38332 matches found
Command Injection
@saltcorn/plugins-loader is vulnerable to command injection. The vulnerability is due to the lack of input validation on the user-controlled value req.body.name, allows users with admin permissions to manipulate the input by adding escaping characters, thereby executing arbitrary commands when th...
Unauthorized Access
github.com/mattermost/mattermost is vulnerable to Unauthorized Access. The vulnerability is due to non-members receiving broadcasted team details via the updateteam WebSocket event, which allows an attacker to gain unauthorized access to sensitive team information...
Privilege Escalation
github.com/rancher/rancher vulnerable to Privilege Escalation. The vulnerability is due to improper restrictions in node driver options, allowing unprivileged users to deploy nodes and post sensitive files such as /root/.kube/config or /var/lib/rancher/management-state/cred/kubeconfig-system.yaml...
Authorization Bypass
www.velocidex.com/golang/velociraptor is vulnerable to Authorization Bypass. The vulnerability is due to improper permission checks in the copy VQL function, which applies checks for reading files but does not check for permission to write files, allowing low-privilege users to overwrite server...
Cross Site Scripting(XSS)
OpenC3 COSMOS is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to the login functionality, which allows an attacker to inject malicious scripts while sending commands to and receiving data from embedded systems...
Cross Site Scripting(XSS)
OpenC3 COSMOS is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to the insecure storage of user passwords in an unencrypted format within the LocalStorage of a web browser, allows an attacker to execute malicious scripts in a user's browser...
Cross Site Scripting(XSS)
Decidim is vulnerable to a Cross-site scripting XSS. The vulnerability is due to XSS through a malformed URL in the version control feature used in resources. which allows an attacker to exploit XSS...
Command Injection
git-shallow-clone is vulnerable to Command injection. The vulnerability is due to missing sanitization or mitigation flags in the process variable of the gitShallowClone function. which allows malicious inputs to be executed as system commands...
Regular Expression Denial Of Service (ReDoS)
langflow is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to improper handling of the remainingtext argument in the HTTP POST Request Handler, allowing an attacker to exploit the inefficient regular expression patterns and causes excessive resource consumption...
Race Condition
github.com/theupdateframework/go-tuf/v2 is vulnerable to Race Condition. The vulnerability is due to the inconsistent tracing of delegations in the client's processing logic potentially leads to Denial Of Service...
Cross-site Scripting (XSS)
Pagekit is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization in the widget management feature of the admin panel index.php/admin/site/widget, allowing attackers to inject malicious scripts...
Link Following
github.com/containers/common is vulnerable to Link Following. The vulnerability is due to incorrect handling of symbolic links in FIPS mode, allowing an attacker to exploit symbolic links and mount sensitive host directories inside a container, bypassing the isolation between containers and the...
Improper Input Validation
github.com/containers/buildah and github.com/containers/podman/v5 are vulnerable to Improper Input Validation. The vulnerability due to improper input validation in the bind-propagation option of the Dockerfile RUN --mount instruction, an attacker with build privileges on the system can exploit...
Use Of Uninitialized Variable
github.com/golang-fips/openssl is vulnerable to Use of Uninitialized Variable. The vulnerability is due to improper handling of uninitialized buffer lengths in FIPS mode, which can result in zeroed buffers being returned. This flaw allows an attacker to force false positive hash matches, send...
Server-Side Request Forgery (SSRF)
inventree is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper error handling, where submitting a crafted URL instead of a valid image can raise a server-side error. This error message may contain sensitive information about server-side resources, including the...
Inadequate Encryption Strength
github.com/portainer/portainer is vulnerable to Inadequate Encryption Strength. The vulnerability is due to the improper use of an encryption algorithm in the AesEncrypt function. An attacker can decrypt sensitive information or compromise data integrity by exploiting the weak encryption...
