Resources Downloaded Over Insecure Protocol

gradio is vulnerable to Resources Downloaded over Insecure Protocol. The vulnerability is due to the lack of integrity checking on the downloaded FRP client. An attacker can introduce malicious code by modifying the binary without detection if they gain access to the remote URL from which the FRP...

Cross-site Scripting (XSS)

gradio is vulnerable to Cross-site Scripting XSS. The vulnerability is due to inadequate file type restrictions or server-side validation for the upload of HTML, JS, or SVG files. An attacker can execute unauthorized actions or steal sensitive information by uploading malicious scripts that execu...

Always-Incorrect Control Flow Implementation

gradio is vulnerable to Always-Incorrect Control Flow Implementation. The vulnerability is due to the improper handling of the enablemonitoring flag. An attacker can access sensitive application analytics by directly requesting the /monitoring endpoint...

Timing Attack

gradio is vulnerable to Timing Attack. The vulnerability is due to the analyticsdashboard function. An attacker can infer the correct hash byte-by-byte by measuring the response time of different requests, leading to unauthorized access to the analytics dashboard...

Denial Of Service (DoS)

github.com/juju/juju is vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient authentication controls on the abstract UNIX domain socket, allowing any local network namespace user to access it without proper verification...

Directory Traversal

www.velocidex.com/golang/velociraptor is vulnerable to Directory Traversal. The vulnerability is due to improper sanitization of the client ID parameter in the CreateCollection API, allows attackers to manipulate the input and exploit the system's file handling, thereby gaining unauthorized acces...

Privilege Escalation

Tgithub.com/talos-systems/talos is vulnerable to Privilege Escalation. The vulnerability is due to improper validation of the requests during the certificate signing process for worker nodes in the Talos cluster. It allows a control plane node to issue Talos API certificates that grant unauthoriz...

Denial Of Service (DoS)

Apache Tomcat is vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient resource limitations during the TLS handshake process, which allows an attacker to exploit this process repeatedly, leading to memory exhaustion and an OutOfMemoryError...

Information Disclosure

Mattermost is vulnerable to Information Disclosure.The vulnerability is due to insufficient API permissions enforcement, allowing team members to retrieve sensitive information without sufficient restrictions...

Improper Verification Of Cryptographic Signature

github.com/ssoready/ssoready is vulnerable to Improper Verification of Cryptographic Signature via the onlyPathHoistNamesInternal function. The vulnerability is due to differential XML parsing. Attackers can carry out a signature bypass if they have access to certain IDP-signed messages...

Incorrect Privilege Assignment

github.com/hashicorp/vault is vulnerable to Incorrect Privilege Assignment. The vulnerability is due to the mishandling of entries in an in-memory cache, a privileged operators could manipulate their cached record through an API endpoint on a node, potentially escalating their privileges to the...

Consensus Attack

github.com/ethereum/go-ethereum is vulnerable to a Consensus Attack. The vulnerability is due to Geth's pre-compiled dataCopy contract performing a shallow copy on invocation, which allows an attacker to manipulate Ethereum Virtual Machine EVM memory and cause a consensus mismatch between nodes...

Always-Incorrect Control Flow Implementation

btcd is vulnerable to Always-Incorrect Control Flow Implementation. The vulnerability is due to a consensus failure caused by the incorrect re-implementation of Bitcoin Core's "FindAndDelete" functionality. This flaw can result in btcd clients accepting an invalid Bitcoin block or rejecting a val...

Rainbow Table Attack

github.com/amir20/dozzle is vulnerable to Rainbow Table Attack. The vulnerability is due to the use of sha-256 for password hashing, which is less secure than bcrypt and allows an attacker to easily reverse hashed passwords using rainbow tables...

XML External Entity (XXE)

org.apache.xmlgraphics, fop-core is vulnerable to XML External Entity Reference XXE. The vulnerability is due to the application's failure to properly configure XML parsers and restrict the processing of external entities, allowing an attacker to exploit external entity references without adequat...

