38332 matches found
Information Disclosure
Open-webui is vulnerable to an Information Disclosure. The vulnerability is due to the embedding model update feature under admin settings, which allows an attacker to enumerate file names and traverse directories by observing error messages related to file existence and configuration...
Arbitrary File Write And Delete
open-webui is vulnerable to Arbitrary File write and delete. The vulnerability is due to unsanitized file.filename concatenation with CACHEDIR, allowing attackers to overwrite and delete system files...
Email Enumeration Attack
Django is vulnerable to Email Enumeration Attack. The vulnerability is due to the PasswordResetForm class revealing differences in responses when password reset emails fail to send, allowing attackers to infer if an email address is registered...
Information Disclosure
typo3/cms-backend is vulnerable to Information Disclosure. The vulnerability is due to improper access control configuration, which allows backend users to see items in the page tree for restricted pages if no mounts were configured, exposing restricted content to unauthorized users...
Denial Of Service (DoS)
GoPistolet is vulnerable to a Denial of Service DoS vulnerability. The vulnerability is due to improper handling within the MTA component, which can lead to service disruption...
Improper Privilege Management
Mattermost is vulnerable to an Improper Privilege Management. The vulnerability is due to improper permission protection, allowing authenticated users with a restricted custom admin role to bypass restrictions and view server logs and the server config.json file...
Arbitrary File Read
github.com/adguardteam/adguardhome is vulnerable to an Arbitrary File Read. The vulnerability is due to improper validation of user input and inadequate restrictions on file access, allowing authenticated users to manipulate the file system and read sensitive files...
Prototype Pollution
@sap/hana-client is vulnerable to Prototype Pollution. The vulnerability is due to improper user input sanitation when using the nestTables feature of the SAP HANA Node.js client package, allows attackers to manipulate object prototypes, enabling them to add arbitrary properties...
Arbitrary Argument Injection
ggit is vulnerable to Arbitrary Argument Injection. The vulnerability is due to the failure to sanitize user input and improper handling of command-line flags and doesn't validate the URL scheme or properly pass arguments to the git binary using the necessary -- POSIX characters, allowing attacke...
Remote Code Execution (RCE)
livewire/livewire is vulnerable to Remote Code Execution RCE. The vulnerability is due to the framework's file upload mechanism that only guesses the file extension based on the MIME type, allowing attackers to bypass security measures and upload malicious files...
Input Validation
typo3/cms-backend is vulnerable to Input Validation. The vulnerability is due to a lack of proper validation checks on user input, allowing for the manipulation of data saved in the bookmark toolbar and triggering errors that disrupt access to the backend user interface...
Log Injection
io.quarkiverse.cxf, quarkus-cxf is vulnerable to Log Injection. The vulnerability is due to misconfiguration of logging settings, which results in passwords and other secrets being logged; specific configurations, such as enabled SOAP logging and access to application logs, allow attackers to...
Command Injection
ggit is vulnerable to Command Injection. The vulnerability is due to user input being concatenated with a git command, which is then passed to the unsafe exec Node.js child process API. It allows an attacker to inject arbitrary commands...
Improper Access Control
github.com/rancher/rancher is vulnerable to Improper Access Control. The vulnerability is due to authenticated users being able to disable access control via an API call...
Incorrect Calculation
github.com/ethereum/go-ethereum is vulnerable to an Incorrect Calculation. The vulnerability is due to a miscalculation of Proof of Work PoW generation caused by an error in the DAG creation process...
Cross-site Scripting (XSS)
limesurvey/limesurvey is is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input validation and output encoding in the Alert Widget's message component...
Cross-site Scripting (XSS)
Krayin CRM is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input validation in the organization name field in /admin/contacts/organizations/edit/2, allowing malicious scripts to be injected...
Cross-Site Scripting (XSS)
phpoffice/phpspreadsheet is vulnerable to a cross-site scripting XSS. The vulnerability is due to improper handling of input where a number is expected, allowing an attacker to perform formula injection through direct concatenation of user-supplied parameters into spreadsheet formulas...
IBC Hijack
github.com/cheqd/cheqd-node is vulnerable to IBC hijack. The vulnerability is due to improper handling or validation within the IBC transfer mechanism, allows an attacker to compromise the security of chain-to-chain IBC transfers...
Command Injection
github.com/icewhaletech/casaos is vulnerable to a Command Injection. The vulnerability is due to lack of proper input validation and sanitization mechanisms via the component leave or join zerotier api, allows attackers to inject malicious commands into the system, which can then be executed...
Denial Of Service (DoS)
github.com/foxcpp/maddy is vulnerable to Denial Of Service DoS. The vulnerability is due to the lack of proper error handling during write operations in S3 storage, when write operations encounter errors, they are not aborted, allowing the system to continue consuming memory without limit...
Privilege Escalation
github.com/kiali/kiali is vulnerable to Privilege Escalation. The vulnerability is due to an incorrect access control flaw that allows an attacker with basic access to deploy a kiali operand and potentially gain access to privileged service account tokens...
Cross-site Scripting (XSS)
Dynamic Dashboard is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation of values passed to a paragraph widget, allowing malicious characters to trigger XSS attacks when a user opens a page where the widget is rendered...
Cross-site Scripting (XSS)
Mediawiki Cargo is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper neutralization of input during web page generation, allowing attackers to execute malicious scripts...
Cross-site Scripting (XSS)
LimeSurvey is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization, allowing a remote attacker to execute arbitrary code by injecting a crafted script into the title and comment fields...
Improper Authentication
github.com/ubuntu/authd is vulnerable to Improper Authentication. The vulnerability is due to improper management of broker-managed users, allowing them to impersonate any other user managed by the same broker and perform PAM operations, including authentication...
