Lucene search
K
VeracodeRecent

38332 matches found

Veracode
Veracode
•added 2024/10/19 9:9 a.m.•3 views

Remote Code Execution (RCE)

.NET and Visual Studio is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling and validation of input or components, which allows an attacker to execute arbitrary code remotely by crafting malicious inputs or exploiting affected features...

8.1CVSS8.3AI score0.02049EPSS
Exploits0References9Affected Software13
Veracode
Veracode
•added 2024/10/18 10:35 a.m.•6 views

Server Side Request Forgery (SSRF)

Gitea and Gogs are vulnerable to Server Side Request Forgery SSRF. The vulnerability is due to insufficient input sanitization or filtering of webhook URLs, which allows attackers to send malicious requests that exploit the SSRF flaw and gain access to internal services...

8.6CVSS6.8AI score0.02103EPSS
Exploits0References7Affected Software2
Veracode
Veracode
•added 2024/10/18 9:57 a.m.•6 views

Denial Of Service (DoS)

github.com/mattermost/mattermost-server is vulnerable to Denial Of Service DoS. The vulnerability is due to improper memory management in the image proxy component, which allows an attacker to allocate excessive memory for multiple copies of proxied images without adequately handling large file...

6.5CVSS6.6AI score0.00882EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/10/18 8:21 a.m.•8 views

Untitled

org.pac4j:pac4j-core is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to the handling of serialized Java objects inside the InternalAttributeHandlerprepare method. An attacker can execute arbitrary code by providing a specially crafted attribute that contains a...

9.2CVSS7.2AI score0.01949EPSS
Exploits1References8Affected Software1
Veracode
Veracode
•added 2024/10/18 7:53 a.m.•4 views

Network Policy Bypass

github.com/cilium/cilium is vulnerable to Network Policy Bypass. The vulnerability is due to the inherent design of ICMP traffic handling in conjunction with specific network policy settings in Cilium, allows ICMP Echo Requests to bypass intended restrictions...

7.1AI score
Exploits0
Veracode
Veracode
•added 2024/10/18 7:35 a.m.•9 views

Race Condition

Gradio is vulnerable to a Race Condition. The vulnerability is due to improper handling of the updaterootinconfig function, allowing an attacker to modify the root URL and redirect traffic to a malicious server...

8.1CVSS6.6AI score0.00359EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/10/18 7:19 a.m.•9 views

Directory Traversal

Gradio is vulnerable to Directory Traversal. The vulnerability is due to improper file path handling in the /customcomponent endpoint, allowing attackers to access source code from custom components by manipulating the file path...

5.3CVSS6.8AI score0.00421EPSS
Exploits0References1Affected Software1
Veracode
Veracode
•added 2024/10/18 7:3 a.m.•14 views

Origin Validation Error

gradio is vulnerable to Origin Validation Error. The vulnerability is due to the CustomCORSMiddleware class. An attacker can make unauthorized requests and potentially access sensitive data...

8.3CVSS6.5AI score0.00484EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/10/18 6:31 a.m.•7 views

Improper Verification Of Cryptographic Signature

elliptic is vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is due to improper range validation of the S value in the verify function, allowing the usage of an invalid signature...

9.1CVSS6.5AI score0.00507EPSS
Exploits0References4Affected Software2
Veracode
Veracode
•added 2024/10/18 6:24 a.m.•5 views

Arbitrary File Overwrite

github.com/fkie-cad/yapscan is vulnerable to Arbitrary File Overwrite. The vulnerability is due to lack of client authentication and improper server permissions, allowing an attacker to forge requests that overwrite arbitrary files on the host system, potentially leading to data loss...

7.4AI score
Exploits0
Veracode
Veracode
•added 2024/10/18 6:8 a.m.•11 views

Server Side Request Forgery (SSRF)

github.com/gophish/gophish is vulnerable to Server Side Request Forgery SSRF. The vulnerability is due to improper validation of external resource requests, allowing an attacker to send crafted requests to internal services...

5.3CVSS6.7AI score0.01322EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2024/10/18 5:50 a.m.•8 views

Transaction Replay Attack

github.com/cosmos/ethermint is vulnerable to Transaction Replay Attack. The vulnerability is due to a flaw in the EVM module where, if the victim sends a very large nonce transaction, the attacker can replay the transaction through the application...

7.5CVSS6.5AI score0.01147EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/10/17 10:6 a.m.•7 views

Directory Traversal

Gradio is vulnerable to a Directory Traversal. The vulnerability is due to improper path validation in the isinorequal function, which can be bypassed using .. parent directory sequences, allowing attackers to potentially access restricted files...

