6574 matches found
CVE-2022-3371
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3...
CVE-2022-1440
Command Injection vulnerability in [email protected] in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a --upload-pack command-line argument feature of git is also supported for git clone, which would then allow for any operating syst...
CVE-2022-1044
Sensitive Data Exposure Due To Insecure Storage Of Profile Image in GitHub repository polonel/trudesk prior to v1.2.1...
CVE-2022-1699
Uncontrolled Resource Consumption in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications...
CVE-2022-1682
Reflected Xss using url based payload in GitHub repository neorazorx/facturascripts prior to 2022.07. Xss can use to steal user's cookies which lead to Account takeover or do any malicious activity in victim's browser...
CVE-2022-1808
Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3...
CVE-2022-1592
Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lead to xss...
CVE-2022-1000
Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7...
CVE-2022-1178
Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4...
CVE-2022-1848
Business Logic Errors in GitHub repository erudika/para prior to 1.45.11...
CVE-2022-1947
Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3...
CVE-2022-1543
Improper handling of Length parameter in GitHub repository erudika/scoold prior to 1.49.4. When the text size is large enough the service results in a momentary outage in a production environment. That can lead to memory corruption on the server...
CVE-2022-1345
Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse...
CVE-2022-1291
XSS vulnerability with default onCellHtmlData function in GitHub repository hhurz/tableexport.jquery.plugin prior to 1.25.0. Transmitting cookies to third-party servers. Sending data from secure sessions to third-party servers...
CVE-2022-1813
OS Command Injection in GitHub repository yogeshojha/rengine prior to 1.2.0...
CVE-2022-1033
Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6...
CVE-2022-1213
SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191...
CVE-2022-1330
stored xss due to unsantized anchor url in GitHub repository alvarotrigo/fullpage.js prior to 4.0.4. stored xss...
CVE-2022-1464
Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account...
CVE-2022-1347
Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation...