Denial Of Service (DoS)

dnsjava: dnsjava is vulnerable to Denial Of Service DoS. The vulnerability is caused by improper signature validation due to the ValidatingResolver’s handling of specially crafted DNSSEC-signed zones, which allows an attacker to cause excessive CPU usage and potential Denial Of Service DoS...

Secret Exposure

ops is vulnerable to Secret Exposure. The vulnerability is due to improper handling of secret content by passing it as CLI arguments which affects charms using Juju =3.0 and not correctly capturing and processing subprocess.CalledProcessError. The vulnerability allows an attacker to gain access t...

Uncontrolled Resource Consumption

dnsjava: dnsjava is vulnerable to Uncontrolled Resource Consumption. The vulnerability is due to the handling of specially crafted DNSSEC-signed zones, which can result in CPU exhaustion...

Deserialization Of Untrusted Data

H2O is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to unsafe deserialization of any class in Iced models due to a lack of a class whitelist, allowing attackers to use Java gadgets to execute arbitrary code...

Cookie Tossing

github.com/gitpod-io/gitpod is vulnerable to Cookie Tossing. The vulnerability is due to a missing Host- prefix on the gitpodiojwt2 session cookie, allowing an adversary who controls a subdomain to set the value of the cookie on the Gitpod control plane...

SQL Injection

1Panel is vulnerable to SQL Injection. The vulnerability is due to improper handling of the User-Agent input, which results in SQL injection...

SQL Injection

1Panel is vulnerable to SQL Injection. The vulnerability is due to insufficient filtering of inputs, leading to arbitrary file writes and remote code executions RCEs...

OS Command Injection

Nuclei is vulnerable to OS Command Injection. The vulnerability is due to the -code option in code templates, allowing users to edit and execute workflow files in some web applications, leading to arbitrary command execution...

Insertion Of Sensitive Information Into Log File

Steeltoe.Discovery is vulnerable to Insertion of Sensitive Information into Log File. The vulnerability is due to improperly masked Eureka server service URLs, which may leak credentials into logs when fetching the service registry. Attackers can use this to gain unauthorized access to sensitive...

Heap Based Buffer Overflow

Assimp is vulnerable to heap-based buffer overflow. The vulnerability is due to improper handling of crafted Polygon File Format ply files within PlyLoader.cpp, which allows a local attacker to execute arbitrary code...

Cross-Site Request Forgery (CSRF)

ProcessWire is vulnerable to Cross Site Request Forgery CSRF. The vulnerability is due to inadequate handling of comments functionality, which allows a remote attacker to comment as another user...

Cross Site Scripting(XSS)

Calibre-Web is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper sanitization performed by the cleanstring function, which allows an attacker perform XSS by inserting a payload into the comments field...

Arbitrary File Upload

Automad is vulnerable to Arbitrary File Upload. The vulnerability is due to improper file type checks within the image upload function, allowing attackers to execute arbitrary code via a crafted file...

Unencrypted Data Transmission

Puncia is vulnerable to Unencrypted Data Transmission. The vulnerability is due to utilizing HTTP instead of HTTPS for communication, which could allow an attacker eavesdrops, perform data tampering, or access unauthorized data...

Memory Leak

org.apache.cxf: cxf-rt-transports-http is vulnerable to a Memory Leak. The vulnerability is caused due to the lack of proper shutdown handling for HTTPClient instances, which may lead to continuous memory consumption increase and eventually cause the application to run out of memory, resulting in...

Denial Of Service (DoS)

org.apache.cxf: cxf-rt-rs-security-jose is vulnerable to Denial Of Service DoS. The vulnerability is due to missing size restrictions in the p2c PBES2 count parameter, which allows an attacker to perform a Denial Of Service attack by specifying a large value for this parameter in a token...

Server-side Request Forgery (SSRF)

org.apache.cxf:cxf-rt-rs-service-description is vulnerable to Server-side Request Forgery SSRF. The vulnerability is due to insufficient validation of the stylesheetReference and path parameters, which can be exploited by an attacker to perform SSRF style attacks. Note that this vulnerability is...

