Regular Expression Denial Of Service (ReDoS)

Action Mailer is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to the blockformat helper taking an unexpected amount of time when processing carefully crafted text, potentially resulting in a DoS condition...

Regular Expression Denial Of Service (ReDoS)

Action Text is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to the way the plaintextforblockquotenode helper processes specific text inputs, leading to a scenario where the processing time can grow unexpectedly long, ultimately resulting in a Denial of Servic...

Regular Expression Denial Of Service (ReDoS)

Action Pack is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to inefficient regular expression handling in Action Controller's HTTP Token authentication, which can be triggered by a carefully crafted header, causing significant delays in header parsing...

Improper Authentication

matrix-js-sdk is vulnerable to Improper Authentication. The vulnerability is due to the method sendSharedHistoryKeys sends historical message keys to all devices of an invited user without checking if the user's cryptographic identity is verified or if the devices are signed by that identity,...

Regular Expression Denial Of Service (ReDoS)

Action Pack is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to the improper handling of regular expressions in the query parameter filtering routines, allowing attackers to craft input that significantly delays processing and potentially leads to a Denial of...

Cross-site Scripting (XSS)

markdown-to-jsx is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization, where an attacker can execute arbitrary code by injecting a malicious iframe element via the src property in the markdown...

Denial Of Service (DoS)

github.com/gomarkdown/markdown is vulnerable to Denial Of Service DoS. The vulnerability is due to a logical problem in the paragraph function of the parser/block.go file, which allows a remote attacker to cause an infinite loop by providing specially crafted input, resulting in the program hangi...

Unauthorized Access

org.sakaiproject.kernel, sakai-kernel-impl is vulnerable to Unauthorized access. The vulnerability is due to improper access control mechanisms that allow kernel users with type roleview to log in as normal users, allowing attackers to gain unauthorized access to the system...

Cross-site Request Forgery (CSRF) Bypass

hono is vulnerable to Cross-site Request Forgery CSRF Bypass. The vulnerability is due to Hono treating requests without a Content-Type header as safe, allowing attackers to bypass CSRF protection...

Directory Traversal

redaxo/source is vulnerable to Directory traversal. The vulnerability is due to insufficient validation of user input in the component /index.php?page=backup/export, allowing malicious actors to craft requests that traverse the file system and access unauthorized files and directories...

Authentication Bypass

org.apache.solr, solr-core is vulnerable to Authentication Bypass. The vulnerability is due to the PKIAuthenticationPlugin improperly handling fake endings in the Solr API URL path, allowing requests to bypass authentication...

Insecure Default Initialization Of Resource

org.apache.solr, solr-core is vulnerable to Insecure Default Initialization of Resource. The vulnerability is due to the failure to set the "trusted" metadata when ConfigSets are created via a Restore command from a backup, allowing unauthorized ConfigSets to be trusted and potentially load custo...

Unsafe Deserialization

admidio/admidio is vulnerable to an Unsafe Deserialization. The vulnerability is due to improper handling of user input during the deserialization process. Specifically, it occurs when the application does not adequately validate or sanitize serialized data before converting it back into objects...

Key Injection

matrix-react-sdk is vulnerable to Key Injection. The vulnerability is due to the SDK sharing historical message keys on invite, allowing a malicious homeserver to inject a malicious device and steal message keys when a user invites another user to a room...

Denial Of Service (DoS)

Starlette is vulnerable to Denial of Service DoS. The vulnerability is due to the way Starlette handles multipart/form-data parts without a filename. Specifically, these parts are treated as text form fields and buffered in byte strings without any size limits, allowing for arbitrary large upload...

Improper Verification Of Cryptographic Signature

elliptic is vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is due to improper handling of the truncateToN function, which fails to correctly verify signatures when the hash contains at least four leading zero bytes and the elliptic curve's base point order is...

Improper Access Control

github.com/landlock-lsm/go-landlock is vulnerable to Improper Access Control. The vulnerability is due to the incorrect handling of TCP bind and connect operations in the BestEffort mode. An attacker can bypass intended networking through landlock.V4, landlock.V5, or self-configured restrictions ...

