171 matches found
GitHub Desktop 信息泄露漏洞
GitHub Desktop is a GitHub desktop version of GitHub Desktop open source. An information disclosure vulnerability exists in versions prior to GitHub Desktop 3.4.20-beta3, which stems from an attempt by Git to access a network share that could lead to information disclosure...
CVE-2025-32376
Discourse is an open-source discussion platform. Prior to versions 3.4.3 on the stable branch and 3.5.0.beta3 on the beta branch, the users limit for a DM can be bypassed, thus giving the ability to potentially create a DM with every user from a site in it. This issue has been patched in stable...
CVE-2024-13261 Acquia DAM - Moderately critical - Cross Site Request Forgery, Denial of Service - SA-CONTRIB-2024-025
Cross-Site Request Forgery CSRF vulnerability in Drupal Acquia DAM allows Cross Site Request Forgery.This issue affects Acquia DAM: from 0.0.0 before 1.0.13, from 1.1.0 before 1.1.0-beta3...
Drupal 安全漏洞
Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal Acquia DAM version 1.0.13, prior to versions 1.1.0 through 1.1.0-beta3, which stems from the inclusion of a cross-site request forgery vulnerability...
PT-2025-35217 · Appneta +1 · Tcpreplay +1
Name of the Vulnerable Software and Affected Versions: appneta tcpreplay version 4.5.1 Description: A security issue has been identified in the calc sleep time function within the send packets.c file. Manipulation of this function can lead to a divide by zero error. Exploitation requires local...
CVE-2024-37165
Discourse is an open source discussion platform. Prior to 3.2.3 and 3.3.0.beta3, improperly sanitized Onebox data could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. This vulnerability ...
CVE-2024-37165
Discourse has an XSS vulnerability (CVE-2024-37165) arising from improperly sanitized Onebox data. Affected: Discourse versions before 3.2.3 and before 3.3.0.beta3, particularly when the default Content Security Policy is disabled. Impact is XSS under those conditions; fixed in Discourse 3.2.3 an...
PT-2024-27349 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.2.3 Discourse versions prior to 3.3.0.beta3 Description: The issue arises from improperly sanitized Onebox data, which could lead to an XSS vulnerability in certain situations. This vulnerability only affects...
BIT-DISCOURSE-2024-36113 Discourse missing authorization checks for suspending admins/moderators
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch, version 3.3.0.beta3 on the beta branch, and version 3.3.0.beta4-dev on the tests-passed branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue i...
CVE-2024-36113
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch, version 3.3.0.beta3 on the beta branch, and version 3.3.0.beta4-dev on the tests-passed branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue i...
CVE-2024-36113
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch, version 3.3.0.beta3 on the beta branch, and version 3.3.0.beta4-dev on the tests-passed branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue i...
CVE-2024-35234
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta3 on the tests-passed branch, an attacker can execute arbitrary JavaScript on users’ browsers by posting a specific URL containing maliciously crafted meta tags. This issue only...
CVE-2024-36113 Discourse missing authorization checks for suspending admins/moderators
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch, version 3.3.0.beta3 on the beta branch, and version 3.3.0.beta4-dev on the tests-passed branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue i...
CVE-2024-36113 Discourse missing authorization checks for suspending admins/moderators
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch, version 3.3.0.beta3 on the beta branch, and version 3.3.0.beta4-dev on the tests-passed branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue i...
CVE-2024-35234 Discourse vulnerable to stored-dom XSS via Facebook Oneboxes
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta3 on the tests-passed branch, an attacker can execute arbitrary JavaScript on users’ browsers by posting a specific URL containing maliciously crafted meta tags. This issue only...
CVE-2024-35234
CVE-2024-35234 affects Discourse. Multiple sources document a stored DOM XSS where an attacker can execute arbitrary JavaScript in users’ browsers by visiting a URL containing malicious meta tags, applicable to installations with CSP disabled. Patched in Discourse releases: 3.2.3 (stable) and 3.3...
CVE-2024-35234 Discourse vulnerable to stored-dom XSS via Facebook Oneboxes
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta3 on the tests-passed branch, an attacker can execute arbitrary JavaScript on users’ browsers by posting a specific URL containing maliciously crafted meta tags. This issue only...
CVE-2024-35227
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta3 on the tests-passed branch, Oneboxing against a carefully crafted malicious URL can reduce the availability of a Discourse instance. The problem has been patched in version 3.2.3 o...
CVE-2024-35227 Discourse vulnerable to DoS through Onebox
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta3 on the tests-passed branch, Oneboxing against a carefully crafted malicious URL can reduce the availability of a Discourse instance. The problem has been patched in version 3.2.3 o...
CVE-2024-35227
CVE-2024-35227 affects Discourse (open-source discussion platform). The issue arises from Oneboxing a carefully crafted malicious URL, which can degrade availability (DoS). Affected versions: prior to 3.2.3 on the stable branch and 3.3.0.beta3 on the tests-passed branch. Remediation: patched in 3...