| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An issue has been discovered affecting GitLab versions prior to 13.5. An open redirect vulnerability was fixed in GitLab integration with Jira that a could cause the web application to redirect the request to the attacker specified URL. |
| Exposure of Sensitive Information to an Unauthorized Actor in Packagist microweber/microweber prior to 1.2.11. |
| A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. This attack exploits the way symlinks are created and how the product works with them. |
| The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users |
| Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11. |
| Incorrect Permission Assignment for Critical Resource in Packagist microweber/microweber prior to 1.2.11. |
| Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2. |
| Improper Access Control in Pypi calibreweb prior to 0.6.16. |
| Improper Restriction of XML External Entity Reference in GitHub repository detekt/detekt prior to 1.20.0. |
| The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action, leading to a Reflected Cross-Site Scripting |
| Prior to v0.6.1, bored-agent failed to sanitize incoming kubernetes impersonation headers allowing a user to override assigned user name and groups. |
| Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm prior to 6.3.0. |
| Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav prior to 1.7.28. |
| The AdRotate WordPress plugin before 5.8.22 does not sanitise and escape the adrotate_action before using it in a SQL statement via the adrotate_request_action function available to admins, leading to a SQL injection |
| Authorization Bypass Through User-Controlled Key in Packagist remdex/livehelperchat prior to 3.92v. |
| Improper Restriction of XML External Entity Reference in GitHub repository hazelcast/hazelcast in 5.1-BETA-1. |
| A vulnerability was found in the Linux kernel's eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. This flaws affects kernel versions < v5.16-rc6 |
| Unrestricted Upload of File with Dangerous Type in Packagist pimcore/pimcore prior to 10.2.7. |
| Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.7. |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.7. |
