Unauthorized Access

Zitadel is vulnerable to Unauthorized Access. The vulnerability is due to the improper decoupling of the application lifecycle from the organization's lifecycle. Specifically, when an organization is deactivated in Zitadel, its associated applications remain active, allowing users from other...

Stack Overflow

Google Protobuf is vulnerable to a StackOverflow. The vulnerability is due to insufficient validation and control over the parsing of nested groups and SGROUP tags in untrusted Protocol Buffers data, allowing an attacker to crash the application or make it unresponsive...

Arbitrary Code Execution

mautic/core is vulnerable to Arbitrary Code Execution. The vulnerability is due to insufficient validation and access control during the execution of the upgrade script, allowing an attacker to execute arbitrary code during the upgrade process...

Local Host Access Bypass

Directus is vulnerable to a Local Host Access Bypass. The vulnerability is due to improper filtering of loopback addresses, where only 127.0.0.1 is blocked, but other 127.X.X.X addresses can bypass restrictions, allowing an attacker to gain unauthorized access to local services...

Eval Injection

LangChain Experimental is vulnerable to Eval Injection. The vulnerability is due to the use of sympy.sympify which relies on eval in the LLMSymbolicMathChain, allowing attackers to execute arbitrary code in versions 0.1.17 through 0.3.0...

Deserialization Of Untrusted Data

dm-reverb is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to the unpacking process of tensor proto of type VARIANT. An attacker can gain control of the Program Counter by inserting malicious streams into the server's database, which are then unpacked when the client...

Use Of Hard-coded Cryptographic Key

Dragonfly is vulnerable to Use of Hard-coded Cryptographic Key. The vulnerability is due to the use of a hardcoded secret key for JWT verification, allowing attackers to bypass authentication and perform actions with admin privileges. The issue is addressed in version 2.0.9, and users are advised...

XML External Entity (XXE) Injection

de.gematik.refv.commons:commons is vulnerable to XML External Entity XXE Injection. The vulnerability is due to the insecure default configuration of the WstxInputFactory. An attacker can issue unauthorized network requests or access internal systems by supplying malicious XML content...

Remote Code Execution

com.alipay.sofa:hessian is vulnerable to Remote Code Execution. The vulnerability is due to a gadget chain that bypasses the SOFA Hessian protocol's blacklist protection mechanism. This gadget chain relies solely on JDK classes and does not require any third-party components. The issue is fixed i...

Improper Verification Of Cryptographic Signature

Keycloak is vulnerable to an Improper Verification of Cryptographic Signature. The vulnerability is due to incorrect validation logic in the XMLSignatureUtil class, where the SAML signature's scope is determined based on its position in the XML document, rather than using the Reference element th...

Unauthorized File Access

Mesop is vulnerable to insufficient input validation. The vulnerability is due to lack of proper input validation mechanisms in the specific endpoint of the Mesop application, which allows an attacker to access files on the server that are not intended to be served...

Improper Access Control

Mautic is vulnerable to Improper Access Control. The vulnerability is due to the lack of mechanisms to verify user permissions during the update process via the user interface, allowing an attacker to access sensitive information...

Authorization Bypass

github.com/authzed/spicedb is vulnerable to Authorization Bypass. The vulnerability is due to incorrect handling of multiple caveats on the same indirect subject type. It allows an attacker to deny legitimate access, resulting in incorrect "no permission" responses when permissions should be...

Remote Code Execution

Camaleon CMS is vulnerable to Remote Code Execution. The vulnerability is due to insufficient file handling in the MediaController's upload method, allowing authenticated users to write arbitrary files to any location on the server, depending on filesystem permissions. This can potentially lead t...

Cross-site Scripting (XSS)

camaleoncms is vulnerable to Cross-site Scripting XSS via the image upload functionality. An attacker can execute arbitrary JavaScript on behalf of the user or administrator by uploading malicious SVG or HTML files with embedded scripts...

Path Traversal

Camaleon CMS is vulnerable to Path Traversal. The vulnerability is due to insufficient path validation in the MediaController's downloadprivatefile method, allowing authenticated users to download any file on the server, depending on file permissions...

