For individuals

Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing...

The link to update all installed language packs did not include the necessary token to prevent a CSRF risk.

Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page).

eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Even with the application of SROS2, due to the issue where...

Yocto Project is an open source collaboration project that helps developers create custom Linux-based systems regardless of the hardware architecture. In Yocto Projects Bitbake before 2.6.2 (before...

alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, an attacker can access data from other organizers. The attacker can use a specially crafted request to receive the...

alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and USERS of other organization owners using the...

Misskey is an open source, decentralized social media platform with ActivityPub support. Prior to version 2024.2.0, when fetching remote Activity Streams objects, Misskey doesn't check that...

Iris is a web collaborative platform that helps incident responders share technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web,...

Insufficiently Protected Credentials, : Improper Access Control vulnerability in Brivo ACS100, ACS300 allows Password Recovery Exploitation, Bypassing Physical Security.This issue affects ACS100,...