Latest medium severity Vulnerabilities

Wiki.js Stored XSS through Client Side Template Injection
Stacklok Minder vulnerable to denial of service from maliciously crafted templates
go/github.com/stacklok/minder<0.0.50
Minder engine is susceptible to a denial of service from memory exhaustion that can be triggered from maliciously created templates. Minder engine uses templating to generate strings for various use ...
go/github.com/stacklok/minder<0.0.50
Trivy possibly leaks registry credential when scanning images from malicious registries
go/github.com/aquasecurity/trivy<0.51.2
## Impact If a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials for legitimate registries such as AWS ...
go/github.com/aquasecurity/trivy<0.51.2
### Impact Users with access to a form's settings can include malicious Twig code into fields that support Twig. These might be the Submission Title or the Success Message. This code will then be exec...
composer/verbb/formie<2.1.6
verbb/formie Server-Side Template Injection for variable-enabled settings
composer/verbb/formie<2.1.6
When making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same origin will continue to ignore cer...
pip/requests<2.32.0
Requests `Session` object does not verify requests after making first request with verify=False
pip/requests<2.32.0
The PHP file view/about.php is vulnerable to an XSS issue due to no sanitization of the user agent. At line [53], the website gets the user-agent from the headers through $_SERVER['HTTP_USER_AGENT'] ...
composer/wwbn/avideo<14.3
A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the `bundle()`, `parse()`, `resolve()`, `dereference()`...
npm/@apidevtools/json-schema-ref-parser>=11.0.0<=11.1.0
SolarWinds Platform Reflected XSS Vulnerability
A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the `bundle()`, `parse()`, `resolve()`, `dereference()`...
npm/@apidevtools/json-schema-ref-parser>=11.0.0<=11.1.0
A vulnerability has been identified in the robrichards/xmlseclibs library, specifically related to XPath injection. The issue arises from inadequate filtering of user input before it is incorporated i...
composer/robrichards/xmlseclibs>=1.0.0<3.0.2
Zoho ManageEngine ADAudit Plus through 7251 allows SQL injection while getting file server details.
Zoho ManageEngine ADAudit Plus through 7251 allows SQL Injection while exporting a full summary report.
Zoho ManageEngine ADAudit Plus through 7251 allows SQL injection in the dashboard graph feature.
The service offered by Pusher provides "private" channels with an authentication mechanism that restricts subscription access. The decision on allowing subscriptions to private channels is delegated t...
composer/pusher/pusher-php-server<2.2.1
Zoho ManageEngine ADAudit Plus through 7251 allows SQL injection while adding file shares.
The limit() query method is susceptible to catastrophic SQL injection with MySQL. For example, given a model User for a table users: ``` UserQuery::create()->limit('1;DROP TABLE users')->find(); ``` ...
composer/propel/propel1>=1<=1.7.1
Zoho ManageEngine ADAudit Plus through 7251 allows SQL injection in the aggregate reports search option.
The limit() query method is susceptible to catastrophic SQL injection with MySQL. For example, given a model User for a table users: ``` UserQuery::create()->limit('1;DROP TABLE users')->find(); ``` ...
composer/propel/propel>=2.0.0-alpha1<=2.0.0-alpha7
Versions preceding 0.6.1 of the phpxmlrpc/extras project are susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability exists within the class documenting_xmlrpc_server when proces...
composer/phpxmlrpc/extras<0.6.1
### Description A user could create and share a resource with a malicious URI. When the victim opens with menu “Open URI in a new tab” function, the malicious page has access to the window.opener obje...
composer/passbolt/passbolt_api<2.11.0
### Description An administrator can craft a user with a malicious first name and last name, using a payload such as ``` <svg onload="confirm(document.domain)">'); ?></svg> ``` The user will then rece...
composer/passbolt/passbolt_api<2.11.0
ASUS OVPN RCE
Passbolt provides a way for system administrators to generate a PGP key for the server during installation. The wizard requests a username, an e-mail address and an optional comment. No escaping or ve...
composer/passbolt/passbolt_api<2.7.0
Passbolt sends e-mail to users to warn them about different type of events such as the creation, modification or deletion of a password. Those e-mails may contain user-specified input, such as a passw...
composer/passbolt/passbolt_api<2.7.0
### Summary Servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a MitM attack. #...
pip/aiosmtpd<1.4.6
### Impact Executing policy checks using custom schematron files invokes an XSL transformation that may theoretically lead to a remote code execution (RCE) vulnerability. ### Patches This has been ...
maven/org.verapdf:library-jakarta<1.24.2
maven/org.verapdf:library<1.24.2
maven/org.verapdf:library-arlington<1.25.127
maven/org.verapdf:core-arlington<1.25.127
maven/org.verapdf:core-jakarta<1.24.2
maven/org.verapdf:core<1.24.2
OroPlatform is prone to open redirection which could allow attackers to redirect users to external website.
composer/oro/platform>=1.7.0<1.7.4
OroCRM is prone to open redirection which could allow attackers to redirect users to external website.
composer/oro/crm>=1.7.0<1.7.4
Improper Access Control in lunary-ai/lunary
OpenText ArcSight Enterprise Security Manager and ArcSight Platform Stored XSS
OpenText ArcSight Enterprise Security Manager and ArcSight Platform Stored XSS
Zoho ManageEngine PAM360 version 6601 is vulnerable to authorization vulnerability which allows a low-privileged user to perform admin actions. Note: This vulnerability affects only the PAM360 6600 ve...
Improper Input Validation in mintplex-labs/anything-llm
Zoho ManageEngine ADAudit Plus through 7251 allows SQL Injection while getting aggregate report data.
Fluent Bit Memory Corruption Vulnerability
## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4qqq-9vqf-3h3f. This link is maintained to preserve external references. ## Original Description In scrapy/scr...
pip/scrapy<2.11.2
Missing Authorization on Delete Datasets in lunary-ai/lunary
PHPGurukul Directory Management System index.php sql injection
SourceCodester Electricity Consumption Monitoring Tool delete-bill.php sql injection
Important: thunderbird security update
Red Hat Red Hat Enterprise Linux for Power, little endian
Red Hat Red Hat Enterprise Linux Server - Extended Life Cycle Support
Red Hat Red Hat Enterprise Linux Desktop
Red Hat Red Hat Enterprise Linux Server
Red Hat Red Hat Enterprise Linux Workstation
redhat/thunderbird<115.11.0-1.el7_9
and 4 more
SourceCodester Event Registration System cross site scripting
SourceCodester Event Registration System sql injection
SourceCodester Event Registration System cross site scripting
SourceCodester Event Registration System sql injection
Important: thunderbird security update
Red Hat Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions
Red Hat Red Hat Enterprise Linux Server - AUS
Red Hat Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions
Red Hat Red Hat Enterprise Linux Server - TUS
redhat/thunderbird<115.11.0-1.el8_4
redhat/thunderbird<115.11.0-1.el8_4
and 5 more
SourceCodester Event Registration System sql injection

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203