Cross Site Request Forgery (CSRF)

github.com/go-gitea/gitea is vulnerable to Cross Site Request Forgery CSRF. The vulnerability is due to the lack of proper validation and protection mechanisms in the API routes of Gitea, allows unauthorized state-altering POST requests to be executed by attackers on behalf of authenticated users...

Privilege Escalation

code.gitea.io/gitea is vulnerable to Privilege Escalation. The vulnerability is due to the absence of proper permission checks in Gitea, which allows attackers to assign issues to projects without verifying whether they have the necessary access rights...

Information Disclosure

github.com/microsoft/terraform-provider-power-platform is vulnerable to Information Disclosure. The vulnerability is due to improper handling of sensitive data in the logging mechanism, where the clientsecret is not properly masked. This allows an attacker to impersonate the service principal and...

Unauthorized Access

Mattermost is vulnerable to unauthorized access. The vulnerability is due to a lack of proper access restrictions in the Mattermost application, allowing members of a channel to view files that they should not have permission to access...

Improper Authorization

Mattermost is vulnerable to Improper Authorization. The vulnerability is due to inadequate authorization mechanisms when the viewing of archived channels is disabled, allowing unauthorized access to sensitive information...

Improper Authentication

github.com/ory/kratos is vulnerable to an Improper Authentication. The vulnerability is due to an incorrect assumption of the highest available Authentication Assurance Level AAL as aal1 instead of aal2, allowing users to access endpoints without the required aal2 session under certain...

Cross Site Scripting(XSS)

Filament is vulnerable to cross-site scripting XSS. The vulnerability is due to improper validation of values passed to the ColorColumn or ColumnEntry, allowing untrusted input to be rendered in a way that can execute malicious scripts...

Server Side Request Forgery (SSRF)

Mattermost is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to the omission of Oracle Cloud and Alibaba's metadata endpoints from the SSRF denylist, allowing attackers to exploit this gap for unauthorized requests...

Authentication Bypass

github.com/rancher/rancher is vulnerable to a Authentication Bypass. The vulnerability is due to improper handling of expired domains or DNS spoofing/hijacking, allowing an attacker to exploit the Rancher URL under specific circumstances...

Incorrect Permission Assignment For Critical Resource

github.com/hashicorp/vault is vulnerable to Incorrect Permission Assignment for Critical Resource. The vulnerability is due to not requiring the validprincipals list to contain a value by default. An attacker could authenticate as any user on the host by using an SSH certificate requested by an...

Server-Side Request Forgery (SSRF)

@lobehub/chat is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to inadequate redirect handling in src/app/api/proxy/route.ts, allowing attackers to bypass protections by providing a malicious URL that redirects to internal resources, such as a private network or loopbac...

Cross-site Scripting (XSS)

NetBox is vulnerable to stored cross-site scripting XSS. The vulnerability is due to improper sanitization in the "Top banner" field within the "Configuration History" feature of the "Admin" panel, allowing an authenticated user to inject arbitrary JavaScript or HTML...

Denial Of Service (DoS)

Mattermost is vulnerable to Denial Of Service DoS. The vulnerability is due to improper input validation, where Mattermost does not verify that the message in a permalink post is a string, allowing non-string values to be processed and causing a frontend crash...

Denial Of Service (DoS)

github.com/mattermost/mattermost is vulnerable to Denial Of Service DoS. The vulnerability is due to improper validation of the permalink post message, allowing an attacker to send a non-string value that causes the application to crash...

Command Injection

cups-filters is vulnerable to Command Injection. Any value passed to FoomaticRIPCommandLine via a PPD file will be executed as a user controlled command. When combined with other logic bugs as described in CVE2024-47176, this can lead to remote command execution...

Arbitrary Command Execution

cups is vulnerable to Arbitrary Command Execution. The libppd function ppdCreatePPDFromIPP2 does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as cfGetPrinterAttributes5, can result in user controlled input and ultimately code executi...

