Lucene search
K
VeracodeRecent

38340 matches found

Veracode
Veracode
•added 2024/07/30 8:38 a.m.•15 views

HTTP Request/Response Smuggling

Twisted is vulnerable to HTTP Request/Response Smuggling. The vulnerability is due to the HTTP 1.0 and 1.1 server provided by twisted.web which can process pipelined HTTP requests out-of-order...

8.3CVSS6.7AI score0.01755EPSS
Exploits1References6Affected Software2
Veracode
Veracode
•added 2024/07/30 7:21 a.m.•13 views

Path Traversal

tgstation-server is vulnerable to Path Traversal. The vulnerability is due to low permission users with the "Set .dme Path" privilege potentially setting malicious .dme files to be compiled and executed, which can escalate into remote code execution via BYOND's shell proc...

8.4CVSS7.9AI score0.0121EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/07/30 4:47 a.m.•16 views

Improper Privilege Management

RaspAP is vulnerable to Improper Privilege Management. The vulnerability is due to improper permissions settings on the restapi.service file and excessive sudo privileges granted to the www-data user by which an attacker can escalate their privileges by modifying the service file or executing...

8.3CVSS7.2AI score0.0081EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/07/29 10:12 a.m.•13 views

Insufficient Verification Of Data Authenticity

eduMFA is vulnerable to Insufficient Verification of Data Authenticity. The vulnerability is due to missing checks for Message-Authenticator attributes, which could result in authentication bypass...

7.2AI score
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/07/29 9:53 a.m.•10 views

Insecure Permissions

github.com/kumahq/kuma is vulnerable to insecure permissions. The vulnerability is due to improper access control that allows attackers to access sensitive data and escalate privileges by obtaining the service account's token...

8.8CVSS6.9AI score0.00467EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/07/29 9:44 a.m.•18 views

Blocklist Bypass

Anki is vulnerable to a Blocklist Bypass vulnerability. The vulnerability is due to insufficient validation in the LaTeX functionality, which allows a specially crafted malicious flashcard to lead to arbitrary file creation at a fixed path. Attackers can exploit this by sharing a malicious...

4.3CVSS6.7AI score0.12111EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2024/07/29 8:56 a.m.•28 views

Arbitrary File Read

anki is vulnerable to Arbitrary File Read. The vulnerability is due to the lack of proper sanitization of the verbatim package when processing Latex, which allows attackers to share a specially crafted flashcard to trigger this vulnerability...

6.5CVSS6.5AI score0.11512EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2024/07/29 6:52 a.m.•27 views

Improper Authentication

github.com/moby/moby is vulnerable to Improper Authentication. The vulnerability is due to the Docker Engine handling of specially-crafted API requests, which causes authorization plugins to receive requests or responses without the body. Attackers can use this flaw to bypass AuthZ plugins and...

9.9CVSS9.5AI score0.16496EPSS
Exploits0References14Affected Software4
Veracode
Veracode
•added 2024/07/27 10:10 a.m.•8 views

Incorrect Access Control

github.com/cert-manager/cert-manager is vulnerable to Incorrect Access Control. The vulnerability is due to insecure permissions in cert-manager, allowing attackers to access sensitive data and escalate privileges by obtaining the service account's token...

7.2CVSS6.9AI score0.00446EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/07/27 9:58 a.m.•16 views

Privilege Escalation

github.com/volcano-sh/volcano is vulnerable to Privilege Escalation. The vulnerability is due to insecure permissions in Volcano, which allows attackers to access sensitive data and escalate privileges by obtaining the service account's token...

9.8CVSS6.9AI score0.00476EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/07/27 6:23 a.m.•18 views

Arbitrary Script Execution

anki is vulnerable to Arbitrary Script Execution. The vulnerability is due to inadequate validation and handling of flashcard content in the MPV functionality, allowing an attacker to send a malicious flashcard that can trigger arbitrary code execution...

9.6CVSS7.5AI score0.15067EPSS
Exploits1References5Affected Software1
Veracode
Veracode
•added 2024/07/27 5:9 a.m.•14 views

Symbolic Link Privilege Escalation

github.com/snapcore/snapd is vulnerable to Symbolic Link Privilege Escalation. The vulnerability is due improper symbolic link destinations path checks during snap extraction, which allows an attacker to cause snapd to write contents to a world-readable directory and potentially expose privileged...

7.3CVSS6.5AI score0.00228EPSS
Exploits0References3Affected Software2
Veracode
Veracode
•added 2024/07/26 3:9 p.m.•17 views

Denial Of Service (DoS)

github.com/snapcore/snapd is vulnerable to Denial of Service DoS. The vulnerability is due to improper file type checking when extracting snaps, allowing malicious snaps containing non-regular files to cause snapd to block indefinitely and result in a Denial of Service...

