Not Failing Securely ('Failing Open')

Overview rack-session is a session implementation for Rack. Affected versions of this package are vulnerable to Not Failing Securely 'Failing Open' in the Rack::Session::Cookie function when it is configured with the secrets: option. An attacker can gain unauthorized access or escalate privileges...

CVE-2023-43701

Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart's metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint. This issue affects Apache...

PT-2025-4847 · Boltdb +2 · Boltdb +2

Name of the Vulnerable Software and Affected Versions: zot versions prior to 2.1.2 Description: The issue arises from the way group data is stored for users in the boltdb database, specifically as an append-list. This leads to group revocations or removals being ignored in the API. When a user lo...

PT-2024-29968 · Github · Actions/Artifact

Name of the Vulnerable Software and Affected Versions: actions/artifact versions 2.0.0 through 2.1.1 actions/artifact versions 2.1.2 through 2.1.6 Description: The issue concerns arbitrary file write when using downloadArtifactInternal, downloadArtifactPublic, or streamExtractExternal for...

PT-2024-40404 · Thelia · Thelia

Name of the Vulnerable Software and Affected Versions: Thelia versions 2.1.0 through 2.1.1 Description: The BackOffice of Thelia has a cross-site scripting issue in the error.html template. Recommendations: For versions 2.1.0 and 2.1.1, update to version 2.1.2 to resolve the issue...

PT-2024-19824 · Nautobot · Nautobot

Name of the Vulnerable Software and Affected Versions: Nautobot versions prior to 1.6.10 Nautobot versions prior to 2.1.2 Description: Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. Due to inadequate input sanitization, any user-editable fields...

PT-2024-19279 · Nextcloud · Nextcloud Global Site Selector

Name of the Vulnerable Software and Affected Versions: Nextcloud Global Site Selector versions prior to 1.4.1 Nextcloud Global Site Selector versions prior to 2.1.2 Nextcloud Global Site Selector versions prior to 2.3.4 Nextcloud Global Site Selector versions prior to 2.4.5 Description: The...

PT-2023-28919 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 2.1.2 Description: The issue is caused by improper payload validation and an improper REST API response type. This allows an authenticated malicious actor to store malicious code into Chart's metadata. The co...

PT-2023-28376 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 2.1.2 Description: The issue allows authenticated users to read configured CSS templates and annotations due to unnecessary read permissions within the Gamma role. Recommendations: For versions prior to 2.1.2...

SUSE CVE-2020-15210

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b a...

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Overview git-interface is an interface to work with a git repository in node.js Affected versions of this package are vulnerable to Improper Neutralization of Argument Delimiters in a Command 'Argument Injection'. The API may be abused if user input is able to provide a valid directory on disk an...

PT-2020-17015 · Multi-Ini · Multi-Ini

Name of the Vulnerable Software and Affected Versions: multi-ini versions prior to 2.1.2 Description: The issue allows an object's prototype to be polluted by specifying the constructor.proto object as part of an array, effectively bypassing a previous security measure. Recommendations: For...