Improper Authorization

org.opendaylight.mdsal : mdsal-artifacts is vulnerable to Improper Authorization. The vulnerability is due to improper role enforcement, allowing a controller with a follower role to configure flow entries in an OpenDaylight clustering deployment...

Cross Site Scripting(XSS)

Decidim is vulnerable to Cross-Site Scripting XSS attacks. The vulnerability is due to improper sanitization of admin activity logs, allowing XSS payloads to be injected when an admin assigns a valuator to a proposal or performs other actions that generate logs with malicious content...

Cross Site Scripting(XSS)

Decidim is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to improper validation and sanitization of HTML content in the QuillJS WYSIWYG editor, which allows attackers to inject malicious code, such as an XSS payload, before the content is uploaded to the server...

Improper Authorization

org.opendaylight.aaa : aaa-authn-api is vulnerable to Improper Authorization. The vulnerability is due to inadequate validation of cluster membership in OpenDaylight AAA, allowing a rogue controller to impersonate an offline peer even without complete cluster configuration information...

Exposure Of Sensitive Information In Log Files

Ansible is vulnerable to Exposure of Sensitive Information in Log Files. The vulnerability is caused due to insufficient protection of sensitive data when the nolog: true parameter is omitted while loading vaulted variables, allowing sensitive information, such as passwords or API keys, to be...

Cross Site Scripting(XSS)

Concrete CMS is vulnerable to Cross-Site Scripting XSS. The vulnerability is caused due to improper sanitization of the $nextLinkText and $previousLinkText variables in the Next Nav block, which allows attackers to execute malicious code...

Cross Site Scripting(XSS)

DOMPurify is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper depth checking, which can be bypassed through special HTML nesting techniques and prototype pollution, allowing an attacker to execute malicious scripts in the victim's browser...

Path Traversal

org.springframework:spring-webmvc and org.springframework:spring-webflux are vulnerable to Path Traversal. The vulnerability is due to inadequate validation of file paths in HTTP requests, allowing access to files on the file system when using RouterFunctions with a FileSystemResource location...

Heap-based Buffer Overflow

libzephyr.so is vulnerable to a Heap-based Buffer Overflow. The vulnerability is caused due to a lack of adequate size checks on buf before performing the netbufpullu8buf operation. This may result in memory corruption or a Denial of Service DoS...

Exposure Of Sensitive Information To An Unauthorized Actor

libzpehyr.so is vulnerable to Exposure Of Sensitive Information To An Unauthorized Actor. The vulnerability is due to improper handling of encryption procedure status codes, which allows a custom-made remote controller to incorrectly indicate success even when encryption requests are rejected...

Heap-based Buffer Overflow

libzephyr.so is vulnerable to Heap-based Buffer Overflow. The vulnerability is caused due to missing checks for the remaining size of a buffer in the bthcileadvextreport function in bluetooth/host/scan.c before passing it on to the cont routine. This may lead to unexpected behavior or system...

Out-of-bounds Write

libzephyr.so is vulnerable to Out-of-bounds Write.The vulnerability is caused due to improper handling of data sizes in the getattsearchlist function in bluetooth/host/sdp.c, which can lead to a crash when passing a dataelem of size greater than 10...

Server-Side Request Forgery (SSRF)

litellm is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to lack of validation or restriction on the apibase parameter in POST /chat/completions, allowing a malicious user to intercept the OpenAI API key by redirecting requests to their own domain...

Heap-based Buffer Overflow

libzephyr.so is vulnerable to a Heap-based Buffer Overflow. The vulnerability is due to inadequate validation of buffer lengths in BLE connection update operations, which could lead to a divide by zero condition...

Incorrect Access Control

Whatsapp-api-js is vulnerable to Incorrect Access Control. The vulnerability is due to improper validation of request signatures in the WhatsAppAPI.verifyRequestSignature method, which allows an attacker to bypass access controls by manipulating the signature verification process...

Deserialization Of Untrusted Data

MindsDB is vulnerable to Deserialization of Untrusted Data. The vulnerability is caused due to improper handling of pickle objects in the predict method of ModelWrapperUnsafe class within byomhandler.py, allowing execution of arbitrary code when deserializing a malicious pickle object...