Improper Input Validation

cups-filter is vulnerable to Improper Input Validation. The cfGetPrinterAttributes5 function in libcupsfilters does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be...

Improper Source Verification

cups-filter is vulnerable to Improper Source Verification. cups-browsed binds to INADDRANY:631, causing it to trust any packet from any source, and can cause the Get-Printer-Attributes IPP request to an attacker controlled URL. Due to the service binding to :631 INADDRANY , multiple bugs in...

Remote Code Execution

Promptr is vulnerable to Remote Command Execution RCE. The vulnerability is due to insufficient validation of URLs, allowing attackers to execute arbitrary commands via a crafted URL...

Heap Buffer Overflow

SQLite-vec is vulnerable to a Heap Buffer Overflow. The vulnerability is due to improper handling of memory allocation in the npytokennext function, which allows for a heap buffer overflow when processing certain crafted files...

Cross Site Scripting(XSS)

camaleoncms is vulnerable to cross-site scripting XSS. The vulnerability is due to the ability for normal registered users to upload SVG images containing JavaScript or HTML documents by manipulating the format parameter, allowing malicious scripts to execute when an authenticated user or...

Cross-Site Request Forgery (CSRF)

strawberrygraphql is vulnerable to cross-site request forgery CSRF. The vulnerability is due to the default configuration of the Strawberry GraphQL library, which allows multipart file upload support without proper CSRF protection and exempted the integration from Django's built-in CSRF safeguard...

Spoofing Attack

mellium.im/xmpp is vulnerable to Spoofing Attack. The vulnerability is due to the implementation of the Mellium XMPP library, which does not check the stanza type and allows the use of predictable IDs, leading to the possibility of response spoofing...

Information Disclosure

org.apache.maven.plugins,maven-archetype-plugin is vulnerable to Information Disclosure. The vulnerability is due to the integration testing process, which creates the archetype-settings.xml file containing sensitive information from the user's /.m2/settings.xml, allowing an attacker to access...

Cross-site Scripting (XSS)

Concrete5/concrete5 is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of the calendar event name, allowing users or groups with permission to create or modify event calendars to embed and execute malicious scripts...

Cross-site Scripting (XSS)

Concrete CMS is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper validation in the Image Editor's background color feature, allowing a rogue admin to inject malicious code into the Thumbnails/Add-Type function...

Improper Privilege Management

org.apache.hadoop,hadoop-common is vulnerable to Improper Privilege Managements. The vulnerability is due to the RunJar.run method not setting permissions for the temporary directory by default, which allows other local users to view sensitive data stored in that directory...

DOM Clobbering

Rollup is vulnerable to a DOM Clobbering. The vulnerability is due to improper handling of import.meta properties in cjs/umd/iife formats, which allows an attacker to perform cross-site scripting XSS attacks through unsanitized HTML elements, like an img tag with an unsanitized name attribute...

Unauthorized Access

pgAdmin4 is vulnerable to Unauthorized Access. The vulnerability is due to the potential exposure of the client ID and secret, which allows an attacker to gain unauthorized access to user data...

Weak Random String Generation

org.apache.linkis, linkis-engineplugin-spark is vulnerable to weak random string generation. The vulnerability is due to insecure random string generation via Commons Lang's RandomStringUtils, which allows an attacker to predict the generated token, potentially enabling unauthorized access or...

Privilege Escalation

Doccano Auto Labeling Pipeline is vulnerable to Privilege Escalation. The vulnerability is due to improper handling of the modelattribs parameter, allowing a remote attacker to escalate privileges...

Privilege Escalation

Doccano Auto Labeling Pipeline vulnerable to Privilege Escalation. The vulnerability is due to improper validation of REST requests, which allows a remote attacker to escalate privileges via a crafted request...

Denial Of Service (DoS)

org.springframework,spring-web is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of ETags from If-Match or If-None-Match request headers, allowing attackers to overwhelm the system and cause service disruption...

