7 matches found
GHSA-HH8V-HGVP-G3F5 league/commonmark has an embed extension allowed_domains bypass
Impact The DomainFilteringAdapter in the Embed extension is vulnerable to an allowlist bypass due to a missing hostname boundary assertion in the domain-matching regex. An attacker-controlled domain like youtube.com.evil passes the allowlist check when youtube.com is an allowed domain. This enabl...
CVE-2025-63009 WordPress WP Google Analytics Events plugin <= 2.8.2 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in yuvalo WP Google Analytics Events wp-google-analytics-events allows Retrieve Embedded Sensitive Data.This issue affects WP Google Analytics Events: from n/a through = 2.8.2...
CVE-2025-47151
A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability...
PT-2024-39474 · WordPress · Xt Floating Cart For Woocommerce
Name of the Vulnerable Software and Affected Versions: XT Floating Cart for WooCommerce plugin for WordPress version 2.8.2 and earlier Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows...
GHSA-32JF-H775-G29H MongoDB Rust driver may issue unintended commands
Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2...
PYSEC-2024-42
Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not permitted to view.With 2.8.2 and newer, Ops and Viewer users do not have audit log permission by defaul...
PT-2022-16875 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions 2.8.2 and prior in the stable branch Discourse versions 2.9.0.beta3 and prior in the beta branch Discourse versions 2.9.0.beta3 and prior in the tests-passed branch Description: Discourse is an open source discussion...