Deserialization Of Untrusted Data

MindsDB is vulnerable to Deserialization of Untrusted Data. The vulnerability is caused due to improper handling of data with pickle.loads in the describe method within byomhandler.py, allowing arbitrary code execution via a malicious 'inhouse' model...

Deserialization Of Untrusted Data

MindsDB is vulnerable to Deserialization of Untrusted Data. The vulnerability is caused due to improper deserialization of untrusted pickle data in the finetune method within byomhandler.py, which allows the execution of arbitrary code on the server during the 'finetune' process...

Code Injection

refuelautolabel is vulnerable to Code Injection. The vulnerability is due to improper handling of user-provided CSV files, where the eval function processes malicious code without validation, allowing an attacker to gain control of the system or execute unauthorized commands...

Type Confusion

Firefox is vulnerable to a type confusion vulnerability. The vulnerability is due to an error in the ECMA-262 specification relating to Async Generators, which could lead to memory corruption. Attackers can exploit this to cause an exploitable crash...

Eval Injection

MindsDB is vulnerable to Eval Injection. The vulnerability is caused by improper validation of Python code in specially crafted ‘INSERT’ queries, which are executed via an unprotected eval function on the server, allowing an attacker to execute arbitrary code...

Eval Injection

MindsDB is vulnerable to Eval Injection. The vulnerability is due to unsanitized input in the Microsoft SharePoint integration, where a specially crafted 'INSERT' query for site column creation allows Python code to be passed to an eval function and executed on the server...

Cross Site Scripting(XSS)

MindsDB is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the lack of proper sanitization or validation of user-generated content within the MindsDB platform. It allows an attacker to execute arbitrary JavaScript code in a user's browser by injecting it into the web UI throug...

Code Injection

refuelautolabel is vulnerable to Code Injection. The vulnerability caused by improper use of the eval function to process CSV files in classification tasks. If a maliciously crafted CSV file containing Python code is provided, the eval function executes this code, leading to arbitrary code...

Deserialization Attack

Cleanlab is vulnerable to Deserialization Attack. The vulnerability is due to improper handling of deserialization processes, where the system does not validate or sanitize the contents of the datalab.pkl file, It allows an attacker to execute arbitrary code on an end user’s system...

Deserialization Attack

MindsDB is vulnerable to Deserialization Attack. The vulnerability is due to unsafe deserialization of untrusted data, where the system fails to properly validate or sanitize the data before processing it, allowing malicious code to be executed when interacting with the deserialized model...

Code Injection

MindsDB is vulnerable to Code Injection. The vulnerability is due to the unsafe use of the eval function, which directly executes input Python code without proper validation. It allows an attackers to inject and execute arbitrary code via the 'SELECT WHERE' clause...

Eval Injection

MindsDB is vulnerable to Eval Injection. The vulnerability is due to unsanitized input in the Microsoft SharePoint integration within sharepointapi.py, where a specially crafted 'INSERT' query containing Python code is passed to the eval function, allowing an attacker to execute arbitrary code on...

Eval Injection

MindsDB is vulnerable to Eval Injection. The vulnerability is due to unsanitized input in several integrations, where a specially crafted 'UPDATE' query containing Python code is passed to an eval function and executed on the server...

Eval Injection

MindsDB is vulnerable to arbitrary code execution. The vulnerability is due to unsanitized input in the ChromaDB integration, where a specially crafted 'INSERT' query containing Python code is passed to an eval function and executed on the server...

Authentication Bypass

org.eclipse.edc:transfer-data-plane is vulnerable to Authentication Bypass via the ConsumerPullTransferTokenValidationApiController function. An attacker can bypass the check for token expiration by exploiting the lack of validation for token validity expiry, not-before, issuance date...

Argument Injection

aws-sam-cli is vulnerable to Argument Injection. The vulnerability is due to the ability for users to specify arguments in the SAM template that are passed to the Docker engine during the build, potentially leading to malicious code execution...

