1281 matches found
Code injection
Modelina is a library for generating data models based on inputs such as AsyncAPI, OpenAPI, or JSON Schema documents. Versions prior to 1.0.0 are vulnerable to Code injection. This issue affects anyone who is using the default presets and/or does not handle the functionality themself. This issue...
CVE-2022-25901
creationtimestamp| type| source ---|---|--- 2023-01-18 06:31:03+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-h452-7996-h45h...
GHSA-3244-8MFF-W398 Reflected XSS in Gotify's /docs via import of outdated Swagger UI
Impact Gotify exposes an outdated instance of the Swagger UI API documentation frontend at /docs which is susceptible to reflected XSS attacks when loading external Swagger config files. Specifically, the DOMPurify version included with this version of Swagger UI is vulnerable to a rendering XSS...
Reflected XSS in Gotify's /docs via import of outdated Swagger UI
Impact Gotify exposes an outdated instance of the Swagger UI API documentation frontend at /docs which is susceptible to reflected XSS attacks when loading external Swagger config files. Specifically, the DOMPurify version included with this version of Swagger UI is vulnerable to a rendering XSS...
FreeRDP < 2.8.1 Multiple Vulnerabilities
FreeRDP is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Updated php-pear-CAS packages fix security vulnerability
This update fixes a vulnerability in this lib. For details see refererenced github advisory...
Discourse < 2.8.11 Multiple Vulnerabilities
Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...
Nextcloud Server < 23.0.9, < 24.0.5 Multiple Information Disclosure Vulnerabilities (GHSA-8f3p-rcm5-mrg3, GHSA-qpf5-jj85-36h5)
Nextcloud Server is prone to multiple information disclosure vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
GHSA-6W4Q-23CF-J9JP parse-server's session object properties can be updated by foreign user if object ID is known
Impact A foreign user can write to the session object of another user if the session object ID is known. For example, a foreign user can assign the session object to their own user by writing to the user field and then read any custom fields of that session object. Note that assigning a session t...
parse-server's session object properties can be updated by foreign user if object ID is known
Impact A foreign user can write to the session object of another user if the session object ID is known. For example, a foreign user can assign the session object to their own user by writing to the user field and then read any custom fields of that session object. Note that assigning a session t...
CVE-2022-24304
creationtimestamp| type| source ---|---|--- 2022-08-27 00:00:54+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-h8hf-x3f4-xwgp...
Nextcloud: Desktop client does not verify received singed certificate in end to end encryption
Vulnerability description not provided...
CKEditor < 4.16.2 XSS Vulnerability - Windows
CKEditor is prone to a cross-site scripting XSS vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software...
CKEditor 4.13.0 < 4.16.2 XSS Vulnerability - Linux
CKEditor is prone to a cross-site scripting XSS vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software...
CKEditor 5 < 35.0.1 XSS Vulnerability - Linux
CKEditor 5 is prone to a cross-site scripting XSS vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
Discourse < 2.8.6 Multiple Vulnerabilities
Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...
Transposh WordPress Translation 1.0.8.1 Remote Code Execution
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type: Reliance on File Name or Extension of Externally-Supplied File...
CVE-2021-3433
Zephyr RTOS: A vulnerability in CONNECT_IND from an invalid channel map in versions >= v2.5.0 can cause a deadlock due to improper handling of exceptional conditions (CWE-703). Affected component is the CONNECT_IND channel mapping; impact is partial availability. The primary public advisory is...
Malicious code in abunews-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1a798a3b9a9e90b8bf9a460bc2673201730ca48de5765a14b558241a81f97dbc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in uscpi-one-adapter (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 23878ae0d3746c52af0122143857aa3667b5608574aa0048b89e54d0832fa804 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...