Timing Attack

Django is vulnerable to a Timing Attack. The vulnerability is due to the django.contrib.auth.backends.ModelBackend.authenticate method, allowing remote attackers to enumerate users via login requests with an unusable password...

Arbitrary File Access

OpenStack Cinder, Glance, and Nova are vulnerable to Arbitrary File Access. The vulnerability is due to a flaw in handling custom QCOW2 external data, where a crafted QCOW2 image can reference a specific data file path. The vulnerability allows an authenticated user to retrieve unauthorized copie...

Improper Verification Of Cryptographic Signature

electron-updater is vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is caused due to improper handling and comparison of file paths, allowing an attacker to bypass signature verification by exploiting environment variable expansion and tricking the application in...

Denial Of Service (DoS)

Undertow is vulnerable to Denial Of Service DoS. The vulnerability is due to Undertow's failure to send the expected termination sequence 0\r\n for chunked responses after flushing the response body. The vulnerability allows an attacker to exploit the incomplete handling of chunked responses in...

Insufficient Entropy In Random Number Generation

zendframework/zendframework1 is vulnerable to insufficient entropy in random number generation. The vulnerability is due to the use of rand or mtrand, which cannot generate cryptographically secure values, leading to potential information disclosure should an attacker be able to brute force the...

SQL Injection

zendframework/zendframework1 is vulnerable to SQL Injection. The vulnerability is due to the improper handling of SQL expressions and comments in the ORDER BY and GROUP BY clauses. Attackers can exploit this vulnerability by injecting malicious SQL code that can alter the intended SQL query and...

Authorization Bypass

alextselegidis/easyappointments is vulnerable to is vulnerable to Authorization Bypass. The vulnerability is due to improper authorization checks in the GET, PUT, and DELETE methods for the /categories/categoryId endpoint. This allows a low-privileged user to fetch, modify, or delete the category...

Authorization Bypass

alextselegidis/easyappointments is vulnerable for Authorization Bypass. The vulnerability is due to insufficient access controls on the GET, PUT, and DELETE methods for /appointments/appointmentId, allowing a low-privileged user to fetch, modify, or delete any user's appointment, including those ...

Authorization Bypass

alextselegidis/easyappointments is vulnerable to Authorization Bypass. The vulnerability is due to improper authorization checks in the POST /appointments endpoint, allowing a low-privileged user to create appointments for any user in the system, including administrators. Attackers can exploit th...

Privilege Escalation

Microsoft.IO.Redist is vulnerable to Privilege Escalation. The vulnerability is due improper link resolution in the Visual Studio installer on Windows OS that allows an unprivileged user to manipulate the installation, leading to elevated SYSTEM level privileges...

Denial Of Service (DoS)

System.Text.Json is vulnerable to Denial of Service DoS. The vulnerability is due to the JsonSerializer.DeserializeAsyncEnumerable method, which can result in Denial of Service when deserializing crafted input...

Improper Access Control

github.com/project-zot/zot is vulnerable to Improper Access Control. The vulnerability is due to improper access control enforcement when deduplication is enabled. An attacker can read blobs both config and layers by digest from repositories they do not have access to by exploiting the global cac...

Server-Side Template Injection

airbyte is vulnerable to Server-Side Template Injection. The vulnerability is due to improper handling of user input in the connection builder, allowing attackers to execute arbitrary code on the server...

Remote Code Execution (RCE)

.NET is vulnerable to Remote Code Execution RCE. The vulnerability is due to data corruption in Kestrel HTTP/3 server, which can result in remote code execution. An attacker can exploit this to execute arbitrary code on the affected system...

Configuration Bypass

Undertow is vulnerable to a Configuration Bypass. The vulnerability is due to enabling the learning-push handler without configuring the maxAge setting, which defaults to -1, which allows an attacker to reach the server with a normal HTTP request and potentially exploit the misconfigured handler...

Denial Of Service (DoS)

org.springframework.cloud: spring-cloud-function-context is vulnerable to Denial of Service DoS. The vulnerability is caused when attempting to compose functions with non-existing functions. This allows an attacker to potentially disrupt service availability by exploiting this flaw...

