GoCD versions 20.2.0 through 21.4.0 (inclusive) are vulnerable to reflected XSS via abuse of the pipeline comparison function’s error handling to render arbitrary HTML into the returned page. This could allow an attacker to trick a victim into executing code which would allow the attacker to operate on, or gain control over the same resources as the victim had access to.
Description Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher
Description Wasmtime is a standalone runtime for WebAssembly. In affected versions wasmtime’s implementation of the SIMD proposal for WebAssembly on
Description Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an