Lucene search
K
VeracodeRecent

38340 matches found

Veracode
Veracode
•added 2024/08/29 11:8 a.m.•5 views

Divide By Zero

tensorflow is vulnerable to Divide By Zero. The vulnerability is caused due to the Prepare step of the SpaceToDepth TFLite operator does not check for 0 before division. An attacker can craft a model such that params-blocksize would be zero and potentially leads to DoS...

7.8CVSS6.6AI score0.00201EPSS
Exploits1References3Affected Software3
Veracode
Veracode
•added 2024/08/29 10:48 a.m.•13 views

Cross Site Scripting

phpoffice/phpspreadsheet is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to insufficient sanitization of spreadsheet styling information by \PhpOffice\PhpSpreadsheet\Writer\Html, which fails to remove or neutralize potentially harmful content before rendering it in HTML. It...

5.4CVSS6.2AI score0.00395EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2024/08/29 10:48 a.m.•10 views

Local File Bypass

phpoffice/phpspreadsheet is vulnerable to Local File Bypass. The vulnerability is due to improper validation and handling of XML input within XmlScanner.php, which allows attackers to exploit XXE to access local file contents...

8.8CVSS6.5AI score0.0057EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2024/08/29 10:35 a.m.•6 views

Divide By Zero

tensorflow is vulnerable to Divide By Zero. The vulnerability is caused due to a defect in the optimized implementation of the TransposeConv TFLite operator where there is a missing validation for strideh,w variable. An attacker can craft a model such that strideh,w values are 0 resulting in Divi...

7.8CVSS6.5AI score0.00201EPSS
Exploits1References3Affected Software3
Veracode
Veracode
•added 2024/08/29 10:21 a.m.•7 views

Privilege Escalation

github.com/hwameistor/hwameistor is vulnerable to Privilege Escalation. The vulnerability is due to misconfiguration of the ClusterRole in Hwameistor, which allows overly broad permissions that can be abused by a malicious user...

6.7CVSS6.6AI score0.00252EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2024/08/29 9:28 a.m.•19 views

Arbitrary Code Execution

JupyterLab is vulnerable to Arbitrary Code Execution. The vulnerability is due to user interaction with a malicious notebook or Markdown file using JupyterLab's preview feature, which allows execution of arbitrary code and unauthorized data access...

7.6CVSS7.3AI score0.00373EPSS
Exploits0References1Affected Software2
Veracode
Veracode
•added 2024/08/29 9:23 a.m.•8 views

Out-of-bounds Write

tensorflow, tensorflow-cpu and tensorflowgpu is vulnerable to Out-of-bounds Write. The vulnerability is due to improper handling of tensors when a model uses the same tensor for both an input and output of an operator, which can result in data loss and memory corruption...

6.5CVSS6.5AI score0.00729EPSS
Exploits1References9Affected Software3
Veracode
Veracode
•added 2024/08/29 5:34 a.m.•14 views

Path Traversal

github.com/mattermost/mattermost-server is vulnerable to Path Traversal. The vulnerability is due to insufficient input sanitization in the frontend for user-provided redirection paths. This allows attackers to craft malicious links that trick unsuspecting users into clicking on them, leading to...

8.8CVSS6.6AI score0.0019EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/08/29 5:33 a.m.•7 views

Unauthorized Session Creation And Password Reset

github.com/mattermost/mattermost-server is vulnerable to Unauthorized Session Creation And Password Reset. The vulnerability is due to a lack of proper validation for remote/synthetic users due to a shared channel configuration. This allows attackers to create munged email addresses using shared...

6.5CVSS6.6AI score0.00261EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/08/29 4:4 a.m.•15 views

Path Traversal

github.com/mattermost/mattermost-server is vulnerable to Path Traversal. The vulnerability is due to improper input validation of the CA path file in the Elasticsearch configuration due to a lack of proper sanitization and validation. This allows an attacker to provide a malicious path, such as...

4.9CVSS7AI score0.00456EPSS
Exploits0References1Affected Software1
Veracode
Veracode
•added 2024/08/28 8:43 p.m.•10 views

SQL Injection

Centreon Web is vulnerable to SQL Injection. The vulnerability is due to improper input validation in the Downtime component, which allows attackers to execute arbitrary SQL commands...

