hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. Date published : 2023-02-04 https://chromium.googlesource.com/chromium/sr…; https://github.com/harfbuzz/harfbuzz/blob/282…;
An improper neutralization of input during web page generation (‘Cross-site Scripting’) [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS)...
Improper Authorization in GitHub repository phpipam/phpipam prior to v1.5.1. Date published : 2023-02-04 https://huntr.dev/bounties/8d299377-be00-46dc…; https://github.com/phpipam/phpipam/commit/196…;
Cross-site Scripting (XSS) – Reflected in GitHub repository phpipam/phpipam prior to v1.5.1. Date published : 2023-02-04 https://huntr.dev/bounties/d280ae81-a1c9-4a50…; https://github.com/phpipam/phpipam/commit/8fb…;
Cross-site Scripting (XSS) – Reflected in GitHub repository phpipam/phpipam prior to 1.5.1. Date published : 2023-02-04 https://huntr.dev/bounties/b72d4f0c-8a96-4b40…; https://github.com/phpipam/phpipam/commit/94e…;
A vulnerability, which was classified as critical, was found in Calendar Event Management System 2.3.0. This affects an unknown part. The manipulation of the argument start/end leads to sql injection. It is possible to...
A vulnerability, which was classified as problematic, has been found in XXL-JOB 2.3.1. Affected by this issue is some unknown functionality of the file /user/updatePwd of the component New Password Handler. The manipulation leads...
A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file oews/products/view_product.php. The manipulation of the argument id leads to sql...
In Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows. Date published :...
SwagPayPal is a PayPal integration for shopware/platform. If JavaScript-based PayPal checkout methods are used (PayPal Plus, Smart Payment Buttons, SEPA, Pay Later, Venmo, Credit card), the amount and item list sent to PayPal may...
OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. `is_valid_eth_signature` is missing a call to `finalize_keccak` after calling `verify_eth_signature`. As a result,...
Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. The upload functionality for updating user profile does not properly validate the file content-type, allowing any...
OpenSearch Anomaly Detection identifies atypical data and receives automatic notifications. There is an issue with the application of document and field level restrictions in the Anomaly Detection plugin, where users with the Anomaly Detector...
OpenDDS is an open source C++ implementation of the Object Management Group (OMG) Data Distribution Service (DDS). OpenDDS applications that are exposed to untrusted RTPS network traffic may crash when parsing badly-formed input. This...
