975 matches found
CVE-2024-45314
Removed by vendor...
CVE-2024-45307
SudoBot, a Discord moderation bot, is vulnerable to privilege escalation and exploit of the -config command in versions prior to 9.26.7. Anyone is theoretically able to update any configuration of the bot and potentially gain control over the bot's settings. Every version of v9 before v9.26.7 is...
CVE-2024-45307
SudoBot (Discord moderation bot) contains a privilege escalation flaw in the -config command due to missing authorization checks. Any user could update bot configurations and potentially take control of settings on affected installations. Affected versions are all v9 before 9.26.7; v8 and newer 9...
GO-2022-1205 usememos/memos vulnerable to improper access control in github.com/usememos/memos
usememos/memos vulnerable to improper access control in github.com/usememos/memos...
GO-2022-0769 Incorrect Default Permissions in Binance tss-lib in github.com/binance-chain/tss-lib
Incorrect Default Permissions in Binance tss-lib in github.com/binance-chain/tss-lib...
GO-2022-0616 Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server...
GO-2022-0454 Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd
Login screen allows message spoofing if SSO is enabled in github.com/argoproj/argo-cd...
GO-2023-2397 User with permission to write actions can impersonate another user when auth token is configured in environment variable in github.com/treeverse/lakefs
User with permission to write actions can impersonate another user when auth token is configured in environment variable in github.com/treeverse/lakefs...
GO-2023-1979 Denial of service from large image in github.com/crossplane/crossplane
Denial of service from large image in github.com/crossplane/crossplane...
GO-2023-1719 Answer vulnerable to account takeover because password reset links do not expire in github.com/answerdev/answer
Answer vulnerable to account takeover because password reset links do not expire in github.com/answerdev/answer...
GO-2024-3053 gotortc Cross-site Scripting vulnerability in github.com/AlexxIT/go2rtc
gotortc Cross-site Scripting vulnerability in github.com/AlexxIT/go2rtc...
GHSA-W7C4-5W4F-JM3G Duplicate Advisory: Reposilite Arbitrary File Read vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-82j3-hf72-7x93. This link is maintained to preserve external references. Original description Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM...
Duplicate Advisory: Reposilite Arbitrary File Read vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-82j3-hf72-7x93. This link is maintained to preserve external references. Original description Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM...
GO-2024-2997 CVE-2024-21583 in github.com/gitpod-io/gitpod
CVE-2024-21583 in github.com/gitpod-io/gitpod. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report...
GO-2024-2981 SQL Injection in the KubeClarity REST API in github.com/openclarity/kubeclarity/backend
SQL Injection in the KubeClarity REST API in github.com/openclarity/kubeclarity/backend...
BIT-HUBBLE-UI-2022-29178
Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 100...
BIT-CILIUM-PROXY-2022-29178
Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 100...
GO-2024-2478 chasquid HTTP Request/Response Smuggling vulnerability in github.com/albertito/chasquid in blitiri.com.ar/go/chasquid
chasquid HTTP Request/Response Smuggling vulnerability in github.com/albertito/chasquid in blitiri.com.ar/go/chasquid...
CVE-2024-36117
Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite v3.5.10 is affected by an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files. Reposilite has addressed this issue in version...
CVE-2024-36117 Path traversal while serving Reposilite javadoc expanded files
Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite v3.5.10 is affected by an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files. Reposilite has addressed this issue in version...