Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-6pmj-xjxp-p8g9
  • Packagist/librenms/librenms
 LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint yesterday
  • No fix available
  • Severity - 5.5 (Medium)
GHSA-83v7-c2cf-p9c2
  • Packagist/drupal/core
 Drupal core allows Forceful Browsing yesterday
  • Fix available
  • Severity - 2.7 (Low)
GHSA-h89p-5896-f4q8
  • Packagist/drupal/core
 Drupal core allows Content Spoofing yesterday
  • Fix available
  • Severity - 2.1 (Low)
GHSA-m6vv-vcj8-w8m7
  • Packagist/drupal/core
 Drupal core allows Object Injection yesterday
  • Fix available
  • Severity - 4.5 (Medium)
GHSA-mhpg-hpj5-73r2
  • Packagist/drupal/core
 Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels yesterday
  • Fix available
  • Severity - 1.7 (Low)
GHSA-gg35-374m-9ph8
  • Packagist/drupal/simple_multistep
 Drupal Simple multi step form allows Cross-Site Scripting yesterday
  • Fix available
  • Severity - 1.1 (Low)
GHSA-5mrf-j8v6-f45g
  • Packagist/librenms/librenms
 LibreNMS has Weak Password Policy yesterday
  • Fix available
  • Severity - 3.7 (Low)
GHSA-j8cq-7f6p-256x
  • Packagist/librenms/librenms
 LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name` yesterday
  • Fix available
  • Severity - 6.2 (Medium)
GHSA-84hf-8gh5-575j
  • Packagist/getkirby/cms
 Kirby CMS has cross-site scripting (XSS) in the changes dialog yesterday
  • Fix available
  • Severity - 5.1 (Medium)
GHSA-fxm2-cmwj-qvx4
  • Packagist/thorsten/phpmyfaq
  • Packagist/phpmyfaq/phpmyfaq
 phpMyFAQ has Authenticated SQL Injection in Configuration Update Functionality 2 days ago
  • Fix available
  • Severity - 7.2 (High)
GHSA-2w46-vq8h-98vh
  • Packagist/shopware/core
 Shopware 6's password recovery link does not expire after email change 5 days ago
  • Fix available
  • Severity - 5.0 (Medium)
GHSA-r9x7-7ggj-fx9f
  • Packagist/privatebin/privatebin
 PrivateBin vulnerable to malicious filename use for self-XSS / HTML injection locally for users 5 days ago
  • Fix available
  • Severity - 3.9 (Low)
GHSA-g2j9-g8r5-rg82
  • Packagist/privatebin/privatebin
 PrivateBin's template-switching feature allows arbitrary local file inclusion through path traversal 5 days ago
  • Fix available
  • Severity - 5.8 (Medium)
GHSA-3rg7-wf37-54rm
  • Packagist/symfony/http-foundation
  • Packagist/symfony/symfony
 Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass 12 Nov
  • Fix available
  • Severity - 7.3 (High)
GHSA-49qv-h8pm-73pf
  • Packagist/codingms/modules
 TYPO3 Modules Extension has Improper Authentication vulnerability 12 Nov
  • Fix available
  • Severity - 8.2 (High)
GHSA-4rwr-8c3m-55f6
  • Packagist/torrentpier/torrentpier
 TorrentPier is Vulnerable to Authenticated SQL Injection through Moderator Control Panel's topic_id parameter 10 Nov
  • No fix available
  • Severity - 8.8 (High)
Load more...