CVE-2022-31154

Sourcegraph is an opensource code search and navigation engine. It is possible for an authenticated Sourcegraph user to edit the Code Monitors owned by any other Sourcegraph user. This includes being able to edit both the trigger and the action of the monitor in question. An attacker is not able ...

Authorization Bypass

github.com/sourcegraph/sourcegraph is vulnerable to authorization bypass. The vulnerability exists because the objects are not properly restricted in code monitors which allows an attacker to override data...

CVE-2019-5681

NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the custom NVIDIA API used in the mount system service where user data could be overridden, which may lead to code execution, denial of service, or information disclosure...

GitLab: Vulnerability in project import leads to arbitrary command execution

Summary: A filename regular expression could be bypassed and enable the attacker to create a symbolic link in Gitlab upload directory by importing a specially crafted Gitlab export. Further more, Gitlab is designed to not delete project upload directory currently. So, the attacker could delete th...

Shopify: unauthorized access to all collections name

Hi admins can set tax rates in shopify admin panel https://SHOP.myshopify.com/admin/settings/taxes/ or ... they can add "Tax override" for specific collection, but this action didn't check ShopID! so we can add any collection id, and it will be add to our shop this also will works for "Hidden"...