6573 matches found
Authorization
Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16...
Improper access control
Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16...
CVE-2022-0405
CVE-2022-0405 affects janeczku/calibre-web versions prior to 0.6.16. Root cause: improper access control during HTML rendering in shelf handling allows an attacker to disclose the names of private shelves. Impact: information disclosure of private shelf names without privilege escalation. A PoC d...
CVE-2022-0088 Cross-Site Request Forgery (CSRF) in yourls/yourls
Cross-Site Request Forgery CSRF in GitHub repository yourls/yourls prior to 1.8.3...
CVE-2022-0088 Cross-Site Request Forgery (CSRF) in yourls/yourls
Cross-Site Request Forgery CSRF in GitHub repository yourls/yourls prior to 1.8.3...
CVE-2022-1201
NULL Pointer Dereference in mrbvmexec with super in GitHub repository mruby/mruby prior to 3.2. This vulnerability is capable of making the mruby interpreter crash, thus affecting the availability of the system...
CVE-2022-1201
NULL Pointer Dereference in mrbvmexec with super in GitHub repository mruby/mruby prior to 3.2. This vulnerability is capable of making the mruby interpreter crash, thus affecting the availability of the system...
CVE-2022-1207
Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to read sensitive information from outside the allocated buffer boundary...
CVE-2022-1207
Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to read sensitive information from outside the allocated buffer boundary...
CVE-2022-1207 Out-of-bounds read in radareorg/radare2
Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to read sensitive information from outside the allocated buffer boundary...
Cross site scripting
Cross-site Scripting XSS - Stored in GitHub repository vanessa219/vditor prior to 3.8.13...
CVE-2022-0350 Cross-site Scripting (XSS) - Stored in vanessa219/vditor
Cross-site Scripting XSS - Stored in GitHub repository vanessa219/vditor prior to 3.8.13...
CVE-2022-1176
Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96...
Code injection
Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96...
CVE-2022-1160
heap buffer overflow in getonesourceline in GitHub repository vim/vim prior to 8.2.4647...
CVE-2022-1155
Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10...
Code injection
Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10...
CVE-2022-1155 Old sessions are not blocked by the login enable function. in snipe/snipe-it
Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10...
CVE-2022-1155 Old sessions are not blocked by the login enable function. in snipe/snipe-it
Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10...
Design/Logic Flaw
Use after free in utfptr2char in GitHub repository vim/vim prior to 8.2.4646...