Information Exposure
github.com/opentofu/opentofu is vulnerable to Information Exposure. The vulnerability is due to the static evaluation of module sources, versions and backend configurations. An attacker can expose sensitive variables and locals...
Cross-Site Scripting (XSS)
limesurvey/limesurvey is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization of user input, allowing a remote attacker to execute arbitrary code via crafted scripts in the title and comment fields...
Cross-Site Scripting (XSS)
@saltcorn/server is vulnerable to stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of event log data, allowing malicious scripts to be stored...
File Deletion
@saltcorn/server is vulnerable to a file deletion vulnerability. The vulnerability is due to the lack of validation and sanitization of the dirname POST parameter, which allows a logged-in user to construct requests that delete arbitrary files on the filesystem through the sync/cleansyncdir...
Cross-Site Scripting (XSS)
PHPSpreadsheet is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to \PhpOffice\PhpSpreadsheet\Writer\Html not sanitizing "javascript:" URLs from hyperlink href attributes, which allows an attacker to execute malicious scripts in the context of a user's browser session...
Server Side Request Forgery (SSRF)
phpoffice/phpspreadsheet is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to the ability of an attacker to construct an XLSX file that links images from arbitrary paths, which allows for embedding those files as data: URLs and performing unauthorized HTTP GET requests...
XML External Entity (XXE)
phpoffice/phpspreadsheet is vulnerable to XML External Entity XXE. The vulnerability is due to a flawed XML encoding check in the toUtf8 function of the security scanner, allows crafted XML structures with whitespace to bypass the security measures intended to prevent XXE attacks...
Local File Inclusion (LFI)
phpoffice/phpspreadsheet is vulnerable to Local File Inclusion LFI. The vulnerability is due to PhpSpreadsheet retrieving image sizes and types by reading the contents of files from external URLs, allowing attackers to exploit php://filter URLs to leak sensitive file contents or data from arbitra...
Privilege Escalation
Parse Server is vulnerable to Privilege Escalation. The vulnerability is due to insufficient validation and control over user input, specifically the lack of restrictions on the allowCustomObjectId setting, which allows attackers to define custom object IDs without proper checks and exploit user...
Denial Of Service (DoS)
@rocket.chat/message-parser is vulnerable to Denial Of Service DoS. The vulnerability is due to by crafted messages with specific characters crashing the workspace due to an issue in the message parser, allowing an attacker to exploit this weakness...
Cross-Site Scripting (XSS)
dev-lancer/minecraft-motd-parser is vulnerable to cross-site scripting XSS. The vulnerability is due to the lack of proper input validation and sanitization in the HtmlGenerator class, allowing attackers to inject malicious HTML into a web page through a malformed Minecraft server MOTD...
Denial Of Service (DoS)
JSON-lib is vulnerable to Denial Of Service DoS. The vulnerability is due to improper input validation and handling in the util/JSONTokener.java class, where the code fails to correctly process unbalanced comment strings in JSON data, allowing attackers to craft malicious JSON inputs that trigger...
Man-in-the-middle(MitM)
OpenStack Ironic is vulnerable to Man-in-the-middleMitM. The vulnerability is due to the lack of checksum validation on the supplied imagesource URLs, allows for the possibility of malicious actors manipulating the image data during the conversion process...
Cookie Poisoning
cookie is vulnerable to Cookie Poisoning. The vulnerability is due to improper input validation for the cookie name, path, and domain fields, allowing these fields to be manipulated and alter other cookie attributes...
Deserialization Of Untrusted Data
Apache Avro is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to improper schema parsing in the Java SDK, which allows attackers to execute arbitrary code...
Expected Behavior Violation
@backstage/plugin-app-backend is vulnerable to Expected Behavior Violation. The vulnerability is due to the handling of APPCONFIG environment variables, which ignores the visibility defined in the configuration schema. Note: This was an intended feature of the APPCONFIG way of supplying...
Uncontrolled Resource Consumption
Apache Commons IO is vulnerable to Uncontrolled Resource Consumption. The vulnerability is due to excessive CPU consumption caused by the org.apache.commons.io.input.XmlStreamReader class when processing maliciously crafted input...
Exposure Of Information Through Directory Listing
@saltcorn/server is vulnerable to Exposure of Information Through Directory Listing. The vulnerability is due to missing validations of the builddirname parameter. This allows an attacker with admin permission to view files and directories on the filesystem...
Directory Traversal
@saltcorn/server is vulnerable to Directory Traversal. The vulnerability is due to missing sanitization of the filename parameter used to identify the zip file when passed to the res.download API. This allows an attacker with admin permission to read and download arbitrary zip files when...
Prototype Pollution
@saltcorn/server is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of the lang and defstring parameters, allowing modification of the Object prototype, which can lead to remote code execution RCE and SQL injection vulnerabilities...
Prototype Pollution
@sentry/browser is vulnerable to Prototype Pollution. The vulnerability is due to inadequate checks on user input or unsafe handling of data within an application when data is not properly validated or sanitized. It allows attackers to manipulate the prototype of objects, leading to potential...
Cross Site Scripting (XSS)
sulu/sulu is vulnerable to Cross Site Scripting XSS. The vulnerability is due to a low privileged user with access to the “Media” section being able to upload an SVG file with a malicious payload, allowing an attacker to execute malicious JavaScript in the browsers of other users, including admin...
Path Traversal
agnai is vulnerable to Path Traversal. The vulnerability is due to improper input validation in JSON file handling, allowing attackers to read arbitrary JSON files at attacker-chosen locations on the server. This can lead to unauthorized access to sensitive information exposure...
Cross Site Scripting(XSS)
sulu/sulu is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the improper handling of user input in the media download URL within the SuluMediaBundle component, allowing attackers to inject malicious code that can be executed in the browser of users who access the compromised...