9.1CVSS7.8AI score0.00488EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/08/28 8:32 p.m.•5 views

Sensitive Cookie In HTTPS Session Without "Secure" Attribute

taipy is vulnerable to Sensitive Cookie in HTTPS Session Without "Secure" Attribute. The vulnerability is due to the improper setting of security flags on session cookies. An attacker can intercept or tamper with the cookie over insecure connections by exploiting the lack of Secure and HttpOnly...

7.1AI score
Exploits0
Veracode
Veracode
•added 2024/08/28 7:53 p.m.•3 views

Uncontrolled Resource Consumption

github.com/CosmWasm/wasmvm is vulnerable to Uncontrolled Resource Consumption. The vulnerability is due to improper handling of specifically crafted Wasm files, leading to high memory usage, potential slowdowns, crashes, and lock poisoning in the VM and potentially leads to DoS...

7AI score
Exploits0
Veracode
Veracode
•added 2024/08/28 7:32 p.m.•15 views

Uncontrolled Recursion

@apollo/gateway and @apollo/query-planner are vulnerable to Uncontrolled Recursion. The vulnerability is due to the query planner potentially entering an infinite loop when processing sufficiently complex queries, leading to unbounded memory consumption and possible system crashes...

7.5CVSS7.1AI score0.00988EPSS
Exploits1References6Affected Software2
Veracode
Veracode
•added 2024/08/28 5:11 a.m.•12 views

CORS Misconfiguration

github.com/casdoor/casdoor is vulnerable to CORS Misconfiguration. The vulnerability is due to improper origin header validation, which only checks for a prefix, allowing any domain with a valid subdomain prefix to make cross-domain requests to Casdoor as the logged-in user...

8.8CVSS6.7AI score0.00748EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2024/08/28 4:19 a.m.•18 views

Authentication Bypass

flowise is vulnerable to Authentication Bypass. The vulnerability is due to inadequate authentication controls that fail to properly verify user credentials, allowing unauthenticated attackers to access administrator-level API endpoints...

9.8CVSS7.1AI score0.46109EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/08/28 4:9 a.m.•21 views

Denial Of Service (DoS)

Flowise is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of user-supplied input to the /api/v1/get-upload-file API endpoint, which allows an attacker to crash the instance running the vulnerable version...

7.5CVSS6.7AI score0.13898EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/08/28 4:2 a.m.•13 views

Request Smuggling

Apache Traffic Server is vulnerable to Request Smuggling. The vulnerability is caused due to the server sending malformed HTTP chunked trailer section to origin servers...

9.1CVSS6.6AI score0.0097EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/08/28 3:52 a.m.•14 views

Unauthorized Access

aws-cdk is vulnerable to Unauthorized Access. The vulnerability is due to improper handling of authorization scopes when using the RestApi construct with CognitoUserPoolAuthorizer This flaw allows authenticated Amazon Cognito users to gain broader access than intended...

6.4CVSS6.4AI score0.00314EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2024/08/28 3:33 a.m.•13 views

Cross Site Scripting(XSS)

Webpack is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to improper handling and lack of sanitization of HTML elements and their attributes in Webpack's AutoPublicPathRuntimeModule, allowing attacker-controlled elements to execute malicious scripts...

6.4CVSS6.7AI score0.00897EPSS
Exploits1References7Affected Software1
Veracode
Veracode
•added 2024/08/28 1:20 a.m.•10 views

Incorrect Input Validation

Apache Traffic Server is vulnerable to Incorrect Input Validation. The vulnerability is caused due to Invalid Accept-Encoding header. This can lead to fail cache lookup and force forwarding requests...

8.2CVSS6.6AI score0.01085EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/08/27 8:24 p.m.•6 views

NULL Pointer Dereference

Fort is vulnerable to NULL Pointer Dereference. The vulnerability is caused due to a malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP an ROA or a Manifest containing a null eContent field which Fort dereferences without sanitizing it first. Because...

7.5CVSS6.6AI score0.00481EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/08/27 8:23 p.m.•5 views

NULL Pointer Dereference

Fort is vulnerable to NULL Pointer Dereference. The vulnerability is caused due a malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing a bit string that doesn't properly decode into a Subject Public Key. When compiled wi...

7.5CVSS6.5AI score0.00305EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/08/27 8:23 p.m.•7 views

Buffer Overflow

Fort is vulnerable to Buffer Overflow. The vulnerability is caused due to a malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing a Key Usage extension composed of more than two bytes of data. Fort writes this string into...