URL Redirection

org.glassfish.main.web:web-core is vulnerable to a URL Redirection. The vulnerability is due to untrusted URL redirection capabilities in the Apache code included in GlassFish, affecting applications deployed to the root context '/'. It allows an attacker to redirect users to untrusted or malicio...

Token Leakage

sagemakertrainin is vulnerable to Token Leakage. The vulnerability is due to the logging of CodeArtifact authorization tokens in log files, which, when pushed to CloudWatch Log streams, It can allow unauthorized access to CodeArtifact resources...

Prototype Pollution

dset is vulnerable to Prototype Pollution. The vulnerability is due improper user input sanitization. This vulnerability allows the attacker to inject malicious object property using the built-in Object property proto, which is recursively assigned to all the objects in the program...

Cross Site Scripting(XSS)

damienharper/auditor-bundle is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to failing to properly escape the %sourcelabel% in the Twig macro, allowing malicious script tags to be injected and executed within the application...

Authentication Bypass

ruby-saml is vulnerable to Authentication Bypass. The vulnerability is due to improper verification of the signature in the SAML Response, allowing an unauthenticated attacker to forge a SAML Response/Assertion and log in as an arbitrary user...

Cross-site Scripting (XSS)

serve-static is vulnerable to Cross-site Scripting XSS. The vulnerability is due to passing untrusted user input, even after sanitization, to the redirect function, which may lead to the execution of untrusted code...

Denial Of Service (DoS)

Keycloak is vulnerable to a Denial of Service DoS. The vulnerability is due to a lack of limits on the number of attributes per object, allowing an attacker to send repeated HTTP requests that cause resource exhaustion when the application returns rows with long attribute values...

Session Fixation

Directus is vulnerable to Session Fixation. The vulnerability is due to improper caching of unauthenticated requests via OpenID or OAuth2 endpoints, allowing unauthenticated users to access the credentials of the last authenticated user...

Denial Of Service (DoS)

body-parser is vulnerable to Denial Of Service DoS. The vulnerability is due to inadequate handling of url encoding in body-parser, which allows an attacker to flood the server with excessive requests, potentially disrupting the server’s availability...

Remote Code Execution (RCE)

Express.js is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient validation or handling of user input when passed to response.redirect, allowing untrusted code to be executed despite sanitization efforts...

Remote Code Execution (RCE)

dtale is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling or validation of user input in the "Custom Filter" feature using the getstrarg method, allowing malicious code to be executed on the server...

Code Execution

Send is vulnerable to untrusted code execution. The vulnerability is due to the failure to properly validate or sanitize user input before passing it to SendStream.redirect, which allows an attacker to execute arbitrary code on the server...

Content Spoofing

angular is vulnerable to Content Spoofing. The vulnerability is caused due to improper sanitization of the value of the srcset attribute in HTML elements. This allows attackers to bypass common image source restrictions, which can lead to a form of Content Spoofing...

Content Spoofing

angular is vulnerable to Content Spoofing. The vulnerability is caused by improper sanitization of the value of the srcset attribute. This allows attackers to bypass common image source restrictions, leading to a form of Content Spoofing...

Improper Encoding (Escaping Of Output)

Apache Airflow is vulnerable to Improper Encoding Escaping of Output. The vulnerability is due to the example DAG exampleinleteventextra.py allowing authenticated attackers with DAG trigger permissions to execute arbitrary commands...

Arbitrary Code Execution

Apache Airflow is vulnerable to Arbitrary Code Execution. The vulnerability is due to DAG authors being able to add local settings to the DAG folder, which are then executed by the scheduler, allowing unintended code execution...

Expired OTP Usage

Keycloak is vulnerable to Expired OTP Usage. The vulnerability is due to OTP codes generated by FreeOTP remaining valid for an additional 30 seconds beyond their expiration time, increasing the attack window and surface by allowing two OTPs to be valid simultaneously...

Session Fixation

Keycloak is vulnerable to session fixation. The vulnerability is due to improper session management, as the session ID and JSESSIONID cookie are not updated upon login, allowing attackers to hijack a session before authentication and trigger session fixation...