[SECURITY] Fedora 43 Update: civetweb-1.16-10.fc43

Civetweb is an easy to use, powerful, C C/C++ embeddable web server with optional CGI, SSL and Lua support. CivetWeb can be used by developers as a library, to add web server functionality to an existing application. It can also be used by end users as a stand-alone web server running on a Window...

EUVD-2023-27711

Malicious code in bioql PyPI...

CVE-2025-59845

CVE-2025-59845 covers a CSRF flaw in Apollo Studio Embeddable Sandbox and Embeddable Explorer caused by missing origin validation in window.postMessage handling. The issue affects embedded Sandbox/Explorer prior to versions 2.7.2 and 3.7.3, allowing a malicious site to forge messages that trigger...

Cross-site Request Forgery (CSRF)

Overview @apollo/explorer is a This repo hosts the source for Apollo Studio's Embeddable Explorer Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via missing origin validation in the window.postMessage process. An attacker can execute unauthorized GraphQL queri...

PT-2025-39694

Name of the Vulnerable Software and Affected Versions Apollo Studio Embeddable Explorer versions prior to 3.7.3 Apollo Studio Embeddable Sandbox versions prior to 2.7.2 Description A cross-site request forgery CSRF issue was identified in Apollo Studio Embeddable Explorer and Embeddable Sandbox...

Apollo Studio Embeddable Explorer & Embeddable Sandbox 跨站请求伪造漏洞

Apollo Studio Embeddable Explorer & Embeddable Sandbox is an open source vectorization tool for Apollo GraphQL. A cross-site request forgery vulnerability exists in Apollo Studio Embeddable Explorer & Embeddable Sandbox, which stems from a lack of source validation when client code handles the...

[SECURITY] Fedora 43 Update: civetweb-1.16-9.fc43

Civetweb is an easy to use, powerful, C C/C++ embeddable web server with optional CGI, SSL and Lua support. CivetWeb can be used by developers as a library, to add web server functionality to an existing application. It can also be used by end users as a stand-alone web server running on a Window...

[SECURITY] Fedora 43 Update: cef-139.0.37^chromium139.0.7258.154-1.fc43

CEF is an embeddable build of Chromium, powered by WebKit Blink...

[SECURITY] Fedora 41 Update: civetweb-1.16-9.fc41

Civetweb is an easy to use, powerful, C C/C++ embeddable web server with optional CGI, SSL and Lua support. CivetWeb can be used by developers as a library, to add web server functionality to an existing application. It can also be used by end users as a stand-alone web server running on a Window...

[SECURITY] Fedora 42 Update: civetweb-1.16-9.fc42

Civetweb is an easy to use, powerful, C C/C++ embeddable web server with optional CGI, SSL and Lua support. CivetWeb can be used by developers as a library, to add web server functionality to an existing application. It can also be used by end users as a stand-alone web server running on a Window...

[SECURITY] Fedora 42 Update: cef-139.0.26^chromium139.0.7258.127-1.fc42

CEF is an embeddable build of Chromium, powered by WebKit Blink...

CVE-2023-23615

Discourse is an open source discussion platform. The embeddable comments can be exploited to create new topics as any user but without any clear title or content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. As a workaround, disable embeddable comments ...

excalidraw 安全漏洞

excalidraw is a software application. Virtual whiteboard sketch hand drawing A security vulnerability exists in excalidraw versions prior to 0.16.0 through 0.17.6, which stems from a stored cross-site scripting XSS vulnerability in the web embeddable component...

PT-2024-24599 · Unknown · Excalidraw

Name of the Vulnerable Software and Affected Versions: Excalidraw versions 0.16.x through 0.17.5 Excalidraw version 0.16.3 and earlier Description: A stored XSS vulnerability in Excalidraw's web embeddable component allows arbitrary JavaScript to be run in the context of the domain where the edit...

[SECURITY] Fedora 40 Update: bsh-2.1.0-12.fc40

BeanShell is a small, free, embeddable, Java source interpreter with object scripting language features, written in Java. BeanShell executes standard Java statements and expressions, in addition to obvious scripting commands and syntax. BeanShell supports scripted objects as simple method closure...

BIT-DISCOURSE-2023-23615 Malicious users in Discourse can create spam topics as any user due to improper access control

Discourse is an open source discussion platform. The embeddable comments can be exploited to create new topics as any user but without any clear title or content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. As a workaround, disable embeddable comments ...

CVE-2023-2905

CVE-2023-2905 affects Cesanta Mongoose (embedded web server). The vulnerability is a heap-based buffer overflow caused by not validating the length of MQTT_CMD_PUBLISH parsed messages with a variable-length header in version 7.10. Versions 7.9 and earlier are not affected; the issue is resolved i...

ccxvii mujs 资源管理错误漏洞

ccxvii mujs is an open source embeddable C language interpreter. A security vulnerability exists in MuJS versions prior to 1.1.2, which stems from the presence of a memory reuse after release issue that could lead to a system denial of service...

QuickJS 缓冲区错误漏洞

QuickJS is a small and embeddable Javascript engine. A security vulnerability exists in QuickJS, which is caused by a stack overflow...

CVE-2023-23615

Discourse is an open source discussion platform. The embeddable comments can be exploited to create new topics as any user but without any clear title or content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. As a workaround, disable embeddable comments ...