1298 matches found
Reflected XSS in Gotify's /docs via import of outdated Swagger UI
Impact Gotify exposes an outdated instance of the Swagger UI API documentation frontend at /docs which is susceptible to reflected XSS attacks when loading external Swagger config files. Specifically, the DOMPurify version included with this version of Swagger UI is vulnerable to a rendering XSS...
FreeRDP < 2.8.1 Multiple Vulnerabilities
FreeRDP is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Updated php-pear-CAS packages fix security vulnerability
This update fixes a vulnerability in this lib. For details see refererenced github advisory...
Discourse < 2.8.11 Multiple Vulnerabilities
Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...
Nextcloud Server < 23.0.9, < 24.0.5 Multiple Information Disclosure Vulnerabilities (GHSA-8f3p-rcm5-mrg3, GHSA-qpf5-jj85-36h5)
Nextcloud Server is prone to multiple information disclosure vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
GHSA-6W4Q-23CF-J9JP parse-server's session object properties can be updated by foreign user if object ID is known
Impact A foreign user can write to the session object of another user if the session object ID is known. For example, a foreign user can assign the session object to their own user by writing to the user field and then read any custom fields of that session object. Note that assigning a session t...
parse-server's session object properties can be updated by foreign user if object ID is known
Impact A foreign user can write to the session object of another user if the session object ID is known. For example, a foreign user can assign the session object to their own user by writing to the user field and then read any custom fields of that session object. Note that assigning a session t...
CVE-2022-24304
creationtimestamp| type| source ---|---|--- 2022-08-27 00:00:54+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-h8hf-x3f4-xwgp...
Nextcloud: Desktop client does not verify received singed certificate in end to end encryption
Vulnerability description not provided...
CKEditor < 4.16.2 XSS Vulnerability - Windows
CKEditor is prone to a cross-site scripting XSS vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software...
CKEditor 4.13.0 < 4.16.2 XSS Vulnerability - Linux
CKEditor is prone to a cross-site scripting XSS vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software...
CKEditor 5 < 35.0.1 XSS Vulnerability - Linux
CKEditor 5 is prone to a cross-site scripting XSS vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
Discourse < 2.8.6 Multiple Vulnerabilities
Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...
Transposh WordPress Translation 1.0.8.1 Remote Code Execution
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type: Reliance on File Name or Extension of Externally-Supplied File...
CVE-2021-3433
Zephyr RTOS: A vulnerability in CONNECT_IND from an invalid channel map in versions >= v2.5.0 can cause a deadlock due to improper handling of exceptional conditions (CWE-703). Affected component is the CONNECT_IND channel mapping; impact is partial availability. The primary public advisory is...
Malicious code in abunews-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1a798a3b9a9e90b8bf9a460bc2673201730ca48de5765a14b558241a81f97dbc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in uscpi-one-adapter (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 23878ae0d3746c52af0122143857aa3667b5608574aa0048b89e54d0832fa804 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
a2 (>=0.2.0 <=0.3.6), abc (>=0.1.0 <=0.2.3) +521 more potentially affected by unknown CVE via crossbeam (>=0.1.6 <=0.6.0)
crossbeam CARGO version =0.1.6, =0.2.0, =0.1.0, =0.1.0, =0.0.1, =0.0.1, =0.2.0, =0.5.0, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.1.0, =0.8.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-8GJ8-HV75-GP94...
Gogs < 0.12.8 SSRF Vulnerability
Gogs is prone to a server-side request forgery SSRF vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
Opencast < 10.14, 11.x < 11.7 Improper Authentication Vulnerability
Opencast is prone to a improper authentication vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...