38133 matches found
Incorrect Permission Assignment
Pulp is vulnerable to Incorrect Permission Assignment. The vulnerability is due to the use of the AutoAddObjPermsMixin method, which sets permissions based on the oldest user with task permissions. This allows an attacker to gain unauthorized access or privileges, as the permissions for objects...
Data Interception And Manipulation
Gorush is vulnerable to Data Interception and Manipulation. The vulnerability is due to the use of a deprecated TLS version in the RunHTTPServer function within servernormal.go, which allows an attacker to intercept and manipulate data...
Stored Cross Site Scripting (XSS)
code.gitea.io/gitea is vulnerable to Stored Cross Site Scripting XSS. The vulnerability is due to improper sanitization in modules/markup/sanitizer.go, which results in Stored Cross Site Scripting...
Denial Of Service (DoS)
REXML is vulnerable to Denial Of Service DoS. The vulnerability is due to a lack of proper entity expansion limits in its XML parsing with SAX2 or pull parser API. The vulnerability allows for excessive resource consumption when handling XML documents with numerous nested or repeated entities...
Remote Code Execution
Haystack is vulnerable to Remote Code Execution. The vulnerability is due to the use of Jinja2 templates, which can be exploited to run arbitrary code if a user creates and renders a malicious template on the client machine...
Insecure Deserialization
com.xuxueli, xxl-rpc-core is vulnerable to Insecure Deserialization. The vulnerability is caused due to a missing validation while deserializing the user supplied data when a TCP server is set up using the Netty framework and the Hessian serialization mechanism. Attackers can abuse this to take...
Authentication Bypass
github.com/RobotsAndPencils/go-saml is vulnerable to an Authentication Bypass. The vulnerability is due to improper configuration of the xmlsec1 tool in the go-saml library, which fails to restrict the origin of the public key used for signature verification. It allows an attacker to sign SAML...
Cross-site Scripting (XSS)
microweber/microweber is vulnerable to Reflected Cross-site Scripting XSS. The vulnerability is due to insufficient input validation in the /search endpoint, which can allows an unauthenticated remote attacker to inject arbitrary web scripts or HTML via the 'keywords' parameter...
Cross-site Scripting (XSS)
microweber/microweber is vulnerable to Cross Site Scripting XSS. The vulnerability is due to insufficient input validation in the userfiles\modules\tags\addtaggingtagged.php, allows attackers to inject and execute arbitrary JavaScript...
Cross-site Scripting (XSS)
microweber/microweber is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization in userfiles\modules\settings\admin.php by which an admin authenticated attacker can inject malicious scripts by submitting crafted input to the group field...
Improper Input Validation
The weave server API is vulnerable to Improper Input Validation. The vulnerability is caused due to a missing validation while fetching files from a remote directory for allowed file paths. This allows to traverse and leak arbitrary files remotely and can lead to a low-privileged users assuming t...
Reflected Cross-Site Scripting (Reflected XSS)
Scrypted is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to lack of input sanitization in the 'owner' and 'pkg' parameters in the plugin-http.ts file, allowing an attacker to run arbitrary JavaScript code...
Cross-site Scripting (XSS)
github.com/alexxit/go2rtc is vulnerable to DOM-based cross-site scripting XSS. The vulnerability is due to the lack of input sanitization when appending API data using innerHTML in the index page index.html, allowing an attacker to execute malicious scripts in the context of the go2rtc instance's...
Information Disclosure
libgrpc.so is vulnerable to Information Disclosure. The vulnerability is due to an error status for a misencoded header not cleared between header reads, resulting in subsequent incrementally indexed added headers in the first request being poisoned until cleared from the HPACK table. This can be...
Cross-Site Scripting
@builder.io/qwik is vulnerable to Cross-Site Scripting. The vulnerability is due to improper escaping of HTML on server-side rendering, which converts strings according to the rules in the render-ssr.ts...
Exposure Of Resource To Wrong Sphere
org.biscuitsec, biscuit is vulnerable to Exposure of Resource to Wrong Sphere. The vulnerability is due to the potential for third-party block requests to be forged by malicious users, tricking the third-party authority into generating datalog trusting the wrong keypair. Attackers can exploit thi...
