In Open VSX Registry before 1.0.2, the /vscode/unpkg/ endpoint serves user-supplied HTML files with Content-Type: text/html and without a Content-S...
A vulnerability in allegroai/clearml versions up to and including 1.16.5 allows for relative path traversal when extracting `.zip` archives using t...
A Race Condition vulnerability affecting BIOVIA Workbook from Release 2021 through Release 2026 could allow a user to access unauthorized data from...
MCO does not correctly validate types of uploaded files. File upload validation functionality relies only on client-side checks, which can be bypas...
MCO is vulnerable to User Enumeration through authentication-related functionalities. The application returns distinguishable responses for valid a...
MCO is vulnerable to Stored Cross‑Site Scripting (XSS) via the application logo upload functionality. An attacker with the ability to change the ap...
MCO is vulnerable to Path Disclosure and Path Traversal in file handling functionality related to data export and upload. Improper validation of th...
MCO does not properly enforce authorization checks in the /customer/servlet/mco/webapi/admin-view-hierarchy/get-acl-tree-structure endpoint. An aut...
MCO is vulnerable to Account Denial of Service due to improper implementation of password reset functionality. Each password reset request invalida...
MCO is vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability in the /customer/servlet/mco/webapi/trading-document/fetchPdfStatemen...
AI-powered asset discovery, dark web monitoring, CVE alerting, and vulnerability scanning — all in one platform.