38332 matches found
Remote Code Execution (RCE)
.NET and Visual Studio is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling and validation of input or components, which allows an attacker to execute arbitrary code remotely by crafting malicious inputs or exploiting affected features...
Server Side Request Forgery (SSRF)
Gitea and Gogs are vulnerable to Server Side Request Forgery SSRF. The vulnerability is due to insufficient input sanitization or filtering of webhook URLs, which allows attackers to send malicious requests that exploit the SSRF flaw and gain access to internal services...
Denial Of Service (DoS)
github.com/mattermost/mattermost-server is vulnerable to Denial Of Service DoS. The vulnerability is due to improper memory management in the image proxy component, which allows an attacker to allocate excessive memory for multiple copies of proxied images without adequately handling large file...
Untitled
org.pac4j:pac4j-core is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to the handling of serialized Java objects inside the InternalAttributeHandlerprepare method. An attacker can execute arbitrary code by providing a specially crafted attribute that contains a...
Network Policy Bypass
github.com/cilium/cilium is vulnerable to Network Policy Bypass. The vulnerability is due to the inherent design of ICMP traffic handling in conjunction with specific network policy settings in Cilium, allows ICMP Echo Requests to bypass intended restrictions...
Race Condition
Gradio is vulnerable to a Race Condition. The vulnerability is due to improper handling of the updaterootinconfig function, allowing an attacker to modify the root URL and redirect traffic to a malicious server...
Directory Traversal
Gradio is vulnerable to Directory Traversal. The vulnerability is due to improper file path handling in the /customcomponent endpoint, allowing attackers to access source code from custom components by manipulating the file path...
Origin Validation Error
gradio is vulnerable to Origin Validation Error. The vulnerability is due to the CustomCORSMiddleware class. An attacker can make unauthorized requests and potentially access sensitive data...
Improper Verification Of Cryptographic Signature
elliptic is vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is due to improper range validation of the S value in the verify function, allowing the usage of an invalid signature...
Arbitrary File Overwrite
github.com/fkie-cad/yapscan is vulnerable to Arbitrary File Overwrite. The vulnerability is due to lack of client authentication and improper server permissions, allowing an attacker to forge requests that overwrite arbitrary files on the host system, potentially leading to data loss...
Server Side Request Forgery (SSRF)
github.com/gophish/gophish is vulnerable to Server Side Request Forgery SSRF. The vulnerability is due to improper validation of external resource requests, allowing an attacker to send crafted requests to internal services...
Transaction Replay Attack
github.com/cosmos/ethermint is vulnerable to Transaction Replay Attack. The vulnerability is due to a flaw in the EVM module where, if the victim sends a very large nonce transaction, the attacker can replay the transaction through the application...
Directory Traversal
Gradio is vulnerable to a Directory Traversal. The vulnerability is due to improper path validation in the isinorequal function, which can be bypassed using .. parent directory sequences, allowing attackers to potentially access restricted files...
Origin Validation Error
gradio is vulnerable to Origin Validation Error. The vulnerability is due the localhostaliases variable including "null" as a valid origin, when the server is deployed locally. An attacker can make unauthorized requests from sandboxed iframes or other sources with a null origin, potentially leadi...
Credentials Exposure
github.com/argoproj/argo-cd is vulnerable to Credentials Exposure. The vulnerability is due to the inappropriate handling and logging of sensitive authentication information within pod logs when connected to a Helm OCI repository with authentication enabled, allows individuals with access to the...
Denial Of Service (DoS)
The System.IO.Packaging library is vulnerable to Denial Of Service DoS. The vulnerability is due to the inadequate validation of untrusted inputs by the System.IO.Packaging library, allowing attackers to exploit complex operations and exhaust system resources...
Denial Of Service (DoS)
System.Security.Cryptography.Cose, System.IO.Packaging, and Microsoft.Extensions.Caching.Memory are vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient input validation and inadequate mechanisms to handle large datasets that allows to consume excessive resources...
Data Validation Bypass
Gradio is vulnerable to a Data Validation Bypass vulnerability. The vulnerability is due to improper enforcement of input constraints due to the pre-processing step in the Dropdown component, allowing attackers to send custom requests with arbitrary values even when the allowcustomvalue parameter...
