GHSA-fpm5-2wcj-vfr7: codechecker authentication method confusion vulnerability allows logging in as the built-in root user from an external service

GHSA-f3f8-vx3w-hp5q: codechecker vulnerable to authentication bypass when using specifically crafted URLs

GHSA-p7mv-53f2-4cwj: CometBFT Vote Extensions: Panic when receiving a Pre-commit with an invalid data

GHSA-96g7-g7g9-jxw8: happy-dom allows for server side code to be executed by a <script> tag

GHSA-qq5c-677p-737q: Symfony vulnerable to command execution hijack on Windows with Process class

The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the CSRF with execute making the attacker an administrator user in the application.

**Cross Site Request Forgery in Silverpeas**

Moderate severity GitHub Reviewed Published Dec 13, 2023 to the GitHub Advisory Database • Updated Dec 13, 2023

Headline

GHSA-g27c-w2v7-88xp: Cross Site Request Forgery in Silverpeas

ghsa: Latest News