CVE-2021-29438

The Nextcloud dialogs library npm package @nextcloud/dialogs before 3.1.2 insufficiently escaped text input passed to a toast. If your application displays toasts with user-supplied input, this could lead to a XSS vulnerability. The vulnerability has been patched in version 3.1.2 If you need to...

CVE-2025-0914

An improper access control issue in the VQL shell feature in Velociraptor Versions 0.73.4 allowed authenticated users to execute the execve plugin in deployments where this was explicitly forbidden by configuring the preventexecve flag in the configuration file. This setting is not usually...

CVE-2022-24741 High memory usage in Nextcloud server

Nextcloud server is an open source, self hosted cloud style services platform. In affected versions an attacker can cause a denial of service by uploading specially crafted files which will cause the server to allocate too much memory / CPU. It is recommended that the Nextcloud Server is upgraded...

DEBIAN-CVE-2017-18026

Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands through the Mercurial adapter via vectors involving a branch whose name begins with a --config...

UBUNTU-CVE-2017-18026

Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands through the Mercurial adapter via vectors involving a branch whose name begins with a --config...