Lucene search
K
VeracodeRecent

38332 matches found

Veracode
Veracode
•added 2024/10/28 6:14 a.m.•7 views

Access Control Bypass

github.com/cilium/cilium is vulnerable to Access Control Bypass. The vulnerability is due to conflicting policy rules that allow a broader prefix denial rule to be ignored in favor of a narrower prefix rule when configurations such as enableDefaultDeny: false or toEntities: all are set. This...

8.7CVSS8.6AI score0.00391EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/10/28 5:56 a.m.•10 views

Cross-site Scripting (XSS)

Wildfly is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input handling in the Wildfly deployment system, allowing an attacker or insider to deploy a malicious payload that could trigger undesired behavior on the server...

7.3CVSS6.3AI score0.00652EPSS
Exploits0References15Affected Software1
Veracode
Veracode
•added 2024/10/28 4:37 a.m.•12 views

Improper Input Validation

Nginx UI is vulnerable to Improper Input Validation. The vulnerability is due to improper input validation when configuring logrotate, where unverified input is directly passed to exec.Command, allowing arbitrary command execution...

9.8CVSS7AI score0.23491EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2024/10/27 8:18 a.m.•8 views

Directory Traversal

Nginx UI is vulnerable to Directory Traversal. The vulnerability is due to a controllable log path which, when combined with directory traversal at /api/configs, allows reading of directories and file contents on the server...

7.5CVSS6.7AI score0.0063EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/10/25 5:45 p.m.•5 views

Memory Consumption

opcfoundation.netstandard.opc.ua is vulnerable to a Memory Consumption. The vulnerability is due to insufficient safeguards in the OPC UA .NET Standard Stack that fail to limit memory consumption during certain operations, allowing an attacker to trigger a rapid increase in memory usage, which ma...

6.9AI score
Exploits0
Veracode
Veracode
•added 2024/10/25 5:8 p.m.•9 views

Server Performance Degradation

OPCFoundation/UA-.NETStandard is vulnerable to Server Performance Degradation. The vulnerability is due to improper handling of requests with invalid credentials, which allows a remote attacker to degrade server performance gradually...

5.3CVSS6.8AI score0.00483EPSS
Exploits0References3Affected Software2
Veracode
Veracode
•added 2024/10/25 8:30 a.m.•7 views

Denial Of Service (DoS)

MessagePack is vulnerable to a Denial Of Service DoS. This vulnerability is due to hash collisions triggered by specially crafted data, which allows an attacker to cause excessive CPU consumption during deserialization of untrusted data. A workaround involves creating a custom hash function by...

8.7CVSS6.7AI score0.00356EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/10/25 7:53 a.m.•7 views

Ununauthorized Root Access

github.com/kubernetes-sigs/image-builder is vulnerable to Unauthorized Root Access. The vulnerability is due to default credentials being enabled during the image build process with the Nutanix, OVA, QEMU, or raw providers, which could allow attackers to gain root access if they reach the VM wher...

9.8CVSS7.1AI score0.02223EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/10/25 7:12 a.m.•7 views

Unauthorized Root Access

github.com/kubernetes-sigs/image-builder is vulnerable to Unauthorized Root Access. The vulnerability is due to default credentials being enabled during the image build process with the Nutanix, OVA, QEMU, or raw providers, which allows an attacker to gain root access if they reach the VM where t...

8.1CVSS6.9AI score0.01641EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2024/10/24 12:14 p.m.•12 views

Denial Of Service (DoS)

org.eclipse.jetty, jetty-servlets is vulnerable to Denial Of Service DoS. The vulnerability is due to the exploitation of Jetty's DosFilter, which allows attackers to send crafted requests that trigger OutOfMemory errors...

7.5CVSS5.2AI score0.00946EPSS
Exploits0References7Affected Software5
Veracode
Veracode
•added 2024/10/24 10:47 a.m.•7 views

Directory Traversal

github.com/0xJacky/Nginx-UI is vulnerable to Directory Traversal. The vulnerability is due to insufficient verification of values from the JSON field, allowing the construction of values in the form of ../../, which can lead to arbitrary file writing...

8.7CVSS6.8AI score0.00579EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2024/10/24 10:2 a.m.•9 views

Permissive Regular Expression

github.com/facebookincubator/tacquito is vulnerable to Permissive Regular Expression. The vulnerability is due to permissive regex matching where the system matches sub-strings instead of the entire string for authorized commands and arguments. This could allow unauthorized commands to be execute...

