Riasztások

Cognition Devin before 2024-12-12 provides write access to code by an attacker who discovers the https://vscode-randomly_generated_string.devinapps.com URL (aka the VSCode live share URL) for a...

CyberPanel before 2.3.8 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the phpSelection field to the websites/submitWebsiteCreation URI.

An issue has been discovered in GitLab CE/EE affecting all versions from 16.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. By using a specific GraphQL query, under specific conditions...

An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads...

The Tithe.ly Giving Button WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which...

An issue was discovered in Logpoint UniversalNormalizer before 5.7.0. Authenticated users can inject payloads while creating Universal Normalizer. These are executed, leading to Remote Code Execution.

An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while creating Search Template Dashboard. These are executed, leading to Server-Side Template Injection.

An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads in Report Templates. These are executed when the backup process is initiated, leading to Remote Code...

An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while querying Search Template Dashboard. These are executed, leading to Server-Side Template Injection.

CyberPanel (aka Cyber Panel) before f0cf648 allows XSS via token or username to plogical/phpmyadminsignin.php.