Missing Certificate Verification

github.com/gogf/gf is vulnerable to Missing Certificate Verification. The vulnerability is due to the default configuration of the GHTTP client, which skips TLS certificate verification. The vulnerability allows attackers to exploit the gclient component to potentially perform a Man-in-the-Middle...

Observable Discrepancy

github.com/zitadel/zitadel is vulnerable to Observable Discrepancy. The vulnerability is caused due to "Ignoring unknown usernames" flag being not respected correctly in all cases. This can lead to an attacker gaining information if an account exists within ZITADEL...

Man-in-the-middle Attack

github.com/benbjohnson/litestream is vulnerable to a Man-in-the-middle Attack. The vulnerability is due to unsafe usage of ssh.InsecureIgnoreHostKey, which disables host key verification and potentially allows attackers to obtain sensitive information through a Man-in-the-middle Attack...

Privilege Escalation

github.com/beego/beego is vulnerable to privilege escalation. The vulnerability is due to the getCacheFileName function in the file.go file, allowing a remote attacker to escalate privileges...

Prototype Pollution

json-override is vulnerable to Prototype Pollution. The vulnerability is caused by recursive assignment of properties from source to destination. An attacker can exploit this by injecting proto as a key at the source which can pollute the global prototype and can be escalated to Denial of service...

Man-In-The-Middle Attack

github.com/mickael-kerjean/filestash is vulnerable to Man-In-The-Middle Attack. The vulnerability is due to the usage of ssh.InsecureIgnoreHostKey function, which disables host key verification, allowing attackers to obtain sensitive information via a man-in-the-middle attack...

TLS Certificate Verification Bypass

github.com/mickael-kerjean/filestash vulnerable to TLS certificate verification bypass. The vulnerability is due to insecure email verification code transmission, as TLS verification is being bypassed. Attackers can exploit this to intercept or tamper with email communications, potentially gainin...

Improper Certificate Validation

github.com/mickael-kerjean/filestash is Improper Certificate Validation. The vulnerability is due to the InsecureSkipVerify flag being set to true, which instructs the client to bypass the validation of the server's TLS certificate, exposing the connection to man-in-the-middle attacks. Attackers...

Privilege Escalation

github.com/beego/beego is vulnerable to Privilege Escalation. The vulnerability is due to improper input validation in the sendMail function within smtp.go, which allows attackers to escalate privileges remotely...

Missing Encryption Of Sensitive Data

Elasticsearch is vulnerable to Missing Encryption of Sensitive Data. The vulnerability is due to the elasticsearch-certutil CLI tool storing generated private keys unencrypted on disk when creating Certificate Signing Requests, even if the --pass parameter is used...

Open Redirection

Mobile Security Framework MobSF is vulnerable to Open Redirection. The vulnerability is due to URL redirection to Untrusted Site through the authentication view by manipulating the redirect URL after a successful login...

Cross-site Scripting (XSS)

ibexa/admin-ui is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient sanitization of filenames in the file upload widget, which allows XSS payloads to be executed during the upload process...

Prototype Pollution

@allpro/form-manager is vulnerable to Prototype Pollution. The vulnerability is due to inadequate validation and protection in the setDefaults, mergeBranch, and Object.setObjectValue methods, which allows attackers to manipulate Object.prototype and potentially escalate to Denial of Service, remo...

SQL Injection

github.com/prest/prest is vulnerable to SQL Injection through the authentication mechanism. The vulnerability is due to improper input validation which allows an attacker to bypass security restrictions and execute unauthorized SQL commands by manipulating input...

Heap Buffer Over-Read

libcurl.so is vulnerable to a Heap Buffer Over-Read. The vulnerability is due to improper handling of invalid ASN.1 Generalized Time fields in the GTime2str function via lib/x509asn1.c. which allows an attacker to disclose sensitive information by exposing heap contents through the CURLINFOCERTIN...

Prototype Pollution

@ais-ltd/strategyen is vulnerable to prototype pollution. The vulnerability is due to passing arguments with the built-in property proto to the function helpers.restoreState, which allows attackers to alter object behavior and potentially lead to Denial of Service, remote code execution, or...

