Podman Desktop is a graphical tool for developing on containers and Kubernetes. Prior to 1.26.2, an unauthenticated HTTP server exposed by Podman Desktop allows any network attacker to remotely trigger denial-of-service conditions and extract...
Open Access Management (OpenAM) is an access management solution. Prior to 16.0.6, OpenIdentityPlatform OpenAM is vulnerable to pre-authentication Remote Code Execution (RCE) via unsafe Java deserialization of the jato.clientSession HTTP parameter. This bypasses the...
Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Daily Sales management table. The...
OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations...
Plane is an an open-source project management tool. Prior to 1.3.0, a vulnerability was identified in Plane’s authentication flow where a user’s email address is included as a query parameter in the URL during...
A weakness has been identified in suvarchal docker-mcp-server up to 0.1.0. The impacted element is the function stop_container/remove_container/pull_image of the file src/index.ts of the component HTTP Interface. This manipulation causes os command injection. The...
A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the function GroovyEvaluator.evaluate of the file /openApi/addWorkflowNode of the component OpenAPI Endpoint. The manipulation of the argument nodeParams results in code...
Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in Wikimedia Foundation Mediawiki – Cargo Extension allows Stored XSS.This issue affects Mediawiki – Cargo Extension: before 3.8.7. More information :...
Improper neutralization of input during web page generation (‘cross-site scripting’) vulnerability in Wikimedia Foundation Mediawiki – Cargo Extension allows XSS Targeting Non-Script Elements.This issue affects Mediawiki – Cargo Extension: before 3.8.7. More information :...
Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in Wikimedia Foundation Mediawiki – Cargo Extension allows Stored XSS.This issue affects Mediawiki – Cargo Extension: before 3.8.7. More information :...
Improper neutralization of input during web page generation (‘cross-site scripting’) vulnerability in Wikimedia Foundation MediaWiki – ProofreadPage Extension allows XSS Targeting Non-Script Elements. The issue has been remediated on the `master` branch, and in...
Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in WikiWorks Mediawiki – Cargo Extension allows Stored XSS.This issue affects Mediawiki – Cargo Extension: before 3.8.7. More information : https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/1237979
Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a “Verified OK” result for attestations with malformed payloads or mismatched predicate types. For...
dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Inside the reusable workflow dbt-labs/actions/blob/main/.github/workflows/open-issue-in-repo.yml, the prep job uses peter-evans/find-comment to search for...