For providers

Apollo is a configuration management system. A vulnerability exists in the synchronization configuration feature that allows users to craft specific requests to bypass permission checks. This...

MEGABOT is a fully customized Discord bot for learning and fun. The `/math` command and functionality of MEGABOT versions < 1.5.0 contains a remote code execution vulnerability due to a Python...

LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A user could utilize and exploit SQL Injection to allow the execution...

Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information....

Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not..

The pagination class includes arbitrary parameters in links, leading to cache poisoning attack vectors.

The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions.

Improper Access Controls allows backend users to overwrite their username when disallowed.

The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors.

SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_editplayer.php imposes restrictions on edited files, attackers can still bypass these...