Path Traversal

github.com/containers/buildah is vulnerable to Path Traversal. The vulnerability is due to insufficient validation of user-specified paths for cache mounts, which allows users to reference directories outside the designated cache directory...

Regular Expression Denial Of Service (ReDoS)

xhtml2pdf is vulnerable to Regular expression Denial of Service ReDOS. The vulnerability is due to improper handling of input strings within the regular expressions used in the getcolor function within utils.py, which allows attackers to supply crafted strings that trigger the Denial of Service...

Denial Of Service (DoS)

django is vulnerable to Denial Of Service DoS. The vulnerability is due to the urlize and urlizetrunc template filters being susceptible to very large inputs containing a specific sequence of characters, allows an attacker to execute a denial-of-service attack...

HTTP Smuggling

org.jboss.resteasy, resteasy-netty4-cdi is vulnerable to HTTP Smuggling. The vulnerability is due to improper handling of HTTP requests by the resteasy-netty4 library, specifically when the Netty HttpObjectDecoder fails to process HTTP smuggling requests with ASCII control characters, causing it ...

Incorrect User Management

github.com/ubuntu/authd is vulnerable to Incorrect User Management. The vulnerability is due to insufficient randomization of user IDs, allowing a local attacker to register usernames and spoof another user's ID, gaining their privileges. This issue affects Authd through version 0.3.6...

Insecure Direct Object Reference (IDOR)

Open-webui/open-webui is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is caused by insufficient access controls in the API, which fail to validate user permissions, allowing unauthorized users to manipulate restricted data...

Information Disclosure

Open-webui is vulnerable to an Information Disclosure. The vulnerability is due to the embedding model update feature under admin settings, which allows an attacker to enumerate file names and traverse directories by observing error messages related to file existence and configuration...

Arbitrary File Write And Delete

open-webui is vulnerable to Arbitrary File write and delete. The vulnerability is due to unsanitized file.filename concatenation with CACHEDIR, allowing attackers to overwrite and delete system files...

Email Enumeration Attack

Django is vulnerable to Email Enumeration Attack. The vulnerability is due to the PasswordResetForm class revealing differences in responses when password reset emails fail to send, allowing attackers to infer if an email address is registered...

Information Disclosure

typo3/cms-backend is vulnerable to Information Disclosure. The vulnerability is due to improper access control configuration, which allows backend users to see items in the page tree for restricted pages if no mounts were configured, exposing restricted content to unauthorized users...

Denial Of Service (DoS)

GoPistolet is vulnerable to a Denial of Service DoS vulnerability. The vulnerability is due to improper handling within the MTA component, which can lead to service disruption...

Improper Privilege Management

Mattermost is vulnerable to an Improper Privilege Management. The vulnerability is due to improper permission protection, allowing authenticated users with a restricted custom admin role to bypass restrictions and view server logs and the server config.json file...

Arbitrary File Read

github.com/adguardteam/adguardhome is vulnerable to an Arbitrary File Read. The vulnerability is due to improper validation of user input and inadequate restrictions on file access, allowing authenticated users to manipulate the file system and read sensitive files...

Prototype Pollution

@sap/hana-client is vulnerable to Prototype Pollution. The vulnerability is due to improper user input sanitation when using the nestTables feature of the SAP HANA Node.js client package, allows attackers to manipulate object prototypes, enabling them to add arbitrary properties...

Arbitrary Argument Injection

ggit is vulnerable to Arbitrary Argument Injection. The vulnerability is due to the failure to sanitize user input and improper handling of command-line flags and doesn't validate the URL scheme or properly pass arguments to the git binary using the necessary -- POSIX characters, allowing attacke...

Remote Code Execution (RCE)

livewire/livewire is vulnerable to Remote Code Execution RCE. The vulnerability is due to the framework's file upload mechanism that only guesses the file extension based on the MIME type, allowing attackers to bypass security measures and upload malicious files...

