Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the stylesheet input in the backend configuration forms. An attacker can execute arbitrary scripts in the context of other users by injecting malicious HTML or JavaScript through the editor settings. This ca...

CVE-2025-64171

A cross-namespace authorization flaw has been identified in the MARIN3R operator’s DiscoveryServiceCertificate resource. The flaw occurs because the operator mistakenly treats certain inputs as valid, bypassing Kubernetes Role-Based Access Control RBAC. When a user has permission to create...

Design/Logic Flaw

Discourse is an open-source discussion platform. Prior to version 3.1.1 of the stable branch and version 3.2.0.beta1 of the beta and tests-passed branches, a malicious admin could create extremely large icons sprites, which would then be cached in each server process. This may cause server...

Possibility for Denial of Service by overwriting PHP files with language exports

Impact Laravel Translation Manager didn't check the locale name, which allowed directory traversal when exporting files. The content would be a PHP file returning an array of translations, but this could lead to unexpected results, like denial of service. Access to the Laravel Translation Manager...