@builder.io/qwik prior to version 0.16.2 is vulnerable to cross-site scripting due to attribute names and the class attribute values not being properly handled.
References
https://nvd.nist.gov/vuln/detail/CVE-2023-0410
https://github.com/builderio/qwi…
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.
References
https://nvd.nist.gov/vuln/detail/CVE-2023-0406
https://github.com/modoboa/modoboa/commit/7f0573e917227686d2cc127be1364e2908740807
https://huntr.dev/bount…
A security problem involving peer certificate verification was found where failed verification silently did nothing, making affected applications vulnerable to attackers. Attackers could lead a client application to believe that a secure connection to …
Modoboa 2.0.3 and prior is vulnerable to Cross-Site Request Forgery. A patch is available and anticipated to be part of version 2.0.4.
References
https://nvd.nist.gov/vuln/detail/CVE-2023-0398
https://github.com/modoboa/modoboa/commit/8e14ac93669df4f3…
Rapid7 Velociraptor did not properly sanitize the client ID parameter to the CreateCollection API, allowing a directory traversal in where the collection task could be written. It was possible to provide a client id of “../clients/server” to schedule t…
There is a vulnerability in Action Controller’s redirect_to. This vulnerability has been assigned the CVE identifier CVE-2023-22797.
Versions Affected: >= 7.0.0 Not affected: < 7.0.0 Fixed Versions: 7.0.4.1
Impact
There is a possible open redirec…
Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function and other aspects of the API, which use an insecure regular expression for parsing cookie values. Applications c…
A vulnerability was found in melnaron mel-spintax. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lib/spintax.js. The manipulation of the argument text leads to inefficient regular expression complexi…
Impact
It is possible to put the same line item multiple one in the cart using API, the Cart Validators checked the line item’s individuality and the user was able to skip the clearance sale in cart
Patches
The problem has been fixed with 6.4.18.1
Work…
A vulnerability has been found in Sisimai up to 4.25.14p11 and classified as problematic. This vulnerability affects the function to_plain of the file lib/sisimai/string.rb. The manipulation leads to inefficient regular expression complexity. The explo…