Input Validation

typo3/cms-backend is vulnerable to Input Validation. The vulnerability is due to a lack of proper validation checks on user input, allowing for the manipulation of data saved in the bookmark toolbar and triggering errors that disrupt access to the backend user interface...

Log Injection

io.quarkiverse.cxf, quarkus-cxf is vulnerable to Log Injection. The vulnerability is due to misconfiguration of logging settings, which results in passwords and other secrets being logged; specific configurations, such as enabled SOAP logging and access to application logs, allow attackers to...

Command Injection

ggit is vulnerable to Command Injection. The vulnerability is due to user input being concatenated with a git command, which is then passed to the unsafe exec Node.js child process API. It allows an attacker to inject arbitrary commands...

Improper Access Control

github.com/rancher/rancher is vulnerable to Improper Access Control. The vulnerability is due to authenticated users being able to disable access control via an API call...

Incorrect Calculation

github.com/ethereum/go-ethereum is vulnerable to an Incorrect Calculation. The vulnerability is due to a miscalculation of Proof of Work PoW generation caused by an error in the DAG creation process...

Cross-site Scripting (XSS)

limesurvey/limesurvey is is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input validation and output encoding in the Alert Widget's message component...

Cross-site Scripting (XSS)

Krayin CRM is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input validation in the organization name field in /admin/contacts/organizations/edit/2, allowing malicious scripts to be injected...

Cross-Site Scripting (XSS)

phpoffice/phpspreadsheet is vulnerable to a cross-site scripting XSS. The vulnerability is due to improper handling of input where a number is expected, allowing an attacker to perform formula injection through direct concatenation of user-supplied parameters into spreadsheet formulas...

IBC Hijack

github.com/cheqd/cheqd-node is vulnerable to IBC hijack. The vulnerability is due to improper handling or validation within the IBC transfer mechanism, allows an attacker to compromise the security of chain-to-chain IBC transfers...

Command Injection

github.com/icewhaletech/casaos is vulnerable to a Command Injection. The vulnerability is due to lack of proper input validation and sanitization mechanisms via the component leave or join zerotier api, allows attackers to inject malicious commands into the system, which can then be executed...

Denial Of Service (DoS)

github.com/foxcpp/maddy is vulnerable to Denial Of Service DoS. The vulnerability is due to the lack of proper error handling during write operations in S3 storage, when write operations encounter errors, they are not aborted, allowing the system to continue consuming memory without limit...

Privilege Escalation

github.com/kiali/kiali is vulnerable to Privilege Escalation. The vulnerability is due to an incorrect access control flaw that allows an attacker with basic access to deploy a kiali operand and potentially gain access to privileged service account tokens...

Cross-site Scripting (XSS)

Dynamic Dashboard is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation of values passed to a paragraph widget, allowing malicious characters to trigger XSS attacks when a user opens a page where the widget is rendered...

Cross-site Scripting (XSS)

Mediawiki Cargo is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper neutralization of input during web page generation, allowing attackers to execute malicious scripts...

Cross-site Scripting (XSS)

LimeSurvey is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization, allowing a remote attacker to execute arbitrary code by injecting a crafted script into the title and comment fields...

Improper Authentication

github.com/ubuntu/authd is vulnerable to Improper Authentication. The vulnerability is due to improper management of broker-managed users, allowing them to impersonate any other user managed by the same broker and perform PAM operations, including authentication...

Information Exposure

github.com/opentofu/opentofu is vulnerable to Information Exposure. The vulnerability is due to the static evaluation of module sources, versions and backend configurations. An attacker can expose sensitive variables and locals...

Cross-Site Scripting (XSS)

limesurvey/limesurvey is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization of user input, allowing a remote attacker to execute arbitrary code via crafted scripts in the title and comment fields...

Cross-Site Scripting (XSS)

@saltcorn/server is vulnerable to stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of event log data, allowing malicious scripts to be stored...