6574 matches found
CVE-2023-4124 Missing Authorization in answerdev/answer
Missing Authorization in GitHub repository answerdev/answer prior to v1.1.1...
Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2023-2552)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GHSA-RRXV-Q8M4-WCH3 .eth registrar controller can shorten the duration of registered names
Description According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they cannot change the ownership or reduce the expiration time of existing domains. However, a preliminary analysis suggests that an attacker-controlled...
PYSEC-2023-280
OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0...
CVE-2023-4033
CVE-2023-4033 : The connected documents confirm an OS Command Injection vulnerability affecting the project mlflow/mlflow prior to version 2.6.0 . The sources (OSV, GHSA, NVD, and related advisories) consistently describe it as an OS command injection issue in that repository/version range. The d...
CVE-2023-4033 OS Command Injection in mlflow/mlflow
OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0...
CVE-2023-4033 OS Command Injection in mlflow/mlflow
OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0...
CVE-2023-4033 OS Command Injection in mlflow/mlflow
OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0...
Input validation
Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16...
CVE-2023-4007 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq
Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16...
CVE-2023-4007 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq
Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16...
CVE-2023-4007
CVE-2023-4007 is a stored XSS vulnerability in phpMyFAQ. Affected software: phpMyFAQ prior to version 3.1.16 (Thorsten Rinne’s project). The root cause: stored input may be injected, leading to cross-site script execution. Impact indicators in public documents show high confidentiality/integrity ...
CVE-2023-4006
CVE-2023-4006 affects phpMyFAQ before version 3.1.16. The vulnerability arises from improper neutralization of formula elements in CSV files processed by phpMyFAQ, enabling affects to potentially exploit crafted CSV content. Impact per CVSS (NVD) is Critical (C:H/I:H/A:H) with network attack vect...
CVE-2023-4005 Insufficient Session Expiration in fossbilling/fossbilling
Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5...
EulerOS Virtualization 2.10.1 : vim (EulerOS-SA-2023-2471)
According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225. CVE-2023-0433 - Heap-based Buffer Overflow in GitHub...
CVE-2023-3982
Cross-site Scripting XSS - Stored in GitHub repository omeka/omeka-s prior to 4.0.2...
Cross site scripting
Cross-site Scripting XSS - Stored in GitHub repository omeka/omeka-s prior to 4.0.2...
CVE-2023-3982 Cross-site Scripting (XSS) - Stored in omeka/omeka-s
Cross-site Scripting XSS - Stored in GitHub repository omeka/omeka-s prior to 4.0.2...
CVE-2023-3982
Omeka-S versions prior to 4.0.2 are affected by a stored XSS vulnerability in the web application (stored user input). Root cause: unsanitized input stored by the application, enabling script execution in a victim’s browser. A fix is available in 4.0.2 or later. A PoC exists on Huntr: https://www...
CVE-2023-3981 Server-Side Request Forgery (SSRF) in omeka/omeka-s
Server-Side Request Forgery SSRF in GitHub repository omeka/omeka-s prior to 4.0.2...