Open Redirection

Keycloak is vulnerable to an Open Redirection. The vulnerability is due to improper validation of the referrer and referreruri parameters, allowing attackers to craft URLs that trick users into visiting malicious websites...

Sandbox Bypass

twig/twig is vulnerable to Sandbox Bypass. The vulnerability is due to sandbox security checks not being enforced in certain situations, allowing an attacker to execute unauthorized code or access sensitive data via user-contributed templates...

Denial Of Service (DoS)

path-to-regexp is vulnerable to Denial Of Service DoS. The vulnerability is due to the generation of inefficient regular expressions when path strings contain two parameters within a single segment separated by a non-period character, allowing an attacker to cause high CPU usage and potentially...

Insecure HTTPS Connections

nategood/httpful is vulnerable to Insecure HTTPS Connections. The vulnerability is due to the lack of built-in certificate validation mechanisms in the Httpful library, which fails to enforce the proper verification of SSL/TLS certificates by default. It allows attackers to intercept and manipula...

Privilege Escalation

github.com/external-secrets/external-secrets is vulnerable to privilege escalation. The vulnerability is due to improper configuration of the ClusterRole, which grants "get/list" verbs for secrets resources and "path/update" verb for validating webhook configurations. It allows an attacker to abu...

Cross Site Scripting(XSS)

craftcms/cms is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to insufficient input sanitization in the breadcrumb list and title fields, allowing user-provided input to be stored without proper validation or encoding, which then executes malicious scripts when displayed...

Deserialization Of Untrusted Data

topthink/framework is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to improper handling of untrusted data during deserialization, allowing attackers to execute arbitrary code...

Sensitive Information Exposure

github.com/consensys/gnark is vulnerable to Sensitive Information Exposure. The vulnerability is caused by the same σ being used for all proofs of knowledge for commitments, allowing mixing between them. This makes it possible to fix the value of all but one commitment before selecting the circui...

Improper Input Validation

github.com/cosmos/interchain-security is vulnerable to Improper Input Validation. The vulnerability is caused due to a missing validation on the ICS side to check if the signer matches the provider address. This can lead to any user opt-in, opt-out, change the commission rate, or change what publ...

HTML Injection

JupyterLite-core is vulnerable to HTML Injection. The vulnerability is due to insufficient validation of Markdown content, allowing a malicious notebook or file to access data and perform actions in the JupyterLite environment...

Cross Site Scripting (XSS)

github.com/alwindoss/akademy is vulnerable to Cross Site Scripting XSS. The vulnerability is caused due to a missing validation and sanitization within cmd/akademy/handler/handlers.go. An attacker can manipulate the argument emailAddress leading to cross site scripting...

XML Entity Expansion (XXE)

The HL7 FHIR Core is vulnerable to XML External Entity XXE injection. The vulnerability is due to improper handling of XSLT transforms in various components, allowing a malicious XML file with a DTD tag to expose host system data...

Insufficient Randomization And Data Exposure

github.com/consensys/gnark is vulnerable to Insufficient Randomization and Data Exposure. The vulnerability is due to the lack of additional randomized values in the commitments, which allows an attacker to deduce the witness values through enumeration if those values are small...

Remote Authentication Rate Limiting Bypass

github.com/windmill-labs/windmill is vulnerable to Remote Authentication Rate Limiting Bypass. The vulnerability is due to improper handling of authentication attempts, which fails to restrict excessive attempts, allowing an attacker to exploit excessive authentication attempts remotely, with a...

Cross Site Scripting(XSS)

github.com/gouniverse/cms is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to improper handling of the argument alias in the PageRenderHtmlByAlias function of FrontendHandler.go. It allows an attacker to execute arbitrary scripts in the context of a user's browser...

Path Traversal

Stripe-CLI is vulnerable to path traversal. The vulnerability is due to improper validation of plugin shortnames in the manifest when installing plugins using the --archive-url or --archive-path flags, allowing an attacker to overwrite arbitrary files on the system by exploiting the path traversa...

Out-of-bounds Read

tensorflow,tensorflowcpu and tensorflowgpu are vulnerable to Out-of-bounds Read. The vulnerability is caused due to the implementations of the Minimum and Maximum TFLite operators can be used to read data outside of bounds of heap allocated objects, if any of the two input tensor arguments are...

