BIT-DISCOURSE-2023-44391 Prevent unauthorized access to summary details in Discourse

Discourse is an open source platform for community discussion. User summaries are accessible for anonymous users even when hideuserprofilesfrompublic is enabled. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 version of Discourse. Users are advised to upgrade. There are no know...

Code injection

Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on the open-source discussion platform Discourse. Prior to version 0.4, event invitees created in topics in private categories or PMs private messages can be retrieved by anyone, even if they're not logg...

Synacor Zimbra Security Vulnerability

Synacor Zimbra is an open source email collaboration platform from Synacor, Inc. in the United States. A security vulnerability exists in Synacor Zimbra Collaboration. An attacker could exploit the vulnerability to inject DOM-based JavaScript...

Design/Logic Flaw

Pixelfed is an open source photo sharing platform. When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than users intended, including to the administrative and moderator functionality of the Pixelfed server. This...

Mattermost Denial of Service Vulnerability (CNVD-2023-9963037)

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a denial-of-service vulnerability that stems from an inability to handle empty request bodies in an add endpoint, which could be exploited by an attacker to send a request with ...

Silverpeas Security Vulnerabilities

Silverpeas is an open source business collaboration platform. The platform includes applications for project management, blogs, forums and document management. A security vulnerability exists in Silverpeas Core 6.3.1 and earlier versions, which stems from the vulnerability of the application to...

Mattermost Information Disclosure Vulnerability (CNVD-2023-9769937)

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that originates in the public/metrics endpoint display channel ID. an attacker could exploit this vulnerability to cause an information disclosure...

EverShop Security Breach

EverShop is a NodeJS e-commerce platform open-sourced by EverShop. A security vulnerability exists in EverShop versions prior to 1.0.0-rc.8, which stems from the presence of a directory traversal vulnerability that allows remote attackers to obtain sensitive information via a crafted request...

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. GitLab has a security vulnerability that stems from a patch that could be...

MISP Security Vulnerabilities

MISP is an open source software solution. The product is used to collect, store, distribute, and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A security vulnerability exists in MISP versions prior to 2.4.176 that stems from...

MISP Security Vulnerabilities

MISP is an open source software solution. The product is used to collect, store, distribute, and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A security vulnerability exists in MISP versions prior to 2.4.176, which stems from...

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab that stems from allowing an attacker...

Moodle Security Breach

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle. No information about this vulnerability is available at this time, please stay tuned to CNN...

Apache Airflow Information Disclosure Vulnerability (CNVD-2023-85610)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow suffers from an information disclosure vulnerability that can be...

Design/Logic Flaw

Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor...

Nexkey Authorization Issues Vulnerability

Nexkey is an open source, decentralized social media platform for nexryai individual developers. An authorization issue vulnerability exists in Nexkey versions prior to 12.121.9 that stems from allowing an attacker to bypass authentication to access the job queue dashboard...

Apache Airflow Authorization Problem Vulnerability (CNVD-2023-72233)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow versions prior to 2.7.1 have an authorization issue vulnerability th...

SiYuan Notes Software Web App is a privacy-first personal knowledge management system that supports full offline use as well as end-to-end encrypted synchronization. Yunnan ChainDrop Technology Co., Ltd. has an XSS vulnerability in the Siyuan Notes Software Web application, which can be exploited by attackers to obtain sensitive information such as user cookies.

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A code execution vulnerability exists in Apache Airflow HDFS Provider, which stems...

Design/Logic Flaw

Discourse is an open-source discussion platform. Prior to version 3.1.1 of the stable branch and version 3.2.0.beta1 of the beta and tests-passed branches, a malicious user could add a 2FA or security key with a carefully crafted name to their account and cause a denial of service for other users...

Design/Logic Flaw

Discourse is an open-source discussion platform. Prior to version 3.1.1 of the stable branch and version 3.2.0.beta1 of the beta and tests-passed branches, a malicious admin could create extremely large icons sprites, which would then be cached in each server process. This may cause server...