6.6CVSS6.7AI score0.00212EPSS
Exploits0References2Affected Software2
Veracode
Veracode
•added 2024/07/26 2:40 p.m.•13 views

Improper Restriction Of Security Token Assignment

github.com/KubeOperator/kubepi is vulnerable to Improper Restriction of Security Token Assignment. The vulnerability is due to an empty JWT key in the default configuration file, which allows for a bypass of the login verification and direct backend access...

6.3CVSS6.8AI score0.08388EPSS
Exploits0References1Affected Software1
Veracode
Veracode
•added 2024/07/26 8:21 a.m.•16 views

Session Hijacking

craftcms/cms is vulnerable to Session Hijacking. The vulnerability is due to the reuse of TOTP tokens multiple times within the validity period, which allows an attacker with the victim's credentials to reuse a valid token and establish an authenticated session...

7.5CVSS6.5AI score0.00433EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/07/26 5:55 a.m.•15 views

Path Traversal

parisneo/lollms is vulnerable to Path Traversal. The vulnerability is due to the sanitizepath function within the file lollmsconfigurationinfos.py, which allows attackers to manipulate the discussiondbname parameter and potentially write to important system directories...

7.3CVSS6.8AI score0.00265EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/07/26 5:43 a.m.•17 views

Remote Code Execution (RCE)

org.springframework.cloud: spring-cloud-skipper-server is vulnerable to Remote Code Execution RCE. The vulnerability is caused due to improper validation of upload requests, allowing a malicious user with access to the Skipper server API to write an arbitrary file to any location on the file...

9.8CVSS7.6AI score0.35211EPSS
Exploits4References2Affected Software1
Veracode
Veracode
•added 2024/07/25 5:58 p.m.•14 views

Code Injection

Woodpecker is vulnerable to Code Injection. The vulnerability is due to insufficient user validation, allowing any user to trigger malicious workflows that can either take over the host running the agent or extract secrets by overwriting plugin entry points...

8.8CVSS7.2AI score0.00737EPSS
Exploits0References8Affected Software2
Veracode
Veracode
•added 2024/07/25 5:3 p.m.•17 views

Directory Traversal

Csla is vulnerable to Directory Traversal. The vulnerability is caused due to the lack of validation for directory traversal sequences in the assembly path before loading the assembly within MobileFormatter component. This allows an attacker to potentially access and execute arbitrary files on th...

9.8CVSS7.6AI score0.01493EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/07/25 1:19 p.m.•14 views

Cross-Site Scripting (XSS)

mediawiki/metrolook-skin is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization in MediaWiki top-level menu entries, allowing attackers to inject and execute arbitrary script code...

6.1CVSS6.8AI score0.00302EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2024/07/25 8:55 a.m.•15 views

Code Injection

Woodpecker is vulnerable to Code Injection. The vulnerability is due to insufficient user validation, allowing any user to trigger malicious workflows that can either take over the host running the agent or extract secrets by overwriting plugin entry points...

8.8CVSS6.9AI score0.00618EPSS
Exploits0References7Affected Software2
Veracode
Veracode
•added 2024/07/25 8:23 a.m.•26 views

Information Exposure

org.apache.pinot, pinot-controllert is vulnerable to Information Exposure. The vulnerability is due to the lack of proper access controls within the "/appconfigs" endpoint, which allows unauthorized users to access sensitive system and environment information...

7.5CVSS6.9AI score0.00846EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2024/07/25 8:20 a.m.•9 views

Server-Side Request Forgery (SSRF)

github.com/gotenberg/gotenberg/v8 is vulnerable to Server-side Request Forgery SSRF. The vulnerability is due to improper handling of requests made to the /convert/html endpoint, allowing attackers to exploit local file inclusion by referencing localhost files such as...

8.2CVSS7AI score0.00572EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/07/25 7:12 a.m.•12 views

Information Disclosure

github.com/argoproj/argo-cd is vulnerable to Information Disclosure. The vulnerability is due to improper enforcement of permission revocation for open terminal sessions within websocket.go, which allows continued unauthorized access and the potential leakage of sensitive information even after...

6.5CVSS6.2AI score0.00685EPSS
Exploits1References6Affected Software1
Veracode
Veracode
•added 2024/07/25 6:53 a.m.•11 views

Improper Access Control

github.com/fabedge/fabedge is vulnerable to Improper Access Control. The vulnerability is due to improperly configured permissions allowing access to sensitive data and escalate privileges by obtaining the service account's token. Attackers can exploit this vulnerability to access sensitive...

9.8CVSS6.6AI score0.00476EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/07/25 6:21 a.m.•17 views

XML External Entity (XXE) Injection

Apache Drill is vulnerable to XML External Entity XXE Injection. The vulnerability is due to inadequate restriction of external entity references, allowing attackers to access files or execute commands through manipulated XML data...

