GHSA-gcx4-mw62-g8wm: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS

GHSA-8fx8-3rg2-79xw: Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)

GHSA-3hp8-6j24-m5gm: Camaleon CMS vulnerable to remote code execution through code injection (GHSL-2024-185)

GHSA-2wq5-g96f-mv3v: Ouch! allows a segmentation fault due to use of uninitialized memory

GHSA-3fc8-2r3f-8wrg: lobe-chat implemented an insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964)

xmlquery before 1.3.1 lacks a check for whether a LoadURL response is in the XML format, which allows attackers to cause a denial of service (SIGSEGV) at xmlquery.(*Node).InnerText or possibly have unspecified other impact.

**xmlquery lacks check for whether LoadURL response is in XML format, causing denial of service**

Critical severity GitHub Reviewed Published Oct 7, 2022

Headline

GHSA-93m7-c69f-5cfj: xmlquery lacks check for whether LoadURL response is in XML format, causing denial of service

ghsa: Latest News