Scout 安全漏洞

Scout is an open source platform from Clinical Genomics for analyzing VCFs and being able to aid collaborations to solve rare diseases faster. A security vulnerability exists in Scout versions prior to 4.89 that stems from a lack of filename cleanup and can bypass expected file extensions and all...

Mautic 安全漏洞

Mautic is an open source marketing automation software from Mautic Open Source. The software monitors and manages websites, sends emails and manages customer resources. Mautic suffers from a security vulnerability that stems from being susceptible to SQL injection attacks, which allow an attacker...

CVE-2024-45157

creationtimestamp| type| source ---|---|--- 2024-09-05 22:13:23+00:00| seen| https://t.me/cvedetector/4940 2025-03-14 16:44:14+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/7595 2025-10-01 18:11:57+00:00| seen| MISP/af790da0-9e28-4cb7-bd4e-46ad005115c6 2025-10-08 21:59:31+00:00| seen|...

Android Open Source Platform (AOSP) Browser UXSS

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Android Open Source Platform AOSP Browser UXSS', 'Description' = %q This module exploits a Universal Cross-Site Scripting UXSS vulnerability...

Android Open Source Platform (AOSP) Browser UXSS

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Android Open Source Platform AOSP Browser UXSS', 'Description' = %q This module exploits a Universal Cross-Site Scripting UXSS vulnerability...

Silverpeas 安全漏洞

Silverpeas is a suite of open source business collaboration platforms from Silverpeas Open Source. The platform includes applications for project management, blogs, forums, and document management. A security vulnerability exists in Silverpeas v.6.4.2 and earlier versions, which stems from a...

CVE-2024-37299

Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, crafting requests to submit very long tag group names can reduce the availability of a Discourse instance. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5...

Discourse 安全漏洞

Discourse is an open source community discussion platform from Discourse Open Source. The platform includes features such as communities, email and chat rooms. Discourse has a security vulnerability that stems from not properly cleaning Onebox data...

CVE-2024-36113

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch, version 3.3.0.beta3 on the beta branch, and version 3.3.0.beta4-dev on the tests-passed branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue i...

CVE-2024-37157

Discourse prior to version 3.2.3 on the stable branch and 3.3.0.beta4 on the beta/tests-passed branches is vulnerable to an SSRF via the FastImage library, which could redirect requests to an internal Discourse IP. The issue is patched in 3.2.3 (stable) and 3.3.0.beta4 (beta/tests-passed). No pub...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a message disclosure vulnerability. An attacker can exploit the vulnerability to cause the contents of a message to be read...

Minder Security Vulnerability

Minder is an open source platform that helps development teams and the open source community build more secure software and prove to others that the software they build is secure. A security vulnerability exists in versions prior to Minder v0.0.52 that stems from a maliciously configured Git...

CVE-2024-32871 Pimcore Vulnerable to Flooding Server with Thumbnail files

Pimcore is an Open Source Data & Experience Management Platform. The Pimcore thumbnail generation can be used to flood the server with large files. By changing the file extension or scaling factor of the requested thumbnail, attackers can create files that are much larger in file size than the...

Silverpeas 安全漏洞

Silverpeas is an open source business collaboration platform. The platform includes applications for project management, blogs, forums, and document management. A security vulnerability exists in Silverpeas version 6.3, which stems from vulnerability to cross-site scripting XSS attacks...

Minder 安全漏洞

Minder is an open source platform that helps development teams and the open source community build more secure software and prove to others that the software they build is secure. A security vulnerability exists in versions of Minder prior to 0.0.50 that stems from a maliciously created template...

Minder 安全漏洞

Minder is an open source platform that helps development teams and the open source community build more secure software and prove to others that the software they build is secure. A security vulnerability exists in Minder versions prior to 0.0.49 that stems from a denial-of-service attack that is...

Apache Fineract 安全漏洞

Apache Fineract is a set of open source digital financial services platform from the U.S. Apache Apache Foundation. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other functions. Apache Fineract suffers from an elevatio...

Discourse Security Breach

Discourse is an open source community discussion platform. The platform includes features such as communities, email and chat rooms. Discourse suffers from a security vulnerability. An attacker exploiting the vulnerability could learn about secret subcategories that exist under public categories...

BIT-TENSORFLOW-2021-29540 Heap buffer overflow in `Conv2DBackpropFilter`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow to occur in Conv2DBackpropFilter. This is because the...

BIT-TENSORFLOW-2021-41200 Incomplete validation in `tf.summary.create_file_writer`

TensorFlow is an open source platform for machine learning. In affected versions if tf.summary.createfilewriter is called with non-scalar arguments code crashes due to a CHECK-fail. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow...