Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-5873

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 11.1.0.

CVE
#xss#git
CVE-2023-46451: GitHub - sajaljat/CVE-2023-46451

Best Courier Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the change username field.

Meta Launches Paid Ad-Free Subscription in Europe to Satisfy Privacy Laws

Meta on Monday announced plans to offer an ad-free option to access Facebook and Instagram for users in the European Union (EU), European Economic Area (EEA), and Switzerland to comply with "evolving" data protection regulations in the region. The ad-free subscription, which costs €9.99/month on the web or €12.99/month on iOS and Android, is expected to be officially available starting next

CVE-2023-46361: z-vulnerabilitys/jbig2dec-SEGV/jbig2dec-SEGV.md at main · Frank-Z7/z-vulnerabilitys

Artifex Software jbig2dec v0.20 was discovered to contain a SEGV vulnerability via jbig2_error at /jbig2dec/jbig2.c.

GHSA-34w4-wrqp-j47g: Sensitive cookie in HTTPS session without 'Secure' attribute in thorsten/phpmyfaq

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1.

GHSA-prrv-r843-4p75: Cross-site Scripting (XSS) in thorsten/phpmyfaq

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2.

GHSA-f728-prhw-2g68: Insufficient Session Expiration in thorsten/phpmyfaq

Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2.

GHSA-4gpm-r23h-gprw: generator-jhipster allows a timing attack against validateToken due to a string comparison that stops at the first character

JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces the search space to a linear amount of guesses based on the token length times the possible characters.

GHSA-g5hp-328h-jj98: phpMyFAQ Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1.

GHSA-7q5f-29gx-57ff: Cross-site Scripting (XSS) in microweber/microweber

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.