Improper Authentication

github.com/moby/moby is vulnerable to Improper Authentication. The vulnerability is due to the Docker Engine handling of specially-crafted API requests, which causes authorization plugins to receive requests or responses without the body. Attackers can use this flaw to bypass AuthZ plugins and...

Incorrect Access Control

github.com/cert-manager/cert-manager is vulnerable to Incorrect Access Control. The vulnerability is due to insecure permissions in cert-manager, allowing attackers to access sensitive data and escalate privileges by obtaining the service account's token...

Privilege Escalation

github.com/volcano-sh/volcano is vulnerable to Privilege Escalation. The vulnerability is due to insecure permissions in Volcano, which allows attackers to access sensitive data and escalate privileges by obtaining the service account's token...

Arbitrary Script Execution

anki is vulnerable to Arbitrary Script Execution. The vulnerability is due to inadequate validation and handling of flashcard content in the MPV functionality, allowing an attacker to send a malicious flashcard that can trigger arbitrary code execution...

Symbolic Link Privilege Escalation

github.com/snapcore/snapd is vulnerable to Symbolic Link Privilege Escalation. The vulnerability is due improper symbolic link destinations path checks during snap extraction, which allows an attacker to cause snapd to write contents to a world-readable directory and potentially expose privileged...

Denial Of Service (DoS)

github.com/snapcore/snapd is vulnerable to Denial of Service DoS. The vulnerability is due to improper file type checking when extracting snaps, allowing malicious snaps containing non-regular files to cause snapd to block indefinitely and result in a Denial of Service...

Improper Restriction Of Security Token Assignment

github.com/KubeOperator/kubepi is vulnerable to Improper Restriction of Security Token Assignment. The vulnerability is due to an empty JWT key in the default configuration file, which allows for a bypass of the login verification and direct backend access...

Session Hijacking

craftcms/cms is vulnerable to Session Hijacking. The vulnerability is due to the reuse of TOTP tokens multiple times within the validity period, which allows an attacker with the victim's credentials to reuse a valid token and establish an authenticated session...

Path Traversal

parisneo/lollms is vulnerable to Path Traversal. The vulnerability is due to the sanitizepath function within the file lollmsconfigurationinfos.py, which allows attackers to manipulate the discussiondbname parameter and potentially write to important system directories...

Remote Code Execution (RCE)

org.springframework.cloud: spring-cloud-skipper-server is vulnerable to Remote Code Execution RCE. The vulnerability is caused due to improper validation of upload requests, allowing a malicious user with access to the Skipper server API to write an arbitrary file to any location on the file...

Code Injection

Woodpecker is vulnerable to Code Injection. The vulnerability is due to insufficient user validation, allowing any user to trigger malicious workflows that can either take over the host running the agent or extract secrets by overwriting plugin entry points...

Directory Traversal

Csla is vulnerable to Directory Traversal. The vulnerability is caused due to the lack of validation for directory traversal sequences in the assembly path before loading the assembly within MobileFormatter component. This allows an attacker to potentially access and execute arbitrary files on th...

Cross-Site Scripting (XSS)

mediawiki/metrolook-skin is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization in MediaWiki top-level menu entries, allowing attackers to inject and execute arbitrary script code...

Code Injection

Woodpecker is vulnerable to Code Injection. The vulnerability is due to insufficient user validation, allowing any user to trigger malicious workflows that can either take over the host running the agent or extract secrets by overwriting plugin entry points...

Information Exposure

org.apache.pinot, pinot-controllert is vulnerable to Information Exposure. The vulnerability is due to the lack of proper access controls within the "/appconfigs" endpoint, which allows unauthorized users to access sensitive system and environment information...

Server-Side Request Forgery (SSRF)

github.com/gotenberg/gotenberg/v8 is vulnerable to Server-side Request Forgery SSRF. The vulnerability is due to improper handling of requests made to the /convert/html endpoint, allowing attackers to exploit local file inclusion by referencing localhost files such as...

Information Disclosure

github.com/argoproj/argo-cd is vulnerable to Information Disclosure. The vulnerability is due to improper enforcement of permission revocation for open terminal sessions within websocket.go, which allows continued unauthorized access and the potential leakage of sensitive information even after...

