CVE-2023-38487

HedgeDoc is software for creating real-time collaborative markdown notes. Prior to version 1.9.9, the API of HedgeDoc 1 can be used to create notes with an alias matching the ID of existing notes. The affected existing note can then not be accessed anymore and is effectively hidden by the new one...

CVE-2023-38487 HedgeDoc API allows to hide existing notes

HedgeDoc is software for creating real-time collaborative markdown notes. Prior to version 1.9.9, the API of HedgeDoc 1 can be used to create notes with an alias matching the ID of existing notes. The affected existing note can then not be accessed anymore and is effectively hidden by the new one...

CVE-2023-38487

CVE-2023-38487 – HedgeDoc : Prior to 1.9.9, the HedgeDoc API allows creating a note with an alias equal to an existing note ID via POST /new/ when freeURL is enabled. The system does not verify the alias against existing IDs, so a new note can shadow the original; access may be redirected to the ...

CVE-2023-38487 HedgeDoc API allows to hide existing notes

HedgeDoc is software for creating real-time collaborative markdown notes. Prior to version 1.9.9, the API of HedgeDoc 1 can be used to create notes with an alias matching the ID of existing notes. The affected existing note can then not be accessed anymore and is effectively hidden by the new one...

HedgeDoc Security Vulnerabilities

HedgeDoc is a Javascript-based real-time editing and sharing platform for Markdown documents from the HedgeDoc team. A security vulnerability exists in HedgeDoc versions prior to 1.9.9, which stems from a vulnerability that allows an attacker to create a note that matches the ID of an original no...

CVE-2023-4117

A vulnerability, which was classified as problematic, has been found in PHP Jabbers Rental Property Booking 2.0. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack may be launched remotely...

chrisimmo.fr Cross Site Scripting vulnerability OBB-3550968

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

AZL-34631 CVE-2023-39128 affecting package crash for versions less than 8.0.4-3

GNU gdb GDB 13.0.50.20220805-git was discovered to contain a stack overflow via the function adadecode at /gdb/ada-lang.c...

CVE-2023-3861

A vulnerability was found in phpscriptpoint Insurance 1.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /search.php. The manipulation leads to cross site scripting. The attack can be launched remotely. The identifier VDB-235213 was...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability exists due to the lack of permission checks in the library, which allows guest users to read a todo targeting an inaccessible note...

CVE-2023-37918

creationtimestamp| type| source ---|---|--- 2023-07-21 17:02:33+00:00| published-proof-of-concept| https://github.com/dapr/dapr/security/advisories/GHSA-59m6-82qm-vqgj...

Oracle Critical Patch Update Advisory - July 2023

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches add...

OESA-2023-1411 guava20 security update

Guava is a set of core libraries that includes new collection types ,immutable collections, a graph library, and utilities for concurrency, I/O, hashing, primitives, strings, and more. Security Fixes: Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google...

SUSE CVE-2023-37454

An issue was discovered in the Linux kernel through 6.4.2. A crafted UDF filesystem image causes a use-after-free write operation in the udfputsuper and udfcloselvid functions in fs/udf/super.c. NOTE: the suse.com reference has a different perspective about this...

CVE-2023-33725

Broadleaf 5.x and 6.x including 5.2.25-GA and 6.2.6-GA was discovered to contain a cross-site scripting XSS vulnerability via a customer signup with a crafted email address. This is fixed in 6.2.6.1-GA...

paulbruntondailynote.se Cross Site Scripting vulnerability OBB-3429025

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Wordpress

CVE-2022-3590 WordPress Vulnerability Scanner This Python scr...

Chamilo LMS 安全漏洞

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo versions v1.11.x through v1.11.18...

Exploit for Cross-site Scripting in Minical

CVE-2023-33408 Minical 1.0.0 is vulnerable to Stored Cross-Si...

CVE-2023-3029

A vulnerability has been found in Guangdong Pythagorean OA Office System up to 4.50.31 and classified as problematic. This vulnerability affects unknown code of the file /note/index/delete. The manipulation of the argument id leads to cross-site request forgery. The attack can be initiated...