8 matches found
PT-2026-1101
Name of the Vulnerable Software and Affected Versions Plane versions prior to 1.2.0 Description Plane is an open-source project management tool. A guest user, lacking the necessary permissions, could access the /api/workspaces/:slug/members/ endpoint and list users within a workspace they have...
PT-2025-45045
Name of the Vulnerable Software and Affected Versions Galette versions 1.1.5.2 and below Description Galette is a membership management web application for non profit organizations. Versions 1.1.5.2 and below are susceptible to Cross-site Scripting through the Document Type functionality...
Exposure of Sensitive Information
Overview zpdatafetch is an A package for fetching data from Zwiftpower and Zwiftracing.app Affected versions of this package are vulnerable to Exposure of Sensitive Information via several improper security practices, including logging of credentials in stdout, a lack of certificated validation,...
PT-2024-35899 · Elementor · Codeless Cowidgets – Elementor Addons
Name of the Vulnerable Software and Affected Versions: Codeless Cowidgets – Elementor Addons versions prior to 1.2.0 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This enables attackers to inject...
PT-2024-12437 · WordPress · Lana Shortcodes
Name of the Vulnerable Software and Affected Versions: The Lana Shortcodes WordPress plugin versions prior to 1.2.0 Description: The issue allows users with the contributor role and above to perform Stored Cross-Site Scripting attacks due to the plugin not validating and escaping some of its...
PT-2022-20363 · Pypi · Pyesasky
Name of the Vulnerable Software and Affected Versions: pyesasky versions prior to 1.2.0 Description: The pyesasky for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. Recommendations: For versions prior to 1.2.0, update to version 1.2.0 or later to...
PT-2021-21141 · Unknown · Grpc Swift
Name of the Vulnerable Software and Affected Versions: gRPC Swift versions 1.1.0 through 1.1.1 Description: The issue is related to mismanaged state in the GRPCWebToHTTP2ServerCodec.swift file, allowing remote attackers to cause a denial of service by sending malformed requests. Affected gRPC Swi...
Cross-site Scripting (XSS)
Overview angularjs is a Affected versions of this package are vulnerable to Cross-site Scripting XSS. Concatenating expressions makes it hard to reason about whether some combination of concatenated values are unsafe to use and could easily lead to XSS. By requiring that a single expression be us...