Cross-site Scripting (XSS) – Reflected in GitHub repository viliusle/minipaint prior to 4.14.0. Date published : 2023-12-01 https://github.com/viliusle/minipaint/commit/f22cb46515c91b1071d48fff3e6c9b92c9b3878c https://huntr.com/bounties/9a97d163-1738-4a09-b284-a04716e69dd0
The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the ‘validate’ function and insufficient blocklisting on the ‘wpcf7_antiscript_file_name’ function in versions up to,...
Improper neutralization of input in Jira integration configuration in GitLab CE/EE, affecting all versions from 15.10 prior to 16.6.1, 16.5 prior to 16.5.3, and 16.4 prior to 16.4.3 allows attacker to execute javascript in...
An issue has been discovered in GitLab EE affecting all versions starting from 16.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for...
A vulnerability of Uncontrolled Resource Consumption has been identified in STARDOM provided by Yokogawa Electric Corporation. This vulnerability may allow to a remote attacker to cause a denial-of-service condition to the FCN/FCJ controller by...
Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Read Sensitive Strings Within an Executable.This issue affects Education Portal: before v1.1. Date published : 2023-12-01 https://www.usom.gov.tr/bildirim/tr-23-0670
Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Command Injection.This issue affects Education Portal: before v1.1. Date published : 2023-12-01 https://www.usom.gov.tr/bildirim/tr-23-0670
Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ArslanSoft Education Portal allows Account Footprinting.This issue affects Education Portal: before v1.1. Date published : 2023-12-01 https://www.usom.gov.tr/bildirim/tr-23-0670
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in ArslanSoft Education Portal allows SQL Injection.This issue affects Education Portal: before v1.1. Date published : 2023-12-01 https://www.usom.gov.tr/bildirim/tr-23-0670
A local non-privileged user can make improper GPU processing operations to gain access to already freed memory. Date published : 2023-12-01 https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
An issue has been discovered in GitLab affecting all versions before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. Under certain circumstances, a malicious actor bypass prohibited...
RuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via /system/dept/edit. Date published : 2023-12-01 https://github.com/Maverickfir/RuoYi-v4.6-vulnerability/blob/main/Ruoyiv4.6.md
An issue has been discovered in GitLab EE affecting all versions starting from 10.5 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for...
Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/staff_act.php. Date published : 2023-12-01 https://github.com/Vuln0wned/slims_owned/blob/main/slims/slims9-bulian-9.6.1-SQLI-staff_act.md https://github.com/slims/slims9_bulian/issues/209
