5 matches found
GHSA-3W28-36P9-W929 Gogs's Unauthenticated Jupyter Notebook (ipynb) Sanitizer allows arbitrary data: URIs leading to XSS
Summary The Jupyter Notebook ipynb sanitizer endpoint at POST /-/api/sanitizeipynb allows arbitrary data: URIs without proper restrictions, potentially leading to Cross-Site Scripting XSS. The endpoint uses bluemonday.UGCPolicy with p.AllowURLSchemes"data" which permits all data URI schemes...
CVE-2025-36180
IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions...
CVE-2025-36180
CVE-2025-36180 concerns IBM watsonx.data (Lakehouse) versions 2.2–2.3. The issue is an improper restriction of inter-pod communication, potentially allowing an attacker to transfer data between pods without restrictions. The vulnerability’s impact is described as data integrity risk within pod co...
The vulnerability of the PHP programming language interpreter allows attackers to gain access to confidential data and compromise its integrity.
The vulnerability of the PHP programming language interpreter lies in the lack of restrictions on data size during calculations. Exploiting this vulnerability allows a malicious actor to gain access to confidential data and compromise its integrity...
CVE-2022-3683
A vulnerability exists in the SDM600 API web services authorization validation implementation. An attacker who successfully exploits the vulnerability could read data directly from a data store that is not restricted, or insufficiently protected, having access to sensitive data. This issue...