Lucene search
+L
VeracodeRecent

38467 matches found

Veracode
Veracode
added 2026/05/15 9:8 a.m.11 views

Improper Authentication

auth is vulnerable to Improper Authentication. The vulnerability is due to incorrect mapping of all Patreon OAuth accounts to the same local user ID, which allows an attacker to gain unauthorized access through account merging and privilege confusion...

9.1CVSS5.8AI score0.00417EPSS
Exploits0References6Affected Software2
Veracode
Veracode
added 2026/05/15 7:43 a.m.14 views

Information Disclosure

Argo CD is vulnerable to Information Exposure. The vulnerability is due to missing authorization and insufficient data masking in the ServerSideDiff endpoint, which allows an attacker with read-only access to extract plaintext Kubernetes Secret data through the Server-Side Apply dry-run mechanism...

9.6CVSS5.8AI score0.00505EPSS
Exploits2References11Affected Software2
Veracode
Veracode
added 2026/05/15 5:3 a.m.17 views

Arbitrary Code Injection

Enclave is vulnerable to Arbitrary Code Injection. The vulnerability is due to improper enforcement of security boundaries in @enclave-vm/core, allowing attackers to escape the JavaScript sandbox environment and achieve arbitrary code execution on the host system...

10CVSS6.4AI score0.00878EPSS
Exploits2References2Affected Software2
Veracode
Veracode
added 2026/05/15 4:36 a.m.21 views

OS Command Injection

OliveTin is vulnerable to Command Injection. The vulnerability is due to insufficient input validation in Shell mode, where password-typed arguments and webhook-extracted JSON values bypass checkShellArgumentSafety before being passed to sh -c, allowing authenticated or unauthenticated attackers ...

9.9CVSS6.1AI score0.00448EPSS
Exploits2References2Affected Software1
Veracode
Veracode
added 2026/05/14 6:34 p.m.12 views

Authentication Bypass

s3-proxy is vulnerable to Authentication Bypass. The vulnerability is due to inconsistent URL path interpretation between the authentication middleware and bucket handler, which allows an attacker to bypass access controls and perform unauthorized operations on protected S3 objects...

9.4CVSS5.8AI score0.00554EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2026/05/14 6:24 p.m.18 views

Memory-Safety Vulnerability

pgx is vulnerable to a memory-safety vulnerability. The vulnerability is due to improper memory handling in the library, which allows an attacker to exploit memory corruption conditions and potentially cause unexpected behavior, denial of service, or arbitrary code execution...

9.8CVSS6.1AI score0.00561EPSS
Exploits0References27Affected Software2
Veracode
Veracode
added 2026/05/14 6:14 p.m.18 views

Improper Authentication

Juju is vulnerable to Improper Authentication. The vulnerability is due to improper TLS client and server certificate validation in the internal Dqlite database cluster, which allows an unauthenticated attacker to join the cluster and gain full read and write access to the database...

10CVSS5.8AI score0.00381EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2026/05/14 6:14 p.m.19 views

Arbitrary File Read And Write

Incus is vulnerable to arbitrary file read and write. The vulnerability is due to improper enforcement of the pongo2 chroot isolation mechanism in instance template files, which allows an attacker to bypass filesystem restrictions and perform arbitrary file read/write operations on the host syste...

9.9CVSS5.9AI score0.00481EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2026/05/14 6:8 p.m.16 views

Use Of Hard-coded Credentials

GoHarbor Harbor is vulnerable to Use of Hard-coded Credentials. The vulnerability is due to the presence of default hard-coded credentials in the application, which allows an attacker to gain unauthorized access to the web UI using known passwords...

9.4CVSS6.9AI score0.00498EPSS
Exploits0References6Affected Software1
Veracode
Veracode
added 2026/05/14 6:6 p.m.42 views

Authentication Bypass

github.com/oauth2-proxy/oauth2-proxy is vulnerable to an authentication bypass. The vulnerability is due to improper handling of health check User-Agent values in authrequest-style integrations when --ping-user-agent or --gcp-healthchecks is enabled, which allows an unauthenticated remote attacke...

