GHSA-wc9m-r3v6-9p5h: Sparkle Signing Checks Bypass

GHSA-w7wm-2425-7p2h: MarbleRun unauthenticated recovery allows Coordinator impersonation

GHSA-mx2j-7cmv-353c: wasmvm: Malicious smart contract can slow down block production

GHSA-23qp-3c2m-xx6w: wasmvm: Malicious smart contract can crash the chain

GHSA-9crc-q9x8-hgqq: Vitest allows Remote Code Execution when accessing a malicious website while Vitest API server is listening

Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request.

**Phone information disclosure vulnerability**

Moderate severity GitHub Reviewed Published Mar 6, 2024 to the GitHub Advisory Database • Updated Mar 6, 2024

Headline

GHSA-xg5p-8wg5-rhxm: Phone information disclosure vulnerability

ghsa: Latest News