A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes (‘p…
[inline_svg] Inline SVG vulnerable to Cross-site Scripting
A vulnerability has been found in jamesmartin Inline SVG up to 1.7.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file lib/inline_svg/action_view/helpers.rb of the component URL Parameter Handler. The…
[github.com/agnivade/easy-scrypt] easy-scrypt Observable Timing Discrepancy vulnerability
A vulnerability, which was classified as problematic, was found in agnivade easy-scrypt. Affected is the function VerifyPassphrase of the file scrypt.go. The manipulation leads to observable timing discrepancy. Upgrading to version 1.0.0 can address th…
[github.com/usememos/memos] usememos/memos vulnerable to stored Cross-site Scripting
Cross-site Scripting (XSS) – Stored in GitHub repository usememos/memos prior to 0.10.0.
References
https://nvd.nist.gov/vuln/detail/CVE-2023-0106
https://github.com/usememos/memos/commit/0f8ce3dd1696722f951d7195ad1f88b39a5d15d7
https://huntr.dev/boun…
[github.com/usememos/memos] usememos/memos vulnerable to stored Cross-site Scripting
Cross-site Scripting (XSS) – Stored in GitHub repository usememos/memos prior to 0.10.0.
References
https://nvd.nist.gov/vuln/detail/CVE-2023-0107
https://github.com/usememos/memos/commit/0f8ce3dd1696722f951d7195ad1f88b39a5d15d7
https://huntr.dev/boun…
[github.com/usememos/memos] usememos/memos vulnerable to stored Cross-site Scripting
Cross-site Scripting (XSS) – Stored in GitHub repository usememos/memos prior to 0.10.0.
References
https://nvd.nist.gov/vuln/detail/CVE-2023-0112
https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c
https://huntr.dev/boun…
[github.com/usememos/memos] usememos/memos vulnerable to stored Cross-site Scripting
Cross-site Scripting (XSS) – Stored in GitHub repository usememos/memos prior to 0.10.0.
References
https://nvd.nist.gov/vuln/detail/CVE-2023-0111
https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c
https://huntr.dev/boun…
[github.com/usememos/memos] usememos/memos vulnerable to stored Cross-site Scripting
Cross-site Scripting (XSS) – Stored in GitHub repository usememos/memos prior to 0.10.0.
References
https://nvd.nist.gov/vuln/detail/CVE-2023-0110
https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c
https://huntr.dev/boun…
[github.com/usememos/memos] usememos/memos vulnerable to stored Cross-site Scripting
Cross-site Scripting (XSS) – Stored in GitHub repository usememos/memos prior to 0.10.0.
References
https://nvd.nist.gov/vuln/detail/CVE-2023-0108
https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c
https://huntr.dev/boun…
[tokio] Tokio reject_remote_clients configuration may get dropped when creating a Windows named pipe
Impact
When configuring a Windows named pipe server, setting pipe_mode will reset reject_remote_clients to false. If the application has previously configured reject_remote_clients to true, this effectively undoes the configuration. This also applies i…