974 matches found
GitHub Security Lab: [CPP]: Add query for CWE-190: Integer Overflow or Wraparound when using transform after operation
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [Java]: CWE-552 Add sources and sinks to detect unsafe getResource calls in Java EE applications
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [CPP]: Add query for CWE-754: Improper Check for Unusual or Exceptional Conditions when using functions scanf
This bug was reported directly to GitHub Security Lab...
XML External Entity Reference in detekt
Improper Restriction of XML External Entity Reference in GitHub repository detekt/detekt prior to 1.20.0...
GitHub Security Lab: [Python]: Add Server-side Request Forgery sinks
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [Java]: CWE-200 - Query to detect insecure WebResourceResponse implementation
This bug was reported directly to GitHub Security Lab...
CVE-2022-21718
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to 17.0.0-alpha.6, 16.0.6, 15.3.5, 14.2.4, and 13.6.6 allows renderers to obtain access to a bluetooth device via the web bluetooth API if the app has not...
CVE-2022-21718
CVE-2022-21718 affects Electron. Affected versions (< 17.0.0-alpha.6, < 16.0.6, < 15.3.5, < 14.2.4,
GitHub Security Lab: CPP: Add query for CWE-377 Insecure Temporary File
This bug was reported directly to GitHub Security Lab...
CVE-2022-23610
CVE-2022-23610 affects wire-server before 2022-01-27, where an upstream library used for parsing/validating SAML XML could accept attacker-provided public keys as trusted in signatures. This enabled an attacker to bypass SAML SSO and impersonate any Wire user with SAML credentials, including crea...
GitHub Security Lab: [Python]: CWE-611: XXE
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [Java]: Add JDBC connection SSRF sinks
This bug was reported directly to GitHub Security Lab...
Sql injection
SyliusGridBundle is a package of generic data grids for Symfony applications. Prior to versions 1.10.1 and 1.11-rc2, values added at the end of query sorting were passed directly to the database. The maintainers do not know if this could lead to direct SQL injections but took steps to remediate t...
Cross site scripting
Sylius is an open source eCommerce platform. In versions prior to 1.9.10, 1.10.11, and 1.11.2, it is possible to upload an SVG file containing cross-site scripting XSS code in the admin panel. In order to perform a XSS attack, the file itself has to be open in a new card or loaded outside of the...
CVE-2022-24749 Basic Cross-site Scripting and Unrestricted Upload of File with Dangerous Type in Sylius
Sylius is an open source eCommerce platform. In versions prior to 1.9.10, 1.10.11, and 1.11.2, it is possible to upload an SVG file containing cross-site scripting XSS code in the admin panel. In order to perform a XSS attack, the file itself has to be open in a new card or loaded outside of the...
CVE-2022-24749 Basic Cross-site Scripting and Unrestricted Upload of File with Dangerous Type in Sylius
Sylius is an open source eCommerce platform. In versions prior to 1.9.10, 1.10.11, and 1.11.2, it is possible to upload an SVG file containing cross-site scripting XSS code in the admin panel. In order to perform a XSS attack, the file itself has to be open in a new card or loaded outside of the...
CVE-2022-24743
Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue ...
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Sylius is an open source eCommerce platform. In versions prior to 1.9.10, 1.10.11, and 1.11.2, it is possible to upload an SVG file containing cross-site scripting XSS code in the admin panel. In order to perform a XSS attack, the file itself has to be open in a new card or loaded outside of the...
GitHub Security Lab: Python: CWE-338 insecureRandomness
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Java : Add query to detect Server Side Template Injection (SSTI)
This bug was reported directly to GitHub Security Lab...