38467 matches found
Improper Authentication
auth is vulnerable to Improper Authentication. The vulnerability is due to incorrect mapping of all Patreon OAuth accounts to the same local user ID, which allows an attacker to gain unauthorized access through account merging and privilege confusion...
Information Disclosure
Argo CD is vulnerable to Information Exposure. The vulnerability is due to missing authorization and insufficient data masking in the ServerSideDiff endpoint, which allows an attacker with read-only access to extract plaintext Kubernetes Secret data through the Server-Side Apply dry-run mechanism...
Arbitrary Code Injection
Enclave is vulnerable to Arbitrary Code Injection. The vulnerability is due to improper enforcement of security boundaries in @enclave-vm/core, allowing attackers to escape the JavaScript sandbox environment and achieve arbitrary code execution on the host system...
OS Command Injection
OliveTin is vulnerable to Command Injection. The vulnerability is due to insufficient input validation in Shell mode, where password-typed arguments and webhook-extracted JSON values bypass checkShellArgumentSafety before being passed to sh -c, allowing authenticated or unauthenticated attackers ...
Authentication Bypass
s3-proxy is vulnerable to Authentication Bypass. The vulnerability is due to inconsistent URL path interpretation between the authentication middleware and bucket handler, which allows an attacker to bypass access controls and perform unauthorized operations on protected S3 objects...
Memory-Safety Vulnerability
pgx is vulnerable to a memory-safety vulnerability. The vulnerability is due to improper memory handling in the library, which allows an attacker to exploit memory corruption conditions and potentially cause unexpected behavior, denial of service, or arbitrary code execution...
Improper Authentication
Juju is vulnerable to Improper Authentication. The vulnerability is due to improper TLS client and server certificate validation in the internal Dqlite database cluster, which allows an unauthenticated attacker to join the cluster and gain full read and write access to the database...
Arbitrary File Read And Write
Incus is vulnerable to arbitrary file read and write. The vulnerability is due to improper enforcement of the pongo2 chroot isolation mechanism in instance template files, which allows an attacker to bypass filesystem restrictions and perform arbitrary file read/write operations on the host syste...
Use Of Hard-coded Credentials
GoHarbor Harbor is vulnerable to Use of Hard-coded Credentials. The vulnerability is due to the presence of default hard-coded credentials in the application, which allows an attacker to gain unauthorized access to the web UI using known passwords...
Authentication Bypass
github.com/oauth2-proxy/oauth2-proxy is vulnerable to an authentication bypass. The vulnerability is due to improper handling of health check User-Agent values in authrequest-style integrations when --ping-user-agent or --gcp-healthchecks is enabled, which allows an unauthenticated remote attacke...
Missing Authorization
free5GC is vulnerable to Missing Authorization. The vulnerability is due to missing OAuth2 and bearer-token authorization checks in the NEF 3gpp-traffic-influence API, which allows an attacker to perform unauthorized creation, modification, and deletion of traffic-influence subscriptions...
Missing Authentication
github.com/dgraph-io/dgraph is vulnerable to Missing Authentication. The vulnerability is due to the restoreTenant admin mutation missing authorization middleware validation, which allows an unauthenticated attacker to overwrite the database, access server-side files via file:// paths, and perfor...
Inadequate Encryption Strength
github.com/enchant97/note-mark/backend is vulnerable to Inadequate Encryption Strength. The vulnerability is due to missing enforcement of minimum length and entropy requirements for the JWTSECRET value, which allows an attacker to brute-force weak secrets and forge valid JWT tokens...
Authentication Bypass
Traefik is vulnerable to Authentication Bypass. The vulnerability is due to improper handling in the ForwardAuth middleware when trustForwardHeader=false is configured behind a trusted upstream proxy, which allows an attacker to bypass authentication controls and gain unauthorized access...
Path Traversal
github.com/patrickhener/goshs is vulnerable to Path Traversal. The vulnerability is due to a missing return statement in the tdeleteFile function after the path traversal check, which allows an attacker to bypass path validation and perform unauthorized file deletion through crafted traversal pat...
Authentication Bypass
github.com/traefik/traefik is vulnerable to an authentication bypass. The vulnerability is due to improper sanitization of forwarded header alias variants using underscores instead of dashes, which allows an attacker to inject spoofed trusted headers and bypass authentication on protected routes...
