Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration Security Vulnerabilities

Moby (Docker Engine) Insufficiently restricted permissions on data directory in github.com/docker/docker

Moby (Docker Engine) Insufficiently restricted permissions on data directory in...

Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server

Mattermost allows demoted guests to change group names in...

Teleport Access List owners can escalate their privileges in github.com/gravitational/teleport

Teleport Access List owners can escalate their privileges in...

Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation in k8s.io/ingress-nginx

Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation in...

Mattermost race condition in github.com/mattermost/mattermost-server

Mattermost race condition in...

Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core' in github.com/rancher/rancher

Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core' in...

Improper Restriction of Excessive Authentication Attempts in github.com/greenpau/caddy-security

Improper Restriction of Excessive Authentication Attempts in...

Grafana XSS via a query alias for the ElasticSearch datasource in github.com/grafana/grafana

Grafana XSS via a query alias for the ElasticSearch datasource in...

Etcd embed auto compaction retention negative value causing a compaction loop or a crash in go.etcd.io/etcd

Etcd embed auto compaction retention negative value causing a compaction loop or a crash in...

Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers in github.com/dexidp/dex

Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers in...

Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server

Mattermost Cross-site Scripting vulnerability in...

HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

HashiCorp Vault Improper Privilege Management in...

Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server

Mattermost allows attackers access to posts in channels they are not a member of in...

HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

HashiCorp Vault Improper Privilege Management in...

Server-Side Request Forgery in github.com/greenpau/caddy-security

Server-Side Request Forgery in...

Authentik vulnerable to PKCE downgrade attack in goauthentik.io

Authentik vulnerable to PKCE downgrade attack in...

Cross-site Scripting in github.com/greenpau/caddy-security

Cross-site Scripting in...

Grafana information disclosure in github.com/grafana/grafana

Grafana information disclosure in...

Improper Authentication in HashiCorp Vault in github.com/hashicorp/vault

Improper Authentication in HashiCorp Vault in...

Hashicorp Vault may expose sensitive log information in github.com/hashicorp/vault

Hashicorp Vault may expose sensitive log information in...

Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability in github.com/apache/servicecomb-service-center

Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability in...

Grafana XSS via a column style in github.com/grafana/grafana

Grafana XSS via a column style in...

Token leases could outlive their TTL in HashiCorp Vault in github.com/hashicorp/vault

Token leases could outlive their TTL in HashiCorp Vault in...

Classic builder cache poisoning in github.com/docker/docker

Classic builder cache poisoning in...

MongoDB Tools Improper Certificate Validation vulnerability in github.com/mongodb/mongo-tools

MongoDB Tools Improper Certificate Validation vulnerability in...

Rancher 'Audit Log' leaks sensitive information in github.com/rancher/rancher

Rancher 'Audit Log' leaks sensitive information in...

Mattermost Jira Plugin does not properly check security levels in github.com/mattermost/mattermost-plugin-jira

Mattermost Jira Plugin does not properly check security levels in...

CubeFS leaks magic secret key when starting Blobstore access service in github.com/cubefs/cubefs

CubeFS leaks magic secret key when starting Blobstore access service in...

Minio unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation in github.com/minio/minio

Minio unsafe default: Access keys inherit admin of root user, allowing privilege escalation in...

HashiCorp Vault Authentication bypass in github.com/hashicorp/vault

HashiCorp Vault Authentication bypass in...

Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server

Mattermost fails to check the "invite_guest" permission in...

Improper Neutralization of HTTP Headers in github.com/greenpau/caddy-security

Improper Neutralization of HTTP Headers in...

Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server

Mattermost fails to properly restrict the access of files attached to posts in...

Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server

Mattermost denial of service through long emoji value in...

CubeFS timing attack can leak user passwords in github.com/cubefs/cubefs

CubeFS timing attack can leak user passwords in...

Buildkite Elastic CI for AWS time-of-check-time-of-use race condition vulnerability in github.com/buildkite/elastic-ci-stack-for-aws

Buildkite Elastic CI for AWS time-of-check-time-of-use race condition vulnerability in...

Enumeration of users in HashiCorp Vault in github.com/hashicorp/vault

Enumeration of users in HashiCorp Vault in...

SFTP is possible on the Proxy server for any user with SFTP access in github.com/gravitational/teleport

SFTP is possible on the Proxy server for any user with SFTP access in...

The DES/3DES cipher was used as part of the TLS protocol by installation tools in github.com/karmada-io/karmada

The DES/3DES cipher was used as part of the TLS protocol by installation tools in...

Insecure random string generator used for sensitive data in github.com/cubefs/cubefs

Insecure random string generator used for sensitive data in...

Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF in github.com/0xJacky/Nginx-UI

Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF in...

Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server

Mattermost vulnerable to denial of service via large number of emoji reactions in...

Grafana Cross-site Scripting (XSS) in github.com/grafana/grafana

Grafana Cross-site Scripting (XSS) in...

Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability in github.com/apache/servicecomb-service-center

Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability in...

Denial of service in HashiCorp Consul in github.com/hashicorp/consul

Denial of service in HashiCorp Consul in...

chasquid HTTP Request/Response Smuggling vulnerability in github.com/albertito/chasquid in blitiri.com.ar/go/chasquid

chasquid HTTP Request/Response Smuggling vulnerability in github.com/albertito/chasquid in...

Authenticated users can crash the CubeFS servers with maliciously crafted requests in github.com/cubefs/cubefs

Authenticated users can crash the CubeFS servers with maliciously crafted requests in...

Insufficient Session Expiration in github.com/greenpau/caddy-security

Insufficient Session Expiration in...

Etcd pkg Insecure ciphers are allowed by default in go.etcd.io/etcd/client/pkg/v3

Etcd pkg Insecure ciphers are allowed by default in...

Grafana stored XSS in github.com/grafana/grafana

Grafana stored XSS in...