Remote Code Execution (RCE)

jsonpath-plus is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper input sanitization, allowing an attacker to execute arbitrary code on the system by exploiting the unsafe default usage of vm in Node...

Open Redirect

org.keycloak, keycloak-services is vulnerable vulnerable to Open Redirect. The vulnerability is due to a misconfiguration flaw in the validation of redirect URIs. An attacker can redirect users to an arbitrary URL and potentially expose sensitive information such as authorization codes, leading t...

Session Fixation

org.keycloak:keycloak-services is vulnerable to Session Fixation. The vulnerability is due to the session ID and JSESSIONID cookie not being changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured, allowing an attacker to hijack the session before authentication...

Improper Expiration Of OTP Codes

org.keycloak:keycloak-core is vulnerable to Improper Expiration of OTP Codes. The vulnerability is due to the improper handling of OTP expiration in the FreeOTP implementation, where expired OTP codes remain usable for an additional 30 seconds, allowing them to be valid for a total of 1 minute...

Denial Of Service (DoS)

org.eclipse.jetty:jetty-servlets is vulnerable to Denial Of Service DoS. The vulnerability is due to unauthenticated users being able to exhaust the server's memory, leading to a crash...

Improper Authorization

org.apache.activemq:artemis-cli is vulnerable to Improper Authorization. The vulnerability is due to exposure of the Log4J2 MBean through the authenticated Jolokia endpoint, allowing authenticated attackers to write arbitrary files to the filesystem...

Improper Verification Of Cryptographic Signature

org.keycloak, keycloak-saml-core is vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is due to flawed logic in the XMLSignatureUtil class's signature validation method, which fails to properly assess the scope of the SAML signature, allowing an attacker to create...

Denial Of Service (DoS)

Next.js is vulnerable to a Denial of Service DoS. The vulnerability is due to improper handling of image optimization, allowing for excessive resource consumption that can lead to a Denial of Service DoS attack...

Remote Denial Of Service (DoS)

org.eclipse.jetty, jetty-server is vulnerable to a Remote Denial-of-Service DoS. The vulnerability is due to the ThreadLimitHandler.getRemote method, which allows unauthorized users to send crafted requests that trigger OutOfMemory errors and exhaust the server's memory...

Privilege Escalation

OpenCanary is vulnerable to Privilege Escalation. The vulnerability is due to the config file being stored in an unprivileged user directory, allowing an unprivileged user to modify it and escalate permissions when the root user later runs the daemon...

Privilege Escalation

github.com/authzed/spicedb is vulnerable to Privilege Escalation. The vulnerability is due to a bug in the LookupResources2 feature, where requests with caveats in the evaluation path may return a CONDITIONAL permissionship with missing context, even when the context was provided...

Improper Validation Of Syntactic Correctness Of Input

org.eclipse.jetty:jetty-server is vulnerable to Improper Validation of Syntactic Correctness of Input via the HttpURI class. The vulnerability is due to insufficient validation on the authority segment of a URI. An attacker can manipulate the URI parsing to redirect requests or initiate server-si...

Directory Traversal

github.com/codeclysm/extract is vulnerable to directory traversal. The vulnerability is due to insufficient validation of file paths within the archive, allowing a maliciously crafted archive to create symbolic links that point outside the intended extraction directory...

Improper Access Control

magento/community-edition is vulnerable to an Improper Access Control. The vulnerability is due to improper access control in Adobe Commerce, which fails to properly enforce restrictions on certain actions, allowing unauthorized users to bypass security measures...

Information Exposure

magento/community-edition is vulnerable to Information Exposure. The vulnerability is due to insufficient security measures that allow an admin attacker to bypass protections intended to safeguard confidential information...

Improper Authorization

magento/community-edition is vulnerable to Improper Authorization. The vulnerability is due to improper authorization mechanisms in the affected versions of Adobe Commerce, allows attackers to exploit security features that should restrict access based on user privileges...