9.8CVSS7AI score0.00442EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/10/24 9:16 a.m.•10 views

Directory Traversal

@vendure/asset-server-plugin is vulnerable to Directory Traversal. The vulnerability is due to improper validation in Vendure's asset server plugin, which allows an attacker to craft requests that traverse the server file system, retrieving arbitrary files including sensitive data and crashing th...

9.1CVSS6.6AI score0.59798EPSS
Exploits1References5Affected Software1
Veracode
Veracode
•added 2024/10/24 8:55 a.m.•4 views

Regular Expression Denial Of Service (ReDoS)

Action Mailer is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to the blockformat helper taking an unexpected amount of time when processing carefully crafted text, potentially resulting in a DoS condition...

8.7CVSS6.5AI score0.00944EPSS
Exploits0References7Affected Software2
Veracode
Veracode
•added 2024/10/24 8:53 a.m.•5 views

Regular Expression Denial Of Service (ReDoS)

Action Text is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to the way the plaintextforblockquotenode helper processes specific text inputs, leading to a scenario where the processing time can grow unexpectedly long, ultimately resulting in a Denial of Servic...

8.7CVSS6.1AI score0.00991EPSS
Exploits0References7Affected Software2
Veracode
Veracode
•added 2024/10/24 8:25 a.m.•9 views

Regular Expression Denial Of Service (ReDoS)

Action Pack is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to inefficient regular expression handling in Action Controller's HTTP Token authentication, which can be triggered by a carefully crafted header, causing significant delays in header parsing...

8.7CVSS6.5AI score0.01048EPSS
Exploits0References7Affected Software2
Veracode
Veracode
•added 2024/10/24 7:52 a.m.•11 views

Improper Authentication

matrix-js-sdk is vulnerable to Improper Authentication. The vulnerability is due to the method sendSharedHistoryKeys sends historical message keys to all devices of an invited user without checking if the user's cryptographic identity is verified or if the devices are signed by that identity,...

8.7CVSS6.9AI score0.00682EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/10/24 7:35 a.m.•3 views

Regular Expression Denial Of Service (ReDoS)

Action Pack is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to the improper handling of regular expressions in the query parameter filtering routines, allowing attackers to craft input that significantly delays processing and potentially leads to a Denial of...

8.7CVSS6.5AI score0.01103EPSS
Exploits0References9Affected Software1
Veracode
Veracode
•added 2024/10/24 7:16 a.m.•18 views

Cross-site Scripting (XSS)

markdown-to-jsx is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization, where an attacker can execute arbitrary code by injecting a malicious iframe element via the src property in the markdown...

6.1CVSS6.9AI score0.00503EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2024/10/23 11:27 a.m.•8 views

Denial Of Service (DoS)

github.com/gomarkdown/markdown is vulnerable to Denial Of Service DoS. The vulnerability is due to a logical problem in the paragraph function of the parser/block.go file, which allows a remote attacker to cause an infinite loop by providing specially crafted input, resulting in the program hangi...

5.1CVSS5AI score0.00501EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2024/10/23 10:59 a.m.•9 views

Unauthorized Access

org.sakaiproject.kernel, sakai-kernel-impl is vulnerable to Unauthorized access. The vulnerability is due to improper access control mechanisms that allow kernel users with type roleview to log in as normal users, allowing attackers to gain unauthorized access to the system...

8.8CVSS6.8AI score0.00554EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2024/10/23 10:18 a.m.•13 views

Cross-site Request Forgery (CSRF) Bypass

hono is vulnerable to Cross-site Request Forgery CSRF Bypass. The vulnerability is due to Hono treating requests without a Content-Type header as safe, allowing attackers to bypass CSRF protection...

5.9CVSS6.9AI score0.00304EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2024/10/23 9:20 a.m.•10 views

Directory Traversal

redaxo/source is vulnerable to Directory traversal. The vulnerability is due to insufficient validation of user input in the component /index.php?page=backup/export, allowing malicious actors to craft requests that traverse the file system and access unauthorized files and directories...

4.9CVSS6.6AI score0.00855EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2024/10/23 9:19 a.m.•14 views

Authentication Bypass

org.apache.solr, solr-core is vulnerable to Authentication Bypass. The vulnerability is due to the PKIAuthenticationPlugin improperly handling fake endings in the Solr API URL path, allowing requests to bypass authentication...

9.8CVSS6.7AI score0.90709EPSS
Exploits1References5Affected Software1
Veracode
Veracode
•added 2024/10/23 9:13 a.m.•7 views

Insecure Default Initialization Of Resource

org.apache.solr, solr-core is vulnerable to Insecure Default Initialization of Resource. The vulnerability is due to the failure to set the "trusted" metadata when ConfigSets are created via a Restore command from a backup, allowing unauthorized ConfigSets to be trusted and potentially load custo...

