CVE-2023-33968

Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to a missing access control vulnerability that allows a user with low privileges to create or transfer tasks to any project within the software, even if they have not...

CVE-2023-46725

FoodCoopShop is open source software for food coops and local shops. Versions starting with 3.2.0 prior to 3.6.1 are vulnerable to server-side request forgery. In the Network module, a manufacturer account can use the /api/updateProducts.json endpoint to make the server send a request to an...

CVE-2022-34961

OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting XSS vulnerability via the Users Timeline module...

CVE-2022-36108

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the f:asset.css view helper is vulnerable to cross-site scripting when user input is passed as variables to the CSS. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the...

CVE-2021-21377

OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 supports redirection to a given URL after performing login or switching the group context. These URLs are not validated, allowing redirection to untrusted sites. OMERO.web 5.9.0 adds URL...

CVE-2021-29569

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGradWithArgmax can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The...

CVE-2021-41167

modern-async is an open source JavaScript tooling library for asynchronous operations using async/await and promises. In affected versions a bug affecting two of the functions in this library: forEachSeries and forEachLimit. They should limit the concurrency of some actions but, in practice, they...

CVE-2021-32616

1CDN is open-source file sharing software. In 1CDN before commit f88a2730fa50fc2c2aeab09011f6f142fd90ec25, there is a basic cross-site scripting vulnerability that allows an attacker to inject / and execute JavaScript code on the client side...

CVE-2025-48070

Plane is an open-source project management tool. The CVE-2025-48070 entry details insecure permissions in the UserSerializer on versions prior to 0.23, allowing changes to read-only fields (e.g., email). This can lead to account takeover when chained with another vulnerability such as XSS. The is...

CVE-2025-48070 Plane has insecure permissions in UserSerializer

Plane is open-source project management software. Versions prior to 0.23 have insecure permissions in UserSerializer that allows users to change fields that are meant to be read-only, such as email. This can lead to account takeover when chained with another vulnerability such as cross-site...

Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2025-1469)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 41 Update: chromium-136.0.7103.113-1.fc41

Chromium is an open-source web browser, powered by WebKit Blink...

[SECURITY] Fedora 42 Update: chromium-136.0.7103.113-1.fc42

Chromium is an open-source web browser, powered by WebKit Blink...

CVE-2025-47784

Emlog (open-source website building system) is affected by CVE-2025-47784 in versions 2.5.13 and earlier, due to a deserialization vulnerability. A crafted nickname can trigger str_replace to set name_orig to an empty value, causing deserialization to fail and return false. The issue is mitigated...

CVE-2025-47781 Rallly Insufficient Password Login Token Entropy Leads to Account Takeover

Rallly is an open-source scheduling and collaboration tool. Versions up to and including 3.22.1 of the application features token based authentication. When a user attempts to login to the application, they insert their email and a 6 digit code is sent to their email address to complete the...

[SECURITY] Fedora 42 Update: chromium-136.0.7103.92-1.fc42

Chromium is an open-source web browser, powered by WebKit Blink...

[SECURITY] Fedora 40 Update: chromium-136.0.7103.92-1.fc40

Chromium is an open-source web browser, powered by WebKit Blink...

Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities

Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Planning Analytics Workspace. For more information about the vulnerability impact, refer to the table in the "Related Information" section. This Security Bulletin relates only to the direct usage of...

PCMan FTP Server Buffer Overflow Vulnerability (CNVD-2025-10715)

PCMan FTP Server is PCMan open source set of FTP server software. PCMan FTP Server suffers from a buffer overflow vulnerability that originates in the RNFR command processor. No detailed vulnerability details are provided at this time...

Security Researchers Warn a Widely Used Open Source Tool Poses a 'Persistent' Risk to the US

The open source software easyjson is used by the US government and American companies. But its ties to Russia’s VK, whose CEO has been sanctioned, have researchers sounding the alarm...