PT-2026-33232

Name of the Vulnerable Software and Affected Versions goshs versions 2.0.0-beta.4 through 2.0.0-beta.5 Description goshs contains a cross-site request forgery issue in its state-changing HTTP GET routes. An external attacker can cause an authenticated browser to trigger destructive actions becaus...

CVE-2023-0410

Cross-site Scripting XSS - Generic in GitHub repository builderio/qwik prior to 0.1.0-beta5...

PT-2022-24828 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions 2.9.0.beta5 through 2.9.0.beta9 Description: The issue arises when an incomplete quote generates a JavaScript error, potentially crashing the current page in the browser. This occurs in certain cases and is related to how t...

Blosc C-Blosc Buffer Error Vulnerability

Blosc C-Blosc2 is a code library from the Blosc team that enables deep compression of binary data. The goal of the software is to reduce the size of large datasets on disk or in memory, speeding up memory-bound computations. The software supports BloscLZ, a compression program based on FastLZ, LZ...

Inedo ProGet Cross-Site Scripting Vulnerability

Inedo ProGet is a general-purpose package manager from Inedo USA with package management, filtering and upgrading features. A cross-site scripting vulnerability exists in Inedo ProGet versions prior to 5.0 Beta5. A remote attacker can exploit the vulnerability to change advanced settings...