HIGH

Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.3.2.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-4732
https://github.com/microweber/microweber/commit/0d279ac81052ce7ee97c18c811a9b8e912189d…

Denial of Service in GitHub repository usememos/memos 0.9.0 and prior. A patch is available on the main branch at commit number f888c628408501daf639de07b90a72ab443b0f4c.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-4767
https://github.com/usem…

In December 2022, threat actors impersonated SentinelOne by uploading fake software development kits (SDKs) onto PyPI. The SDKs contain fully functional SentinelOne clients, but the packages also contained malicious backdoors that are only executed whe…

Impact
The Connection handler in Hazelcast and Hazelcast Jet allows an unauthenticated, remote attacker to access and manipulate data in the cluster with another authenticated connection’s identity.
The affected Hazelcast versions are through 3.12.12, …

A vulnerability was found in email-existence. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The manipulation leads to inefficient regular expression complexity. The name of the patch is 002…

golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service…

A vulnerability classified as problematic has been found in cronvel tree-kit up to 0.6.x. This affects an unknown part. The manipulation leads to improperly controlled modification of object prototype attributes (‘prototype pollution’). Upgrading to ve…

A vulnerability classified as critical was found in SimbCo httpster. This vulnerability affects the function fs.realpathSync of the file src/server.coffee. The manipulation leads to path traversal. The exploit has been disclosed to the public and may b…

Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-45197
https://github.com/poezio/slixmpp/commits/master…

Improper Access Control in GitHub repository usememos/memos prior to 0.9.0.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-4684
https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9
https://huntr.dev/bounties/b66f2bdd…