GHSA-85GX-3QV6-4463 Dapr: Service Invocation path traversal ACL bypass

Summary A vulnerability has been found in Dapr that allows bypassing access control policies for service invocation using reserved URL characters and path traversal sequences in method paths. The ACL normalized the method path independently from the dispatch layer, so the ACL evaluated one path...

EUVD-2023-53424

Malicious code in bioql PyPI...

osTicket 安全漏洞

osTicket is a widely used and trusted open source support work order system from osTicket. A security vulnerability exists in osTicket version 1.17.5 and earlier, which stems from a combination of the keywords and topicid parameters in the search function of the tickets.php page that results in S...

PT-2024-33418 · Tiptoppress · Tiptoppress Hyperlink Group Block

Name of the Vulnerable Software and Affected Versions: TipTopPress Hyperlink Group Block versions 1.17.5 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...

WordPress plugin Hyperlink Group Block 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...

PT-2024-6383

Name of the Vulnerable Software and Affected Versions HashiCorp Vault versions prior to 1.17.5 HashiCorp Vault Enterprise versions prior to 1.17.5 and 1.16.9 Description The issue is related to the storage of client tokens and token accessors in plaintext in the audit log due to the removal of...

CVE-2024-2045

Session version 1.17.5 allows obtaining internal application files and public files from the user's device without the user's consent. This is possible because the application is vulnerable to Local File Read via chat attachments...

Session fixation

Session version 1.17.5 allows obtaining internal application files and public files from the user's device without the user's consent. This is possible because the application is vulnerable to Local File Read via chat attachments...

CVE-2024-2045 Session 1.17.5 - LFR via chat attachment

Session version 1.17.5 allows obtaining internal application files and public files from the user's device without the user's consent. This is possible because the application is vulnerable to Local File Read via chat attachments...

CVE-2024-2045

The CVE-2024-2045 entry concerns Session version 1.17.5. Affected component: Local File Read via chat attachments, enabling retrieval of internal application files and public files from a user’s device without consent. This is a Local attack (LOCAL) requiring user interaction. Descriptions from m...

CVE-2024-2045 Session 1.17.5 - LFR via chat attachment

Session version 1.17.5 allows obtaining internal application files and public files from the user's device without the user's consent. This is possible because the application is vulnerable to Local File Read via chat attachments...

Session Path Traversal Vulnerability

Session is a new type of encrypted private messenger open-sourced by Oxen. A path traversal vulnerability exists in Session version 1.17.5. An attacker exploiting this vulnerability could obtain internal application files and public files from a user's device...

SUSE CVE-2023-49460

libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::decodeuncompressedimage...

SUSE CVE-2023-49462

libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc...

SUSE CVE-2023-49463

libheif v1.17.5 was discovered to contain a segmentation violation via the function findexiftag at /libheif/exif.cc...

CVE-2023-49463

libheif v1.17.5 was discovered to contain a segmentation violation via the function findexiftag at /libheif/exif.cc...

CVE-2023-49460

libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::decodeuncompressedimage...

CVE-2023-49464

libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::getlumabitsperpixelfromconfigurationunci...

UBUNTU-CVE-2023-49462

libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc...

UBUNTU-CVE-2023-49464

libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::getlumabitsperpixelfromconfigurationunci...