8.1CVSS6.6AI score0.00722EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2024/10/23 9:9 a.m.•10 views

Unsafe Deserialization

admidio/admidio is vulnerable to an Unsafe Deserialization. The vulnerability is due to improper handling of user input during the deserialization process. Specifically, it occurs when the application does not adequately validate or sanitize serialized data before converting it back into objects...

4.3CVSS7.5AI score0.00469EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/10/23 6:24 a.m.•5 views

Key Injection

matrix-react-sdk is vulnerable to Key Injection. The vulnerability is due to the SDK sharing historical message keys on invite, allowing a malicious homeserver to inject a malicious device and steal message keys when a user invites another user to a room...

8.7CVSS6.6AI score0.0066EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/10/23 5:51 a.m.•12 views

Denial Of Service (DoS)

Starlette is vulnerable to Denial of Service DoS. The vulnerability is due to the way Starlette handles multipart/form-data parts without a filename. Specifically, these parts are treated as text form fields and buffered in byte strings without any size limits, allowing for arbitrary large upload...

8.7CVSS6.3AI score0.00652EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/10/22 9:33 a.m.•11 views

Improper Verification Of Cryptographic Signature

elliptic is vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is due to improper handling of the truncateToN function, which fails to correctly verify signatures when the hash contains at least four leading zero bytes and the elliptic curve's base point order is...

4.8CVSS6.5AI score0.00556EPSS
Exploits1References4Affected Software2
Veracode
Veracode
•added 2024/10/22 9:7 a.m.•2 views

Improper Access Control

github.com/landlock-lsm/go-landlock is vulnerable to Improper Access Control. The vulnerability is due to the incorrect handling of TCP bind and connect operations in the BestEffort mode. An attacker can bypass intended networking through landlock.V4, landlock.V5, or self-configured restrictions ...

7.1AI score
Exploits0
Veracode
Veracode
•added 2024/10/22 8:4 a.m.•12 views

Remote Code Execution (RCE)

jsonpath-plus is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper input sanitization, allowing an attacker to execute arbitrary code on the system by exploiting the unsafe default usage of vm in Node...

9.8CVSS8AI score0.09076EPSS
Exploits4References6Affected Software1
Veracode
Veracode
•added 2024/10/22 7:43 a.m.•4 views

Open Redirect

org.keycloak, keycloak-services is vulnerable vulnerable to Open Redirect. The vulnerability is due to a misconfiguration flaw in the validation of redirect URIs. An attacker can redirect users to an arbitrary URL and potentially expose sensitive information such as authorization codes, leading t...

6.7AI score
Exploits0
Veracode
Veracode
•added 2024/10/22 7:32 a.m.•3 views

Session Fixation

org.keycloak:keycloak-services is vulnerable to Session Fixation. The vulnerability is due to the session ID and JSESSIONID cookie not being changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured, allowing an attacker to hijack the session before authentication...

7AI score
Exploits0
Veracode
Veracode
•added 2024/10/22 7:25 a.m.•4 views

Improper Expiration Of OTP Codes

org.keycloak:keycloak-core is vulnerable to Improper Expiration of OTP Codes. The vulnerability is due to the improper handling of OTP expiration in the FreeOTP implementation, where expired OTP codes remain usable for an additional 30 seconds, allowing them to be valid for a total of 1 minute...

6.9AI score
Exploits0
Veracode
Veracode
•added 2024/10/22 7:16 a.m.•5 views

Denial Of Service (DoS)

org.eclipse.jetty:jetty-servlets is vulnerable to Denial Of Service DoS. The vulnerability is due to unauthenticated users being able to exhaust the server's memory, leading to a crash...

6.5CVSS6.6AI score0.00949EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2024/10/22 7:3 a.m.•11 views

Improper Authorization

org.apache.activemq:artemis-cli is vulnerable to Improper Authorization. The vulnerability is due to exposure of the Log4J2 MBean through the authenticated Jolokia endpoint, allowing authenticated attackers to write arbitrary files to the filesystem...

8.8CVSS7AI score0.16539EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2024/10/22 6:29 a.m.•3 views

Improper Verification Of Cryptographic Signature

org.keycloak, keycloak-saml-core is vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is due to flawed logic in the XMLSignatureUtil class's signature validation method, which fails to properly assess the scope of the SAML signature, allowing an attacker to create...

7.7CVSS7.4AI score0.0203EPSS
Exploits0References12Affected Software1
Veracode
Veracode
•added 2024/10/22 6:10 a.m.•11 views

Denial Of Service (DoS)

Next.js is vulnerable to a Denial of Service DoS. The vulnerability is due to improper handling of image optimization, allowing for excessive resource consumption that can lead to a Denial of Service DoS attack...

