GHSA-pj86-258h-qrvf: Weblate's over‑permissive webhook endpoint enables mass repository updates and component enumeration

GHSA-vr6p-vq2p-6j74: LikeC4 has RCE through vulnerable React and Next.js versions

GHSA-wwrj-3hvj-prpm: Misskey has a login rate limit bypass via spoofed X-Forwarded-For header

GHSA-496g-mmpw-j9x3: misskey.js's export data contains private post data

GHSA-m6hq-f4w9-qrjj: Weblate has improper validation upon invitation acceptance

The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID parameter. This allows an attacker to read all messages sent between other users; including those sent only to administrators.

**Missing access control in Silverpeas**

High severity GitHub Reviewed Published Dec 13, 2023 to the GitHub Advisory Database • Updated Dec 13, 2023

Headline

GHSA-cwh6-hm53-6w2m: Missing access control in Silverpeas

ghsa: Latest News