GHSA-9X9P-QF8F-MVJG LiquidJS's `{% render %}` tag silently bypasses per-render `ownPropertyOnly:true` via `Context.spawn()`

Summary Context.spawn in liquidjs creates a child Context for the % render % tag but does not propagate the parent context's resolved ownPropertyOnly value. The new context re-derives ownPropertyOnly from opts.ownPropertyOnly the instance-level option, silently discarding any...

CVE-2024-28383

Tenda AX12 v1.0 v22.03.01.16 was discovered to contain a stack overflow via the ssid parameter in the sub431CF0 function...

Nextcloud: Hide download previews are accessible without a watermark

A vulnerability was discovered in Nextcloud that allowed users to access download previews without a watermark, even when the watermark option was enabled. This could potentially compromise the privacy of the document and goes against the intended purpose of the feature...

godsdirectcontact.co.uk XSS vulnerability

Open Bug Bounty ID: OBB-428593 Description| Value ---|--- Affected Website:| godsdirectcontact.co.uk Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention...

dlplibs/lrffuzzer: Index-out-of-bounds in offsetTOCLookupFn

Detailed report: https://oss-fuzz.com/testcase?key=6333949702832128 Project: dlplibs Fuzzer: libFuzzerdlplibslrffuzzer Fuzz target binary: lrffuzzer Job Type: libfuzzerubsandlplibs Platform Id: linux Crash Type: Index-out-of-bounds Crash Address: Crash State: offsetTOCLookupFn doLoadFromCommonDat...

affiliates.affilistars.com XSS vulnerability

Vulnerable URL: https://affiliates.affilistars.com/email-unsubscribe.php?u=%22%3E%3Csvg/onload=prompt%28/OPENBUGBOUNTY/%29%3E Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website...