actix-session-surrealdb (>=0.1.0 <=0.1.5) potentially affected by unknown CVE via surrealdb (=1.0.0-beta.9)

surrealdb CARGO version =1.0.0-beta.9 is affected by a known vulnerability. The following packages have a transitive dependency on surrealdb and may be impacted: - actix-session-surrealdb =0.1.0, =0.1.5 Source cves: unknown CVE Source advisory: OSV:GHSA-6R8P-HPG7-825G...

GHSA-8FWG-W59V-G942

creationtimestamp| type| source ---|---|--- 2024-01-16 13:08:07+00:00| exploited| https://t.me/arpsyndicate/2852...

GHSA-QJ86-P74R-7WP5

creationtimestamp| type| source ---|---|--- 2024-01-11 17:37:04+00:00| seen| https://t.me/ctinow/166661...

GHSA-75MC-3PJC-727Q

creationtimestamp| type| source ---|---|--- 2024-01-04 09:41:51+00:00| seen| https://t.me/ctinow/162861...

GHSA-J5G9-J7R4-6QVX

creationtimestamp| type| source ---|---|--- 2024-01-03 23:11:42+00:00| seen| https://t.me/ctinow/162643 2024-01-23 22:01:55+00:00| seen| https://t.me/ctinow/172332...

GHSA-F8JP-2QGX-V4HF

creationtimestamp| type| source ---|---|--- 2023-12-29 11:50:05+00:00| seen| https://t.me/arpsyndicate/2245...

GHSA-59V3-898R-QWHJ

creationtimestamp| type| source ---|---|--- 2023-12-20 21:46:51+00:00| seen| https://t.me/ctinow/157329...

CVE-2023-49799

creationtimestamp| type| source ---|---|--- 2023-12-08 23:22:20+00:00| published-proof-of-concept| https://github.com/johannschopplich/nuxt-api-party/security/advisories/GHSA-3wfp-253j-5jxv...

GHSA-RQPG-32GG-FVXH

creationtimestamp| type| source ---|---|--- 2023-12-08 00:20:19+00:00| seen| https://t.me/arpsyndicate/1545...

GHSA-QR7H-8PV2-XVX2

creationtimestamp| type| source ---|---|--- 2023-11-30 09:33:11+00:00| seen| https://t.me/arpsyndicate/811...

GHSA-C9G8-FGQ6-H2WG

creationtimestamp| type| source ---|---|--- 2023-11-30 09:06:50+00:00| seen| https://t.me/arpsyndicate/806...

GHSA-P8VW-M6QQ-W42V

creationtimestamp| type| source ---|---|--- 2023-11-20 16:54:21+00:00| seen| https://t.me/arpsyndicate/302...

CVE-2023-48238

creationtimestamp| type| source ---|---|--- 2023-11-17 22:48:15+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-4xw9-cx39-r355...

XWiki 1.0 < 14.10.7, 15.0 < 15.2 CSRF Vulnerability (GHSA-hgpw-6p4h-j6h5)

Xwiki is prone to an cross-site request forgery CSRF vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

XWiki < 14.10.12, 15.0-rc-1 < 15.5 Multiple Vulnerabilities

Xwiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescription...

XWiki 3.5-milestone-1 < 14.10.8, 15.0-rc-1 < 15.3 XSS Vulnerability (GHSA-vcvr-v426-3m3m)

Xwiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

Discourse 3.1.x < 3.1.3, 3.2.x < 3.2.0.beta3 DoS Vulnerability

Discourse is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"...

GHSA-RCJV-MGP8-QVMR OpenTelemetry-Go Contrib vulnerable to denial of service in otelhttp due to unbound cardinality metrics

Summary This handler wrapper https://github.com/open-telemetry/opentelemetry-go-contrib/blob/5f7e6ad5a49b45df45f61a1deb29d7f1158032df/instrumentation/net/http/otelhttp/handler.goL63-L65 out of the box adds labels - http.useragent - http.method that have unbound cardinality. It leads to the server...

Piwigo < 14.0.0.beta4 XSS Vulnerability

Piwigo is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:piwigo:piwigo"; if...

Zope XSS Vulnerability (GHSA-wm8q-9975-xh5v)

Zope is prone to a cross-site scripting XSS vulnerability with SVG images. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...