Inadequate Encryption Strength

github.com/apache/incubator-answer is vulnerable to Inadequate Encryption Strength. The vulnerability is due to the use of MD5 hashing for a user's email when accessing Gravatar, which is insecure and can lead to the leakage of user emails. The recommended fix is to upgrade to version 1.4.0, whic...

Privilege Escalation

Pure Data is vulnerable to a Privilege Escalation. The vulnerability is due to improper handling of the setid function, allowing a local attacker to escalate privileges by exploiting the flawed permission management...

Remote Code Execution

Camaleon CMS is vulnerable to Remote Code Execution. The vulnerability is due to insufficient path validation in the MediaController class, allowing attackers, after taking over an administrator account, to delete arbitrary files or folders. Additionally, the cropurl action may allow arbitrary fi...

SQL Injection

github.com/navidrome/navidrome is vulnerable to SQL Injection. The vulnerability is due to the lack of proper input validation and escaping of URL parameters in SQL queries, allowing attackers to inject malicious SQL code into the application...

HTML Injection

Confidant is vulnerable to HTML Injection. The vulnerability is due to insufficient input validation and sanitization of user-supplied data in several endpoints of the Confidant service, allowing attackers to inject malicious scripts into the application...

HTTP Request Smuggling (HRS)

webrick is vulnerable to HTTP request smuggling. The vulnerability is due to inadequate validation and handling of conflicting HTTP headers Content-Length and Transfer-Encoding, allowing multiple interpretations of a single request...

Cross-site Scripting (XSS)

@udecode/plate-core is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper handling of custom DOM attributes passed through the attributes property, allowing attackers to inject malicious code via attributes like href and src, or to expose users' IP addresses by causing...

Authentication Bypass

GateOne is vulnerable to Authentication Bypass. The vulnerability is due to a flaw in the origin verification mechanism, allowing attackers to bypass the origins list check and connect to Gate One instances from unauthorized hosts...

Cross-site Scripting (XSS)

aim is vulnerable to Cross-site Scripting XSS. The vulnerability is due to its us of dangerouslySetInnerHTML in the textbox component of the web UI. An attacker can inject scripts which will be executed when a user accesses the text explorer feature...

HTTP Header Injection

puma is vulnerable to HTTP Header Injection. The vulnerability is due to inadequate validation and prioritization of HTTP headers, where Puma does not properly distinguish between standard headers and those with underscores, allowing conflicting headers to coexist without proper handling...

Cross Site Scripting(XSS)

@rspack/core is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to a DOM Clobbering gadget in the AutoPublicPathRuntimeModule, which allows unsanitized attacker-controlled HTML elements to lead to XSS attacks...

Credentials Exposure

github.com/grafana/grafana-plugin-sdk-go is vulnerable to Credentials Exposure. The vulnerability is due to the inclusion of the full repository URI, including credentials, in the metadata bundled within the compiled binaries during the build process, which allows an attacker to gain unauthorized...

Remote Code Execution

dtale is vulnerable to Remote Code Execution RCE via the runquery function. The vulnerability is due to improper sanitization of the query parameter. An attacker can execute arbitrary code on the server by sending malicious input...

Open Redirection

org.keycloak,keycloak-services is vulnerable to Open Redirect. The vulnerability is due to improper validation of the "Valid Redirect URI" field, which can allow attackers to redirect users to arbitrary URLs, potentially exposing sensitive information...

Cross-site Scripting (XSS)

The camaleoncms is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient validation in the image upload functionality, allowing normal registered users to upload SVG images containing JavaScript or upload HTML documents by manually altering the format parameter. If an...

Unauthorized Access

github.com/zitadel/zitadel is vulnerable to Unauthorized Access. The vulnerability is due to inadequate enforcement of account deactivation protocols, allowing an attacker to gain unauthorized access to the system using tokens from deactivated service accounts...

Unauthorized Access

github.com/zitadel/zitadel is vulnerable to Unauthorized Access. The vulnerability is due to the failure of the system to properly invalidate deactivated user grants in the tokens, allowing users to retain access to applications and resources despite their deactivated status...