Source
ghsa
A vulnerability was found in Macaron i18n. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file i18n.go. The manipulation leads to open redirect. The attack can be launched remotely. Upgrading to version 0.5.0 can address this issue. The name of the patch is 329b0c4844cc16a5a253c011b55180598e707735. It is recommended to upgrade the affected component. The identifier VDB-216745 was assigned to this vulnerability.
Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request.
Snipe-IT before 6.0.14 is vulnerable to Cross Site Scripting (XSS) for View Assigned Assets.
Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp.
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
usememos/memos is an open-source, self-hosted memo hub with knowledge management and socialization. Improper Access Control in GitHub repository usememos/memos prior to 0.9.0.
usememos/memos is an open-source, self-hosted memo hub with knowledge management and socialization. Memos prior to 0.9.0 has a feature to upload file and display it, and by uploading a crafted SVG file, an attacker could perform a stored cross-site scripting attack with the image direct link. This was patched in version 0.9.0.
usememos/memos is an open-source, self-hosted memo hub with knowledge management and socialization. Versions prior to 0.9.0 improperly maintain access control allowing an attacker to take over an account by changing header values in the HTTP request.
usememos/memos is an open-source, self-hosted memo hub with knowledge management and socialization. Memos versions prior to 0.9.0 are vulnerable to improper authorization, which can allow a user to modify the nickname, username and email of other users without permission.
usememos/memos is an open-source, self-hosted memo hub with knowledge management and socialization. Memos prior to 0.9.0 is missing the Secure cookie attribute, making it vulnerable to session hijacking.