Lucene search
K

5 matches found

Cvelist
Cvelist
added 2025/06/02 7:20 p.m.80 views

CVE-2025-48387 tar-fs has issue where extract can write outside the specified dir with a specific tarball

tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore option to ignore n...

8.7CVSS0.00474EPSS
Exploits0References3
CVE
CVE
added 2025/05/29 7:25 p.m.44 views

CVE-2025-47288

Affected product: Discourse Policy plugin. Vulnerable: versions prior to 0.1.1. Root cause: a policy posted to a public topic that was tied to a private group could cause group members to be visible to non-group members. Impact: information disclosure of private-group membership (partial confiden...

3.5CVSS3.9AI score0.00217EPSS
Exploits0References2
OSV
OSV
added 2023/02/03 9:57 p.m.35 views

CVE-2023-23615 Malicious users in Discourse can create spam topics as any user due to improper access control

Discourse is an open source discussion platform. The embeddable comments can be exploited to create new topics as any user but without any clear title or content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. As a workaround, disable embeddable comments ...

5.3CVSS5.3AI score0.00452EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2023/01/24 2:30 a.m.22 views

CVE-2023-22486

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 contain a polynomial time complexity issue in handleclosebracket that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has...

7.5CVSS7.3AI score0.01108EPSS
Exploits1
Cvelist
Cvelist
added 2022/12/15 2:8 a.m.50 views

CVE-2022-23474 editor.js contains Code Injection

Editor.js is a block-style editor with clean JSON output. Versions prior to 2.26.0 are vulnerable to Code Injection via pasted input. The processHTML method passes pasted input into wrapper’s innerHTML. This issue is patched in version 2.26.0...

6.1CVSS6.6AI score0.00533EPSS
Exploits1References2
Rows per page
Query Builder