Remote Code Execution

Camaleon CMS is vulnerable to Remote Code Execution. The vulnerability is due to missing path validation in the MediaController class, allowing an attacker to delete arbitrary files or folders. Additionally, the cropurl action may allow arbitrary file writes by any authenticated user, though it...

Eval Injection

guardrails-ai is vulnerable to Eval Injection. The vulnerability is due to improper validation in the parsetoken method of the ValidatorsAttr class in the guardrails/guardrails/validatorsattr.py file. An attacker can execute arbitrary code on the user's machine by loading a maliciously crafted XM...

Deserialization Of Untrusted Data

Sqlitedict is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to insecure deserialization which allows attackers to execute arbitrary code by exploiting the deserialization process...

Denial Of Service (DoS)

github.com/coredns/coredns is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of DNS responses by the resolver, which allows it to ignore valid replies, making it susceptible to forged responses from attackers...

OS Command Execution

github.com/chaosblade-io/chaosblade is vulnerable to OS Command Execution. The vulnerability is due to the lack of authentication when using the cmd parameter in the exec.CommandContext function in server mode. It allows an attacker to execute arbitrary OS commands on the server without...

Username Enumeration

mautic/core is vulnerable to Username Enumeration. The vulnerability is due to inconsistent error messages that differentiate between incorrect usernames and weak passwords, allowing attackers to infer valid usernames...

DNS Cache Poisoning

github.com/coredns/coredns is vulnerable to DNS Cache Poisoning. The vulnerability is due to manipulation of the DNS caching mechanism through a birthday attack, which allows attackers to achieve DNS cache poisoning by injecting fake responses...

Authorization Bypass

Sentry is vulnerable to Authorization Bypass. The vulnerability is due to improper scoping of authorization checks on requests to mute alert rules, which allows authenticated users to mute alerts without being members of the organization or having the required permissions on the project...

Cross-site Scripting (XSS)

mautic/core is vulnerable to Cross-Site ScriptingXSS. The vulnerability is due to the Page URL variable not being properly sanitized, allowing malicious scripts to be executed...

Cross-site Scripting (XSS)

mautic/core is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient validation and sanitization of user input, allowing harmful scripts to be saved and later executed in the context of other users’ sessions...

Cross-site Scripting (XSS)

Mautic is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the ability of an attacker to edit a Mautic form, allowing them to insert malicious HTML that can steal sensitive information from the user's current session...

Cross Site Scripting(XSS)

Vite is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to improper handling of the document.currentScript lookup in Vite's script imports for cjs, iife, or umd output formats. It allows attackers to manipulate DOM elements, such as using unsanitized attributes in HTML tags, to...

Local File Inclusion (LFI)

vite is vulnerable to arbitrary file exposure. The vulnerability is due to improper enforcement of file access restrictions in the @fs mechanism, allowing attackers to bypass the allow list by adding ?import to the URL and retrieving the contents of arbitrary files...

Improper Input Validation

Contao is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation and sanitization of user input in the canonical tag, allowing untrusted users to inject insert tags that are then rendered on the web page...

Unrestricted Upload Of File With Dangerous Type

Contao is vulnerable to Unrestricted Upload of File with Dangerous Type. The vulnerability is caused due to a lack of proper validation and security controls in the file upload functionality, allowing malicious users to upload and execute harmful files on the server, which may lead to Remote Code...

Directory Traversal

contao/core-bundle is vulnerable to Directory Traversal. The vulnerability is due to insufficient validation or restriction of file paths in the FileSelector widget, allowing authenticated users to access directories outside the intended document root...

Missing Authentication For Critical Function

Mautic is vulnerable to Missing Authentication for Critical Function. The vulnerability is due to insufficient protection of the upgrade script, which could lead to exploitation if Mautic is installed in a specific, vulnerable configuration...

Cross Site Scripting(XSS)

wireui/wireui is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the lack of proper sanitization or escaping of user input in the label query parameter of the /wireui/button endpoint, which allows malicious actors to inject JavaScript and execute arbitrary code in the victim's...

