[SECURITY] Fedora 44 Update: LabPlot-2.12.1-17.fc44

LabPlot is a FREE, open source and cross-platform Data Visualization and Analysis software accessible to everyone. - High-quality Data Visualization and Plotting with just a few clicks - Reliable and easy Data Analysis and Statistics, no coding required! - Intuitive and fast Computing with...

CVE-2026-34747

Payload is a free and open source headless content management system. Prior to version 3.79.1, certain request inputs were not properly validated. An attacker could craft requests that influence SQL query execution, potentially exposing or modifying data in collections. This issue has been patche...

CVE-2024-39910

decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The WYSWYG editor QuillJS is subject to potential XSS attach in case the attacker manages to modify the HTML before being uploaded to the server. The attacker is able to...

EUVD-2024-38930

Malicious code in bioql PyPI...

Wazuh 4.13.0

Wazuh is a free and open source security platform that unifies XDR and SIEM capabilities. It protects workloads across on-premises, virtualized, containerized, and cloud-based environments. This is the source code release...

Wazuh 4.12.0

Wazuh is a free and open source security platform that unifies XDR and SIEM capabilities. It protects workloads across on-premises, virtualized, containerized, and cloud-based environments. This is the source code release...

Enalean Tuleap 安全漏洞

Enalean Tuleap is a free and open source tool from the French company Enalean. It is used for end-to-end traceability of application and system development. A security vulnerability exists in Enalean Tuleap. An attacker exploiting the vulnerability could access sensitive information...

PT-2024-14304 · Unknown · Free/Open Source Inventory Management System

Name of the Vulnerable Software and Affected Versions: Free Open-Source Inventory Management System version 1.0 Description: A Cross Site Request Forgery CSRF issue allows a remote attacker to execute arbitrary code via the staff list parameter in the "index.php" component. This enables the...

CVE-2023-51813

CVE-2023-51813 describes a CSRF vulnerability in the Free Open-Source Inventory Management System v1.0. The issue arises via the staff_list parameter in the index.php component, allowing a remote attacker to execute arbitrary code. The available documents do not specify affected build details bey...

Free and Open Source Inventory Management System Cross-Site Scripting Vulnerability

Inventory Management System is an inventory management system by stemword individual developers. A security vulnerability exists in Free and Open Source Inventory Management System v1.0, which stems from the presence of multiple cross-site scripting XSS vulnerabilities that could allow an attacke...

PT-2023-27085 · Unknown · Free/Open Source Inventory Management System

Name of the Vulnerable Software and Affected Versions: Free and Open Source Inventory Management System version 1.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the "Add New...

CVE-2023-39709

Multiple cross-site scripting XSS vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Member section...

CVE-2023-39708

A stored cross-site scripting XSS vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add New parameter under the New Buy section...

CVE-2023-39707

A stored cross-site scripting XSS vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add Expense parameter under the Expense section...

CVE-2022-31128

Tuleap CVE-2022-31128 affects Tuleap Community Edition prior to 13.10.99.82 and Tuleap Enterprise Edition prior to 13.10-3. The issue arises from improper verification of fine-grained permissions when creating Git branches via the REST API (POST git/:id/branches); users could create branches rega...

CVE-2022-31063

Tuleap vulnerable before version 13.9.99.111 due to improper escaping of the document title in the MyDocmanSearch widget results and in the locked documents administration page. This can allow a malicious user who can create a document to trigger arbitrary code execution on a victim’s system. Aff...

CVE-2022-24896 Tracker report renderer and chart widgets leak information in Tuleap

Tuleap is a Free & Open Source Suite to manage software developments and collaboration. In versions prior to 13.7.99.239 Tuleap does not properly verify authorizations when displaying the content of tracker report renderer and chart widgets. Malicious users could use this vulnerability to retriev...

Radiant CMS Cross-Site Scripting Vulnerability

Radiant CMS is a free and open source content management system designed for small teams. A cross-site scripting vulnerability exists in Radiant CMS version 1.1.4 due to the system failing to effectively filter user-supplied data. The vulnerability can be exploited by an attacker to execute...

Debian Security Advisory DSA 2772-1 (typo3-src - cross-site scripting)

Markus Pieton and Vytautas Paulikas discovered that the embedded video and audio player in the TYPO3 web content management system is suspectible to cross-site-scripting. OpenVAS Vulnerability Test $Id: deb2772.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2772-1 usin...

DEBIAN-CVE-2012-2783

Unspecified vulnerability in libavcodec/vp56.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, has unknown impact and attack vectors, related to "freeing the returned frame."...