Server-Side Template Injection (SSTI)

opencart/opencart is vulnerable to Server-Side Template Injection SSTI.The vulnerability is due to the edit theme function allowing attackers with admin access to execute arbitrary code via template payloads...

Denial Of Service (DoS)

org.eclipse.parsson:parsson is vulnerable to Denial Of Service DoS. The vulnerability is caused due to improper handling of documents with a large depth of nested objects. This may lead to a Java stack overflow exception and denial of service...

Remote Code Execution (RCE)

Apache StreamPipes is vulnerable to Remote Code Execution RCE. The vulnerability is due to the lack of restrictions on the types of files that authenticated and authorized users can upload, which allows an attacker to execute malicious code on the server...

Authentication Bypass

Skupper is vulnerable to Authentication Bypass. The vulnerability is due to configuring the OpenShift oauth-proxy with a static cookie-secret, which allows an attacker to bypass authentication via a specially-crafted cookie when console-auth is set to OpenShift...

Incorrect Default Permissions

k8s.io/kubernetes is vulnerable to Incorrect Default Permissions. The vulnerability is due to improper permissions settings, allowing BUILTIN\Users to read container logs and NT AUTHORITY\Authenticated Users to modify container logs, potentially leading to unauthorized access and manipulation of...

Improper Input Validation

io.netty.incubator, netty-incubator-codec-bhttp is vulnerable to Improper Input Validation. The vulnerability is due to improper validation within the readRequestHead method, giving attackers almost complete control over the HTTP requests constructed from the parsed output, which potentially allo...

Credentials Exposure

Zowe CLI is vulnerable to a credentials exposure. The vulnerability is due to insecure storage of credentials in the Zowe CLI's auto-init operation, allowing attackers to access and potentially misuse sensitive information stored in a plaintext file...

Information Leakage

Sentry-sdk is vulnerable to Information Leakage. The vulnerability is due to subprocess calls leaking environment variables when the Stdlib integration is enabled, which could allow an attacker to gain access to sensitive environment variables by exploiting the unintended passing of these variabl...

Cross-site Scripting (XSS)

Roundup is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper handling of JavaScript in PDF, XML, and SVG documents...

Path Traversal

TorchServe is vulnerable to Path Traversal. The vulnerability is due to inadequate validation of URLs in the allowedurls configuration, which bypasses the security checks by including characters such as "..", resulting in the model from being downloaded into the model store...

Cross-site Scripting (XSS)

Roundup is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper handling of the HTTP Referer header, allowing a SCRIPT element to be executed...

Cross-site Scripting (XSS)

Roundup is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of classhelpers generic.help.html which results in XSS...

Exposure Of Resource To Wrong Sphere

torchserve, is vulnerable to Exposure of Resource to Wrong Sphere. The vulnerability is due to the gRPC ports 7070 and 7071 being bound to all interfaces by default when TorchServe is launched. This could allow attackers to access these ports on an adjacent network, potentially leading to...

Template Injection

Apache StreamPark is vulnerable to template injection. The vulnerability is due to insufficient input validation that allows attacker to perform a template injection that potentially leads to execution of arbitrary code on server...

Authorization Bypass

silverstripe/reports is vulnerable to Authorization Bypass. The vulnerability is due to a flaw in the implementation of access control mechanisms within the ReportAdmin.php. It allows direct URL access to reports by any user who has access to the reports admin section, irrespective of whether the...

Server-side Request Forgery (SSRF)

org.apache.streampipes: streampipes-rest is vulnerable to Server-side Request Forgery SSRF. The vulnerability is due to improper validation of custom endpoints during the installation process of a pipeline elements, allowing an attacker to manipulate StreamPipes into sending HTTP GET requests to...

Cross Site Scripting (XSS)

Silverstripe framework is vulnerable to Cross Site Scripting XSS. The vulnerability is due to inadequate server-side sanitization of encoded payloads within the file HTMLEditorSanitiser.php, allowing attackers with CMS content editing access to inject JavaScript payloads onto the site's front end...

