164 matches found
CVE-2025-21616
Plane is an open-source project management tool. A cross-site scripting XSS vulnerability has been identified in Plane versions prior to 0.23. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims'...
CVE-2025-21616 Plane has a Cross-site scripting (XSS) via SVG image upload
Plane is an open-source project management tool. A cross-site scripting XSS vulnerability has been identified in Plane versions prior to 0.23. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims'...
CVE-2025-21616 Plane has a Cross-site scripting (XSS) via SVG image upload
Plane is an open-source project management tool. A cross-site scripting XSS vulnerability has been identified in Plane versions prior to 0.23. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims'...
1000 Projects Portfolio Management System MCA 注入漏洞
1000 Projects Portfolio Management System MCA is an open source portfolio management system from 1000 Projects. An injection vulnerability exists in 1000 Projects Portfolio Management System MCA version 1.0, which stems from a parameter q in the file /updatepersonaldetails.php that can lead to SQ...
Malicious code in app-settings-template (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis eb5bad98414af86d07823241157507b0c2c71fb619cb487fb0a126587fa9ae8e The OpenSSF Package Analysis project identified 'app-settings-template' @ 1.0.0 npm as malicious. It is considered malicious because: - The...
CVE-2024-11319 Stored XSS in Open Source Project "django-cms"
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in django CMS Association django-cms allows Cross-Site Scripting XSS. This issue affects django-cms: 3.11.7, 3.11.8, 4.1.2, 4.1.3...
Malicious code in libnpmpublishing (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 000ac1f9e3e24873823d90fa6c4785583e0f65c86d7c26847dd8819079f1e6e7 The OpenSSF Package Analysis project identified 'libnpmpublishing' @ 99.3.5 npm as malicious. It is considered malicious because: - The package...
Intel Neural Compressor 输入验证错误漏洞
Intel Neural Compressor is an open source project from Intel Corporation USA designed to help developers easily implement AI model optimization. An input validation error vulnerability exists in Intel Neural Compressor versions prior to v3.0, which stems from improper input validation. An attacke...
Exploit for CVE-2024-42845
invesalius3vulnerabilities Intro The https://github.com/...
CVE-2024-3799
Insecure handling of POST header parameter body included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reach...
CVE-2024-3798
Insecure handling of GET header parameter file included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reache...
CVE-2024-3799
CVE-2024-3799 describes an insecure handling of POST header body in Phoniebox that allows an attacker to craft a webpage which, when visited by a user, causes the user’s browser to send malicious requests to hosts on the local network, potentially triggering shell command execution on the vulnera...
CVE-2024-3799 Shell command injection in Phoniebox
Insecure handling of POST header parameter body included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reach...
CVE-2024-3799 Shell command injection in Phoniebox
Insecure handling of POST header parameter body included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reach...
CVE-2024-3798 Insecure handling of GET argument in Phoniebox
Insecure handling of GET header parameter file included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reache...
CVE-2024-3798 Insecure handling of GET argument in Phoniebox
Insecure handling of GET header parameter file included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reache...
CVE-2024-3798 Insecure handling of GET argument in Phoniebox
Insecure handling of GET header parameter file included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reache...
ALCASAR Security Vulnerabilities
ALCASAR is a free open source project from ALCASAR Open Source for managing Internet access on public, business or home networks. A security vulnerability exists in ALCASAR versions prior to 3.6.1 that stems from vulnerability to cross-site request forgery and remote code execution attacks...
MP-SPDZ 安全漏洞
MP-SPDZ is a CSIRO Data61 Engineering & Design open source software for benchmarking various Secure Multiparty Computing MPC protocols in various security models. A security vulnerability exists in MP-SPDZ version v0.3.8. An attacker exploited the vulnerability to cause a denial of service on the...
CVE-2024-31461 Plane Server-Side Request Forgery (SSRF) Vulnerability
Plane, an open-source project management tool, has a Server-Side Request Forgery SSRF vulnerability in versions prior to 0.17-dev. This issue may allow an attacker to send arbitrary requests from the server hosting the application, potentially leading to unauthorized access to internal systems. T...