Prototype Pollution

@chasemoskal/snapstate is vulnerable to Prototype Pollution. The vulnerability is due to passing arguments crafted with the built-in property proto to the function attemptNestedProperty, which allows an attacker to alter the behavior of all objects inheriting from the affected prototype and...

Privilege Escalation

langflow is vulnerable to Privilege Escalation. The vulnerability is due to improper validation in the '/api/v1/users' endpoint, allowing a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request...

Improper Permission Validation

github.com/goharbor/harbor is vulnerable to Improper Permission Validation. The vulnerability is due to the failure to validate maintainer role permissions when updating project configurations. Attackers can exploit this by sending requests to create, update, or delete metadata in a project they ...

Prototype Pollution

@75lb/deep-merge is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of deepMerge methods in lodash to merge objects, which can allow attackers to execute arbitrary code, cause a Denial of Service DoS...

Buffer Overflow

libfreerdp.so is vulnerable to Heap-Based Buffer Overflow. The vulnerability is caused due to a defect in the gfxdecompresssegment which results in a memory corruption and possible remote code execution...

Segmentation Fault

tensorflow is vulnerable to Segmentation Fault. The vulnerability is caused due to a defect in a function arrayops.upperbound when not given a rank 2 tensor. It leads to Denial Of Service DOS...

Improper Input Validation

@fuel-ts/account is vulnerable to Improper Input Validation. The vulnerability is caused due to the fund function in fuels-ts/packages/account/src/account.ts which gets the needed resources statelessly with the function getResourcesToSpend without taking into consideration already used UTXOs. Thi...

Information Disclosure

typo3/cms is vulnerable to Information Disclosure. The vulnerability is due to improper access control in the file list module, allowing editors with access to this module to list all file and folder names in the root directory of a TYPO3 installation. Attackers can use this to gather information...

Denial Of Service (DoS)

com.graphql-java: graphql-java is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of ExecutableNormalizedFields ENFs in introspection queries, allowing attackers to send queries that can overwhelm the service and cause it to become unresponsive...

Incorrect Access Control

studio-42/elfinder is vulnerable to Incorrect Access Control. The vulnerability is due to unauthorized copying of files with restricted extensions between server directories, allowing an attacker to expose secrets and potentially perform remote code execution...

Stored Cross Site Scripting (XSS)

aim is vulnerable to a Stored Cross Site Scripting XSS. The vulnerability is due to improper input neutralization in the logs-tab, which uses dangerouslySetInnerHTML in React. The vulnerability allows an attacker to inject malicious scripts into the logs...

Authentication Bypass By Spoofing

Apache SeaTunnel is vulnerable to Authentication Bypass by Spoofing. The vulnerability is due to a hardcoded JWT key in the application, allowing an attacker to forge any token to log in as any user...

Information Exposure

pimcore/admin-ui-classic-bundle is vulnerable to Information Exposure. The vulnerability is due to the exposure of installation and system details to logged-in users at /admin/index/statistics, which allows to gain insights into the system's configuration and potential weaknesses...

Cross-Site Scripting (XSS)

com.jfinal, jfinal is vulnerable to Cross-site scripting. The vulnerability is due to improper input validation in the Title parameter in the /admin/content file, which can be manipulated to inject malicious scripts. Attackers can exploit this vulnerability remotely to execute arbitrary scripts i...

Cross-Site Scripting (XSS)

com.jfinal, jfinal is vulnerable to Cross-Site Scripting. The vulnerability is due to improper validation of user input in the argument directory of the file /admin/template. Attackers can exploit this vulnerability remotely by injecting malicious scripts, potentially leading to unauthorized...

Cross-Site Scripting (XSS)

typo3/cms is vulnerable to Cross-Site Scripting XSS.The vulnerability is caused due to improper encoding of editor input, allowing authenticated editors to inject arbitrary HTML...

Cross-Site Scripting (XSS)

quivr is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of URL uploads, allowing users to insert malicious JavaScript payloads. Attackers can use this to execute JavaScript whenever any user clicks on a link containing the payload...

Cross-Site Scripting (XSS)

typo3/cms is vulnerable to Cross-Site Scripting XSS. The vulnerability is caused due to a lack of sanitization of content from editors. This allows attackers with valid editor accounts to inject malicious scripts into content scanned by the link validator component...

