4 matches found
SUSE CVE-2026-27945
ZITADEL is an open source identity management platform. Zitadel Action V2 introduced as early preview in 2.59.0, beta in 3.0.0 and GA in 4.0.0 is a webhook based approach to allow developers act on API request to Zitadel and customize flows such the issue of a token. Zitadel's Action target URLs...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the online or hybrid meeting embeds. Workaround Users who are not able to upgrade to the fixed version can disable the creation of meetings by participants in the meeting component. Details Cross-site...
CVE-2022-25845
The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not...
Sharetribe Go 操作系统命令注入漏洞
Sharetribe Go is a source-available marketplace software from the Sharetribe team. An OS command injection vulnerability exists in versions of Sharetribe Go prior to 10.2.1, users who are unable to upgrade should set the snsnotificationtoken configuration parameter to a confidential value...