...

2.2CVSS6.9AI score0.0044EPSS
Exploits0References6Affected Software2
Veracode
Veracode
•added 2024/11/22 7:33 a.m.•7 views

Improper Attribute Access

twig/twig is vulnerable to improper attribute access. The vulnerability is due to insufficient security checks via the property policy and the isset method on Array-like objects, allowing attackers to bypass the sandbox's security policy and access restricted attributes...

2.2CVSS6.8AI score0.00414EPSS
Exploits0References4Affected Software2
Veracode
Veracode
•added 2024/11/22 6:59 a.m.•13 views

Improper Authentication

Cobbler is vulnerable to Improper Authentication. The vulnerability is due to the utils.getsharedsecret function always returning -1, allowing unauthorized users with network access to authenticate as a user with full control of the server...

9.8CVSS6.6AI score0.03948EPSS
Exploits6References4Affected Software1
Veracode
Veracode
•added 2024/11/22 6:44 a.m.•6 views

Sensitive Information Exposure

org.graylog:graylog-parent is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper handling of concurrent report rendering requests, where a shared headless browser instance may return the report of one user to another, potentially exposing sensitive data...

7.1CVSS6.5AI score0.00624EPSS
Exploits1References5Affected Software1
Veracode
Veracode
•added 2024/11/22 6:29 a.m.•8 views

Memory Leakage

aiohttp is vulnerable to Memory Leakage. The vulnerability is due to improper handling of MatchInfoError, where each error creates a unique cache entry, allowing an attacker to exhaust server memory with numerous requests...

8.7CVSS6.5AI score0.00563EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/11/22 5:59 a.m.•5 views

HTTP Request Smuggling

aiohttp is vulnerable to HTTP Request Smuggling. The vulnerability is due to incorrect parsing of newlines in chunk extensions via the feeddata function by which an attacker can bypass firewall or proxy protections by sending specially crafted requests...

7.5CVSS6.2AI score0.00576EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/11/21 12:29 p.m.•10 views

Cross Site Scripting

org.apache.tomcat, tomcat-jasper is vulnerable to Cross Site Scripting. The vulnerability is due to improper management of the object lifecycle, where objects are not properly reset or disposed of after use...

6.1CVSS6.3AI score0.01676EPSS
Exploits1References8Affected Software1
Veracode
Veracode
•added 2024/11/21 11:55 a.m.•12 views

Incorrect Object Recycling And Re-use

Apache Tomcat is vulnerable to Incorrect object recycling and re-use. The vulnerability is due to flawed object recycling logic in Apache Tomcat's HTTP/2 implementation. Specifically, the request and response objects are not properly cleared or segregated before being reused, allowing data from o...

6.5CVSS6.4AI score0.02008EPSS
Exploits1References7Affected Software2
Veracode
Veracode
•added 2024/11/21 11:34 a.m.•20 views

Authentication Bypass

org.apache.tomcat, tomcat-catalina is vulnerable to Authentication Bypass. The vulnerability exists due to improper exception handling in custom Jakarta Authentication ServerAuthContext components, allowing attackers to bypass authentication and gain unauthorized access...

9.8CVSS7AI score0.06287EPSS
Exploits1References8Affected Software3
Veracode
Veracode
•added 2024/11/21 8:55 a.m.•8 views

Denial Of Service (DoS)

org.springframework, spring-webmvc is vulnerable to Denial of Service DoS. The vulnerability is caused by inefficient handling of large request bodies in controller methods with an @RequestBody byte parameter, which allows an attacker to lead to resource exhaustion...

5.3CVSS6.5AI score0.00729EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/11/21 8:52 a.m.•7 views

Denial Of Service (DoS)

github.com/cometbft/cometbft is vulnerable to Denial Of Service DoS. The vulnerability is due to improper validation of the ValidatorIndex field in Vote messages, where the usual verification is bypassed for Precommit Vote messages with a non-nil BlockID, allowing invalid messages to go unvalidat...

7AI score
Exploits0
Veracode
Veracode
•added 2024/11/21 8:51 a.m.•6 views

Cache Poisoning

libcurl.so is vulnerable to Cache Poisoning. The vulnerability is due to improper handling of HSTS cache entries in curl, where a subdomain’s HSTS expiry time can overwrite the parent domain's cache entry, causing incorrect HTTPS timeout handling. It allows an attacker to trigger insecure HTTP...

6.5CVSS6.3AI score0.0197EPSS
Exploits1References15Affected Software2
Veracode
Veracode
•added 2024/11/21 8:50 a.m.•12 views

Case Insensitive Input Validation

org.springframework, spring-context is vulnerable to Case Insensitive Input Validation. The vulnerability is due to improper handling of case insensitivity in String.toLowerCase, where the fix for making disallowedFields patterns case insensitive inadvertently introduced a risk. This behavior...

5.3CVSS5.5AI score0.00631EPSS
Exploits1References6Affected Software2
Veracode
Veracode
•added 2024/11/21 7:26 a.m.•8 views

Out-of-bounds Access

libarchive.so is vulnerable to Out-of-bounds Access. The vulnerability is due to insufficient bounds checking in the executefilteraudio function within archivereadsupportformatrar.c, which allows the src pointer to move beyond the dst pointer when processing crafted archive files...

7.8CVSS6.5AI score0.00474EPSS
Exploits1References8Affected Software1
Veracode
Veracode
•added 2024/11/21 6:30 a.m.•12 views

Buffer Underrun

libmbedtls.so is vulnerable to Buffer Underrun. The vulnerability is due to improper memory handling in pkwrite when writing an opaque key pair, allows an attacker to potentially execute arbitrary code or cause a denial of service...