Remote Code Execution (RCE)

admidio/admidio is vulnerable to Remote Code Execution RCE. The vulnerability is due to lack of file extension verification and public file upload availability in the Message module's attachment. This vulnerability allows malicious files to be uploaded and accessed publicly, resulting in RCE...

Sensitive Information Exposure

github.com/juju/juju is vulnerable to Sensitive Information Exposure. The vulnerability is due to the leak of the sensitive context ID, allowing a local unprivileged attacker to access other sensitive data or relations accessible to the local charm...

Cross-site Scripting (XSS)

Magento-lts is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper system config sanitisation within the design/header/welcome, design/header/logosrc, design/header/logosrcsmall, and design/header/logoalt, which allows an admin authenticated attacker to perform Cross-site...

Cross-Site Scripting (XSS)

typo3/cms is vulnerable to Cross-Site Scripting XSS.The vulnerability is caused due to improper sanitization of content from editors, allowing attackers with a valid editor account to inject malicious scripts...

Cross-Site Scripting (XSS)

typo3/cms is vulnerable to Cross-Site Scripting XSS. The vulnerability is caused due to the lack of input sanitization for content submitted by unauthenticated website visitors, which allows malicious scripts to be executed in the context of the user's browser...

Regular Expression Denial Of Service (ReDoS)

fast-xml-parser is vulnerable to Regular Expression Denial of Service. The vulnerability is due to inefficient regex processing in currency.js, which allows attackers to exploit this by providing malicious input to cause excessive backtracking and performance degradation potentially leads to DoS...

HTML Injection

twisted is vulnerable to an HTML injection. The vulnerability is due to improper sanitization of the redirect URL which attackers can exploit to inject malicious scripts into the web page. potentially leads to Reflected Cross-Site Scripting XSS in the redirect response HTML body...

Out-of-Bounds Read

libcurl.so is vulnerable to an Out-of-Bounds Read. The vulnerability is due to a flaw in the URL API function curlurlget when using the macidn IDN backend. It arises from the function filling the provided buffer exactly without null-terminating the string. Attackers can exploit this to read stack...

Stack-based Buffer Overflow

libcurl.so is vulnerable to a Stack-based Buffer Overflow. The vulnerability is due to improper handling of memory in the utf8asn1str function, which invokes free function on a 4-byte local stack buffer when detecting an invalid field. Attackers can exploit this flaw to overwrite nearby stack...

HTTP Request/Response Smuggling

Twisted is vulnerable to HTTP Request/Response Smuggling. The vulnerability is due to the HTTP 1.0 and 1.1 server provided by twisted.web which can process pipelined HTTP requests out-of-order...

Path Traversal

tgstation-server is vulnerable to Path Traversal. The vulnerability is due to low permission users with the "Set .dme Path" privilege potentially setting malicious .dme files to be compiled and executed, which can escalate into remote code execution via BYOND's shell proc...

Improper Privilege Management

RaspAP is vulnerable to Improper Privilege Management. The vulnerability is due to improper permissions settings on the restapi.service file and excessive sudo privileges granted to the www-data user by which an attacker can escalate their privileges by modifying the service file or executing...

Insufficient Verification Of Data Authenticity

eduMFA is vulnerable to Insufficient Verification of Data Authenticity. The vulnerability is due to missing checks for Message-Authenticator attributes, which could result in authentication bypass...

Insecure Permissions

github.com/kumahq/kuma is vulnerable to insecure permissions. The vulnerability is due to improper access control that allows attackers to access sensitive data and escalate privileges by obtaining the service account's token...

Blocklist Bypass

Anki is vulnerable to a Blocklist Bypass vulnerability. The vulnerability is due to insufficient validation in the LaTeX functionality, which allows a specially crafted malicious flashcard to lead to arbitrary file creation at a fixed path. Attackers can exploit this by sharing a malicious...

Arbitrary File Read

anki is vulnerable to Arbitrary File Read. The vulnerability is due to the lack of proper sanitization of the verbatim package when processing Latex, which allows attackers to share a specially crafted flashcard to trigger this vulnerability...