JLSEC-2025-4 Argument injection in `gettreesha()` function in Registrator.jl

Impact If the clone URL returned by GitHub is malicious or can be injected using upstream vulnerabilities, an argument injection is possible in the gettreesha function. This can then lead to a potential RCE. Patches Users should upgrade immediately to v1.9.5. All prior versions are vulnerable...

GHSA-MGH9-4MWP-FG55 OpenFGA Authorization Bypass

Overview OpenFGA v1.9.3 to v1.9.4 openfga-0.2.40 = Helm chart = openfga-0.2.41, v1.9.3 = docker = v.1.9.4 are vulnerable to improper policy enforcement when certain Check and ListObject calls are executed. Am I Affected? You are affected by this vulnerability if you are using OpenFGA v1.9.3 to...

CVE-2024-36675

LyLmespage v1.9.5 is vulnerable to Server-Side Request Forgery SSRF via the gethead function...

CVE-2024-48176

Lylme Spage v1.9.5 is vulnerable to Incorrect Access Control. There is no limit on the number of login attempts, and the verification code will not be refreshed after a failed login, which allows attackers to blast the username and password and log into the system backend...

CVE-2024-36675

LyLmespage v1.9.5 is vulnerable to Server-Side Request Forgery SSRF via the gethead function...

CVE-2024-36675

LyLmespage v1.9.5 is vulnerable to Server-Side Request Forgery SSRF via the gethead function...

CVE-2024-36674

LyLmespage v1.9.5 is vulnerable to Cross Site Scripting XSS via admin/link.php...

CVE-2022-27429

Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery SSRF vulnerability via /admin.php/Plugins/update.html...

CVE-2022-27429

CVE-2022-27429 affects Jizhicms v1.9.5 with a Server-Side Request Forgery (SSRF) via /admin.php/Plugins/update.html. Root cause is an SSRF in the update handler; CVSS metrics indicate high severity (CVSS‑2.0 7.5 HIGH; CVSS‑3.1 9.8 CRITICAL). The provided connected documents do not include any rem...

CVE-2024-36675

LyLmespage v1.9.5 is vulnerable to Server-Side Request Forgery SSRF via the gethead function...