File Deletion

@saltcorn/server is vulnerable to a file deletion vulnerability. The vulnerability is due to the lack of validation and sanitization of the dirname POST parameter, which allows a logged-in user to construct requests that delete arbitrary files on the filesystem through the sync/cleansyncdir...

Cross-Site Scripting (XSS)

PHPSpreadsheet is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to \PhpOffice\PhpSpreadsheet\Writer\Html not sanitizing "javascript:" URLs from hyperlink href attributes, which allows an attacker to execute malicious scripts in the context of a user's browser session...

Server Side Request Forgery (SSRF)

phpoffice/phpspreadsheet is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to the ability of an attacker to construct an XLSX file that links images from arbitrary paths, which allows for embedding those files as data: URLs and performing unauthorized HTTP GET requests...

XML External Entity (XXE)

phpoffice/phpspreadsheet is vulnerable to XML External Entity XXE. The vulnerability is due to a flawed XML encoding check in the toUtf8 function of the security scanner, allows crafted XML structures with whitespace to bypass the security measures intended to prevent XXE attacks...

Local File Inclusion (LFI)

phpoffice/phpspreadsheet is vulnerable to Local File Inclusion LFI. The vulnerability is due to PhpSpreadsheet retrieving image sizes and types by reading the contents of files from external URLs, allowing attackers to exploit php://filter URLs to leak sensitive file contents or data from arbitra...

Privilege Escalation

Parse Server is vulnerable to Privilege Escalation. The vulnerability is due to insufficient validation and control over user input, specifically the lack of restrictions on the allowCustomObjectId setting, which allows attackers to define custom object IDs without proper checks and exploit user...

Denial Of Service (DoS)

@rocket.chat/message-parser is vulnerable to Denial Of Service DoS. The vulnerability is due to by crafted messages with specific characters crashing the workspace due to an issue in the message parser, allowing an attacker to exploit this weakness...

Cross-Site Scripting (XSS)

dev-lancer/minecraft-motd-parser is vulnerable to cross-site scripting XSS. The vulnerability is due to the lack of proper input validation and sanitization in the HtmlGenerator class, allowing attackers to inject malicious HTML into a web page through a malformed Minecraft server MOTD...

Denial Of Service (DoS)

JSON-lib is vulnerable to Denial Of Service DoS. The vulnerability is due to improper input validation and handling in the util/JSONTokener.java class, where the code fails to correctly process unbalanced comment strings in JSON data, allowing attackers to craft malicious JSON inputs that trigger...

Man-in-the-middle(MitM)

OpenStack Ironic is vulnerable to Man-in-the-middleMitM. The vulnerability is due to the lack of checksum validation on the supplied imagesource URLs, allows for the possibility of malicious actors manipulating the image data during the conversion process...

Cookie Poisoning

cookie is vulnerable to Cookie Poisoning. The vulnerability is due to improper input validation for the cookie name, path, and domain fields, allowing these fields to be manipulated and alter other cookie attributes...

Deserialization Of Untrusted Data

Apache Avro is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to improper schema parsing in the Java SDK, which allows attackers to execute arbitrary code...

Expected Behavior Violation

@backstage/plugin-app-backend is vulnerable to Expected Behavior Violation. The vulnerability is due to the handling of APPCONFIG environment variables, which ignores the visibility defined in the configuration schema. Note: This was an intended feature of the APPCONFIG way of supplying...

Uncontrolled Resource Consumption

Apache Commons IO is vulnerable to Uncontrolled Resource Consumption. The vulnerability is due to excessive CPU consumption caused by the org.apache.commons.io.input.XmlStreamReader class when processing maliciously crafted input...

Exposure Of Information Through Directory Listing

@saltcorn/server is vulnerable to Exposure of Information Through Directory Listing. The vulnerability is due to missing validations of the builddirname parameter. This allows an attacker with admin permission to view files and directories on the filesystem...

Directory Traversal

@saltcorn/server is vulnerable to Directory Traversal. The vulnerability is due to missing sanitization of the filename parameter used to identify the zip file when passed to the res.download API. This allows an attacker with admin permission to read and download arbitrary zip files when...

