38332 matches found
Cross-site Scripting (XSS)
django-cms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper neutralization of input during web page generation, allowing malicious scripts to be injected and executed...
Out-of-bounds Read And Write
libheif.so is vulnerable to Out-of-bounds Read and Write. The vulnerability is due to insufficient validation of image overlay offsets in the ImageOverlay::parse function, allows the decoding process to access memory outside the allocated bounds, leading to out-of-bounds read and write operations...
Cross-site Scripting (XSS)
firebase is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper handling of the "FIREBASEDEFAULTS" cookie, which allows attackers to manipulate the "authTokenSyncURL" field and redirect user session data to a malicious server...
HTTP Request Smuggling
io.undertow:undertow-core is vulnerable to HTTP Request Smuggling. The vulnerability is due to incorrect parsing of cookies with specific value-delimiting characters, enabling attackers to exfiltrate HttpOnly cookies or spoof additional cookie values...
Race Condition
OpenStack is vulnerable to Race Condition. The vulnerability is due to inadequate validation when deleting non-existent access rules, leading to the removal of unrelated existing access rules that lack application credential associations...
Remote Code Execution (RCE)
LibVNCserver.so is vulnerable to Remote Code Execution RCE. The vulnerability is due to a heap out-of-bounds write in libvncserver/rfbserver.c, allowing a remote attacker to execute arbitrary code on the system...
Timing Attack
mudler/LocalAI is vulnerable to Timing Attack. The vulnerability is due to a side-channel attack that exploits variations in response time during cryptographic operations, potentially exposing valid login credentials...
Man-in-the-middle(MitM) Attack
libnbd is vulnerable to a Man-in-the-middleMitM Attack. The vulnerability is due to the client failing to consistently verify the NBD server's certificate when using TLS to connect, which allows an attacker to intercept and manipulate the NBD traffic...
Insecure File Upload
agnai is vulnerable to an Insecure File Upload. The vulnerability is due to insufficient validation of user-uploaded files, allows attackers to choose the location where the files are stored on the server. potentially leading to overwriting existing files or uploading files to unintended...
Arbitrary File Upload
agnai is vulnerable to Arbitrary File Upload. The vulnerability is due to insufficient validation of uploaded files, allowing attackers to place files in attacker-controlled locations on the server, including executable JavaScript files...
Denial Of Service (DoS)
Werkzeug is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of specifically crafted multipart/form-data requests by werkzeug.formparser.MultiPartParser, allowing resource exhaustion and excessive memory allocation...
Privilege Escalation
Rancher Manager is vulnerable to Privilege Escalation. The vulnerability is due to weak Access Control Lists ACL in Rancher Manager deployments containing Windows nodes, allow overly permissive access to sensitive files by BUILTIN\Users or NT AUTHORITY\Authenticated Users...
Improper Input Validation
mudler/LocalAI is vulnerable to Improper Input Validation. The vulnerability is due to improper handling of automatic archive extraction, allowing a 'tarslip' attack to bypass file location restrictions and write files to arbitrary locations on the server...
Cross-site Scripting (XSS)
Lollms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to incomplete filtering in the sanitizesvg function, which fails to account for all potential XSS vectors in uploaded SVG files...
Arbitrary File Read
Gradio is vulnerable to Arbitrary File Read. The vulnerability is due to improper handling of File or UploadButton components, allowing attackers to read arbitrary files from the application server...
Deserialization Of Untrusted Data
Chainer is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to improper handling of deserialization, allowing the execution of arbitrary code...
Server-Side Request Forgery (SSRF)
Gradio is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to the lack of restrictions on URLs in the saveurltocache function, allowing access to local resources and sensitive information...
XML External Entity (XXE)
hapi fhir is vulnerable to XML External Entity XXE. The vulnerability is due to improper handling of XML input. Specifically, the system fails to properly disable or validate external entities within XML documents, allowing attackers to inject malicious XML that can lead to unauthorized data acce...