Directory Traversal
OpenC3 COSMOS is vulnerable to Directory Traversal. The vulnerability is due to improper input validation in LocalMode's openlocalfile method, allowing an authenticated user with adequate permissions to download any .txt file via the ScreensControllershow endpoint on the web server...
Information Exposure Through An Error Message
org.jenkins-ci.main:jenkins-core is vulnerable to Information Exposure Through an Error Message. The vulnerability is due to improper redaction of multi-line secret values in error messages generated from form submissions involving the secretTextarea form field...
Cross Site Scripting(XSS)
CKEditor 5 is vulnerable to a Cross-Site Scripting XSS. The vulnerability is due to Insecure Editor Configuration and lack of Input Sanitization in the CKEditor 5 clipboard package, which allows an attacker to insert malicious content into the editor when the General HTML Support or HTML Embed...
Incorrect Authorization
Jenkins is vulnerable to Incorrect Authorization. The vulnerability is due to incomplete enforcement of item creation checks, where prohibited items are created in memory and can be saved to persist them, bypassing restrictions when attackers have Item/Configure permissions...
Cross-site Scripting (XSS)
Zenario is vulnerable to Cross-site Scripting XSS. The vulnerability is due to allowing authenticated admin users to upload PDF files containing malicious code, which can execute when the PDF is accessed through the website...
Cross Site Scripting(XSS)
LibreNMS is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the lack of proper validation and sanitization of user-uploaded SVG files, allowing users with the "admin" role to upload these files as backgrounds for custom maps without sufficient security checks, which enables...
Cross Site Scripting(XSS)
librenms/librenms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient validation and sanitization of user input in the "Alert Transports" feature, specifically in the "Details" section, which allows authenticated users to inject arbitrary JavaScript code executable...
Cross Site Scripting(XSS)
librenms/librenms is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to improper input sanitization in the Device Groups name, allowing JavaScript code to be executed when the details of the Device Group are viewed...
Cross Site Scripting(XSS)
librenms/librenms is vulnerable to Cross-Site Scripting Self-XSS. The vulnerability is due to a lack of proper input validation and sanitization in the "Alert Templates" feature of LibreNMS, allows users to inject arbitrary JavaScript into the alert template's name without any restrictions...
Cross Site Scripting(XSS)
librenms/librenms is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper input validation in the "Alert Rules" feature, where the "Title" field does not properly sanitize user input, allowing the injection of arbitrary JavaScript...
Cross Site Scripting(XSS)
librenms/librenms is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to insufficient input validation or sanitization of the "hostname" parameter in the "Device Dependencies" feature, allows attackers to inject arbitrary JavaScript, which can then be stored and executed in...
Cross-site Scripting (XSS)
Zenario is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of input in the "Organizer tags" field within the Image library, allowing attackers to inject malicious scripts...
Cross-site Scripting (XSS)
Contao is vulnerable to stored Cross-site Scripting XSS. The vulnerability is due to improper validation of SVG file uploads, allowing an authenticated admin to upload a file containing malicious JavaScript that can be executed when accessed through the website...
Improper Authorization
github.com/pomerium/pomerium is vulnerable to Improper Authorization. The vulnerability is due to incomplete validation of JSON Web Tokens JWT, allowing certain service account access tokens to be incorrectly treated as valid for databroker API authorization, potentially leading to data...
Malicious File Download
scoutbrowser is vulnerable to Malicious File Download. The vulnerability is due to insufficient input validation for filenames, which does not properly sanitize the file extensions before serving the files to users, allowing attackers to manipulate file extensions and deliver malicious content...
Open Redirect
scoutbrowser is vulnerable to Open Redirect. The vulnerability is due to inadequate input validation and sanitization in the /login API endpoint, which does not properly handle the next parameter, and lack of scheme validation, which allows for both open redirects and HTTPS downgrade attacks...
Cross Site Scripting(XSS)
github.com/alist-org/alist is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to inadequate input validation in the /i/:linkname endpoint, which fails to sanitize user-provided values, allowing malicious HTML tags to be executed in the application context...
