13 matches found
Fides Privacy Center ≤ 2.39.1 - Server-Side URL Disclosure
Fides versions 2.19.0 to before 2.39.2rc0 contain an information disclosure caused by unauthenticated HTTP GET request to the Privacy Center, letting attackers access the SERVERSIDEFIDESAPIURL, which may reveal server configuration details, exploit requires no authentication. id: CVE-2024-31223...
CVE-2026-44884
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8 and 2.39.1, a missing authorization vulnerability in the Custom Template file endpoint GET...
CVE-2026-44884 Portainer: Missing authorization on custom template file endpoint exposes template content
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8 and 2.39.1, a missing authorization vulnerability in the Custom Template file endpoint GET...
CVE-2025-62779 Frappe Learning users were able to add HTML through input fields in the Job Form
Frappe Learning is a learning system that helps users structure their content. In Frappe Learning 2.39.1 and earlier, users were able to add HTML through input fields in the Job Form...
CVE-2025-62779
Frappe Learning
EUVD-2025-36382
Frappe Learning is a learning system that helps users structure their content. In Frappe Learning 2.39.1 and earlier, users were able to add HTML through input fields in the Job Form...
CVE-2025-62779 Frappe Learning users were able to add HTML through input fields in the Job Form
Frappe Learning is a learning system that helps users structure their content. In Frappe Learning 2.39.1 and earlier, users were able to add HTML through input fields in the Job Form...
CVE-2025-62778
CVE-2025-62778 affects Frappe Learning (LMS) prior to version 2.39.1. The issue allows students to access the Quiz Form directly via URL, implying unauthorized access to quiz content. Root cause and impact details are stated in multiple sources but no exploit specifics are provided. Mitigation re...
EUVD-2025-36383
Frappe Learning is a learning management system. A security issue was identified in Frappe Learning 2.39.1 and earlier, where students were able to access the Quiz Form if they had the URL...
PT-2025-44054
Name of the Vulnerable Software and Affected Versions Frappe Learning versions prior to 2.39.1 Description Frappe Learning is a learning system designed to help users structure content. In versions prior to 2.39.1, users could add HTML through input fields within the Job Form. This allows for the...
CVE-2024-38537
Fides (Ethical) vulnerability CVE-2024-38537 affects the client-side script fides.js, which in a limited edge case used the polyfill.io domain to support legacy browsers (IE11) lacking fetch. If the polyfill.io domain was compromised, legacy-browser users could download and execute malicious scri...
OPENSUSE-SU-2024:12625-1 git-2.39.1-1.1 on GA media
These are all security issues fixed in the git-2.39.1-1.1 package on the GA media of openSUSE Tumbleweed...
CVE-2022-41953 Git clone remote code execution vulnerability in git-for-windows
Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone repositories. Immediately after the local clone is available, Git GUI will automatically post-process it,...