HIGH

ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-4664…

Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-437…

Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8.
References

https://nvd.nist.gov/vuln/detail/CVE-2023-0315
https://github.com/froxlor/froxlor/commit/090cfc26f2722ac3036cc7fd1861955bc36f065a
https://huntr.dev/bounties/ff4e177b-ba4…

A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of …

Impact
A Path Traversal Vulnerability found in the apoc.export.* procedures of apoc plugins in Neo4j Graph database.
The issue allows a malicious actor to potentially break out of the expected directory. The vulnerability is such that files could only …

Uncontrolled Search Path Element in GitHub repository bits-and-blooms/bloom prior to 3.3.1.
References

https://nvd.nist.gov/vuln/detail/CVE-2023-0247
https://github.com/bits-and-blooms/bloom/commit/658f1393d4c52254a3d22f5f64f217405ec5fefb
https://hunt…

Summary
RSSHub is vulnerable to Server-Side Request Forgery (SSRF) attacks. This vulnerability allows an attacker to send arbitrary HTTP requests from the server to other servers or resources on the network.
Description
An attacker can exploit this vul…

A vulnerability, which was classified as critical, was found in IonicaBizau node-gry up to 5.x. This affects an unknown part. The manipulation leads to command injection. Upgrading to version 6.0.0 is able to address this issue. The name of the patch i…

Impact
The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default configuration, unless input is sanitized. The vulnerability …

A vulnerability was found in Prestaul skeemas and classified as problematic. This issue affects some unknown processing of the file validators/base.js. The manipulation of the argument uri leads to inefficient regular expression complexity. The name of…