CVE-2026-33423 Discourse staff can modify any user's group notification level

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, staff can modify any user's group notification level. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available...

CVE-2026-23646

OpenProject is an open-source, web-based project management software. Users of OpenProject versions prior to 16.6.5 and 17.0.1 have the ability to view and end their active sessions via Account Settings → Sessions. When deleting a session, it was not properly checked if the session belongs to the...

CVE-2023-25573

metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in /api/jmeter/download/files, which allows any user to download any file without authentication. This issue may expose all files available to the running process. This...

Linux Distros Unpatched Vulnerability : CVE-2022-24775

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new...

Excessive Platform Resource Consumption within a Loop when unmarshalling Compose file having recursive loop

Impact The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7 included...

BIT-PARSE-2021-39187 Crash server with query parameter

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.3, Parse Server crashes when if a query request contains an invalid value for the explain option. This is due to a bug in the MongoDB Node.js driver which throws an...

PT-2023-8853 · Vim +6 · Vim +6

Name of the Vulnerable Software and Affected Versions: Vim versions prior to 9.0.2106 Description: The issue is related to the function win close in the text editor Vim, where it may try to access an already freed window structure when closing a window. This could potentially allow an attacker to...

Design/Logic Flaw

Discourse is an open-source discussion platform. Prior to version 3.1.1 of the stable branch and version 3.2.0.beta1 of the beta and tests-passed branches, a malicious user could add a 2FA or security key with a carefully crafted name to their account and cause a denial of service for other users...

CVE-2022-24709 Cross site scripting in @awsui/components-react

@awsui/components-react is the main AWS UI package which contains React components, with TypeScript definitions designed for user interface development. Multiple components in versions before 3.0.367 have been found to not properly neutralize user input and may allow for javascript injection. Use...

CVE-2022-23649

Cosign provides container signing, verification, and storage in an OCI registry for the sigstore project. Prior to version 1.5.2, Cosign can be manipulated to claim that an entry for a signature exists in the Rekor transparency log even if it doesn't. This requires the attacker to have pull and...

GLSA-202012-20 : Mozilla Firefox, Mozilla Thunderbird: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202012-20 Mozilla Firefox, Mozilla Thunderbird: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Thunderbird. Please review the CVE identifiers referenced below for details...

GLSA-201908-29 : Dovecot: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201908-29 Dovecot: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Dovecot. Please review the CVE identifiers referenced below for details. Impact : An unauthenticated remote attacker could send a special...

GLSA-201711-07 : ImageMagick: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201711-07 ImageMagick: Multiple vulnerabilities Multiple vulnerabilities have been discovered in ImageMagick. Please review the referenced CVE identifiers for details. Impact : Remote attackers, by enticing a user to process a...

Git: Command injection

Background Git is a small and fast distributed version control system designed to handle small and large projects. Description Specially crafted ‘ssh://...’ URLs may allow the owner of the repository to execute arbitrary commands on client’s machine if those commands are already installed on the...

GLSA-201412-17 : GPL Ghostscript: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201412-17 GPL Ghostscript: Multiple vulnerabilities Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker could enti...

GLSA-200411-22 : Davfs2, lvm-user: Insecure tempfile handling

The remote host is affected by the vulnerability described in GLSA-200411-22 Davfs2, lvm-user: Insecure tempfile handling Florian Schilhabel from the Gentoo Linux Security Audit Team found that Davfs2 insecurely created .pid files in /tmp. Furthermore, Trustix Secure Linux found that the...