GHSA-f43r-cc68-gpx4: External Control of File Name or Path in Langflow

GHSA-5993-7p27-66g5: Langflow vulnerable to Server-Side Request Forgery

GHSA-24v3-254g-jv85: Tuta Mail has DOM attribute and CSS injection in its Contact Viewer feature

GHSA-4hx9-48xh-5mxr: Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization

GHSA-5j53-63w8-8625: FastAPI Users Vulnerable to 1-click Account Takeover in Apps Using FastAPI SSO

Failing to properly escape user input, the frontend login component is vulnerable to SQL Injection. A valid frontend user account is needed to exploit this vulnerability.

**SQL Injection in TYPO3 Frontend Login**

Moderate severity GitHub Reviewed Published Jun 5, 2024 to the GitHub Advisory Database • Updated Jun 5, 2024

Headline

GHSA-j86x-pjmr-9m6w: SQL Injection in TYPO3 Frontend Login

ghsa: Latest News