9.8CVSS6.8AI score0.00356EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/08/27 8:23 p.m.•7 views

Denial Of Service (DOS)

Fort is vulnerable to Denial Of Service DOS. The vulnerability is caused due to a malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a signed object containing an empty signedAttributes field which Fort accesses without sanitizing it first. Because For...

7.5CVSS6.7AI score0.00481EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/08/27 8:22 p.m.•18 views

NULL Pointer Dereference

Fort is vulnerable to NULL Pointer Dereference. The vulnerability is caused due to a malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing an Authority Key Identifier extension that lacks the keyIdentifier field which For...

7.5CVSS6.7AI score0.00305EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/08/27 8:22 p.m.•14 views

Denial Of Service (DOS)

Fort is vulnerable to Denial Of Service DOS. The vulnerability is caused due to a malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP an ROA or a Manifest containing a signedAttrs encoded in non-canonical form which bypasses Fort's BER decoder. This...

7.5CVSS6.8AI score0.00452EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/08/27 1:48 p.m.•19 views

Race Condition

k8s.io/kubernetes is vulnerable to Race Condition. The vulnerability is caused due to Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this...

3.5CVSS7AI score0.01082EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2024/08/27 10:32 a.m.•7 views

Improper Input Validation

github.com/imroc/req is vulnerable to Improper Input Validation. The vulnerability is caused due to a missing validation for the malformed URL when an unintended request is sent as cleanHost in http.go intentionally uses a "garbage in, garbage out" design...

9.8CVSS6.6AI score0.00724EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/08/27 10:21 a.m.•12 views

Improper Input Validation

Google Snappy library is vulnerable to a Improper Input Validation. The vulnerability is due to an overlap in the memcpy parameters, which could result in a crash or unintended read from other parts of process memory...

8.1CVSS6.4AI score0.0043EPSS
Exploits0References3Affected Software2
Veracode
Veracode
•added 2024/08/27 9:44 a.m.•12 views

Sensitive Information Disclosure

openstack-heat is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the stack abandon command with the hidden feature set to True by which an attacker can disclose sensitive information...

5CVSS6.4AI score0.0039EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2024/08/27 9:0 a.m.•8 views

Improper File Path Handling

unzip-stream is vulnerable to Improper File Path Handling. The vulnerability is due to the Extract method allowing malicious zip files to write to unauthorized paths...

7AI score
Exploits0
Veracode
Veracode
•added 2024/08/27 7:41 a.m.•6 views

Denial Of Service (DOS)

github.com/mattermost/mattermost-plugin-channel-export is vulnerable to Denial Of Service DOS. The vulnerability is caused due to a failure to restrict concurrent runs of the /export command. The can allow an attacker to consume excessive resource by running the /export command multiple times at...

4.3CVSS6.8AI score0.00434EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/08/27 7:13 a.m.•13 views

Code Injection

llamaindex is vulnerable to Code Injection. The vulnerability is caused due to a missing validation for the clsname variable used in the exec call in the download/integration.py script. An attacker can execute arbitrary code by injecting malicious input into the clsname variable used in the exec...

8.8CVSS7.5AI score0.00528EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/08/27 7:12 a.m.•9 views

Cross Site Scripting(XSS)

fastapi-admin is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient validation of the Product Name parameter in the Config-Create function, allowing attackers to inject and execute arbitrary web scripts or HTML...

6.1CVSS6.5AI score0.0027EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/08/27 7:12 a.m.•12 views

Cross Site Scripting

fastapi-admin is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient validation and sanitization of the Product Name parameter in the Create Product function, which allows attackers to inject and execute arbitrary web scripts or HTML...

6.1CVSS6.5AI score0.0027EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/08/27 6:53 a.m.•13 views

Cross Site Scripting(XSS)

Khoj is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization of the q parameter in the /api/automation endpoint, which allows users to inject arbitrary HTML/JS into task instructions...

5.4CVSS5.8AI score0.00519EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2024/08/27 6:51 a.m.•17 views

Unauthorized API Access

goauthentik.io is vulnerable to unauthorized API access. The vulnerability is due to a lack of proper authentication enforcement on specific API endpoints due to missing authorization checks. This allows unauthenticated users to access sensitive information such as private keys and certificates b...

7.5CVSS6.6AI score0.00559EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/08/27 6:48 a.m.•12 views

Cross Site Scripting

github.com/casdoor/casdoor is vulnerable to Cross Site Scripting. The vulnerability is due to improper input validation in the successUrl parameter that redirects users after a successful purchase. Attacker can craft a Casdoor link with a malicious URL and trick users into making a payment...

