GHSA-wwc9-wmm3-2pmf: DNN.PLATFORM Allows Stored Cross-Site Scripting (XSS) in Activity Feed

GHSA-pf4h-vrv6-cmvr: DNN.PLATFORM Allows Reflected Cross-Site Scripting (XSS) in some TokenReplace situations with SkinObjects

GHSA-7cjh-xx4r-qh3f: sentry-android unmasked sensitive data in Android Session Replays for users of Jetpack Compose 1.8+

GHSA-gpfc-mph4-qm24: Velociraptor vulnerable to privilege escalation via UpdateConfig artifact

GHSA-5644-3vgq-2ph5: Crafter Studio Groovy Sandbox Bypass

It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party extensions.

**TYPO3 Information Disclosure of Installed Extensions**

Moderate severity GitHub Reviewed Published Jun 7, 2024 to the GitHub Advisory Database • Updated Jun 7, 2024

Headline

GHSA-f624-8hfq-5fh3: TYPO3 Information Disclosure of Installed Extensions

ghsa: Latest News