Division By Zero Error

TensorFlow is vulnerable to Division By Zero Error. The vulnerability is due to improper validation of the params input in the GatherNd TFLite operator, which allows an empty tensor to craft a malicious model that can trigger a division by zero and causing a zero dimension in paramsshape.Dims...

Denial Of Service (DoS)

TensorFlow is vulnerable to Denial of Service DoS. The vulnerability is due to insufficient validation of user-controlled input in TFLite's convolution code, where the code does not check if the divisor is zero before performing division. This allows an attacker to exploit the division by zero...

Information Disclosure

node-ipc is vulnerable to a Information Disclosure. The vulnerability is due to a design choice or implementation flaw where the maintainer’s message is written to the user’s desktop, allowing the message to be visible to the user, potentially disclosing information...

Prototype Pollution

node-gettext is vulnerable to Prototype Pollution. The vulnerability is due to improper user input sanitization in the addTranslations function, allowing attackers to inject or manipulate properties in object prototypes...

Arbitrary Command Execution

push-dir is vulnerable to Arbitrary Command Execution. The vulnerability is due to the lack of validation for arguments provided in the "opt.branch" variable before being passed to the "git" command, allowing an attacker to inject arbitrary commands...

DNS Rebinding

MindsDB is vulnerable to DNS Rebinding. The vulnerability is due to the manipulation of domain name resolution, where initial and subsequent DNS queries resolve to different addresses, allowing an attacker to bypass server-side request forgery protection and potentially cause a denial of service...

Server-side Template Injection (SSTI)

ethycafides is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to improper input sanitization and lack of rendering environment restrictions in the Jinja2 templating engine used in the Email Templating feature of Fides, which allows privileged users to execute remote...

Username Enumeration Attack

ethycafides is vulnerable to Username Enumeration Attack. The vulnerability is due to discrepancies in response times between valid and invalid usernames, which allow attackers to infer valid usernames based on the timing of server responses...

Signature Verification Bypass

github.com/projectdiscovery/nuclei is vulnerable to Signature Verification Bypass. The vulnerability is caused due to a defect in the Nuclei's template signature verification system, allows an attacker to bypass the signature check and possibly execute malicious code via custom code template...

Cross Site Scripting (XSS)

indico is vulnerable to Cross Site Scripting XSS. The vulnerability is caused due to a missing validation and sanitization during account creation when redirecting after the account has been successfully created...

Buffer Overflow

github.com/pingcap/tidb is vulnerable to a Buffer Overflow. The vulnerability exists due to insufficient validation of the return type when checking the expression between 'Agg' and 'GroupBy', which allows an attacker to cause a Denial of Service DoS via crafted input during the...

Allocation Of Resources Without Limits

Eclipse Vert.x gRPC server is vulnerable to Allocation Of Resources Without Limits. The vulnerability is due to the gRPC server not limiting the maximum length of the message payload, allowing excessively large messages to be processed...

Denial Of Service (DoS)

sigstore-go is vulnerable to Denial Of Service DoS. The vulnerability is due to lack of limits on the amount of verifiable data that can be included in a Sigstore Bundle, allowing to consume excessive resource during the verification process...

Sensitive Data Exposure

Flask-AppBuilder is vulnerable to Sensitive Data Exposure. The vulnerability is due to insecure cache directives for the auth DB login form, which allows browsers to locally store sensitive data...

HTTP Request/Response Smuggling

com.typesafe.akka:akka-http-core is vulnerable to HTTP Request/Response Smuggling. The vulnerability is due to accepting malformed messages and handing them over to the user application, which may proxy them to another server without inspection, allowing unintended HTTP requests to reach downstre...

DOM Clobbering

pagefind is vulnerable to DOM Clobbering. The vulnerability is caused due to a missing validation and sanitization where it is possible to clobber the look up document.currentScript.src. This will cause document.currentScript.src to resolve as an external domain, which will then be used by Pagefi...

Cross Site Scripting (XSS)

bootstrap is vulnerable to Cross Site Scripting XSS. The vulnerability is cause due to a missing validation and sanitization in the href attribute of the tag in the carousel component in the data-slide and data-slide-to attributes. This can enable attackers to execute arbitrary JavaScript within...