Prototype Pollution

@saltcorn/server is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of the lang and defstring parameters, allowing modification of the Object prototype, which can lead to remote code execution RCE and SQL injection vulnerabilities...

Prototype Pollution

@sentry/browser is vulnerable to Prototype Pollution. The vulnerability is due to inadequate checks on user input or unsafe handling of data within an application when data is not properly validated or sanitized. It allows attackers to manipulate the prototype of objects, leading to potential...

Cross Site Scripting (XSS)

sulu/sulu is vulnerable to Cross Site Scripting XSS. The vulnerability is due to a low privileged user with access to the “Media” section being able to upload an SVG file with a malicious payload, allowing an attacker to execute malicious JavaScript in the browsers of other users, including admin...

Path Traversal

agnai is vulnerable to Path Traversal. The vulnerability is due to improper input validation in JSON file handling, allowing attackers to read arbitrary JSON files at attacker-chosen locations on the server. This can lead to unauthorized access to sensitive information exposure...

Cross Site Scripting(XSS)

sulu/sulu is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the improper handling of user input in the media download URL within the SuluMediaBundle component, allowing attackers to inject malicious code that can be executed in the browser of users who access the compromised...

Command Injection

@saltcorn/plugins-loader is vulnerable to command injection. The vulnerability is due to the lack of input validation on the user-controlled value req.body.name, allows users with admin permissions to manipulate the input by adding escaping characters, thereby executing arbitrary commands when th...

Unauthorized Access

github.com/mattermost/mattermost is vulnerable to Unauthorized Access. The vulnerability is due to non-members receiving broadcasted team details via the updateteam WebSocket event, which allows an attacker to gain unauthorized access to sensitive team information...

Privilege Escalation

github.com/rancher/rancher vulnerable to Privilege Escalation. The vulnerability is due to improper restrictions in node driver options, allowing unprivileged users to deploy nodes and post sensitive files such as /root/.kube/config or /var/lib/rancher/management-state/cred/kubeconfig-system.yaml...

Authorization Bypass

www.velocidex.com/golang/velociraptor is vulnerable to Authorization Bypass. The vulnerability is due to improper permission checks in the copy VQL function, which applies checks for reading files but does not check for permission to write files, allowing low-privilege users to overwrite server...

Cross Site Scripting(XSS)

OpenC3 COSMOS is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to the login functionality, which allows an attacker to inject malicious scripts while sending commands to and receiving data from embedded systems...

Cross Site Scripting(XSS)

OpenC3 COSMOS is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to the insecure storage of user passwords in an unencrypted format within the LocalStorage of a web browser, allows an attacker to execute malicious scripts in a user's browser...

Cross Site Scripting(XSS)

Decidim is vulnerable to a Cross-site scripting XSS. The vulnerability is due to XSS through a malformed URL in the version control feature used in resources. which allows an attacker to exploit XSS...

Command Injection

git-shallow-clone is vulnerable to Command injection. The vulnerability is due to missing sanitization or mitigation flags in the process variable of the gitShallowClone function. which allows malicious inputs to be executed as system commands...

Regular Expression Denial Of Service (ReDoS)

langflow is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to improper handling of the remainingtext argument in the HTTP POST Request Handler, allowing an attacker to exploit the inefficient regular expression patterns and causes excessive resource consumption...

Race Condition

github.com/theupdateframework/go-tuf/v2 is vulnerable to Race Condition. The vulnerability is due to the inconsistent tracing of delegations in the client's processing logic potentially leads to Denial Of Service...

Cross-site Scripting (XSS)

Pagekit is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization in the widget management feature of the admin panel index.php/admin/site/widget, allowing attackers to inject malicious scripts...

Link Following

github.com/containers/common is vulnerable to Link Following. The vulnerability is due to incorrect handling of symbolic links in FIPS mode, allowing an attacker to exploit symbolic links and mount sensitive host directories inside a container, bypassing the isolation between containers and the...

