515 matches found
CVE-2021-4452
The Google Language Translator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in versions up to, and including, 6.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary we...
CVE-2020-26226
In the npm package semantic-release before version 17.2.3, secrets that would normally be masked by semantic-release can be accidentally disclosed if they contain characters that become encoded when included in a URL. Secrets that do not contain characters that become encoded when included in a U...
AZL-55644 CVE-2024-53263 affecting package git-lfs for versions less than 3.5.1-4
Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the git-credential1 command without checking for embedded line-ending control characters, and then sends any credentials it receives back fr...
AZL-55670 CVE-2024-53263 affecting package git-lfs for versions less than 3.6.1-1
Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the git-credential1 command without checking for embedded line-ending control characters, and then sends any credentials it receives back fr...
CVE-2024-36498 Stored cross site scripting
Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" function of the configuration menu is vulnerable to stored XSS. Only the users Poweruser and Admin can use this function...
CVE-2024-48866
An improper handling of URL encoding Hex Encoding vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We have already fixed the vulnerability in the following...
CVE-2024-48866
An improper handling of URL encoding Hex Encoding vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We have already fixed the vulnerability in the following...
CVE-2024-48866
CVE-2024-48866 concerns an improper handling of URL encoding (Hex Encoding) affecting QNAP QTS and QuTS hero. Affected products include QTS 5.1.9.2954 build 20241120 and later, QTS 5.2.2.2950 build 20241114 and later, QuTS hero h5.1.9.2954 build 20241120 and later, and QuTS hero h5.2.2.2952 build...
CVE-2024-48866 QTS, QuTS hero
An improper handling of URL encoding Hex Encoding vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We have already fixed the vulnerability in the following...
CVE-2024-48866 QTS, QuTS hero
An improper handling of URL encoding Hex Encoding vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We have already fixed the vulnerability in the following...
QNAP Systems QTS和QNAP Systems QuTS hero 安全漏洞
QNAP Systems QTS and QNAP Systems QuTS hero are both products of China Weilian Technology QNAP Systems, Inc.QNAP Systems QTS is an entry operating system.QNAP Systems QuTS hero is an operating system. A security vulnerability exists in QNAP Systems QTS and QNAP Systems QuTS hero that stems from t...
CVE-2024-23983
Improper handling of canonical URL-encoding may lead to bypass not properly constrained by request rules...
CVE-2024-23983
CVE-2024-23983 concerns Ping Identity PingAccess where improper handling of canonical URL-encoding may bypass request rules. Affected component is PingAccess (central policy engine) with vulnerability enabling bypass due to URL-encoded characters not properly constrained by access rules. Public s...
GHSA-QM92-93FV-VH7M Path traversal in oak allows transfer of hidden files within the served root directory
Summary By default oak does not allow transferring of hidden files with Context.send API. However, this can be bypassed by encoding / as its URL encoded form %2F. Details 1. Oak uses decodeComponent which seems to be unexpected. This is also the reason why it is not possible to access a file that...
PT-2024-33679 · Oak · Oak
Name of the Vulnerable Software and Affected Versions: oak versions prior to 17.1.3 Description: The issue allows an attacker to bypass the default restriction on transferring hidden files using the Context.send API by encoding / as its URL encoded form %2F. This can potentially lead to reading...
CVE-2024-44080
In Jitsi Meet before 2.0.9779, the functionality to share an image using giphy was implemented in an insecure way, resulting in clients loading GIFs from any arbitrary URL if a message from another participant contains a URL encoded in the expected format...
CVE-2024-10100
A path traversal vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as...
CVE-2024-10100 Path Traversal in binary-husky/gpt_academic
A path traversal vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as...
CVE-2021-4452
The Google Language Translator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in versions up to, and including, 6.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary we...
CVE-2021-4452 Google Language Translator <= 6.0.9 - Reflected Cross-Site Scripting
The Google Language Translator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in versions up to, and including, 6.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary we...