5 matches found
CVE-2022-31038
Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 DisplayName does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which sanitizes DisplayName...
EUVD-2023-50985
Malicious code in bioql PyPI...
CVE-2024-56197
Discourse is an open source platform for community discussion. PM titles and metadata can be read by other users when the "PM tags allowed for groups" option is enabled, the other user is a member of a group added to this option, and the PM has been tagged. This issue has been patched in the late...
GLSA-200408-20 : Qt: Image loader overflows
The remote host is affected by the vulnerability described in GLSA-200408-20 Qt: Image loader overflows There are several unspecified bugs in the QImage class which may cause crashes or allow execution of arbitrary code as the user running the Qt application. These bugs affect the PNG, XPM, BMP,...
Important: Red Hat Security Advisory: cadaver security update
An updated cadaver package is now available that fixes a vulnerability in neon which could be exploitable by a malicious DAV server. cadaver is a command-line WebDAV client that uses inbuilt code from neon, an HTTP and WebDAV client library. Stefan Esser discovered a flaw in the neon library whic...