Monitor and prioritize what really matters — the 1% of vulnerabilities that can cause real impact.
This vulnerability is an authentication bypass affecting the Updates Environment Management component of Oracle PeopleSoft Enterprise PeopleTools versions 8.61 and 8.62. The root cause lies in improper access control mechanisms that allow unauthenticated network requests over HTTP to interact with privileged environment management functions. This flaw enables attackers to bypass normal authentication checks within the PeopleTools update management interface.
This vulnerability is an authentication bypass affecting the PostgreSQL sidecar service endpoint in Splunk Enterprise. The root cause is the absence of authentication controls on this endpoint, which allows unauthenticated network users to invoke file operations. The affected component is the PostgreSQL sidecar service integrated within Splunk Enterprise versions prior to 10.2.4 and 10.0.7.
The vulnerability is an OS command injection rooted in improper input validation within Ivanti Sentry's command execution routines. Specifically, the affected component fails to sanitize user-supplied input before passing it to underlying system shell commands. This flaw exists in versions prior to R10.5.2, R10.6.2, and R10.7.1, impacting the command processing mechanism that interfaces with the operating system shell.
This vulnerability is an authentication bypass caused by a logic flaw in the certificate validation process within the deprecated IKEv1 key exchange protocol. The affected component is the Remote Access and Mobile Access feature of the Check Point Quantum Security Gateway. The root cause lies in improper handling of certificate validation logic flow, which allows bypassing normal authentication checks during VPN establishment.
The vulnerability is an authentication bypass in the Joomla Content Editor (JCE) extension for Joomla, allowing unauthenticated users to create new editor profiles. This flaw arises from improper access control validation in the profile creation component of the JCE editor. The affected feature is the editor profile management functionality within the JCE extension, which fails to restrict profile creation to authorized users only.
This vulnerability is a SQL Injection flaw resulting from improper neutralization of special elements within SQL commands in Drupal core. The root cause lies in insufficient input sanitization allowing crafted input to alter SQL queries. The affected component is Drupal core versions from 8.9.0 up to but not including specified patched releases across multiple major versions, impacting database query handling mechanisms.
This vulnerability is an authentication bypass in the peering authentication mechanism of Cisco Catalyst SD-WAN Controller and Manager. The root cause lies in improper validation during the control connection handshaking process, allowing crafted requests to circumvent authentication checks. The affected component is the peering authentication feature responsible for establishing secure control connections within the SD-WAN fabric.
This vulnerability is an authentication bypass affecting the GlobalProtect portal and gateway components within Palo Alto Networks PAN-OS software. The root cause lies in improper validation of authentication mechanisms, allowing unauthorized users to circumvent security controls. The flaw specifically targets the authentication logic in the VPN access control process, enabling bypass without valid credentials.
This vulnerability is a SQL injection caused by improper handling of user-supplied input in a database query. Specifically, the proxy server component of LiteLLM improperly concatenates the Authorization header value directly into the SQL query string instead of using parameterized queries. The affected feature is the API key verification mechanism within the proxy’s error-handling path that interacts with the backend database.
This vulnerability is a command injection flaw in the LiteLLM proxy server component, specifically affecting the AI Gateway's handling of server configuration inputs. The root cause lies in two POST endpoints (/mcp-rest/test/connection and /mcp-rest/test/tools/list) that accept unvalidated server configuration data, including command, args, and env fields, which are executed via stdio transport as subprocesses with proxy process privileges. The lack of role-based access control combined with acceptance of arbitrary commands enables exploitation.
This vulnerability is an authentication bypass affecting the login flow of cPanel and WHM versions later than 11.40. The root cause lies in improper validation within the authentication mechanism that allows unauthenticated requests to circumvent normal login procedures. The affected component is the control panel's authentication module responsible for user session establishment and access control.
This vulnerability is a protection mechanism failure classified under spoofing attacks. The root cause lies in improper validation within the Windows Shell component that handles network-originated inputs. Specifically, the flaw allows crafted network packets to bypass expected authenticity checks, enabling unauthorized manipulation of shell-related network communication.
This vulnerability is an authentication bypass in the marimo reactive Python notebook's WebSocket terminal interface. The root cause lies in the /terminal/ws endpoint, which omits the required authentication validation by skipping the validate_auth() call. Instead, it only verifies the running mode and platform support before establishing connections, exposing the terminal WebSocket to unauthenticated access.
This vulnerability is a code injection flaw caused by improper input validation and control of code generation within Apache ActiveMQ Broker's Jolokia JMX-HTTP bridge. The affected component is the Jolokia endpoint exposed at /api/jolokia/ on the web console, where the default access policy allows execution of operations on all ActiveMQ MBeans. The root cause lies in the BrokerService's acceptance of crafted discovery URIs that trigger loading of remote Spring XML application contexts before configuration validation, enabling injection of malicious code via bean instantiation.
This vulnerability is an improper access control flaw in Fortinet FortiClientEMS versions 7.4.5 and 7.4.6. The root cause lies in the failure to enforce authentication checks on certain API endpoints, allowing unauthenticated requests to invoke privileged functions. The affected component is the FortiClientEMS management server handling incoming API requests.
This vulnerability is a supply chain compromise involving credential theft and unauthorized code injection. The root cause is improper credential management and non-atomic credential rotation, which allowed an attacker to use valid tokens to push malicious commits and replace version tags in GitHub repositories. The affected components include the aquasecurity Trivy binary (version 0.69.4), the trivy-action GitHub Action (versions 0.0.1 to 0.34.2), and the setup-trivy GitHub Action (versions 0.2.0 to 0.2.6).
This vulnerability is a memory overread caused by insufficient input validation within the SAML Identity Provider (IDP) functionality of NetScaler ADC and NetScaler Gateway. Specifically, the flaw arises when processing malformed SAML assertions or requests, leading to out-of-bounds memory access. The affected components are the NetScaler ADC and NetScaler Gateway platforms configured as SAML IDPs, where input handling routines fail to properly verify data boundaries.
This vulnerability is an unauthenticated remote code execution caused by improper input validation and insecure code execution. The affected component is the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint in langflow-ai langflow versions prior to 1.9.0. The root cause is that the endpoint accepts attacker-controlled flow data containing arbitrary Python code, which is executed via Python's exec() function without sandboxing or authentication checks.
This vulnerability is an authentication bypass affecting the peering authentication mechanism in Cisco Catalyst SD-WAN Controller and Manager components. The root cause lies in improper validation of authentication requests during the peering process, which fails to enforce correct credentials. This flaw resides specifically within the peering authentication subsystem responsible for establishing trust between SD-WAN nodes.
This vulnerability is a pre-authentication remote code execution caused by improper input validation in BeyondTrust Remote Support and older Privileged Remote Access versions. The root cause lies in the WebSocket endpoint /nw, which accepts binary payloads without adequate sanitization, allowing injection of operating system commands. The affected components are the WebSocket service and the mechanism that retrieves the company identifier via the /get_mech_list endpoint, which is exploited to authenticate the malicious WebSocket connection.
This vulnerability is a SQL injection flaw rooted in improper neutralization of special characters within SQL commands. The issue arises from insufficient input validation in the Fortinet FortiClientEMS web interface, allowing crafted HTTP requests to manipulate backend database queries. The affected component is the FortiClientEMS management system version 7.4.4, specifically its handling of SQL statements triggered by user-supplied input.
This vulnerability is a code injection flaw rooted in improper input validation within Ivanti Endpoint Manager Mobile. The affected component fails to sanitize user-supplied data before processing, enabling malicious payloads to be injected and executed. The flaw resides in the core mobile management service handling remote commands or scripts without adequate security controls.
This vulnerability is a code injection flaw rooted in improper handling of user-supplied input within Ivanti Endpoint Manager Mobile. Specifically, the affected component fails to sanitize input parameters, enabling injection of arbitrary code into the execution context. The flaw resides in the mobile management interface, which processes remote requests without adequate validation, allowing attackers to inject and execute code remotely without authentication.
This vulnerability is an unsafe deserialization flaw within the jabsorb JSON-RPC library used by SolarWinds Web Help Desk. The root cause lies in the insecure handling of serialized data objects, allowing manipulation of the deserialization process. The affected component is the Apache Xalan JNDIConnectionPool class, which is exploited through crafted JSON-RPC requests processed by the web application.
This vulnerability is a security control bypass affecting SolarWinds Web Help Desk, rooted in insufficient enforcement of access restrictions within the application's web interface. The flaw allows unauthenticated users to circumvent authentication and authorization controls, exposing restricted administrative functions. The affected component is the Web Help Desk application prior to version 12.8.8 Hotfix 1, where access control mechanisms fail to properly validate user privileges on sensitive endpoints.
