CVE-2024-22421

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Users of JupyterLab who click on a malicious link may get their Authorization and XSRFToken tokens exposed to a third party when running an older jupyter-server...

CVE-2024-22406

Shopware is an open headless commerce platform. The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the “aggregations...

CVE-2024-22196

Nginx-UI is an online statistics for Server Indicators​​ Monitor CPU usage, memory usage, load average, and disk usage in real-time. This issue may lead to information disclosure. By using DefaultQuery, the "desc" and "id" values are used as default values if the query parameters are not set. Thu...

CVE-2024-22408

Shopware is an open headless commerce platform. The implemented Flow Builder functionality in the Shopware application does not adequately validate the URL used when creating the “call webhook” action. This enables malicious users to perform web requests to internal hosts. This issue has been fix...

CVE-2024-48914

Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data...

CVE-2024-35224

OpenProject is the leading open source project management software. OpenProject utilizes tablesorter inside of the Cost Report feature. This dependency, when misconfigured, can lead to Stored XSS via icon substitution in table header values. This attack requires the permissions "Edit work package...

GHSA-W7WM-2425-7P2H MarbleRun unauthenticated recovery allows Coordinator impersonation

Impact During recovery, a Coordinator only verifies that a given recovery key decrypts the sealed state, not if this key was provided by a party with access to one of the recovery keys defined in the manifest. This allows an attacker to manually craft a sealed state using their own recovery keys,...

CVE-2024-53851 Partial denial of service via inline oneboxes in Discourse

Discourse is an open source platform for community discussion. In affected versions the endpoint for generating inline oneboxes for URLs wasn't enforcing limits on the number of URLs that it accepted, allowing a malicious user to inflict denial of service on some parts of the app. This...

CVE-2025-23023

Discourse is an open source platform for community discussion. In affected versions an attacker can carefully craft a request with the right request headers to poison the anonymous cache for example, the cache may have a response with missing preloaded data. This issue only affects anonymous...

CVE-2024-55948

Discourse is an open source platform for community discussion. In affected versions an attacker can make craft an XHR request to poison the anonymous cache for example, the cache may have a response with missing preloaded data. This issue only affects anonymous visitors of the site. This problem...

CVE-2024-55948

CVE-2024-55948 describes an anonymous cache poisoning vulnerability in Discourse. In affected versions, an attacker can craft an XHR request to contaminate the anonymous cache, potentially causing a response with missing preloaded data and affecting only anonymous visitors. Mitigation in the prov...

CVE-2024-55948 Anonymous cache poisoning via XHR requests in Discourse

Discourse is an open source platform for community discussion. In affected versions an attacker can make craft an XHR request to poison the anonymous cache for example, the cache may have a response with missing preloaded data. This issue only affects anonymous visitors of the site. This problem...

CVE-2024-56197 Users can see other user's tagged PMs in Discourse

Discourse is an open source platform for community discussion. PM titles and metadata can be read by other users when the "PM tags allowed for groups" option is enabled, the other user is a member of a group added to this option, and the PM has been tagged. This issue has been patched in the late...

CVE-2024-56197

CVE-2024-56197 affects Discourse: when the PM tags allowed for groups option is enabled, and a recipient belongs to a group listed in that option with the PM tagged, other users can read PM titles and metadata. The issue is described across multiple sources as an information-disclosure risk withi...

CVE-2024-56328

CVE-2024-56328 affects Discourse (onebox URL handling). An attacker can cause the execution of arbitrary JavaScript in a user’s browser by posting a maliciously crafted onebox URL, with impact on sites where CSP is disabled. The root cause is the Onebox URL processing in Discourse that allows inl...

CVE-2024-56328 HTMLi(XSS without CSP) via Onebox urls in Discourse

Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by posting a maliciously crafted onebox url. This issue only affects sites with CSP disabled. This problem has been patched in the latest version of Discourse. Users are...

CVE-2024-56328 HTMLi(XSS without CSP) via Onebox urls in Discourse

Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by posting a maliciously crafted onebox url. This issue only affects sites with CSP disabled. This problem has been patched in the latest version of Discourse. Users are...

CVE-2025-22601 Client Side Path Traversal using activate account route in Discourse

Discourse is an open source platform for community discussion. In affected versions an attacker can trick a target user to make changes to their own username via carefully crafted link using the activate-account route. This problem has been patched in the latest version of Discourse. Users are...

Microsoft SharePoint Connector Flaw Could've Enabled Credential Theft Across Power Platform

Cybersecurity researchers have disclosed details of a now-patched vulnerability impacting the Microsoft SharePoint connector on Power Platform that, if successfully exploited, could allow threat actors to harvest a user's credentials and stage follow-on attacks. This could manifest in the form of...

Aviatrix Controller list_flightpath_destination_instances command injection

Added: 02/04/2025 Background Aviatrix Controller is a cloud networking platform that manages connectivity of cloud and hybrid networks. Problem A command injection vulnerability in the listflightpathdestinationinstances API action allows remote attackers to execute arbitrary commands. Resolution...