7.5CVSS7.4AI score0.00737EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2024/10/22 5:42 a.m.•10 views

Remote Denial Of Service (DoS)

org.eclipse.jetty, jetty-server is vulnerable to a Remote Denial-of-Service DoS. The vulnerability is due to the ThreadLimitHandler.getRemote method, which allows unauthorized users to send crafted requests that trigger OutOfMemory errors and exhaust the server's memory...

6.5CVSS6.3AI score0.01037EPSS
Exploits0References5Affected Software2
Veracode
Veracode
•added 2024/10/22 5:27 a.m.•8 views

Privilege Escalation

OpenCanary is vulnerable to Privilege Escalation. The vulnerability is due to the config file being stored in an unprivileged user directory, allowing an unprivileged user to modify it and escalate permissions when the root user later runs the daemon...

7.8CVSS6.7AI score0.00224EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/10/21 11:28 a.m.•5 views

Privilege Escalation

github.com/authzed/spicedb is vulnerable to Privilege Escalation. The vulnerability is due to a bug in the LookupResources2 feature, where requests with caveats in the evaluation path may return a CONDITIONAL permissionship with missing context, even when the context was provided...

2.4CVSS6.5AI score0.00307EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/10/21 11:6 a.m.•6 views

Improper Validation Of Syntactic Correctness Of Input

org.eclipse.jetty:jetty-server is vulnerable to Improper Validation of Syntactic Correctness of Input via the HttpURI class. The vulnerability is due to insufficient validation on the authority segment of a URI. An attacker can manipulate the URI parsing to redirect requests or initiate server-si...

5.3CVSS5.1AI score0.00986EPSS
Exploits1References7Affected Software1
Veracode
Veracode
•added 2024/10/21 11:3 a.m.•5 views

Directory Traversal

github.com/codeclysm/extract is vulnerable to directory traversal. The vulnerability is due to insufficient validation of file paths within the archive, allowing a maliciously crafted archive to create symbolic links that point outside the intended extraction directory...

7.5CVSS6.5AI score0.00534EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/10/21 9:55 a.m.•10 views

Improper Access Control

magento/community-edition is vulnerable to an Improper Access Control. The vulnerability is due to improper access control in Adobe Commerce, which fails to properly enforce restrictions on certain actions, allowing unauthorized users to bypass security measures...

2.7CVSS6.7AI score0.00488EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/10/21 9:24 a.m.•6 views

Information Exposure

magento/community-edition is vulnerable to Information Exposure. The vulnerability is due to insufficient security measures that allow an admin attacker to bypass protections intended to safeguard confidential information...

2.7CVSS6.7AI score0.0058EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/10/21 8:28 a.m.•6 views

Improper Authorization

magento/community-edition is vulnerable to Improper Authorization. The vulnerability is due to improper authorization mechanisms in the affected versions of Adobe Commerce, allows attackers to exploit security features that should restrict access based on user privileges...

5.4CVSS6.7AI score0.0044EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/10/21 7:9 a.m.•12 views

Remote Code Execution (RCE)

snipe/snipe-it is vulnerable to Remote Code Execution RCE. The vulnerability is due to the deserialization of untrusted data in the cookie-handling process, allows an attacker can execute arbitrary code on the server by exploiting the APPKEY, especially if it is set to a default value as found in...

6.6CVSS8.1AI score0.00962EPSS
Exploits1References6Affected Software1
Veracode
Veracode
•added 2024/10/21 6:17 a.m.•6 views

Directory Traversal

lollms repository is vulnerable to Directory Traversal. The vulnerability is due to improper path sanitization in the lollmsfilesystem.py file, allowing attackers to perform vectorize operations on .sqlite files in any directory, potentially leading to package installation and crashes...

4.4CVSS6.7AI score0.00316EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2024/10/21 6:2 a.m.•8 views

Path Traversal

Lollms is vulnerable to a path traversal vulnerability. The vulnerability is due to improper validation of file paths in the lollmsfilesystem.py file, where functions like addragdatabase, togglemountragdatabase, and vectorizefolder lack necessary security measures, allowing attackers to access an...

4.4CVSS4.1AI score0.00316EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2024/10/21 4:27 a.m.•20 views

Remote Code Execution (RCE)

angular-base64-upload is vulnerable to Remote Code Execution RCE. The vulnerability is due to a lack of proper access controls in demo/server.php, allowing attackers to upload arbitrary content, which can then be executed from demo/uploads...

9.8CVSS7.4AI score0.43683EPSS
Exploits5References3Affected Software1
Total number of security vulnerabilities38332