6.5CVSS6.6AI score0.00687EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/10/17 9:43 a.m.•7 views

Origin Validation Error

gradio is vulnerable to Origin Validation Error. The vulnerability is due the localhostaliases variable including "null" as a valid origin, when the server is deployed locally. An attacker can make unauthorized requests from sandboxed iframes or other sources with a null origin, potentially leadi...

6.9CVSS6.8AI score0.00274EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/10/17 9:42 a.m.•3 views

Credentials Exposure

github.com/argoproj/argo-cd is vulnerable to Credentials Exposure. The vulnerability is due to the inappropriate handling and logging of sensitive authentication information within pod logs when connected to a Helm OCI repository with authentication enabled, allows individuals with access to the...

6.9AI score
Exploits0
Veracode
Veracode
•added 2024/10/17 9:27 a.m.•4 views

Denial Of Service (DoS)

The System.IO.Packaging library is vulnerable to Denial Of Service DoS. The vulnerability is due to the inadequate validation of untrusted inputs by the System.IO.Packaging library, allowing attackers to exploit complex operations and exhaust system resources...

7.5CVSS6.7AI score0.02893EPSS
Exploits0References5Affected Software4
Veracode
Veracode
•added 2024/10/17 8:49 a.m.•6 views

Denial Of Service (DoS)

System.Security.Cryptography.Cose, System.IO.Packaging, and Microsoft.Extensions.Caching.Memory are vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient input validation and inadequate mechanisms to handle large datasets that allows to consume excessive resources...

7.5CVSS6.6AI score0.02833EPSS
Exploits0References2Affected Software6
Veracode
Veracode
•added 2024/10/17 7:22 a.m.•6 views

Data Validation Bypass

Gradio is vulnerable to a Data Validation Bypass vulnerability. The vulnerability is due to improper enforcement of input constraints due to the pre-processing step in the Dropdown component, allowing attackers to send custom requests with arbitrary values even when the allowcustomvalue parameter...

7.1AI score
Exploits0
Veracode
Veracode
•added 2024/10/17 6:10 a.m.•5 views

Denial Of Service (DoS)

System.Text.Json is vulnerable to Denial Of Service DoS. The vulnerability is due to deserializing input to a model with an ExtensionData property, which allows an attacker to consume excessive resources...

7.5CVSS6.5AI score0.03009EPSS
Exploits0References4Affected Software4
Veracode
Veracode
•added 2024/10/17 5:55 a.m.•6 views

Unauthorized Access

github.com/netlify/gotrue is vulnerable to Unauthorized Access. The vulnerability is due to the insecure handling of provider metadata from the user object, allows attackers to exploit the metadata, compromising the security of other resources...

7.1AI score
Exploits0
Veracode
Veracode
•added 2024/10/17 5:19 a.m.•7 views

Privilege Escalation

github.com/juju/juju is vulnerable to a privilege escalation. The vulnerability is due to the use of a predictable JUJUCONTEXTID as an authentication secret, allows an unprivileged user in the same network namespace to guess the ID and connect to the abstract domain socket...

8.7CVSS6.8AI score0.00501EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2024/10/17 5:19 a.m.•4 views

Unauthorized Access

github.com/juju/juju is vulnerable to an Unauthorized Access. The vulnerability is due to improper access control over the JUJUCONTEXTID and the exposed UNIX domain socket, allowing unauthorized users on the local system with access to the default network namespace to connect and perform privileg...

6.5CVSS6.4AI score0.00185EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2024/10/16 11:59 a.m.•3 views

Spoofing Attack

github.com/containerd/containerd is vulnerable to Spoofing Attack. The vulnerability is due to the lack of a definitive specification for manifest and index documents in the OCI Distribution and Image Specifications, allows different interpretations based on the Content-Type header...

7AI score
Exploits0
Veracode
Veracode
•added 2024/10/16 11:58 a.m.•3 views

Arbitrary Code Execution

github.com/github/git-sizer is vulnerable to Arbitrary Code Execution. The vulnerability is due to the misconfiguration of the system's PATH environment variable, which can allow malicious executables to be inadvertently run when commands are executed if the current directory is placed before the...

7.4AI score
Exploits0
Veracode
Veracode
•added 2024/10/16 11:56 a.m.•8 views

Arbitrary Code Execution

github.com/liamg/gitjacker is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper handling of file paths, allowing directory traversal with a crafted .git directory...

9.8CVSS6.7AI score0.03772EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2024/10/16 11:54 a.m.•5 views

UUID Attack

github.com/sylabs/sif is vulnerable to UUID attack. The vulnerability is due to insecure randomness in the github.com/satori/go.uuid module, allowing an attacker to predict UUIDs, potentially enabling them to impersonate or manipulate containers...

