Alerts

A Directory listing issue was found in PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers attacker to access sensitive files and directories via...

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2....

In lunary-ai/lunary version 1.2.7, there is a lack of rate limiting on the forgot password page, leading to an email bombing vulnerability. Attackers can exploit this by automating forgot password...

Unrestricted Upload of File with Dangerous Type vulnerability in Optimal Access Inc. KBucket allows Upload a Web Shell to a Web Server.This issue affects KBucket: from n/a through 4.1.6.

Unrestricted Upload of File with Dangerous Type vulnerability in Hive Support Hive Support – WordPress Help Desk allows Upload a Web Shell to a Web Server.This issue affects Hive Support –...

A local user can bypass the OpenAFS PAG (Process Authentication Group) throttling mechanism in Unix clients, allowing the user to create a PAG using an existing id number, effectively joining the...

An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash, possibly expose uninitialized memory, and possibly store garbage data in...

A malicious server can crash the OpenAFS cache manager and other client utilities, and possibly execute arbitrary code.

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in FraudLabs Pro FraudLabs Pro SMS Verification allows Stored XSS.This issue affects FraudLabs Pro SMS Verification: from n/a through 1.10.1.