6574 matches found
CVE-2023-6890
CVE-2023-6890 is a stored Cross‑site Scripting (XSS) vulnerability in the PHPMyFAQ project. The issue affects versions prior to 3.1.17 and stems from inadequate input filtering/escaping of user-supplied data, enabling an attacker to inject and execute arbitrary web script or HTML. The vulnerabili...
CVE-2023-6889
CVE-2023-6889 is a stored Cross-site Scripting (XSS) vulnerability affecting phpMyFAQ versions prior to 3.1.17 (GitHub repository thorsten/phpmyfaq). The available connected documents consistently describe the flaw as a stored XSS issue in phpMyFAQ and reference public disclosures/advisories (inc...
CVE-2023-6889 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq
Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17...
CVE-2023-6831
Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...
Code injection
Business Logic Errors in GitHub repository microweber/microweber prior to 2.0...
PYSEC-2023-253
Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2...
CVE-2023-6832
CVE-2023-6832 affects microweber/microweber prior to 2.0. A business logic flaw enables bypass of coupon code validation, allowing attackers to obtain items at reduced prices when the coupon feature is disabled. Public sources (GHSA and Veracode advisories) describe the coupon-validation bypass a...
Gradio Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository gradio-app/gradio prior to main...
GHSA-GQVF-3HGP-5HXV Gradio Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository gradio-app/gradio prior to main...
Command injection
Command Injection in GitHub repository gradio-app/gradio prior to main...
PYSEC-2023-255
Command Injection in GitHub repository gradio-app/gradio prior to main...
CVE-2023-6572 Command Injection in gradio-app/gradio
Command Injection in GitHub repository gradio-app/gradio prior to main...
Path traversal in MLflow
Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2...
CVE-2023-6753
Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2...
PYSEC-2023-309
Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2...
CVE-2023-6753 Path Traversal in mlflow/mlflow
Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2...
CVE-2023-6753 Path Traversal in mlflow/mlflow
Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2...
Improper Authentication
github.com/treeverse/lakefs is vulnerable to Improper Authentication. The vulnerability is due to the NewSecureString function in securestring.go lacking the security measures handle environment variables. Specifically, it directly accesses environment variables using os.LookupEnv without any for...
CVE-2023-6709
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2...
CVE-2023-6709 Improper Neutralization of Special Elements Used in a Template Engine in mlflow/mlflow
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2...