164 matches found
CVE-2024-31461 Plane Server-Side Request Forgery (SSRF) Vulnerability
Plane, an open-source project management tool, has a Server-Side Request Forgery SSRF vulnerability in versions prior to 0.17-dev. This issue may allow an attacker to send arbitrary requests from the server hosting the application, potentially leading to unauthorized access to internal systems. T...
Vulnerabilities fixed in MISP
The developers of MISP have fixed vulnerabilities in MISP. The vulnerabilities allow a malicious person to to bypass security measures. The MISP community has released updates to fix the vulnerabilities fixes in MISP. For more information, see: https://github.com/MISP/MISP/commit...
Bref Security Breach
Bref is an open source project by Matthieu Napoli Individual Developer that helps you go serverless on AWS using PHP. A security vulnerability exists in versions prior to Bref 2.1.13 that stems from not handling multiple value headers when Bref is used in conjunction with a v2-formatted API gatew...
Huawei EulerOS: Security Advisory for file (EulerOS-SA-2023-3171)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Saad Irfan RemoteClinic Security Vulnerability
Saad Irfan RemoteClinic is a Saad Irfan open source application. It provides the ability to remotely manage your clinic via the Web. A security vulnerability exists in RemoteClinic version 2.0, which stems from a SQL injection vulnerability in the parameter ID of the file /medices/stocks.php...
CVE-2023-45826 Authenticated SQL Injection in leantime
Leantime is an open source project management system. A 'userId' variable in app/domain/files/repositories/class.files.php is not parameterized. An authenticated attacker can send a carefully crafted POST request to /api/jsonrpc to exploit an SQL injection vulnerability. Confidentiality is impact...
NetExec
!Supported Python versionshttps://img.shields.io/badge/python...
CVE-2022-48554
File before 5.43 has an stack-based buffer over-read in filecopystr in funcs.c. NOTE: "File" is the name of an Open Source project...
CVE-2022-48554
File before 5.43 has an stack-based buffer over-read in filecopystr in funcs.c. NOTE: "File" is the name of an Open Source project...
Stack overflow
File before 5.43 has an stack-based buffer over-read in filecopystr in funcs.c. NOTE: "File" is the name of an Open Source project...
CVE-2022-48554
File before 5.43 has an stack-based buffer over-read in filecopystr in funcs.c. NOTE: "File" is the name of an Open Source project...
CVE-2023-36463 Cross site scripting (XSS) in meldekarten generator
Meldekarten generator is an open source project to create a program, running locally in the browser without the need for an internet-connection, to create, store and print registration cards for volunteers. All text fields on the webpage are vulnerable to XSS attacks. The user input isn't fully...
CVE-2023-33961 Leantime Stored Cross-site Scripting Vulnerability
Leantime is a lean open source project management system. Starting in version 2.3.21, an authenticated user with commenting privileges can inject malicious Javascript into a comment. Once the malicious comment is loaded in the browser by a user, the malicious Javascript code executes. As of time ...
bumsys 安全漏洞
bumsys is an open source project called Business Management System by unilogies individual developers. A security vulnerability exists in versions of bumsys prior to 2.1.1, which stems from an api processing endpoint that is allowed to contain local files that can be used to cause remote code...
Complaint Management System SQL Injection Vulnerability (CNVD-2023-29364)
Complaint Management System is an open source Php project . Used to request a complaint through the online service . Complaint Management System v1.0 version of the SQL injection vulnerability, the vulnerability stems from the component POST Parameter Handler file/users/checkavailability.php to t...
Moby 安全漏洞
Moby is an open source project that aims to drive containerization of software and help the ecosystem mainstream container technology. A security vulnerability exists in Moby version 1.12 and later. Attackers have exploited the vulnerability to cause accidental disclosure of secrets or user data...
GHSA-WP72-7HJ9-5265 Remote file existence check vulnerability in `mlflow server` and `mlflow ui` CLIs
Impact Users of the MLflow Open Source Project who are hosting the MLflow Model Registry using the mlflow server or mlflow ui commands using an MLflow version older than MLflow 2.2.1 may be vulnerable to a remote file existence check exploit if they are not limiting who can query their server for...
Trabalho-Web2 SQL注入漏洞
Trabalho-Web2 is an open source project. Trabalho-Web2 suffers from a SQL injection vulnerability. Attackers exploit this vulnerability to cause sql injection...
xrdp 缓冲区错误漏洞
xrdp is an open source remote desktop protocol server from Neutrinolabs Labs. A buffer error vulnerability exists in versions prior to xrdp v0.9.21, which stems from an out-of-bounds read included in the xrdpsecprocessmcsdataCSCORE function...
Pixel Update Bulletin—December2022Stay organized with collectionsSave and categorize content based on your preferences.
The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices Google devices. For Google devices, security patch levels of 2022-12-05 or later address all issues in this bulletin and all issues in the December 2022 Android...