7.5CVSS6.6AI score0.00958EPSS
Exploits1References5Affected Software1
Veracode
Veracode
•added 2024/10/16 11:18 a.m.•10 views

Missing Encryption Of Sensitive Data

gradio is vulnerable to Missing Encryption of Sensitive Data. The vulnerability is due to insecure communication between the FRP client and server, when the share option is set to true. An attacker can intercept and read files uploaded to the server, as well as modify responses or data sent betwe...

9.1CVSS6.6AI score0.00172EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/10/16 11:9 a.m.•14 views

Directory Traversal

Gradio is vulnerable to a Directory Traversal. The vulnerability is due to improper data validation in several Gradio components, allowing attackers to bypass input constraints and leak arbitrary files through the post-processing step. This could expose sensitive files to unauthorized users,...

7.5CVSS6.7AI score0.00804EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2024/10/16 10:57 a.m.•6 views

Server-Side Request Forgery (SSRF)

Gradio is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to SSRF in the /queue/join endpoint, allowing attackers to exploit the asyncsaveurltocache function to make HTTP requests to user-controlled URLs. This can enable attackers to target internal servers, exfiltrate...

9.8CVSS6.7AI score0.00463EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/10/16 10:45 a.m.•9 views

Resources Downloaded Over Insecure Protocol

gradio is vulnerable to Resources Downloaded over Insecure Protocol. The vulnerability is due to the lack of integrity checking on the downloaded FRP client. An attacker can introduce malicious code by modifying the binary without detection if they gain access to the remote URL from which the FRP...

7.5CVSS7.1AI score0.00208EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/10/16 8:28 a.m.•13 views

Cross-site Scripting (XSS)

gradio is vulnerable to Cross-site Scripting XSS. The vulnerability is due to inadequate file type restrictions or server-side validation for the upload of HTML, JS, or SVG files. An attacker can execute unauthorized actions or steal sensitive information by uploading malicious scripts that execu...

6.9CVSS6.2AI score0.00252EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/10/16 8:21 a.m.•16 views

Always-Incorrect Control Flow Implementation

gradio is vulnerable to Always-Incorrect Control Flow Implementation. The vulnerability is due to the improper handling of the enablemonitoring flag. An attacker can access sensitive application analytics by directly requesting the /monitoring endpoint...

4.3CVSS6.5AI score0.00323EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/10/16 8:12 a.m.•7 views

Timing Attack

gradio is vulnerable to Timing Attack. The vulnerability is due to the analyticsdashboard function. An attacker can infer the correct hash byte-by-byte by measuring the response time of different requests, leading to unauthorized access to the analytics dashboard...

3.7CVSS6.6AI score0.00285EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/10/16 7:20 a.m.•5 views

Denial Of Service (DoS)

github.com/juju/juju is vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient authentication controls on the abstract UNIX domain socket, allowing any local network namespace user to access it without proper verification...

7.9CVSS6.6AI score0.0021EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/10/16 6:47 a.m.•9 views

Directory Traversal

www.velocidex.com/golang/velociraptor is vulnerable to Directory Traversal. The vulnerability is due to improper sanitization of the client ID parameter in the CreateCollection API, allows attackers to manipulate the input and exploit the system's file handling, thereby gaining unauthorized acces...

4.3CVSS6.6AI score0.00744EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2024/10/16 6:5 a.m.•6 views

Privilege Escalation

Tgithub.com/talos-systems/talos is vulnerable to Privilege Escalation. The vulnerability is due to improper validation of the requests during the certificate signing process for worker nodes in the Talos cluster. It allows a control plane node to issue Talos API certificates that grant unauthoriz...

8.8CVSS6.7AI score0.00533EPSS
Exploits0References5Affected Software2
Veracode
Veracode
•added 2024/10/16 5:46 a.m.•10 views

Denial Of Service (DoS)

Apache Tomcat is vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient resource limitations during the TLS handshake process, which allows an attacker to exploit this process repeatedly, leading to memory exhaustion and an OutOfMemoryError...

8.6CVSS6.5AI score0.01702EPSS
Exploits0References9Affected Software2
Veracode
Veracode
•added 2024/10/16 4:57 a.m.•6 views

Information Disclosure

Mattermost is vulnerable to Information Disclosure.The vulnerability is due to insufficient API permissions enforcement, allowing team members to retrieve sensitive information without sufficient restrictions...

