GHSA-3m86-c9x3-vwm9: Graylog vulnerable to privilege escalation through API tokens

GHSA-3q26-f695-pp76: @cyanheads/git-mcp-server vulnerable to command injection in several tools

GHSA-6r2x-8pq8-9489: Electron vulnerable to Heap Buffer Overflow in NativeImage

GHSA-v8fr-vxmw-6mf6: Mattermost Incorrect Authorization vulnerability

GHSA-wgvp-jj4w-88hf: Mattermost Incorrect Authorization vulnerability

Failing to properly encode user input, some backend components are vulnerable to Cross-Site Scripting. A valid backend user account is needed to exploit this vulnerability.


**Cross-Site Scripting in TYPO3 Backend**

Moderate severity GitHub Reviewed Published Jun 5, 2024 to the GitHub Advisory Database

Headline

GHSA-5wx6-xwxf-q8qj: Cross-Site Scripting in TYPO3 Backend

ghsa: Latest News