GHSA-8fh4-942r-jf2g: LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php

GHSA-7q7g-4xm8-89cq: Regular Expression Denial of Service (ReDoS) in @eslint/plugin-kit

GHSA-phm4-wf3h-pc3r: Unpatched Remote Code Execution in Gogs

GHSA-x645-6pf9-xwxw: LibreNMS has an Authenticated OS Command Injection

GHSA-gv4m-f6fx-859x: LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-customoid.php

memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker to read private information or make privileged changes to the system as the vulnerable user account.

**memos CORS Misconfiguration in server.go (GHSL-2024-034)**

High severity GitHub Reviewed Published Aug 22, 2024 to the GitHub Advisory Database • Updated Aug 22, 2024

Headline

GHSA-p4fx-qf2h-jpmj: memos CORS Misconfiguration in server.go (GHSL-2024-034)

ghsa: Latest News