GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE/EE that originates from a malicio...

Discourse 安全漏洞

Discourse is an open source community discussion platform. The platform includes features such as communities, email and chat rooms. A security vulnerability exists in Discourse. An attacker exploited the vulnerability to cause sensitive information to be disclosed...

Metabase 安全漏洞

Metabase is an open source data analytics platform from Metabase, Inc. in the United States. A security vulnerability exists in Metabase that stems from unsaved SQL queries being executed automatically, which could constitute a possible attack vector...

RelatedChat 安全漏洞

RelatedChat is an open source alternative communication platform for Related Code individual developers. A security vulnerability exists in RelatedChat. An attacker exploiting this vulnerability could access the chat history of any user of the application...

Design/Logic Flaw

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the stable branch and prior to 2.9.0.beta10 on the beta and tests-passed branches, a moderator can create new and edit existing themes by using the API when they should not be able to do so. The problem is patched in...

CVE-2022-39238 Improper Authentication in Arvados when using PAM as identity provider

Arvados is an open source platform for managing and analyzing biomedical big data. In versions prior to 2.4.3, when using Portable Authentication Modules PAM for user authentication, if a user presented valid credentials but the account is disabled or otherwise not allowed to access the host such...

Google TensorFlow 安全漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc...

CircuitVerse 代码问题漏洞

CircuitVerse is a free open source platform open sourced by CircuitVerse India. It allows users to build digital logic circuits online. CircuitVerse suffers from a code issue vulnerability that stems from its ability to allow an authenticated attacker to execute arbitrary code via a specially...

Known 注入漏洞

Known is a social publishing platform open-sourced by Known in the United States. A security vulnerability exists in Known v1.3.1 and below, which stems from the discovery of a vulnerability that allows an attacker to perform an account takeover via a host header injection attack...

vulhub

This is an open-source collection of vulnerable web applications and environments for testing and learning purposes. It is a repository of vulnerable systems, including web applications, databases, and networks, that can be used to test and demonstrate various types of cyber attacks and...

Design/Logic Flaw

Discourse is an open source discussion platform. Under certain conditions, a logged in user can redeem an invite with an email that either doesn't match the invite's email or does not adhere to the email domain restriction of an invite link. The impact of this flaw is aggravated when the invite h...

CVE-2022-29209 Type confusion leading to `CHECK`-failure based denial of service in TensorFlow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions e.g., CHECKLT, CHECKGT, etc. have an incorrect logic when comparing sizet and int values. Due to type conversion rules, several of t...

Hubzilla file inclusion vulnerability

Hubzilla is an open source platform for creating interconnected websites with a decentralized identity, communications and permissions framework built using common web server technology.Hubzilla version 7.2 previously contained a security vulnerability that could be exploited by remote attackers ...

Cerebrate has an unspecified vulnerability (CNVD-2022-77055)

Cerebrate is an open source platform. Designed to act as an interconnection orchestrator for trusted contact information providers and other security tools, a security vulnerability exists in Cerebrate 1.4, which stems from a faulty shared group ACL allowing non-privileged users to edit and modif...

Cerebrate has an unspecified vulnerability

Cerebrate is an open source platform. Designed to act as an interconnected orchestrator for trusted contact information providers and other security tools, a security vulnerability exists in Cerebrate 1.4, which stems from the possibility of XSS occurring in the bookmark component. No detailed...

Cerebrate 安全漏洞

Cerebrate is an open source platform. Designed to act as an interconnection orchestrator for trusted contact information providers and other security tools, a security vulnerability exists in Cerebrate 1.4, which stems from a faulty shared group ACL allowing non-privileged users to edit and modif...

Cerebrate 安全漏洞

Cerebrate is an open source platform. Designed to act as an interconnected orchestrator for trusted contact information providers and other security tools, a security vulnerability exists in Cerebrate 1.4, which stems from the possibility of username enumeration. No detailed vulnerability details...

CVE-2022-21703 Cross Site Request Forgery in Grafana

Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users for example,...

Google Tensorflow 代码问题漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow has a code issue vulnerability that stems from the simplifyBroadcast function in the MLIR-TFRT infrastructure in TensorFlow being prone to segmentation errors. No detailed...

Discourse 安全漏洞

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features.A security vulnerability exists in Discourse, which could be exploited by attackers to poison the cache of anonymous i.e., not logged in users, resulting in a partial denial o...