Denial Of Service (DoS)
System.Text.Json is vulnerable to Denial Of Service DoS. The vulnerability is due to deserializing input to a model with an ExtensionData property, which allows an attacker to consume excessive resources...
Unauthorized Access
github.com/netlify/gotrue is vulnerable to Unauthorized Access. The vulnerability is due to the insecure handling of provider metadata from the user object, allows attackers to exploit the metadata, compromising the security of other resources...
Privilege Escalation
github.com/juju/juju is vulnerable to a privilege escalation. The vulnerability is due to the use of a predictable JUJUCONTEXTID as an authentication secret, allows an unprivileged user in the same network namespace to guess the ID and connect to the abstract domain socket...
Unauthorized Access
github.com/juju/juju is vulnerable to an Unauthorized Access. The vulnerability is due to improper access control over the JUJUCONTEXTID and the exposed UNIX domain socket, allowing unauthorized users on the local system with access to the default network namespace to connect and perform privileg...
Spoofing Attack
github.com/containerd/containerd is vulnerable to Spoofing Attack. The vulnerability is due to the lack of a definitive specification for manifest and index documents in the OCI Distribution and Image Specifications, allows different interpretations based on the Content-Type header...
Arbitrary Code Execution
github.com/github/git-sizer is vulnerable to Arbitrary Code Execution. The vulnerability is due to the misconfiguration of the system's PATH environment variable, which can allow malicious executables to be inadvertently run when commands are executed if the current directory is placed before the...
Arbitrary Code Execution
github.com/liamg/gitjacker is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper handling of file paths, allowing directory traversal with a crafted .git directory...
UUID Attack
github.com/sylabs/sif is vulnerable to UUID attack. The vulnerability is due to insecure randomness in the github.com/satori/go.uuid module, allowing an attacker to predict UUIDs, potentially enabling them to impersonate or manipulate containers...
Missing Encryption Of Sensitive Data
gradio is vulnerable to Missing Encryption of Sensitive Data. The vulnerability is due to insecure communication between the FRP client and server, when the share option is set to true. An attacker can intercept and read files uploaded to the server, as well as modify responses or data sent betwe...
Directory Traversal
Gradio is vulnerable to a Directory Traversal. The vulnerability is due to improper data validation in several Gradio components, allowing attackers to bypass input constraints and leak arbitrary files through the post-processing step. This could expose sensitive files to unauthorized users,...
Server-Side Request Forgery (SSRF)
Gradio is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to SSRF in the /queue/join endpoint, allowing attackers to exploit the asyncsaveurltocache function to make HTTP requests to user-controlled URLs. This can enable attackers to target internal servers, exfiltrate...
Resources Downloaded Over Insecure Protocol
gradio is vulnerable to Resources Downloaded over Insecure Protocol. The vulnerability is due to the lack of integrity checking on the downloaded FRP client. An attacker can introduce malicious code by modifying the binary without detection if they gain access to the remote URL from which the FRP...
Cross-site Scripting (XSS)
gradio is vulnerable to Cross-site Scripting XSS. The vulnerability is due to inadequate file type restrictions or server-side validation for the upload of HTML, JS, or SVG files. An attacker can execute unauthorized actions or steal sensitive information by uploading malicious scripts that execu...
Always-Incorrect Control Flow Implementation
gradio is vulnerable to Always-Incorrect Control Flow Implementation. The vulnerability is due to the improper handling of the enablemonitoring flag. An attacker can access sensitive application analytics by directly requesting the /monitoring endpoint...
Timing Attack
gradio is vulnerable to Timing Attack. The vulnerability is due to the analyticsdashboard function. An attacker can infer the correct hash byte-by-byte by measuring the response time of different requests, leading to unauthorized access to the analytics dashboard...
Denial Of Service (DoS)
github.com/juju/juju is vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient authentication controls on the abstract UNIX domain socket, allowing any local network namespace user to access it without proper verification...
