CVE-2023-28440

Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared hosting environments where admins are untruste...

Origin Validation Error

Overview prefect is a Prefect is a new workflow management system, designed for modern infrastructure and powered by the open-source Prefect Core workflow engine. Users organize Tasks into Flows, and Prefect takes care of the rest. Affected versions of this package are vulnerable to Origin...

PT-2024-35345 · Unknown · Matrix-Appservice-Irc

Name of the Vulnerable Software and Affected Versions: matrix-appservice-irc versions 3.0.2 and earlier Description: The provisioning API of the matrix-appservice-irc bridge contains a vulnerability that can lead to arbitrary IRC command execution as the bridge IRC bot. This issue is related to...

PT-2023-6589 · Apache +1 · Apache Santuario Xml Security For Java +1

Name of the Vulnerable Software and Affected Versions: Apache Santuario - XML Security for Java versions prior to 2.2.6 Apache Santuario - XML Security for Java versions prior to 2.3.4 Apache Santuario - XML Security for Java versions prior to 3.0.3 Description: The issue is related to the...

PT-2023-27402 · Jenkins · Jenkins Delphix Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Delphix Plugin versions 3.0.2 and earlier Description: A missing permission check in the Jenkins Delphix Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. This can be...

PT-2023-13337 · Glpi · Glpi Cmdb Plugin

Name of the Vulnerable Software and Affected Versions: GLPI CMDB plugin versions prior to 3.0.3 Description: The issue allows attackers to gain read access to sensitive information via a log/ pathname in the file parameter. This is achieved by exploiting the front/icon.send.php file in the CMDB...