9.1CVSS5.8AI score0.00475EPSS
Exploits0References3Affected Software2
Veracode
Veracode
added 2026/05/14 6:0 p.m.20 views

Missing Authorization

free5GC is vulnerable to Missing Authorization. The vulnerability is due to missing OAuth2 and bearer-token authorization checks in the NEF 3gpp-traffic-influence API, which allows an attacker to perform unauthorized creation, modification, and deletion of traffic-influence subscriptions...

9.4CVSS5.8AI score0.00311EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2026/05/14 6:0 p.m.13 views

Missing Authentication

github.com/dgraph-io/dgraph is vulnerable to Missing Authentication. The vulnerability is due to the restoreTenant admin mutation missing authorization middleware validation, which allows an unauthenticated attacker to overwrite the database, access server-side files via file:// paths, and perfor...

10CVSS7.3AI score0.00452EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2026/05/14 5:49 p.m.20 views

Inadequate Encryption Strength

github.com/enchant97/note-mark/backend is vulnerable to Inadequate Encryption Strength. The vulnerability is due to missing enforcement of minimum length and entropy requirements for the JWTSECRET value, which allows an attacker to brute-force weak secrets and forge valid JWT tokens...

10CVSS5.8AI score0.00124EPSS
Exploits0References4Affected Software2
Veracode
Veracode
added 2026/05/14 5:48 p.m.13 views

Authentication Bypass

Traefik is vulnerable to Authentication Bypass. The vulnerability is due to improper handling in the ForwardAuth middleware when trustForwardHeader=false is configured behind a trusted upstream proxy, which allows an attacker to bypass authentication controls and gain unauthorized access...

10CVSS5.8AI score0.00267EPSS
Exploits1References10Affected Software1
Veracode
Veracode
added 2026/05/14 5:32 p.m.20 views

Path Traversal

github.com/patrickhener/goshs is vulnerable to Path Traversal. The vulnerability is due to a missing return statement in the tdeleteFile function after the path traversal check, which allows an attacker to bypass path validation and perform unauthorized file deletion through crafted traversal pat...

9.8CVSS7.3AI score0.00683EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2026/05/14 5:21 p.m.14 views

Authentication Bypass

github.com/traefik/traefik is vulnerable to an authentication bypass. The vulnerability is due to improper sanitization of forwarded header alias variants using underscores instead of dashes, which allows an attacker to inject spoofed trusted headers and bypass authentication on protected routes...

10CVSS5.8AI score0.00479EPSS
Exploits1References10Affected Software1
Veracode
Veracode
added 2026/05/14 5:11 p.m.20 views

Session Fixation

org.apache.wicket, wicket-auth-roles is vulnerable to a session fixation. The vulnerability is due to the missing invocation of the Servlet HTTP request method changeSessionId after session binding, which allows an attacker to exploit session fixation by reusing a predefined session ID to hijack ...

9.1CVSS5.8AI score0.00379EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2026/05/14 5:10 p.m.18 views

Directory Traversal

github.com/gtsteffaniak/filebrowser is vulnerable to Directory Traversal. The vulnerability is due to improper sanitization of attacker-controlled path input before path validation, which allows an attacker to use traversal sequences to delete arbitrary files outside the intended shared directory...

9.1CVSS5.9AI score0.00523EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2026/05/14 4:58 p.m.23 views

Unauthenticated Credential Disclosure

github.com/dgraph-io/dgraph is vulnerable to an unauthenticated credential disclosure. The vulnerability is due to the /debug/pprof/cmdline endpoint being accessible without authentication, which exposes the full process command line including the admin token, allowing an attacker to retrieve the...