Improper Access Control

github.com/fabedge/fabedge is vulnerable to Improper Access Control. The vulnerability is due to improperly configured permissions allowing access to sensitive data and escalate privileges by obtaining the service account's token. Attackers can exploit this vulnerability to access sensitive...

XML External Entity (XXE) Injection

Apache Drill is vulnerable to XML External Entity XXE Injection. The vulnerability is due to inadequate restriction of external entity references, allowing attackers to access files or execute commands through manipulated XML data...

Unauthorized File Access

duckdb is vulnerable to Unauthorized File Access. The vulnerability is due to inadequate restrictions in the sniffcsv function, allowing access to the filesystem even when enableexternalaccess=false. Attackers can exploit this by reading content from files such as /etc/hosts and proc/self/environ...

Cross Site Scripting (XSS)

Sentry is vulnerable to Cross Site Scripting XSS. The vulnerability is due to lack of input sanitization for payloads sent from Integration platform integrations, which allows arbitrary HTML tags to be stored and rendered on the Issues page...

Assertion Failure

libbind9.so is vulnerable to an Assertion Failure. The vulnerability is due to improper handling of client queries that trigger serving stale data and require lookups in local authoritative zone data, allowing an attacker to disrupt the normal operation of the BIND 9 service, potentially causing ...

Template Injection

org.openidentityplatform.openam, openam-oauth2 is vulnerable to Template Injection. The vulnerability is due to improper template restrictions in the getCustomLoginUrlTemplate function within RealmOAuth2ProviderSettings.java, allowing attackers to inject and execute arbitrary code via the...

Improper Access Control

github.com/layer5io/meshery is vulnerable to Improper Access Control. The vulnerability is due to improperly configured permissions allowing access to sensitive data and escalate privileges by obtaining the service account's token. Attackers can exploit this vulnerability to access sensitive...

Improper Access Control

github.com/hwameistor/hwameistor is vulnerable to Improper Access Control. The vulnerability is due to improperly configured permissions allowing access to sensitive data and escalate privileges by obtaining the service account's token. Attackers can exploit this vulnerability to access sensitive...

Improper Authorization

Streampark is vulnerable to Improper Authorization. The vulnerability is due to the Backend service returning "Authorization" as the front-end authentication credential upon successful login, allowing users to request other users' information, including the administrator's username, password, and...

Regular Expression Denial Of Service (ReDoS)

tf2-item-format is vulnerable to a Regular Expression Denial of Service ReDoS. The vulnerability is due a regular expression with inefficient complexity utilized in decomposeName.ts, which allows an attacker to perform Denial of Service DoS attacks on any service that uses tf2-item-format to pars...

Denial Of Service (DoS)

github.com/wcharczuk/go-chart is vulnerable to Denial of Service DoS. The vulnerability is due to an infinite loop when executing the drawCanvas function with a StackedBarChart containing a long name value. If the name value originates from untrusted input, an attacker can cause an infinite loop...

Denial Of Service (DoS)

libbind9.so is vulnerable to Denial of Service. The vulnerability is due to resolver caches and authoritative zone databases holding significant numbers of RRs for the same hostname, leading to issues when content is added or updated, and when handling client queries for this name...

Denial Of Service (DoS)

libbind9.so is vulnerable to Denial of Service. The vulnerability is due to the handling of "KEY" Resource Records in DNSSEC-signed domains, allowing attackers to exhaust resolver CPU resources by sending a stream of SIG0 signed requests...

DNS Message Flood Attacks

libbind9.so is vulnerable to DNS message flood attack. The vulnerability is due to inadequate handling of multiple DNS messages over TCP, causing the server to become unstable during the attack. Attackers can exploit this by sending numerous DNS messages over TCP, potentially leading to server...

Cross Site Scripting (XSS)

Vue is vulnerable to Cross Site Scripting XSS. The vulnerability is due to manipulating the prototype chain of specific properties such as Object.prototype.staticClass or Object.prototype.staticStyle, which allows an attacker to execute arbitrary JavaScript code via prototype pollution...

Heap-based Buffer Overflow

fiona is vulnerable to Heap-based Buffer Overflow. The vulnerability is due to improper handling of long filenames, comments, or extra fields in within zlib components that contain integer overflow vulnerabilities, which can result in an application crash or potential code execution...