This vulnerability is an authentication bypass caused by improper validation of FortiCloud SSO authentication tokens. The flaw resides in Fortinet FortiOS and associated products, where the authentication mechanism fails to correctly verify user-device bindings. This allows an attacker with a valid FortiCloud account and a registered device to exploit alternate authentication paths, bypassing standard credential checks within the FortiCloud SSO integration component.
This vulnerability is an unauthenticated remote code execution flaw caused by missing authentication controls in the ConnectToHub API method of SmarterTools SmarterMail. The root cause lies in the ConnectToHub feature accepting arbitrary HTTP server URLs without validation, allowing injection of malicious OS commands. The affected component is the ConnectToHub API method in SmarterMail versions prior to build 9511.
This vulnerability is an authentication bypass affecting the password reset API of SmarterTools SmarterMail prior to build 9511. The root cause is the force-reset-password endpoint permitting anonymous requests without validating existing credentials or reset tokens. This flaw specifically impacts the system administrator account management functionality within the API, allowing unauthorized password resets.
This vulnerability is an authentication bypass affecting the telnetd daemon in GNU Inetutils versions up to 2.7. The root cause lies in improper handling of the USER environment variable, where providing a "-f root" value bypasses normal authentication checks. The flaw resides specifically in the telnetd component's user authentication mechanism, allowing unauthorized access without credential verification.
This vulnerability is an unrestricted file upload flaw in SmarterTools SmarterMail's mail server component. The root cause lies in insufficient validation of uploaded file paths and names in the POST /api/upload endpoint. This allows unauthenticated users to manipulate file path parameters, bypassing normal upload restrictions and placing files arbitrarily on the server filesystem.
This vulnerability is a critical remote code execution flaw caused by insufficient isolation in the workflow expression evaluation component of n8n. The root cause lies in the evaluation context for expressions supplied by authenticated users during workflow configuration, which is not adequately sandboxed from the underlying Node.js runtime environment. This permits execution of arbitrary code within the n8n process context via crafted expressions.
This vulnerability is a memory disclosure issue caused by improper handling of Zlib compressed protocol headers within the MongoDB Server's wire protocol. Specifically, mismatched length fields in the compressed data lead to reading uninitialized heap memory due to the server trusting the client-declared uncompressed size without proper memory initialization. The flaw resides in the zlib decompression logic processing OP_COMPRESSED messages, affecting multiple MongoDB Server versions across several major releases.
This vulnerability is a remote code execution flaw caused by improper input validation leading to unsafe dynamic command execution within the HPE OneView API. Specifically, the issue arises from the /rest/id-pools/executeCommand endpoint, which accepts user-supplied commands without adequate sanitization. The affected component is the HPE OneView REST API service, which processes these commands and executes them on the underlying system, enabling injection of arbitrary commands.
This vulnerability is a hardcoded credentials flaw involving the use of fixed AES cryptographic keys within Gladinet CentreStack and TrioFox prior to version 16.12.10420.56791. The root cause lies in the insecure implementation of AES cryptoscheme parameters embedded directly in the application code. This affects cryptographic components responsible for securing communications and file handling in publicly exposed endpoints of the affected products.
This vulnerability is a symbolic link (symlink) bypass flaw in the PutContents API of the Gogs self-hosted Git service. The root cause lies in improper handling of symlinks during file write operations, where the API fails to verify if the target file paths are symlinks pointing outside the intended repository directory. This allows authenticated users to manipulate file system paths, affecting the repository management component responsible for content storage.
This vulnerability is an authentication bypass caused by improper verification of cryptographic signatures in the SAML response processing of Fortinet FortiSwitchManager and related Fortinet products. The root cause lies in the failure to correctly validate the cryptographic signature of SAML assertions, allowing crafted messages to bypass FortiCloud SSO login authentication. The affected component is the SAML authentication mechanism within FortiSwitchManager versions 7.0.0 through 7.0.5 and 7.2.0 through 7.2.6, as well as specific FortiOS and FortiProxy versions.
This vulnerability is an authentication bypass combined with a cross-origin resource sharing (CORS) misconfiguration in Langflow versions up to 1.6.9. The root cause lies in an overly permissive CORS policy that allows any origin with credentials included, coupled with refresh token cookies set as SameSite=None. This combination enables unauthorized cross-origin requests to the refresh token endpoint, affecting the authentication and session management components of the application.