9.8CVSS7.1AI score0.00754EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2024/07/25 6:15 a.m.•16 views

Unauthorized File Access

duckdb is vulnerable to Unauthorized File Access. The vulnerability is due to inadequate restrictions in the sniffcsv function, allowing access to the filesystem even when enableexternalaccess=false. Attackers can exploit this by reading content from files such as /etc/hosts and proc/self/environ...

7.5CVSS6.7AI score0.00813EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2024/07/25 5:17 a.m.•13 views

Cross Site Scripting (XSS)

Sentry is vulnerable to Cross Site Scripting XSS. The vulnerability is due to lack of input sanitization for payloads sent from Integration platform integrations, which allows arbitrary HTML tags to be stored and rendered on the Issues page...

7.1CVSS6.1AI score0.00467EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/07/25 4:53 a.m.•19 views

Assertion Failure

libbind9.so is vulnerable to an Assertion Failure. The vulnerability is due to improper handling of client queries that trigger serving stale data and require lookups in local authoritative zone data, allowing an attacker to disrupt the normal operation of the BIND 9 service, potentially causing ...

7.5CVSS6.5AI score0.02111EPSS
Exploits0References5Affected Software3
Veracode
Veracode
•added 2024/07/25 3:25 a.m.•17 views

Template Injection

org.openidentityplatform.openam, openam-oauth2 is vulnerable to Template Injection. The vulnerability is due to improper template restrictions in the getCustomLoginUrlTemplate function within RealmOAuth2ProviderSettings.java, allowing attackers to inject and execute arbitrary code via the...

8.8CVSS7.5AI score0.03536EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/07/25 3:10 a.m.•12 views

Improper Access Control

github.com/layer5io/meshery is vulnerable to Improper Access Control. The vulnerability is due to improperly configured permissions allowing access to sensitive data and escalate privileges by obtaining the service account's token. Attackers can exploit this vulnerability to access sensitive...

9.8CVSS6.6AI score0.00476EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/07/25 2:48 a.m.•10 views

Improper Access Control

github.com/hwameistor/hwameistor is vulnerable to Improper Access Control. The vulnerability is due to improperly configured permissions allowing access to sensitive data and escalate privileges by obtaining the service account's token. Attackers can exploit this vulnerability to access sensitive...

8.4CVSS6.9AI score0.00192EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/07/24 9:43 a.m.•16 views

Improper Authorization

Streampark is vulnerable to Improper Authorization. The vulnerability is due to the Backend service returning "Authorization" as the front-end authentication credential upon successful login, allowing users to request other users' information, including the administrator's username, password, and...

5.9CVSS7AI score0.00282EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/07/24 8:41 a.m.•9 views

Regular Expression Denial Of Service (ReDoS)

tf2-item-format is vulnerable to a Regular Expression Denial of Service ReDoS. The vulnerability is due a regular expression with inefficient complexity utilized in decomposeName.ts, which allows an attacker to perform Denial of Service DoS attacks on any service that uses tf2-item-format to pars...

7.5CVSS6.6AI score0.00766EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/07/24 8:11 a.m.•12 views

Denial Of Service (DoS)

github.com/wcharczuk/go-chart is vulnerable to Denial of Service DoS. The vulnerability is due to an infinite loop when executing the drawCanvas function with a StackedBarChart containing a long name value. If the name value originates from untrusted input, an attacker can cause an infinite loop...

7.5CVSS6.7AI score0.00646EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2024/07/24 7:37 a.m.•18 views

Denial Of Service (DoS)

libbind9.so is vulnerable to Denial of Service. The vulnerability is due to resolver caches and authoritative zone databases holding significant numbers of RRs for the same hostname, leading to issues when content is added or updated, and when handling client queries for this name...

7.5CVSS6.6AI score0.02114EPSS
Exploits0References6Affected Software3
Veracode
Veracode
•added 2024/07/24 7:16 a.m.•13 views

Denial Of Service (DoS)

libbind9.so is vulnerable to Denial of Service. The vulnerability is due to the handling of "KEY" Resource Records in DNSSEC-signed domains, allowing attackers to exhaust resolver CPU resources by sending a stream of SIG0 signed requests...

7.5CVSS6.5AI score0.02114EPSS
Exploits0References5Affected Software3
Veracode
Veracode
•added 2024/07/24 7:5 a.m.•16 views

DNS Message Flood Attacks

libbind9.so is vulnerable to DNS message flood attack. The vulnerability is due to inadequate handling of multiple DNS messages over TCP, causing the server to become unstable during the attack. Attackers can exploit this by sending numerous DNS messages over TCP, potentially leading to server...