Information Disclosure
matrix-react-sdk is vulnerable to Information Disclosure. The vulnerability is due to a malicious homeserver manipulating a user's account data to enable URL previews in encrypted rooms, causing any URLs in encrypted messages to be sent to the server. Attackers can use this to intercept URLs in...
Insufficient Verification Of Data Authenticity
github.com/regclient/regclient is vulnerable to Insufficient Verification Of Data Authenticity. The vulnerability is due to missing digest checks which allows a malicious registry to return a different digest for a pinned manifest without detection...
Cross-Site Request Forgery (CSRF)
ipl/web is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to certain circumstances where CSRF protection was insufficient...
Ciphertext Leakage
Netbird is vulnerable to Ciphertext Leakage. The vulnerability is due to the use of a static initialization vector IV in the Encrypt function within the crypt.go file, which does not change for different encryption operations and allows attackers to expose the sensitive information through...
ECDSA Signature Malleability
Elliptic is vulnerable to Signature Malleability. The vulnerability is due to the acceptance of BER-encoded signatures which allows for the manipulation of ECDSA signatures...
ECDSA Signature Malleability
Elliptic is vulnerable to Signature Malleability. The vulnerability is due to the lack of verification for the leading bit of r and s in ECDSA signatures, allowing for signature manipulation...
Signature Malleability
Elliptic is vulnerable to Signature Malleability. The vulnerability is due to lack of a signature length check, allowing for the manipulation of EDDSA signatures by adding or removing zero-valued bytes...
Insertion Of Sensitive Information Into Log File
github.com/elastic/apm-server is vulnerable to Insertion of Sensitive Information into Log File. The vulnerability is due to the APM server logging the document body from a partially failed bulk index request, caused by the ES response line containing the document body and being logged on error...
Privilege Escalation
github.com/kubean-io/kubean is vulnerable to Privilege Escalation. The vulnerability is due to the ClusterRole being configured with excessive permissions, allowing a malicious user with access to a worker node to gain unauthorized control over the entire cluster...
Denial Of Service (DOS)
github.com/containers/podman is vulnerable to a Denial of Service DoS. The vulnerability is due to the failure to properly clean up IPC resources created by malicious containers in /dev/shm, which can exhaust system memory and lead to a system outage and potentially leading to a memory-based deni...
Insufficient Session Expiration
apacheairflowprovidersfab is vulnerable to Insufficient Session Expiration. The vulnerability is due to improper session management, which fails to terminate user sessions upon logout and allowing attackers to continue accessing a user’s session or account...
Path Traversal
@nuxt/devtools is vulnerable to Path Traversal. The vulnerability is due to missing authentication on the getTextAssetContent RPC function and a lack of Origin checks on the WebSocket handler, allowing attackers to interact with a locally running devtools instance and exfiltrate data...
Remote Code Execution
nuxt is vulnerable to Remote Code Execution. The vulnerability is due to insufficient validation of the path parameter in the NuxtTestComponentWrapper, which allows an attacker to execute arbitrary JavaScript on the server side. Attackers can exploit this vulnerability by creating a malicious web...
Server-Side Request Forgery
@nuxt/icon is vulnerable to Server-Side Request Forgery. The vulnerability is due to improperly parsed proxied request paths in the /api/nuxticon/name endpoint, which lets an attacker change the scheme and host of the request. An attackers can exploit this flaw by passing a path prefixed with...
Cross-Site Scripting (XSS)
nuxt is vulnerable to a Cross-site Scripting XSS. nuxt is vulnerable to a Cross-site Scripting XSS. The vulnerability is due to improper handling of the javascript: protocol in the navigateTo function, which fails to correctly parse and block malformed URLs due to improper usage of the unjs/ufo...
Improper Certificate Validation
github.com/cortexproject/cortex is vulnerable to Improper Certificate Validation. The vulnerability is due to improper TLS certificate verification in the makeOperatorRequest function, which potentially allows an attacker to obtain sensitive information through a Man-in-the-Middle attack...
Arbitrary Code Execution
golang/go is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper sanitization of environment variable values, which results in the output of the "go env" command to include arbitrary commands or new environment variables when executed as a shell script...
