GHSA-83jg-m2pm-4jxj: Cowrie has a SSRF vulnerability in wget/curl emulation enabling DDoS amplification

GHSA-f43r-cc68-gpx4: External Control of File Name or Path in Langflow

GHSA-5993-7p27-66g5: Langflow vulnerable to Server-Side Request Forgery

GHSA-24v3-254g-jv85: Tuta Mail has DOM attribute and CSS injection in its Contact Viewer feature

GHSA-4hx9-48xh-5mxr: Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization

Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.

**Firefly III allows webhooks HTML Injection.**

Moderate severity GitHub Reviewed Published Jan 5, 2024 to the GitHub Advisory Database • Updated Jan 5, 2024

Headline

GHSA-vwv2-9wcj-64vx: Firefly III allows webhooks HTML Injection.

ghsa: Latest News