6.5CVSS6.2AI score0.00692EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/10/15 4:44 p.m.•11 views

Improper Verification Of Cryptographic Signature

github.com/ssoready/ssoready is vulnerable to Improper Verification of Cryptographic Signature via the onlyPathHoistNamesInternal function. The vulnerability is due to differential XML parsing. Attackers can carry out a signature bypass if they have access to certain IDP-signed messages...

9.8CVSS6.6AI score0.00387EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2024/10/15 4:0 p.m.•11 views

Incorrect Privilege Assignment

github.com/hashicorp/vault is vulnerable to Incorrect Privilege Assignment. The vulnerability is due to the mishandling of entries in an in-memory cache, a privileged operators could manipulate their cached record through an API endpoint on a node, potentially escalating their privileges to the...

7.2CVSS6.5AI score0.00528EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/10/15 10:23 a.m.•7 views

Consensus Attack

github.com/ethereum/go-ethereum is vulnerable to a Consensus Attack. The vulnerability is due to Geth's pre-compiled dataCopy contract performing a shallow copy on invocation, which allows an attacker to manipulate Ethereum Virtual Machine EVM memory and cause a consensus mismatch between nodes...

7.1CVSS6.6AI score0.01081EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/10/15 9:12 a.m.•10 views

Always-Incorrect Control Flow Implementation

btcd is vulnerable to Always-Incorrect Control Flow Implementation. The vulnerability is due to a consensus failure caused by the incorrect re-implementation of Bitcoin Core's "FindAndDelete" functionality. This flaw can result in btcd clients accepting an invalid Bitcoin block or rejecting a val...

8.1CVSS6.4AI score0.01022EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2024/10/15 8:13 a.m.•7 views

Rainbow Table Attack

github.com/amir20/dozzle is vulnerable to Rainbow Table Attack. The vulnerability is due to the use of sha-256 for password hashing, which is less secure than bcrypt and allows an attacker to easily reverse hashed passwords using rainbow tables...

7.5CVSS6.8AI score0.00205EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/10/15 7:47 a.m.•12 views

XML External Entity (XXE)

org.apache.xmlgraphics, fop-core is vulnerable to XML External Entity Reference XXE. The vulnerability is due to the application's failure to properly configure XML parsers and restrict the processing of external entities, allowing an attacker to exploit external entity references without adequat...

7.5CVSS6.6AI score0.01003EPSS
Exploits0References5Affected Software2
Veracode
Veracode
•added 2024/10/15 7:47 a.m.•6 views

Path Traversal

github.com/containers/buildah is vulnerable to Path Traversal. The vulnerability is due to insufficient validation of user-specified paths for cache mounts, which allows users to reference directories outside the designated cache directory...

7.8CVSS7.6AI score0.00392EPSS
Exploits0References28Affected Software3
Veracode
Veracode
•added 2024/10/15 7:42 a.m.•4 views

Regular Expression Denial Of Service (ReDoS)

xhtml2pdf is vulnerable to Regular expression Denial of Service ReDOS. The vulnerability is due to improper handling of input strings within the regular expressions used in the getcolor function within utils.py, which allows attackers to supply crafted strings that trigger the Denial of Service...

7.5CVSS6.5AI score0.00807EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/10/15 7:41 a.m.•6 views

Denial Of Service (DoS)

django is vulnerable to Denial Of Service DoS. The vulnerability is due to the urlize and urlizetrunc template filters being susceptible to very large inputs containing a specific sequence of characters, allows an attacker to execute a denial-of-service attack...

7.5CVSS7.5AI score0.25327EPSS
Exploits0References10Affected Software1
Veracode
Veracode
•added 2024/10/15 7:39 a.m.•10 views

HTTP Smuggling

org.jboss.resteasy, resteasy-netty4-cdi is vulnerable to HTTP Smuggling. The vulnerability is due to improper handling of HTTP requests by the resteasy-netty4 library, specifically when the Netty HttpObjectDecoder fails to process HTTP smuggling requests with ASCII control characters, causing it ...

5.3CVSS6.6AI score0.00653EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2024/10/15 7:31 a.m.•6 views

Incorrect User Management

github.com/ubuntu/authd is vulnerable to Incorrect User Management. The vulnerability is due to insufficient randomization of user IDs, allowing a local attacker to register usernames and spoof another user's ID, gaining their privileges. This issue affects Authd through version 0.3.6...

7.5CVSS6.3AI score0.0028EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2024/10/15 7:8 a.m.•7 views

Insecure Direct Object Reference (IDOR)

Open-webui/open-webui is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is caused by insufficient access controls in the API, which fail to validate user permissions, allowing unauthorized users to manipulate restricted data...

6.5CVSS6.6AI score0.00357EPSS
Exploits1References4Affected Software1
Total number of security vulnerabilities38332