Denial Of Service (DoS)

.NET is vulnerable to Denial of Service DoS. The vulnerability is due to excessive CPU consumption caused by parsing a malicious X.509 certificate or collection of certificates. An attacker can exploit this by providing a specially crafted certificate that triggers high CPU usage, resulting in...

Database Password Leakage

shopware/platform is vulnerable to Database Password Leakage. The vulnerability is due to a DriverException occurring and verbose error handling being enabled, which allows an attacker to access the database password without authentication...

Arbitrary Code Execution

typo3/cms is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper handling of TSconfig fields in backend forms, allowing injection of malicious sequences and directory traversal...

Cross-site Scripting (XSS)

Typo3/Neos is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper handling of user input, allowing attackers to tamper with page rendering, redirect victims, capture credentials, and potentially upload backdoors...

Sensitive Information Disclosure

TYPO3/flow is vulnerable to information disclosure. The vulnerability is due to timing attacks revealing account existence because password hashing was only performed if an account was found...

Session Data Exposure

TYPO3 is vulnerable to session data exposure. The vulnerability is due to session data of authenticated frontend users being transformed into an anonymous user session during logout, allowing the next user to access previous session data...

Sensitive Information Disclosure

Typo3/Neos is vulnerable to Sensitive Information Disclosure. The vulnerability is due to internal workspaces being accessible without authentication, which was mistakenly assumed to be a feature...

Arbitrary File Upload

typo3/flow is vulnerable to arbitrary file uploads. The vulnerability is due to allowing the upload of server-side scripts, which can be executed if not blocked by other means...

Denial Of Service (DoS)

Directus is vulnerable to Denial Of Service DoS. The vulnerability is due to field duplication in GraphQL, where an attacker can overwhelm the server by requesting the same field multiple times in a single query, leading to excessive resource consumption and denial of service for legitimate users...

Sensitive Information Disclosure

directus is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper error handling when using SSO providers in combination with local authentication. An attacker can determine if an email address belongs to an SSO user by observing the error message provided by...

Cross Site Scripting (XSS)

khoj-assistant is vulnerable to Cross Site Scripting XSS. The vulnerability is due to inadequate sanitization of the AI model's response and user inputs. An attacker can exploit this vulnerability via Prompt Injection from untrusted documents indexed by the user or read from the internet when the...

Improper Access Control

directus is vulnerable to Improper Access Control. The vulnerability is due to improper handling of in and nin operators, which allows an attacker to query expressions with empty arrays, which are evaluated as valid, resulting in unauthorized access...

Cross-Site Scripting (XSS)

org.apache.nifi, nifi-web-ui is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the lack of proper validation/sanitization for the description field in the Parameter Context configuration, allowing arbitrary JavaScript code to be executed by the client browser within the sessi...

SQL Injection

nhibernate is vulnerable to SQL injection. The vulnerability is due to the lack of proper validation/sanitization of some types implemented from ILiteralType.ObjectToSQLString, allowing attackers to exploit mappings with discriminator values, HQL queries referencing static fields, and the use of...

Denial Of Service (DOS)

OPCFoundation.NetStandard.Opc.Ua.Core is vulnerable to Denial Of Service. The vulnerability is due to improper buffer management when the system receives an excessive number of messages from a remote source, which could allow remote attackers to exhaust memory resources and potentially lead to a...

Cross-Site Scripting (XSS)

railsadmin is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improperly-escaped HTML title attributes in the RailsAdmin list view, which can allow attackers to inject malicious scripts. Note: While 3.1.3 is the safe version, its recommended to upgrade to 3.1.4 as the 3.1.3...

Server Side Request Forgery (SSRF)

Apache HTTP Server 2.4.59 is vulnerable to SSRF. The vulnerability is due to a missing validation in response headers leading to information disclosure, SSRF or local script execution via backend applications which have malicious or exploitable header...

