PT-2023-30331 · Piccolo · Piccolo

Name of the Vulnerable Software and Affected Versions: Piccolo versions prior to 1.1.1 Description: The handling of named transaction savepoints in all database implementations is vulnerable to SQL Injection via f-strings. This could allow a malicious user to have direct access to the database an...

Cross-Site Scripting (XSS)

matestack-ui-core is vulnerable to cross-site scripting XSS. The vulnerability exists as the Cell class does not escape strings by default...

Ruby Security Bypass Vulnerability

Ruby is a cross-platform, object-oriented, dynamically typed programming language developed by Japanese software developer Yukihiro Matsumoto. A security vulnerability exists in the Basic authentication code of the WEBrick library in Ruby versions prior to 2.2.8, 2.3.x prior to 2.3.5, and 2.4.x...

[20090603] - Core - Frontend XSS

Some values were output from the database without being properly escaped. Most strings in question were sourced from the administrator panel...