Origin Validation Error

gradio is vulnerable to Origin Validation Error. The vulnerability is due the localhostaliases variable including "null" as a valid origin, when the server is deployed locally. An attacker can make unauthorized requests from sandboxed iframes or other sources with a null origin, potentially leadi...

Credentials Exposure

github.com/argoproj/argo-cd is vulnerable to Credentials Exposure. The vulnerability is due to the inappropriate handling and logging of sensitive authentication information within pod logs when connected to a Helm OCI repository with authentication enabled, allows individuals with access to the...

Denial Of Service (DoS)

The System.IO.Packaging library is vulnerable to Denial Of Service DoS. The vulnerability is due to the inadequate validation of untrusted inputs by the System.IO.Packaging library, allowing attackers to exploit complex operations and exhaust system resources...

Denial Of Service (DoS)

System.Security.Cryptography.Cose, System.IO.Packaging, and Microsoft.Extensions.Caching.Memory are vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient input validation and inadequate mechanisms to handle large datasets that allows to consume excessive resources...

Data Validation Bypass

Gradio is vulnerable to a Data Validation Bypass vulnerability. The vulnerability is due to improper enforcement of input constraints due to the pre-processing step in the Dropdown component, allowing attackers to send custom requests with arbitrary values even when the allowcustomvalue parameter...

Denial Of Service (DoS)

System.Text.Json is vulnerable to Denial Of Service DoS. The vulnerability is due to deserializing input to a model with an ExtensionData property, which allows an attacker to consume excessive resources...

Unauthorized Access

github.com/netlify/gotrue is vulnerable to Unauthorized Access. The vulnerability is due to the insecure handling of provider metadata from the user object, allows attackers to exploit the metadata, compromising the security of other resources...

Privilege Escalation

github.com/juju/juju is vulnerable to a privilege escalation. The vulnerability is due to the use of a predictable JUJUCONTEXTID as an authentication secret, allows an unprivileged user in the same network namespace to guess the ID and connect to the abstract domain socket...

Unauthorized Access

github.com/juju/juju is vulnerable to an Unauthorized Access. The vulnerability is due to improper access control over the JUJUCONTEXTID and the exposed UNIX domain socket, allowing unauthorized users on the local system with access to the default network namespace to connect and perform privileg...

Spoofing Attack

github.com/containerd/containerd is vulnerable to Spoofing Attack. The vulnerability is due to the lack of a definitive specification for manifest and index documents in the OCI Distribution and Image Specifications, allows different interpretations based on the Content-Type header...

Arbitrary Code Execution

github.com/github/git-sizer is vulnerable to Arbitrary Code Execution. The vulnerability is due to the misconfiguration of the system's PATH environment variable, which can allow malicious executables to be inadvertently run when commands are executed if the current directory is placed before the...

Arbitrary Code Execution

github.com/liamg/gitjacker is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper handling of file paths, allowing directory traversal with a crafted .git directory...

UUID Attack

github.com/sylabs/sif is vulnerable to UUID attack. The vulnerability is due to insecure randomness in the github.com/satori/go.uuid module, allowing an attacker to predict UUIDs, potentially enabling them to impersonate or manipulate containers...

Missing Encryption Of Sensitive Data

gradio is vulnerable to Missing Encryption of Sensitive Data. The vulnerability is due to insecure communication between the FRP client and server, when the share option is set to true. An attacker can intercept and read files uploaded to the server, as well as modify responses or data sent betwe...

Directory Traversal

Gradio is vulnerable to a Directory Traversal. The vulnerability is due to improper data validation in several Gradio components, allowing attackers to bypass input constraints and leak arbitrary files through the post-processing step. This could expose sensitive files to unauthorized users,...

Server-Side Request Forgery (SSRF)

Gradio is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to SSRF in the /queue/join endpoint, allowing attackers to exploit the asyncsaveurltocache function to make HTTP requests to user-controlled URLs. This can enable attackers to target internal servers, exfiltrate...

Resources Downloaded Over Insecure Protocol

gradio is vulnerable to Resources Downloaded over Insecure Protocol. The vulnerability is due to the lack of integrity checking on the downloaded FRP client. An attacker can introduce malicious code by modifying the binary without detection if they gain access to the remote URL from which the FRP...

