6574 matches found
CVE-2023-2239 Exposure of Private Personal Information to an Unauthorized Actor in microweber/microweber
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository microweber/microweber prior to 1.3.4...
CVE-2023-2240
CVE-2023-2240 affects Microweber/microweber prior to version 1.3.4. The root cause is improper privilege management, leading to high-severity impact across confidentiality, integrity, and availability (per CVSS 3.1/3.0 data: HIGH). No exploit details are provided in the supplied documents. The vu...
CVE-2023-1875 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq
Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12...
PYSEC-2023-36
Cross-Site Request Forgery CSRF in GitHub repository modoboa/modoboa prior to 2.1.0...
Authorization
Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0...
CVE-2023-1892
Cross-site Scripting XSS - Reflected in GitHub repository sidekiq/sidekiq prior to 7.0.8...
CVE-2023-2228 Cross-Site Request Forgery (CSRF) in modoboa/modoboa
Cross-Site Request Forgery CSRF in GitHub repository modoboa/modoboa prior to 2.1.0...
CVE-2023-2228 Cross-Site Request Forgery (CSRF) in modoboa/modoboa
Cross-Site Request Forgery CSRF in GitHub repository modoboa/modoboa prior to 2.1.0...
CVE-2023-2227 Improper Authorization in modoboa/modoboa
Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0...
CVE-2023-2202 Improper Access Control in francoisjacquet/rosariosis
Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3...
Default credentials
Weak Password Requirements in GitHub repository modoboa/modoboa prior to 2.1.0...
PYSEC-2023-34
Weak Password Requirements in GitHub repository modoboa/modoboa prior to 2.1.0...
SUSE CVE-2023-0877
Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11...
Hardcoded credentials
Use of Hard-coded Credentials in GitHub repository nuxtlabs/github-module prior to 1.6.2...
CVE-2023-2160 Weak Password Requirements in modoboa/modoboa
Weak Password Requirements in GitHub repository modoboa/modoboa prior to 2.1.0...
CVE-2023-2138
CVE-2023-2138 affects nuxtlabs/github-module prior to version 1.6.2. The root cause is a hard-coded GitHub token embedded in the module’s source, which granted access to multiple Nuxt-related GitHub repositories. The issue is described consistently across multiple sources (including Red Hat, GitH...
CVE-2023-2160
The CVE pertains to modoboa/modoboa with weak password requirements prior to version 2.1.0. Several connected sources confirm that users could set unsafe passwords (e.g., 1, HACK) due to weak password policy, and that this was fixed in commit 130257c96a2392ada795785a91178e656e27015c and is addres...
CVE-2023-2138 Use of Hard-coded Credentials in nuxtlabs/github-module
Use of Hard-coded Credentials in GitHub repository nuxtlabs/github-module prior to 1.6.2...
CVE-2023-2109 Cross-site Scripting (XSS) - DOM in chatwoot/chatwoot
Cross-site Scripting XSS - DOM in GitHub repository chatwoot/chatwoot prior to 2.14.0...
Improper Restriction of Excessive Authentication Attempts in calibreweb
Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20...