Search Vulnerabilities

malcontent: Nested archive extraction failure can drop content from scan inputs

osctrl has Stored Cross-Site Scripting (XSS) in On-Demand Query List

osctrl is Vulnerable to OS Command Injection via Environment Configuration

Vikunja Vulnerable to Account Takeover via Password Reset Token Reuse

ZITADEL has potential SSRF via Actions

ZITADEL Users Can Self-Verify Email/Phone via UpdateHumanUser API

ZITADEL's truncated opaque tokens are still valid

Beszel: Docker API has a Path Traversal Vulnerability via Unsanitized Container ID

Vitess users with backup storage access can write to arbitrary file paths on restore

Vitess users with backup storage access can gain unauthorized access to production deployment environments

Sealed Secrets for Kubernetes: Rotate API Allows Scope Widening from Strict/Namespace-Wide to Cluster-Wide via Untrusted Template Annotations

Curio exposes database credentials to users with network access through verbose HTTP error responses

WireGuard Portal is Vulnerable to Privilege Escalation via User Self-Update to Admin Level

MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity

Terraform Provider for Linode Debug Logs Vulnerable to Sensitive Information Exposure

Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users

Fleet: Authorization Bypass in certificate template batch deletion for team administrators

Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint

Fleet: Device lock PIN can be predicted if lock time is known

Vikunja has Path Traversal in CLI Restore