The vulnerability of the pppol2tp_create() function in the net/l2tp/l2tp_ppp.c module of the Linux kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information, or to enhance their privileges.

The vulnerability of the pppol2tpcreate function in the net/l2tp/l2tpppp.c module of the Linux kernel is related to concurrent resource access race condition. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of protected...

Malicious code in create-codecpetjs-bdd-tests (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 01558db89dd1a8c91f89f5484278ccabfae35f95f9d6500a80a42d59a704c4b0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-8712 Malicious code in create-codecpetjs-bdd-tests (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 01558db89dd1a8c91f89f5484278ccabfae35f95f9d6500a80a42d59a704c4b0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Apache Superset 安全漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain write access to all gauges in a dashboard via the Add Gauge function of Create...

CVE-2023-48512 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

Cross-Site Scripting (XSS)

github.com/arduino/arduino-create-agent is vulnerable to Cross-Site Scripting. The vulnerability is due to a lack of user input and custom error messages sanitization in the /certificate.crt endpoint. This allows attackers to execute Reflected Cross-Site Scripting XSS attacks through specially...

CVE-2023-49296

The Arduino Create Agent allows users to use the Arduino Create applications to upload code to any USB connected Arduino board directly from the browser. A vulnerability in versions prior to 1.3.6 affects the endpoint /certificate.crt and the way the web interface of the ArduinoCreateAgent handle...

Cross site scripting

The Arduino Create Agent allows users to use the Arduino Create applications to upload code to any USB connected Arduino board directly from the browser. A vulnerability in versions prior to 1.3.6 affects the endpoint /certificate.crt and the way the web interface of the ArduinoCreateAgent handle...

CVE-2023-49296 Arduino Create Agent vulnerable to Reflected Cross-Site Scripting

The Arduino Create Agent allows users to use the Arduino Create applications to upload code to any USB connected Arduino board directly from the browser. A vulnerability in versions prior to 1.3.6 affects the endpoint /certificate.crt and the way the web interface of the ArduinoCreateAgent handle...

CVE-2023-49296 Arduino Create Agent vulnerable to Reflected Cross-Site Scripting

The Arduino Create Agent allows users to use the Arduino Create applications to upload code to any USB connected Arduino board directly from the browser. A vulnerability in versions prior to 1.3.6 affects the endpoint /certificate.crt and the way the web interface of the ArduinoCreateAgent handle...

CVE-2023-49296

The CVE-2023-49296 vulnerability affects the Arduino Create Agent prior to version 1.3.6, where the /certificate.crt endpoint and error-message handling allow Reflected Cross-Site Scripting. An attacker can lure a user to click a malicious link, enabling arbitrary client-side code execution in th...

postgresql: extension script @substitutions@ within quoting allow SQL injection

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with...

postgresql: extension script @substitutions@ within quoting allow SQL injection

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with...

Cross Site Request Forgery in Silverpeas

Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery CSRF via the Domain SQL Create function...

GHSA-GQGV-7WPJ-VM6Q Cross Site Request Forgery in Silverpeas

Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery CSRF via the Domain SQL Create function...

CVE-2023-47326

Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery CSRF via the Domain SQL Create function...

CVE-2023-47327

The "Create a Space" feature in Silverpeas Core 6.3.1 is reserved for use by administrators. This function suffers from broken access control, allowing any authenticated user to create a space by navigating to the correct URL...

CVE-2023-47326

Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery CSRF via the Domain SQL Create function...

CVE-2023-47326

Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery CSRF via the Domain SQL Create function...

Improper access control

The "Create a Space" feature in Silverpeas Core 6.3.1 is reserved for use by administrators. This function suffers from broken access control, allowing any authenticated user to create a space by navigating to the correct URL...