Magánszemélyeknek

A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer Release on 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.

A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to...

A vulnerability was found in nescalante urlregex up to 0.5.0 and classified as problematic. This issue affects some unknown processing of the file index.js of the component Backtracking. The...

A vulnerability has been found in Secure Systems Engineering Connaisseur up to 3.3.0 and classified as problematic. This vulnerability affects unknown code of the file...

eLabFTW is an open source electronic lab notebook for research labs. By uploading specially crafted files, a regular user can create a circumstance where a visitor's browser runs arbitrary...

actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of `actions/artifact` before 2.1.7 are vulnerable to arbitrary file write when using `downloadArtifactInternal`,...

Halo is an open source website building tool. A security vulnerability has been identified in versions prior to 2.17.0 of the Halo project. This vulnerability allows an attacker to execute...

audiobookshelf is a self-hosted audiobook and podcast server. A non-admin user is not allowed to create libraries (or access only the ones they have permission to). However, the `LibraryController`...

Jellyfin is an open source self hosted media server. The Jellyfin user profile image upload accepts SVG files, allowing for a stored XSS attack against an admin user via a specially crafted...

In the Linux kernel, the following vulnerability has been resolved: fuse: Initialize beyond-EOF page contents before setting uptodate fuse_notify_store(), unlike fuse_do_readpage(), does not...