12 matches found
CVE-2026-33423 Discourse staff can modify any user's group notification level
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, staff can modify any user's group notification level. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available...
CVE-2026-23646
OpenProject is an open-source, web-based project management software. Users of OpenProject versions prior to 16.6.5 and 17.0.1 have the ability to view and end their active sessions via Account Settings → Sessions. When deleting a session, it was not properly checked if the session belongs to the...
CVE-2023-25573
metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in /api/jmeter/download/files, which allows any user to download any file without authentication. This issue may expose all files available to the running process. This...
Linux Distros Unpatched Vulnerability : CVE-2022-24775
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new...
PT-2023-8853
Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.0.2106 Description The issue is related to the function win close in the text editor Vim, where it may try to access an already freed window structure when closing a window. This could potentially allow an attacker to...
CVE-2022-24709 Cross site scripting in @awsui/components-react
@awsui/components-react is the main AWS UI package which contains React components, with TypeScript definitions designed for user interface development. Multiple components in versions before 3.0.367 have been found to not properly neutralize user input and may allow for javascript injection. Use...
GLSA-202012-20 : Mozilla Firefox, Mozilla Thunderbird: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202012-20 Mozilla Firefox, Mozilla Thunderbird: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Thunderbird. Please review the CVE identifiers referenced below for details...
GLSA-201908-29 : Dovecot: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201908-29 Dovecot: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Dovecot. Please review the CVE identifiers referenced below for details. Impact : An unauthenticated remote attacker could send a special...
GLSA-201711-07 : ImageMagick: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201711-07 ImageMagick: Multiple vulnerabilities Multiple vulnerabilities have been discovered in ImageMagick. Please review the referenced CVE identifiers for details. Impact : Remote attackers, by enticing a user to process a...
Git: Command injection
Background Git is a small and fast distributed version control system designed to handle small and large projects. Description Specially crafted ‘ssh://...’ URLs may allow the owner of the repository to execute arbitrary commands on client’s machine if those commands are already installed on the...
GLSA-201412-17 : GPL Ghostscript: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201412-17 GPL Ghostscript: Multiple vulnerabilities Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker could enti...
GLSA-200411-22 : Davfs2, lvm-user: Insecure tempfile handling
The remote host is affected by the vulnerability described in GLSA-200411-22 Davfs2, lvm-user: Insecure tempfile handling Florian Schilhabel from the Gentoo Linux Security Audit Team found that Davfs2 insecurely created .pid files in /tmp. Furthermore, Trustix Secure Linux found that the...