CVE-2021-47860

GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side code into administrator browsers. Attackers can craft a malicious website that triggers a cross-site scripting payload to execute remote cod...

EUVD-2023-44639

Malicious code in bioql PyPI...

EUVD-2024-53128

Malicious code in bioql PyPI...

EUVD-2024-53126

Malicious code in bioql PyPI...

CVE-2024-22836

An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server...

CVE-2024-56358

grist-core is a spreadsheet hosting server. A user visiting a malicious document and previewing an attachment could have their account compromised, because JavaScript in an SVG file would be evaluated in the context of their current page. This issue has been patched in version 1.3.2. Users are...

CVE-2024-56359

grist-core is a spreadsheet hosting server. A user visiting a malicious document and clicking on a link in a HyperLink cell using a control modifier meaning for example Ctrl+click could have their account compromised, since the link could use the javascript: scheme and be evaluated in the context...

CVE-2024-56358 Cross-site Scripting vulnerability through svg attachment previews in grist-core

grist-core is a spreadsheet hosting server. A user visiting a malicious document and previewing an attachment could have their account compromised, because JavaScript in an SVG file would be evaluated in the context of their current page. This issue has been patched in version 1.3.2. Users are...

CVE-2024-22836

An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server...

CVE-2024-22836

An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server...

Command injection

An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server...

CVE-2024-22836

An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server...

CVE-2024-22836

An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server...

Denial Of Service (DoS)

ckan is vulnerable to Denial of Service DoS. The vulnerability exists because it does not properly validate the auth cookie in init.py which allows an attacker to create an out-of-memory error in the hosting server...

GHSA-7FGC-89CX-W8J5 Out of memory error when submitting the dataset form with a specially-crafted field

Impact When submitting a POST request to the /dataset/new endpoint including either the auth cookie or the Authorization header with a specially-crafted field, an attacker can create an out-of-memory error in the hosting server. To trigger this error the user needs to have permissions to create o...

Authorization

CKAN is an open-source data management system for powering data hubs and data portals. Starting in version 2.0.0 and prior to versions 2.9.10 and 2.10.3, when submitting a POST request to the /dataset/new endpoint including either the auth cookie or the Authorization header with a specially-craft...

CKAN Security Vulnerabilities

CKAN is an open source Dms data management system. It is used to power data centers and data portals. CKAN has a security vulnerability that stems from the fact that an attacker can create an out of memory error in the hosting server...

Muon Security Feature Issue Vulnerability

Muon is a minimalist private self-destructing file-hosting web server written in Clojure. A security signature issue vulnerability exists in Muon version 0.1.1. An attacker could exploit this vulnerability to cause a random value insufficiency...

CVE-2023-40020

CVE-2023-40020 affects PrivateUploader (Vue/TypeScript image hosting server). In affected versions the route at app/routes/v3/admin.controller.ts did not properly verify whether a user was an administrator or moderator, causing the request to continue processing after a 403 ADMIN_ONLY response. A...

CVE-2023-37679

A remote command execution RCE vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server...