5 matches found
CVE-2026-24034 Horilla has File Upload XSS
Horilla is a free and open source Human Resource Management System HRMS. In versions prior to 1.5.0, a cross-site scripting vulnerability can be triggered because the extension and content-type are not checked during the profile photo update step. Version 1.5.0 fixes the issue...
CVE-2008-6047
Cross-site scripting XSS vulnerability in ADbNewsSender before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to 1 subscribing and 2 unsubscribing...
gh 安全漏洞
gh is a GitHub API library open-sourced by R infrastructure. A security vulnerability exists in gh versions prior to 1.5.0, which stems from the inclusion of the Authorization header in an HTTP response, which could lead to information disclosure...
PT-2018-5752
Name of the Vulnerable Software and Affected Versions: ARM Trusted Firmware versions prior to v1.5 Description: The issue concerns the potential leak of secure world timing information due to the PMCR EL0 register not being initialized or saved/restored properly. Recommendations: For ARM Trusted...
Google Go untrustworthy search path vulnerability
Google Go is a programming language optimized for programming applications on multiprocessor systems by Google. An untrusted search path vulnerability exists in Google Go versions prior to 1.5.4 and 1.6.1 prior to 1.6.x for Windows platforms. A local attacker can exploit this vulnerability to gai...