5 matches found
CVE-2026-30235 Business Logic Error on OpenProject through hyperlinks in markdown using DOM clobbering
OpenProject is an open-source, web-based project management software. Prior to 17.2.0, this vulnerability occurs due to improper validation of OpenProject’s Markdown rendering, specifically in the hyperlink handling. This allows an attacker to inject malicious hyperlink payloads that perform DOM...
CVE-2026-31832
Umbraco (ASP.NET CMS) has a broken object-level authorization vulnerability in backoffice API endpoints affecting 14.0.0–before 16.5.1 and 17.2.2. An authenticated user can assign domain-related data to content nodes without proper authorization checks due to insufficient enforcement on the affec...
CVE-2023-42884
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. An app may be able to disclose kernel memory...
Apple Safari security vulnerability
Apple Safari is a web browser from Apple Inc. and is the default browser that comes with the Mac OS X and iOS operating systems. A security vulnerability exists in Apple Safari version 17.2, which stems from processing images that may result in a denial of service...
Apple iOS and iPadOS Security Vulnerabilities
Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS version 17.2 and iPadOS version 17.2, which arises from applications that may...