9.4CVSS5.8AI score0.00509EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2026/05/14 4:43 p.m.33 views

Directory Traversal

org.springframework.cloud, spring-cloud-config-server is vulnerable to a Directory Traversal. The vulnerability is due to improper validation of specially crafted URL paths in the spring-cloud-config-server module, which allows an attacker to perform a directory traversal attack and access...

9.1CVSS5.9AI score0.00727EPSS
Exploits0References7Affected Software1
Veracode
Veracode
added 2026/05/14 11:7 a.m.17 views

Authorization Bypass

github.com/juju/juju is vulnerable to Authorization Bypass. The vulnerability is due to insufficient authorization checks in the Controller facade CloudSpec API method, which allows a low-privileged authenticated attacker to access sensitive cloud credentials...

9.9CVSS5.8AI score0.00445EPSS
Exploits1References5Affected Software1
Veracode
Veracode
added 2026/05/14 10:56 a.m.18 views

Path Traversal

org.eclipse.basyx:basyx.sdk is vulnerable to Path Traversal. The vulnerability is due to inadequate path normalization of the fileName parameter in the Submodel HTTP API, which allows an attacker to write arbitrary files to the host filesystem and potentially execute malicious code...

10CVSS6.2AI score0.03678EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2026/05/12 7:56 p.m.27 views

Embedded Malicious Code

@tanstack/ packages are vulnerable to Embedded Malicious Code. The vulnerability is due to misconfigured GitHub Actions workflows and cache poisoning weaknesses that allowed attackers to extract OIDC tokens and publish malicious package versions under a trusted identity...

9.6CVSS6AI score0.02342EPSS
Exploits3References7Affected Software42
Veracode
Veracode
added 2026/05/12 2:37 p.m.19 views

Information Exposure

follow-redirects is vulnerable to Information Exposure. The vulnerability is due to improper filtering of custom authentication headers during cross-domain redirects, which allows an attacker to obtain sensitive credentials forwarded to unintended domains...

7.5CVSS5.8AI score0.00486EPSS
Exploits0References40Affected Software1
Veracode
Veracode
added 2026/05/12 2:12 p.m.16 views

Improper Memory Buffer Handling

uuid is vulnerable to Improper Memory Buffer Handling. The vulnerability is due to missing validation of buffer size and offset values during UUID generation, which allows an attacker to trigger silent partial writes into caller-provided buffers...

9.3CVSS5.9AI score0.00337EPSS
Exploits1References5Affected Software1
Veracode
Veracode
added 2026/05/12 1:3 p.m.13 views

Directory Traversal

SiYuan is vulnerable to Directory Traversal. The vulnerability is due to improper handling of double URL decoding in the serveExport function, which allows an attacker to use double-encoded traversal sequences to read arbitrary files from the workspace...

7.1CVSS5.9AI score0.00313EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2026/05/11 7:23 p.m.14 views

Improper Authentication

openvpn-auth-oauth2 is vulnerable to Improper Authentication. The vulnerability is due to improper handling of authentication logic in experimental plugin mode, which allows unsupported clients to bypass authentication checks and gain unauthorized VPN access...

10CVSS5.8AI score0.00438EPSS
Exploits0References7Affected Software1
Veracode
Veracode
added 2026/05/11 6:58 p.m.15 views

SQL Injection

SiYuan is vulnerable to SQL Injection. The vulnerability is due to direct execution of user-supplied SQL statements in the /api/search/fullTextSearchBlock endpoint without authorization or validation checks, which allows an attacker to execute arbitrary SQL commands against the database...

9.8CVSS6.8AI score0.00541EPSS
Exploits1References6Affected Software2
Veracode
Veracode
added 2026/05/11 5:29 p.m.25 views

Directory Traversal

SiYuan is vulnerable to Directory Traversal. The vulnerability is due to improper validation of file paths in the /export endpoint, which allows an attacker to use double-encoded traversal sequences to read arbitrary files and obtain sensitive information...