Cross-site Scripting (XSS)
ezsystems/ezplatform-admin-ui is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper escaping of filenames, allowing XSS payloads to be executed during file upload...
Code Injection
org.apache.inlong:tubemq-core is vulnerable to Code Injection. The vulnerability is caused due to a missing sanitization which can be exploited by an attacker to lead to Remote Code Execution RCE...
Incorrect Permission Assignment For Critical Resource
github.com/snapcore/snapd is vulnerable to Incorrect Permission Assignment for Critical Resource. The vulnerability is due to the improper restriction of writes to the $HOME/bin path. An attacker can execute arbitrary scripts outside of the expected snap sandbox, potentially allowing them to esca...
Denial Of Service (DoS)
kibana is vulnerable to Denial Of Service DoS. The vulnerability is due to a specific endpoint without rate limiting, which allows an attacker with Viewer role to send a large number of maliciously crafted requests to that specific endpoint causing Kibana instance to crash...
Account Manipulation
github.com/navidrome/navidrome is vulnerable to Account Manipulation. The vulnerability is due to the insecure usage of the MD5 hashing algorithm to generate Gravatar URLs, which allows attackers to change another user's information under a controlled email address...
Improper Certificate Validation
github.com/casdoor/casdoor is vulnerable to Improper Certificate Validation. The vulnerability is due to the usage of the ssh.InsecureIgnoreHostKey method in the file viaSSHDialer.go, which disables host key verification and allows attackers to obtain sensitive information via a man-in-the-middle...
Improper Privilege Management
org.apache.linkis: linkis-common is vulnerable to Improper Privilege Management. The vulnerability is due to incorrect handling of permissions for Critical Resources. An attacker with a trusted account can gain unauthorized access to the Token information and escalate privileges...
Cross Site Scripting (XSS)
concrete5/concrete5 is vulnerable to Cross Site Scripting XSS. The vulnerability is due to insufficient input validation in the Name input field within the file instances.php, allowing a rogue administrator to inject malicious JavaScript code...
Arbitrary File Deletion
org.apache.linkis, linkis-common is vulnerable to Arbitrary File Deletion. The vulnerability is due to a defect in the Basic management services component which allows a user with an administrator account to delete any file accessible by the Linkis system user...
Denial Of Service (DoS)
REXML is vulnerable to Denial Of Service DoS. The vulnerability arises from parsing untrusted XML with specific characters such as whitespace, , and , which can lead to a DoS condition...
Improper Authorization
bostr is vulnerable to Improper Authorization.The vulnerability is due improper validation which lets any user access the api even when the authorizedkeys and noscraper is set to true. Attackers can exploit this by gaining access to the relay without proper authorization...
Code Injection
elektra is vulnerable to Code Injection. The vulnerability is due to improper handling of user input in the live search functionality of the Ruby on Rails-based Elektra web application, which allows authenticated users to craft a search term containing Ruby code that flows into an eval call,...
OS Command Injection
github.com/charmbracelet/soft-serve is vulnerable to OS Command Injection. The vulnerability is due to improper environment variable handling due to Soft Serve passing all environment variables given by the client to git subprocesses. Attackers can use this to execute arbitrary code via environme...
Heap Overflow Flaw
389-ds-base is vulnerable to a heap overflow flaw. The vulnerability is due to improper handling of input sizes when writing a value larger than 256 characters in the logentryattr, leading to memory corruption. Attackers can exploit this flaw to cause a denial of service, potentially crashing the...
Visible Encoding Maps
pheonixappapi is vulnerable to Visible Encoding Maps. The vulnerability is due to map of encoding/decoding languages are visible in code...
Cross-site Scripting
Zitadel is vulnerable to Cross-site Scripting. The vulnerability is due to a missing output sanitization in the HTML while rendering email information. An attacker can exploit this by creating a malicious link where the injected code would be rendered as part of the email...
Man-in-the-middle (MitM) Attack
github.com/codenotary/immudb is vulnerable to a man-in-the-middle MitM attack. The vulnerability is due to the use of the HTTP protocol in the ShowMetricsRaw and ShowMetricsAsText functions, which allows an attacker to intercept communications between the client and server...