ZEROPATH WALL OF FAME
Securing the world's code,
one vulnerability at a time
Every vulnerability listed here has been discovered and responsibly disclosed by ZeroPath. This represents just a fraction of our ongoing mission to make open source software more secure.
Vulnerabilities Fixed
In Disclosure Process
CVEs Assigned
Discovered Vulnerabilities
Each finding represents hours of research and responsible disclosure to protect users worldwide
IDOR in Keycloak Admin API Authorization Resource Management
Keycloak's admin authorization API validates permissions against the client ID in the request but performs backend update/delete operations using only the resource ID. An authenticated admin scoped to one client can modify or delete another client's authorization resources in the same realm by supplying a valid target resource ID.
Credential Theft via Cross-Origin WebSocket Hijacking in Openclaw
Openclaw's browser relay server accepts Chrome DevTools Protocol commands from any local connection without origin validation. Malicious JavaScript on any website can connect to the WebSocket endpoint and execute arbitrary commands in other browser tabs, stealing session cookies and credentials.
Unauthenticated RCE via Path Traversal in sudo logsrvd
The sudo log server (logsrvd) accepts client-supplied values for log path expansion without sanitization. An attacker can inject path traversal sequences to write arbitrary files as root, achieving code execution via cron. No authentication is required in the default configuration.
Privilege Drop Failure in sudo exec_mailer
The exec_mailer() function calls setuid() to drop privileges but does not check the return value on failure, and never drops group privileges. If setuid() is blocked, sudo silently continues running the mailer as root.
django-allauth uses mutable provider attribute as UID
The provider handler uses preferred_username from Okta and NetIQ as the canonical UID instead of the stable sub claim. Because preferred_username is mutable and not globally unique, an attacker can change it to match another account and cause account takeover or incorrect account linking.
Tokens issued to disabled users due to missing account-state check
After resolving the user from device authorization data, the flow allows token minting without verifying required account state such as user.is_active. If an account was disabled after device authorization, tokens may still be issued unless downstream validators block it.
Notion provider marks email as verified without validation
The Notion provider extract_email_addresses handler sets verified=true and primary=true unconditionally. It does not check an email_verified flag or other evidence that Notion verified the address, enabling account linking or creation that bypasses normal email verification controls.
Recovery Codes Download Endpoint Missing Cache-Control Headers in django-allauth
The recovery codes download view lacks Cache-Control and Pragma headers, allowing proxy or browser caching of sensitive MFA recovery codes that should never be stored outside the user's immediate session.
Insecure HTTP URLs Used for OAuth Provider Endpoints in django-allauth
Over 10 OAuth provider configurations use http:// instead of https:// for endpoint URLs, including Amazon, Baidu, Flickr, Instagram, Tumblr, X/Twitter, Vimeo, Weibo, and Yahoo, exposing OAuth tokens to network interception.
URI Quoting Relies on Non-Deterministic Set Iteration in django-allauth
URI quoting logic iterates over a set() of unsafe characters with non-deterministic ordering. This can cause double-encoding of percent characters when replacement order matters, potentially breaking OAuth callback URLs.
Android MediaCodec audio: Buffer overflow due to truncated sample count
In mediacodec_wrap_sw_audio_buffer(), allocating a buffer based on a truncated sample count (due to integer division) followed by a full-size memcpy results in a heap buffer overflow. Reachable via attacker-provided media through Android MediaCodec APIs.
RTMP client: Buffer overflow via unbounded AMF serialization
The RTMP client (gen_connect) allocates a fixed-size packet buffer but writes arbitrary AMF fields derived from the rt->conn string into it without checking remaining capacity, causing a heap buffer overflow.
ICY metadata: Off-by-one NUL stack corruption
In store_icy(), the code writes a NUL byte at data[len + 1] instead of data[len] for the maximum allowed metadata size, corrupting adjacent stack state and potentially enabling memory corruption or denial-of-service.
RTP RFC4175 video: Buffer overflow due to integer overflow
The calculation of 'copy_offset' in rfc4175_handle_packet() did not account for massive numerical values, causing integer wrapping that bypassed the buffer size protection check and led to a buffer overflow.