Session Fixation
org.apache.wicket, wicket-auth-roles is vulnerable to a session fixation. The vulnerability is due to the missing invocation of the Servlet HTTP request method changeSessionId after session binding, which allows an attacker to exploit session fixation by reusing a predefined session ID to hijack ...
Directory Traversal
github.com/gtsteffaniak/filebrowser is vulnerable to Directory Traversal. The vulnerability is due to improper sanitization of attacker-controlled path input before path validation, which allows an attacker to use traversal sequences to delete arbitrary files outside the intended shared directory...
Unauthenticated Credential Disclosure
github.com/dgraph-io/dgraph is vulnerable to an unauthenticated credential disclosure. The vulnerability is due to the /debug/pprof/cmdline endpoint being accessible without authentication, which exposes the full process command line including the admin token, allowing an attacker to retrieve the...
Directory Traversal
org.springframework.cloud, spring-cloud-config-server is vulnerable to a Directory Traversal. The vulnerability is due to improper validation of specially crafted URL paths in the spring-cloud-config-server module, which allows an attacker to perform a directory traversal attack and access...
Authorization Bypass
github.com/juju/juju is vulnerable to Authorization Bypass. The vulnerability is due to insufficient authorization checks in the Controller facade CloudSpec API method, which allows a low-privileged authenticated attacker to access sensitive cloud credentials...
Path Traversal
org.eclipse.basyx:basyx.sdk is vulnerable to Path Traversal. The vulnerability is due to inadequate path normalization of the fileName parameter in the Submodel HTTP API, which allows an attacker to write arbitrary files to the host filesystem and potentially execute malicious code...
Embedded Malicious Code
@tanstack/ packages are vulnerable to Embedded Malicious Code. The vulnerability is due to misconfigured GitHub Actions workflows and cache poisoning weaknesses that allowed attackers to extract OIDC tokens and publish malicious package versions under a trusted identity...
Information Exposure
follow-redirects is vulnerable to Information Exposure. The vulnerability is due to improper filtering of custom authentication headers during cross-domain redirects, which allows an attacker to obtain sensitive credentials forwarded to unintended domains...
Improper Memory Buffer Handling
uuid is vulnerable to Improper Memory Buffer Handling. The vulnerability is due to missing validation of buffer size and offset values during UUID generation, which allows an attacker to trigger silent partial writes into caller-provided buffers...
Directory Traversal
SiYuan is vulnerable to Directory Traversal. The vulnerability is due to improper handling of double URL decoding in the serveExport function, which allows an attacker to use double-encoded traversal sequences to read arbitrary files from the workspace...
Improper Authentication
openvpn-auth-oauth2 is vulnerable to Improper Authentication. The vulnerability is due to improper handling of authentication logic in experimental plugin mode, which allows unsupported clients to bypass authentication checks and gain unauthorized VPN access...
SQL Injection
SiYuan is vulnerable to SQL Injection. The vulnerability is due to direct execution of user-supplied SQL statements in the /api/search/fullTextSearchBlock endpoint without authorization or validation checks, which allows an attacker to execute arbitrary SQL commands against the database...
Directory Traversal
SiYuan is vulnerable to Directory Traversal. The vulnerability is due to improper validation of file paths in the /export endpoint, which allows an attacker to use double-encoded traversal sequences to read arbitrary files and obtain sensitive information...
Cross-site Scripting (XSS)
SiYuan is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper escaping of attacker-controlled content in SVG output generated by the dynamic icon API endpoint, which allows an attacker to inject and execute malicious JavaScript through crafted URLs...
Server-Side Request Forgery (SSRF)
Grav is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to unsafe processing of Twig templates with undefined PHP function registration enabled, which allows an attacker to trigger unauthorized server-side requests...
Java Deserialisation
net.sf.jasperreports, jasperreports is vulnerable to Java Deserialization. The vulnerability is due to insecure deserialization of untrusted input, which allows an attacker to remotely execute arbitrary code on systems using the affected library...
Path Traversal
elijaa/phpmemcacheadmin is vulnerable to Path Traversal. The vulnerability is due to improper validation of user-supplied input, which allows an attacker to exploit path traversal techniques to delete files stored on the server...