6.1CVSS6.6AI score0.00423EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2024/08/27 6:33 a.m.•10 views

Unauthorized Access

github.com/jpillora/chisel is vulnerable to Unauthorized Access. The vulnerability is due to the Chisel server not reading the documented AUTH environment variable, which allows unauthenticated users to connect even when credentials are set...

8.6CVSS8.6AI score0.0045EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/08/27 6:32 a.m.•15 views

Improper Authorization

github.com/hyperledger/fabric is vulnerable to Improper Authorization. the vulnerability is due to the improper verification of timestamp authenticity within the request handling process. An attacker can manipulate the timestamp to bypass security controls by sending a crafted request with a...

5.3CVSS6.7AI score0.00589EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/08/26 11:53 a.m.•13 views

Arbitrary File Read

org.apache.seatunnel, seatunnel-web is vulnerable to Arbitrary File Read. The vulnerability is caused due to a missing validation in the MySQL connection URL using parameters allowLoadLocalInfile, allowLoadLocalInfile , allowUrlInLocalInfile and allowLoadLocalInfileInPath. This can lead to an...

7.5CVSS6.6AI score0.00934EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/08/26 11:40 a.m.•8 views

Improper Access Control

github.com/mattermost/mattermost-server is vulnerable to Improper Access Control. The vulnerability is caused due to a failure to restrict which roles can promote a user as system admin which allows a System Role with edit access to the permissions section of system console to update their role...

7.2CVSS7AI score0.00344EPSS
Exploits0References1Affected Software1
Veracode
Veracode
•added 2024/08/26 9:56 a.m.•12 views

Improper Access Control

github.com/mattermost/mattermost-server is vulnerable to Improper Access Control. The vulnerability is caused due to a failure to enforce proper access controls which allows any authenticated user, including guests, to mark any channel inside any team as read for any user...

4.3CVSS6.5AI score0.00244EPSS
Exploits0References1Affected Software1
Veracode
Veracode
•added 2024/08/26 8:46 a.m.•14 views

Improper Check For Unusual Or Exceptional Conditions

github.com/mattermost/mattermost-server is vulnerable to Improper Check For Unusual Or Exceptional Conditions. The vulnerability is caused due to a failure to restrict the input in POST /api/v4/users which allows a user to manipulate the creation date in POST /api/v4/users tricking the admin into...

5.3CVSS6.9AI score0.00291EPSS
Exploits0References1Affected Software1
Veracode
Veracode
•added 2024/08/26 8:45 a.m.•14 views

Incorrect Default Permissions

RequestStore is vulnerable to Incorrect Default Permissions. The vulnerability is due to the files being published with world-writable permissions, This allowing attackers to execute arbitrary code...

7.8CVSS7.8AI score0.00194EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/08/26 8:37 a.m.•11 views

Incorrect Input Validation

libfrr.so is vulnerable to Incorrect Input Validation. The vulnerability is caused due to an issue in function bgpattrencap within bgpd/bgpattr.c which does not check the actual remaining stream length before taking the TLV value...

9.8CVSS6.6AI score0.00641EPSS
Exploits0References3Affected Software2
Veracode
Veracode
•added 2024/08/26 7:51 a.m.•16 views

Improper Verification Of Cryptographic Signature

org.springframework.boot:spring-boot-loader and org.springframework.boot:spring-boot-loader-classic are vulnerable to Improper Verification of Cryptographic Signature due to the signature verification process in nested jar files. An attacker can manipulate the signature to appear as if it was...

6.3CVSS6.6AI score0.00123EPSS
Exploits0References4Affected Software2
Veracode
Veracode
•added 2024/08/26 7:26 a.m.•13 views

Cross-site Scripting (XSS)

pretix is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper user input sanitization in the placeholders like name or event. An attacker can inject HTML tags into email previews on the settings page by exploiting this vulnerability...

7.2CVSS6.2AI score0.00303EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/08/26 7:12 a.m.•23 views

Cross-site Scripting (XSS)

automad/automad is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient input sanitization, allowing an attacker to inject malicious JavaScript code into the template body, which is then stored in the CMS and executed in the browser of any user visiting the forum...

4.8CVSS6.5AI score0.00769EPSS
Exploits2References4Affected Software1
Total number of security vulnerabilities38340