FroshAdminer Adminer UI is accessible without admin session

FriendsOfShopware FroshPlatformAdminer

PlaciPy has Missing Authorization Checks on Student Management Endpoints (IDOR)

Praskla-Technology assessment-placipy

PlaciPy is Missing Object-Level Authorization in student.submission.routes.ts

Praskla-Technology assessment-placipy

PlaciPy is Missing Authorization on Assessment Results Endpoint

Praskla-Technology assessment-placipy

Sliver has a DNS C2 OTP Bypass Allows Unauthenticated Session Flooding and Denial of Service

BishopFox sliver

Faraday affected by SSRF via protocol-relative URL host override in build_exclusive_url

lostisland faraday

Command injection via crafted filenames in Super-linter Action

super-linter super-linter

Privilege escalation to the `CAP_NET_RAW` capability via the `programs.captive-browser` NixOS module

NixOS nixpkgs

Axios affected by Denial of Service via __proto__ Key in mergeConfig

axios axios

LangSmith Client SDK Affected by Server-Side Request Forgery via Tracing Header Injection

langchain-ai langsmith-sdk

Craft has a potential authenticated Remote Code Execution via malicious attached Behavior

craftcms cms craftcms cms

Craft has a GraphQL Asset Mutation Privilege Escalation

craftcms cms craftcms cms

Craft has a stored XSS in Number Prefix & Suffix Fields

craftcms cms craftcms cms

Craft has a SQL Injection in Element Indexes via criteria[orderBy]

craftcms cms craftcms cms

Craft has a SSRF in GraphQL Asset Mutation via Alternative IP Notation

craftcms cms

Craft has a SSRF in GraphQL Asset Mutation via HTTP Redirect

craftcms cms craftcms cms

Craft has a save_images_Asset graphql mutation can be abused to exfiltrate AWS credentials of underlying host

craftcms cms craftcms cms

AprilRobotics apriltag apriltag.c apriltag_detector_detect memory corruption

AprilRobotics apriltag AprilRobotics apriltag +4个

Craft has a Stored XSS in Entry Types Name

craftcms cms

Zip Slip in MarkUs config upload allowing RCE

MarkUsProject Markus