Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.
References
…
[thorsten/phpmyfaq] thorsten/phpmyfaq vulnerable privilege escalation from improper privilege management
thorsten/phpmyfaq prior to 3.1.12 is vulnerable to privilege escalation from improper privilege management. Any user with the ability to add a new user can create a user with super admin rights. This has been fixed in 3.1.12.
References
https://nvd.ni…
[Snappier] Snappier vulnerable to buffer overrun due to improper restriction of operations within the bounds of a memory buffer
Impact
This is a buffer overrun vulnerability that can affect any user of Snappier 1.1.0. In this release, much of the code was rewritten to use byte references rather than pointers to pinned buffers. This change generally improves performance and redu…
[MongoDB.Driver] MongoDB .NET/C# Driver vulnerable to Deserialization of Untrusted Data
Under very specific circumstances, a privileged user is able to cause arbitrary code to be executed which may cause further disruption to services. This is specific to applications written in C#. This affects all MongoDB .NET/C# Driver versions prior t…
[Microsoft.NetCore.App.Runtime.win-x64] .NET Remote Code Execution Vulnerability
Microsoft Security Advisory CVE-2023-21808: .NET Remote Code Execution Vulnerability
Executive summary
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guid…
[warp] Warp vulnerable to Path Traversal via Improper validation of Windows paths
Path resolution in warp::filters::fs::dir didn’t correctly validate Windows paths
meaning paths like /foo/bar/c:/windows/web/screen/img101.png would be allowed
and respond with the contents of c:/windows/web/screen/img101.png. Thus users
could potentia…
[org.apache.linkis:linkis] Apache Linkis contains Deserialization of Untrusted Data
In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source a…
[publify_core] Publify contains Weak Password Requirements
Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10.
References
https://nvd.nist.gov/vuln/detail/CVE-2023-0569
https://github.com/publify/publify/commit/8905e4e639cf03b758da558568a86c9816253b2d
https://huntr.dev/bounties/81…
[openmage/magento-lts] DataFlow upload remote code execution vulnerability
Impact
An administrator with the permissions to upload files via DataFlow and to create products was able to execute arbitrary code via the convert profile.
References
https://github.com/OpenMage/magento-lts/security/advisories/GHSA-h632-p764-pjqm
ht…
[openmage/magento-lts] Fix for authenticated remote code execution through layout update
Impact
A layout block was able to bypass the block blacklist to execute remote code.
References
https://github.com/OpenMage/magento-lts/security/advisories/GHSA-5j2g-3ph4-rgvm
https://github.com/OpenMage/magento-lts/releases/tag/v19.4.22
https://githu…