Remote Code Execution (RCE)

snipe/snipe-it is vulnerable to Remote Code Execution RCE. The vulnerability is due to the deserialization of untrusted data in the cookie-handling process, allows an attacker can execute arbitrary code on the server by exploiting the APPKEY, especially if it is set to a default value as found in...

Directory Traversal

lollms repository is vulnerable to Directory Traversal. The vulnerability is due to improper path sanitization in the lollmsfilesystem.py file, allowing attackers to perform vectorize operations on .sqlite files in any directory, potentially leading to package installation and crashes...

Path Traversal

Lollms is vulnerable to a path traversal vulnerability. The vulnerability is due to improper validation of file paths in the lollmsfilesystem.py file, where functions like addragdatabase, togglemountragdatabase, and vectorizefolder lack necessary security measures, allowing attackers to access an...

Remote Code Execution (RCE)

angular-base64-upload is vulnerable to Remote Code Execution RCE. The vulnerability is due to a lack of proper access controls in demo/server.php, allowing attackers to upload arbitrary content, which can then be executed from demo/uploads...

Remote Code Execution (RCE)

.NET and Visual Studio is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling and validation of input or components, which allows an attacker to execute arbitrary code remotely by crafting malicious inputs or exploiting affected features...

Server Side Request Forgery (SSRF)

Gitea and Gogs are vulnerable to Server Side Request Forgery SSRF. The vulnerability is due to insufficient input sanitization or filtering of webhook URLs, which allows attackers to send malicious requests that exploit the SSRF flaw and gain access to internal services...

Denial Of Service (DoS)

github.com/mattermost/mattermost-server is vulnerable to Denial Of Service DoS. The vulnerability is due to improper memory management in the image proxy component, which allows an attacker to allocate excessive memory for multiple copies of proxied images without adequately handling large file...

Untitled

org.pac4j:pac4j-core is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to the handling of serialized Java objects inside the InternalAttributeHandlerprepare method. An attacker can execute arbitrary code by providing a specially crafted attribute that contains a...

Network Policy Bypass

github.com/cilium/cilium is vulnerable to Network Policy Bypass. The vulnerability is due to the inherent design of ICMP traffic handling in conjunction with specific network policy settings in Cilium, allows ICMP Echo Requests to bypass intended restrictions...

Race Condition

Gradio is vulnerable to a Race Condition. The vulnerability is due to improper handling of the updaterootinconfig function, allowing an attacker to modify the root URL and redirect traffic to a malicious server...

Directory Traversal

Gradio is vulnerable to Directory Traversal. The vulnerability is due to improper file path handling in the /customcomponent endpoint, allowing attackers to access source code from custom components by manipulating the file path...

Origin Validation Error

gradio is vulnerable to Origin Validation Error. The vulnerability is due to the CustomCORSMiddleware class. An attacker can make unauthorized requests and potentially access sensitive data...

Improper Verification Of Cryptographic Signature

elliptic is vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is due to improper range validation of the S value in the verify function, allowing the usage of an invalid signature...

Arbitrary File Overwrite

github.com/fkie-cad/yapscan is vulnerable to Arbitrary File Overwrite. The vulnerability is due to lack of client authentication and improper server permissions, allowing an attacker to forge requests that overwrite arbitrary files on the host system, potentially leading to data loss...

Server Side Request Forgery (SSRF)

github.com/gophish/gophish is vulnerable to Server Side Request Forgery SSRF. The vulnerability is due to improper validation of external resource requests, allowing an attacker to send crafted requests to internal services...

Transaction Replay Attack

github.com/cosmos/ethermint is vulnerable to Transaction Replay Attack. The vulnerability is due to a flaw in the EVM module where, if the victim sends a very large nonce transaction, the attacker can replay the transaction through the application...

Directory Traversal

Gradio is vulnerable to a Directory Traversal. The vulnerability is due to improper path validation in the isinorequal function, which can be bypassed using .. parent directory sequences, allowing attackers to potentially access restricted files...