This vulnerability is a remote code execution flaw caused by unsafe deserialization of untrusted data. The root cause lies in the React Server Components feature, specifically in versions 19.0.0 through 19.2.0 and related packages such as react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The affected component improperly processes payloads received via HTTP requests to Server Function endpoints, leading to execution of malicious code without authentication.
This vulnerability is an XML External Entity (XXE) injection affecting GeoServer's XML input processing. The root cause is insufficient sanitization and restriction of XML external entity definitions within the XML payload submitted to the /geoserver/wms GetMap operation. This flaw resides in the XML parser component handling user-supplied XML data, enabling malicious entity expansion.
This vulnerability is an authenticated OS command injection affecting Fortinet FortiWeb versions 7.0.0 through 8.0.1. The root cause is improper neutralization of special elements in user-supplied input, allowing crafted HTTP requests or CLI commands to be interpreted and executed by the underlying operating system. The flaw resides in input handling mechanisms within FortiWeb's management interfaces that fail to sanitize command parameters adequately.
This vulnerability is a relative path traversal flaw in the Fortinet FortiWeb web application firewall. It arises from improper validation of user-supplied input in HTTP/HTTPS requests, specifically within the API endpoint handling administrative system configurations. The flaw allows crafted requests to traverse directories and access restricted CGI scripts, bypassing normal access controls in the affected FortiWeb versions.
This vulnerability is a post-authentication command injection in the filestore module of FreePBX Endpoint Manager. The root cause is improper input sanitization in the check_ssh_connect() function invoked via the testconnection feature within the Administrative interface. The flaw allows execution of arbitrary commands due to unsafe handling of SSH connection parameters by authenticated users.
This vulnerability is an OS command injection in the Metro Development Server component of the React Native Community CLI. The root cause is that the server binds to external network interfaces by default and exposes an endpoint that improperly sanitizes input, allowing execution of arbitrary system commands. The flaw specifically affects the command execution handling within the server's exposed endpoint, enabling injection of shell commands on Windows platforms with fully controlled arguments.
This vulnerability is an authentication bypass in the REST WebServices component of Oracle Identity Manager. The root cause lies in improper access control validation on specific REST API endpoints, allowing unauthenticated network access via HTTP. Affected components include the RESTful interface responsible for governance and application management functions in versions 12.2.1.4.0 and 14.1.2.1.0.
This vulnerability is an insecure deserialization flaw in the Windows Server Update Service (WSUS) component of Microsoft Windows Server 2012. The root cause lies in WSUS's handling of untrusted data during deserialization processes within its SOAP-based web services, specifically the soapFormatter. Improper validation allows maliciously crafted serialized objects to be processed, leading to execution of arbitrary code.
This vulnerability is an unauthenticated Local File Inclusion (LFI) flaw rooted in improper input validation within the file retrieval mechanism of Gladinet CentreStack and TrioFox. Specifically, the affected component fails to sanitize user-supplied path parameters in HTTP GET requests, allowing directory traversal sequences to access arbitrary system files. The flaw resides in the handling of the /storage/t.dn endpoint, where relative path traversal is exploited to include sensitive configuration files from the server filesystem.
This vulnerability is an authentication bypass in the Oracle Concurrent Processing component of Oracle E-Business Suite, specifically within the BI Publisher Integration feature. The root cause lies in insufficient authentication controls on HTTP endpoints, allowing unauthenticated network access. Vulnerable versions 12.2.3 through 12.2.14 expose critical servlet and JSP interfaces that lack proper access validation.
This vulnerability is an authentication bypass caused by improper validation of user-supplied input in HTTP(S) requests to the VPN web server component of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software. The root cause lies in a path traversal flaw that allows unauthorized access to restricted URL endpoints related to remote access VPN functionality. The affected component is the VPN web server handling HTTP POST requests, which fails to enforce proper authentication checks on certain URL paths.
This vulnerability is an unauthenticated remote code execution flaw caused by insecure deserialization within the AjaxProxy component of SolarWinds Web Help Desk. The root cause lies in the deserialization of untrusted data without proper validation or sandboxing, enabling execution of arbitrary commands on the host system. The affected component is the AjaxProxy handler responsible for processing serialized objects in incoming requests.
This vulnerability is a command injection flaw rooted in improper input validation of the t_total parameter within the filemanager changePerm functionality of CentOS Web Panel. The affected component fails to sanitize shell metacharacters, enabling injection of arbitrary shell commands. The flaw specifically impacts the HTTP POST request handling in the file management module of CentOS Web Panel versions prior to 0.9.8.1205.