Insufficient Entropy

devise-two-factor is vulnerable to Insufficient Entropy. The vulnerability is due to the generation of TOTP shared secrets that are only 120 bits, shorter than the 128-bit minimum defined by RFC 4226, allowing an attacker to more easily guess the shared secret and generate valid TOTP codes...

Denial Of Service (DoS)

vLLM library is vulnerable to Denial of Service DoS. The vulnerability is caused due to improper handling of completions API requests with an empty prompt, which allows an attacker to crash the server, resulting in service disruption...

Insecure Direct Object Reference (IDOR)

in2code/powermail is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is caused due to improper validation of the mail parameter in the createAction function, allows an unauthenticated attacker to access user-submitted data from all forms handled by the extension...

XML External Entity (XXE)

kimai/kimai is vulnerable to XML External Entity XXE. The vulnerability is due to improper handling of XML input, specifically failing to securely process external entities within XML documents, allowing an attacker to inject malicious XML content...

Improper Privilege Management

github.com/openshift/openshift-controller-manager is vulnerable to Improper Privilege Management. The vulnerability is due to misuse of elevated privileges during the build process, where the git-clone container is run with a privileged security context, allowing an attacker to provide a crafted...

Execution With Unnecessary Privileges

github.com/openshift/builder is vulnerable to Execution With Unnecessary Privileges. The vulnerability is caused due to improper validation of the spec.source.secrets.secret.destinationDir attribute, allowing path traversal that enables a malicious user to override executable files inside the...

Cross-site Scripting (XSS)

@backstage/plugin-techdocs-backend is vulnerable to Cross-Site Scripting XSS. The vulnerability is caused due to improper handling of content in TechDocs storage buckets, allowing an attacker to inject executable scripts that are executed in the victim's browser when viewing documentation or...

Prototype Pollution

@backstage/plugin-catalog-backend is vulnerable to Prototype Pollution. The vulnerability is caused due to improper user input sanitization in the catalog API, which allows an attacker to interrupt the service using a specially crafted query...

Relative Path Traversal

@backstage/plugin-techdocs-backend is vulnerable to Relative Path Traversal. The vulnerability is caused due to improper validation of file paths, allowing unauthorized access to files in the AWS S3 or GCS storage provider...

Cross Site Scripting(XSS)

concrete5/concrete5 is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to insufficient sanitization of the "Top Navigator Bar" block, allowing a rogue administrator to inject a malicious payload that executes when users visit the home page...

Server Side Request Forgery (SSRF)

czim/file-handling is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper URL validation in the makeFromUrl and makeFromAny functions, allowing an attacker to make unauthorized requests or read local files...

Deserialization Of Untrusted Data

Langchain is vulnerable to Deserialization of Untrusted Data. The vulnerability is caused due to improper deserialization of untrusted pickle data in the FAISS.deserializefrombytes function, which allows execution of arbitrary commands via os.system...

Cache Poisoning

Next is vulnerable to Cache Poisoning. The vulnerability is due to improper handling of crafted HTTP requests, causing the incorrect caching of non-dynamic server-side rendered routes in the pages router. It allows an attacker to manipulate the cache, potentially serving stale or incorrect conten...

Denial Of Service (DoS)

vllm is vulnerable to Denial of Service DoS. The vulnerability is due to the improper handling of the bestof parameter, which fails to manage timeouts or resource exhaustion properly, allowing an attacker to overwhelm the system...

Padding Oracle Attack

org.apache.druid.extensions : druid-pac4j and org.apache.druid : druid-processing is vulnerable to Padding Oracle Attack. The vulnerability is caused due to improper handling of cryptographic padding in the druid-pac4j extension, which could allow an attacker to manipulate a pac4j session cookie...

Improper Certificate Validation

libcurl.so is vulnerable to Improper Certificate Validation. The vulnerability is caused due to improper handling of OCSP responses, allowing an attacker to exploit the failure to correctly handle certain OCSP response statuses, such as "unauthorized," and mislead the system into accepting an...