Information Leakage
symfony/http-client is vulnerable to IP/port enumeration. The vulnerability is due to improper handling of IP filtering in the NoPrivateNetworkHttpClient, which fails to block certain IPs early enough during host resolution, allowing an attacker to enumerate IP addresses and ports, potentially...
XML External Entity (XXE) Injection
org.openimaj, openimaj is vulnerable to XML External Entity XXE injection. The vulnerability is due to improper handling of external entities in XML files. Specifically, the system fails to properly validate or sanitize XML input, allowing attackers to craft malicious XML that can trigger...
Cross-Site Scripting (XSS)
studio-42/elfinder is vulnerable to persistent Cross-site Scripting XSS. The vulnerability is due to a filename restriction bypass, allowing attackers to inject malicious scripts...
Remote Code Execution (RCE)
studio-42/elfinder is vulnerable to Remote Code Execution RCE. The vulnerability is due to the lack of restrictions on uploading files with the .php8 extension, allows an attacker to upload a malicious .php8 file, which can then be executed on the server to gain unauthorized access or execute...
Privilege Escalation
github.com/rclone/rclone is vulnerable to Privilege Escalation. The vulnerability is due to insecure handling of symlinks with the --links and --metadata flags, allows unprivileged users to exploit symlinks to modify the ownership and permissions of target files when copied by a privileged proces...
Unauthorized File Manipulation
ansiblecore is vulnerable to Unauthorized File Manipulation. The vulnerability is due to the user module allowing an unprivileged user with directory traversal permissions to create or replace files on any system path and gain ownership when a privileged user executes the module against the...
Cross-Site Scripting (XSS)
Happy-dom is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation and execution of script tags, which allows arbitrary code to run in the user context of happy-dom...
Authentication Bypass
codechecker is vulnerable to Authentication Bypass. The vulnerability is due to improper URL handling in the API, where the endpoint ending with "/Authentication" fails to properly enforce access controls, allowing unauthorized superuser access to other API endpoints...
Remote Code Execution (RCE)
Langflow is vulnerable to Remote Code Execution RCE. The vulnerability is due to the lack of sandboxing, allowing an attacker to execute arbitrary code on the local machine...
Refresh Token Exposure
@workos-inc/authkit-nextjs is vulnerable to Refresh Token Exposure. The vulnerability is due to improper handling of sensitive data, where refresh tokens are logged to the console if the debug flag, which is disabled by default, is enabled. This allows an attacker with access to the logs to steal...
Code Injection
AgentScope is vulnerable to Code Injection. The vulnerability is due to the eval function in the iscallableexpression function, which executes user-provided commands, allowing potential code injection...
Information Exposure
@workos-inc/authkit-remix is vulnerable to Information Exposure. The vulnerability is due to the debug flag being enabled, which allows an attacker to view refresh tokens logged to the console...
Directory Traversal
github.com/ollama/ollama is vulnerable to Directory Traversal. The vulnerability is due to path traversal in the api/push route, allowing attackers to confirm which files exist on the server...
Sensitive Information Disclosure
github.com/ollama/ollama is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the CreateModel route reflecting "File does not exist" error messages when given a non-existent file path, allowing attackers to confirm file presence on the server...
Denial Of Service (DoS)
github.com/ollama/ollama is vulnerable to Denial-of-Service DoS. The vulnerability is due to the CreateModelHandler function improperly handling the req.Path parameter, which can be set to /dev/random to cause infinite blocking and resource exhaustion...
Improper Authentication
com.baidu.disconf:disconf-core is vulnerable to Improper Authentication. The vulnerability is due to a flaw in the Configuration Center component’s /api/config/list endpoint, which allows remote attackers to bypass authentication...
