| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The CSP policy applied on the `tips.hushline.app` website and bundled by default in this repository is trivial to bypass. This vulnerability has been patched in version 0.1.0. |
| Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. There is a stored XSS in the Inbox. The input is displayed using the `safe` Jinja2 attribute, and thus not sanitized upon display. This issue has been patched in version 0.1.0. |
| In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible |
| In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto-attach option for workflows |
| In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site |
| In JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files to articles |
| A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. A remote attacker able to convince a PAM user to click on a specially crafted link to the PAM UI web interface could potentially execute arbitrary client-side code in the context of PAM UI. |
| iRODS before 4.3.2 provides an msiSendMail function with a problematic dependency on the mail binary, such as in the mailMS.cpp#L94-L106 reference. |
| irodsServerMonPerf in iRODS before 4.3.2 attempts to proceed with use of a path even if it is not a directory. |
| Xenforo before 2.2.16 allows code injection. |
| Xenforo before 2.2.16 allows CSRF. |
| D-Link -
CWE-294: Authentication Bypass by Capture-replay |
| D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel |
| Commugen SOX 365 – CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| Nuvoton - CWE-305: Authentication Bypass by Primary Weakness
An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock
reference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code
execution. |
| Matrix Tafnit v8
-
CWE-646: Reliance on File Name or Extension of Externally-Supplied File |
| Matrix Tafnit v8
-
CWE-204: Observable Response Discrepancy |
| Matrix - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| Matrix Tafnit v8
- CWE-552: Files or Directories Accessible to External Parties |
| FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. FreeRTOS-Plus-TCP versions 4.0.0 through 4.1.0 contain a buffer over-read issue in the DNS Response Parser when parsing domain names in a DNS response. A carefully crafted DNS response with domain name length value greater than the actual domain name length, could cause the parser to read beyond the DNS response buffer. This issue affects applications using DNS functionality of the FreeRTOS-Plus-TCP stack. Applications that do not use DNS functionality are not affected, even when the DNS functionality is enabled. This vulnerability has been patched in version 4.1.1. |
