Microweber versions 1.2.17 and prior are vulnerable to cross-site scripting. A patch is available on the dev laravel9-php8 branch of the repository.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-2130
https://github.com/microweber/microweber/com…
Impact
org.apache.nifi.authentication.single.user.writer.StandardLoginCredentialsWriter contains a local information disclosure vulnerability due to writing credentials (username and password) to a file that is readable by all other users on unix-like …
Impact
Certain types of invalid files requests are not handled properly and can crash the server. If you are running multiple Parse Server instances in a cluster, the availability impact may be low; if you are running Parse Server as a single instance …
python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service (ReDoS) flaw in the LDAP schema parser. By sending crafted regex input, a remote …
The got package before 12.1.0 for Node.js allows a redirect to a UNIX socket.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-33987
https://github.com/sindresorhus/got/pull/2047
https://github.com/sindresorhus/got/compare/v12.0.3…v12.1.0
https:…
Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-2112
https://github.com/inventree/inventree/commit/26bf51c20a1c9b3130ac5dd2e17649be…
All versions of package pg-native; all versions of package libpq are vulnerable to Denial of Service (DoS) when the addons attempt to cast the second argument to an array and fail. This happens for every non-array argument passed. Note: pg-native is a …
Improperly handled errors in @discordjs/opus cause hard crashes instead of returning the error to user land.”, “details”: “All versions of package @discordjs/opus (<= 0.7.0) are vulnerable to Denial of Service (DoS) when trying to encode using an en…
This affects all versions of package mout. The deepFillIn function can be used to ‘fill missing properties recursively’, while the deepMixIn mixes objects into the target object, recursively mixing existing child objects as well. In both cases, the key…
All versions of package fast-string-search are vulnerable to Denial of Service (DoS) when computations are incorrect for non-string inputs. One can cause the V8 to attempt reading from non-permitted locations and cause a segmentation fault due to the v…
