18 matches found
CVE-2026-45343 LinkAce - Stored XSS via Unsanitized SSO User's Name Rendered in Admin Audit Log Allows Session Hijacking
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains a stored cross-site scripting vulnerability that allows a low-privilege user to execute arbitrary JavaScript in an administrator's browser session. This affects instances configured with SSO/OAuth...
CVE-2026-45343
LinkAce is a self-hosted archive for collecting website links. A Stored XSS exists in versions prior to 2.5.6 where a low-privilege user can inject arbitrary JavaScript that executes in an administrator’s browser session when the admin visits /system/audit. The attack relies on abusing SSO/OAuth ...
PYSEC-2026-131
Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint wi...
EUVD-2021-6941
Malicious code in bioql PyPI...
Nextcloud: No admin audit log for auth tokens
There seems to be no audit trail for auth tokens. Creating tokens Revoking tokens Scope changes Renames Marking the token to be wiped Impact As auth tokens are used to access your data having a track record when they are created helps a lot. If you also take https://hackerone.com/reports/1193321...
CVE-2021-1475
Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details secti...
CVE-2021-1474
Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details secti...
Design/Logic Flaw
Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details secti...
Design/Logic Flaw
Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details secti...
CVE-2021-1475
CVE-2021-1475 affects Cisco Umbrella in the Admin audit log export and Scheduled Reports features. The root cause is improper neutralization of user-supplied input, enabling an authenticated, remote attacker to perform link and CSV/formula injections in reports. The advisory notes that Cisco rele...
CVE-2021-1475 Cisco Umbrella Link and CSV Formula Injection Vulnerabilities
Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details secti...
CVE-2021-1475 Cisco Umbrella Link and CSV Formula Injection Vulnerabilities
Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details secti...
CVE-2021-1474
CVE-2021-1474 relates to Cisco Umbrella where the Admin Audit Log Export and Scheduled Reports features permit authenticated attackers to perform formula and link injections via CSV/linked content. Root cause: improper neutralization of formula elements in CSV files. Impact could affect confident...
CVE-2021-1474 Cisco Umbrella Link and CSV Formula Injection Vulnerabilities
Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details secti...
CVE-2021-1474 Cisco Umbrella Link and CSV Formula Injection Vulnerabilities
Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details secti...
Cisco Umbrella Link and CSV Formula Injection Vulnerabilities
Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details...
FreeBSD : Gitlab -- Multiple Vulnerabilities (e8483115-8b8e-11ea-bdcf-001b217b3468)
Gitlab reports : Path Traversal in NuGet Package Registry Workhorse Bypass Leads to File Disclosure OAuth Application Client Secrets Revealed Code Owners Approval Rules Are Not Updated for Existing Merge Requests When Source Branch Changes Code Owners Protection Not Enforced from Web UI Repositor...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Path Traversal in NuGet Package Registry Workhorse Bypass Leads to File Disclosure OAuth Application Client Secrets Revealed Code Owners Approval Rules Are Not Updated for Existing Merge Requests When Source Branch Changes Code Owners Protection Not Enforced from Web UI Repository...