xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules but fails to handle eavesdrop =’true’ (with...
mise manages dev tools like node, python, cmake, and terraform. From 2026.2.18 through 2026.4.5, mise loads trust-control settings from a local project .mise.toml before the trust check runs. An attacker who can place a...
OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations...
Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Daily Sales management table. The...
Plane is an an open-source project management tool. Prior to 1.3.0, a vulnerability was identified in Plane’s authentication flow where a user’s email address is included as a query parameter in the URL during...
Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in Wikimedia Foundation Mediawiki – Cargo Extension allows Stored XSS.This issue affects Mediawiki – Cargo Extension: before 3.8.7. More information :...
A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the function GroovyEvaluator.evaluate of the file /openApi/addWorkflowNode of the component OpenAPI Endpoint. The manipulation of the argument nodeParams results in code...
A weakness has been identified in suvarchal docker-mcp-server up to 0.1.0. The impacted element is the function stop_container/remove_container/pull_image of the file src/index.ts of the component HTTP Interface. This manipulation causes os command injection. The...
Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in Wikimedia Foundation Mediawiki – Cargo Extension allows Stored XSS.This issue affects Mediawiki – Cargo Extension: before 3.8.7. More information :...
Improper neutralization of input during web page generation (‘cross-site scripting’) vulnerability in Wikimedia Foundation Mediawiki – Cargo Extension allows XSS Targeting Non-Script Elements.This issue affects Mediawiki – Cargo Extension: before 3.8.7. More information :...
Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a “Verified OK” result for attestations with malformed payloads or mismatched predicate types. For...
Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in WikiWorks Mediawiki – Cargo Extension allows Stored XSS.This issue affects Mediawiki – Cargo Extension: before 3.8.7. More information : https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/1237979
Improper neutralization of input during web page generation (‘cross-site scripting’) vulnerability in Wikimedia Foundation MediaWiki – ProofreadPage Extension allows XSS Targeting Non-Script Elements. The issue has been remediated on the `master` branch, and in...
JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing patch for CVE-2024-28102 limits input...