38467 matches found
Mass Assignment
Flowise is vulnerable to Mass Assignment. The vulnerability is due to missing server-side validation and authorization checks in the assistant update endpoint, which allows an authenticated attacker to manipulate server-controlled properties such as workspaceId and reassign assistants to arbitrar...
OS Command Injection
github.com/kubeai-project/kubeai is vulnerable to OS Command Injection. The vulnerability is due to the ollamaStartupProbeScript function constructing a shell command with unsanitized model URL components ref and modelParam and executing it via bash -c, which allows an attacker with permission to...
Improper Access Control
github.com/distribution/distribution is vulnerable to Improper Access Control. The vulnerability is due to stale repository-scoped blob membership data remaining after a blob deletion when Redis blob descriptor caching and delete functionality are enabled, which allows an attacker to regain...
Server-Side Request Forgery (SSRF)
FrontMCP is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to unsafe dereferencing of $ref pointers in OpenAPI specifications without URL restrictions, which allows an attacker to trigger requests to internal network resources or read local files through malicious OpenAP...
Arbitrary File Read
github.com/hahwul/dalfox/v2 is vulnerable to Arbitrary File Read. The vulnerability is due to unsafe deserialization of the attacker-controlled custom-payload-file parameter in REST API server mode, which allows an unauthenticated attacker to read arbitrary files accessible to the dalfox process...
Denial Of Service (DoS)
github.com/gofiber/fiber is vulnerable to Denial Of Service DoS. The vulnerability is due to unvalidated MsgPack deserialization of the fiberflash cookie, which allows an unauthenticated attacker to supply a crafted cookie value that triggers excessive memory allocation, resulting in a...
Improper Input Validation
mppx is vulnerable to improper input validation. The vulnerability is due to improper validation in the cooperative close handler, where the close voucher amount was checked using “” instead of “=” against the on-chain settled amount, which allows an attacker to submit a close voucher equal to th...
Path Traversal
zrok is vulnerable to Path Traversal. The vulnerability is due to failure to prevent symlink traversal in the WebDAV drive backend, which allows a remote attacker to access symbolic links pointing outside the shared root and read or, where permitted, modify arbitrary files on the host filesystem...
Improper Restriction Of Outbound Network Requests (SSRF)
Flowise is vulnerable to improper restriction of outbound network requests SSRF. The vulnerability is due to multiple tool implementations directly importing and invoking raw HTTP clients instead of using the secured wrapper, which allows an attacker to perform unauthorized server-side requests...
Denial Of Service (DoS)
github.com/go-jose/go-jose is vulnerable to Denial Of Service DoS. The vulnerability is due to improper validation of JWE objects during decryption when the alg field indicates a key wrapping algorithm and the encryptedkey field is empty, which allows an attacker to trigger a runtime panic via...
Arbitrary File Write
github.com/hahwul/dalfox/v2 is vulnerable to Arbitrary File Write. The vulnerability is due to unsafe deserialization of attacker-controlled logging configuration fields in REST API server mode, which allows an unauthenticated attacker to supply arbitrary file paths that are then used by the...
Information Disclosure
strapi/strapi is vulnerable to information disclosure. The vulnerability is due to insufficient sanitization of relational query parameters in the where filter, which allows an unauthenticated attacker to perform a boolean-oracle attack against restricted adminusers table fields and potentially...
Missing Authorization
github.com/minio/minio is vulnerable to IMissing Authorization. The vulnerability is due to insufficient validation of user-supplied X-Minio-Replication- headers in the extractMetadataFromMime function, which allows an authenticated attacker with s3:PutObject permissions to inject internal...
Server-Side Request Forgery (SSRF)
n8n-mcp is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of webhook trigger tools, the n8n API client N8NAPIURL, and per-request URLs supplied through the x-n8n-url header in multi-tenant HTTP mode, which allows an authenticated attacker to send...
Improper Authorization
Flowise is vulnerable to Improper Authorization. The vulnerability is due to missing authentication and permission checks on the OpenAI Assistants Vector Store CRUD endpoints, which allows an attacker with API key access to perform unauthorized operations on vector store resources...
Remote Code Execution (RCE)
@nocobase/plugin-workflow-javascript is vulnerable to Remote Code Execution. The vulnerability is due to improper sandbox isolation in the Workflow Script Node, where the exposed console object allows access to host-realm WritableWorkerStdio stream objects via console.stdout and console.stderr,...