Improper Authentication

org.apache.streampark, streampark is vulnerable to Improper Authentication. The vulnerability is due to improper session management allowing the "Authorization" credential to remain valid even after logout, enabling attackers to use this credential to initiate requests and potentially access data...

Authorization Bypass

alextselegidis/easyappointments is vulnerable to Authorization Bypasss. The vulnerability is due to insufficient access controls in the GET, PUT, DELETE /secretaries/secretaryId endpoints, allowing a low privileged user to fetch, modify, or delete a secretary's data...

Unauthorized Access

alextselegidis/easyappointments is vulnerable to Unauthorized Access. The vulnerability is due to insufficient access controls in the GET, PUT, DELETE /providers/providerId endpoints, allowing a low privileged user to fetch, modify, or delete a privileged user's data...

Use After Free

GPAC is vulnerable to Use After Free. The vulnerability is caused by not properly freeing memory for prevl and its components before removing it from the list in the xmtnodeend function, leading to a use after free condition...

NULL Pointer Dereference

GPAC is vulnerable to NULL Pointer Dereference. The vulnerability is caused due to the lack of a null pointer check for pck-stream in the m2tsdmxonevent function, leading to a null pointer dereference...

Infinite Loop

GPAC is vulnerable to an Infinite Loop. The vulnerability is due to an infinite loop caused by the function isoffinprocess in the file src/filters/isoffinread.c. An attacker can cause the application to enter an infinite loop by manipulating the input data, which could lead to a Denial of Service...

Privilege Escalation

org.opensearch.plugin:opensearch-reports-scheduler is vulnerable to Privilege Escalation. The vulnerability is due to improper checks on user authorization within the file UserAccessManager.kt when accessing resources in a private tenant, which allows an attacker to gain unauthorized access to...

Denial Of Service (DoS)

github.com/argoproj/argo-cd is vulnerable to Denial of Service DoS. The vulnerability is due to insufficient input validation and resource management for large JSON payloads at the /api/webhook endpoint, which results in excessive memory allocation and triggers an Out Of Memory OOM kill, causing...

Improper Response Validation

dnsjava is vulnerable to Improper Response Validation. The vulnerability is due to records in DNS replies not being checked for their relevance to the query, allowing an attacker to respond with RRs from different zones...

Out-of-bounds Write

SixLabors.ImageSharp is vulnerable to an Out-of-bounds Write. The vulnerability is due to minCodeSize in the DecodePixels method within the ImageSharp gif decoder, which allows an attacker to crash the application using a specially crafted gif...

Insecure Direct Object Reference (IDOR)

github.com/drakkan/sftpgo is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to the lack of proper security measures such as JWT ID JTI claims, nonces, and proper expiration and invalidation mechanisms. The vulnerability allows an attacker with a valid intercepted...

Cross-Site Scripting (XSS)

boldgrid-editor is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization and output escaping affecting the boldgridcanvasimage AJAX endpoint. This allows an attackers with Contributor-level access and above to inject arbitrary web scripts in pages tha...

Denial Of Service (DoS)

sixlabors.imagesharp is vulnerable to Denial Of Service DoS. The vulnerability is due to the improper processing of specific gif files, that can leads to excessive memory usage during decoding. Attackers can use a specially crafted file to crash the application or exhaust system resources...

HTML Injection

Apache Syncope is vulnerable to HTML injection. The vulnerability is due to improper input validation, allowing HTML tags to be added to any text field, leading to potential injections. Attackers can use this to inject malicious HTML or scripts, which could compromise user data and application...

Insecure Direct Object Reference (IDOR)

org.apache.streampark, streampark is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient access control due to improper handling of authorization tokens, allowing attackers to manually request and view all users' flink information, including executeSQL an...

Exposure Of Sensitive Information

org.apache.rocketmq, rocketmq-all is vulnerable to the Exposure of Sensitive Information. The vulnerability is due to specific interfaces that allow an attacker with regular user privileges or listed in the IP whitelist to acquire the administrator's account and password. This vulnerability enabl...

XML Entity Expansion (XXE)

guardrails-ai is vulnerable to XML Entity Expansion XXE. The vulnerability is due to consuming RAIL documents from external sources, which may cause leakage of internal file data via the SYSTEM entity...