9.8CVSS7.5AI score0.00607EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2024/11/20 3:58 a.m.•8 views

Improper Authorization

symfony/security-bundle is vulnerable to Improper Authorization. The vulnerability is due to the Security::login method not calling the configured userchecker, preventing proper user validation and allowing unauthorized logins...

3.1CVSS6.5AI score0.00318EPSS
Exploits0References5Affected Software2
Veracode
Veracode
•added 2024/11/20 3:48 a.m.•18 views

Local File Inclusion (LFI)

symfony/runtime is vulnerable to Local File Inclusion LFI. The vulnerability is due to improper handling of the argv values in non-SAPI PHP runtimes, where the registerargvargc directive is set to on, allowing attackers to craft query strings that modify the environment or debug settings used by...

7.3CVSS6.6AI score0.63422EPSS
Exploits0References5Affected Software2
Veracode
Veracode
•added 2024/11/20 3:42 a.m.•8 views

Access Token Leakage

Duende.AccessTokenManagement.OpenIdConnect is vulnerable to access token leakage. The vulnerability is due to improper token isolation within the HTTP client pool, where a refreshed access token is not properly isolated and may be captured by pooled HttpClient instances, allowing an attacker to...

5.4CVSS6.8AI score0.00221EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/11/20 3:42 a.m.•7 views

Improper URI Parsing

symfony/http-foundation is vulnerable to Improper URI Parsing. The vulnerability is due to improper parsing of URIs with special characters by the Request class, which does not align with browser behavior, allowing attackers to exploit validators and redirect users to malicious domains...

6.1CVSS6.5AI score0.00565EPSS
Exploits0References9Affected Software1
Veracode
Veracode
•added 2024/11/20 3:40 a.m.•14 views

Denial Of Service (DoS)

com.thoughtworks.xstream, xstream is vulnerable to a Denial of service DoS. The vulnerability is due to a stack overflow that allows an attacker to manipulate the processed input stream when XStream is configured to use the BinaryStreamDriver...

7.5CVSS6.9AI score0.02015EPSS
Exploits0References6Affected Software2
Veracode
Veracode
•added 2024/11/20 3:38 a.m.•6 views

Incorrect Authorization

github.com/hashicorp/nomad is vulnerable to Incorrect Authorization . The vulnerability is due to insufficient validation of CSI volume writes, which allows unauthorized access to create volumes across namespaces...

7.7CVSS6.5AI score0.00456EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/11/20 3:35 a.m.•10 views

Improper File URI Scheme Validation

changedetection.io is vulnerable to improper file URI scheme validation. The vulnerability is due to a logic flaw in the issafeurl function, which improperly allows the file: scheme and insufficiently restricts access to local file paths when ALLOWFILEURI is set to false or undefined...

8.6CVSS6.4AI score0.00697EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2024/11/19 11:40 a.m.•9 views

Input Validation Bypass

symfony is vulnerable to input Validation Bypass. The vulnerability is caused by improper handling of the $ metacharacter in regular expressions, allowing an attacker to bypass validation with inputs ending in \n...

3.1CVSS6.5AI score0.00465EPSS
Exploits0References6Affected Software2
Veracode
Veracode
•added 2024/11/19 11:39 a.m.•12 views

Command Hijacking

symfony is vulnerable to Command Hijacking. The vulnerability is due to insecure handling of executable files in the current working directory by the Process class, allowing an attacker to execute arbitrary code by placing a malicious cmd.exe file in the directory...

9.8CVSS7.5AI score0.0043EPSS
Exploits0References5Affected Software2
Veracode
Veracode
•added 2024/11/19 9:39 a.m.•8 views

Cross-site Scripting (XSS)

django-cms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper neutralization of input during web page generation, allowing malicious scripts to be injected and executed...

4.8CVSS6.2AI score0.00493EPSS
Exploits1References7Affected Software1
Veracode
Veracode
•added 2024/11/19 8:53 a.m.•3 views

Out-of-bounds Read And Write

libheif.so is vulnerable to Out-of-bounds Read and Write. The vulnerability is due to insufficient validation of image overlay offsets in the ImageOverlay::parse function, allows the decoding process to access memory outside the allocated bounds, leading to out-of-bounds read and write operations...

8.1CVSS6.5AI score0.00825EPSS
Exploits1References6Affected Software1
Veracode
Veracode
•added 2024/11/19 8:41 a.m.•7 views

Cross-site Scripting (XSS)

firebase is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper handling of the "FIREBASEDEFAULTS" cookie, which allows attackers to manipulate the "authTokenSyncURL" field and redirect user session data to a malicious server...

6.1CVSS6.3AI score0.00125EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/11/19 7:54 a.m.•9 views

HTTP Request Smuggling

io.undertow:undertow-core is vulnerable to HTTP Request Smuggling. The vulnerability is due to incorrect parsing of cookies with specific value-delimiting characters, enabling attackers to exfiltrate HttpOnly cookies or spoof additional cookie values...

7.4CVSS6.6AI score0.01117EPSS
Exploits0References12Affected Software1
Veracode
Veracode
•added 2024/11/19 7:30 a.m.•9 views

Race Condition

OpenStack is vulnerable to Race Condition. The vulnerability is due to inadequate validation when deleting non-existent access rules, leading to the removal of unrelated existing access rules that lack application credential associations...

5.5CVSS7AI score0.00493EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2024/11/19 6:54 a.m.•15 views

Remote Code Execution (RCE)

LibVNCserver.so is vulnerable to Remote Code Execution RCE. The vulnerability is due to a heap out-of-bounds write in libvncserver/rfbserver.c, allowing a remote attacker to execute arbitrary code on the system...

9.8CVSS8.8AI score0.03335EPSS
Exploits1References14Affected Software1
Total number of security vulnerabilities38326