Description aimeos/ai-controller-frontend is the Aimeos frontend controller. Prior to versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, aimeos/ai-controller-frontend doesn’t reset the
Description Pomerium is an identity and context-aware access proxy. Prior to version 0.26.1, the Pomerium user info page (at `/.pomerium`)
Description SkillTree is a micro-learning gamification platform. Prior to version 2.12.6, the endpoint `/admin/projects/{projectname}/skills/{skillname}/video` (and probably others) is open to
Description Improper Validation of Array Index vulnerability in Samsung Open Source Walrus Webassembly runtime engine allows a segmentation fault issue.
Description GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.6,
Description Fiber is an Express-inspired web framework written in Go A vulnerability present in versions prior to 2.52.5 is a
Description gorilla/schema converts structs to and from form values. Prior to version 1.4.1 Running `schema.Decoder.Decode()` on a struct that has
Description The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is
Description The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all
Description FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0 References
Description Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A
Description trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. A vulnerability affected older pods which migrated from the
Description Incorrect Default Permissions vulnerability in Hitachi JP1/Extensible SNMP Agent for Windows, Hitachi JP1/Extensible SNMP Agent on Windows, Hitachi Job
Description Machform up to version 19 is affected by an authenticated Blind SQL injection in the user account settings page.
Description A reflected Cross-Site Scripting (XSS) vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization
Description authentik is an open-source Identity Provider. Access restrictions assigned to an application were not checked when using the OAuth2
Description The NXP Data Co-Processor (DCP) is a built-in hardware module for specific NXP SoCs¹ that implements a dedicated AES
Description ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. There is possible invalid stack
Description dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed
The smooth and connected digital world is also an arena for cybercriminals who organize account takeover (ATO) attacks. Consider this:
Description The WordPress Plugin for Google Maps – WP MAPS plugin for WordPress is vulnerable to SQL Injection via the
Description iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking
Description Internet2 Grouper before 5.6 allows authentication bypass when LDAP authentication is used in certain ways. This is related to
Description A vulnerability was found in SeaCMS 12.9. It has been declared as critical. Affected by this vulnerability is an