Server-Side Request Forgery (SSRF)
monetr is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of user-supplied URLs in the Lunch Flow integration, which allows an authenticated attacker to force the monetr server to send HTTP GET requests to arbitrary destinations and potentially...
Server-Side Request Forgery
magicmirror is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation in the /cors endpoint, allowing unauthenticated attackers to force the server to make arbitrary HTTP requests to internal or external services, while environment variable expansion...
Integrity Check Bypass
Striae is vulnerable to Integrity Check Bypass. The vulnerability is due to reliance on hash-only validation in the digital confirmation workflow, where attackers could modify both package contents and corresponding manifest hash fields, allowing tampered confirmation packages to pass integrity...
Sandbox Bypass
OpenClaude is vulnerable to Improper Access Control. The vulnerability is due to a logic flaw in bashToolHasPermission within src/tools/BashTool/bashPermissions.ts, where the sandbox auto-allow path returns success before checkPathConstraints is evaluated, allowing attackers to use path traversal...
Path Traversal
OpenClaw is vulnerable to Path Traversal. The vulnerability is due to insufficient path validation in isLikelyLocalPath and isValidMedia, where attackers can exploit incomplete checks and the allowBareFilename bypass to access files outside the intended sandbox, leading to disclosure of sensitive...
Authorization Bypass
StudioCMS is vulnerable to Improper Access Control. The vulnerability is due to missing await handling for the asynchronous isAuthorized function in the S3 storage manager, where authorization checks in the POST and PUT handlers always evaluate as successful because unresolved Promise objects are...
Arbitrary Code Execution
GitHub Copilot CLI is vulnerable to Command Injection. The vulnerability is due to improper safety assessment of shell commands in the shell tool, where dangerous Bash parameter expansion patterns such as $var@P, $!var, $var:=value, and nested $cmd expressions are incorrectly classified as...
Improper Handling Of The HTTP Connection Header
@fastify/reply-from and @fastify/http-proxy are vulnerable to Improper Handling of the HTTP Connection Header. The vulnerability is due to processing the client-supplied Connection header after proxy-added headers have been inserted, which allows an attacker to selectively remove security, routin...
Cryptographic Failure
electerm is vulnerable to Cryptographic Failure. The vulnerability is due to the use of deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC for synced bookmark/profile data, which allows an attacker to crack common passwords across installations and perform undetected...
Code Injection
claude-code-cache-fix is vulnerable to code injection. The vulnerability is due to tools/quota-statusline.sh directly interpolating Claude Code hook stdin payloads into a Python triple-quoted string literal without proper sanitization, which allows an attacker to inject a ''' sequence and execute...
Command Injection
mcp-server-semgrep is vulnerable to Command Injection. The vulnerability is due to improper sanitization of the ID argument in multiple MCP interface functions, which allows an attacker to inject and execute arbitrary OS commands remotely...
Arbitrary Code Execution
GitHub Copilot CLI is vulnerable to Arbitrary Code Execution. The vulnerability is due to unsafe handling of Git repository configuration during repository discovery, where a malicious nested bare Git repository can define executable configuration options that are automatically invoked during Git...
OS Command Injection
@siteboon/claude-code-ui is vulnerable to OS Command Injection. The vulnerability is due to the use of execAsync with string interpolation of user-controlled Git parameters such as file, branch, message, and commit, which allows an authenticated attacker to execute arbitrary OS commands...
Improper Authorization
@fastify/express is vulnerable to Improper Authorization. The vulnerability is due to inconsistent URL normalization between Fastify and Express middleware, which allows an unauthenticated attacker to manipulate URL paths using duplicate slashes or semicolon delimiters to bypass path-based...
Command Injection
Godot MCP is vulnerable to Command Injection. The vulnerability is due to passing user-controlled input directly to exec without sanitization, which allows an attacker to inject shell commands and achieve remote code execution...
Improperly Controlled Modification Of Dynamically-Determined Object Attributes
Flowise is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes. The vulnerability is due to missing server-side validation and authorization checks in the variable update endpoint, which allows an authenticated attacker to modify server-controlled properti...
Privilege Escalation
OpenClaw is vulnerable to privilege escalation. The vulnerability is due to improper authorization in the node reconnection process, which allows an attacker using a previously paired node to bypass re-pairing authentication and execute privileged commands on the local assistant system...