Cross-site Scripting (XSS)

gradio is vulnerable to Cross-site Scripting XSS. The vulnerability is due to inadequate file type restrictions or server-side validation for the upload of HTML, JS, or SVG files. An attacker can execute unauthorized actions or steal sensitive information by uploading malicious scripts that execu...

Always-Incorrect Control Flow Implementation

gradio is vulnerable to Always-Incorrect Control Flow Implementation. The vulnerability is due to the improper handling of the enablemonitoring flag. An attacker can access sensitive application analytics by directly requesting the /monitoring endpoint...

Timing Attack

gradio is vulnerable to Timing Attack. The vulnerability is due to the analyticsdashboard function. An attacker can infer the correct hash byte-by-byte by measuring the response time of different requests, leading to unauthorized access to the analytics dashboard...

Denial Of Service (DoS)

github.com/juju/juju is vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient authentication controls on the abstract UNIX domain socket, allowing any local network namespace user to access it without proper verification...

Directory Traversal

www.velocidex.com/golang/velociraptor is vulnerable to Directory Traversal. The vulnerability is due to improper sanitization of the client ID parameter in the CreateCollection API, allows attackers to manipulate the input and exploit the system's file handling, thereby gaining unauthorized acces...

Privilege Escalation

Tgithub.com/talos-systems/talos is vulnerable to Privilege Escalation. The vulnerability is due to improper validation of the requests during the certificate signing process for worker nodes in the Talos cluster. It allows a control plane node to issue Talos API certificates that grant unauthoriz...

Denial Of Service (DoS)

Apache Tomcat is vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient resource limitations during the TLS handshake process, which allows an attacker to exploit this process repeatedly, leading to memory exhaustion and an OutOfMemoryError...

Information Disclosure

Mattermost is vulnerable to Information Disclosure.The vulnerability is due to insufficient API permissions enforcement, allowing team members to retrieve sensitive information without sufficient restrictions...

Improper Verification Of Cryptographic Signature

github.com/ssoready/ssoready is vulnerable to Improper Verification of Cryptographic Signature via the onlyPathHoistNamesInternal function. The vulnerability is due to differential XML parsing. Attackers can carry out a signature bypass if they have access to certain IDP-signed messages...

Incorrect Privilege Assignment

github.com/hashicorp/vault is vulnerable to Incorrect Privilege Assignment. The vulnerability is due to the mishandling of entries in an in-memory cache, a privileged operators could manipulate their cached record through an API endpoint on a node, potentially escalating their privileges to the...

Consensus Attack

github.com/ethereum/go-ethereum is vulnerable to a Consensus Attack. The vulnerability is due to Geth's pre-compiled dataCopy contract performing a shallow copy on invocation, which allows an attacker to manipulate Ethereum Virtual Machine EVM memory and cause a consensus mismatch between nodes...

Always-Incorrect Control Flow Implementation

btcd is vulnerable to Always-Incorrect Control Flow Implementation. The vulnerability is due to a consensus failure caused by the incorrect re-implementation of Bitcoin Core's "FindAndDelete" functionality. This flaw can result in btcd clients accepting an invalid Bitcoin block or rejecting a val...

Rainbow Table Attack

github.com/amir20/dozzle is vulnerable to Rainbow Table Attack. The vulnerability is due to the use of sha-256 for password hashing, which is less secure than bcrypt and allows an attacker to easily reverse hashed passwords using rainbow tables...

XML External Entity (XXE)

org.apache.xmlgraphics, fop-core is vulnerable to XML External Entity Reference XXE. The vulnerability is due to the application's failure to properly configure XML parsers and restrict the processing of external entities, allowing an attacker to exploit external entity references without adequat...

Path Traversal

github.com/containers/buildah is vulnerable to Path Traversal. The vulnerability is due to insufficient validation of user-specified paths for cache mounts, which allows users to reference directories outside the designated cache directory...

Regular Expression Denial Of Service (ReDoS)

xhtml2pdf is vulnerable to Regular expression Denial of Service ReDOS. The vulnerability is due to improper handling of input strings within the regular expressions used in the getcolor function within utils.py, which allows attackers to supply crafted strings that trigger the Denial of Service...

