Alerts

A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more...

t0mer BroadlinkManager v5.9.1 was discovered to contain an OS command injection vulnerability via the IP Address parameter at /device/ping.

Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences...

A Cross Site Scripting (XSS) vulnerability exists in TeamPasswordManager v12.162.284 and before that could allow a remote attacker to execute arbitrary JavaScript in the web browser of a user, by...

An issue in xxyopen novel plus v.4.4.0 and before allows a remote attacker to execute arbitrary code via the PageController.java file

Tuleap is an Open Source Suite to improve management of software developments and collaboration. The password to connect the Redis instance is not purged from the archive generated with tuleap...

Pinecone is an experimental overlay routing protocol suite which is the foundation of the current P2P Matrix demos. The Pinecone Simulator (pineconesim) included in Pinecone up to commit ea4c337 is...

Tuleap is an Open Source Suite to improve management of software developments and collaboration. The mass emailing features do not sanitize the content of the HTML emails. A malicious user could...

Tuleap is an Open Source Suite to improve management of software developments and collaboration. In a standard usages of Tuleap, the issue has a limited impact, it will mostly leave dangling data....

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protections on tracker fields administrative operations. An attacker could...