Time-of-check Time-of-use (TOCTOU) Race Condition

Apache streampipes is vulnerable to Time-of-check Time-of-use TOCTOU Race Condition. The vulnerability arises from insufficient synchronization during user registration, allowing multiple simultaneous requests to check and register a user using the same email address. Attackers exploit this by...

Information Disclosure

sylius/sylius is vulnerable to Information Disclosure. The vulnerability is due to the /api/v2/shop/adjustments/id endpoint, which allows an attacker to enumerate valid adjustment IDs to retrieve order tokens and access sensitive guest customer information...

Information Disclosure

github.com/docker/docker is vulnerable to Information Disclosure. The vulnerability is due to the unexpected inclusion of arbitrary filesystem paths in the build context when exploited by a malicious Git repository. Attackers can use this to include sensitive files in the build context without th...

SQL Injection

com.jfinal, jfinal is vulnerable to SQL injection. The vulnerability is due to improper input validation in the DivDataControllerdata method, allowing attackers to execute arbitrary SQL commands by manipulating the tableName field of a custom div object. Attackers can exploit this flaw by creatin...

Code Injection

dbtcore is vulnerable to Code Injection. The vulnerability is due to the ability of packages to override macros, materializations, and other core components of dbt, which can allow attackers to inject harmful code...

Link Injection

Apache Airflow is vulnerable to Link Injection. The vulnerability is due to improper validation for urls in the provider list within the file views.py, which allows an authenticated attacker to inject a malicious link when installing a provider...

Template Injection

github.com/requarks/wiki is vulnerable to Template injection. The vulnerability is due to improper sanitization of user inputs, allowing attackers to inject malicious JavaScript into the content section of pages. Attackers can exploit this by inserting an invalid HTML tag with a template injectio...

Denial Of Service (DoS)

fiona is vulnerable Denial of Service DoS. The vulnerability is due to the bundled libjpeg-turbo and gdal components which contain Denial of Service vulnerabilities, which could potentially result in an application crash...

Command Injection

org.apache.streampark:streampark is vulnerable to Command Injection. The vulnerability is caused due to insufficient input parameter validation, allowing attackers to insert commands. Exploiting this requires system-level access via user login, thereby limiting its risk due to controlled user...

Arbitrary Code Execution

Apache Airflow is vulnerable to Arbitrary Code Execution. The vulnerability is due to a flaw in the docmd parameter via airflow/models/dag.py, allowing authenticated DAG authors to craft it in a way that could execute arbitrary code in the scheduler context...

Command Injection

org.apache.streampark:streampark is vulnerable to command injection due to insufficient input parameter validation, which allows attackers to insert malicious commands for execution. The risk level of this vulnerability is very low as it requires the user to log in with system-level permissions...

SQL Injection

org.apache.streampark:streampark is vulnerable to SQL injection. The vulnerability is due to improper validation of the sort field, allowing attackers with a valid account to execute arbitrary SQL queries after logging in, which can cause information disclosure. Since no data will be written, so...

SQL Injection

Apache Superset is vulnerable to SQL Injection. The vulnerability is caused due to improper handling of special elements used in SQL commands, specifically certain engine-specific functions are not checked, allowing attackers to bypass SQL authorization...

Denial Of Service (DoS)

rexml is vulnerable to Denial of Service DoS. The vulnerability is due to inefficient parsing of XML documents containing many specific characters such as , which can result in slow parsing times...

Out-of-bounds Read

OpenImageIO is vulnerable to Out-of-bounds Read. The vulnerability is due to a bug in the heif input functionality, specifically in HeifInput::seeksubimage, which can potentially lead to information disclosure when using the ImageInput APIs...

Denial Of Service (DoS)

org.wildfly: wildfly-domain-http is vulnerable to Denial Of Service DoS. The vulnerability is caused by a lack of sockets limits within the management interface, which can result in Denial Of Service DoS due to hitting the nofile limit. An attacker can exploit this by overwhelming the system with...