230 matches found
CVE-2023-36053
In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS regular expression denial of service attack via a very large number of domain name labels of emails and URLs...
PT-2023-4169
Name of the Vulnerable Software and Affected Versions Django versions 3.2 through 3.2.19 Django versions 4 through 4.1.9 Django versions 4.2 through 4.2.2 Description The issue is related to the EmailValidator and URLValidator components in the Django web application platform. It involves the use...
CVE-2023-34092
Vite provides frontend tooling. Prior to versions 2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, and 4.3.9, Vite Server Options server.fs.deny can be bypassed using double forward-slash // allows any unauthenticated user to read file from the Vite root-path of the application including the default fs.deny...
Vite 安全漏洞
Vite is a new front-end building tool from Vite open source. A security vulnerability exists in Vite versions 2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, and 4.3.9. An attacker exploits the vulnerability to read files from the application's Vite root path...
CVE-2023-32695 Insufficient validation when decoding a Socket.IO packet
socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3...
SUSE CVE-2022-3474
A bad credential handling in the remote assets API for Bazel versions prior to 5.3.2 and 4.2.3 sends all user-provided credentials instead of only the required ones for the requests. We recommend upgrading to versions later than or equal to 5.3.2 or 4.2.3...
PT-2022-28184 · Ez Systems +1 · Ez Platform +1
Name of the Vulnerable Software and Affected Versions: Ibexa DXP versions 3.3. through 3.3.27 Ibexa DXP versions 4.2. through 4.2.2 eZ Platform versions 2.5. through 2.5.30 Description: Unauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or...
Joomla! 4.0.0 - 4.2.3 Multiple Vulnerabilities
Joomla! is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:joomla:joomla"; ifdescription...
CVE-2022-3474 Bazel leaks user credentials through the remote assets API
A bad credential handling in the remote assets API for Bazel versions prior to 5.3.2 and 4.2.3 sends all user-provided credentials instead of only the required ones for the requests. We recommend upgrading to versions later than or equal to 5.3.2 or 4.2.3...
CVE-2022-27912
An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests...
Joomla! 跨站脚本漏洞
Joomla! is a set of forum components used in the Joomla! content management system. A security vulnerability exists in Joomla! versions 4.0.0 through 4.2.3 that stems from insufficient filtering of user input...
PT-2022-18688 · Joomla · Joomla!
Name of the Vulnerable Software and Affected Versions: Joomla! versions 4.2.0 through 4.2.3 Description: An issue was discovered in Joomla! where inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components. Recommendations: For Joomla!...
CVE-2022-40358
CVE-2022-40358 affects AjaXplorer 4.2.3. The issue is a cross-site scripting vulnerability triggered by uploading a crafted SVG file, affecting the web-based file manager component. According to the CVE record, exploitation details are not publicly provided, and the CVSS data indicates a network-...
PT-2022-25360 · Unknown · Ajaxplorer
Name of the Vulnerable Software and Affected Versions: AjaXplorer version 4.2.3 Description: An issue in AjaXplorer allows attackers to cause cross-site scripting vulnerabilities via a crafted svg file upload. Recommendations: For AjaXplorer version 4.2.3, consider restricting the upload of svg...
WordPress plugin Analytify 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
3deecelltracker (>=0.5.0a0 <=1.0.0), abracadabra (>=0.0.0 <=0.0.7) +101 more potentially affected by CVE-2022-29238 via notebook (>=4.2.3 <=6.4.11)
notebook PYPI version =4.2.3, =0.5.0a0, =0.0.0, =1.0.0, =1.0.0, =0.1.1, =1.0.1, =0.0.48, =1.0.0, =0.3.4, =0.1.0rc1, =0.0.1, =0.2.1 - combnetdep =1.0.0 and more Source cves: CVE-2022-29238 Source advisory: OSV:PYSEC-2022-212...
Plone Cross-site scripting Vulnerability
Cross-site scripting XSS vulnerability in pythonscripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "u,translate."...
GHSA-CQ5G-924M-7FXH Plone Information Disclosure
atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name...
Improper Removal of Sensitive Information Before Storage or Transfer in irrd
IRRd did not always filter password hashes in query responses relating to mntner objects and database exports. This may have allowed adversaries to retrieve some of these hashes, perform a brute-force search for the clear-text passphrase, and use these to make unauthorised changes to affected IRR...
3deecelltracker (=1.0.0), abracadabra (>=0.0.0 <=0.0.7) +92 more potentially affected by CVE-2022-24758 via notebook (>=4.2.3 <=6.4.1)
notebook PYPI version =4.2.3, =0.0.0, =1.0.0, =1.0.0, =0.1.1, =1.0.1, =1.0.0, =0.3.4, =0.1.0rc1, =0.0.1, =0.1.3, =0.2.4 and more Source cves: CVE-2022-24758 Source advisory: OSV:PYSEC-2022-180...