GHSA-PQQ3-Q84H-PJ6X Sylius PayPal Plugin Payment Amount Manipulation Vulnerability

A vulnerability allows users to manipulate the final payment amount processed by PayPal. If a user modifies the item quantity in their shopping cart after initiating the PayPal Checkout process, PayPal will not receive the updated total amount. As a result, PayPal captures only the initially...

CVE-2022-41930

org.xwiki.platform:xwiki-platform-user-profile-ui is missing authorization to enable or disable users. Any user logged in or not with access to the page XWiki.XWikiUserProfileSheet can enable or disable any user profile. This might allow to a disabled user to re-enable themselves, or to an attack...

CVE-2023-35928 Nextcloud user scoped external storage can be used to gather credentials of other users

Nextcloud Server is a space for data storage on Nextcloud, a self-hosted productivity playform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 19.0.0 until 19.0.13.9, 20.0.0 until 20.0.14.14, 21.0.0 until 21.0.9.12, 22.0.0 until...

PT-2020-5035 · Atlassian +6 · Bamboo Data Center/Server +7

Name of the Vulnerable Software and Affected Versions: XStream versions prior to 1.4.14 Bamboo Data Center and Server version 9.2.1 Description: The issue exists due to the lack of neutralization of special elements used in operating system commands. This may allow a remote attacker to execute...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

cve-2020-0796-scanner This project is base on SMBGhosthttps...