5 matches found
CVE-2024-41808
The OpenObserve open-source observability platform provides the ability to filter logs in a dashboard by the values uploaded in a given log. However, all versions of the platform through 0.9.1 do not sanitize user input in the filter selection menu, which may result in complete account takeover. ...
EUVD-2024-0448
Malicious code in bioql PyPI...
CVE-2025-53925
CVE-2025-53925 affects Emlog up to version 2.5.17. A cross-site scripting (XSS) flaw exists in the file upload functionality that lets an authenticated user upload an SVG containing JavaScript, which can be executed in the victim’s context. The root cause is insufficient handling/cleanup of uploa...
CVE-2023-42443
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. In version 0.3.9 and prior, under certain conditions, the memory used by the builtins rawcall, createfromblueprint and createcopyof can be corrupted. For rawcall, the argument buffer of the call can be corrupted,...
WordPress Chaty plugin <= 2.8.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas Patchstack Alliance in WordPress Chaty plugin versions = 2.8.3. Solution No patched version is available...