A vulnerability was found in docconv up to 1.2.0 and classified as problematic. This issue affects the function ConvertDocx/ConvertODT/ConvertPages/ConvertXML/XMLToText. The manipulation leads to uncontrolled memory allocation. The attack may be initia…
[github.com/go-macaron/i18n] Macaron i18n Open Redirect vulnerability
A vulnerability was found in Macaron i18n. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file i18n.go. The manipulation leads to open redirect. The attack can be launched remotely. Upgrading to v…
[snipe/snipe-it] Snipe-IT vulnerable to Cross Site Scripting for View Assigned Assets
Snipe-IT before 6.0.14 is vulnerable to Cross Site Scripting (XSS) for View Assigned Assets.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-44380
https://census-labs.com/news/2022/12/23/multiple-vulnerabilities-in-snipe-it/
https://github.com/ad…
[snipe/snipe-it] Snipe-IT allows attackers to check whether a user account exists
Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-44381
https://census-labs.com/news/2022/12/23/multiple-vu…
[github.com/usememos/memos] usememos/memos vulnerable to stored Cross-site Scripting
Cross-site Scripting (XSS) – Stored in GitHub repository usememos/memos prior to 0.9.0.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-4692
https://github.com/usememos/memos/commit/c07b4a57caa89905e54b800f4d8fb720bbf5bf82
https://huntr.dev/bount…
[github.com/usememos/memos] usememos/memos vulnerable to improper access control
Improper Access Control in GitHub repository usememos/memos prior to 0.9.0.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-4685
https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9
https://huntr.dev/bounties/015dbf52…
[github.com/usememos/memos] usememos/memos vulnerable to stored cross-site scripting (XSS)
usememos/memos is an open-source, self-hosted memo hub with knowledge management and socialization. Memos prior to 0.9.0 has a feature to upload file and display it, and by uploading a crafted SVG file, an attacker could perform a stored cross-site scr…
[github.com/usememos/memos] usememos/memos missing Secure cookie attribute
usememos/memos is an open-source, self-hosted memo hub with knowledge management and socialization. Memos prior to 0.9.0 is missing the Secure cookie attribute, making it vulnerable to session hijacking.
References
https://nvd.nist.gov/vuln/detail/CVE…
[tauri] Tauri Filesystem Scope Glob Pattern is too Permissive
Impact
The filesystem glob pattern wildcards *, ?, and […] match file path literals and leading dots by default, which unintentionally exposes sub folder content of allowed paths.
Example: The fs scope $HOME/*.key would also allow $HOME/.ssh/secret.k…
[text_helpers] text_helpers uses web link to untrusted target with window.opener access
A vulnerability was found in ahorner text-helpers 1.1.0/1.1.1. This vulnerability affects unknown code of the file lib/text_helpers/translation.rb. The manipulation of the argument link leads to use of web link to untrusted target with window.opener ac…