QDM2-over-RTP: Invalid memory write with negative memcpy length
The QDM2 parser reads an unvalidated 'block_size' from an RTP config packet. If 'block_size' is too small for the header, the copy length becomes negative, leading to an out-of-bounds write via memcpy.
drawtext filter: Buffer overwrite due to separator budgeting error
When using detection bounding boxes in the drawtext filter, concatenating labels and '," separators into a heap buffer doesn't account for the separator overhead, causing a buffer overwrite when labels are at maximum length.
WHIP muxer: Invalid free due to incorrect stream index
In create_rtp_muxer (libavformat/whip.c), the code incorrectly accesses rtp_ctx->streams[i] (using the loop index) when it should use rtp_ctx->streams[0], referencing an out-of-bounds pointer and calling av_freep() on it.
SCTP write: Buffer underflow leading to memory disclosure
In sctp_write(), there is no check requiring buffer size >= 2 before consuming a 2-byte header (StreamId). This can result in 'size - 2' underflowing to a massive size_t value, sending a massive amount of uninitialized memory over the socket.
Use After Free in sudo log_server_accept
In log_server_accept(), a stack-local variable is passed to log_server_open(), which stores a pointer to it in a heap-allocated closure. When the function returns, the stack variable is deallocated, leaving a dangling pointer that can be exploited.
Critical Account Takeover via Unauthenticated API Key Creation in better-auth
The createApiKey handler in better-auth's API keys plugin derives user identity from either the session or the request body. When no session exists, an attacker can supply an arbitrary userId in the JSON body to mint valid API keys for any user, bypassing authentication entirely.
IDOR Security Vulnerability in SuperAGI
Broken authentication flaw enabling access to tens of thousands of customers' files including secrets, business documents, and health information via /api/resources/get/{resource_id}.
Directory Traversal in DB-GPT
Access to database files via backup paths due to missing path normalization in the DB-GPT project.
Directory Traversal in LogAI
Access to sensitive files via log paths due to broken path traversal protection in the Salesforce LogAI project.
Remote Code Execution in Monaco
A Remote Code Execution vulnerability was discovered in Hulu's Monaco project, allowing code execution via deserialization due to unsanitized data being passed into pickle.loads.
Unauthorized Redis Access in Monaco
Access to all Redis clusters administered by Monaco due to missing authentication in app_redis_api endpoint.
Avahi Simple Protocol Server DoS
The Avahi Simple Protocol Server ignores the configured client limit and continues to accept unlimited connections, resulting in memory and file descriptor exhaustion. Unprivileged users can easily cause a denial of service that affects the entire mDNS/DNS-SD subsystem and related name resolution services.
Unauthorized Access to Any User's Jobs in LibrePhotos
Access to other users' processing jobs due to missing authorization in job queue.
Token Refresh Vulnerability in LibrePhotos
Complete authentication bypass via improper token validation in the LibrePhotos project.
Local File Inclusion in E2nest
A Local File Inclusion vulnerability was discovered in the E2nest project, allowing arbitrary file read via path traversal in model loading due to insufficient path normalization in config loading.
Unauthorized Conversation Deletion in RagFlow
Complete deletion of other users' chat history due to missing object-level authorization checks.
Unauthorized Canvas Deletion in RagFlow
Deletion of other users' visualization canvases due to insufficient IDOR protection on API endpoint.
Unauthorized Knowledge Base Access in RagFlow
Read access to other users' private knowledge bases due to missing tenant isolation in KB queries.
Unauthorized File Movement in RagFlow
Moving/deleting other users' uploaded files due to missing ACL checks in file operations.
Unauthorized Conversation Access in RagFlow
Reading other users' private conversations due to broken access control in chat retrieval.
Unauthorized API Key Removal in RagFlow
Removal of other users' API keys due to IDOR in key management endpoint.
Unauthorized Knowledge Base Enumeration in RagFlow
Enumeration of all private knowledge bases due to missing authentication in list endpoint.
Unauthorized Dialog Deletion in RagFlow
Mass deletion of other users' dialogs due to race condition in deletion endpoint.
Command Injection in Clone-voice
System command execution via voice file metadata due to unescaped input in ffmpeg command.
File Upload and Path Traversal in LibrePhotos
Arbitrary file write via photo upload due to insufficient path sanitization.
Remote Code Execution in Uptrain
A Remote Code Execution vulnerability via eval during project creation.
Local File Inclusion in Fonoster
A Local File Inclusion vulnerability was discovered in the Fonoster Voice Server, allowing access to system files via voice file paths due to incomplete path validation.
Detect & fix
what others miss