Improper Input Validation

github.com/containers/buildah and github.com/containers/podman/v5 are vulnerable to Improper Input Validation. The vulnerability due to improper input validation in the bind-propagation option of the Dockerfile RUN --mount instruction, an attacker with build privileges on the system can exploit...

Use Of Uninitialized Variable

github.com/golang-fips/openssl is vulnerable to Use of Uninitialized Variable. The vulnerability is due to improper handling of uninitialized buffer lengths in FIPS mode, which can result in zeroed buffers being returned. This flaw allows an attacker to force false positive hash matches, send...

Server-Side Request Forgery (SSRF)

inventree is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper error handling, where submitting a crafted URL instead of a valid image can raise a server-side error. This error message may contain sensitive information about server-side resources, including the...

Inadequate Encryption Strength

github.com/portainer/portainer is vulnerable to Inadequate Encryption Strength. The vulnerability is due to the improper use of an encryption algorithm in the AesEncrypt function. An attacker can decrypt sensitive information or compromise data integrity by exploiting the weak encryption...

Directory Traversal

OpenC3 COSMOS is vulnerable to Directory Traversal. The vulnerability is due to improper input validation in LocalMode's openlocalfile method, allowing an authenticated user with adequate permissions to download any .txt file via the ScreensControllershow endpoint on the web server...

Information Exposure Through An Error Message

org.jenkins-ci.main:jenkins-core is vulnerable to Information Exposure Through an Error Message. The vulnerability is due to improper redaction of multi-line secret values in error messages generated from form submissions involving the secretTextarea form field...

Cross Site Scripting(XSS)

CKEditor 5 is vulnerable to a Cross-Site Scripting XSS. The vulnerability is due to Insecure Editor Configuration and lack of Input Sanitization in the CKEditor 5 clipboard package, which allows an attacker to insert malicious content into the editor when the General HTML Support or HTML Embed...

Incorrect Authorization

Jenkins is vulnerable to Incorrect Authorization. The vulnerability is due to incomplete enforcement of item creation checks, where prohibited items are created in memory and can be saved to persist them, bypassing restrictions when attackers have Item/Configure permissions...

Cross-site Scripting (XSS)

Zenario is vulnerable to Cross-site Scripting XSS. The vulnerability is due to allowing authenticated admin users to upload PDF files containing malicious code, which can execute when the PDF is accessed through the website...

Cross Site Scripting(XSS)

LibreNMS is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the lack of proper validation and sanitization of user-uploaded SVG files, allowing users with the "admin" role to upload these files as backgrounds for custom maps without sufficient security checks, which enables...

Cross Site Scripting(XSS)

librenms/librenms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient validation and sanitization of user input in the "Alert Transports" feature, specifically in the "Details" section, which allows authenticated users to inject arbitrary JavaScript code executable...

Cross Site Scripting(XSS)

librenms/librenms is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to improper input sanitization in the Device Groups name, allowing JavaScript code to be executed when the details of the Device Group are viewed...

Cross Site Scripting(XSS)

librenms/librenms is vulnerable to Cross-Site Scripting Self-XSS. The vulnerability is due to a lack of proper input validation and sanitization in the "Alert Templates" feature of LibreNMS, allows users to inject arbitrary JavaScript into the alert template's name without any restrictions...

Cross Site Scripting(XSS)

librenms/librenms is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper input validation in the "Alert Rules" feature, where the "Title" field does not properly sanitize user input, allowing the injection of arbitrary JavaScript...

Cross Site Scripting(XSS)

librenms/librenms is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to insufficient input validation or sanitization of the "hostname" parameter in the "Device Dependencies" feature, allows attackers to inject arbitrary JavaScript, which can then be stored and executed in...

Cross-site Scripting (XSS)

Zenario is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of input in the "Organizer tags" field within the Image library, allowing attackers to inject malicious scripts...

Cross-site Scripting (XSS)

Contao is vulnerable to stored Cross-site Scripting XSS. The vulnerability is due to improper validation of SVG file uploads, allowing an authenticated admin to upload a file containing malicious JavaScript that can be executed when accessed through the website...