884430 matches found
GHSA-MQQ5-J7W8-2HGH AlchemyCMS: Unauthenticated nested page API leaks restricted & unpublished content
Unauthenticated nested page API leaks restricted & unpublished content - Location: app/controllers/alchemy/api/pagescontroller.rb:28 Api::PagesControllernested - Affected version: Alchemy CMS 8.3.0.dev Rails 8.1.3 Description The unauthenticated GET /api/pages/nested endpoint returns the full pag...
GHSA-C3WQ-J5VH-68RC Hugo: Symlink confinement bypass in os.ReadFile
Affected versions: v0.123.0 through v0.163.0. Earlier versions are not affected. Fixed in: v0.163.1. Severity: Medium. Requires the attacker to be able to place or convince a site author to place a symlink inside a mounted directory — for example, inside a locally-vendored theme under themes/...
GHSA-Q76J-GCG9-VXC6 Hugo: XSS via unescaped code-fence language in default code block renderer
Hugo's default code-block renderer wrote the Markdown code-fence language / info-string into the wrapper without HTML escaping. A fence info-string containing a quote and a payload breaks out of the attribute and injects a live script element. This is not an issue if you fully trust every file...
GHSA-9WXG-VF3R-56HC OpenZeppelin Contracts Wizard: Line terminators in info.securityContact / info.license can inject lines into generated source
Summary The Contracts Wizard generators printed info.securityContact and info.license verbatim into a single-line comment of the generated Solidity, Cairo, Stellar/Soroban, and Stylus source without rejecting line terminators. A newline \n or \r\n in either field ends the comment, so the text aft...
MINI-WCWJ-3MHH-W2X3
Bulletin has no description...
MINI-V922-9VJ5-Q46Q
Bulletin has no description...
MINI-67H9-FR9H-WXFH
Bulletin has no description...
MINI-66QW-XVMR-646X
Bulletin has no description...
MINI-CXF8-GCHF-G7JQ
Bulletin has no description...
MINI-MG8J-VXHP-C6W9
Bulletin has no description...
MINI-F6FH-2FRM-3J6F
Bulletin has no description...
MINI-9W9R-95FW-J7H9
Bulletin has no description...
MINI-MVJJ-2F2V-7G74
Bulletin has no description...
MINI-FWV7-JJ44-2FM8
Bulletin has no description...
MINI-4XP5-52WG-2257
Bulletin has no description...
MINI-FR6X-HWRR-R6P5
Bulletin has no description...
MINI-QJ2W-V5FQ-PFC4
Bulletin has no description...
MINI-CRG3-VF73-6H3F
Bulletin has no description...
MINI-WJCM-8HGQ-GWVH
Bulletin has no description...
MINI-J98H-2GGF-V26P
Bulletin has no description...
MINI-VHVX-F4H8-PH74
Bulletin has no description...
MINI-G994-V9XV-8C3M
Bulletin has no description...
MINI-PHF7-GG4F-FH36
Bulletin has no description...
MINI-5R88-44X7-8HCV
Bulletin has no description...
MINI-GV96-9JF2-FG7R
Bulletin has no description...
MINI-F3XP-FW2M-M535
Bulletin has no description...
MINI-22RW-G55C-PW46
Bulletin has no description...
MINI-323P-75C5-M7RF
Bulletin has no description...
MINI-F2Q9-8GQX-RG37
Bulletin has no description...
MINI-MC6J-6794-2VM5
Bulletin has no description...
MINI-RV9X-3424-W3VP
Bulletin has no description...
MINI-C625-C3GR-V3J3
Bulletin has no description...
MINI-3G9R-FCFR-XV8R
Bulletin has no description...
MINI-88WX-H7M4-PCMG
Bulletin has no description...
MINI-2G6C-445G-7764
Bulletin has no description...
MINI-9FW4-57RR-X52Q
Bulletin has no description...
MINI-342R-FW74-77F4
Bulletin has no description...
MINI-6VC5-946P-4683
Bulletin has no description...
MINI-XWHV-M24F-59M2
Bulletin has no description...
MINI-H9FV-9G7R-8XP3
Bulletin has no description...
MINI-V3CG-8FC7-C3QM
Bulletin has no description...
MINI-MF8G-V3FF-J85R
Bulletin has no description...
MINI-2P68-8W8Q-R4PF
Bulletin has no description...
MINI-CC2C-539F-H36R
Bulletin has no description...
MINI-4R8F-7V4Q-4M5F
Bulletin has no description...
MINI-8728-R4H3-RPCJ
Bulletin has no description...
MINI-WGVF-H4J8-H4X2
Bulletin has no description...
MINI-677G-45WV-G5G4
Bulletin has no description...
MINI-233J-5PG3-FR3V
Bulletin has no description...
MINI-JHCP-RH3H-H679
Bulletin has no description...