9.8CVSS7.3AI score0.01028EPSS
Exploits1References4Affected Software2
Veracode
Veracode
added 2026/05/11 2:20 p.m.16 views

Cross-site Scripting (XSS)

SiYuan is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper escaping of attacker-controlled content in SVG output generated by the dynamic icon API endpoint, which allows an attacker to inject and execute malicious JavaScript through crafted URLs...

9.3CVSS7.3AI score0.00625EPSS
Exploits1References3Affected Software2
Veracode
Veracode
added 2026/05/11 12:57 p.m.10 views

Server-Side Request Forgery (SSRF)

Grav is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to unsafe processing of Twig templates with undefined PHP function registration enabled, which allows an attacker to trigger unauthorized server-side requests...

9.1CVSS5.8AI score0.00252EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2026/05/11 10:33 a.m.15 views

Java Deserialisation

net.sf.jasperreports, jasperreports is vulnerable to Java Deserialization. The vulnerability is due to insecure deserialization of untrusted input, which allows an attacker to remotely execute arbitrary code on systems using the affected library...

9.8CVSS7.5AI score0.00876EPSS
Exploits0References6Affected Software1
Veracode
Veracode
added 2026/05/11 9:24 a.m.35 views

Path Traversal

elijaa/phpmemcacheadmin is vulnerable to Path Traversal. The vulnerability is due to improper validation of user-supplied input, which allows an attacker to exploit path traversal techniques to delete files stored on the server...

9.8CVSS7.3AI score0.00864EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2026/05/11 9:5 a.m.5 views

SameSite Cookie Vulnerability

kimai/kimai is vulnerable to SameSite cookie vulnerability. The vulnerability is due to improper cookie handling and insufficient SameSite protection in session management, which allows an attacker to exploit crafted PHP scripts to capture session cookie information and perform potential session...

9.8CVSS5.9AI score0.00496EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2026/05/11 8:22 a.m.13 views

Remote Code Execution (RCE)

facturascripts/facturascripts is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation of file paths within uploaded ZIP archives, which allows an attacker to overwrite arbitrary files and execute malicious code through a Zip Slip attack...

7.2CVSS6.1AI score0.00522EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2026/05/09 5:42 a.m.20 views

SQL Injection

LiteLLM is vulnerable to SQL Injection. The vulnerability is due to unsafe inclusion of caller-supplied API key values directly into database queries during proxy API key checks, which allows an attacker to read or modify database contents through crafted Authorization headers...

9.8CVSS6.1AI score0.86607EPSS
Exploits7References7Affected Software1
Veracode
Veracode
added 2026/05/09 5:42 a.m.6 views

Denial Of Service

Net::IMAP is vulnerable to Denial of Service. The vulnerability is due to quadratic time complexity in Net::IMAP::ResponseReader when processing large responses with many string literals, allowing a malicious IMAP server to send crafted responses that exhaust CPU resources and cause a denial of...

7.5CVSS5.7AI score0.0041EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2026/05/09 5:42 a.m.6 views

Credential Harvesting Functionality

pytorchlightning is vulnerable to credential harvesting functionality. The vulnerability is due to the introduction of functionality in versions 2.6.2 that is consistent with a credential harvesting mechanism, which allows an attacker to capture or misuse sensitive credentials through malicious...

9.8CVSS5.9AI score0.00392EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2026/05/09 5:41 a.m.7 views

Improper Transport Layer Protection

net-imap is vulnerable to Improper Transport Layer Protection. The vulnerability is due to improper validation of the STARTTLS negotiation, where a man-in-the-middle attacker can cause Net::IMAPstarttls to report a successful TLS upgrade without establishing encryption, allowing interception of...

7.6CVSS5.8AI score0.00324EPSS
Exploits0References31Affected Software1
Veracode
Veracode
added 2026/05/09 5:41 a.m.5 views

Deserialization Of Untrusted Data

Ray is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to Ray Data globally registering custom Arrow extension types and passing metadata bytes directly to cloudpickle.loads during PyArrow schema parsing, which allows an attacker to achieve arbitrary code execution by...