Incorrect Validation

github.com/cometbft/cometbft/light is vulnerable to Incorrect Validation. The vulnerability is due to incomplete validation of the ProposerPriority field in the ValidatorSet retrieved from RPC endpoints, which can lead to inconsistencies in the proposer selection algorithm and potentially cause t...

Secret Exfiltration

github.com/metal3-io/baremetal-operator is vulnerable to Secret Exfiltration. The vulnerability is due to BMO's ability to read Secrets from any namespace, which allows an attacker to exfiltrate Secrets from other namespaces by linking them to a BareMetalHost configuration...

Information Exposure Through Log Files

github.com/hashicorp/vault is vulnerable to Information Exposure Through Log Files. The vulnerability is due to a regression that removed the HMAC functionality for sensitive headers in the audit device, leading to the storage of plaintext client tokens and token accessors in the audit log...

Cross Site Request Forgery (CSRF)

spina is vulnerable to Cross Site Request Forgery CSRF. The vulnerability is caused due to a defect in the file admin/mediafolders which allows attacker to launch attack remotely...

Remote Code Execution

mlflow is vulnerable to Remote Code Execution. The vulnerability is caused due to a defect where mflow allows to write/overwrite any file on the file system. A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information...

Division By Zero Error

TensorFlow is vulnerable to a Division By Zero Error. The vulnerability is due to the EmbeddingLookup TFLite operator not checking if the first dimension of the value input is zero before performing a division operation. It allows an attacker to craft a model that triggers the error, potentially...

Null Pointer Error

TensorFlow is vulnerable to Null Pointer Error . The vulnerability is due to improper handling of null pointers returned by the GetVariableInput function and the GetMutableInput function, which are not correctly checked before being used in the TFLite implementation of SVDF, allows an attacker to...

Division By Zero Error

TensorFlow is vulnerable to a Division By Zero Error. The vulnerability is due to a division by zero error in the TFLite implementation of hashtable lookup when the values tensor's first dimension is 0, allowing an attacker to craft a model that, when processed, triggers the division by zero erro...

Brute Force Protection Bypass

Keycloak is vulnerable to Brute Force Protection Bypass. The vulnerability is due to a timing loophole that allows attackers to initiate multiple login requests simultaneously, exceeding the configured limits for failed attempts before being locked out...

Improper Hostname Verification

io.kroxylicious, kroxylicious-runtime is vulnerable to Improper Hostname Verification. The vulnerability is due to Kroxylicious failing to properly verify the server's hostname during a TLS connection, which allows an attacker to intercept or manipulate communications...

Directory Traversal

github.com/opencontainers/runc is vulnerable to Directory Traversal. The vulnerability is due to the race condition with os.MkdirAll in runc when sharing a volume between two containers, allowing an attacker to create empty files or directories in arbitrary locations on the host file system...

Template Injection

@blakeembrey/template is vulnerable to Template Injection. The vulnerability is due to insufficient validation of the template name within the file index.ts, allowing untrusted input to be used as the template display name...

Integer Overflow

tensorflow, tensorflowcpu and tensorflowgpu are vulnerable to Integer Overflow. The vulnerability is caused due to a missing validation where TFLite implementation of concatenation is vulnerable to an integer overflow issue. An attacker can craft a model such that the dimensions of one of the...

Divide By Zero

tensorflow, tensorflowcpu and tensorflowgpu are vulnerable to Divide By Zero. The vulnerability is caused due to a missing validation where the implementation of fully connected layers in TFLite is vulnerable to a division by zero error. An attacker can craft a model such that filter-dims-data1 i...

Division By Zero Error

TensorFlow is vulnerable to Division By Zero Error. The vulnerability is due to the SVDF TFLite operator does not properly handle cases where params-rank is set to 0, allowing an attacker to craft a model that triggers a division by zero error...

Uncontrolled Recursion

TensorFlow is vulnerable to an Uncontrolled Recursion vulnerability. The vulnerability is due to the failure to check for loops between nodes in TFLite graphs, allowing an attacker to craft models that could cause infinite loops or stack overflow during evaluation...