Directory Traversal
www.velocidex.com/golang/velociraptor is vulnerable to Directory Traversal. The vulnerability is due to improper sanitization of the client ID parameter in the CreateCollection API, allows attackers to manipulate the input and exploit the system's file handling, thereby gaining unauthorized acces...
Privilege Escalation
Tgithub.com/talos-systems/talos is vulnerable to Privilege Escalation. The vulnerability is due to improper validation of the requests during the certificate signing process for worker nodes in the Talos cluster. It allows a control plane node to issue Talos API certificates that grant unauthoriz...
Denial Of Service (DoS)
Apache Tomcat is vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient resource limitations during the TLS handshake process, which allows an attacker to exploit this process repeatedly, leading to memory exhaustion and an OutOfMemoryError...
Information Disclosure
Mattermost is vulnerable to Information Disclosure.The vulnerability is due to insufficient API permissions enforcement, allowing team members to retrieve sensitive information without sufficient restrictions...
Improper Verification Of Cryptographic Signature
github.com/ssoready/ssoready is vulnerable to Improper Verification of Cryptographic Signature via the onlyPathHoistNamesInternal function. The vulnerability is due to differential XML parsing. Attackers can carry out a signature bypass if they have access to certain IDP-signed messages...
Incorrect Privilege Assignment
github.com/hashicorp/vault is vulnerable to Incorrect Privilege Assignment. The vulnerability is due to the mishandling of entries in an in-memory cache, a privileged operators could manipulate their cached record through an API endpoint on a node, potentially escalating their privileges to the...
Consensus Attack
github.com/ethereum/go-ethereum is vulnerable to a Consensus Attack. The vulnerability is due to Geth's pre-compiled dataCopy contract performing a shallow copy on invocation, which allows an attacker to manipulate Ethereum Virtual Machine EVM memory and cause a consensus mismatch between nodes...
Always-Incorrect Control Flow Implementation
btcd is vulnerable to Always-Incorrect Control Flow Implementation. The vulnerability is due to a consensus failure caused by the incorrect re-implementation of Bitcoin Core's "FindAndDelete" functionality. This flaw can result in btcd clients accepting an invalid Bitcoin block or rejecting a val...
Rainbow Table Attack
github.com/amir20/dozzle is vulnerable to Rainbow Table Attack. The vulnerability is due to the use of sha-256 for password hashing, which is less secure than bcrypt and allows an attacker to easily reverse hashed passwords using rainbow tables...
XML External Entity (XXE)
org.apache.xmlgraphics, fop-core is vulnerable to XML External Entity Reference XXE. The vulnerability is due to the application's failure to properly configure XML parsers and restrict the processing of external entities, allowing an attacker to exploit external entity references without adequat...
Path Traversal
github.com/containers/buildah is vulnerable to Path Traversal. The vulnerability is due to insufficient validation of user-specified paths for cache mounts, which allows users to reference directories outside the designated cache directory...
Regular Expression Denial Of Service (ReDoS)
xhtml2pdf is vulnerable to Regular expression Denial of Service ReDOS. The vulnerability is due to improper handling of input strings within the regular expressions used in the getcolor function within utils.py, which allows attackers to supply crafted strings that trigger the Denial of Service...
Denial Of Service (DoS)
django is vulnerable to Denial Of Service DoS. The vulnerability is due to the urlize and urlizetrunc template filters being susceptible to very large inputs containing a specific sequence of characters, allows an attacker to execute a denial-of-service attack...
HTTP Smuggling
org.jboss.resteasy, resteasy-netty4-cdi is vulnerable to HTTP Smuggling. The vulnerability is due to improper handling of HTTP requests by the resteasy-netty4 library, specifically when the Netty HttpObjectDecoder fails to process HTTP smuggling requests with ASCII control characters, causing it ...
Incorrect User Management
github.com/ubuntu/authd is vulnerable to Incorrect User Management. The vulnerability is due to insufficient randomization of user IDs, allowing a local attacker to register usernames and spoof another user's ID, gaining their privileges. This issue affects Authd through version 0.3.6...
Insecure Direct Object Reference (IDOR)
Open-webui/open-webui is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is caused by insufficient access controls in the API, which fail to validate user permissions, allowing unauthorized users to manipulate restricted data...