EUVD-2024-19281

Malicious code in bioql PyPI...

CVE-2024-21655

Discourse is a platform for community discussion. For fields that are client editable, limits on sizes are not imposed. This allows a malicious actor to cause a Discourse instance to use excessive disk space and also often excessive bandwidth. The issue is patched 3.1.4 and 3.2.0.beta4...

Discourse 资源管理错误漏洞

Discourse is an open source community discussion platform. The platform includes features such as community, email and chat rooms. A resource management error vulnerability exists in Discourse, which stems from an unimposed size limit on client-side editable fields, and can be exploited by an...

PT-2024-19002 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.1.4 Discourse versions prior to 3.2.0.beta4 Description: Discourse is a platform for community discussion. For fields that are client editable, limits on sizes are not imposed. This allows a malicious actor to...

CVE-2016-7033

JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via dashbuilder. Remote, authenticated attackers that have privileges to access dashbuilder usually admins can store scripts in several editable fields, which are not properly sanitized before showing to other users, including other admi...