7.5CVSS6.6AI score0.0468EPSS
Exploits0References5Affected Software3
Veracode
Veracode
•added 2024/07/24 6:29 a.m.•13 views

Cross Site Scripting (XSS)

Vue is vulnerable to Cross Site Scripting XSS. The vulnerability is due to manipulating the prototype chain of specific properties such as Object.prototype.staticClass or Object.prototype.staticStyle, which allows an attacker to execute arbitrary JavaScript code via prototype pollution...

4.8CVSS6.9AI score0.00506EPSS
Exploits0References3Affected Software2
Veracode
Veracode
•added 2024/07/24 6:7 a.m.•7 views

Heap-based Buffer Overflow

fiona is vulnerable to Heap-based Buffer Overflow. The vulnerability is due to improper handling of long filenames, comments, or extra fields in within zlib components that contain integer overflow vulnerabilities, which can result in an application crash or potential code execution...

7.5AI score
Exploits0
Veracode
Veracode
•added 2024/07/24 5:58 a.m.•14 views

Improper Authentication

org.apache.streampark, streampark is vulnerable to Improper Authentication. The vulnerability is due to improper session management allowing the "Authorization" credential to remain valid even after logout, enabling attackers to use this credential to initiate requests and potentially access data...

9.1CVSS6.8AI score0.00788EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/07/24 5:50 a.m.•10 views

Authorization Bypass

alextselegidis/easyappointments is vulnerable to Authorization Bypasss. The vulnerability is due to insufficient access controls in the GET, PUT, DELETE /secretaries/secretaryId endpoints, allowing a low privileged user to fetch, modify, or delete a secretary's data...

9.9CVSS6.6AI score0.004EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/07/24 5:50 a.m.•13 views

Unauthorized Access

alextselegidis/easyappointments is vulnerable to Unauthorized Access. The vulnerability is due to insufficient access controls in the GET, PUT, DELETE /providers/providerId endpoints, allowing a low privileged user to fetch, modify, or delete a privileged user's data...

9.9CVSS6.6AI score0.004EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2024/07/24 5:28 a.m.•13 views

Use After Free

GPAC is vulnerable to Use After Free. The vulnerability is caused by not properly freeing memory for prevl and its components before removing it from the list in the xmtnodeend function, leading to a use after free condition...

5.5CVSS6.8AI score0.00298EPSS
Exploits1References7Affected Software1
Veracode
Veracode
•added 2024/07/24 5:6 a.m.•14 views

NULL Pointer Dereference

GPAC is vulnerable to NULL Pointer Dereference. The vulnerability is caused due to the lack of a null pointer check for pck-stream in the m2tsdmxonevent function, leading to a null pointer dereference...

5.5CVSS6.7AI score0.00328EPSS
Exploits1References6Affected Software1
Veracode
Veracode
•added 2024/07/23 12:5 p.m.•16 views

Infinite Loop

GPAC is vulnerable to an Infinite Loop. The vulnerability is due to an infinite loop caused by the function isoffinprocess in the file src/filters/isoffinread.c. An attacker can cause the application to enter an infinite loop by manipulating the input data, which could lead to a Denial of Service...

5.5CVSS6.9AI score0.00351EPSS
Exploits1References6Affected Software1
Veracode
Veracode
•added 2024/07/23 9:37 a.m.•17 views

Privilege Escalation

org.opensearch.plugin:opensearch-reports-scheduler is vulnerable to Privilege Escalation. The vulnerability is due to improper checks on user authorization within the file UserAccessManager.kt when accessing resources in a private tenant, which allows an attacker to gain unauthorized access to...

5.4CVSS6.8AI score0.00305EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2024/07/23 8:23 a.m.•19 views

Denial Of Service (DoS)

github.com/argoproj/argo-cd is vulnerable to Denial of Service DoS. The vulnerability is due to insufficient input validation and resource management for large JSON payloads at the /api/webhook endpoint, which results in excessive memory allocation and triggers an Out Of Memory OOM kill, causing...

7.5CVSS7.5AI score0.01392EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2024/07/23 7:59 a.m.•11 views

Improper Response Validation

dnsjava is vulnerable to Improper Response Validation. The vulnerability is due to records in DNS replies not being checked for their relevance to the query, allowing an attacker to respond with RRs from different zones...

8.9CVSS6.6AI score0.00392EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/07/23 7:34 a.m.•11 views

Out-of-bounds Write

SixLabors.ImageSharp is vulnerable to an Out-of-bounds Write. The vulnerability is due to minCodeSize in the DecodePixels method within the ImageSharp gif decoder, which allows an attacker to crash the application using a specially crafted gif...

7.5CVSS6.5AI score0.00669EPSS
Exploits0References5Affected Software1
Total number of security vulnerabilities38340