Local Code Execution
electerm is vulnerable to Local Code Execution. The vulnerability is due to insufficient validation of messages received over the single-instance IPC socket/pipe, where any process running under the same user can send crafted JSON payloads to create tabs and spawn attacker-controlled local...
Use After Free
Electron is vulnerable to Use After Free. The vulnerability is due to improper handling of child windows in offscreen rendering mode after the parent WebContents is destroyed, which allows an attacker to trigger memory corruption or application crashes through crafted child window interactions...
Privilege Escalation
OpenClaw is vulnerable to Privilege Escalation. The vulnerability is due to improper permission enforcement in the gateway plugin HTTP authentication mechanism, where operator.read requests are incorrectly granted operator.write runtime permissions, allowing attackers to perform unauthorized writ...
Information Disclosure
Zabbix is vulnerable to an information disclosure. The vulnerability is due to the reuse of JavaScript Duktape contexts in Zabbix Server/Proxy, which allows a regular non-super administrator to leak sensitive data from hosts they are not authorized to access through shared global JavaScript...
Improper Input Validation
zabbix is vulnerable to Improper Input Validation. The vulnerability is due to improper regex validation running in multiline mode, which allows an authenticated attacker to bypass ^ and $ anchor checks using injected newline characters and execute shell command injection...
Blind SQL Injection
Zabbix is vulnerable to blind SQL injection. The vulnerability is due to improper sanitization of the sortfield parameter in include/classes/api/CApiService.php, which allows a low-privileged user with API access to execute arbitrary SQL select queries and exfiltrate database data through...
Incorrect Authorization
Clerk is vulnerable to Incorrect Authorization. The vulnerability is due to improper request matching in createRouteMatcher, which allows an attacker to craft requests that bypass middleware protection and access downstream handlers...
Improper Neutralization Of Special Elements In Data Query Logic
Dgraph is vulnerable to Improper Neutralization of Special Elements in Data Query Logic. The vulnerability is due to improper sanitization of the user-controlled cond field in upsert mutations, which allows an attacker to inject arbitrary DQL query blocks and gain unauthorized read access to...
Path Traversal
github.com/dgraph-io/dgraph is vulnerable to Path Traversal. The vulnerability is due to improper validation of the dagRunId request field passed into filepath.Join, which allows an attacker to exploit directory traversal using values such as .. and trigger unintended deletion of system temporary...
Information Exposure
Dgraph is vulnerable to Information Exposure. The vulnerability is due to exposure of process command-line arguments through the unauthenticated /debug/vars endpoint, which allows an attacker to obtain sensitive admin tokens and gain unauthorized access to admin-only endpoints...
Path Traversal
github.com/charmbracelet/wish is vulnerable to Path Traversal. The vulnerability is due to improper validation of SCP filenames containing traversal sequences, which allows an attacker to read, write, or create files and directories outside the configured root directory...
Improper Network Access Control
github.com/ctfer-io/fullchain is vulnerable to improper network access control. The vulnerability is due to a misconfigured inter-namespace NetworkPolicy, which allows a malicious actor to pivot from a compromised application to Pods outside the original namespace...
Cross-Site Scripting (XSS)
github.com/siyuan-note/siyuan is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to incomplete SVG sanitization and improper handling of user-controlled input in the /api/icon/getDynamicIcon endpoint, which allows an attacker to inject malicious SVG content and execute JavaScript...
Authentication Bypass
Milvus is vulnerable to Authentication Bypass. The vulnerability is due to unauthenticated exposure of the management port 9091 and use of a weak predictable token for the /expr debug endpoint, allowing attackers to access REST API operations, execute arbitrary expressions, and perform unauthoriz...
Authentication Bypass
Unity Catalog is vulnerable to Authentication Bypass. The vulnerability is due to improper validation of the iss claim in JWT tokens, where the token exchange endpoint dynamically fetches JWKS data based on attacker-controlled issuer values without verifying trusted identity providers, allowing...
Improper Authentication
github.com/openbao/openbao is vulnerable to improper authentication. The vulnerability is due to missing user confirmation during JWT/OIDC authentication when using callbackmode=direct, which allows an attacker to initiate a malicious authentication request and trick a victim into automatically...
Memory-Safety Vulnerability
GitHub repository github.com/jackc/pgx/v5 is vulnerable to a memory-safety vulnerability. The vulnerability is due to improper memory handling within the library, which allows an attacker to exploit memory corruption conditions and potentially cause application crashes, denial of service, or...