NULL Pointer Dereference

modproxy in Apache HTTP Server is vulnerable to NULL Pointer Dereference. The vulnerability is caused due to not checking pointer reference for NULL before accessing it. This allows an attacker to crash the server via a malicious request...

Authentication Bypass

modproxy in Apache HTTP Server is vulnerable to Authentication Bypass. The vulnerability is caused due to encoding problem. This allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests...

Server-Side Request Forgery (SSRF)

Apache HTTP Server on Windows is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to a missing validation on HTTP requests allowing attackers to potentially leak NTLM hashes to a malicious server...

Improper Encoding

Apache HTTP Server is vulnerable to Improper Encoding. The vulnerability is caused due to Substitution encoding issue in modrewrite. This allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to...

Supply Chain Attack

yt-dlp is vulnerable to Supply Chain Attack. The vulnerability is due to the use of a compromised CDN cdn.bootcdn.net which is used to fetch a component of the crypto-js JavaScript library, allowing an attacker to potentially inject and execute malicious JavaScript code...

Server Side Request Forgery (SSRF)

Directus is vulnerable to Server-Side Request Forgery SSRF. This vulnerability is caused by insecure redirects during file imports from external sources due to proper validation of the resulting URL, which can allows an attacker to send crafted requests to internal IP addresses, resulting in SSRF...

Memory Disclosure

Undici is vulnerable to Memory Leakage. The vulnerability is due to the response.arrayBuffer method, which potentially allows an attacker to exposes sensitive portions of memory from Node.js process depending on the network and process conditions...

Denial Of Service (DoS)

aimhubio/aim is vulnerable to Denial Of Service DoS. The vulnerability is due to the remote tracking server being configured to point at itself while using the class method Repo.frompath, which allows an attacker to cause the server to endlessly connect to itself and become unable to respond to...

Cross-Site Request Forgery (CSRF)

mudler/localai is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is caused due to insufficient CSRF protection mechanisms on the model deletion functionality, which allows an attackers o trick victims into deleting installed models...

SQL Injection

vanna-ai/vanna is vulnerable to SQL injection. The vulnerability is due to an exposed SQL query pgreadfile, which allows remote users to read arbitrary local files on the victim server, including sensitive files such as /etc/passwd. Note that this vulnerability is only exploitable due to an...

Denial Of Service (DoS)

github.com/jackc/pgx is vulnerable to Denial Of Service DoS. The vulnerability is due to a lack of robust error handling Pipeline panicking when PgConn PostgreSQL connection is busy or closed, which can result in potential instability and crashes in applications using Pipeline for database...

Incorrect Authorization

Evmos is vulnerable to Incorrect Authorization. The vulnerability is due to allowing users to create a vesting account with a third-party account as the funder, enabling unauthorized fund transfers from the funder address...

Insufficient Verification Of Data Authenticity

certifi is vulnerable to Insufficient Verification of Data Authenticity. The vulnerability is due to its historical inclusion of root certificates from GLOBALTRUST for SSL certificate validation, after which these certificates were removed due to ongoing compliance issues identified during an...

Denial Of Service (DoS)

github.com/rs/cors is vulnerable to Denial of Service DoS. The vulnerability is due to excessive heap allocations when processing malicious preflight requests that include an Access-Control-Request-Headers ACRH header with many commas, which allows attackers can cause undue stress on the...

Server Side Request Forgery (SSRF)

@fedify/fedify is vulnerable to Server Side Request Forgery SSRF. The vulnerability is caused by making HTTP requests to internal IP addresses referenced in received activities or media URLs, which allows an attacker to send requests to resources within the Fedify server's internal network...

Authorization Bypass

github.com/traefik/traefik is vulnerable to Authorization Bypass.The vulnerability is caused due to improper handling of HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses, which allows an attacker to bypass IP allow-lists...

Server-Side Request Forgery

github.com/go-skynet/localai is vulnerable to Server-Side Request Forgery. The vulnerability is due to the /models/apply endpoint supporting both https:// and file:// schemes, which can lead to LFI. The attacker can exploit this vulnerability with network access to the LocalAI instance, potential...