Vulnerabilities
Recent vulnerabilities
Recent vulnerabilities from
Select from 78 available sources using the dropdown above.
| ID | Severity | Description | Published | Updated |
|---|---|---|---|---|
| ghsa-24pj-f32f-p9j2 |
0.0 (3.1)
|
This CVE has been rejected. | 2024-10-01T06:30:47Z | 2024-10-01T06:30:47Z |
| ghsa-2vf8-hmhp-gw9x |
0.0 (3.1)
|
This issue was addressed through improved state management. This issue is fixed in tvOS 17.4, iOS 1… | 2024-03-08T03:31:25Z | 2026-04-02T21:31:39Z |
| ghsa-2xv8-gjwh-fv8p |
0.0 (3.1)
|
CrateDB's Blob HTTP handler bypasses authorization | 2026-07-01T19:55:07Z | 2026-07-01T19:55:07Z |
| ghsa-335x-5wcm-8jv2 |
0.0 (3.1)
|
Backoffice User can bypass "Publish" restriction | 2023-12-13T13:21:51Z | 2024-01-12T16:28:24Z |
| ghsa-36xx-7vf6-7mv3 |
0.0 (3.1)
|
Silverstripe Framework: Members with no password can be created and bypass custom login forms | 2023-07-31T22:00:58Z | 2023-10-04T17:11:40Z |
| ghsa-3jp4-mhh4-gcgr |
0.0 (3.1)
|
Kimai has an Open Redirect via Unvalidated RelayState in SAML ACS Handler | 2026-04-14T01:06:06Z | 2026-04-14T01:06:06Z |
| ghsa-3q5f-gmjc-38r8 |
0.0 (3.1)
|
ImageMagick: Memory leak in coders/txt.c without freetype | 2026-02-25T19:13:08Z | 2026-02-25T19:13:08Z |
| ghsa-3rwj-9q84-fmqw |
0.0 (3.1)
|
A broken access control vulnerability previously discovered in the Trend Vision One Role Name compo… | 2025-04-02T18:30:54Z | 2025-04-02T18:30:54Z |
| ghsa-435g-fcv3-8j26 |
0.0 (4.0)
|
Bug-Fixes in `libcrux-ecdh`, `libcrux-ed25519`, `libcrux-psq` | 2026-02-12T22:12:14Z | 2026-02-27T20:51:08Z |
| ghsa-473p-56xx-vg67 |
0.0 (3.1)
|
Kiwi TCMS vulnerable to stored XSS via JavaScript: URI in extra_link field (TestPlan & TestCase) | 2026-07-06T21:49:41Z | 2026-07-06T21:49:41Z |
| ghsa-4c3c-r6p8-c863 |
0.0 (3.1)
|
Flawfinder output manipulation via untrusted filenames and source text | 2026-06-26T20:52:25Z | 2026-06-26T20:52:25Z |
| ghsa-4gp9-ff99-j6vj |
0.0 (3.1)
|
Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API | 2024-10-22T17:51:26Z | 2024-10-22T19:22:27Z |
| ghsa-4px2-pw77-vc85 |
0.0 (3.1)
|
SwiftNIO HTTP/2: HTTP/2-to-HTTP/1 Request Smuggling via unvalidated :path pseudo-header in HTTP2ToH… | 2026-06-12T15:08:16Z | 2026-06-12T15:08:16Z |
| ghsa-5339-hvwr-7582 |
0.0 (3.1)
|
Unhead Vulnerable to Bypass of URI Scheme Sanitization in makeTagSafe via Case-Sensitivity | 2026-03-12T14:19:25Z | 2026-03-12T19:14:29Z |
| ghsa-55h8-q58m-2332 |
0.0 (3.1)
|
Low‑privileged users could use their Full Name as a vector for a stored XSS attack. The name is inc… | 2026-06-23T18:31:42Z | 2026-06-23T18:31:42Z |
| ghsa-59xv-588h-2vmm |
0.0 (3.1)
|
@saltcorn/data vulnerable to SQL Injection via jsexprToSQL Literal Handler | 2026-04-10T19:30:32Z | 2026-04-10T19:30:32Z |
| ghsa-5rv5-xj5j-3484 |
0.0 (3.1)
|
Faraday has a possible incomplete fix for GHSA-33mh-2634-fwr2: protocol-relative URI objects still … | 2026-05-18T14:51:51Z | 2026-06-05T14:12:03Z |
| ghsa-6324-52pr-h4p5 |
0.0 (3.1)
|
Using the directory back payload (“/../”) in a package name allows placement of package in other folders. | 2023-12-13T13:24:53Z | 2024-01-12T16:28:06Z |
| ghsa-664f-j627-v386 |
0.0 (4.0)
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnera… | 2026-02-03T00:30:19Z | 2026-02-03T00:30:19Z |
| ghsa-6cw8-3wqq-r7p8 |
0.0 (3.1)
|
Insecure Permission vulnerability in Agasta Sanketlife 2.0 Pocket 12-Lead ECG Monitor FW Version 3.… | 2024-04-22T15:30:41Z | 2024-07-03T18:36:23Z |
| ghsa-6cxj-fx46-x5rx |
0.0 (3.1)
|
The Tickera WordPress plugin before 3.5.2.5 does not prevent users from leaking other users' tickets. | 2024-04-22T06:30:29Z | 2024-07-03T18:36:19Z |
| ghsa-6ggm-pwr9-r5h2 |
0.0 (4.0)
|
XSS in @leanprover/unicode-input-component | 2026-03-16T16:39:55Z | 2026-03-16T16:39:55Z |
| ghsa-6h85-5gxw-42h9 |
0.0 (3.1)
|
An unquoted service path vulnerability in Terratec DMX_6Fire USB v.1.23.0.02 allows a local attacke… | 2024-04-23T15:30:34Z | 2024-07-03T18:36:39Z |
| ghsa-6xmx-85x3-4cv2 |
0.0 (3.1)
|
Stored XSS via SVG File Upload | 2023-12-13T13:30:53Z | 2023-12-13T13:30:53Z |
| ghsa-72rp-2fhc-9m4p |
0.0 (3.1)
|
A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers … | 2024-04-17T21:30:50Z | 2024-07-03T18:35:18Z |
| ghsa-7jc7-7vhf-f7fg |
0.0 (4.0)
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnera… | 2025-04-10T21:31:10Z | 2025-11-03T21:33:30Z |
| ghsa-7qx6-f23w-3w7f |
0.0 (3.1)
|
Unauthenticated Open Redirect, Arbitrary HTTP Response Header Injection, Missing CSRF, and Invisibl… | 2026-04-14T22:53:33Z | 2026-04-14T22:53:34Z |
| ghsa-7x6q-3v3m-cwjg |
0.0 (3.1)
|
kiwi TCMS has possibility for user to update email address to unverified one | 2023-04-24T16:46:14Z | 2023-04-24T16:46:14Z |
| ghsa-7x74-h8cw-qhxq |
0.0 (3.1)
|
Brute force exploit can be used to collect valid usernames | 2023-12-13T13:27:06Z | 2024-01-12T16:27:48Z |
| ghsa-8fj5-vvv3-q47w |
0.0 (4.0)
|
An acceptance of extraneous untrusted data with trusted data vulnerability has been identified in M… | 2025-10-23T15:30:34Z | 2025-10-23T15:30:34Z |