322 matches found
Cerebrate security breach
Cerebrate is an open source platform. It is intended to act as an interconnection coordinator between trusted contact information providers and other security tools. A security vulnerability exists in Cerebrate that stems from the lack of a Secure attribute on session cookies...
GitLab Security Breach
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. GitLab suffers from a security vulnerability that stems from the ability to re...
GitLab Security Breach
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. GitLab suffers from a security vulnerability that stems from improper privileg...
Cerebrate 安全漏洞
Cerebrate is an open source platform. Designed to act as an interconnection coordinator between trusted contact information providers and other security tools. A security vulnerability exists in Cerebrate version 1.14. An attacker could exploit the vulnerability to change the user settings of oth...
Nextcloud Security Breach
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server. An attacker could use this vulnerability to brute-force break the client secrets of a configured OAuth...
CVE-2023-38498 Discourse vulnerable to DoS via defer queue
Discourse is an open source discussion platform. Prior to version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches, a malicious user can prevent the defer queue from proceeding promptly on sites hosted in the same multisite installation. The issue is patche...
Cross site scripting
Discourse is an open source discussion platform. Prior to version 3.1.0.beta7 of the beta and tests-passed branches, a CSP Content Security Policy nonce reuse vulnerability was discovered could allow cross-site scripting XSS attacks to bypass CSP protection for anonymous i.e. unauthenticated user...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from not properly checking the authorization of POST/api/v4/teams...
Pimcore SQL注入漏洞
Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce frameworks and product information management applications. A SQL injection vulnerability exists in Pimcor...
Apache Airflow Security Bypass Vulnerability
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A security bypass vulnerability exists in Apache Airflow versions prior to 2.6.3,...
Apache Airflow Input Validation Error Vulnerability (CNVD-2023-67074)
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. An input validation error vulnerability exists in Apache Airflow versions prior to...
Unspecified Vulnerability in Mattermost (CNVD-2023-55048)
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from an inability to clean up temporary error messages, which can be exploited by an attacker to obtain the content of arbitrary messages via...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from an inability to clean up temporary error messages, which can be exploited by an attacker to obtain the content of arbitrary messages via...
Metabase 访问控制错误漏洞
Metabase is an open source data analytics platform from the American company Metabase. Metabase suffers from an Access Control Error vulnerability that stems from the fact that to edit SQL snippets, Metabase should require people to belong to at least one group with native query editing privilege...
Mlflow 安全漏洞
Mlflow is an open source platform for machine learning lifecycles. A security vulnerability exists in Mlflow versions prior to 2.3.1 that stems from being able to read local files...
GitLab 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab versions prior to 15.9.8, 15.10.0...
GitLab 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab, which stems from the possibility th...
Pimcore SQL注入漏洞
Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce frameworks and product information management applications. A SQL injection vulnerability exists in Pimcor...
CVE-2023-30538 Stored Cross-site Scripting via improper sanitization of svg files in Discourse
Discourse is an open source platform for community discussion. Due to the improper sanitization of SVG files, an attacker can execute arbitrary JavaScript on the users’ browsers by uploading a crafted SVG file. This issue is patched in the latest stable and tests-passed versions of Discourse. Use...
Protecting your business with Wazuh: The open source security platform
Today, businesses face a variety of security challenges like cyber attacks, compliance requirements, and endpoint security administration. The threat landscape constantly evolves, and it can be overwhelming for businesses to keep up with the latest security trends. Security teams use processes an...