Incorrect Rekor Entry Selection
github.com/sigstore/gitsign is vulnerable to Incorrect Rekor entry selection. The vulnerability is due to gitsign not correctly handling situations where multiple Rekor entries are returned during online verification, leading it to potentially select the wrong one. It allows an attacker to...
Cross-Site Scripting (XSS)
github.com/j3ssie/osmedeus is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper filtering of file contents when generating reports. The contents of the report files HTML and Markdown are read and used to generate the report, but they are not adequately sanitized, allowi...
Cross-Site Scripting (XSS)
github.com/mudler/localai is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper input validation and inadequate sanitization of user inputs when passing parameters to the delete model API, allows malicious scripts to be stored and executed in the application...
Authentication Bypass
OctoPrint is vulnerable to an Authentication Bypass. The vulnerability is due to inadequate session handling in OctoPrint, which allows an attacker with temporary control over an authenticated session to access or delete the API key without requiring reauthentication...
Reflected Cross-Site Scripting (Reflected XSS)
OctoPrint is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to unescaped user inputs in OctoPrint’s login dialog and standalone application key confirmation dialog, allows attackers to inject malicious scripts that get reflected back to the user's browser...
Arbitrary Code Execution (ACE)
@cyclonedx/cdxgen is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to a lack of safeguards against executing code in build-related files, allowing attackers to inject and execute malicious code within these files during analysis...
Authentication Method Confusion
CodeChecker is vulnerable to Authentication Method Confusion. The vulnerability is due to insufficient account security, where the weakly generated root user account cannot be disabled, allowing attackers to exploit it through an external authentication service...
Authentication Bypass
github.com/golang-jwt/jwt is vulnerable to Authentication Bypass. The vulnerability is due to ambiguous error handling in the ParseWithClaims function, where a token that is both expired and invalid may lead users to check only for jwt.ErrTokenExpired, potentially ignoring...
Carriage Return Line Feed(CRLF) Injection
Refit is vulnerable to Carriage Return Line FeedCRLF Injection. The vulnerability is due to lack of validation for CRLF characters in HTTP header values in the Refit library. Specifically, the HttpHeaders.TryAddWithoutValidation method used by Refit does not sanitize or check for CRLF sequences,...
Cross-Site Scripting (XSS)
umbraco.cms.core is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of the argument culture in the file /Umbraco/preview/frame?id of the Dashboard component, which allows remote attackers to manipulate the argument and execute malicious scripts...
Session Fixation
Apache Kylin is vulnerable to Session Fixation. The vulnerability is due to improper handling of session identifiers, allowing an attacker to hijack a user's session...
Out-of-bounds Read
Ollama is vulnerable to Out-of-bounds Read. The vulnerability is due to the ability to upload a malformed GGUF file containing only 4 bytes with a custom magic header. By using a custom Modelfile with a FROM statement pointing to an attacker-controlled blob, the attacker can cause a segmentation...
Improper Privilege Management
Zope and AccessControl is vulnerable to Improper Privilege Management. The vulnerability is due to anonymous users being able to delete user data in AccessControl.userfolder.UserFolder, potentially preventing privileged access. Users unable to upgrade can mitigate by adding dataroles = to...
Insecure Deserialization
Apache Lucene.Net.Replicator is vulnerable to Insecure Deserialization. The vulnerability exists due to the deserialization of untrusted data without adequate validation, allowing an attacker who intercepts traffic or controls the replication node URL to send a malicious JSON response...
Password Reset Attack
yeswiki/yeswiki is vulnerable to weak cryptographic algorithm. The vulnerability is due to poor cryptographic practices, specifically the use of a weak cryptographic algorithm and a hard-coded salt for hashing the password reset key, allowing attackers to recover the reset key and gain unauthoriz...
Signature Verification Bypass
laravel/reverb is vulnerable to a verification signature bypass. The vulnerability is due to missing verification of request signatures for the Pusher-compatible API endpoints, allows unauthorized requests to bypass security checks and potentially access sensitive functionality...