8.9CVSS6.5AI score0.00473EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2026/05/09 5:41 a.m.5 views

CRLF Injection

Net::IMAP is vulnerable to CRLF Injection. The vulnerability is due to insufficient validation and escaping of raw string arguments passed to several IMAP commands, which allows an attacker to inject CRLF sequences and execute arbitrary IMAP commands by supplying crafted user-controlled input...

9.8CVSS6AI score0.00429EPSS
Exploits0References11Affected Software1
Veracode
Veracode
added 2026/05/09 5:41 a.m.9 views

Cross-site Scripting (XSS)

JupyterLab is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient validation of data-commandlinker- attributes in sanitized HTML output, which allows an attacker to craft a malicious notebook containing a deceptive button that executes arbitrary JupyterLab commands,...

9.6CVSS6.4AI score0.00386EPSS
Exploits0References8Affected Software2
Veracode
Veracode
added 2026/05/09 5:41 a.m.6 views

Path Traversal

yard is vulnerable to Path Traversal. The vulnerability is due to insufficient sanitization of HTTP request paths in the yard server component, which allows an attacker to craft malicious requests that access arbitrary files on the host system outside the intended documentation directory...

7.5CVSS6AI score0.00388EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2026/05/09 5:41 a.m.5 views

Improper Origin Validation

Jupyter Server is vulnerable to improper origin validation. The vulnerability is due to the use of Python’s re.match for Origin header validation, which allows an attacker to bypass CORS origin restrictions by using a malicious domain that starts with a trusted domain name...

7.6CVSS5.9AI score0.00333EPSS
Exploits0References8Affected Software1
Veracode
Veracode
added 2026/05/09 5:40 a.m.13 views

Remote Code Execution (RCE)

LiteLLM is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe rendering of user-supplied prompt templates in the POST /prompts/test endpoint without sandboxing, allowing authenticated users to execute arbitrary code within the LiteLLM Proxy process and potentially access...

8.8CVSS6.2AI score0.00373EPSS
Exploits1References7Affected Software1
Veracode
Veracode
added 2026/05/09 5:40 a.m.5 views

CRLF Injection

net-imap is vulnerable to CRLF Injection. The vulnerability is due to improper sanitization of Symbol arguments passed to IMAP commands, which allows an attacker to inject CRLF sequences and execute unintended IMAP commands by supplying crafted input...

7.1CVSS5.8AI score0.00813EPSS
Exploits0References32Affected Software1
Veracode
Veracode
added 2026/05/09 5:40 a.m.14 views

Authorization Bypass

CKAN is vulnerable to Authorization Bypass. The vulnerability is due to improper authorization enforcement in datastoresearchsql, allowing attackers to bypass access controls and retrieve data from private resources as well as PostgreSQL system information...

9.1CVSS5.8AI score0.00367EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2026/05/09 5:39 a.m.5 views

Server-Side Request Forgery (SSRF)

PhpSpreadsheet is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of user-controlled filenames passed to IOFactory::load, which allows an attacker to supply malicious PHP stream wrapper paths such as phar:// to trigger PHAR deserialization and...

9.8CVSS7.6AI score0.00712EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2026/05/09 5:39 a.m.13 views

Path Traversal

Mako is vulnerable to Path Traversal. The vulnerability is due to inconsistent slash-stripping behavior in TemplateLookup.gettemplate, where URIs beginning with // can bypass path restrictions and access arbitrary files outside the intended template directory, allowing disclosure of files readabl...

8.7CVSS5.9AI score0.00361EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2026/05/09 5:37 a.m.10 views

Improper Certificate Validation

CKAN is vulnerable to Improper Certificate Validation. The vulnerability is due to insufficient validation of SMTP server certificates, allowing attackers to spoof the configured mail server using invalid or self-signed certificates and enabling man-in-the-middle attacks against email traffic and...

8.7CVSS5.8AI score0.00194EPSS
Exploits0References3Affected Software1
Total number of security vulnerabilities38467