GHSA-JRM4-4PCF-4763 ciguard: Container image runs as root (no USER directive)

Summary The published ghcr.io/jo-jo98/ciguard container image inherits the default root user because the Dockerfile lacks a USER directive. ciguard is a static analyser with no need for root privileges; running as root inside a container makes any future container-runtime escape CVE more impactfu...

HTML Injection

docassemblewebapp is vulnerable to HTML injection. The vulnerability is due to improper handling of user-added HTML including user's name field, allowing the input to be displayed on the screen as HTML which can also include...

CVE-2021-32665

wire-ios is the iOS version of Wire, an open-source secure messaging app. wire-ios versions 3.8.0 and earlier have a bug in which a conversation could be incorrectly set to "unverified. This occurs when: - Self user is added to a new conversation - Self user is added to an existing conversation -...

gitea -- privilege escalation, XSS

The Gitea project reports: Security Sanitize uploaded file names HTMLEncode user added text...

Rianxosencabos CMS 0.9 Remote Add Admin Exploit

Exploit for unknown platform in category web applications =============================================== Rianxosencabos CMS 0.9 Remote Add Admin Exploit =============================================== !/usr/bin/perl -w Rianxosencabos CMS 0.9 Remote Add Admin Exploit Download:...

Pet Grooming Management System 2.0 - Arbitrary Add Admin

Pet Grooming Management System 2.0 - Arbitrary Add Admin !/usr/bin/perl use strict; use LWP::UserAgent; print "-+- Pet Grooming Management System ; print "\nEnter Usernamecreate your admin username: "; chompmy $user=; print "\nEnter Passwordcreate your admin password: "; chompmy $pass=; my $ua =...