SameSite Cookie Vulnerability
kimai/kimai is vulnerable to SameSite cookie vulnerability. The vulnerability is due to improper cookie handling and insufficient SameSite protection in session management, which allows an attacker to exploit crafted PHP scripts to capture session cookie information and perform potential session...
Remote Code Execution (RCE)
facturascripts/facturascripts is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation of file paths within uploaded ZIP archives, which allows an attacker to overwrite arbitrary files and execute malicious code through a Zip Slip attack...
SQL Injection
LiteLLM is vulnerable to SQL Injection. The vulnerability is due to unsafe inclusion of caller-supplied API key values directly into database queries during proxy API key checks, which allows an attacker to read or modify database contents through crafted Authorization headers...
Denial Of Service
Net::IMAP is vulnerable to Denial of Service. The vulnerability is due to quadratic time complexity in Net::IMAP::ResponseReader when processing large responses with many string literals, allowing a malicious IMAP server to send crafted responses that exhaust CPU resources and cause a denial of...
Credential Harvesting Functionality
pytorchlightning is vulnerable to credential harvesting functionality. The vulnerability is due to the introduction of functionality in versions 2.6.2 that is consistent with a credential harvesting mechanism, which allows an attacker to capture or misuse sensitive credentials through malicious...
Improper Transport Layer Protection
net-imap is vulnerable to Improper Transport Layer Protection. The vulnerability is due to improper validation of the STARTTLS negotiation, where a man-in-the-middle attacker can cause Net::IMAPstarttls to report a successful TLS upgrade without establishing encryption, allowing interception of...
Deserialization Of Untrusted Data
Ray is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to Ray Data globally registering custom Arrow extension types and passing metadata bytes directly to cloudpickle.loads during PyArrow schema parsing, which allows an attacker to achieve arbitrary code execution by...
CRLF Injection
Net::IMAP is vulnerable to CRLF Injection. The vulnerability is due to insufficient validation and escaping of raw string arguments passed to several IMAP commands, which allows an attacker to inject CRLF sequences and execute arbitrary IMAP commands by supplying crafted user-controlled input...
Cross-site Scripting (XSS)
JupyterLab is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient validation of data-commandlinker- attributes in sanitized HTML output, which allows an attacker to craft a malicious notebook containing a deceptive button that executes arbitrary JupyterLab commands,...
Path Traversal
yard is vulnerable to Path Traversal. The vulnerability is due to insufficient sanitization of HTTP request paths in the yard server component, which allows an attacker to craft malicious requests that access arbitrary files on the host system outside the intended documentation directory...
Improper Origin Validation
Jupyter Server is vulnerable to improper origin validation. The vulnerability is due to the use of Python’s re.match for Origin header validation, which allows an attacker to bypass CORS origin restrictions by using a malicious domain that starts with a trusted domain name...
Remote Code Execution (RCE)
LiteLLM is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe rendering of user-supplied prompt templates in the POST /prompts/test endpoint without sandboxing, allowing authenticated users to execute arbitrary code within the LiteLLM Proxy process and potentially access...
CRLF Injection
net-imap is vulnerable to CRLF Injection. The vulnerability is due to improper sanitization of Symbol arguments passed to IMAP commands, which allows an attacker to inject CRLF sequences and execute unintended IMAP commands by supplying crafted input...
Authorization Bypass
CKAN is vulnerable to Authorization Bypass. The vulnerability is due to improper authorization enforcement in datastoresearchsql, allowing attackers to bypass access controls and retrieve data from private resources as well as PostgreSQL system information...
Server-Side Request Forgery (SSRF)
PhpSpreadsheet is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of user-controlled filenames passed to IOFactory::load, which allows an attacker to supply malicious PHP stream wrapper paths such as phar:// to trigger PHAR deserialization and...
Path Traversal
Mako is vulnerable to Path Traversal. The vulnerability is due to inconsistent slash-stripping behavior in TemplateLookup.gettemplate, where URIs beginning with // can bypass path restrictions and access arbitrary files outside the intended template directory, allowing disclosure of files readabl...
Improper Certificate Validation
CKAN is vulnerable to Improper Certificate Validation. The vulnerability is due to insufficient validation of SMTP server certificates, allowing attackers to spoof the configured mail server using invalid or self-signed certificates and enabling man-in-the-middle attacks against email traffic and...