For providers | HunCERT group

15 Nov 2024

Riasztás

NA - CVE-2021-3987 - An improper access control vulnerability exists...

An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the...

security-database.com

15 Nov 2024

Riasztás

NA - CVE-2021-3988 - A Cross-site Scripting (XSS) vulnerability...

A Cross-site Scripting (XSS) vulnerability exists in janeczku/calibre-web, specifically in the file `edit_books.js`. The vulnerability occurs when editing book properties, such as uploading a cover...

security-database.com

15 Nov 2024

Riasztás

NA - CVE-2021-3991 - An Improper Authorization vulnerability exists...

An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to...

security-database.com

15 Nov 2024

Riasztás

NA - CVE-2022-1226 - A Cross-Site Scripting (XSS) vulnerability in...

A Cross-Site Scripting (XSS) vulnerability in phpipam/phpipam versions prior to 1.4.7 allows attackers to execute arbitrary JavaScript code in the browser of a victim. This vulnerability affects...

security-database.com

15 Nov 2024

Riasztás

NA - CVE-2022-1884 - A remote command execution vulnerability exists...

A remote command execution vulnerability exists in gogs/gogs versions

security-database.com

15 Nov 2024

Riasztás

NA - CVE-2023-0109 - A stored cross-site scripting (XSS)...

A stored cross-site scripting (XSS) vulnerability was discovered in usememos/memos version 0.9.1. This vulnerability allows an attacker to upload a JavaScript file containing a malicious script and...

security-database.com

15 Nov 2024

Riasztás

NA - CVE-2023-0737 - wallabag version 2.5.2 contains a Cross-Site...

wallabag version 2.5.2 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to arbitrarily delete user accounts via the /account/delete endpoint. This issue is fixed in...

security-database.com

15 Nov 2024

Riasztás

NA - CVE-2023-2332 - A stored Cross-site Scripting (XSS)...

A stored Cross-site Scripting (XSS) vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the...

security-database.com

15 Nov 2024

Riasztás

NA - CVE-2023-4679 - A use after free vulnerability exists in GPAC...

A use after free vulnerability exists in GPAC version 2.3-DEV-revrelease, specifically in the gf_filterpacket_del function in filter_core/filter.c at line 38. This vulnerability can lead to a...

security-database.com

15 Nov 2024

Riasztás

NA - CVE-2024-0787 - phpIPAM version 1.5.1 contains a vulnerability...

phpIPAM version 1.5.1 contains a vulnerability where an attacker can bypass the IP block mechanism to brute force passwords for users by using the 'X-Forwarded-For' header. The issue lies...

security-database.com

Phone:	+36 1 279 6222 9am to 4pm
E-mail:	cert@cert.hu
Address:	H-1111 Budapest, Kende u. 13-17.