Denial Of Service (DoS)

django is vulnerable to Denial Of Service DoS. The vulnerability is due to the urlize and urlizetrunc template filters being susceptible to very large inputs containing a specific sequence of characters, allows an attacker to execute a denial-of-service attack...

HTTP Smuggling

org.jboss.resteasy, resteasy-netty4-cdi is vulnerable to HTTP Smuggling. The vulnerability is due to improper handling of HTTP requests by the resteasy-netty4 library, specifically when the Netty HttpObjectDecoder fails to process HTTP smuggling requests with ASCII control characters, causing it ...

Incorrect User Management

github.com/ubuntu/authd is vulnerable to Incorrect User Management. The vulnerability is due to insufficient randomization of user IDs, allowing a local attacker to register usernames and spoof another user's ID, gaining their privileges. This issue affects Authd through version 0.3.6...

Insecure Direct Object Reference (IDOR)

Open-webui/open-webui is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is caused by insufficient access controls in the API, which fail to validate user permissions, allowing unauthorized users to manipulate restricted data...

Information Disclosure

Open-webui is vulnerable to an Information Disclosure. The vulnerability is due to the embedding model update feature under admin settings, which allows an attacker to enumerate file names and traverse directories by observing error messages related to file existence and configuration...

Arbitrary File Write And Delete

open-webui is vulnerable to Arbitrary File write and delete. The vulnerability is due to unsanitized file.filename concatenation with CACHEDIR, allowing attackers to overwrite and delete system files...

Email Enumeration Attack

Django is vulnerable to Email Enumeration Attack. The vulnerability is due to the PasswordResetForm class revealing differences in responses when password reset emails fail to send, allowing attackers to infer if an email address is registered...

Information Disclosure

typo3/cms-backend is vulnerable to Information Disclosure. The vulnerability is due to improper access control configuration, which allows backend users to see items in the page tree for restricted pages if no mounts were configured, exposing restricted content to unauthorized users...

Denial Of Service (DoS)

GoPistolet is vulnerable to a Denial of Service DoS vulnerability. The vulnerability is due to improper handling within the MTA component, which can lead to service disruption...

Improper Privilege Management

Mattermost is vulnerable to an Improper Privilege Management. The vulnerability is due to improper permission protection, allowing authenticated users with a restricted custom admin role to bypass restrictions and view server logs and the server config.json file...

Arbitrary File Read

github.com/adguardteam/adguardhome is vulnerable to an Arbitrary File Read. The vulnerability is due to improper validation of user input and inadequate restrictions on file access, allowing authenticated users to manipulate the file system and read sensitive files...

Prototype Pollution

@sap/hana-client is vulnerable to Prototype Pollution. The vulnerability is due to improper user input sanitation when using the nestTables feature of the SAP HANA Node.js client package, allows attackers to manipulate object prototypes, enabling them to add arbitrary properties...

Arbitrary Argument Injection

ggit is vulnerable to Arbitrary Argument Injection. The vulnerability is due to the failure to sanitize user input and improper handling of command-line flags and doesn't validate the URL scheme or properly pass arguments to the git binary using the necessary -- POSIX characters, allowing attacke...

Remote Code Execution (RCE)

livewire/livewire is vulnerable to Remote Code Execution RCE. The vulnerability is due to the framework's file upload mechanism that only guesses the file extension based on the MIME type, allowing attackers to bypass security measures and upload malicious files...

Input Validation

typo3/cms-backend is vulnerable to Input Validation. The vulnerability is due to a lack of proper validation checks on user input, allowing for the manipulation of data saved in the bookmark toolbar and triggering errors that disrupt access to the backend user interface...

Log Injection

io.quarkiverse.cxf, quarkus-cxf is vulnerable to Log Injection. The vulnerability is due to misconfiguration of logging settings, which results in passwords and other secrets being logged; specific configurations, such as enabled SOAP logging and access to application logs, allow attackers to...

Command Injection

ggit is vulnerable to Command Injection. The vulnerability is due to user input being concatenated with a git command, which is then passed to the unsafe exec Node.js child process API. It allows an attacker to inject arbitrary commands...