CVE-2021-24261

The “HT Mega – Absolute Addons for Elementor Page Builder” WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method...

Nautobot 安全漏洞

Nautobot is a web automation platform by the individual developers of Nautobot. A security vulnerability exists in Nautobot versions prior to 1.5.7, which can be exploited by an attacker to conduct a potential remote code execution attack via maliciously crafted template code...

DEBIAN-CVE-2022-0639

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7...

url-parse 安全漏洞

Url-Parse is a small Url parser that works seamlessly across Node.js and browser environments. A security vulnerability exists in url-parse versions prior to 1.5.7, which can be exploited by an attacker to bypass authorization via a user-controlled key...

Osc Open OnDemand Cross-Site Request Forgery Vulnerability

Osc Open OnDemand is an application from the US-based Osc Open Source organization. It provides a service for accessing HPC services. A cross-site request forgery vulnerability exists in Open OnDemand. The vulnerability arises from a WEB application that does not adequately validate that a reques...

PT-2021-18682 · Hashicorp · Hashicorp Vault +1

Name of the Vulnerable Software and Affected Versions: HashiCorp Vault and Vault Enterprise versions prior to 1.5.7 HashiCorp Vault and Vault Enterprise versions prior to 1.6.2 Description: The issue allows the disclosure of the internal IP address of the Vault node when responding to some invali...

GHSA-Q44V-XC3G-V7JQ OWASP AntiSamy Cross-site Scripting vulnerability

OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of to construct a javascript: URL...