11 matches found
CVE-2026-42280
Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0...
CVE-2025-10148
curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...
Linux Distros Unpatched Vulnerability : CVE-2021-35513
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mermaid before 8.11.0 allows XSS when the antiscript feature is used. CVE-2021-35513 Note that Nessus relies on the presence of the package as reported by the...
Austrian Archaeological Institute OpenAtlas 安全漏洞
Austrian Archaeological Institute OpenAtlas is a software platform for humanities research from Austrian Archaeological Institute, Austria. A security vulnerability exists in Austrian Archaeological Institute OpenAtlas version v8.11.0, which stems from the presence of cross-site scripting in the...
Elasticsearch 8.11.1 Security Update (ESA-2024-05)
Elasticsearch Uncaught Exception ESA-2024-05 An uncaught exception in Elasticsearch = 8.4.0 and = 8.4.0 and 8.11.1 Solutions and Mitigations: The issue is resolved in version 8.11.1. This requires the attachment processor to be enabled. Users unable to upgrade can ensure that the attachment...
FasterXML Vulnerability in Bitbucket Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, and 8.13.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Western Digital My Cloud Home 路径遍历漏洞
Western Digital My Cloud Home is an easy-to-use personal cloud storage device from Western Digital. It plugs directly into a Wi-Fi router to protect your digital life. A security vulnerability exists in Western Digital My Cloud Home, which stems from an HTTP API that allows an attacker to abuse...
CVE-2021-35513
Mermaid before 8.11.0 allows XSS when the antiscript feature is used...
Design/Logic Flaw
Mermaid before 8.11.0 allows XSS when the antiscript feature is used...
IDOR Disclosure of Private Project Titles - CVE-2020-14174
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References IDOR vulnerability in the Administration Permission Helper. Affected versions: version 7.13.16 8.0.0 ≤ version 8.5.7 8.6.0 ≤ version 8.9.2...
Code injection
An issue was discovered in GitLab Enterprise Edition 8.11.0 through 12.0.2. By using brute-force a user with access to a project, but not it's repository could create a list of merge requests template names. It has excessive algorithmic complexity...