Prototype Pollution
uplot is vulnerable to Prototype Pollution. The vulnerability is due to lack of safeguards to prevent unauthorized modifications to the object's prototype, allowing attackers to pollute the prototype with malicious properties...
Insecure Direct Object Reference (IDOR)
org.eclipse.edc,control-plane-catalog is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to missing filtering on single dataset requests, which fails to properly verify access permissions for restricted datasets. It allows unauthorized parties to access sensitive...
Cross-site Scripting (XSS)
github.com/schollz/rwtxt is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input validation, allowing a remote attacker to inject arbitrary scripts through unspecified vectors...
Improper Access Control
github.com/google/exposure-notifications-server is vulnerable to Improper Access Control. The vulnerability is due to the service incorrectly assuming that the source server had properly embargoed keys for at least 2 hours after their expiry, which could allow expired keys to be re-published and...
Denial Of Service (DoS)
Mattermost is vulnerable to Denial of Service DoS. The vulnerability is due to Mattermost failing to properly check plugin versions when installed from the Marketplace, allowing authorized users to install outdated versions with known vulnerabilities...
Cross-site Scripting (XSS)
github.com/gotify/server is vulnerable to Cross-site Scripting XSS. The vulnerability is due to outdated Swagger UI, which uses a vulnerable version of DOMPurify, allowing an attacker to execute arbitrary JavaScript through external Swagger config files...
Information Disclosure
mantisbt/mantisbt is vulnerable to Information Disclosure. The vulnerability is due to inadequate validation of user permissions in handling requests, allows unprivileged, registered users to access and retrieve sensitive information about other users’ personal system profiles through crafted POS...
Deserialization
org.apache.lucene,lucene-replicator is vulnerable to Deserialization. The vulnerability is due to improper validation of serialized input in the org.apache.lucene.replicator.http package, allows attackers to exploit the deserialization process by sending malicious data...
Insecure Direct Object Reference (IDOR)
aimeos/ai-controller-frontend is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to a lack of proper access control and authorization checks, allowing attackers to manipulate object references like user IDs without verification...
Improper Access Control
S3 Gateway is vulnerable to Improper Access Control. The vulnerability is due to inadequate authorization checks, allowing authenticated users to send requests to the delete-objects API and delete files they are not authorized to access...
Open Redirect
org.glassfish.main.admin,rest-service is vulnerable to Open redirect. The vulnerability is due to the improper handling of the Host HTTP parameter, which allows an attacker to manipulate URL redirection when accessing the '/management/domain' endpoint. It allows attackers to redirect users to...
Information Disclosure
RestrictedPython is vulnerable to Information Disclosure. The vulnerability is due to the combination of the AttributeError.obj and the string module, which allows unauthorized access to sensitive information within the RestrictedPython execution environment...
Cross Site Scripting(XSS)
starcitizentools/citizen-skin is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to insufficient input validation on the "real name" field, allowing users to inject malicious XSS payloads without proper sanitization...
Timing Attack
basic-auth-connect is vulnerable to Timing Attack. The vulnerability is due to improper implementation of the equality comparison, where the comparison function reveals differences in the time taken to process incorrect versus correct input, allowing an attacker to infer sensitive information bas...
Cross-site Scripting (XSS)
LayUI is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to DOM Clobbering caused by unsanitized attacker-controlled HTML elements, such as img tags with name attributes...
Keygen Protocol Exploitation
The Binance tss-lib is vulnerable to keygen protocol exploitation. The vulnerability is due to inadequate validation of the h1 and h2 parameters within the keygen protocol implementation, allows attackers to craft malicious parameters that can exploit the signing round process...
Cross Site Request Forgery (CSRF)
github.com/go-gitea/gitea is vulnerable to Cross Site Request Forgery CSRF. The vulnerability is due to the lack of proper validation and protection mechanisms in the API routes of Gitea, allows unauthorized state-altering POST requests to be executed by attackers on behalf of authenticated users...